urlscan.io logo urlscan.io
SecurityTrails logo

singapost-sgx.is-an-accountant.com Open in urlscan Pro
165.22.66.0  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://found.ee/v8rzp
Effective URL: http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
Submission: On December 15 via api from SG — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 6 domains to perform 16 HTTP transactions. The main IP is 165.22.66.0, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is singapost-sgx.is-an-accountant.com.
This is the only time singapost-sgx.is-an-accountant.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Singapore Post (Transportation)

Domain & IP information

IP Address AS Autonomous System
3 54.191.211.246 16509 (AMAZON-02)
1 8 165.22.66.0 14061 (DIGITALOC...)
1 185.33.220.216 29990 (ASN-APPNEX)
1 2 185.33.221.91 29990 (ASN-APPNEX)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:2800:134... 15133 (EDGECAST)
1 2606:4700::68... 13335 (CLOUDFLAR...)
16 8
3    54.191.211.246 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-191-211-246.us-west-2.compute.amazonaws.com
found.ee
8    165.22.66.0 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: whmback.duckdns.org
singapost-sgx.is-an-accountant.com
1    185.33.220.216 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 872.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
2    185.33.221.91 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
secure.adnxs.com
1    2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST, US)
pbs.twimg.com
1    2606:4700::6810:2213 (United States)

ASN13335 (CLOUDFLARENET, US)
www.singpost.com
Domain Requested by
8 singapost-sgx.is-an-accountant.com 1 redirects found.ee
singapost-sgx.is-an-accountant.com
3 found.ee found.ee
2 secure.adnxs.com 1 redirects
1 www.singpost.com singapost-sgx.is-an-accountant.com
1 pbs.twimg.com singapost-sgx.is-an-accountant.com
1 cdnjs.cloudflare.com singapost-sgx.is-an-accountant.com
1 ib.adnxs.com found.ee
0 api.found.ee Failed found.ee
16 8

This site contains no links.

Subject Issuer Validity Valid
found.ee
R3		 2021-11-11 -
2022-02-09		 3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-09-21 -
2022-09-20		 a year crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-20 -
2022-10-19		 a year crt.sh
www.singpost.com
Entrust Certification Authority - L1K		 2020-02-17 -
2022-03-30		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
Frame ID: F64218E6D81C427770B30A75975CD34B
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Singapore Post Payment

Page URL History Show full URLs

  1. https://found.ee/v8rzp Page URL
  2. http://singapost-sgx.is-an-accountant.com/sg/sg-post/ HTTP 302
    http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment Page URL

Page Statistics

16
Requests

44 %
HTTPS

43 %
IPv6

6
Domains

8
Subdomains

8
IPs

3
Countries

326 kB
Transfer

337 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://found.ee/v8rzp Page URL
  2. http://singapost-sgx.is-an-accountant.com/sg/sg-post/ HTTP 302
    http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://secure.adnxs.com/seg?add=16260054&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D16260054%26t%3D1

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
v8rzp
found.ee/ 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://found.ee/v8rzp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.191.211.246 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-191-211-246.us-west-2.compute.amazonaws.com
Software
openresty /
Resource Hash
a46d0261f48e19067061f6953ef7c1103aff1893c8a7d572daa24016a171fb29
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
openresty
date
Wed, 15 Dec 2021 06:12:22 GMT
content-type
text/html;charset=utf-8
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
pixel.js
found.ee/dmp/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://found.ee/dmp/pixel.js?t=1639612800000
Requested by
Host: found.ee
URL: https://found.ee/v8rzp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.191.211.246 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-191-211-246.us-west-2.compute.amazonaws.com
Software
openresty /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://found.ee/v8rzp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 06:12:22 GMT
content-encoding
gzip
last-modified
Wed, 18 Nov 2020 06:56:22 GMT
server
openresty
etag
W/"dec9658c8d0f4fb06e45aef345cb1c50"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
/
found.ee/stats/collect/ 		0
98 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://found.ee/stats/collect/
Requested by
Host: found.ee
URL: https://found.ee/v8rzp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.191.211.246 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-191-211-246.us-west-2.compute.amazonaws.com
Software
openresty /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://found.ee/v8rzp
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type
application/json

