infiernorojo.com
Open in
urlscan Pro
2606:4700:3035::6815:148e
Malicious Activity!
Public Scan
Effective URL: https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/22788001c.php?web=succes&local=_&id=80896682
Submission: On December 15 via manual from GB — Scanned from JP
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on September 26th 2021. Valid for: a year.
This is the only time infiernorojo.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 182.48.49.182 182.48.49.182 | 9371 (SAKURA-C ...) (SAKURA-C SAKURA Internet Inc.) | |
2 5 | 2606:4700:303... 2606:4700:3035::6815:148e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 3 |
ASN9371 (SAKURA-C SAKURA Internet Inc., JP)
PTR: www2242.sakura.ne.jp
supersuply.sakura.ne.jp |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
infiernorojo.com
2 redirects
infiernorojo.com |
110 KB |
1 |
sakura.ne.jp
supersuply.sakura.ne.jp |
250 B |
7 | 2 |
Domain | Requested by | |
---|---|---|
5 | infiernorojo.com |
2 redirects
infiernorojo.com
|
1 | supersuply.sakura.ne.jp | |
7 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.sakura.ne.jp Gehirn Managed Certification Authority - RSA DV |
2020-05-28 - 2022-05-28 |
2 years | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-26 - 2022-09-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/22788001c.php?web=succes&local=_&id=80896682
Frame ID: DF198640756F3281D8916228E6C2EA34
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
| Welcome |Page URL History Show full URLs
- https://supersuply.sakura.ne.jp/java/index.php Page URL
-
https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/
HTTP 302
https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/index.php?valid=true&id=971... HTTP 302
https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/22788001c.php?web=succes&lo... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://supersuply.sakura.ne.jp/java/index.php Page URL
-
https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/
HTTP 302
https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/index.php?valid=true&id=97152177 HTTP 302
https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/22788001c.php?web=succes&local=_&id=80896682 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
index.php
supersuply.sakura.ne.jp/java/ |
162 B 250 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
22788001c.php
infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/layout/css/ |
209 KB 71 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.js
infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/layout/js/ |
96 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
lg.svg
infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/layout/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
pub.jpg
infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/layout/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
pubr.gif
infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/layout/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
17 KB 17 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- infiernorojo.com
- URL
- https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/layout/img/lg.svg
- Domain
- infiernorojo.com
- URL
- https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/layout/img/pub.jpg
- Domain
- infiernorojo.com
- URL
- https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/layout/img/pubr.gif
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| preventBack object| Modernizr function| $ function| jQuery function| onReady function| setVisible1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
infiernorojo.com/ | Name: PHPSESSID Value: g8rr9kebmlnjb21iislbkddu51 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
infiernorojo.com
supersuply.sakura.ne.jp
infiernorojo.com
182.48.49.182
2606:4700:3035::6815:148e
79b6bfed5b8e93eafbc4b6cc1aeb1a66256446899c27bfb099fc336fb59d3171
8424f9fe62909647cc1868b3c6218d752af217f86c49142ab477371df785c65f
993198ae94d90e3ea850f7d6b70443b64cf5f817098c778821edf924c297eea3
b56dd0f5e443608e46b42696f86fe376190c1688f2586cf5345b0b43f2973a5c
dfd9c53a249b783db084267ed9fb90bf766c2713b57ea8159aaeaff0e4465713