www.fami-ec.org
Open in
urlscan Pro
144.217.233.249
Malicious Activity!
Public Scan
Effective URL: https://www.fami-ec.org/wp-content/plugins/Wordpress/SF-Express/dhu27dpg5c0uhj8xtl94hl1j.php?KAJJCb1618291009bbac5964a99...
Submission: On April 13 via manual from JP
Summary
TLS certificate: Issued by R3 on February 3rd 2021. Valid for: 3 months.
This is the only time www.fami-ec.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: SF Express (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 4 | 144.217.233.249 144.217.233.249 | 16276 (OVH) (OVH) | |
3 10 | 203.205.224.59 203.205.224.59 | 132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building) | |
1 | 123.56.12.94 123.56.12.94 | 37963 (CNNIC-ALI...) (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.) | |
1 | 61.164.118.149 61.164.118.149 | 134771 (CHINATELE...) (CHINATELECOM-ZHEJIANG-WENZHOU-IDC WENZHOU) | |
12 | 4 |
ASN16276 (OVH, FR)
PTR: ip249.ip-144-217-233.net
www.fami-ec.org |
ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
www.sf-express.com |
ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN)
webcert.cnmstl.net |
ASN134771 (CHINATELECOM-ZHEJIANG-WENZHOU-IDC WENZHOU, ZHEJIANG Province, P.R.China., CN)
szcert.ebs.org.cn |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
sf-express.com
3 redirects
www.sf-express.com |
31 KB |
4 |
fami-ec.org
1 redirects
www.fami-ec.org |
84 KB |
1 |
ebs.org.cn
szcert.ebs.org.cn |
10 KB |
1 |
cnmstl.net
webcert.cnmstl.net |
3 KB |
12 | 4 |
Domain | Requested by | |
---|---|---|
10 | www.sf-express.com |
3 redirects
www.fami-ec.org
|
4 | www.fami-ec.org |
1 redirects
www.fami-ec.org
|
1 | szcert.ebs.org.cn |
www.fami-ec.org
|
1 | webcert.cnmstl.net |
www.fami-ec.org
|
12 | 4 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
fami-ec.org R3 |
2021-02-03 - 2021-05-04 |
3 months | crt.sh |
*.sf-express.com DigiCert CN RSA CA G1 |
2020-02-27 - 2022-04-02 |
2 years | crt.sh |
webcert.cnmstl.net Secure Site Extended Validation CA G2 |
2020-10-13 - 2021-10-21 |
a year | crt.sh |
*.ebs.org.cn GeoTrust RSA CA 2018 |
2020-08-19 - 2021-08-24 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.fami-ec.org/wp-content/plugins/Wordpress/SF-Express/dhu27dpg5c0uhj8xtl94hl1j.php?KAJJCb1618291009bbac5964a994fbd6d9498b4d8d188fcabbac5964a994fbd6d9498b4d8d188fcabbac5964a994fbd6d9498b4d8d188fcabbac5964a994fbd6d9498b4d8d188fcabbac5964a994fbd6d9498b4d8d188fca&login=
Frame ID: A4E1BD62765CE4CC8710FAD3AB05F21C
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://www.fami-ec.org/wp-content/plugins/Wordpress/SF-Express/index.php
HTTP 302
https://www.fami-ec.org/wp-content/plugins/Wordpress/SF-Express/dhu27dpg5c0uhj8xtl94hl1j.php?KAJJCb1... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
59 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: 金融
Search URL Search Domain Scan URL
Title: 成功案例
Search URL Search Domain Scan URL
Title: 关于我们
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: 快递服务
Search URL Search Domain Scan URL
Title: 冷运服务
Search URL Search Domain Scan URL
Title: 仓储服务
Search URL Search Domain Scan URL
Title: 财富管理
Search URL Search Domain Scan URL
Title: 顺丰优选网上商城
Search URL Search Domain Scan URL
Title: 顺丰优选门店
Search URL Search Domain Scan URL
Title: 3C电子行业
Search URL Search Domain Scan URL
Title: 医疗行业
Search URL Search Domain Scan URL
Title: 生鲜行业
Search URL Search Domain Scan URL
Title: 快消行业
Search URL Search Domain Scan URL
Title: 我要寄件
Search URL Search Domain Scan URL
Title: 运单追踪
Search URL Search Domain Scan URL
Title: 运费时效查询
Search URL Search Domain Scan URL
Title: 收寄范围查询
Search URL Search Domain Scan URL
Title: 服务网点查询
Search URL Search Domain Scan URL
Title: 收寄标准查询
Search URL Search Domain Scan URL
Title: 更多内容查询
Search URL Search Domain Scan URL
Title: 公司治理
Search URL Search Domain Scan URL
Title: 公司公告
Search URL Search Domain Scan URL
Title: 定期报告
Search URL Search Domain Scan URL
Title: 投资者联络
Search URL Search Domain Scan URL
