![](/screenshots/fa5509d4-4425-44c4-9c5c-f9f0a9284bdb.png)
documents.dhlparcel.co.uk
Open in
urlscan Pro
213.95.67.116
Malicious Activity!
Private Scan
Effective URL: https://documents.dhlparcel.co.uk/Login
Submission: On July 19 via api from DE — Scanned from DE
Summary
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on March 9th 2023. Valid for: a year.
This is the only time documents.dhlparcel.co.uk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 39 | 213.95.67.116 213.95.67.116 | 12337 (NORIS-NET...) (NORIS-NETWORK IT Service Provider located in Nuernberg) | |
37 | 1 |
ASN12337 (NORIS-NETWORK IT Service Provider located in Nuernberg, Germany, DE)
documents.dhlparcel.co.uk | |
cdn.sps-ocs.co.uk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
dhlparcel.co.uk
2 redirects
documents.dhlparcel.co.uk |
388 KB |
18 |
sps-ocs.co.uk
cdn.sps-ocs.co.uk — Cisco Umbrella Rank: 978894 |
2 MB |
37 | 2 |
Domain | Requested by | |
---|---|---|
21 | documents.dhlparcel.co.uk |
2 redirects
documents.dhlparcel.co.uk
|
18 | cdn.sps-ocs.co.uk |
documents.dhlparcel.co.uk
cdn.sps-ocs.co.uk |
37 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
send.dhlparcel.co.uk |
www.linkedin.com |
www.youtube.com |
www.facebook.com |
www.instagram.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
documents.dhlparcel.co.uk DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-03-09 - 2024-04-08 |
a year | crt.sh |
*.sps-ocs.co.uk RapidSSL Global TLS RSA4096 SHA256 2022 CA1 |
2022-10-25 - 2023-10-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://documents.dhlparcel.co.uk/Login
Frame ID: 45EAD59EBD3F322AB699EC3A4D2096ED
Requests: 37 HTTP requests in this frame
Screenshot
![](/screenshots/fa5509d4-4425-44c4-9c5c-f9f0a9284bdb.png)
Page Title
DHL ParcelPage URL History Show full URLs
-
http://documents.dhlparcel.co.uk/
HTTP 302
https://documents.dhlparcel.co.uk/ HTTP 302
https://documents.dhlparcel.co.uk/Login Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Disclaimer
Search URL Search Domain Scan URL
Title: LinkedIn
Search URL Search Domain Scan URL
Title: YouTube
Search URL Search Domain Scan URL
Title: Facebook
Search URL Search Domain Scan URL
Title: footer.option.instagram
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://documents.dhlparcel.co.uk/
HTTP 302
https://documents.dhlparcel.co.uk/ HTTP 302
https://documents.dhlparcel.co.uk/Login Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
37 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Login
documents.dhlparcel.co.uk/ Redirect Chain
|
23 KB 24 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
cdn.sps-ocs.co.uk/bootstrap/4.5.2/css/ |
157 KB 38 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
all.min.css
cdn.sps-ocs.co.uk/fontawesome/6.3.0/css/ |
493 KB 149 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kendo.common.min.css
cdn.sps-ocs.co.uk/kendo/2023.1.117/styles/ |
359 KB 96 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kendo.default.min.css
cdn.sps-ocs.co.uk/kendo/2023.1.117/styles/ |
134 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
site.css
documents.dhlparcel.co.uk/dhlparcel/css/ |
60 KB 61 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.6.1.min.js
cdn.sps-ocs.co.uk/jquery/3.6.1/js/ |
88 KB 44 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.bundle.min.js
cdn.sps-ocs.co.uk/bootstrap/4.5.2/js/ |
79 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
knockout-min.js
cdn.sps-ocs.co.uk/knockout/3.5.1/js/ |
