urlscan.io logo urlscan.io
SecurityTrails logo

tikiwiki.gese.com.pa Open in urlscan Pro
15.235.26.193  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://tikiwiki.gese.com.pa/globab/GS/
Submission: On October 21 via automatic, source openphish — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 3 HTTP transactions. The main IP is 15.235.26.193, located in Canada and belongs to OVH, FR. The main domain is tikiwiki.gese.com.pa.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 17th 2023. Valid for: 3 months.
This is the only time tikiwiki.gese.com.pa was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Global Sources (E-commerce)

Domain & IP information

IP Address AS Autonomous System
1 15.235.26.193 16276 (OVH)
2 107.154.201.39 19551 (INCAPSULA)
3 2
Apex Domain
Subdomains		 Transfer
2 globalsources.com
login.globalsources.com
6 KB
1 gese.com.pa
tikiwiki.gese.com.pa
45 KB
3 2
Domain Requested by
2 login.globalsources.com tikiwiki.gese.com.pa
1 tikiwiki.gese.com.pa
3 2

This site contains no links.

Subject Issuer Validity Valid
tikiwiki.gese.com.pa
cPanel, Inc. Certification Authority		 2023-09-17 -
2023-12-16		 3 months crt.sh
*.globalsources.com
Thawte TLS RSA CA G1		 2023-07-24 -
2024-08-23		 a year crt.sh

This page contains 1 frames:

Primary Page: https://tikiwiki.gese.com.pa/globab/GS/
Frame ID: 4EDABE1D604A7FBD2BDAA1AF6A32ED57
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Global Sources

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:/|_)tiki

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

52 kB
Transfer

49 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
tikiwiki.gese.com.pa/globab/GS/ 		45 KB
45 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tikiwiki.gese.com.pa/globab/GS/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
15.235.26.193 , Canada, ASN16276 (OVH, FR),
Reverse DNS
mail.laestrella.com.pa
Software
Apache /
Resource Hash
684f7150e0ce67211bd4e00f030ed3210af462b0c9c02fcde665cd4feca227e8

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Sat, 21 Oct 2023 15:16:38 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Transfer-Encoding
chunked
GSLOGO.PNG
login.globalsources.com/sso/gsol/pex/en/balat/images/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.globalsources.com/sso/gsol/pex/en/balat/images/GSLOGO.PNG
Requested by
Host: tikiwiki.gese.com.pa
URL: https://tikiwiki.gese.com.pa/globab/GS/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.154.201.39 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
107.154.201.39.ip.incapdns.net
Software
/
Resource Hash
465c8b941a45a964b3c73162a3357083c03e807f2eb45a6e0cc03658f686ece6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tikiwiki.gese.com.pa/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 21 Oct 2023 15:16:39 GMT
content-security-policy
frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
last-modified
Sun, 31 Oct 2021 12:47:51 GMT
x-cdn
Imperva
content-security-policy-report-only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
content-type
image/png
x-iinfo
14-15759164-15759168 2NNN RT(1697901397926 35) q(0 0 0 0) r(8 8) U2
cache-control
no-cache
x-incap-sess-cookie-hdr
C4ltAm6AcHhzp0A7N62UFFbrM2UAAAAA3Ru8Nkneiwziwl5Za8Fj8Q==
accept-ranges
bytes
content-length
3788
expires
Mon, 01 Jan 1999 00:00:00 GMT
BLANK.GIF
login.globalsources.com/sso/gsol/pex/en/balat/images/ 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.globalsources.com/sso/gsol/pex/en/balat/images/BLANK.GIF
Requested by
Host: tikiwiki.gese.com.pa
URL: https://tikiwiki.gese.com.pa/globab/GS/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.154.201.39 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
107.154.201.39.ip.incapdns.net
Software
/
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tikiwiki.gese.com.pa/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 21 Oct 2023 15:16:39 GMT
content-security-policy
frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
last-modified
Thu, 28 Apr 2022 06:28:07 GMT
x-cdn
Imperva
content-security-policy-report-only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
content-type
image/gif
x-iinfo
14-15759164-15759168 2NNN RT(1697901397926 36) q(0 0 0 3) r(8 8) U2
cache-control
no-cache
x-incap-sess-cookie-hdr
91hfBUO5uQ1zp0A7N62UFFbrM2UAAAAAOsZzw309IV0mPCsvQwMKeQ==
accept-ranges
bytes
content-length
43
expires
Mon, 01 Jan 1999 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Global Sources (E-commerce)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Domain/Path Name / Value
login.globalsources.com/ Name: AWSALBTGCORS
Value: 2J1TjophkdEjujNToqb5Q08WENgRibRubaU4MgoYg5nJjGlUgAjcXfdue6iDMoQHDJbarElACVpKWzRgDSI/vRD7XIA6hv14KQn+eV+A7hrKg7WOYM7zZb8Zfv2MSR8hQGmlKvvo/FalZxPF4hnd5NSowZ7BuqkGa1ZOCA2YgqyZ
login.globalsources.com/ Name: AWSALBCORS
Value: xIzakZJatrJpLqGtoUx5ic7fGToyT6XPMGM5RaV7kOO90dVhOGxVMBlvGXc5+EOBF/Vx+uwzzElbeTi/HdbfJTFxPBZS/6yYu9wclttfLvBnpTnBeqZfG5Y46dLT

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login.globalsources.com
tikiwiki.gese.com.pa
107.154.201.39
15.235.26.193
465c8b941a45a964b3c73162a3357083c03e807f2eb45a6e0cc03658f686ece6
684f7150e0ce67211bd4e00f030ed3210af462b0c9c02fcde665cd4feca227e8
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e