urlscan.io logo urlscan.io
SecurityTrails logo

tssaero.ddnsking.com Open in urlscan Pro
23.106.123.61  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://tssaero.ddnsking.com/sf/sfex/sfex/index.php?email=estatement@adcb.com
Effective URL: http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&re...
Submission: On June 11 via manual from AE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 5 domains to perform 7 HTTP transactions. The main IP is 23.106.123.61, located in Singapore and belongs to LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG. The main domain is tssaero.ddnsking.com.
This is the only time tssaero.ddnsking.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: SF Express (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 3 23.106.123.61 59253 (LEASEWEB-...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 54.225.184.53 14618 (AMAZON-AES)
2 220.242.157.117 54994 (QUANTILNE...)
1 2a00:1450:400... 15169 (GOOGLE)
7 5
3    23.106.123.61 (Singapore)

ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG)
PTR: v113.ce02.sin-10.sg.leaseweb.net
tssaero.ddnsking.com
1    2606:4700::6811:8c6b (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
assets.aftership.com
1    54.225.184.53 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-225-184-53.compute-1.amazonaws.com
www.joc.com
2    220.242.157.117 (China)

ASN54994 (QUANTILNETWORKS - QUANTIL NETWORKS INC, US)
www.sf-express.com
1    2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
encrypted-tbn0.gstatic.com
Domain Requested by
3 tssaero.ddnsking.com 1 redirects tssaero.ddnsking.com
2 www.sf-express.com tssaero.ddnsking.com
1 encrypted-tbn0.gstatic.com tssaero.ddnsking.com
1 www.joc.com tssaero.ddnsking.com
1 assets.aftership.com tssaero.ddnsking.com
7 5

This site contains no links.

Subject Issuer Validity Valid

1970-01-01 -
1970-01-01		 a few seconds crt.sh
*.aftership.com
COMODO RSA Domain Validation Secure Server CA		 2018-06-05 -
2020-07-04		 2 years crt.sh
*.fairplay.ihs.com
DigiCert SHA2 Secure Server CA		 2018-06-21 -
2019-06-23		 a year crt.sh
*.sf-express.com
DigiCert SHA2 Secure Server CA		 2017-08-28 -
2020-09-01		 3 years crt.sh
*.google.com
Google Internet Authority G3		 2019-05-28 -
2019-08-20		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU=
Frame ID: 881F5B33D59AA48C9894ED1FD13A2837
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://tssaero.ddnsking.com/sf/sfex/sfex/index.php?email=estatement@adcb.com HTTP 302
    http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@ad... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js/i

Page Statistics

7
Requests

57 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

4
Countries

367 kB
Transfer

365 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://tssaero.ddnsking.com/sf/sfex/sfex/index.php?email=estatement@adcb.com HTTP 302
    http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/
Redirect Chain
  • http://tssaero.ddnsking.com/sf/sfex/sfex/index.php?email=estatement@adcb.com
  • http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU=
52 KB
52 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU=
Protocol
HTTP/1.1
Server
23.106.123.61 , Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
v113.ce02.sin-10.sg.leaseweb.net
Software
Apache /
Resource Hash
3a57611041acdea747a36453c86c7ccc75628bb82b66fb1105b0c68d00714ca6

Request headers

Host
tssaero.ddnsking.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 11 Jun 2019 08:13:14 GMT
Server
Apache
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Tue, 11 Jun 2019 08:13:13 GMT
Server
Apache
location
cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU=
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
jquery.min.js
tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/files/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/files/jquery.min.js
Requested by
Host: tssaero.ddnsking.com
URL: http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU=
Protocol
HTTP/1.1
Security
, ,
Server
23.106.123.61 , Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
v113.ce02.sin-10.sg.leaseweb.net
Software
Apache /
Resource Hash

Request headers

Referer
http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 11 Jun 2019 08:13:14 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
392
Content-Type
text/html; charset=iso-8859-1
sf-express.svg
assets.aftership.com/couriers/svg/ 		932 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.aftership.com/couriers/svg/sf-express.svg
Requested by
Host: tssaero.ddnsking.com
URL: http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:8c6b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
58175e7d25cb3d0a28d7bde04e9614f40235ed2906f6841fa96e82610f85b159