Response headers

date
Wed, 15 Dec 2021 06:12:22 GMT
server
openresty
content-length
0
strict-transport-security
max-age=31536000; includeSubDomains; preload
Primary Request payment.php
singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/
Redirect Chain
  • http://singapost-sgx.is-an-accountant.com/sg/sg-post/
  • http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
18 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
Requested by
Host: found.ee
URL: https://found.ee/v8rzp
Protocol
HTTP/1.1
Server
165.22.66.0 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
whmback.duckdns.org
Software
www.fbi.gov /
Resource Hash
60c9be5fc856364f994113008a4369b59d862fd558963d0fb44df0f576caf0e1
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://found.ee/v8rzp

Response headers

Date
Wed, 15 Dec 2021 06:12:22 GMT
Server
www.fbi.gov
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
X-Content-Type
nosniff
X_FORWARDED_FOR
104.16.77.187
REMOTE_ADDR
104.16.77.187
Connection
keep-alive, Keep-Alive
Host
www.fbi.gov
Origin
https://www.fbi.gov
Referer
https://www.fbi.gov
X-Forwarded-Host
www.fbi.gov
X-Forwarded-Proto
https
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=5, max=99
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Wed, 15 Dec 2021 06:12:22 GMT
Server
www.fbi.gov
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
location
d5405e6ea92c20c/payment.php?payment#?fbclid=IwAR3Am6b1OG_8mxyeoUk573kWES3uC8nQZlbs-dfH_2ztUtZ44t_kioWxgR8
X-Content-Type
nosniff
X_FORWARDED_FOR
104.16.77.187
REMOTE_ADDR
104.16.77.187
Connection
keep-alive, Keep-Alive
Host
www.fbi.gov
Origin
https://www.fbi.gov
Referer
https://www.fbi.gov
X-Forwarded-Host
www.fbi.gov
X-Forwarded-Proto
https
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=5, max=100
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
getuidp
ib.adnxs.com/ 		27 B
693 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/getuidp?callback=onAppNexusLoad
Requested by
Host: found.ee
URL: https://found.ee/dmp/pixel.js?t=1639612800000
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.216 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
872.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://found.ee/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 06:12:22 GMT
X-Proxy-Origin
185.213.155.163; 185.213.155.163; 872.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
cf21b2de-16ee-4827-ab96-8cbd7dab29d7
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
27
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=16260054&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D16260054%26t%3D1
0
1008 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D16260054%26t%3D1
Protocol
HTTP/1.1
Server
185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://found.ee/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 06:12:22 GMT
X-Proxy-Origin
185.213.155.163; 185.213.155.163; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
2542576c-d3a5-422e-b51f-c82b76203e0f
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 06:12:22 GMT
X-Proxy-Origin
185.213.155.163; 185.213.155.163; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
2d6d37bc-078c-4625-b571-507c61c804f9
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D16260054%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
8a0c1f5c-42ad-4e6f-a2d6-9f28cb9b83b5
api.found.ee/dmp/fire/ 		0
0
bootstrap.min.css
singapost-sgx.is-an-accountant.com/sg/sg-post/assets/css/ 		124 KB
124 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://singapost-sgx.is-an-accountant.com/sg/sg-post/assets/css/bootstrap.min.css
Requested by
Host: singapost-sgx.is-an-accountant.com
URL: http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
Protocol
HTTP/1.1
Server
165.22.66.0 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
whmback.duckdns.org
Software
Apache /
Resource Hash
fdebe333f5f73f4d759428fec21474e9462ea493838710a102667b3ea9e3c298
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 06:12:22 GMT
Origin
https://www.fbi.gov
