0/100

critical Risk

wearlamanso.shop

https://wearlamanso.shop/account

62.233.61.14 · Beijing Ruihao Kai Yuan Technology Co

Location

Georgia

Domain Age

—

HTTP

200 · 20.8s

SSL

Valid· E7, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Sign in"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

La Manso – Shop (wearlamanso.shop)

Vendors

2/2

Status

completed

✓ spamhaus✓ google

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Wearlamanso.shop

Credential Phishing

E-Commerce · 6/3/2026

Summary

The page at wearlamanso.shop/account presents a sign-in UI with a password field and login form, hosted on a domain not obviously associated with the La Manso brand seen in the screenshot. The HTML title is Sign in and the page contains a login form and password field, with a suspicious analytics POST endpoint. Visual branding in the screenshot shows an impersonated look-alike layout that mimics a legitimate store, but the domain is not the official La Manso domain, indicating impersonation/phishing risk. The combination of a first-party login surface on a potentially rogue domain and an analytics POST endpoint suggests credential collection rather than a legitimate first-party page.

Evidence Summary

▸Observed 2 capture stage(s); canonical stage is settled_render.

▸Canonical stage contains password collection UI.

▸POST targets observed during capture: https://wearlamanso.shop/api/analytics/track.

▸Distinctive asset clues: webpack-36120d72acc59b23.js, 6874-98a7f8268e192452.js, css2, 6b089ce49ecdd255.css, Risorsa-1_2x_eaf3f4e6-c652-4cf5-957e-22902ee42e10_1200x1200.png.

Capture

Stages: 2

Canonical: Settled Render

Changed: No

Credential Signals

Forms: 2

Password fields: 1

Late-stage login UI: No

Resource Signals

Resources: 64

Hosts: 3

Domains: 3

Suspicious Endpoints

hxxps://wearlamanso[.]shop/api/analytics/track

hxxps://wearlamanso[.]shop/account

Attack Techniques (4)

Impersonation of a legitimate brand UI on a domain not owned by the brandCredential collection form surfaced in HTML with password fieldOutbound POST to analytics tracking endpoint likely used to exfiltrate dataSPA-like asset loading with multiple external script chunks to render dynamic UI

Indicators of Compromise (6)

▸Domain: wearlamanso.shop (not the official La Manso domain)

▸Page title: Sign in; visible login form and password field

▸Branding in HTML title/meta tags references La Manso, but domain branding mismatches

▸POST request to https://wearlamanso.shop/api/analytics/track indicating data submission

▸External script bundles and assets loaded from the same domain (no clear official brand-hosted assets)

▸SSL valid via Let's Encrypt with a 2026 certificate window; domain appears newly registered (WHOIS not retrievable)

Risk AssessmentUsed in abuse reports

The page presents a credential collection surface on a domain not clearly affiliated with the La Manso brand, accompanied by a visible login form and password field. The presence of a POST endpoint to analytics/track immediately after user interaction raises concern for data exfiltration. Visual impersonation is evident in the screenshot, which shows La Manso branding but on a suspicious domain; combined with the presence of multiple external JS assets and a new SSL cert, this strongly suggests phishing behavior aimed at harvesting user credentials rather than legitimate first-party content. Recommend monitoring and containment actions until brand-domain affiliation can be confirmed.

Recommended Action

Block URL

Cross-Reference8

URL Intelligence