www.dhl-seguimiento.com Open in urlscan Pro
111.90.156.113 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.dhl-seguimiento.com/
Submission: On July 11 via automatic, source certstream-suspicious (July 11th 2021, 6:12:35 am UTC)

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 111.90.156.113, located in Malaysia and belongs to VERDINA, BZ. The main domain is www.dhl-seguimiento.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 11th 2021. Valid for: a year.

This is the only time www.dhl-seguimiento.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
8	111.90.156.113 111.90.156.113	201133 (VERDINA) (VERDINA)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2b	20446 (HIGHWINDS3) (HIGHWINDS3)
9	2

8 111.90.156.113 (Malaysia)

ASN201133 (VERDINA, BZ)

www.dhl-seguimiento.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	dhl-seguimiento.com www.dhl-seguimiento.com	95 KB
1	jquery.com code.jquery.com	30 KB
9	2

	Domain	Requested by
8	www.dhl-seguimiento.com	www.dhl-seguimiento.com
1	code.jquery.com	www.dhl-seguimiento.com
9	2

This site contains no links.

Subject Issuer	Validity	Valid
www.dhl-seguimiento.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-11` - `2022-07-11`	a year	crt.sh
jquery.org Sectigo RSA Domain Validation Secure Server CA	`2020-10-06` - `2021-10-16`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.dhl-seguimiento.com/
Frame ID: E4C36B301E95BA7BE1BF6A9F033381DD
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Jekyll (Static Site Generator) Expand

Overall confidence: 100%
Detected patterns

meta generator /Jekyll (v[\d.]+)?/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

