![](/screenshots/d72563f9-3ccc-4b39-901f-6697d9a5bbb3.png)
sfexpress.s-walet.pro
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Public Scan
Effective URL: https://sfexpress.s-walet.pro/179243121?refer=3
Submission: On June 02 via manual from HK — Scanned from DE
Summary
TLS certificate: Issued by E1 on May 25th 2024. Valid for: 3 months.
This is the only time sfexpress.s-walet.pro was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: SF Express (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 213.238.191.23 213.238.191.23 | 210388 (HAYALHOST) (HAYALHOST) | |
17 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 199.232.196.193 199.232.196.193 | 54113 (FASTLY) (FASTLY) | |
1 | 58.250.0.54 58.250.0.54 | 17623 (CNCGROUP-...) (CNCGROUP-SZ China Unicom Shenzen network) | |
1 | 43.152.26.58 43.152.26.58 | () () | |
27 | 5 |
ASN210388 (HAYALHOST, TR)
PTR: static.23.191.238.213.client.hayalhost.net
xn--genlink-wxa.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
s-walet.pro
sfexpress.s-walet.pro |
210 KB |
1 |
sf-express.com
htm.sf-express.com |
2 KB |
1 |
ebs.org.cn
szcert.ebs.org.cn — Cisco Umbrella Rank: 355315 |
16 KB |
1 |
imgur.com
i.imgur.com — Cisco Umbrella Rank: 7840 |
85 KB |
1 |
xn--genlink-wxa.com
1 redirects
xn--genlink-wxa.com |
360 B |
0 |
s-wallet.ai
Failed
s-wallet.ai Failed |
|
27 | 6 |
Domain | Requested by | |
---|---|---|
17 | sfexpress.s-walet.pro |
sfexpress.s-walet.pro
|
1 | htm.sf-express.com | |
1 | szcert.ebs.org.cn |
sfexpress.s-walet.pro
|
1 | i.imgur.com |
sfexpress.s-walet.pro
|
1 | xn--genlink-wxa.com | 1 redirects |
0 | s-wallet.ai Failed |
sfexpress.s-walet.pro
|
27 | 6 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
s-walet.pro E1 |
2024-05-25 - 2024-08-23 |
3 months | crt.sh |
*.imgur.com Sectigo RSA Domain Validation Secure Server CA |
2024-02-15 - 2025-02-14 |
a year | crt.sh |
*.ebs.org.cn Xcc Trust OV SSL CA |
2023-08-14 - 2024-08-13 |
a year | crt.sh |
*.sf-express.com DigiCert CN RSA CA G1 |
2023-09-27 - 2024-10-27 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://sfexpress.s-walet.pro/179243121?refer=3
Frame ID: 1BA410B98465D7BF2A5729A2BF08776A
Requests: 20 HTTP requests in this frame
Frame:
https://sfexpress.s-walet.pro/supportChatFrame/179243121
Frame ID: CACE48C022B95C3517DC668C1543B4C8
Requests: 7 HTTP requests in this frame
Screenshot
![](/screenshots/d72563f9-3ccc-4b39-901f-6697d9a5bbb3.png)
Page Title
Track & TracePage URL History Show full URLs
-
https://xn--genlink-wxa.com/HiC
HTTP 301
https://sfexpress.s-walet.pro/179243121?refer=3 Page URL
Page Statistics
96 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: SF Speedy Express
Search URL Search Domain Scan URL
Title: SF Drop & Pick
Search URL Search Domain Scan URL
Title: E-comm Box
Search URL Search Domain Scan URL
Title: SF Locker Mailing Service
Search URL Search Domain Scan URL
Title: SF Return
Search URL Search Domain Scan URL
Title: Alcohol Delivery
Search URL Search Domain Scan URL
Title: Economy Express
Search URL Search Domain Scan URL
Title: FTL Direct Delivery
Search URL Search Domain Scan URL
Title: SF Speedy Express
Search URL Search Domain Scan URL
Title: Economy Express
Search URL Search Domain Scan URL
Title: SF-eship
Search URL Search Domain Scan URL
Title: FTL Direct Delivery
Search URL Search Domain Scan URL
Title: Ground Parcel (BBX Model)
Search URL Search Domain Scan URL
Title: E-commerce Standard Express
Search URL Search Domain Scan URL
Title: Standard Express
