canndico.net
Open in
urlscan Pro
200.58.112.63
Malicious Activity!
Public Scan
Effective URL: https://canndico.net/wp-admin/images/corr/es/auth/billing.php
Submission: On December 11 via api from ES — Scanned from ES
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 16th 2023. Valid for: a year.
This is the only time canndico.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Correos Express (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2800:6c0:2::24b 2800:6c0:2::24b | 27823 (Dattatec.com) (Dattatec.com) | |
2 6 | 200.58.112.63 200.58.112.63 | 27823 (Dattatec.com) (Dattatec.com) | |
4 | 2 |
ASN27823 (Dattatec.com, AR)
PTR: c236.dattaweb.com
canndico.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
canndico.net
2 redirects
canndico.net |
2 MB |
1 |
gestionpost.com.uy
1 redirects
gestionpost.com.uy |
110 B |
4 | 2 |
Domain | Requested by | |
---|---|---|
6 | canndico.net |
2 redirects
canndico.net
|
1 | gestionpost.com.uy | 1 redirects |
4 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
my.20i.com |
correos-expres.com |
www.stackstatus.com |
twitter.com |
www.facebook.com |
www.instagram.com |
www.youtube.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
canndico.net Sectigo RSA Domain Validation Secure Server CA |
2023-08-16 - 2024-08-15 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://canndico.net/wp-admin/images/corr/es/auth/billing.php
Frame ID: 125FACAAF9BFB300A7C0F0F76B6514E7
Requests: 27 HTTP requests in this frame
Frame:
https://canndico.net/wp-admin/images/corr/es/auth/css/saved_resource.html
Frame ID: D536EB64F69D00447421D288A64B8D79
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
CORREOS EXPRESSPage URL History Show full URLs
-
https://gestionpost.com.uy/7946xbc/0664ugs
HTTP 302
https://canndico.net/wp-admin/images/corr/es/ HTTP 302
https://canndico.net/wp-admin/images/corr/es/auth/index.php HTTP 302
https://canndico.net/wp-admin/images/corr/es/auth/billing.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
38 Outgoing links
These are links going to different origins than the main page.
Title: Security Details
Search URL Search Domain Scan URL
Title: Contact Details
Search URL Search Domain Scan URL
Title: Payment Methods
Search URL Search Domain Scan URL
Title: Account Credit
Search URL Search Domain Scan URL
Title: Invoices
Search URL Search Domain Scan URL
Title: Renewals
Search URL Search Domain Scan URL
Title: Notifications
Search URL Search Domain Scan URL
Title: Account Preferences
Search URL Search Domain Scan URL
Title: Sign Out
Search URL Search Domain Scan URL
Title: How do I set up my 20i mailbox in Outlook?
Search URL Search Domain Scan URL
Title: Can I add SPF records for my domain name?
Search URL Search Domain Scan URL
Title: How do I take my temporary test site / StackStaging site live?
Search URL Search Domain Scan URL
Title: My website shows as insecure due to mixed content?
Search URL Search Domain Scan URL
Title: How do I switch to renew my hosting account annually?
Search URL Search Domain Scan URL
Title: View all articles
Search URL Search Domain Scan URL
Title: Customer Services
Search URL Search Domain Scan URL
Title: View Tickets
Search URL Search Domain Scan URL
Title: System Status
Search URL Search Domain Scan URL
Title: Your Feedback
Search URL Search Domain Scan URL
Title: My20i
Search URL Search Domain Scan URL
Title: Manage Web Hosting
Search URL Search Domain Scan URL
Title: Manage Domains
Search URL Search Domain Scan URL
Title: Manage WordPress Hosting
Search URL Search Domain Scan URL
Title: Manage VPS
Search URL Search Domain Scan URL
Title: Web Hosting
Search URL Search Domain Scan URL
Title: Domains Search
Search URL Search Domain Scan URL
Title: Domain Privacy
Search URL Search Domain Scan URL
Title: VPS
Search URL Search Domain Scan URL
Title: SSL Certificates
Search URL Search Domain Scan URL
Title: MS SQL Databases
Search URL Search Domain Scan URL
Title: Virtual Nameservers
Search URL Search Domain Scan URL
Title: Timeline Backups
Search URL Search Domain Scan URL
Title: benzbenz212321@outlook.com
Search URL Search Domain Scan URL
Title: Basket
Search URL Search Domain Scan URL
Title: Twitter
Search URL Search Domain Scan URL
