mexicosabea.com - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 67.227.237.216, located in United States and belongs to LIQUIDWEB, US. The main domain is mexicosabea.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 2nd 2023. Valid for: 3 months.

This is the only time mexicosabea.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Israel Post (Transporation)

Domain & IP information

	IP Address	AS Autonomous System
1	145.131.41.52 145.131.41.52	8315 (ACNBB) (ACNBB)
1 7	67.227.237.216 67.227.237.216	32244 (LIQUIDWEB) (LIQUIDWEB)
7	2

1 145.131.41.52 (Netherlands)

ASN8315 (ACNBB, NL)
PTR: arg-plplcl09.argewebhosting.nl

www.vandansikbouw.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 67.227.237.216 (United States) 1 redirects

ASN32244 (LIQUIDWEB, US)
PTR: servidor3398.tl.controladordns.com

mexicosabea.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	mexicosabea.com 1 redirects mexicosabea.com	81 KB
1	vandansikbouw.nl www.vandansikbouw.nl	276 B
7	2

	Domain	Requested by
7	mexicosabea.com	1 redirects www.vandansikbouw.nl mexicosabea.com
1	www.vandansikbouw.nl
7	2

This site contains no links.

Subject Issuer	Validity	Valid
mexicosabea.com cPanel, Inc. Certification Authority	`2023-03-02` - `2023-05-31`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://mexicosabea.com/.tmb/IsraeilPoste/app/
Frame ID: 1C9C8C501ED43AA767848BE6E1D7D254
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.vandansikbouw.nl/.tmb/5ucnk.php Page URL
https://mexicosabea.com/.tmb/IsraeilPoste/ HTTP 302
https://mexicosabea.com/.tmb/IsraeilPoste/app/ Page URL

