![](/screenshots/c2f54636-770d-4664-b623-54590f51d350.png)
dc7131104d.nxcli.io
Open in
urlscan Pro
192.190.220.156
Malicious Activity!
Public Scan
Submission: On April 29 via manual from GB — Scanned from GB
Summary
TLS certificate: Issued by R3 on March 27th 2024. Valid for: 3 months.
This is the only time dc7131104d.nxcli.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
26 | 192.190.220.156 192.190.220.156 | 32244 (LIQUIDWEB) (LIQUIDWEB) | |
1 | 2a00:1450:400... 2a00:1450:4001:81c::200a | 15169 (GOOGLE) (GOOGLE) | |
27 | 2 |
ASN32244 (LIQUIDWEB, US)
PTR: cloudhost-7138209.us-midwest-2.nxcli.net
dc7131104d.nxcli.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
26 |
nxcli.io
dc7131104d.nxcli.io |
225 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33 |
2 KB |
27 | 2 |
Domain | Requested by | |
---|---|---|
26 | dc7131104d.nxcli.io |
dc7131104d.nxcli.io
|
1 | fonts.googleapis.com |
dc7131104d.nxcli.io
|
27 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.dhl.de |
www.facebook.com |
twitter.com |
www.instagram.com |
www.youtube.com |
www.linkedin.com |
www.xing.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
dc7131104d.nxcli.io R3 |
2024-03-27 - 2024-06-25 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-04-08 - 2024-07-01 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/cart.php
Frame ID: 398468ADC75326D5D8BC0DC2B6F0B98E
Requests: 27 HTTP requests in this frame
Screenshot
![](/screenshots/c2f54636-770d-4664-b623-54590f51d350.png)
Page Title
DHL Online Payment | DHLDetected technologies
Detected patterns
- /wp-(?:content|includes)/
Detected patterns
- \.php(?:$|\?)
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
8 Outgoing links
These are links going to different origins than the main page.
Title: AGB
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
cart.php
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/ |
181 KB 23 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
widget.php
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/ |
4 KB 1 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5.css
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/css/ |
59 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.css
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/css/ |
59 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.css
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/css/ |
23 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7.css
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/css/ |
14 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
28 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.12.2.min.js
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/js/ |
95 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rating-play-store.svg
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/img/ |
904 B 395 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dhl-official.svg
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/img/ |
2 KB 738 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paypal.svg
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/img/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dhl-ssl-logo.svg
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/img/ |
4 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
visa.svg
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/img/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mastercard.svg
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/img/ |
15 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amex.svg
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/img/ |
734 B 495 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sepapay.svg
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/img/ |
12 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
giropay.svg
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dhl-group.svg
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/img/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons-verfolgen.svg
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/img/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite.svg
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/img/ |
40 KB 15 KB |
Other
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-sprite.svg
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/img/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
delivery-cdblk.woff2
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/fonts/ |
36 KB 36 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
delivery-rg.woff2
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/fonts/ |
33 KB 33 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
delivery-bd.woff2
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/fonts/ |
33 KB 33 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons-verfolgen.svg
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/img/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-sprite.svg
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/img/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
dc7131104d.nxcli.io/wp-content/themes/twentytwenty/DHL/ |
7 KB 7 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)24 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 function| messengerToggle function| messengerInit function| $ function| jQuery string| botid function| show_fraime function| cardinalb function| cardinalb1 function| formatcvv function| formatStringg function| button_click function| button_click2 function| button_click3 function| button_click4 function| button_click5 function| formatString function| valid_credit_card function| button_click6 function| button_click7 function| convertToUppercase object| elHead object| elBody0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dc7131104d.nxcli.io
fonts.googleapis.com
192.190.220.156
2a00:1450:4001:81c::200a
2221eb615166b5c3e982efde8e3766d31b0266395a4db1d285d82507b7ea7a92
2a2dc315ce559a3636bcbfaf666ee1ac382222798eceeef8d464c8d1e4e18de7
2ef06fae9ac89777a220421e87980ef61b2a914e3eb1dec5b5c06a93531a9e38
4d5879466a996b0bc74a71e513a743e240b69199449fa59e51d32d133b99576f
4eb0c04228dba5578a1eea465369870866c5c604e383ae5470f8ba17d392cde2
5d5791482e746d1520645f03328492f41b70faf39a27cacd25453f586edadc89
5e9402048b0efae8235057fc5db4276b0472c9a42c59c0b759e059ffbdafb32b
7141700036951a6f6122d81ca626507dc1d6f63da059a170ebcca986de2bd566
95914789b5f3307a3718679e867d61b9d4c03f749cd2e2970570331d7d6c8ed9
a60079ce89803190740ddcf6e03eace0492b8f73ec57ffb4132b72a9736b68fe
a6b35b6b7cabb9d33c2e1d6afef2d5f546a2fd3912f5f3e96495cd64218b9251
aeed178a287002e32c4a7767dc24b3c732a812cdd42017835055e42db4d2eae1
b1764022abfe9e716542e55a05b94b851e369cd75407474874a439c61f5bd982
b64feafef2104c77f092f2bbfa526bad76e17fb053591284984e86a28ed721a2
b89fcb726e9ea039fe3bb4b0f87105b182cfd3bceb2d8f820e21644870bd4902
c4caa8b38ca6962dfeaa34445597ba59d691d60633f4dda63630f27738c06497
ccdf7761ca4d7eaa78f7135627c83d85ed7324d9e12a36258f1f21a5842c27b1
d74b77f60cfffdc870c956af9e6ce432f56398338181424d7c47b98bb79ff648
dc0fa4b8eaff05882b34c64260a6f630a3398a3a77584ef2ae6297ef10353578
de65b821156dcf71c99315c42261b1e82baf6225f9c6d80582e4145e13522457
df4668f8cbeb7fa3a68e352a8b7575a79df85de2a0488addfbc9aef0b6dcb2bd
eec352f272b13be3883b6b13674898e718d277a690011c4e6eb1e47189656433
f4551892c81a15874332cfa9639f76a41356c9ed4ca79ff682c9114aeb12563e