www.dhl-seguimiento.com
Open in
urlscan Pro
111.90.156.113
Malicious Activity!
Public Scan
Submission: On July 11 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 11th 2021. Valid for: a year.
This is the only time www.dhl-seguimiento.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 111.90.156.113 111.90.156.113 | 201133 (VERDINA) (VERDINA) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:2b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
9 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
dhl-seguimiento.com
www.dhl-seguimiento.com |
95 KB |
1 |
jquery.com
code.jquery.com |
30 KB |
9 | 2 |
Domain | Requested by | |
---|---|---|
8 | www.dhl-seguimiento.com |
www.dhl-seguimiento.com
|
1 | code.jquery.com |
www.dhl-seguimiento.com
|
9 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.dhl-seguimiento.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-11 - 2022-07-11 |
a year | crt.sh |
jquery.org Sectigo RSA Domain Validation Secure Server CA |
2020-10-06 - 2021-10-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.dhl-seguimiento.com/
Frame ID: E4C36B301E95BA7BE1BF6A9F033381DD
Requests: 9 HTTP requests in this frame
Screenshot
Detected technologies
Jekyll (Static Site Generator) ExpandDetected patterns
- meta generator /Jekyll (v[\d.]+)?/i
Bootstrap (Web Frameworks) Expand
Detected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
LiteSpeed (Web Servers) Expand
Detected patterns
- headers server /^LiteSpeed$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.dhl-seguimiento.com/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.css
www.dhl-seguimiento.com/index_files/ |
157 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
www.dhl-seguimiento.com/index_files/ |
3 KB 441 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
blog.css
www.dhl-seguimiento.com/index_files/ |
2 KB 675 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dhl_logo.gif
www.dhl-seguimiento.com/img/ |
443 B 504 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
illustration-parcel-dhl.png
www.dhl-seguimiento.com/img/ |
52 KB 52 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading.gif
www.dhl-seguimiento.com/img/ |
17 KB 17 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.preloadinator.min.js
www.dhl-seguimiento.com/js/ |
1 KB 428 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated string| lang function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
www.dhl-seguimiento.com
111.90.156.113
2001:4de0:ac18::1:a:2b
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1ee76aab29ad3c5a94e5a963570f15e2de92ce3f9591c2b31470515ca93559e2
2093d835a2088e7979b736312d9b55e793220d27dac76ff6fc18d1a24125aae7
2f680b51b19fc3c5befd02bd9d0d4e88c2722a5210157e4ef68933c5ba352109
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
6dab4fcc95fb9e408fa8901ab6024e30da6ce2eefff0bcfdb5b1fc71cb330d50
a2f44208c6b3a38d233252a4c79f3adbce6436746ca4d1e4cd6f8bed027753c2
ce6a239fde88d8fb01c7a10d6f7b27d1bc23f5462d02f5ebb4927479fa32a302
d30cea868347c321aeab5139a54ec5391a5e9fa0886ef088cc99b84a45a63b20