67 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.validate.min.js
cdn.sps-ocs.co.uk/jquery.validate/1.19.5/js/ |
24 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.validate.unobtrusive.min.js
cdn.sps-ocs.co.uk/jquery.validate.unobtrusive/4.0.0/js/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
knockout.mapping.min.js
cdn.sps-ocs.co.uk/knockout.mapping/2.4.1/js/ |
10 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
amplify.min.js
cdn.sps-ocs.co.uk/amplifyjs/1.1.2/js/ |
9 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ebillpro.js
documents.dhlparcel.co.uk/1.6.13.8510/common/scripts/ebillpro/shared/ |
46 KB 47 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ebillpro.legacy.js
documents.dhlparcel.co.uk/1.6.13.8510/common/scripts/ebillpro/shared/ |
261 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
locale-1.js
documents.dhlparcel.co.uk/dhlparcel/.cache/js/ |
23 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
config.js
documents.dhlparcel.co.uk/dhlparcel/.cache/js/ |
0 993 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ebillpro.shared.validate.unobtrusive.dynamic.js
documents.dhlparcel.co.uk/1.6.13.8510/common/scripts/ebillpro/shared/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ebillpro.shared.dirtytabs.js
documents.dhlparcel.co.uk/1.6.13.8510/common/scripts/ebillpro/shared/ |
6 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ebillpro.shared.localization.js
documents.dhlparcel.co.uk/1.6.13.8510/common/scripts/ebillpro/shared/ |
958 B 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ebillpro.shared.ui.js
documents.dhlparcel.co.uk/1.6.13.8510/common/scripts/ebillpro/shared/ |
8 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kendo.all.min.js
cdn.sps-ocs.co.uk/kendo/2023.1.117/js/ |
4 MB 1 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kendo.aspnetmvc.min.js
cdn.sps-ocs.co.uk/kendo/2023.1.117/js/ |
13 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kendo.culture.en-GB.min.js
cdn.sps-ocs.co.uk/kendo/2023.1.117/js/cultures/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kendo.messages.en-GB.min.js
cdn.sps-ocs.co.uk/kendo/2023.1.117/js/messages/ |
30 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
knockout-kendo.min.js
documents.dhlparcel.co.uk/1.6.13.8510/common/libs/ |
13 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ui-question.svg
documents.dhlparcel.co.uk/1.6.13.8510/common/images/ui/grey/ |
3 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dhlparcel_logo.png
documents.dhlparcel.co.uk/dhlparcel/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ebillpro.shared.cookie.js
documents.dhlparcel.co.uk/1.6.13.8510/common/scripts/ebillpro/shared/ |
511 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ebillpro.account.forgotpassword.js
documents.dhlparcel.co.uk/1.6.13.8510/common/scripts/ebillpro/account/ |
3 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ebillpro.account.login.js
documents.dhlparcel.co.uk/1.6.13.8510/common/scripts/ebillpro/account/ |
4 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dhlparcel_logo.png
documents.dhlparcel.co.uk/dhlparcel/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background.jpg
documents.dhlparcel.co.uk/dhlparcel/images/ |
159 KB 160 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
frutiger-lt-std-light.woff2
documents.dhlparcel.co.uk/common/fonts/ |
12 KB 13 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fa-light-300.woff2
cdn.sps-ocs.co.uk/fontawesome/6.3.0/webfonts/ |
