urlscan.io logo urlscan.io
SecurityTrails logo

sfca.gmgadvertising.com Open in urlscan Pro
192.185.136.23  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023
Effective URL: http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023/LoginServices/index.php?execution=e2s1
Submission: On July 15 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 7 HTTP transactions. The main IP is 192.185.136.23, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is sfca.gmgadvertising.com.
This is the only time sfca.gmgadvertising.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fedex (Transportation)

Domain & IP information

IP Address AS Autonomous System
2 3 192.185.136.23 19871 (NETWORK-S...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:480... 20940 (AKAMAI-ASN1)
4 162.19.61.80 16276 (OVH)
7 5
Apex Domain
Subdomains		 Transfer
4 postimg.cc
i.postimg.cc — Cisco Umbrella Rank: 17738
155 KB
3 gmgadvertising.com
sfca.gmgadvertising.com
209 KB
1 fedex.com
www.fedex.com — Cisco Umbrella Rank: 8101
18 KB
1 gstatic.com
www.gstatic.com
5 KB
7 4
Domain Requested by
4 i.postimg.cc sfca.gmgadvertising.com
3 sfca.gmgadvertising.com 2 redirects
1 www.fedex.com sfca.gmgadvertising.com
1 www.gstatic.com sfca.gmgadvertising.com
7 4

This site contains no links.

Subject Issuer Validity Valid
*.gstatic.com
GTS CA 1C3		 2023-06-19 -
2023-09-11		 3 months crt.sh
www.fedex.com
Sectigo RSA Organization Validation Secure Server CA		 2023-05-18 -
2024-05-17		 a year crt.sh
postimg.cc
R3		 2023-06-24 -
2023-09-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023/LoginServices/index.php?execution=e2s1
Frame ID: 645E1EABFEAC91DE852A8A3C1F3DC07E
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

FedEx Express | Express-Lieferungen

Page URL History Show full URLs

  1. http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023 HTTP 301
    http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023/ HTTP 302
    http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023/LoginServices/index.php?execution=e2s1 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

7
Requests

86 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

387 kB
Transfer

630 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023 HTTP 301
    http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023/ HTTP 302
    http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023/LoginServices/index.php?execution=e2s1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.php
sfca.gmgadvertising.com/.well-known/acme-challenge/07142023/LoginServices/
Redirect Chain
  • http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023
  • http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023/
  • http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023/LoginServices/index.php?execution=e2s1
430 KB
208 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023/LoginServices/index.php?execution=e2s1
Protocol
HTTP/1.1
Server
192.185.136.23 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
192-185-136-23.unifiedlayer.com
Software
Apache /
Resource Hash
5979fb4a3d0ea39ff690c398bbbf5e250a23d8f928c2a2197d9d3cd06d37e87f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sat, 15 Jul 2023 04:23:29 GMT
Keep-Alive
timeout=5, max=73
Server
Apache
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

Connection
Keep-Alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Sat, 15 Jul 2023 04:23:29 GMT
Keep-Alive
timeout=5, max=74
Server
Apache
location
LoginServices/index.php?execution=e2s1
m=el_main_css
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.69JJaQ5G5xA.L.W.O/d=0/rs=AN8SPfpC36MIoWPngdVwZ4RUzeJYZaC7rg/ 		25 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.69JJaQ5G5xA.L.W.O/d=0/rs=AN8SPfpC36MIoWPngdVwZ4RUzeJYZaC7rg/m=el_main_css
Requested by
Host: sfca.gmgadvertising.com
URL: http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023/LoginServices/index.php?execution=e2s1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7db470720bc87269e9bf81c2da2649d4f59d54eb54ca5ed4547855758d6688a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sfca.gmgadvertising.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 13 Jul 2023 10:19:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
151450
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4396
x-xss-protection
0
last-modified
Sun, 12 Mar 2023 00:11:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="rosetta"
vary
Accept-Encoding
report-to
{"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 12 Jul 2024 10:19:19 GMT
logo.png
www.fedex.com/content/dam/fedex-com/logos/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fedex.com/content/dam/fedex-com/logos/logo.png
Requested by
Host: sfca.gmgadvertising.com
URL: http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023/LoginServices/index.php?execution=e2s1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f14c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
99f7cd905d160e4bf4408195b22a893a45661a8855a0841e207d5bafe7411d90
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sfca.gmgadvertising.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 15 Jul 2023 04:23:30 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 24 Jun 2023 16:31:36 GMT
server
Apache
x-frame-options
SAMEORIGIN
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
image/png
cache-control
max-age=52474
access-control-allow-credentials
true
accept-ranges
bytes
content-length
17964
expires
Sat, 15 Jul 2023 18:58:04 GMT
vvvvvv.png
i.postimg.cc/cHmccGKv/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.postimg.cc/cHmccGKv/vvvvvv.png
Requested by
Host: sfca.gmgadvertising.com
URL: http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023/LoginServices/index.php?execution=e2s1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.61.80 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3094918.ip-162-19-61.eu
Software
nginx /
Resource Hash
116ad92478dc2eeea19a8faa30f82c6ce2b159f844c57731cd262840b48c954c

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sfca.gmgadvertising.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 15 Jul 2023 04:23:30 GMT
last-modified
Wed, 31 May 2023 01:21:06 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
5650
expires
Thu, 31 Dec 2037 23:55:55 GMT
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f5a1cda4fb88f80c899df7f68eafee24fda5fb208124934c8883d2979b266b5a

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sfca.gmgadvertising.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/png
Screenshot-4.png
i.postimg.cc/fR9jr9tn/ 		148 KB
148 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.postimg.cc/fR9jr9tn/Screenshot-4.png
Requested by
Host: sfca.gmgadvertising.com
URL: http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023/LoginServices/index.php?execution=e2s1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.61.80 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3094918.ip-162-19-61.eu
Software
nginx /
Resource Hash
8b6f50095eec6f2712bf1fd2a5e3677346bc0203c27beb4b01672c86e4756e78

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sfca.gmgadvertising.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 15 Jul 2023 04:23:30 GMT
last-modified
Wed, 31 May 2023 01:22:18 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
151362
expires
Thu, 31 Dec 2037 23:55:55 GMT
Screenshot-2.png
i.postimg.cc/DwHpWhsF/ 		527 B
769 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.postimg.cc/DwHpWhsF/Screenshot-2.png
Requested by
Host: sfca.gmgadvertising.com
URL: http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023/LoginServices/index.php?execution=e2s1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.61.80 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3094918.ip-162-19-61.eu
Software
nginx /
Resource Hash
50664f537d140d8cf8a0a56c4aad17a50654dc594ff34a9fcf574fa313c9b30d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sfca.gmgadvertising.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 15 Jul 2023 04:23:30 GMT
last-modified
Wed, 31 May 2023 01:20:13 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
527
expires
Thu, 31 Dec 2037 23:55:55 GMT
Screenshot-3.png
i.postimg.cc/fWCHcmX8/ 		551 B
793 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.postimg.cc/fWCHcmX8/Screenshot-3.png
Requested by
Host: sfca.gmgadvertising.com
URL: http://sfca.gmgadvertising.com/.well-known/acme-challenge/07142023/LoginServices/index.php?execution=e2s1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.61.80 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3094918.ip-162-19-61.eu
Software
nginx /
Resource Hash
ae5bb37d041e6dac4d6225cf14f05d9df3ffa8ff7de826f8f9e34815d50feba5

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sfca.gmgadvertising.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 15 Jul 2023 04:23:30 GMT
last-modified
Wed, 31 May 2023 01:20:40 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
551
expires
Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fedex (Transportation)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| addSlashes

0 Cookies