unidep.mx - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 148.72.41.223, located in United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is unidep.mx.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on February 13th 2022. Valid for: a year.

This is the only time unidep.mx was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online) LinkedIn (Social Network)

Domain & IP information

	IP Address		AS Autonomous System
1 7	148.72.41.223 148.72.41.223		26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
6	1

7 148.72.41.223 (United States) 1 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: 223.41.72.148.host.secureserver.net

unidep.mx	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	unidep.mx 1 redirects unidep.mx	360 KB
6	1

	Domain	Requested by
7	unidep.mx	1 redirects unidep.mx
6	1

This site contains no links.

Subject Issuer	Validity	Valid
unidep.mx Go Daddy Secure Certificate Authority - G2	`2022-02-13` - `2023-03-17`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/
Frame ID: 915AF6D708765AB49EA1F7D22371FE18
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign In to LinkedIn

Page URL History Show full URLs

https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location HTTP 301
https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

360 kB
Transfer

358 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location HTTP 301
https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/ Redirect Chain https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/	28 KB 28 KB	315ms 315ms	Document text/html	148.72.41.223 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 148.72.41.223 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS 223.41.72.148.host.secureserver.net Software Apache / Resource Hash `ccf5101216a21f02c5bf5984e5a3d1e5de48b03a9e17a450adf84fac1c5413ff` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Wed, 21 Dec 2022 14:23:24 GMT Keep-Alive timeout=5, max=99 Server Apache Transfer-Encoding chunked Redirect headers Connection Keep-Alive Content-Length 276 Content-Type text/html; charset=iso-8859-1 Date Wed, 21 Dec 2022 14:23:24 GMT Keep-Alive timeout=5, max=100 Location https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/ Server Apache
GET H/1.1	200 OK	login.js Show response unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/js/	20 KB 20 KB	338ms 171ms	Script application/javascript	148.72.41.223 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/js/login.js Requested by Host: unidep.mx URL: https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 148.72.41.223 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS 223.41.72.148.host.secureserver.net Software Apache / Resource Hash `847c86ae982abe9180233276125b930b4a1b6f1bd12649b0c07535c1e984def8` Request headers accept-language fr-FR,fr;q=0.9 Referer https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Wed, 21 Dec 2022 14:23:24 GMT Last-Modified Wed, 21 Dec 2022 01:32:11 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 20325
GET H/1.1	200 OK	desktop_en_US.css unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/css/	172 KB 172 KB	171ms 171ms	Stylesheet text/css	148.72.41.223 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/css/desktop_en_US.css Requested by Host: unidep.mx URL: https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 148.72.41.223 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS 223.41.72.148.host.secureserver.net Software Apache / Resource Hash `89b6c0e4f60bb396af3d7b66b1964c0aba6865ea4531cfffef5106b44f152733` Request headers accept-language fr-FR,fr;q=0.9 Referer https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Wed, 21 Dec 2022 14:23:25 GMT Last-Modified Wed, 21 Dec 2022 01:32:11 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 176135
GET H/1.1	200 OK	xxx.js Show response unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/js/	69 KB 70 KB	166ms 166ms	Script application/javascript	148.72.41.223 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/js/xxx.js Requested by Host: unidep.mx URL: https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 148.72.41.223 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS 223.41.72.148.host.secureserver.net Software Apache / Resource Hash `bd221f580a0146fb843f67c6971c6085c5f63dc266b206b986b464b76c1d22a0` Request headers accept-language fr-FR,fr;q=0.9 Referer https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Wed, 21 Dec 2022 14:23:25 GMT Last-Modified Wed, 21 Dec 2022 01:32:11 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 71007
GET H/1.1	200 OK	xxxx.js Show response unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/js/	0 253 B	492ms 165ms	Script application/javascript	148.72.41.223 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/js/xxxx.js Requested by Host: unidep.mx URL: https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 148.72.41.223 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS 223.41.72.148.host.secureserver.net Software Apache / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language fr-FR,fr;q=0.9 Referer https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Wed, 21 Dec 2022 14:23:25 GMT Last-Modified Wed, 21 Dec 2022 01:32:11 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 0
GET H/1.1	200 OK	xx.js Show response unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/js/	69 KB 70 KB	492ms 165ms	Script application/javascript	148.72.41.223 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/js/xx.js Requested by Host: unidep.mx URL: https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 148.72.41.223 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS 223.41.72.148.host.secureserver.net Software Apache / Resource Hash `bd221f580a0146fb843f67c6971c6085c5f63dc266b206b986b464b76c1d22a0` Request headers accept-language fr-FR,fr;q=0.9 Referer https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Wed, 21 Dec 2022 14:23:25 GMT Last-Modified Wed, 21 Dec 2022 01:32:11 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 71007

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online) LinkedIn (Social Network)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/ Message: The resource https://unidep.mx/migracion2022/wp-content/plugins/nthaonn/location/js/xxx.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

unidep.mx
148.72.41.223
847c86ae982abe9180233276125b930b4a1b6f1bd12649b0c07535c1e984def8
89b6c0e4f60bb396af3d7b66b1964c0aba6865ea4531cfffef5106b44f152733
bd221f580a0146fb843f67c6971c6085c5f63dc266b206b986b464b76c1d22a0
ccf5101216a21f02c5bf5984e5a3d1e5de48b03a9e17a450adf84fac1c5413ff
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

unidep.mx Open in urlscan Pro 148.72.41.223 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

360 kBTransfer

358 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

unidep.mx Open in urlscan Pro
148.72.41.223 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

360 kB
Transfer

358 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!