thdsaml.homedepot.escaeperu.com Open in urlscan Pro
50.31.188.119 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://thdsaml.homedepot.escaeperu.com/home/Udlaps/index.html
Submission: On October 03 via manual (October 3rd 2023, 2:58:03 pm UTC) from US — Scanned from DE

Summary HTTP 8 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 50.31.188.119, located in Chicago, United States and belongs to SERVERCENTRAL, US. The main domain is thdsaml.homedepot.escaeperu.com.

This is the only time thdsaml.homedepot.escaeperu.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: The Home Depot (E-commerce)

Domain & IP information

	IP Address		AS Autonomous System
6	50.31.188.119 50.31.188.119		23352 (SERVERCEN...) (SERVERCENTRAL)
8	2

6 50.31.188.119 (Chicago, United States)

ASN23352 (SERVERCENTRAL, US)
PTR: priva80.privatednsorg.com

thdsaml.homedepot.escaeperu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	escaeperu.com thdsaml.homedepot.escaeperu.com	122 KB
8	1

	Domain	Requested by
6	thdsaml.homedepot.escaeperu.com	thdsaml.homedepot.escaeperu.com
8	1

This site contains links to these domains. Also see Links.

Domain
thdsaml.homedepot.com

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://thdsaml.homedepot.escaeperu.com/home/Udlaps/index.html
Frame ID: 192D50CB3C01DD5DD0066316E11E31C0
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

THD Identity - THD Account Sign On

Page Statistics

8
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

122 kB
Transfer

460 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://thdsaml.homedepot.com/idp/iCA7s/resume/idp/prp.ping?ChangePassword=true
Title: Change Password

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

http://thdsaml.homedepot.escaeperu.com/assets/thd-identity/fonts/open-sans-latin-400-normal.woff2 HTTP 301
https://thdsaml.homedepot.escaeperu.com/assets/thd-identity/fonts/open-sans-latin-400-normal.woff2

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.html Show response thdsaml.homedepot.escaeperu.com/home/Udlaps/	7 KB 2 KB	568ms 141ms	Document text/html	50.31.188.119 SERVERCENTRAL
General Check archive.org Show headers Download Go to Full URL http://thdsaml.homedepot.escaeperu.com/home/Udlaps/index.html Protocol HTTP/1.1 Server 50.31.188.119 Chicago, United States, ASN23352 (SERVERCENTRAL, US), Reverse DNS priva80.privatednsorg.com Software / Resource Hash `238e4ba08ae637488e97f65f8df1cd0fb6184defd17c3882df5cb3ed77cc0f06` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Keep-Alive timeout=5, max=100 accept-ranges bytes content-encoding gzip content-length 2273 content-type text/html date Tue, 03 Oct 2023 14:57:58 GMT last-modified Thu, 24 Aug 2023 21:04:07 GMT vary Accept-Encoding
GET H/1.1	200 OK	runtime.js Show response thdsaml.homedepot.escaeperu.com/home/Udlaps/ssop/	1 KB 1 KB	143ms 143ms	Script application/javascript	50.31.188.119 SERVERCENTRAL
General Check archive.org Show headers Download Go to Full URL http://thdsaml.homedepot.escaeperu.com/home/Udlaps/ssop/runtime.js Requested by Host: thdsaml.homedepot.escaeperu.com URL: http://thdsaml.homedepot.escaeperu.com/home/Udlaps/index.html Protocol HTTP/1.1 Server 50.31.188.119 Chicago, United States, ASN23352 (SERVERCENTRAL, US), Reverse DNS priva80.privatednsorg.com Software / Resource Hash `39d9c7792979adf98e35223b86bb2519c8f57cab682e71f4f435ab6a5a7f399e` Request headers accept-language de-DE,de;q=0.9 Referer http://thdsaml.homedepot.escaeperu.com/home/Udlaps/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 14:57:58 GMT content-encoding gzip last-modified Thu, 24 Aug 2023 20:58:41 GMT vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 798 expires Tue, 10 Oct 2023 14:57:58 GMT
GET H/1.1	200 OK	core-js.js Show response thdsaml.homedepot.escaeperu.com/home/Udlaps/ssop/	153 KB 53 KB	282ms 142ms	Script application/javascript	50.31.188.119 SERVERCENTRAL
General Check archive.org Show headers Download Go to Full URL http://thdsaml.homedepot.escaeperu.com/home/Udlaps/ssop/core-js.js Requested by Host: thdsaml.homedepot.escaeperu.com URL: http://thdsaml.homedepot.escaeperu.com/home/Udlaps/index.html Protocol HTTP/1.1 Server 50.31.188.119 Chicago, United States, ASN23352 (SERVERCENTRAL, US), Reverse DNS priva80.privatednsorg.com Software / Resource Hash `63c554fb247650b48af05904b9050843f1f6750a12c65ebd1088208b31426208` Request headers accept-language de-DE,de;q=0.9 Referer http://thdsaml.homedepot.escaeperu.com/home/Udlaps/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 14:57:58 GMT content-encoding gzip last-modified Thu, 24 Aug 2023 20:58:41 GMT vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 53547 expires Tue, 10 Oct 2023 14:57:58 GMT
GET H/1.1	200 OK	login.js Show response thdsaml.homedepot.escaeperu.com/home/Udlaps/ssop/	85 KB 28 KB	282ms 143ms	Script application/javascript	50.31.188.119 SERVERCENTRAL
General Check archive.org Show headers Download Go to Full URL http://thdsaml.homedepot.escaeperu.com/home/Udlaps/ssop/login.js Requested by Host: thdsaml.homedepot.escaeperu.com URL: http://thdsaml.homedepot.escaeperu.com/home/Udlaps/index.html Protocol HTTP/1.1 Server 50.31.188.119 Chicago, United States, ASN23352 (SERVERCENTRAL, US), Reverse DNS priva80.privatednsorg.com Software / Resource Hash `56e423ff5cf12e310014bb75f29f9b62d3ee704c7a28dbc551fdb986b0421f79` Request headers accept-language de-DE,de;q=0.9 Referer http://thdsaml.homedepot.escaeperu.com/home/Udlaps/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 14:57:58 GMT content-encoding gzip last-modified Thu, 24 Aug 2023 20:58:41 GMT vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 28745 expires Tue, 10 Oct 2023 14:57:58 GMT
GET H/1.1	200 OK	login.css thdsaml.homedepot.escaeperu.com/home/Udlaps/ssop/	199 KB 31 KB	279ms 141ms	Stylesheet text/css	50.31.188.119 SERVERCENTRAL
General Check archive.org Show headers Download Go to Full URL http://thdsaml.homedepot.escaeperu.com/home/Udlaps/ssop/login.css Requested by Host: thdsaml.homedepot.escaeperu.com URL: http://thdsaml.homedepot.escaeperu.com/home/Udlaps/index.html Protocol HTTP/1.1 Server 50.31.188.119 Chicago, United States, ASN23352 (SERVERCENTRAL, US), Reverse DNS priva80.privatednsorg.com Software / Resource Hash `5195c95d50422264793f261ba52bf65d9c62b3221f0d701a4d0ceca8c25711d6` Request headers accept-language de-DE,de;q=0.9 Referer http://thdsaml.homedepot.escaeperu.com/home/Udlaps/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 14:57:58 GMT content-encoding gzip last-modified Thu, 24 Aug 2023 20:58:41 GMT vary Accept-Encoding content-type text/css cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 31125 expires Tue, 10 Oct 2023 14:57:58 GMT
GET H/1.1	200 OK	thd-logo.svg thdsaml.homedepot.escaeperu.com/home/Udlaps/ssop/	15 KB 7 KB	285ms 146ms	Image image/svg+xml	50.31.188.119 SERVERCENTRAL
General Check archive.org Show headers Download Go to Show image Full URL http://thdsaml.homedepot.escaeperu.com/home/Udlaps/ssop/thd-logo.svg Requested by Host: thdsaml.homedepot.escaeperu.com URL: http://thdsaml.homedepot.escaeperu.com/home/Udlaps/index.html Protocol HTTP/1.1 Server 50.31.188.119 Chicago, United States, ASN23352 (SERVERCENTRAL, US), Reverse DNS priva80.privatednsorg.com Software / Resource Hash `81812d294295c166da8a663f1c8610713c52292c3abedee1edf33fcbdef699e4` Request headers accept-language de-DE,de;q=0.9 Referer http://thdsaml.homedepot.escaeperu.com/home/Udlaps/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 14:57:58 GMT content-encoding gzip last-modified Thu, 24 Aug 2023 20:58:41 GMT vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 6516 expires Tue, 10 Oct 2023 14:57:58 GMT
GET		open-sans-latin-400-normal.woff2 thdsaml.homedepot.escaeperu.com/assets/thd-identity/fonts/ Redirect Chain http://thdsaml.homedepot.escaeperu.com/assets/thd-identity/fonts/open-sans-latin-400-normal.woff2 https://thdsaml.homedepot.escaeperu.com/assets/thd-identity/fonts/open-sans-latin-400-normal.woff2	0 0

