lauraalfaro.com
Open in
urlscan Pro
108.179.194.48
Malicious Activity!
Public Scan
Effective URL: https://lauraalfaro.com/.well-known/29194773/login.php
Submission: On November 28 via manual from ES — Scanned from ES
Summary
TLS certificate: Issued by R3 on September 30th 2022. Valid for: 3 months.
This is the only time lauraalfaro.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3030::ac43:95ef | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 108.179.194.48 108.179.194.48 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
3 | 2600:9000:211... 2600:9000:211e:1c00:15:285b:5440:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2606:4700:e2:... 2606:4700:e2::ac40:850f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:800::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:813::2003 | 15169 (GOOGLE) (GOOGLE) | |
12 | 5 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 108-179-194-48.unifiedlayer.com
lauraalfaro.com |
ASN16509 (AMAZON-02, US)
assets.pay2.secured-by-ingenico.com |
ASN15169 (GOOGLE, US)
translate.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
lauraalfaro.com
lauraalfaro.com |
109 KB |
3 |
secured-by-ingenico.com
assets.pay2.secured-by-ingenico.com — Cisco Umbrella Rank: 484158 |
33 KB |
2 |
gstatic.com
www.gstatic.com |
3 KB |
2 |
fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1277 |
84 KB |
1 |
googleapis.com
translate.googleapis.com — Cisco Umbrella Rank: 1268 |
4 KB |
1 |
ulvis.net
1 redirects
ulvis.net — Cisco Umbrella Rank: 713288 |
615 B |
12 | 6 |
Domain | Requested by | |
---|---|---|
4 | lauraalfaro.com |
lauraalfaro.com
|
3 | assets.pay2.secured-by-ingenico.com |
lauraalfaro.com
assets.pay2.secured-by-ingenico.com |
2 | www.gstatic.com |
lauraalfaro.com
translate.googleapis.com |
2 | use.fontawesome.com |
lauraalfaro.com
use.fontawesome.com |
1 | translate.googleapis.com |
lauraalfaro.com
|
1 | ulvis.net | 1 redirects |
12 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.dhl.ch |
payment.pay2.secured-by-ingenico.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.marte.mx R3 |
2022-09-30 - 2022-12-29 |
3 months | crt.sh |
assets.secured-by-ingenico.com Amazon |
2022-09-18 - 2023-10-16 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-06 - 2023-06-05 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://lauraalfaro.com/.well-known/29194773/login.php
Frame ID: CA2F1C1C9D141F73E086C65970A0F0FF
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
MasterCard - Información adicionalPage URL History Show full URLs
-
https://ulvis.net/2SKx
HTTP 301
https://lauraalfaro.com/.well-known/29194773/login.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Página principal
Search URL Search Domain Scan URL
Title: Términos de Uso
Search URL Search Domain Scan URL
Title: Política de privacidad
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ulvis.net/2SKx
HTTP 301
https://lauraalfaro.com/.well-known/29194773/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.php
lauraalfaro.com/.well-known/29194773/ Redirect Chain
|
46 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ruxitagentjs_ICA2SVfqrux_10219210719121502.js.download
lauraalfaro.com/.well-known/29194773/files/ |
206 KB 96 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
html-header.css
assets.pay2.secured-by-ingenico.com/templates/generic/responsive/wro/ |
91 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
use.fontawesome.com/releases/v5.5.0/css/ |
50 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translateelement.css
translate.googleapis.com/translate_static/css/ |
18 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translate_24dp.png
www.gstatic.com/images/branding/product/1x/ |
846 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DHL_rgb_300x66.png
assets.pay2.secured-by-ingenico.com/assets/6742/1e0d56b535f2690df49197fbde5a60b5d3c7c4e0/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.woff
assets.pay2.secured-by-ingenico.com/templates/generic/responsive/global/fonts/icons/ |
9 KB 9 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translate_24dp.png
www.gstatic.com/images/branding/product/2x/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
use.fontawesome.com/releases/v5.5.0/webfonts/ |
72 KB 73 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
rb_b296011e-7abb-4056-b0aa-84f4b18e2840
lauraalfaro.com/ |
226 B 302 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
rb_b296011e-7abb-4056-b0aa-84f4b18e2840
lauraalfaro.com/ |
226 B 276 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| dT_ object| dtrum8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ulvis.net/ | Name: PHPSESSID Value: ucvd1gpm44c1t2u4apdalrdgh7 |
|
lauraalfaro.com/ | Name: PHPSESSID Value: f7adb79dbb53235ca537a9eb679f93a1 |
|
.lauraalfaro.com/ | Name: dtCookie Value: v_4_srv_-2D71_sn_4KQQB6MD1U7A022TKTSMS7HQCVFCRKK5 |
|
.lauraalfaro.com/ | Name: rxVisitor Value: 1669627595665AODACI4MJHABCALHRVK0TQU530PTPHCP |
|
.lauraalfaro.com/ | Name: dtSa Value: - |
|
.lauraalfaro.com/ | Name: dtLatC Value: 1444 |
|
.lauraalfaro.com/ | Name: rxvt Value: 1669629395923|1669627595670 |
|
.lauraalfaro.com/ | Name: dtPC Value: -71$427595650_419h-vFJQAEHAKWHEVUPDRKMEFDUGLTKCAFRPN-0e1 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.pay2.secured-by-ingenico.com
lauraalfaro.com
translate.googleapis.com
ulvis.net
use.fontawesome.com
www.gstatic.com
108.179.194.48
2600:9000:211e:1c00:15:285b:5440:93a1
2606:4700:3030::ac43:95ef
2606:4700:e2::ac40:850f
2a00:1450:4001:800::200a
2a00:1450:4001:813::2003
3762059e0b188a72b2873a5758701799ab8000390207406500ae68ca25b2e2ff
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
4e1ee10a401c38e620a515a306d9ee7279e0b65ac2cd21e428bc1cb0cd1fa29e
5a861509b658aa24fc3aed2867ac3c061e7d818d90b9990959afc6d1b5d4ff99
7798165ee5a3c6809310d8261dcbe7c8d0c12d795b7b09a71af3eb86ec8f33f2
80a265bed528211aa708dcd58f7a95db36eeb7f873c6fe4ddab0b3a1dc0973a4
822fa933a4d3cac163035454dd92c0244ded67d56137b9d6c06442d1bd0bdd9b
97fbe33023fe314b0f76128757e5cb818dee430cd0985e4c418b6bb4b93df78b
9e4cac65c7a5ee0bd0743afefcabdd3e73854e1284ac9ac433813d6231f550f2
a5ad686ccdf520a713d4109d7ba1bca4ad0649a0dbfd5de1bc91637251a077ee
d39ee51a9c2d61184a78111c731cce4b32488c99bcc9b1f8c236705d06145166