tikiwiki.gese.com.pa
Open in
urlscan Pro
15.235.26.193
Malicious Activity!
Public Scan
Submission: On October 21 via automatic, source openphish — Scanned from CA
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 17th 2023. Valid for: 3 months.
This is the only time tikiwiki.gese.com.pa was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Global Sources (E-commerce)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 15.235.26.193 15.235.26.193 | 16276 (OVH) (OVH) | |
2 | 107.154.201.39 107.154.201.39 | 19551 (INCAPSULA) (INCAPSULA) | |
3 | 2 |
ASN19551 (INCAPSULA, US)
PTR: 107.154.201.39.ip.incapdns.net
login.globalsources.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
globalsources.com
login.globalsources.com |
6 KB |
1 |
gese.com.pa
tikiwiki.gese.com.pa |
45 KB |
3 | 2 |
Domain | Requested by | |
---|---|---|
2 | login.globalsources.com |
tikiwiki.gese.com.pa
|
1 | tikiwiki.gese.com.pa | |
3 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
tikiwiki.gese.com.pa cPanel, Inc. Certification Authority |
2023-09-17 - 2023-12-16 |
3 months | crt.sh |
*.globalsources.com Thawte TLS RSA CA G1 |
2023-07-24 - 2024-08-23 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://tikiwiki.gese.com.pa/globab/GS/
Frame ID: 4EDABE1D604A7FBD2BDAA1AF6A32ED57
Requests: 3 HTTP requests in this frame
Screenshot
Page Title
Global SourcesDetected technologies
Tiki Wiki CMS Groupware (CMS) ExpandDetected patterns
- (?:/|_)tiki
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
tikiwiki.gese.com.pa/globab/GS/ |
45 KB 45 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GSLOGO.PNG
login.globalsources.com/sso/gsol/pex/en/balat/images/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BLANK.GIF
login.globalsources.com/sso/gsol/pex/en/balat/images/ |
43 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Global Sources (E-commerce)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
login.globalsources.com/ | Name: AWSALBTGCORS Value: 2J1TjophkdEjujNToqb5Q08WENgRibRubaU4MgoYg5nJjGlUgAjcXfdue6iDMoQHDJbarElACVpKWzRgDSI/vRD7XIA6hv14KQn+eV+A7hrKg7WOYM7zZb8Zfv2MSR8hQGmlKvvo/FalZxPF4hnd5NSowZ7BuqkGa1ZOCA2YgqyZ |
|
login.globalsources.com/ | Name: AWSALBCORS Value: xIzakZJatrJpLqGtoUx5ic7fGToyT6XPMGM5RaV7kOO90dVhOGxVMBlvGXc5+EOBF/Vx+uwzzElbeTi/HdbfJTFxPBZS/6yYu9wclttfLvBnpTnBeqZfG5Y46dLT |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.globalsources.com
tikiwiki.gese.com.pa
107.154.201.39
15.235.26.193
465c8b941a45a964b3c73162a3357083c03e807f2eb45a6e0cc03658f686ece6
684f7150e0ce67211bd4e00f030ed3210af462b0c9c02fcde665cd4feca227e8
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e