itro.cl
Open in
urlscan Pro
54.39.37.193
Malicious Activity!
Public Scan
Submitted URL: https://itro.cl/jst/DHL2020
Effective URL: https://itro.cl/jst/DHL2020/ae11381b236e80a4eec61c6ef27b5958/single.php?https://dhl-express/easy-to-use/tracking...
Submission: On February 11 via automatic, source openphish
Effective URL: https://itro.cl/jst/DHL2020/ae11381b236e80a4eec61c6ef27b5958/single.php?https://dhl-express/easy-to-use/tracking...
Submission: On February 11 via automatic, source openphish
Summary
This website contacted 3 IPs
in 2 countries
across 2 domains to perform 24 HTTP transactions.
The main IP is 54.39.37.193, located in
Montreal, Canada and
belongs to OVH, FR.
The main domain is itro.cl.
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 10th 2019. Valid for: 3 months.
This is the only time itro.cl was scanned on urlscan.io!
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 10th 2019. Valid for: 3 months.
This is the only time itro.cl was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 3 20 | 54.39.37.193 54.39.37.193 | 16276 (OVH) (OVH) | |
| 1 | 23.38.55.33 23.38.55.33 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 24 | 3 |
1
23.38.55.33
(Netherlands)
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-38-55-33.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-38-55-33.deploy.static.akamaitechnologies.com
| download-tls-cdn.edge-cdn.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 20 |
itro.cl
3 redirects
itro.cl |
201 KB |
| 1 |
edge-cdn.net
download-tls-cdn.edge-cdn.net Failed |
|
| 24 | 2 |
| Domain | Requested by | |
|---|---|---|
| 20 | itro.cl |
3 redirects
itro.cl
|
| 1 | download-tls-cdn.edge-cdn.net |
itro.cl
|
| 24 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| itro.cl cPanel, Inc. Certification Authority |
2019-12-10 - 2020-03-09 |
3 months | crt.sh |
| *.edge-cdn.net GeoTrust RSA CA 2018 |
2019-02-26 - 2020-05-27 |
a year | crt.sh |
This page contains 8 frames:
Primary Page:
https://itro.cl/jst/DHL2020/ae11381b236e80a4eec61c6ef27b5958/single.php?https://dhl-express/easy-to-use/tracking_and_documents/index.html?mailclient=%2Fmail&service=mail&flowName=GlifWebSignIn&flowEntry=AddSession
Frame ID: 0462B9FCEED4A176BBE0177D4FD90F87
Requests: 17 HTTP requests in this frame
Frame:
https://download-tls-cdn.edge-cdn.net/videodb/7665/videodb_7665_71743_7019632_16x9_mq.mp4
Frame ID: 0987928CFF41A87E1345C087C21BFBFD
Requests: 1 HTTP requests in this frame
Frame:
https://download-tls-cdn.edge-cdn.net/videodb/7665/videodb_7665_71743_7019632_16x9_mq.mp4
Frame ID: 4C41B7739523FBF99B071D2026A44C0E
Requests: 1 HTTP requests in this frame
Frame:
https://download-tls-cdn.edge-cdn.net/videodb/7665/videodb_7665_71743_7019632_16x9_mq.mp4
Frame ID: 9BF16559341A630E27A501A9068F09D4
Requests: 1 HTTP requests in this frame
Frame:
https://download-tls-cdn.edge-cdn.net/videodb/7665/videodb_7665_71743_7019632_16x9_mq.mp4
Frame ID: 172847ECA43BA25A38A53BFC880F925A
Requests: 1 HTTP requests in this frame
Frame:
https://download-tls-cdn.edge-cdn.net/videodb/7665/videodb_7665_71743_7019632_16x9_mq.mp4
Frame ID: 81A8D3EC4EC0C1B78236BFC9B0821D68
Requests: 1 HTTP requests in this frame
Frame:
https://download-tls-cdn.edge-cdn.net/videodb/7665/videodb_7665_71743_7019632_16x9_mq.mp4