Title: Facebook
Search URL Search Domain Scan URL
Title: Instagram
Search URL Search Domain Scan URL
Title: Youtube
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://gestionpost.com.uy/7946xbc/0664ugs
HTTP 302
https://canndico.net/wp-admin/images/corr/es/ HTTP 302
https://canndico.net/wp-admin/images/corr/es/auth/index.php HTTP 302
https://canndico.net/wp-admin/images/corr/es/auth/billing.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
billing.php
canndico.net/wp-admin/images/corr/es/auth/ Redirect Chain
|
3 MB 1 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
87 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
678 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
316 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
640 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
414 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
log.png
canndico.net/wp-admin/images/corr/es/auth/css/ |
52 KB 53 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
835 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
987 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
saved_resource.html
canndico.net/wp-admin/images/corr/es/auth/css/ Frame D536 |
481 B 419 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.php
canndico.net/wp-admin/images/corr/es/auth/css/ |
64 KB 64 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
11 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
87 KB 87 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
86 KB 86 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
87 KB 87 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
44 KB 44 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
45 KB 45 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
86 KB 86 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
87 KB 87 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Correos Express (Transportation)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| documentPictureInPicture function| savepage_ShadowLoader1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
canndico.net/ | Name: PHPSESSID Value: c35af4ebf4386653f8f27d14967c008e |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | object-src 'none' |
Strict-Transport-Security | max-age=15768000;includeSubdomains |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
canndico.net
gestionpost.com.uy
200.58.112.63
2800:6c0:2::24b
0e21ef24acc232692acbdc6e1d807b8676f303cb6aa712b034eac57b1c1bd7e8
11ef6ecec42abbf1bda6bd5c4d6bf629df8e16fe5740629f716c6b275b32f555
12a76aff22e9d36b99a6273b904c5d2752c3d9ccf1e1ee1e1f304dc0db2aab49
14c0e71a41f3252a93770c009b1bd81abd8337b565091b71291d925f44f92422
1ec6e82748f284a0d8222517f684c837ee5433334c2cd5a9b6a3687524e68188
408fe165dff48eb2f8cb3a2fcbc1dd92b94d56b4ab11813be55c776871c691cf
40a4a34e9ea55da951b61b66e108e2305d825b1b11e28ac1c4d4d09dca1b5a80
46b518780343f2262e168bea5146d1ff30a6253191cc61b486657c76a58fb2bb
4dc95bf94414d33ce6320f23f11b2ec9b0e644376a4344097a1054b6135a7fb8
5094cde015900dde7aa2d5599921a9304459be5a7e85291796731ee908b0c747
515cf24b6dfd49c3f4aacda5ff495ec515e39123663fcc3e21a54c39ed5cf237
58b7c61e1b6d4cba2e3ccd1bd081481f7d48a1da5b35e47ef029cb6d28ec52b4
5c62667f8f886c1a6dec5977964e4db9b814405157181384ec5a773822ee5778
5e2ac34e292b6f15c645dc4e756f01a452cf63dc0817301ad34b1c9bc6a0afa3
61d8968ed8c08aa50e640cf07b221f92fbc26007d20c68a2cc5412b24c663f68
8e15466c672a38900ae958b7e18ee8a25589f5bfb6998678a5b30493cb47f6da
9211d695d33c0ddd46a391f918a6623bdb08ea0ff264658089f008d8da7acd15
a54bc92ac29ab1e314689428d973d9ada727c00d4a5cbe5f87e240a8f06f55fa
a6a264fcf8de3aa65725d522d1961a7cf0f9ff1684c8bfa39b694a587f498838
b223359944cde0d5ad0564498c9c44d5f6266b5025c814b482f6a45c7c9db862
cd980630b27cc13bd3daa9b8b23887afca163eb1cdde71e917df1912c44ce81a
ce904e0d6ae0001521ed14734bd0e7ac6d3d545f3eaa818d491bcc63403a5b92
d7410816cb59cb68f2ccca6194eaf3c91ee8414d79bd6a1e6b81bc552ad26ded
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4421c3e170b31a73c9b330433ba42f74522ed5387a7f45ef86901f96894ec2f
e617708035d1a5f61ca23a9efcaa30f7b65649b560a3dd7477282230a8840879
ea3828c4a3395a6ec63cd2ff8ec638cc9eb2fdf7fb036b97c448ec66fdea644c
f07558b0275a8f9daba93aca32578e267c1b832f043fa36185e2ded6c2ca0405