GET		open-sans-all-400-normal.woff thdsaml.homedepot.escaeperu.com/assets/thd-identity/fonts/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: thdsaml.homedepot.escaeperu.com
URL: https://thdsaml.homedepot.escaeperu.com/assets/thd-identity/fonts/open-sans-latin-400-normal.woff2

Domain: thdsaml.homedepot.escaeperu.com
URL: http://thdsaml.homedepot.escaeperu.com/assets/thd-identity/fonts/open-sans-all-400-normal.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: The Home Depot (E-commerce)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunkthd_pingfed_pages function| setImmediate function| clearImmediate function| submitForm

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			thdsaml.homedepot.escaeperu.com/	1970-01-20 15:57:03	Name: ibx_wpfomo_ip Value: 80.255.7.106

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: http://thdsaml.homedepot.escaeperu.com/home/Udlaps/index.html Message: Access to font at 'https://thdsaml.homedepot.escaeperu.com/assets/thd-identity/fonts/open-sans-latin-400-normal.woff2' (redirected from 'http://thdsaml.homedepot.escaeperu.com/assets/thd-identity/fonts/open-sans-latin-400-normal.woff2') from origin 'http://thdsaml.homedepot.escaeperu.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://thdsaml.homedepot.escaeperu.com/assets/thd-identity/fonts/open-sans-latin-400-normal.woff2 Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

thdsaml.homedepot.escaeperu.com
thdsaml.homedepot.escaeperu.com
50.31.188.119
238e4ba08ae637488e97f65f8df1cd0fb6184defd17c3882df5cb3ed77cc0f06
39d9c7792979adf98e35223b86bb2519c8f57cab682e71f4f435ab6a5a7f399e
5195c95d50422264793f261ba52bf65d9c62b3221f0d701a4d0ceca8c25711d6
56e423ff5cf12e310014bb75f29f9b62d3ee704c7a28dbc551fdb986b0421f79
63c554fb247650b48af05904b9050843f1f6750a12c65ebd1088208b31426208
81812d294295c166da8a663f1c8610713c52292c3abedee1edf33fcbdef699e4

thdsaml.homedepot.escaeperu.com Open in urlscan Pro 50.31.188.119 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

8 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

122 kBTransfer

460 kBSize

1 Cookies

1 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

thdsaml.homedepot.escaeperu.com Open in urlscan Pro
50.31.188.119 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

122 kB
Transfer

460 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!