1redeliverdhl-eservice.help
Open in
urlscan Pro
2606:4700:3037::6815:ab1
Malicious Activity!
Public Scan
Submission: On May 07 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on May 6th 2024. Valid for: 3 months.
This is the only time 1redeliverdhl-eservice.help was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 2606:4700:303... 2606:4700:3037::6815:ab1 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:440... 2606:4700:4400::ac40:93bc | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:303... 2606:4700:3038::6815:ea91 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 2606:4700:303... 2606:4700:3034::6815:1adf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 44.217.82.191 44.217.82.191 | 14618 (AMAZON-AES) (AMAZON-AES) | |
2 | 104.198.23.205 104.198.23.205 | 15169 (GOOGLE) (GOOGLE) | |
33 | 8 |
ASN13335 (CLOUDFLARENET, US)
1redeliverdhl-eservice.help |
ASN14618 (AMAZON-AES, US)
PTR: ec2-44-217-82-191.compute-1.amazonaws.com
sockjs-mt1.pusher.com |
ASN15169 (GOOGLE, US)
PTR: 205.23.198.104.bc.googleusercontent.com
r.lr-in.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
1redeliverdhl-eservice.help
1redeliverdhl-eservice.help |
303 KB |
7 |
fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 1866 ka-f.fontawesome.com — Cisco Umbrella Rank: 4530 |
305 KB |
3 |
lr-in.com
cdn.lr-in.com — Cisco Umbrella Rank: 25855 r.lr-in.com — Cisco Umbrella Rank: 29775 |
168 KB |
2 |
pusher.com
sockjs-mt1.pusher.com — Cisco Umbrella Rank: 12688 |
|
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237 |
82 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
0 |
killbot.org
Failed
files.killbot.org Failed |
|
33 | 7 |
Domain | Requested by | |
---|---|---|
16 | 1redeliverdhl-eservice.help |
1redeliverdhl-eservice.help
|
6 | ka-f.fontawesome.com |
kit.fontawesome.com
1redeliverdhl-eservice.help |
2 | r.lr-in.com |
cdn.lr-in.com
|
2 | sockjs-mt1.pusher.com |
1redeliverdhl-eservice.help
|
2 | cdnjs.cloudflare.com |
1redeliverdhl-eservice.help
cdnjs.cloudflare.com |
1 | cdn.lr-in.com |
1redeliverdhl-eservice.help
|
1 | kit.fontawesome.com |
1redeliverdhl-eservice.help
|
0 | invalid Failed |
1redeliverdhl-eservice.help
|
0 | files.killbot.org Failed |
1redeliverdhl-eservice.help
|
33 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
1redeliverdhl-eservice.help GTS CA 1P5 |
2024-05-06 - 2024-08-04 |
3 months | crt.sh |
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-12-04 - 2025-01-03 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
lr-in.com E1 |
2024-05-07 - 2024-08-05 |
3 months | crt.sh |
ka-f.fontawesome.com GTS CA 1P5 |
2024-05-03 - 2024-08-01 |
3 months | crt.sh |
sockjs-mt1.pusher.com R3 |
2024-03-10 - 2024-06-08 |
3 months | crt.sh |
api.logrocket.com R3 |
2024-05-02 - 2024-07-31 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://1redeliverdhl-eservice.help/
Frame ID: 25735776930AB85721DF53847F19A578
Requests: 31 HTTP requests in this frame
Screenshot
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
33 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
1redeliverdhl-eservice.help/ |
58 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f7165dd215.js
kit.fontawesome.com/ |
12 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
killbot-security.js
files.killbot.org/.cdn-cgi/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app.css
1redeliverdhl-eservice.help/css/ |
452 KB 57 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
30 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logger-1.min.js
cdn.lr-in.com/ |
843 KB 167 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
invalid/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.png
1redeliverdhl-eservice.help/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
all.png
1redeliverdhl-eservice.help/images/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
foo.png
1redeliverdhl-eservice.help/images/ |
547 B 547 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app.js
1redeliverdhl-eservice.help/js/ |
2 MB 199 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
session-recorder.js
1redeliverdhl-eservice.help/js/ |
126 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free.min.css
ka-f.fontawesome.com/releases/v6.5.2/css/ |
101 KB 24 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v6.5.2/css/ |
27 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-v5-font-face.min.css
ka-f.fontawesome.com/releases/v6.5.2/css/ |
823 B 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v6.5.2/css/ |
2 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
roboto-latin-400-normal.woff2
1redeliverdhl-eservice.help/fonts/vendor/@fontsource/roboto/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
webfa-solid-900.woff2
1redeliverdhl-eservice.help/fonts/vendor/@fortawesome/fontawesome-free/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ |
75 KB 76 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
webfa-brands-400.woff2
1redeliverdhl-eservice.help/css/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
9f1f733a-416a-4810-9588-156f95ccf3d0
https://1redeliverdhl-eservice.help/ |
470 KB 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
roboto-all-400-normal.woff
1redeliverdhl-eservice.help/fonts/vendor/@fontsource/roboto/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
webfa-solid-900.woff
1redeliverdhl-eservice.help/fonts/vendor/@fortawesome/fontawesome-free/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
webfa-brands-400.woff
1redeliverdhl-eservice.help/fonts/vendor/@fortawesome/fontawesome-free/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
webfa-solid-900.ttf
1redeliverdhl-eservice.help/fonts/vendor/@fortawesome/fontawesome-free/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
webfa-brands-400.ttf
1redeliverdhl-eservice.help/fonts/vendor/@fortawesome/fontawesome-free/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v6.5.2/webfonts/ |
153 KB 153 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-fa-brands-400.woff2
ka-f.fontawesome.com/releases/v6.5.2/webfonts/ |
115 KB 116 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
1redeliverdhl-eservice.help/ |
544 B 825 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
xhr_streaming
sockjs-mt1.pusher.com/pusher/app/bc5ba70500b3342fb1aa/450/p1ccl370/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
xhr_streaming
sockjs-mt1.pusher.com/pusher/app/bc5ba70500b3342fb1aa/450/p1ccl370/ |
2 KB 0 |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
i
r.lr-in.com/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
i
r.lr-in.com/ |
165 B 659 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- files.killbot.org
- URL
- https://files.killbot.org/.cdn-cgi/killbot-security.js
- Domain
- invalid
- URL
- chrome-extension://invalid/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)31 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| FontAwesomeKitConfig function| redirect string| sessionHash object| webpackChunk function| jQuery function| $ object| ParsleyExtend object| ParsleyConfig object| psly object| Parsley object| ParsleyUtils object| ParsleyValidator object| ParsleyUI string| inputEventPatched object| intlTelInputUtils object| regeneratorRuntime object| __SDKCONFIG__ function| _LRLogger function| openNav function| closeNav function| _lrMutationObserver function| _lrXMLHttpRequest boolean| _lr_loaded boolean| errorInB boolean| errorInC object| authTimeout boolean| hasBLogin boolean| isInBLogin object| bLogin function| Pusher object| Echo3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
1redeliverdhl-eservice.help/ | Name: _lr_tabs_-mnnzup%2Fdus Value: {%22sessionID%22:0%2C%22recordingID%22:%225-6a3895c6-662f-42bf-87b4-10afc8e7ddf1%22%2C%22webViewID%22:null%2C%22lastActivity%22:1715124112504} |
|
1redeliverdhl-eservice.help/ | Name: _lr_hb_-mnnzup%2Fdus Value: {%22heartbeat%22:1715124112504} |
|
1redeliverdhl-eservice.help/ | Name: _lr_uf_-mnnzup Value: 8fe628d4-7d4c-4ee6-9abf-e8df6a620f18 |
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
1redeliverdhl-eservice.help
cdn.lr-in.com
cdnjs.cloudflare.com
files.killbot.org
invalid
ka-f.fontawesome.com
kit.fontawesome.com
r.lr-in.com
sockjs-mt1.pusher.com
files.killbot.org
invalid
104.198.23.205
2606:4700:3034::6815:1adf
2606:4700:3037::6815:ab1
2606:4700:3038::6815:ea91
2606:4700:4400::ac40:93bc
2606:4700::6811:180e
44.217.82.191
0de3edeabe89b14f48e7856d2cb631722c600ff66839fae178d0567902d62a91
28e8d6ca16281b61453fc074393a70dd88728734fd6546313f5197b9ab243b44
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3a10abb8b6c0b0be5c1b2eee537aa6efc8e7cbc7f39d1cdb572d8de951f2f248
3e9c73fa687cd4110688668977a7caa87f5a1dee0d11f03687bd4871deedf1c1
3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756
41dca0965bdfd255f85e7fc8e9a3dc1fe3eb810996c553d4ef2b8872737ee825
52868663f33d779e8079f9121c8b766d520e66df80d43b0172ae3d2e64a356d3
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7bc497310980b053cbdf10f7b11605b637de58c5c5d09559d9833e738a65f351
9699b18200a9d40ed7859411c33cfa2194174a4746d466123107f888d93dc878
96cc9d14ff0939bd8435e082d7875ceba84b9a575dcf27cfec1e97adf2e3fa7a
9a653bb277cab3af282b44b2c6279aaaf368bb2c09977eac06f93572d70035c3
aa5e7f75743dfa0a0725caf40d9df5b84da75773d286eece08a75f47682ebab3
b71d89f695af3cc71db150cb58374f73e32c35b4812f56af4f0ee864256a2ee3
bc45072d753e0f67ef9e073bc64f8a08c951d5d2215c06041bc71c4173c46cdd
c1d5409eecb402a99f10718b06c266ba314d9e25f0b56c6fd063699334b8be6d
de34203f364535715a4c698370b21e9cf569e3b4dc98be179103132141eb21aa
e1dc27b700a62c005e4521b670cac08fb0b4b3e02a73c1ac44e7f9a9784bd672
f4e953827930889e844103c3a6771bd2e9de17d091b36378c40362271858e075