sanconsultores.com Open in urlscan Pro
199.250.212.182 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://sanconsultores.com/delivery/checkout/receive?user_id=019849162749
Submission: On April 19 via manual (April 19th 2023, 10:10:14 am UTC) from US — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 9 HTTP transactions. The main IP is 199.250.212.182, located in United States and belongs to INMOTION, US. The main domain is sanconsultores.com.

This is the only time sanconsultores.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
3	199.250.212.182 199.250.212.182	22611 (INMOTION) (INMOTION)
2	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (STACKPATH...) (STACKPATH-CDN)
1 2	104.109.79.23 104.109.79.23	16625 (AKAMAI-AS) (AKAMAI-AS)
9	5

3 199.250.212.182 (United States)

ASN22611 (INMOTION, US)
PTR: vps42909.inmotionhosting.com

sanconsultores.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.109.79.23 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-79-23.deploy.static.akamaitechnologies.com

mydhl.express.dhl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	sanconsultores.com sanconsultores.com	28 KB
2	express.dhl 1 redirects mydhl.express.dhl — Cisco Umbrella Rank: 115592	5 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 344	82 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 474	49 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 997	33 KB
9	5

	Domain	Requested by
3	sanconsultores.com	sanconsultores.com
2	mydhl.express.dhl	1 redirects sanconsultores.com
2	cdnjs.cloudflare.com	sanconsultores.com cdnjs.cloudflare.com
2	cdn.jsdelivr.net	sanconsultores.com
1	code.jquery.com	sanconsultores.com
9	5

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://sanconsultores.com/delivery/checkout/receive?user_id=019849162749
Frame ID: 01595DFBD65CA88A98FEACCDFC38E317
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Receive a Shipment | DHL Express | Address Confirmation

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

9
Requests

56 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

195 kB
Transfer

465 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://mydhl.express.dhl/content/dhl/fr/en/_jcr_content/footer-v2/image.img.png/1625790534535.png HTTP 302
https://mydhl.express.dhl/fr/en/_jcr_content/footer-v2/image.img.png/1625790534535.png

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request receive Show response
sanconsultores.com/delivery/checkout/ 14 KB
15 KB 4155ms
3816ms Document
text/html 199.250.212.182
INMOTION

General

Check archive.org

Show headers Download Go to

Full URL: http://sanconsultores.com/delivery/checkout/receive?user_id=019849162749
Protocol: HTTP/1.1
Server: 199.250.212.182 , United States, ASN22611 (INMOTION, US),
Reverse DNS: vps42909.inmotionhosting.com
Software: Apache /
Resource Hash: e8b75cb17cbda5bfa259700736cf54a01c8e6a81f254285f5a81bd4fae3289d0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: *
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 19 Apr 2023 10:10:08 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Transfer-Encoding: chunked

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.1.1/dist/css/ 159 KB
25 KB 69ms
26ms Stylesheet
text/css 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.1.1/dist/css/bootstrap.min.css

Requested by

Host: sanconsultores.com
URL: http://sanconsultores.com/delivery/checkout/receive?user_id=019849162749

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0071cd7ccef32768966b353e2ff09d13e07ab31148944e5545803232c2341e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://sanconsultores.com/
Origin: http://sanconsultores.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 19 Apr 2023 10:10:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4844154
x-jsd-version: 5.1.1
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230126-FRA, cache-jnb7027-JNB
x-jsd-version-type: version
server: cloudflare
etag: W/"27bcc-BZIWlzlsFSRVBPxM7BbsU0yOz/8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d90dyOg3BFj%2BiFn91W0hh3LowFM9XY8QUaNn%2BxgL%2BJshUZkjCPE99Kv1Pd%2Ftg2dDd063h8jW49QMBu2kKuKRrP4FuXtGjm%2Fw7WKFsoZERiNJJWcRkitYuI7Ei%2FIVBVEpJ81Tc8hOo%2BxMmhlSN5g%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 7ba45b29faad9b64-FRA

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 52ms
13ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: sanconsultores.com
URL: http://sanconsultores.com/delivery/checkout/receive?user_id=019849162749