Search URL Search Domain Scan URL
Title: SF Economy Express
Search URL Search Domain Scan URL
Title: SF E-Parcel
Search URL Search Domain Scan URL
Title: SF E-Commerce Express
Search URL Search Domain Scan URL
Title: Shipment Protection Plus (SPP)
Search URL Search Domain Scan URL
Title: Cash on Delivery (Hong Kong and Macau)
Search URL Search Domain Scan URL
Title: Pickup Authorization
Search URL Search Domain Scan URL
Title: Change Payment Mode
Search URL Search Domain Scan URL
Title: Address Correction
Search URL Search Domain Scan URL
Title: Return Proof of Delivery
Search URL Search Domain Scan URL
Title: Special Warehousing
Search URL Search Domain Scan URL
Title: Hong Kong Import and Export Declaration
Search URL Search Domain Scan URL
Title: SF Packing Materials
Search URL Search Domain Scan URL
Title: SF Cold Chain Insulated Materials
Search URL Search Domain Scan URL
Title: SF Retention Service
Search URL Search Domain Scan URL
Title: Secret Key Authentication Service
Search URL Search Domain Scan URL
Title: Resource Allocation Fee
Search URL Search Domain Scan URL
Title: Fuel Surcharge
Search URL Search Domain Scan URL
Title: Remote Surcharge
Search URL Search Domain Scan URL
Title: Standard Warehouse Distribution Center
Search URL Search Domain Scan URL
Title: Warehouse Management
Search URL Search Domain Scan URL
Title: Distribution Support
Search URL Search Domain Scan URL
Title: Temperature Controlled Delivery
Search URL Search Domain Scan URL
Title: Temperature Controlled Delivery (Alcohol)
Search URL Search Domain Scan URL
Title: Packaging Principles for Cold Chain Shipments
Search URL Search Domain Scan URL
Title: Mainland China to Hong Kong China/Macau China
Search URL Search Domain Scan URL
Title: USA to Hong Kong China/Macau China
Search URL Search Domain Scan URL
Title: Shipping
Search URL Search Domain Scan URL
Title: Rates & Transit Time
Search URL Search Domain Scan URL
Title: Service Coverage
Search URL Search Domain Scan URL
Title: Service Point
Search URL Search Domain Scan URL
Title: Cooperation Inquiry
Search URL Search Domain Scan URL
Title: About SF Locker
Search URL Search Domain Scan URL
Title: Grid Sizes
Search URL Search Domain Scan URL
Title: User Guide
Search URL Search Domain Scan URL
Title: Airport Courier Service
Search URL Search Domain Scan URL
Title: Airport Baggage Check-in and Delivery Service
Search URL Search Domain Scan URL
Title: One-stop e-Commerce Logistics Solution E-Grow
Search URL Search Domain Scan URL
Title: Gift Redemption Service
Search URL Search Domain Scan URL
Title: Exhibitor Exclusive Offer for Move In & Out and Replenishment
Search URL Search Domain Scan URL
Title: Exclusive Delivery Offers for Visitors
Search URL Search Domain Scan URL
Title: Shipping
Search URL Search Domain Scan URL
Title: Track & Trace
Search URL Search Domain Scan URL
Title: Pickup/Delivery Standards
Search URL Search Domain Scan URL
Title: Currency Exchange Rates
Search URL Search Domain Scan URL
Title: Airport Express Service
Search URL Search Domain Scan URL
Title: Customs Clearance Service
Search URL Search Domain Scan URL
Title: Customer Area
Search URL Search Domain Scan URL
Title: Packaging Principles
Search URL Search Domain Scan URL
Title: Types of Vulnerable, Fragile and Valuable Item
Search URL Search Domain Scan URL
Title: Customs Cargo Reference Number
Search URL Search Domain Scan URL
Title: Weight and Size Restrictions
Search URL Search Domain Scan URL
Title: Useful Forms
Search URL Search Domain Scan URL