422 KB 423 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fa-brands-400.woff2
cdn.sps-ocs.co.uk/fontawesome/6.3.0/webfonts/ |
107 KB 107 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebComponentsIcons.ttf
cdn.sps-ocs.co.uk/kendo/2023.1.117/styles/fonts/glyphs/ |
137 KB 138 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery object| bootstrap object| ko object| amplify object| ebillpro object| advancedValidationSettings function| localizedstring object| uiPrefs object| kendo object| KendoLicensing function| HideForgotPassword string| loginUrl object| loginModel1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
documents.dhlparcel.co.uk/ | Name: OCS_SessionId Value: xed1kcg0yru2epstxr31iix2 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | object-src https: 'self'; default-src https: 'self' 'unsafe-inline' 'unsafe-eval';script-src https: 'self' 'unsafe-inline' 'unsafe-eval' cdn.worldpay.com apis.google.com cdn.sps-ocs.co.uk;img-src data: https: blob: 'self' |
Strict-Transport-Security | max-age=31536000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1;mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.sps-ocs.co.uk
documents.dhlparcel.co.uk
213.95.67.116
071f8208c1e1f2a36e50583fa916d6e3d3c936abe3d136623711605f6f2cbd1b
17e11c3c91466b541dc2c9a9630d6b624d8738f8846d46c2a8c88accc76da740
201bcb4e4323cd06f31d1f939b5b333253c6ebe4cc8f4f7b57a7f94895059f79
2360bbff4bf82465470e62aeeda405ca6236ed3a439ed76589522422cdef5136
26c76ad0f2893fe400facc3a0096d7baa6eb92ff1b58439ef3b8f951f4108b8f
270524b0d27afd1d3b6622d1a176c678daed94564c143297e217a63e21ce9820
3452ff935a6022be01bc0eb18ef2f486a7839fbfc8f797de6b4414809ce86945
353ad460ba7cdf166d2ccb9140934968a98f30b63c3fdb7c0a3a7201f838e337
3d0d14df2cbb1eae60da2cf0b407ca60761d24466650256597c36df5f83d2906
44558558820fb230780ee711e23ab0c535b0d77666b48facead551d8b2666579
4b86d2695484751032a3c20395dc58e5b4aa5147027282b5e94b6cb122cbe2e9
59272c8c481ed99de9b2e8ac8698e8e50d149b68fc1476841e5398b1a5b0f121
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
5e089e9d1167632931ace53fac3397d6331a131dff77161d3a140b508b97ec89
61551cc3eca1a360b5fa5439c27dfda06e81700aab8711e04084900c739d6869
718ec36f4665ff7cb29622de504726cac643472b130af6b942b103efb0a931c7
750077f33f06f9397d62c92c040a6a456ce36a709da5fce177d011dec52918ca
81a1a86cd93570f6a3d1a6dc566c99c5462008fb2e7822703798b80e30b8052d
9ee3846857e7c5cc28cf75ff906f7eca207075fb1d1d8c8a7b3ec377350fae92
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
a4d87f71b4f857b4fbd7e4e0dd3b0ef4e11db8868522935c5c7957ebf143fbdc
a88f44add846493c1f75627fe6afdb996196902d7ea52c404530085661947510
aee810efea02f02fdd98d66218bba36deca0b84c5f939ede2bbe30cb2a9e0375
b89ba10dd5e52a1e462ddf1d16f9d10d2154aa56582c29b1f47a51c8c9a49349
c02cce181c37917c9dcf342fda153495015e972bfd8bfaa14d995c24084b1c5b
c107bbce8d9e44d429f001547db6c530af39cab8157cc155f1f86d55771624dd
c5a53c544cc14fbc1b9a45a9ba1c712bfe3946c4152ae3a6da453c917f92ae64
da321419ed7ffe67c84b36cc7656a31e34d2ee13b5032e2b962ec249602e7139
db671d32181dbc86ebf9f39505ef1b288571ad76ee7162989fc881472f814447
dd1c04b7e358a86aff30021a216840ac2e73eafbdf612e4e95cf873fd843a646
df878cc6e550251af28c3ef44fcb7dee7bb0bdf907e2ff2473c13e12411709ce
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec5cfb150c92cfea18f8dc744531c20ae3522d0d198c68cfcf52f37f048265f0
f67b782ec5a62c8fcedb89535bcf48cc02ae06a119e3b97fe2b875fad1ff358f
facb92bc4ddd73e6376d3343dc314838c13e8e7d171e5d785f7c9f66344333d7
fe054ee36a5fcc9933a80219c23447bf0c5e33159e57944f3140dd43de9a8fab