inmacol.mitiendaonline.com
Open in
urlscan Pro
2606:4700:20::ac43:4bd8
Malicious Activity!
Public Scan
Effective URL: https://inmacol.mitiendaonline.com/-/securedhl/F004f19441/00951124a.php?web=succes&local=_&id=8988190
Submission: On October 16 via api from HK — Scanned from US
Summary
TLS certificate: Issued by WE1 on October 11th 2024. Valid for: 3 months.
This is the only time inmacol.mitiendaonline.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 12 | 2606:4700:20:... 2606:4700:20::ac43:4bd8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
9 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
mitiendaonline.com
3 redirects
inmacol.mitiendaonline.com |
173 KB |
9 | 1 |
Domain | Requested by | |
---|---|---|
12 | inmacol.mitiendaonline.com |
3 redirects
inmacol.mitiendaonline.com
|
9 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
mitiendaonline.com WE1 |
2024-10-11 - 2025-01-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://inmacol.mitiendaonline.com/-/securedhl/F004f19441/00951124a.php?web=succes&local=_&id=8988190
Frame ID: 42EDDF9C10A4CB7BD097F1082744DD39
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
| Welcome |Page URL History Show full URLs
-
https://inmacol.mitiendaonline.com/-/securedhl
HTTP 301
http://inmacol.mitiendaonline.com/-/securedhl/ HTTP 307
https://inmacol.mitiendaonline.com/-/securedhl/ HTTP 302
https://inmacol.mitiendaonline.com/-/securedhl/F004f19441/index.php?valid=true&id=32686068 HTTP 302
https://inmacol.mitiendaonline.com/-/securedhl/F004f19441/00951124a.php?web=succes&local=_&id=8988190 Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://inmacol.mitiendaonline.com/-/securedhl
HTTP 301
http://inmacol.mitiendaonline.com/-/securedhl/ HTTP 307
https://inmacol.mitiendaonline.com/-/securedhl/ HTTP 302
https://inmacol.mitiendaonline.com/-/securedhl/F004f19441/index.php?valid=true&id=32686068 HTTP 302
https://inmacol.mitiendaonline.com/-/securedhl/F004f19441/00951124a.php?web=succes&local=_&id=8988190 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
00951124a.php
inmacol.mitiendaonline.com/-/securedhl/F004f19441/ Redirect Chain
|
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
inmacol.mitiendaonline.com/-/securedhl/F004f19441/layout/css/ |
201 KB 69 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.js
inmacol.mitiendaonline.com/-/securedhl/F004f19441/layout/js/ |
94 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lg.svg
inmacol.mitiendaonline.com/-/securedhl/F004f19441/layout/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pak.png
inmacol.mitiendaonline.com/-/securedhl/F004f19441/layout/img/ |
434 B 781 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ta3.svg
inmacol.mitiendaonline.com/-/securedhl/F004f19441/layout/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pub.jpg
inmacol.mitiendaonline.com/-/securedhl/F004f19441/layout/img/ |
45 KB 45 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pubr.gif
inmacol.mitiendaonline.com/-/securedhl/F004f19441/layout/img/ |
8 KB 8 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
17 KB 17 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.png
inmacol.mitiendaonline.com/-/securedhl/F004f19441/layout/img/ |
34 KB 9 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| preventBack object| Modernizr function| $ function| jQuery2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
inmacol.mitiendaonline.com/ | Name: PHPSESSID Value: 54078gpp9bv0ejn54g02qdg0g4 |
|
.inmacol.mitiendaonline.com/ | Name: PrestaShop-41f71412be37541a561ebe3651defc11 Value: def5020081e0aeba94bdc344fb2a9daf977819bd6abc4d21e62cf97dfe5cea8c0c7a48cf1f1bafcf2746fd456bef7e4a9248f9bf9c965c3a6c83c140cdeaa87b5256f9eb7e354b60584de9c988b50062d74995bf5769116f0787bd59355e7881c0279acbe2346ce9cd7ac69bb090b0e23238259f1b377066fb49b20b6f915b17945274c9c2e5a5c88af76840db9705873668c3f9ba5725cc72cbbf486211bad0cc7ca615cc98bf64f85e62551de30629701c7bdcfe13d86b26b76c25799d792acdc919a4eaadcffe3318c433cf94dc48ce91ccb916 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
inmacol.mitiendaonline.com
2606:4700:20::ac43:4bd8
25d138728bcc79f60c43f9d8070ae4e604be7dad7021b197a314c893538d5080
42794908246997d603888b2c2098941e0c3f9b7b0f719134365789189c7edac0
5b46fcb5bc89cf1dbe9ca48d1b5b4996426bcc3e7c859fd7ad4867cd9a706ca3
5dd216ad75ced5dd6acfb48d1ae11ba66fb373c26da7fc5efbdad9fd1c14f6e3
60676abf3c382fb1cdd6c86bd0cf58a70fc4267b0adf92de37898e80eff1439b
6e215ece5d317db1d6b5e342e3d887e24f9051a08a540d27ec37e38410c36cf1
aeed178a287002e32c4a7767dc24b3c732a812cdd42017835055e42db4d2eae1
c9df34e250b017b819817855926b755a1de1962a876657ad290c17a55700b458
f83f8815738da0f588eb29b6d285ac0fef3ea3afcf5efc12d662883a942b8ad0
fed72f2acf5c1dd3367f46fa8532d986b5ff87847dda58fbf1f8c13199b529ce