infiernorojo.com Open in urlscan Pro
2606:4700:3035::6815:148e  Malicious Activity! Public Scan

Submitted URL: https://supersuply.sakura.ne.jp/java/index.php
Effective URL: https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/22788001c.php?web=succes&local=_&id=80896682
Submission: On December 15 via manual from GB — Scanned from JP

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 2606:4700:3035::6815:148e, located in United States and belongs to CLOUDFLARENET, US. The main domain is infiernorojo.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on September 26th 2021. Valid for: a year.
This is the only time infiernorojo.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 182.48.49.182 9371 (SAKURA-C ...)
2 5 2606:4700:303... 13335 (CLOUDFLAR...)
7 3
Apex Domain
Subdomains
Transfer
5 infiernorojo.com
infiernorojo.com
110 KB
1 sakura.ne.jp
supersuply.sakura.ne.jp
250 B
7 2
Domain Requested by
5 infiernorojo.com 2 redirects infiernorojo.com
1 supersuply.sakura.ne.jp
7 2

This site contains no links.

Subject Issuer Validity Valid
*.sakura.ne.jp
Gehirn Managed Certification Authority - RSA DV
2020-05-28 -
2022-05-28
2 years crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-09-26 -
2022-09-25
a year crt.sh

This page contains 1 frames:

Primary Page: https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/22788001c.php?web=succes&local=_&id=80896682
Frame ID: DF198640756F3281D8916228E6C2EA34
Requests: 8 HTTP requests in this frame

Screenshot

Page Title

| Welcome |

Page URL History Show full URLs

  1. https://supersuply.sakura.ne.jp/java/index.php Page URL
  2. https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/ HTTP 302
    https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/index.php?valid=true&id=971... HTTP 302
    https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/22788001c.php?web=succes&lo... Page URL

Page Statistics

7
Requests

57 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

126 kB
Transfer

326 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://supersuply.sakura.ne.jp/java/index.php Page URL
  2. https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/ HTTP 302
    https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/index.php?valid=true&id=97152177 HTTP 302
    https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/22788001c.php?web=succes&local=_&id=80896682 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
index.php
supersuply.sakura.ne.jp/java/
162 B
250 B
Document
General
Full URL
https://supersuply.sakura.ne.jp/java/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.48.49.182 , Japan, ASN9371 (SAKURA-C SAKURA Internet Inc., JP),
Reverse DNS
www2242.sakura.ne.jp
Software
nginx / PHP/5.2.17
Resource Hash
dfd9c53a249b783db084267ed9fb90bf766c2713b57ea8159aaeaff0e4465713

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9

Response headers

server
nginx
date
Wed, 15 Dec 2021 02:39:50 GMT
content-type
text/html
x-powered-by
PHP/5.2.17
Primary Request 22788001c.php
infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/
Redirect Chain
  • https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/
  • https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/index.php?valid=true&id=97152177
  • https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/22788001c.php?web=succes&local=_&id=80896682
4 KB
2 KB
Document
General
Full URL
https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/22788001c.php?web=succes&local=_&id=80896682
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:148e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8424f9fe62909647cc1868b3c6218d752af217f86c49142ab477371df785c65f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9
Referer
https://supersuply.sakura.ne.jp/java/index.php

Response headers

date
Wed, 15 Dec 2021 02:39:52 GMT
content-type
text/html; charset-UTF-8;charset=UTF-8
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
vary
Accept-Encoding
x-ua-compatible
IE=edge
x-content-type-options
nosniff
x-robots-tag
noindex, nofollow
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8i1dvjnMt%2BsNxRGkin5ykqRAs5elCdmsCtw1jvQQUVp1wyTHrqkO4%2BAaAo8gFCUuqiJQFertIcHnQ2aKcXoNIvuOph2JdWkI%2FGi0LQ0A87AemRcC8LVLbEyuZFCAE%2BGNDU5PveKPjcvqbcCBRPZM"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6bdc4dcf383a8095-NRT
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date
Wed, 15 Dec 2021 02:39:52 GMT
content-type
text/html; charset-UTF-8;charset=UTF-8
location
./22788001c.php?web=succes&local=_&id=80896682
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
x-ua-compatible
IE=edge
x-content-type-options
nosniff
x-robots-tag
noindex, nofollow
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=et07MAvLsNv%2FyLP0LJ5UQr57nMnZjM0jaST%2FCGc4JO0%2Ba6doN0ZDFFd8nzk%2BQYCeO%2BtBLV2A2PfFSfa3XuiynNP3Otbj6RsHq%2F8X2EWC%2FbMOofCzNgIBNjuIL1V5KEb84EOKf4x%2Bv01xoYCmp%2FQc"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6bdc4dcd3b200e82-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
style.css
infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/layout/css/
209 KB
71 KB
Stylesheet
General
Full URL
https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/layout/css/style.css
Requested by
Host: infiernorojo.com
URL: https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/22788001c.php?web=succes&local=_&id=80896682
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:148e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
993198ae94d90e3ea850f7d6b70443b64cf5f817098c778821edf924c297eea3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/22788001c.php?web=succes&local=_&id=80896682
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 02:39:53 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6bdc4dd39c8a8095-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Tue, 03 Nov 2020 01:29:58 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ghJxFh42mZ0Is9q1wDL80S8%2F8woeWzyghiRMXRowQcPsBKEqSlJkmowCVc1nlXSZQUgTxTzfIp2gr%2Bg16rVMFCWfcsdHezCgR8c%2B6Rn4bshLERXxlal1tzV9Ya8t7n48Dmn1ZiWZPXP2NwcNjEmW"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=31536000
x-robots-tag
noindex, nofollow
expires
Sun, 11 Dec 2022 08:18:42 GMT
style.js
infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/layout/js/
96 KB
36 KB
Script
General
Full URL
https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/layout/js/style.js
Requested by
Host: infiernorojo.com
URL: https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/22788001c.php?web=succes&local=_&id=80896682
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:148e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b56dd0f5e443608e46b42696f86fe376190c1688f2586cf5345b0b43f2973a5c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/22788001c.php?web=succes&local=_&id=80896682
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 02:39:54 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6bdc4dd39c8b8095-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 07 Sep 2020 11:13:44 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sQy8BIDG0swb2cJXR7Pm9%2Fc0gjHpbeHKZkYja6rFmk9cw7EZBKGomlMjKZTWcfIbVs06rgs5QD9%2FmAECYjAOF1ojkRQvL7nOa6JqzufRkBzX3JaqfY0hTauFS7vvWIDAnIgbF%2BwIPPX1FniqXTlt"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000
x-robots-tag
noindex, nofollow
expires
Fri, 09 Dec 2022 20:36:22 GMT
lg.svg
infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/layout/img/
0
0

pub.jpg
infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/layout/img/
0
0

pubr.gif
infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/layout/img/
0
0

truncated
/
17 KB
17 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
79b6bfed5b8e93eafbc4b6cc1aeb1a66256446899c27bfb099fc336fb59d3171

Request headers

Referer
Origin
https://infiernorojo.com
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
infiernorojo.com
URL
https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/layout/img/lg.svg
Domain
infiernorojo.com
URL
https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/layout/img/pub.jpg
Domain
infiernorojo.com
URL
https://infiernorojo.com/wp.service/DHL-DirectBilling-traching/F004f19441/layout/img/pubr.gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| preventBack object| Modernizr function| $ function| jQuery function| onReady function| setVisible

1 Cookies

Domain/Path Name / Value
infiernorojo.com/ Name: PHPSESSID
Value: g8rr9kebmlnjb21iislbkddu51