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://sanconsultores.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 19 Apr 2023 10:10:09 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1182468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5631
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NNS2WP6fuV4cuIDrp%2BXVIkLQsWNpuB4fEIisAlMKC3N9e5fQL%2BSgrYPRdQn%2BK10znmVnr0gJQ78rr%2FZlRr9YkyewfdJAjrJdbT%2Fe8J7F1tjoEYvN%2FVxDH9DNs9BxaVIaQGnPhoe0QQC4xH%2F%2Bd1RjUi74"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7ba45b29fb4cbb7f-FRA
expires: Mon, 08 Apr 2024 10:10:09 GMT

GET
H2 200 jquery-1.11.1.min.js Show response
code.jquery.com/ 94 KB
33 KB 83ms
19ms Script
application/javascript 2001:4de0:ac18::1:a:3b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.11.1.min.js
Requested by: Host: sanconsultores.com
URL: http://sanconsultores.com/delivery/checkout/receive?user_id=019849162749
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://sanconsultores.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 19 Apr 2023 10:10:09 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-1762a"
vary: Accept-Encoding
x-hw: 1681899009.dop222.am5.t,1681899009.cds228.am5.hn,1681899009.cds249.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 33202

GET
H/1.1 200
OK core.css
sanconsultores.com/css/ 4 KB
4 KB 156ms
156ms Stylesheet
text/css 199.250.212.182
INMOTION

General

Check archive.org

Show headers Download Go to

Full URL: http://sanconsultores.com/css/core.css
Requested by: Host: sanconsultores.com
URL: http://sanconsultores.com/delivery/checkout/receive?user_id=019849162749
Protocol: HTTP/1.1
Server: 199.250.212.182 , United States, ASN22611 (INMOTION, US),
Reverse DNS: vps42909.inmotionhosting.com
Software: Apache /
Resource Hash: eee29e4819608a72d1c3918d82f94381b0cf5cf348e0f47e9e03aa701374b8ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://sanconsultores.com/delivery/checkout/receive?user_id=019849162749
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Wed, 19 Apr 2023 10:10:09 GMT
Last-Modified: Mon, 27 Dec 2021 02:55:10 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 4334

GET
H/1.1 200
OK dhl-logo.png
sanconsultores.com/img/ 8 KB
8 KB 206ms
155ms Image
image/png 199.250.212.182
INMOTION

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://sanconsultores.com/img/dhl-logo.png
Requested by: Host: sanconsultores.com
URL: http://sanconsultores.com/delivery/checkout/receive?user_id=019849162749
Protocol: HTTP/1.1
Server: 199.250.212.182 , United States, ASN22611 (INMOTION, US),
Reverse DNS: vps42909.inmotionhosting.com
Software: Apache /
Resource Hash: d7795b6034cbc93fc0632df895294a248644faa373ff8654553f81c137972ae8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://sanconsultores.com/delivery/checkout/receive?user_id=019849162749
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Wed, 19 Apr 2023 10:10:09 GMT
Last-Modified: Mon, 27 Dec 2021 01:58:56 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 8313

GET
H2

200

1625790534535.png
mydhl.express.dhl/fr/en/_jcr_content/footer-v2/image.img.png/
Redirect Chain

https://mydhl.express.dhl/content/dhl/fr/en/_jcr_content/footer-v2/image.img.png/1625790534535.png
https://mydhl.express.dhl/fr/en/_jcr_content/footer-v2/image.img.png/1625790534535.png

4 KB
4 KB

67ms
48ms

Image
image/png

104.109.79.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mydhl.express.dhl/fr/en/_jcr_content/footer-v2/image.img.png/1625790534535.png

Requested by

Host: sanconsultores.com
URL: http://sanconsultores.com/delivery/checkout/receive?user_id=019849162749