Title: SF Business Station Locations
Search URL Search Domain Scan URL
Title: SF Store Locations
Search URL Search Domain Scan URL
Title: SF Service Partner Locations
Search URL Search Domain Scan URL
Title: SF Locker Locations
Search URL Search Domain Scan URL
Title: Business Clients
Search URL Search Domain Scan URL
Title: About Us
Search URL Search Domain Scan URL
Title: About SF
Search URL Search Domain Scan URL
Title: Announcement
Search URL Search Domain Scan URL
Title: News Information
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: Cooperation Inquiry
Search URL Search Domain Scan URL
Title: Promotions and Events
Search URL Search Domain Scan URL
Title: Shipping
Search URL Search Domain Scan URL
Title: Service & Support
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: SF TECH
Search URL Search Domain Scan URL
Title: SF AIRLINES
Search URL Search Domain Scan URL
Title: SF INTERNATIONAL
Search URL Search Domain Scan URL
Title: SFBuy
Search URL Search Domain Scan URL
Title: SF Foundation
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: 粤 ICP 备08034243号
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://xn--genlink-wxa.com/HiC
HTTP 301
https://sfexpress.s-walet.pro/179243121?refer=3 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 14- https://sfexpress.s-walet.pro/assets/images/index/header-phoneicon.png HTTP 302
- https://s-wallet.ai/
- https://sfexpress.s-walet.pro/assets/images/index/order-button-background.png HTTP 302
- https://s-wallet.ai/
- https://sfexpress.s-walet.pro/assets/images/index/order-button-arrow.png HTTP 302
- https://s-wallet.ai/
- https://sfexpress.s-walet.pro/assets/images/index/whatsapp-gray.png HTTP 302
- https://s-wallet.ai/
- https://sfexpress.s-walet.pro/assets/images/index/label-top-r-btn.png HTTP 302
- https://s-wallet.ai/
- https://sfexpress.s-walet.pro/assets/fonts/sf-express-icon.woff?hash=1478076975980 HTTP 302
- https://s-wallet.ai/
- https://sfexpress.s-walet.pro/assets/fonts/sf-express-icon.ttf?hash=1478076975980 HTTP 302
- https://s-wallet.ai/
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
179243121
sfexpress.s-walet.pro/ Redirect Chain
|
66 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.css
sfexpress.s-walet.pro/assets/sfexpress/ |
735 KB 111 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
support_parent.css
sfexpress.s-walet.pro/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logotc.png
sfexpress.s-walet.pro/assets/sfexpress/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
179243121
sfexpress.s-walet.pro/supportChatFrame/ Frame CACE |
23 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gASXxES.jpeg
i.imgur.com/ |
84 KB 85 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
order-button-icon.gif
sfexpress.s-walet.pro/assets/sfexpress/ |
895 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
hk_suyuntong.jpg
sfexpress.s-walet.pro/assets/sfexpress/ |
38 KB 39 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
officialbrand_small_h_img.jpg
sfexpress.s-walet.pro/assets/sfexpress/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
security_site_1.png
sfexpress.s-walet.pro/assets/sfexpress/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
security_site_2.png
sfexpress.s-walet.pro/assets/sfexpress/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
govIcon.gif
szcert.ebs.org.cn/Images/ |
15 KB 16 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
support_chat.css
sfexpress.s-walet.pro/css/ Frame CACE |
