expressl.ru
Open in
urlscan Pro
185.35.220.86
Malicious Activity!
Public Scan
Effective URL: http://expressl.ru/ap/top/Fedex/ela/track.php?ifd=16&pid=1855&eod=®id=521
Submission: On January 17 via manual from US
Summary
This is the only time expressl.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Fedex (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 30 | 185.35.220.86 185.35.220.86 | 62251 (DREAMLESS-AS) (DREAMLESS-AS) | |
29 | 1 |
ASN62251 (DREAMLESS-AS, RU)
PTR: sites-grp-07.tower.bz8.ru
expressl.ru |
Apex Domain Subdomains |
Transfer | |
---|---|---|
30 |
expressl.ru
1 redirects
expressl.ru |
235 B |
29 | 1 |
Domain | Requested by | |
---|---|---|
30 | expressl.ru |
1 redirects
expressl.ru
|
29 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://expressl.ru/ap/top/Fedex/ela/track.php?ifd=16&pid=1855&eod=®id=521
Frame ID: (221700F435A35385C0D3D244E0A2B8BC)
Requests: 29 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://expressl.ru/ap/top/Fedex/ela/index.php
HTTP 302
http://expressl.ru/ap/top/Fedex/ela/track.php?ifd=16&pid=1855&eod=®id=521 Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://expressl.ru/ap/top/Fedex/ela/index.php
HTTP 302
http://expressl.ru/ap/top/Fedex/ela/track.php?ifd=16&pid=1855&eod=®id=521 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
track.php
expressl.ru/ap/top/Fedex/ela/ Redirect Chain
|
15 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
global-wrapper-min.css
expressl.ru/ap/top/Fedex/ela/css/ |
47 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common-min.css
expressl.ru/ap/top/Fedex/ela/css/ |
43 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pack.min.css
expressl.ru/ap/top/Fedex/ela/css/ |
93 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
us.gif
expressl.ru/ap/top/Fedex/ela/images/ |
367 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-header-fedex.png
expressl.ru/ap/top/Fedex/ela/images/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.dateinput.js
expressl.ru/ap/top/Fedex/ela/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
imp.gif
expressl.ru/ap/top/Fedex/ela/images/ |
807 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
circle_gmail.png
expressl.ru/ap/top/Fedex/ela/images/ |
10 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
circle_outlook.png
expressl.ru/ap/top/Fedex/ela/images/ |
11 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
circle_aol.png
expressl.ru/ap/top/Fedex/ela/images/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
circle_yahoo.png
expressl.ru/ap/top/Fedex/ela/images/ |
10 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
private.png
expressl.ru/ap/top/Fedex/ela/images/ |
22 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
EN-EVERGREENQ30000-1-215x120.jpg
expressl.ru/ap/top/Fedex/ela/images/ |
129 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
EN-SWEEPSAPPTRACK0-1-215x240.jpg
expressl.ru/ap/top/Fedex/ela/images/ |
19 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
link-box-icon-mouse.png
expressl.ru/ap/top/Fedex/ela/images/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
link-box-icon-phone.png
expressl.ru/ap/top/Fedex/ela/images/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
link-box-icon-insight.png
expressl.ru/ap/top/Fedex/ela/images/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-footer-fedex.gif
expressl.ru/ap/top/Fedex/ela/images/ |
1 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.0.js
expressl.ru/ap/top/Fedex/ela/js/ |
276 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
expressl.ru/ap/top/Fedex/ela/js/ |
31 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
expressl.ru/ap/top/Fedex/ela/css/ |
106 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrapValidator.min.js
expressl.ru/ap/top/Fedex/ela/js/ |
108 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrapValidator.min.css
expressl.ru/ap/top/Fedex/ela/css/ |
694 B 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg-page.png
expressl.ru/ap/top/Fedex/ela/images/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
assets.png
expressl.ru/ap/top/Fedex/ela/images/ |
10 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-login-user.png
expressl.ru/ap/top/Fedex/ela/images/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg-link-box.gif
expressl.ru/ap/top/Fedex/ela/images/ |
1 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header3.jpg
expressl.ru/ap/top/Fedex/ela/images/ |
38 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Fedex (Transportation)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onafterprint object| onbeforeprint object| description number| size number| x function| $ function| jQuery object| jQuery111006979222053997045 function| checkSubmit1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
expressl.ru/ | Name: PHPSESSID Value: 2ckaks1525cfr49386srtggat7 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
expressl.ru
185.35.220.86
049be88fc8eaa5eb007a4d208c50ee85ddb198d15dfb53142d80384c4783a471
06c12f4472956e2fddda378c5b5142cd2ccd9daec1fabfc1fc4fdb0d8c370937
157300d48292262925a53fa80297a04790496f0845a2c3d9013e0cacbb75a0d3
1666c7926049f5bc1f7c6b802c40c84e9009a2a4cf0ce38fdc5adbee7c5ec9d9
1c192944e83b1e02fe33b614ba139866c0f81f6f37cfe00add496440b037dc3b
20cfc6434ff575d309c98bbba5e2324d100f26a7319785a8ce2e516fbccc6fe1
21ee5ee9de708bc0169bd7cf2db9c070453ceb79b951098def903b6fd51b108e
24cc29533598f962823c4229bc280487646a27a42a95257c31de1b9b18f3710f
2c87a1bd206f38a364e6f4c14262a822986c2e234d70c1d86ba4fd13ed147fb9
3db145d4c760f3ababc0e61758d24f3f8cf919ef4a2e9e8a5d7d4d511418f07a
5f4d55578baa7aa674be0b0885b3c80a0a94a5a054fb45260b980f13f8cbe4c8
62f02e8c21023cfb250f2f48517feddb4ad4ed600d7d1a5832d22eb17ca7fe1a
6b7e6174b7041ae1dacd3c2932f1dbe7f0fdb49873ab4c1abbf6cdb369a56291
70cdef171f89b141cb17ac8888b6af17a280af2b7946c6e53aa82c3edf57a8a9
8cb7bf02e37465ec779cc1e79918154843ae2e650faff1bac5b499944f0f808e
91a91d1113e40e8e0dcf53f21f924782004ca4a1f02af5f4c09771487fd8edd3
97bcda4992d990a7a5131f4d455aba38d858e29952b1769357cee26fbdee838f
9e129b6c45855ddf641e79cbda3c81c4e5fa38a4336f61d9408c2840f18e6c89
a1c113f0c6a175975bbc5a912b014ee3413d9dfa97832a05d9f5ccf08401829e
b6972e9f856adceb0a860962d08206af5e20baa24f4eb87c410e86028a82b472
b92f4eb6e7e071a728ae3fb103c1dfe56c0b0f1423171c94afd1709ea466fdab
c1d5fa0332c494d811abc0210988db72281218e8a205184311c5533478637451
ce0343e1d6f489768eeefe022c12181c6a0822e756239851310acf076d23d10c
d73fadeeedf1412a5ac5991918217b2b877d64d9f588dc4cb50a4a3e27e7a551
d9cea192ed9f9098a8b144a6a45211d40e3eb414df74da12bf310985a6190da4
e3d90feba4482761a8af1d7ca9d95d3b036f92c87816a777bf8c1b43cdd010d6
f61df0c11da281faacc5c4772b898cb72ec3a13e0081cad415a668afb8541613
fd66b6f5426c4b110c6393d63d62890089ca3a171f9bd190af1fd9f40bc6411c