Title: 投资者关系日历
Search URL Search Domain Scan URL
Title: 关于顺丰
Search URL Search Domain Scan URL
Title: 新闻资讯
Search URL Search Domain Scan URL
Title: 服务公告
Search URL Search Domain Scan URL
Title: 促销活动
Search URL Search Domain Scan URL
Title: 会员权益
Search URL Search Domain Scan URL
Title: 人才招聘
Search URL Search Domain Scan URL
Title: 集团采购
Search URL Search Domain Scan URL
Title: 客户服务热线
Search URL Search Domain Scan URL
Title: 合作咨询
Search URL Search Domain Scan URL
Title: 在线客服
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: 使用条款
Search URL Search Domain Scan URL
Title: 服务网络
Search URL Search Domain Scan URL
Title: 丰桥平台
Search URL Search Domain Scan URL
Title: 隐私政策
Search URL Search Domain Scan URL
Title: 粤 ICP 备08034243号
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: 粤公网安备 44030502003091号
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.fami-ec.org/wp-content/plugins/Wordpress/SF-Express/index.php
HTTP 302
https://www.fami-ec.org/wp-content/plugins/Wordpress/SF-Express/dhu27dpg5c0uhj8xtl94hl1j.php?KAJJCb1618291009bbac5964a994fbd6d9498b4d8d188fcabbac5964a994fbd6d9498b4d8d188fcabbac5964a994fbd6d9498b4d8d188fcabbac5964a994fbd6d9498b4d8d188fcabbac5964a994fbd6d9498b4d8d188fca&login= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://www.sf-express.com/cn/sc/dynamic_function/images/index/header-phoneicon.png HTTP 302
- https://www.sf-express.com/cn/sc/404.html
- https://www.sf-express.com/cn/sc/dynamic_function/images/index/label-top-r-btn.png HTTP 302
- https://www.sf-express.com/cn/sc/404.html
- https://www.sf-express.com/cn/sc/dynamic_function/images/index/bottom-nav-cn.png HTTP 302
- https://www.sf-express.com/cn/sc/404.html
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
dhu27dpg5c0uhj8xtl94hl1j.php
www.fami-ec.org/wp-content/plugins/Wordpress/SF-Express/ Redirect Chain
|
46 KB 46 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sf.png
www.sf-express.com/resource/images/index/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
404.html
www.sf-express.com/cn/sc/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Purchase.jpg
www.fami-ec.org/wp-content/plugins/Wordpress/SF-Express/ |
23 KB 23 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mails.jpg
www.fami-ec.org/wp-content/plugins/Wordpress/SF-Express/ |
14 KB 14 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
404.html
www.sf-express.com/cn/sc/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
404.html
www.sf-express.com/cn/sc/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
officialbrand_small_h_img.jpg
webcert.cnmstl.net/images/cert/code/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
security_site_1.png
www.sf-express.com/.gallery/other/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
security_site_2.png
www.sf-express.com/.gallery/other/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govIcon.gif
szcert.ebs.org.cn/Images/ |
9 KB 10 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
security_site_3.png
www.sf-express.com/.gallery/other/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: SF Express (Transportation)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
szcert.ebs.org.cn
webcert.cnmstl.net
www.fami-ec.org
www.sf-express.com
123.56.12.94
144.217.233.249
203.205.224.59
61.164.118.149
006ac205426fd7b3e79f3d6d414889d52f87daa2731a8264469984850714c18d
06be51fddc5e86441c74aef5ccd738c9d0330d3699faa754ff14e07e4d3d0b52
46af868b7370946ca13bacc5797d3c868f8b2adaefca7268f9f6f0dfa0106c18
6879f6200421154baabd4682320d1a1ff600830520ff73697f61c1c8759a6a3f
75fab0d1416ba599a70fae571a4dd33f2f81b99fc84269c99b8710049ffe6caf
8a73edb31547956a8ef9b87d84795705f1efb0f65531c3b3a58d83fbcb6d93c9
a20583c81805fe64f7fa210851ce29754af9d25fd6aa5a3225a9557529602513
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d86347c9459b64d099ec73435f4f45949754cd0281a6e16966867bf9d4a00a
ec3c1154d95327d79118d2ea0320ead3e3ab4e29431c21c34012a1f896c36dc4