Page Statistics

7
Requests

86 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

81 kB
Transfer

83 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.vandansikbouw.nl/.tmb/5ucnk.php Page URL
https://mexicosabea.com/.tmb/IsraeilPoste/ HTTP 302
https://mexicosabea.com/.tmb/IsraeilPoste/app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	5ucnk.php www.vandansikbouw.nl/.tmb/	78 B 276 B	180ms 134ms	Document text/html	145.131.41.52 ACNBB
General Check archive.org Show headers Download Go to Full URL http://www.vandansikbouw.nl/.tmb/5ucnk.php Protocol HTTP/1.1 Server 145.131.41.52 , Netherlands, ASN8315 (ACNBB, NL), Reverse DNS arg-plplcl09.argewebhosting.nl Software nginx / PleskLin Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers Connection keep-alive Content-Type text/html; charset=UTF-8 Date Sun, 30 Apr 2023 10:05:17 GMT Server nginx Transfer-Encoding chunked X-Powered-By PleskLin
GET H2	200	Primary Request / Show response mexicosabea.com/.tmb/IsraeilPoste/app/ Redirect Chain https://mexicosabea.com/.tmb/IsraeilPoste/ https://mexicosabea.com/.tmb/IsraeilPoste/app/	2 KB 1 KB	169ms 168ms	Document text/html	67.227.237.216 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://mexicosabea.com/.tmb/IsraeilPoste/app/ Requested by Host: www.vandansikbouw.nl URL: http://www.vandansikbouw.nl/.tmb/5ucnk.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 67.227.237.216 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS servidor3398.tl.controladordns.com Software Apache / Resource Hash `f7b883aed7ce01a302659fe88f04ad2bef44651ac81e94154edd754f2a6619bc` Request headers Referer http://www.vandansikbouw.nl/.tmb/5ucnk.php Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers cache-control max-age=600 content-encoding gzip content-length 1075 content-type text/html; charset=UTF-8 date Sun, 30 Apr 2023 10:05:19 GMT expires Sun, 30 Apr 2023 10:15:19 GMT server Apache vary Accept-Encoding,User-Agent Redirect headers cache-control no-store, no-cache, must-revalidate content-length 0 content-type text/html; charset=UTF-8 date Sun, 30 Apr 2023 10:05:17 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location app/ pragma no-cache server Apache vary User-Agent
GET H2	200	app.css mexicosabea.com/.tmb/IsraeilPoste/app/files/files1/	2 KB 648 B	128ms 127ms	Stylesheet text/css	67.227.237.216 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://mexicosabea.com/.tmb/IsraeilPoste/app/files/files1/app.css Requested by Host: mexicosabea.com URL: https://mexicosabea.com/.tmb/IsraeilPoste/app/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 67.227.237.216 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS servidor3398.tl.controladordns.com Software Apache / Resource Hash `4cb179b69035457e9386419a8689b3f92212277390ae886e757e02296f826dbb` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mexicosabea.com/.tmb/IsraeilPoste/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sun, 30 Apr 2023 10:05:19 GMT content-encoding gzip last-modified Sat, 29 Apr 2023 00:26:13 GMT server Apache vary Accept-Encoding,User-Agent content-type text/css cache-control max-age=2592000 accept-ranges bytes content-length 607 expires Tue, 30 May 2023 10:05:19 GMT
GET H2	200	logo.png mexicosabea.com/.tmb/IsraeilPoste/app/files/files1/	5 KB 5 KB	127ms 126ms	Image image/png	67.227.237.216 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://mexicosabea.com/.tmb/IsraeilPoste/app/files/files1/logo.png Requested by Host: mexicosabea.com URL: https://mexicosabea.com/.tmb/IsraeilPoste/app/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 67.227.237.216 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS servidor3398.tl.controladordns.com Software Apache / Resource Hash `7cff082fe3676f7e02428c7d1b72b5daf671c05eb60e4e53ddd10267080111f0` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mexicosabea.com/.tmb/IsraeilPoste/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sun, 30 Apr 2023 10:05:19 GMT last-modified Sat, 29 Apr 2023 00:26:13 GMT server Apache content-type image/png cache-control max-age=2592000 accept-ranges bytes content-length 5437 expires Tue, 30 May 2023 10:05:19 GMT
GET H2	200	pc.png mexicosabea.com/.tmb/IsraeilPoste/app/files/files1/	74 KB 74 KB	238ms 237ms	Image image/png	67.227.237.216 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://mexicosabea.com/.tmb/IsraeilPoste/app/files/files1/pc.png Requested by Host: mexicosabea.com URL: https://mexicosabea.com/.tmb/IsraeilPoste/app/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 67.227.237.216 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS servidor3398.tl.controladordns.com Software Apache / Resource Hash `bef05b5087b95f81b1517c93eb7f47d1755d5d95adf41eff841cad5f8dd388ac` Request headers accept-language nl-NL,nl;q=0.9 Referer https://mexicosabea.com/.tmb/IsraeilPoste/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sun, 30 Apr 2023 10:05:19 GMT last-modified Sat, 29 Apr 2023 00:26:13 GMT server Apache content-type image/png cache-control max-age=2592000 accept-ranges bytes content-length 75537 expires Tue, 30 May 2023 10:05:19 GMT
GET H2	404	jq.js.%D8%AA%D9%86%D8%B2%D9%8A%D9%84 mexicosabea.com/.tmb/IsraeilPoste/app/files/files1/	0 0	1233ms 1232ms	Script text/html	67.227.237.216 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://mexicosabea.com/.tmb/IsraeilPoste/app/files/files1/jq.js.%D8%AA%D9%86%D8%B2%D9%8A%D9%84 Requested by Host: mexicosabea.com URL: https://mexicosabea.com/.tmb/IsraeilPoste/app/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 67.227.237.216 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS servidor3398.tl.controladordns.com Software Apache / Resource Hash Request headers accept-language nl-NL,nl;q=0.9 Referer https://mexicosabea.com/.tmb/IsraeilPoste/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sun, 30 Apr 2023 10:05:19 GMT content-encoding gzip server Apache vary Accept-Encoding,Cookie,User-Agent content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 content-length 1520 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	h.ttf mexicosabea.com/.tmb/IsraeilPoste/app/files/files1/	0 0	1141ms 1141ms	Font text/html	67.227.237.216 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://mexicosabea.com/.tmb/IsraeilPoste/app/files/files1/h.ttf Requested by Host: mexicosabea.com URL: https://mexicosabea.com/.tmb/IsraeilPoste/app/files/files1/app.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 67.227.237.216 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS servidor3398.tl.controladordns.com Software Apache / Resource Hash Request headers Referer https://mexicosabea.com/.tmb/IsraeilPoste/app/files/files1/app.css Origin https://mexicosabea.com accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sun, 30 Apr 2023 10:05:19 GMT content-encoding gzip server Apache vary Accept-Encoding,Cookie,User-Agent content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 content-length 1520 expires Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Israel Post (Transporation)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| cloneDetect

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			mexicosabea.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 905b88254612918ea386bcfb150f3e9b

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://mexicosabea.com/.tmb/IsraeilPoste/app/files/files1/jq.js.%D8%AA%D9%86%D8%B2%D9%8A%D9%84 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://mexicosabea.com/.tmb/IsraeilPoste/app/files/files1/h.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mexicosabea.com
www.vandansikbouw.nl
145.131.41.52
67.227.237.216
4cb179b69035457e9386419a8689b3f92212277390ae886e757e02296f826dbb
7cff082fe3676f7e02428c7d1b72b5daf671c05eb60e4e53ddd10267080111f0
bef05b5087b95f81b1517c93eb7f47d1755d5d95adf41eff841cad5f8dd388ac
f7b883aed7ce01a302659fe88f04ad2bef44651ac81e94154edd754f2a6619bc

mexicosabea.com Open in urlscan Pro 67.227.237.216 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

7 Requests

86 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

81 kBTransfer

83 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

mexicosabea.com Open in urlscan Pro
67.227.237.216 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

86 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

81 kB
Transfer

83 kB
Size

1
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!