9
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

125 kB
Transfer

324 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.dhl-seguimiento.com/	7 KB 3 KB	242ms 78ms	Document text/html	111.90.156.113 VERDINA
General Check archive.org Show headers Download Go to Full URL https://www.dhl-seguimiento.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 111.90.156.113 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS Software LiteSpeed / PHP/7.3.28 Resource Hash `1ee76aab29ad3c5a94e5a963570f15e2de92ce3f9591c2b31470515ca93559e2` Request headers :method GET :authority www.dhl-seguimiento.com :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-powered-by PHP/7.3.28 content-type text/html; charset=UTF-8 content-length 2335 content-encoding br vary Accept-Encoding date Sun, 11 Jul 2021 06:12:14 GMT server LiteSpeed alt-svc h3-34=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
GET H2	200	bootstrap.css www.dhl-seguimiento.com/index_files/	157 KB 21 KB	405ms 103ms	Stylesheet text/css	111.90.156.113 VERDINA
General Check archive.org Show headers Download Go to Full URL https://www.dhl-seguimiento.com/index_files/bootstrap.css Requested by Host: www.dhl-seguimiento.com URL: https://www.dhl-seguimiento.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 111.90.156.113 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS Software LiteSpeed / Resource Hash `5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a` Request headers :path /index_files/bootstrap.css pragma no-cache origin https://www.dhl-seguimiento.com accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority www.dhl-seguimiento.com referer https://www.dhl-seguimiento.com/ :scheme https sec-fetch-site same-origin :method GET Origin https://www.dhl-seguimiento.com Referer https://www.dhl-seguimiento.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 11 Jul 2021 06:12:14 GMT content-encoding br last-modified Mon, 24 Aug 2020 19:17:52 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control max-age=604800, public accept-ranges bytes content-length 21513
GET H2	200	css.css www.dhl-seguimiento.com/index_files/	3 KB 441 B	407ms 105ms	Stylesheet text/css	111.90.156.113 VERDINA
General Check archive.org Show headers Download Go to Full URL https://www.dhl-seguimiento.com/index_files/css.css Requested by Host: www.dhl-seguimiento.com URL: https://www.dhl-seguimiento.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 111.90.156.113 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS Software LiteSpeed / Resource Hash `d30cea868347c321aeab5139a54ec5391a5e9fa0886ef088cc99b84a45a63b20` Request headers :path /index_files/css.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority www.dhl-seguimiento.com referer https://www.dhl-seguimiento.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.dhl-seguimiento.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 11 Jul 2021 06:12:14 GMT content-encoding br last-modified Mon, 24 Aug 2020 19:17:51 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control max-age=604800, public accept-ranges bytes content-length 409
GET H2	200	blog.css www.dhl-seguimiento.com/index_files/	2 KB 675 B	404ms 102ms	Stylesheet text/css	111.90.156.113 VERDINA
General Check archive.org Show headers Download Go to Full URL https://www.dhl-seguimiento.com/index_files/blog.css Requested by Host: www.dhl-seguimiento.com URL: https://www.dhl-seguimiento.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 111.90.156.113 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS Software LiteSpeed / Resource Hash `a2f44208c6b3a38d233252a4c79f3adbce6436746ca4d1e4cd6f8bed027753c2` Request headers :path /index_files/blog.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority www.dhl-seguimiento.com referer https://www.dhl-seguimiento.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.dhl-seguimiento.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 11 Jul 2021 06:12:14 GMT content-encoding br last-modified Mon, 24 Aug 2020 19:17:51 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control max-age=604800, public accept-ranges bytes content-length 591
GET H2	200	dhl_logo.gif www.dhl-seguimiento.com/img/	443 B 504 B	443ms 142ms	Image image/gif	111.90.156.113 VERDINA
General Check archive.org Show headers Download Go to Show image Full URL https://www.dhl-seguimiento.com/img/dhl_logo.gif Requested by Host: www.dhl-seguimiento.com URL: https://www.dhl-seguimiento.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 111.90.156.113 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS Software LiteSpeed / Resource Hash `2f680b51b19fc3c5befd02bd9d0d4e88c2722a5210157e4ef68933c5ba352109` Request headers :path /img/dhl_logo.gif pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority www.dhl-seguimiento.com referer https://www.dhl-seguimiento.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.dhl-seguimiento.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 11 Jul 2021 06:12:14 GMT cache-control max-age=2419200, public last-modified Mon, 24 Aug 2020 19:17:41 GMT server LiteSpeed accept-ranges bytes content-length 443 content-type image/gif
GET H2	200	illustration-parcel-dhl.png www.dhl-seguimiento.com/img/	52 KB 52 KB	369ms 68ms	Image image/png	111.90.156.113 VERDINA
General Check archive.org Show headers Download Go to Show image Full URL https://www.dhl-seguimiento.com/img/illustration-parcel-dhl.png Requested by Host: www.dhl-seguimiento.com URL: https://www.dhl-seguimiento.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 111.90.156.113 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS Software LiteSpeed / Resource Hash `2093d835a2088e7979b736312d9b55e793220d27dac76ff6fc18d1a24125aae7` Request headers :path /img/illustration-parcel-dhl.png pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority www.dhl-seguimiento.com referer https://www.dhl-seguimiento.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.dhl-seguimiento.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 11 Jul 2021 06:12:14 GMT cache-control max-age=2419200, public last-modified Mon, 24 Aug 2020 19:17:42 GMT server LiteSpeed accept-ranges bytes content-length 53616 content-type image/png
GET H2	200	loading.gif www.dhl-seguimiento.com/img/	17 KB 17 KB	444ms 143ms	Image image/gif	111.90.156.113 VERDINA
General Check archive.org Show headers Download Go to Show image Full URL https://www.dhl-seguimiento.com/img/loading.gif Requested by Host: www.dhl-seguimiento.com URL: https://www.dhl-seguimiento.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 111.90.156.113 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS Software LiteSpeed / Resource Hash `ce6a239fde88d8fb01c7a10d6f7b27d1bc23f5462d02f5ebb4927479fa32a302` Request headers :path /img/loading.gif pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority www.dhl-seguimiento.com referer https://www.dhl-seguimiento.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.dhl-seguimiento.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 11 Jul 2021 06:12:14 GMT cache-control max-age=2419200, public last-modified Mon, 24 Aug 2020 19:17:38 GMT server LiteSpeed accept-ranges bytes content-length 17585 content-type image/gif
GET H2	200	jquery-3.3.1.min.js Show response code.jquery.com/	85 KB 30 KB	31ms 11ms	Script application/javascript	2001:4de0:ac18::1:a:2b HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.3.1.min.js Requested by Host: www.dhl-seguimiento.com URL: https://www.dhl-seguimiento.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software nginx / Resource Hash `160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef` Request headers Origin https://www.dhl-seguimiento.com Referer https://www.dhl-seguimiento.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 11 Jul 2021 06:12:14 GMT content-encoding gzip last-modified Sat, 20 Jan 2018 17:26:44 GMT server nginx etag W/"5a637bd4-1538f" vary Accept-Encoding x-hw 1625983934.dop163.fr8.t,1625983934.cds212.fr8.hn,1625983934.cds002.fr8.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 30288
GET H2	200	jquery.preloadinator.min.js Show response www.dhl-seguimiento.com/js/	1 KB 428 B	364ms 63ms	Script application/javascript	111.90.156.113 VERDINA
General Check archive.org Show headers Download Go to Full URL https://www.dhl-seguimiento.com/js/jquery.preloadinator.min.js Requested by Host: www.dhl-seguimiento.com URL: https://www.dhl-seguimiento.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 111.90.156.113 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS Software LiteSpeed / Resource Hash `6dab4fcc95fb9e408fa8901ab6024e30da6ce2eefff0bcfdb5b1fc71cb330d50` Request headers :path /js/jquery.preloadinator.min.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority www.dhl-seguimiento.com referer https://www.dhl-seguimiento.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://www.dhl-seguimiento.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 11 Jul 2021 06:12:14 GMT content-encoding br last-modified Mon, 24 Aug 2020 19:18:06 GMT server LiteSpeed vary Accept-Encoding content-type application/javascript cache-control max-age=604800, public accept-ranges bytes content-length 356

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
www.dhl-seguimiento.com
111.90.156.113
2001:4de0:ac18::1:a:2b
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1ee76aab29ad3c5a94e5a963570f15e2de92ce3f9591c2b31470515ca93559e2
2093d835a2088e7979b736312d9b55e793220d27dac76ff6fc18d1a24125aae7
2f680b51b19fc3c5befd02bd9d0d4e88c2722a5210157e4ef68933c5ba352109
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
6dab4fcc95fb9e408fa8901ab6024e30da6ce2eefff0bcfdb5b1fc71cb330d50
a2f44208c6b3a38d233252a4c79f3adbce6436746ca4d1e4cd6f8bed027753c2
ce6a239fde88d8fb01c7a10d6f7b27d1bc23f5462d02f5ebb4927479fa32a302
d30cea868347c321aeab5139a54ec5391a5e9fa0886ef088cc99b84a45a63b20

www.dhl-seguimiento.com Open in urlscan Pro 111.90.156.113 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

125 kBTransfer

324 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

0 Cookies

Indicators

www.dhl-seguimiento.com Open in urlscan Pro
111.90.156.113 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

125 kB
Transfer

324 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!