Protocol

Server

104.109.79.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-79-23.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5c4b801e60c49235941cfc562ed465a951c937c668db31e3c1ba152513c672d3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.dhl.com ws: https: http:
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://sanconsultores.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.dhl.com ws: https: http:
strict-transport-security: max-age=31536000 ; includeSubDomains
date: Wed, 19 Apr 2023 10:10:09 GMT
last-modified: Fri, 14 Apr 2023 23:20:40 GMT
server: nginx
x-akamai-tls: tls1.2
etag: W/"f26-5f95416e33e34"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=10800, public
server-timing: cdn-cache; desc=HIT, edge; dur=5, ak_p; desc="467194_34649469_440529561_479_12733_7_0";dur=1
accept-ranges: bytes
content-length: 3878
expires: Sat, 15 Apr 2023 02:20:40 GMT

Redirect headers

dc-name: CBJ
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.dhl.com ws: https: http:
strict-transport-security: max-age=31536000 ; includeSubDomains
date: Wed, 19 Apr 2023 10:10:09 GMT
x-akamai-tls: tls1.2
server: nginx
content-type: text/html
location: https://mydhl.express.dhl/fr/en/_jcr_content/footer-v2/image.img.png/1625790534535.png
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467194_34649469_440529499_31_9668_6_0";dur=1
content-length: 138

GET
H2 200 bootstrap.bundle.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@5.1.1/dist/js/ 77 KB
23 KB 35ms
23ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.1.1/dist/js/bootstrap.bundle.min.js

Requested by

Host: sanconsultores.com
URL: http://sanconsultores.com/delivery/checkout/receive?user_id=019849162749

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5a12b84f9543d5ba3231837c2f2467563405aa66a582b6fc400985f85df49ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://sanconsultores.com/
Origin: http://sanconsultores.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 19 Apr 2023 10:10:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4844178
x-jsd-version: 5.1.1
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230074-FRA, cache-yyz4573-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"13417-CF7M/QNtoe32ATiKaM/lyzFrHiw"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NobfMt%2FscQCcNMHdee4RQMO9m9Slg09zrRVA%2ByCOfgiXfsyv4BkSKj741P6NohknCZtgpHQ%2FbhW%2BYsyQ%2FOx03dFSz9nse5HyeU%2Bzm0HqZxjY6Xv5Fk0l%2B54yGMy7DajiVVj%2FGZp%2Bdmh7j%2Fmcmx0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 7ba45b2abba79b64-FRA

GET
H3 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 75 KB
76 KB 58ms
22ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Origin: http://sanconsultores.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 19 Apr 2023 10:10:09 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5488295
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-12d68"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oWFH4M1MF9CLzzPfRHELLVn%2Fjq4Ooin7RgGueMTUkHtBJNQUpCn10RTA1LWPaXvlC21G6UgcyamZhPd3O1AeaoqBcZks%2BTt0S0mTNFzyinIbdHAdEAub8z2AEci%2B44nLLhhCEuiz4wv1JQlX1%2FA4O3hP"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7ba45b2b1cf93a49-FRA
expires: Mon, 08 Apr 2024 10:10:09 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
mydhl.express.dhl
sanconsultores.com
104.109.79.23
199.250.212.182
2001:4de0:ac18::1:a:3b
2606:4700::6810:5714
2606:4700::6811:180e
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
5c4b801e60c49235941cfc562ed465a951c937c668db31e3c1ba152513c672d3
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
b0071cd7ccef32768966b353e2ff09d13e07ab31148944e5545803232c2341e9
d7795b6034cbc93fc0632df895294a248644faa373ff8654553f81c137972ae8
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
e5a12b84f9543d5ba3231837c2f2467563405aa66a582b6fc400985f85df49ad
e8b75cb17cbda5bfa259700736cf54a01c8e6a81f254285f5a81bd4fae3289d0
eee29e4819608a72d1c3918d82f94381b0cf5cf348e0f47e9e03aa701374b8ea

sanconsultores.com Open in urlscan Pro 199.250.212.182 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

9 Requests

56 %HTTPS

60 %IPv6

5 Domains

5 Subdomains

5 IPs

3 Countries

195 kBTransfer

465 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

Indicators

sanconsultores.com Open in urlscan Pro
199.250.212.182 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

56 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

195 kB
Transfer

465 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!