37.252.127.10 Open in urlscan Pro
37.252.127.10 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://37.252.127.10/jkg/sfexpress/cmd-login=870dcac37e414745bc4bf25f50508247/?reff=mzuzzdiynzczmdy2zmi3mmywnzuznmfhz...
Submission: On November 01 via api (November 1st 2023, 3:34:11 pm UTC) from BE — Scanned from DE

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 5 countries across 5 domains to perform 20 HTTP transactions. The main IP is 37.252.127.10, located in Netherlands and belongs to TILAA, NL. The main domain is 37.252.127.10.

This is the only time 37.252.127.10 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: SF Express (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
8	37.252.127.10 37.252.127.10	196752 (TILAA) (TILAA)
2 8	43.152.26.58 43.152.26.58	139341 (ACE-AS-AP...) (ACE-AS-AP ACE)
2 2	43.152.26.197 43.152.26.197	139341 (ACE-AS-AP...) (ACE-AS-AP ACE)
2	13.32.99.10 13.32.99.10	16509 (AMAZON-02) (AMAZON-02)
1 2	81.71.20.246 81.71.20.246	45090 (TENCENT-N...) (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited)
1	202.181.195.170 202.181.195.170	7540 (HKCIX-AS-...) (HKCIX-AS-AP HongKong Commercial Internet Exchange)
20	6

8 37.252.127.10 (Netherlands)

ASN196752 (TILAA, NL)
PTR: dev3.omahaoutdoors.tk

37.252.127.10	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 43.152.26.58 (Frankfurt am Main, Germany) 2 redirects

ASN139341 (ACE-AS-AP ACE, SG)

www.sf-express.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 43.152.26.197 (Frankfurt am Main, Germany) 2 redirects

ASN139341 (ACE-AS-AP ACE, SG)

www.sf-express.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.99.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-10.fra60.r.cloudfront.net

www.joc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 81.71.20.246 (China) 1 redirects

ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN)

www.sf-airlines.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 202.181.195.170 (Hong Kong)

ASN7540 (HKCIX-AS-AP HongKong Commercial Internet Exchange, HK)
PTR: ixa180.serverhk.com

www.hino.com.hk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	sf-express.com 4 redirects www.sf-express.com — Cisco Umbrella Rank: 191918	879 KB
2	sf-airlines.com 1 redirects www.sf-airlines.com	356 KB
2	joc.com www.joc.com — Cisco Umbrella Rank: 408595	262 KB
1	hino.com.hk www.hino.com.hk	135 KB
0	pcdn.co Failed s29755.pcdn.co Failed
20	5

	Domain	Requested by
10	www.sf-express.com	4 redirects 37.252.127.10
2	www.sf-airlines.com	1 redirects 37.252.127.10
2	www.joc.com	37.252.127.10
1	www.hino.com.hk	37.252.127.10
0	s29755.pcdn.co Failed	37.252.127.10
20	5

This site contains no links.

Subject Issuer	Validity	Valid
prod.int.joc.com Amazon RSA 2048 M02	`2023-03-10` - `2024-04-07`	a year	crt.sh
*.sf-express.com DigiCert CN RSA CA G1	`2022-12-26` - `2023-12-26`	a year	crt.sh
hino.com.hk Go Daddy Secure Certificate Authority - G2	`2023-06-26` - `2024-06-25`	a year	crt.sh

This page contains 2 frames:

Primary Page: http://37.252.127.10/jkg/sfexpress/cmd-login=870dcac37e414745bc4bf25f50508247/?reff=mzuzzdiynzczmdy2zmi3mmywnzuznmfhzdjkmjy0ztg=
Frame ID: 587EB61D1CC5E1725DE6FC13F501BFC8
Requests: 17 HTTP requests in this frame

Frame: http://37.252.127.10/jkg/sfexpress/cmd-login=870dcac37e414745bc4bf25f50508247/content/login.php?email=
Frame ID: C85C258071D27B209A7EEC695A36E08D
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

SF Express | Track Your Shipment

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

35 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

6
IPs

5
Countries

1739 kB
Transfer

1732 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://www.sf-express.com/cn/sc/download/IMG20190905_171924.jpg HTTP 302
http://www.sf-express.com/cn/sc/404.html HTTP 302
https://www.sf-express.com/cn/sc/404.html

Request Chain 7

https://www.sf-express.com/cn/sc/download/SF-CN-Logistics-Warehousing-Service-633x255.jpg HTTP 302
http://www.sf-express.com/cn/sc/404.html HTTP 302
https://www.sf-express.com/cn/sc/404.html

Request Chain 12

http://www.sf-airlines.com/sfaImage/2019/09/1909100944581164.jpg HTTP 302
https://www.sf-airlines.com/sfaImage/2019/09/1909100944581164.jpg

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
37.252.127.10/jkg/sfexpress/cmd-login=870dcac37e414745bc4bf25f50508247/ 5 KB
5 KB 63ms
32ms Document
text/html 37.252.127.10
TILAA

General

Source	Level	URL Text
network	error	URL: https://s29755.pcdn.co/wp-content/uploads/2018/07/SF_Express_Taiwan_KPA-1063_20180126-1.jpg Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://s29755.pcdn.co/wp-content/uploads/2018/07/SF_Express_Taiwan_KPA-1063_20180126-1.jpg Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

37.252.127.10 Open in urlscan Pro 37.252.127.10 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

20 Requests

35 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

6 IPs

5 Countries

1739 kBTransfer

1732 kBSize

0 Cookies

0 Outgoing links

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

37.252.127.10 Open in urlscan Pro
37.252.127.10 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

35 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

6
IPs

5
Countries

1739 kB
Transfer

1732 kB
Size

0
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!