101 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
axios.min.js
sfexpress.s-walet.pro/js/ Frame CACE |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
support.js
sfexpress.s-walet.pro/js/ Frame CACE |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
s-wallet.ai/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
s-wallet.ai/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
s-wallet.ai/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
s-wallet.ai/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
s-wallet.ai/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
supportIcon.svg
sfexpress.s-walet.pro/img/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
s-wallet.ai/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
getMessages
sfexpress.s-walet.pro/api/support/ Frame CACE |
15 B 493 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
s-wallet.ai/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
getMessages
sfexpress.s-walet.pro/api/support/ Frame CACE |
15 B 487 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
getMessages
sfexpress.s-walet.pro/api/support/ Frame CACE |
15 B 495 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
htm.sf-express.com/.gallery/ |
1 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- s-wallet.ai
- URL
- https://s-wallet.ai/
- Domain
- s-wallet.ai
- URL
- https://s-wallet.ai/
- Domain
- s-wallet.ai
- URL
- https://s-wallet.ai/
- Domain
- s-wallet.ai
- URL
- https://s-wallet.ai/
- Domain
- s-wallet.ai
- URL
- https://s-wallet.ai/
- Domain
- s-wallet.ai
- URL
- https://s-wallet.ai/
- Domain
- s-wallet.ai
- URL
- https://s-wallet.ai/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: SF Express (Transportation)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 03 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
xn--genlink-wxa.com/ | Name: PHPSESSID Value: v7c0vjtus6lvvvdt6028jvb132 |
|
xn--genlink-wxa.com/ | Name: short_1668 Value: 1 |
|
sfexpress.s-walet.pro/ | Name: connect.sid Value: s%3ArkRLsc_Ia9F7JqgcoVmIvTKse-1vhz4M.E82xtPUDaCcZtd%2FAOoe%2BCTE5oqBAaUVFMEx3jTAMjJI |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
htm.sf-express.com
i.imgur.com
s-wallet.ai
sfexpress.s-walet.pro
szcert.ebs.org.cn
xn--genlink-wxa.com
s-wallet.ai
199.232.196.193
213.238.191.23
2a06:98c1:3120::3
43.152.26.58
58.250.0.54
0065f72f9d0f2421a4c54c9f411e645c2fb8e6d66d279df5d4c72975a2bf24be
006ac205426fd7b3e79f3d6d414889d52f87daa2731a8264469984850714c18d
0d9e97528d972063f9f9a22accaf21284ea8216008bddea7ab16428e098d47b2
246fac7dcc264259f436808fc3321842a95c91b3f32ed7a5882f9a817b82858a
2ca32d461e4105aa8337ce1559b9f399527acb7be62124bae03a0106dc2d9a4b
3c0d4d9254e4d025fc4ad2838fff6cd896b5c93a1a601c46afa097e1821d779d
51227899986140fb72aed65d35e19bd3a8c8db4f8c3afa07f29451360e723e6c
5e4ce7b36ba37b78a5d5f9fd08e6b7b54ba6879d651aa46ec9e1d6fa24ebe30a
73d4e2bc1d520806978d442cc192c7856b88449cd109d1a6551a18879bb81e19
74f553ec7aa4457024310378fd3eac8573d86f767579ad371bbf64d32ed96df8
75fab0d1416ba599a70fae571a4dd33f2f81b99fc84269c99b8710049ffe6caf
bdddc3f5d8ed302fc009b1f244cf1d1131043dcc75a947b54b7a51281e9ca5c1
be0f09e385ed5b8745751b3fefe56db002a55118ab5fd80111c89255aa485f5d
d35e73edc030e667b728e2e626c782ec2b4d3b0a3044730c02b9a25dbf46be59
d40c636c6f5df8e97ce5d56c336a9c1379bfa2b963053386d670b6865be2913f
de9120a1c026b6af5948fa461ec3fe82ce238670bd9cbaecfd65fc4326b4151d
ea52c2604519304144d7267cf90f912ee6b092b2c5505576948568fe653dcac0
ec3c1154d95327d79118d2ea0320ead3e3ab4e29431c21c34012a1f896c36dc4