Request headers

Referer
http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 11 Jun 2019 08:13:14 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 06 Jun 2019 07:56:22 GMT
server
cloudflare
x-amz-request-id
26952509E9A30987
etag
W/"033c5eaadb9973640abc2991c1d0f746"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
cache-control
public, max-age=86400
cf-ray
4e521fe7be22d729-FRA
x-amz-id-2
p2GMggElh+92sK5B/3R2FUP/exNPn+GYfBmOBVoXzQfXOxucbr+JHe5LSRzOwcMR83IbHOgagrY=
expires
Wed, 12 Jun 2019 08:13:14 GMT
SFExpress.jpg
www.joc.com/sites/default/files/field_feature_image/ 		147 KB
148 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.joc.com/sites/default/files/field_feature_image/SFExpress.jpg
Requested by
Host: tssaero.ddnsking.com
URL: http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.225.184.53 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-225-184-53.compute-1.amazonaws.com
Software
nginx /
Resource Hash
44c9d9efcaea62ef98c04baa0d3757b9deffd89e14faa0d54bd1f5bf9375e331
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 11 Jun 2019 08:13:15 GMT
Via
varnish
X-Content-Type-Options
nosniff
Age
334559
X-Cache
HIT
Connection
keep-alive
X-AH-Environment
prod
Content-Length
150838
X-Request-ID
v-ce0b662c-8915-11e9-ab10-22000a0df383
Last-Modified
Wed, 05 Nov 2014 14:08:43 GMT
Server
nginx
Content-Type
image/jpeg
Expires
Sun, 07 Jul 2019 11:17:15 GMT
Cache-Control
max-age=2592000
Accept-Ranges
bytes
X-Cache-Hits
328
IRCE-1.jpg
www.sf-express.com/.gallery/us/news/ 		132 KB
133 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.sf-express.com/.gallery/us/news/IRCE-1.jpg
Requested by
Host: tssaero.ddnsking.com
URL: http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
220.242.157.117 , China, ASN54994 (QUANTILNETWORKS - QUANTIL NETWORKS INC, US),
Reverse DNS
Software
nginx /
Resource Hash
fbcbac2c0cbfa3673bc939cdda59b801f0fe05b7d21b23bd093933bd45ed1cb0

Request headers

Referer
http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 11 Jun 2019 06:22:50 GMT
Via
1.1 ID-0314217270070252 uproxy-3
Last-Modified
Wed, 25 Oct 2017 12:04:10 GMT
Server
nginx
Age
1
ETag
"59f07dba-21144"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
135492
X-Via
1.1 PSxgHK5pg201:1 (Cdn Cache Server V2.0), 1.1 ianxun98:10 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA2cg102:1 (Cdn Cache Server V2.0)
sf-code-img.jpg
www.sf-express.com/resource/images/index/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.sf-express.com/resource/images/index/sf-code-img.jpg
Requested by
Host: tssaero.ddnsking.com
URL: http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU=
Protocol
HTTP/1.1
Security
, ,
Server
220.242.157.117 , China, ASN54994 (QUANTILNETWORKS - QUANTIL NETWORKS INC, US),
Reverse DNS
Software
nginx /
Resource Hash
3c548d9d711d74f5637d66984ab1c46e8a9f931b9fa57fb19d161908d7a62898

Request headers

Referer
http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 10 Jun 2019 21:27:36 GMT
Via
1.1 ID-0314217270070252 uproxy-2
Last-Modified
Fri, 17 May 2019 03:13:52 GMT
Server
nginx
Age
1
ETag
"5cde26f0-6fe5"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
28645
X-Via
1.1 PSxgHK5sn200:0 (Cdn Cache Server V2.0), 1.1 ianxun98:3 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA2cg102:1 (Cdn Cache Server V2.0)
images
encrypted-tbn0.gstatic.com/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTPdQ2WbLjbfswM7ntxz6mq1CgS63CfxCS_5vdVi74zboaCTk8k
Requested by
Host: tssaero.ddnsking.com
URL: http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
c0825adf697377c72664bd9280c298b96feab08c7f898071a3ecd053589a3582
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 11 Jun 2019 08:13:14 GMT
x-content-type-options
nosniff
last-modified
Tue, 21 May 2019 01:33:51 GMT
server
sffe
access-control-allow-origin
*
content-type
image/png
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
4606
x-xss-protection
0
expires
Wed, 10 Jun 2020 08:13:14 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: SF Express (Transportation)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| display_c function| display_ct number| mytime

0 Cookies