Frame ID: A512E921DEA66D01B17000C1938C8517
Requests: 1 HTTP requests in this frame
Frame:
https://download-tls-cdn.edge-cdn.net/videodb/7665/videodb_7665_71743_7019632_16x9_mq.mp4
Frame ID: 36825F8ADD297320F01EB0BAABCFEADB
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://itro.cl/jst/DHL2020
HTTP 301
https://itro.cl/jst/DHL2020/ HTTP 302
https://itro.cl/jst/DHL2020/ae11381b236e80a4eec61c6ef27b5958 HTTP 301
https://itro.cl/jst/DHL2020/ae11381b236e80a4eec61c6ef27b5958/ Page URL
- https://itro.cl/jst/DHL2020/ae11381b236e80a4eec61c6ef27b5958/single.php?https://dhl-express/... Page URL
Detected technologies
Nginx
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://itro.cl/jst/DHL2020
HTTP 301
https://itro.cl/jst/DHL2020/ HTTP 302
https://itro.cl/jst/DHL2020/ae11381b236e80a4eec61c6ef27b5958 HTTP 301
https://itro.cl/jst/DHL2020/ae11381b236e80a4eec61c6ef27b5958/ Page URL
- https://itro.cl/jst/DHL2020/ae11381b236e80a4eec61c6ef27b5958/single.php?https://dhl-express/easy-to-use/tracking_and_documents/index.html?mailclient=%2Fmail&service=mail&flowName=GlifWebSignIn&flowEntry=AddSession Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://itro.cl/jst/DHL2020 HTTP 301
- https://itro.cl/jst/DHL2020/ HTTP 302
- https://itro.cl/jst/DHL2020/ae11381b236e80a4eec61c6ef27b5958 HTTP 301
- https://itro.cl/jst/DHL2020/ae11381b236e80a4eec61c6ef27b5958/
24 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
/
itro.cl/jst/DHL2020/ae11381b236e80a4eec61c6ef27b5958/ Redirect Chain
|
213 B 433 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
single.php
itro.cl/jst/DHL2020/ae11381b236e80a4eec61c6ef27b5958/ |
15 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
layout.css
itro.cl/jst/DHL2020/two/ |
1 KB 711 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.css
itro.cl/jst/DHL2020/two/ |
119 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dhl_logo_transparent.png
itro.cl/jst/DHL2020/two/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
form_help.png
itro.cl/jst/DHL2020/two/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mydhl_benefit_1.png
itro.cl/jst/DHL2020/two/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mydhl_benefit_2.png
itro.cl/jst/DHL2020/two/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mydhl_benefit_3.png
itro.cl/jst/DHL2020/two/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mydhl_benefit_4.png
itro.cl/jst/DHL2020/two/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mydhl_benefit_5.png
itro.cl/jst/DHL2020/two/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DHL_footer_logo.png
itro.cl/jst/DHL2020/two/ |
724 B 952 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
videodb_7665_71743_7019632_16x9_mq.mp4
download-tls-cdn.edge-cdn.net/videodb/7665/ Frame 0987 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
videodb_7665_71743_7019632_16x9_mq.mp4
download-tls-cdn.edge-cdn.net/videodb/7665/ Frame 4C41 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
videodb_7665_71743_7019632_16x9_mq.mp4
download-tls-cdn.edge-cdn.net/videodb/7665/ Frame 9BF1 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
videodb_7665_71743_7019632_16x9_mq.mp4
download-tls-cdn.edge-cdn.net/videodb/7665/ Frame 1728 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
