www.mongolia-gold.com
Open in
urlscan Pro
218.100.84.12
Malicious Activity!
Public Scan
Effective URL: http://www.mongolia-gold.com/carried/fresh2/dhl/js6/main.jsp/968815fbf4f/?94a08da1fecbb6e8b46990538c7b50b2=c4ca4238a0b923820d...
Submission: On October 22 via automatic, source phishtank
Summary
This is the only time www.mongolia-gold.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 10 | 218.100.84.12 218.100.84.12 | 56301 (MN-NDC-MN...) (MN-NDC-MN National Data Center building) | |
1 | 2.16.186.113 2.16.186.113 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
10 | 2 |
ASN56301 (MN-NDC-MN National Data Center building, MN)
PTR: cp.datacenter.mn
www.mongolia-gold.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-113.deploy.static.akamaitechnologies.com
www.dhl.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
mongolia-gold.com
1 redirects
www.mongolia-gold.com |
556 KB |
1 |
dhl.com
www.dhl.com |
2 MB |
10 | 2 |
Domain | Requested by | |
---|---|---|
10 | www.mongolia-gold.com |
1 redirects
www.mongolia-gold.com
|
1 | www.dhl.com |
www.mongolia-gold.com
|
10 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://www.mongolia-gold.com/carried/fresh2/dhl/js6/main.jsp/968815fbf4f/?94a08da1fecbb6e8b46990538c7b50b2=c4ca4238a0b923820dcc509a6f75849b&0e6ce45a0058b646e949e96fe6703cd4=fb66c97ef4941b90a6fcb709805dbb6c&id=1&email=info@lescousins.fr
Frame ID: D03C4FD1B55AFE0924A2C1ED7452F28F
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://www.mongolia-gold.com/carried/fresh2/dhl/js6/main.jsp/968815fbf4f?94a08da1fecbb6e8b46990538c7b50b2...
HTTP 301
http://www.mongolia-gold.com/carried/fresh2/dhl/js6/main.jsp/968815fbf4f/?94a08da1fecbb6e8b46990538c7b50b... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- env /^Modernizr$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.mongolia-gold.com/carried/fresh2/dhl/js6/main.jsp/968815fbf4f?94a08da1fecbb6e8b46990538c7b50b2=c4ca4238a0b923820dcc509a6f75849b&0e6ce45a0058b646e949e96fe6703cd4=fb66c97ef4941b90a6fcb709805dbb6c&id=1&email=info@lescousins.fr
HTTP 301
http://www.mongolia-gold.com/carried/fresh2/dhl/js6/main.jsp/968815fbf4f/?94a08da1fecbb6e8b46990538c7b50b2=c4ca4238a0b923820dcc509a6f75849b&0e6ce45a0058b646e949e96fe6703cd4=fb66c97ef4941b90a6fcb709805dbb6c&id=1&email=info@lescousins.fr Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.mongolia-gold.com/carried/fresh2/dhl/js6/main.jsp/968815fbf4f/ Redirect Chain
|
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uikit.almost-flat.min.css
www.mongolia-gold.com/carried/fresh2/dhl/js6/main.jsp/968815fbf4f/ |
96 KB 97 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uikit.almost-flat.min(1).css
www.mongolia-gold.com/carried/fresh2/dhl/js6/main.jsp/968815fbf4f/ |
96 KB 96 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_page.min.css
www.mongolia-gold.com/carried/fresh2/dhl/js6/main.jsp/968815fbf4f/ |
76 KB 76 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header.png
www.mongolia-gold.com/carried/fresh2/dhl/js6/main.jsp/968815fbf4f/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.min.js
www.mongolia-gold.com/carried/fresh2/dhl/js6/main.jsp/968815fbf4f/ |
255 KB 255 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
altair_admin_common.min.js
www.mongolia-gold.com/carried/fresh2/dhl/js6/main.jsp/968815fbf4f/ |
23 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_page.min.js
www.mongolia-gold.com/carried/fresh2/dhl/js6/main.jsp/968815fbf4f/ |
845 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Shanghai2014%20cropped.jpg
www.dhl.com/content/dam/DHL_Logistics/Global%20Forwarding/Small%20teasers_70x50/ |
2 MB 2 MB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FrutigerLTStd-Roman.otf
www.mongolia-gold.com/carried/fresh2/dhl/js6/main.jsp/968815fbf4f/Public/Font/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)59 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| Prism function| $ function| jQuery object| html5 object| Modernizr function| FastClick function| Waypoint string| _determinate string| _indeterminate string| _update string| _type string| _click string| _touch string| _add string| _remove string| _callback string| _label string| _cursor boolean| _mobile function| Sifter object| MicroPlugin function| Selectize function| Switchery function| autosize function| isHighDensity function| scrollbarWidth function| randID_generator function| hex2rgba function| lsTest object| $body object| $document object| $window object| $page_content object| $page_content_inner object| $sidebar_main object| $sidebar_main_toggle object| $sidebar_secondary object| $sidebar_secondary_toggle object| $topBar object| $header_main number| header__main_height object| easing_swiftOut object| altair_page_onload object| altair_page_content object| altair_forms object| altair_main_sidebar object| altair_secondary_sidebar object| altair_top_bar object| altair_main_header object| altair_md object| altair_helpers object| altair_uikit object| $login_card object| $login_form object| $login_help object| $login_password_reset object| altair_login_page object| $hierarchical_show object| $hierarchical_slide0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.dhl.com
www.mongolia-gold.com
2.16.186.113
218.100.84.12
1f72d90f225f76501cd690461e423e43f2a4194075b05af560ef37e1149b0db8
38c302781ad3d1f38fd37eda2b962e528f93cc900a308ed07fba22c767195d87
51ae5058fdf862ebd91e00531af5d6899f717bd3300f9d896c8c84ad79e4f835
523eb9b6af99c2488af8dcd1a5cd648902c24b4981195b0d0b9f3cdaa2fd3b7f
53e74c5207780c1e196c4de36ce78cad45ba0d08aac5ae5a69017f7f1096ccc2
558619a267691a460b410d2f703296b87a44e2fe994b3483740c6e74c8ee8d1b
7762d62c1a1249afd247f0641c3eabd23590ba8112dc5f1a80e69b04a0497ccc
9410e1ac961fa425f1b58feb59b968d1a0268d286a44c7e8559e313febd07a71
e54a4fe06a271df7b4d5ab9b82c06e1cb6f9c56d490aa0e97bac29b26280a954