tssaero.ddnsking.com
Open in
urlscan Pro
23.106.123.61
Malicious Activity!
Public Scan
Effective URL: http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&re...
Submission: On June 11 via manual from AE
Summary
This is the only time tssaero.ddnsking.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: SF Express (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 23.106.123.61 23.106.123.61 | 59253 (LEASEWEB-...) (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd.) | |
1 | 2606:4700::68... 2606:4700::6811:8c6b | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 54.225.184.53 54.225.184.53 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
2 | 220.242.157.117 220.242.157.117 | 54994 (QUANTILNE...) (QUANTILNETWORKS - QUANTIL NETWORKS INC) | |
1 | 2a00:1450:400... 2a00:1450:4001:81c::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
7 | 5 |
ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG)
PTR: v113.ce02.sin-10.sg.leaseweb.net
tssaero.ddnsking.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
assets.aftership.com |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-225-184-53.compute-1.amazonaws.com
www.joc.com |
ASN15169 (GOOGLE - Google LLC, US)
encrypted-tbn0.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
ddnsking.com
1 redirects
tssaero.ddnsking.com |
53 KB |
2 |
sf-express.com
www.sf-express.com |
161 KB |
1 |
gstatic.com
encrypted-tbn0.gstatic.com |
5 KB |
1 |
joc.com
www.joc.com |
148 KB |
1 |
aftership.com
assets.aftership.com |
1 KB |
7 | 5 |
Domain | Requested by | |
---|---|---|
3 | tssaero.ddnsking.com |
1 redirects
tssaero.ddnsking.com
|
2 | www.sf-express.com |
tssaero.ddnsking.com
|
1 | encrypted-tbn0.gstatic.com |
tssaero.ddnsking.com
|
1 | www.joc.com |
tssaero.ddnsking.com
|
1 | assets.aftership.com |
tssaero.ddnsking.com
|
7 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh | |
*.aftership.com COMODO RSA Domain Validation Secure Server CA |
2018-06-05 - 2020-07-04 |
2 years | crt.sh |
*.fairplay.ihs.com DigiCert SHA2 Secure Server CA |
2018-06-21 - 2019-06-23 |
a year | crt.sh |
*.sf-express.com DigiCert SHA2 Secure Server CA |
2017-08-28 - 2020-09-01 |
3 years | crt.sh |
*.google.com Google Internet Authority G3 |
2019-05-28 - 2019-08-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU=
Frame ID: 881F5B33D59AA48C9894ED1FD13A2837
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://tssaero.ddnsking.com/sf/sfex/sfex/index.php?email=estatement@adcb.com
HTTP 302
http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@ad... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://tssaero.ddnsking.com/sf/sfex/sfex/index.php?email=estatement@adcb.com
HTTP 302
http://tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/?email=estatement@adcb.com&loginpage=&reff=MWE3MjE5ZWEyOGVmOTRiZDA1MjBhNzRhZTZmNGU2ZDU= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/ Redirect Chain
|
52 KB 52 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
tssaero.ddnsking.com/sf/sfex/sfex/cmd-login=0e565c650735b8545b46a36fbd44699b/files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sf-express.svg
assets.aftership.com/couriers/svg/ |
932 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SFExpress.jpg
www.joc.com/sites/default/files/field_feature_image/ |
147 KB 148 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
IRCE-1.jpg
www.sf-express.com/.gallery/us/news/ |
132 KB 133 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sf-code-img.jpg
www.sf-express.com/resource/images/index/ |
28 KB 28 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
images
encrypted-tbn0.gstatic.com/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: SF Express (Transportation)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| display_c function| display_ct number| mytime0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.aftership.com
encrypted-tbn0.gstatic.com
tssaero.ddnsking.com
www.joc.com
www.sf-express.com
220.242.157.117
23.106.123.61
2606:4700::6811:8c6b
2a00:1450:4001:81c::200e
54.225.184.53
3a57611041acdea747a36453c86c7ccc75628bb82b66fb1105b0c68d00714ca6
3c548d9d711d74f5637d66984ab1c46e8a9f931b9fa57fb19d161908d7a62898
44c9d9efcaea62ef98c04baa0d3757b9deffd89e14faa0d54bd1f5bf9375e331
58175e7d25cb3d0a28d7bde04e9614f40235ed2906f6841fa96e82610f85b159
c0825adf697377c72664bd9280c298b96feab08c7f898071a3ecd053589a3582
fbcbac2c0cbfa3673bc939cdda59b801f0fe05b7d21b23bd093933bd45ed1cb0