videodb_7665_71743_7019632_16x9_mq.mp4
download-tls-cdn.edge-cdn.net/videodb/7665/ Frame 81A8 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
videodb_7665_71743_7019632_16x9_mq.mp4
download-tls-cdn.edge-cdn.net/videodb/7665/ Frame A512 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
videodb_7665_71743_7019632_16x9_mq.mp4
download-tls-cdn.edge-cdn.net/videodb/7665/ Frame 3682 |
0 0 |
Document
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mydhl_image_western-cultural.jpg
itro.cl/jst/DHL2020/two/ |
134 KB 134 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bg-header.png
itro.cl/jst/DHL2020/two/ |
988 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
shadow_navigation_main_bottom.png
itro.cl/jst/DHL2020/two/ |
456 B 684 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
icon-arrow-close.png
itro.cl/jst/DHL2020/two/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
servicelink_separator.gif
itro.cl/jst/DHL2020/two/ |
44 B 271 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- download-tls-cdn.edge-cdn.net
- URL
- https://download-tls-cdn.edge-cdn.net/videodb/7665/videodb_7665_71743_7019632_16x9_mq.mp4
- Domain
- download-tls-cdn.edge-cdn.net
- URL
- https://download-tls-cdn.edge-cdn.net/videodb/7665/videodb_7665_71743_7019632_16x9_mq.mp4
- Domain
- download-tls-cdn.edge-cdn.net
- URL
- https://download-tls-cdn.edge-cdn.net/videodb/7665/videodb_7665_71743_7019632_16x9_mq.mp4
- Domain
- download-tls-cdn.edge-cdn.net
- URL
- https://download-tls-cdn.edge-cdn.net/videodb/7665/videodb_7665_71743_7019632_16x9_mq.mp4
- Domain
- download-tls-cdn.edge-cdn.net
- URL
- https://download-tls-cdn.edge-cdn.net/videodb/7665/videodb_7665_71743_7019632_16x9_mq.mp4
- Domain
- download-tls-cdn.edge-cdn.net
- URL
- https://download-tls-cdn.edge-cdn.net/videodb/7665/videodb_7665_71743_7019632_16x9_mq.mp4
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| checkFilled1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| itro.cl/ | Name: PHPSESSID Value: 29548047cd94f642e23a916350294308 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
download-tls-cdn.edge-cdn.net
itro.cl
download-tls-cdn.edge-cdn.net
23.38.55.33
54.39.37.193
08293161566ce1858ae28c78e4147f7aa29010c9ab92802c778621034ed15352
2a04d4077d71364d359cb531b40b305606e9458f37e46de5f9b46881b781f1f2
35b8eca53271516f3d66a3dd8f89e1366edb87adad26015424148de71dfcce46
38c387b0151772ae21faabbfed1281b46163aa484168d870440f82b64e736063
3dbafdfa54ef76441f3f5e406264767885421889ccab69744e3f7d4226aebe9e
4dd1fc7e3c0181b5a71b736c8b3400cca5092aca04fe79e6e61f34eb3d7f9cd0
5e7aa8776b6c81a885293c89911c50dfdc7967458e4734a6d322134dd8dc80ed
6b183a115aa27f57c515661c33997b1c96999981ac7e0534e4a46f1c19377c49
73d0a320b24bf8d072eaf30904a5b2ccf96579329e30723296d4a80a167a555d
77511e8beca58bc2e49bee41d5ad842b9da8c16370a36a15c2fe253b1fa79530
9f6e2d3a6f15517380d4582c8770aee1ca0d29e53d5966aa6982c9f46a8c9efe
aebcccf4e1b7b1f7e88b7703ba1427e8a1ccb63b8e43532d8839ab7a66e4ebe6
af7f14e6c8e65f74dac6afda27be4ce7512db2a778ec42c36f55a1ed363fc7d8
b3b3f72fefa8480eef99644b25181c2b18a91464466f24557ed598af68fee7dc
baffd233b0f77bcc50519a65a1e06f71ce63a8f4109581939029021878b56f59
cba36ffea0e05b51840b73b915ec8bdc13f68e7f8ca88565fabca1baaf75a00c
d233657e86bcdc818edebfd01971431ddf84a891c25d936bb65a2cee694d3c9f