Connection
keep-alive, Keep-Alive
X_FORWARDED_FOR
104.16.77.187
X-Forwarded-Proto
https
Content-Length
126922
X-XSS-Protection
1; mode=block
Server
Apache
X-Content-Type
nosniff
REMOTE_ADDR
104.16.77.187
Last-Modified
Tue, 22 Dec 2020 11:30:54 GMT
X-Forwarded-Host
www.fbi.gov
Host
www.fbi.gov
Content-Type
text/css
Referer
https://www.fbi.gov
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
style.css
singapost-sgx.is-an-accountant.com/sg/sg-post/assets/css/ 		16 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://singapost-sgx.is-an-accountant.com/sg/sg-post/assets/css/style.css
Requested by
Host: singapost-sgx.is-an-accountant.com
URL: http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
Protocol
HTTP/1.1
Server
165.22.66.0 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
whmback.duckdns.org
Software
Apache /
Resource Hash
623f9cddacbbeaf3ff9c7cf2f92b40823f97bd8af90ed2cfc35e00ec718eb0ec
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 06:12:22 GMT
Origin
https://www.fbi.gov
Connection
keep-alive, Keep-Alive
X_FORWARDED_FOR
104.16.77.187
X-Forwarded-Proto
https
Content-Length
16117
X-XSS-Protection
1; mode=block
Server
Apache
X-Content-Type
nosniff
REMOTE_ADDR
104.16.77.187
Last-Modified
Tue, 22 Dec 2020 11:30:54 GMT
X-Forwarded-Host
www.fbi.gov
Host
www.fbi.gov
Content-Type
text/css
Referer
https://www.fbi.gov
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
jquery-3.1.0.min.js
singapost-sgx.is-an-accountant.com/sg/sg-post/assets/js/ 		84 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://singapost-sgx.is-an-accountant.com/sg/sg-post/assets/js/jquery-3.1.0.min.js
Requested by
Host: singapost-sgx.is-an-accountant.com
URL: http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
Protocol
HTTP/1.1
Server
165.22.66.0 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
whmback.duckdns.org
Software
Apache /
Resource Hash
702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 06:12:22 GMT
Origin
https://www.fbi.gov
Connection
keep-alive, Keep-Alive
X_FORWARDED_FOR
104.16.77.187
X-Forwarded-Proto
https
Content-Length
86351
X-XSS-Protection
1; mode=block
Server
Apache
X-Content-Type
nosniff
REMOTE_ADDR
104.16.77.187
Last-Modified
Tue, 23 Aug 2016 15:01:10 GMT
X-Forwarded-Host
www.fbi.gov
Host
www.fbi.gov
Content-Type
application/javascript
Referer
https://www.fbi.gov
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
jquery.maskedinput.js
cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/jquery.maskedinput.js
Requested by
Host: singapost-sgx.is-an-accountant.com
URL: http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ef14a1e070a6a2ec9ff44ccf5e923cb2a460c5861a3db8a9ae1e21557d27020
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://singapost-sgx.is-an-accountant.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 06:12:22 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1068769
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
2306
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec3-284d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wwFgs7L0dKFhp%2FpSZWkbzyr3v8tV5%2Fys5XiwEslEq8%2BORY7EvyJC5PPEZEKRdPHSv4ibPSaf5xjrkZyHDc0IM2vysrG1dN5HHQICBMJcvOcYKYZTred1HAH4jt3HDBUn3WWxgCWheCZjkt9zNdEX1%2Fd0"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6bdd8519ad582fa5-FRA
expires
Mon, 05 Dec 2022 06:12:22 GMT
IqYoMlp7.jpg
pbs.twimg.com/profile_images/769109750520786944/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.twimg.com/profile_images/769109750520786944/IqYoMlp7.jpg
Requested by
Host: singapost-sgx.is-an-accountant.com
URL: http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6738) /
Resource Hash
2661fca844edd6d75e517beaad9b447098c6d355eda9a50bf1f8e348054ddbb2
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://singapost-sgx.is-an-accountant.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 06:12:22 GMT
x-content-type-options
nosniff
age
342544
x-cache
HIT
content-length
18136
x-response-time
116
surrogate-key
profile_images profile_images/bucket/7 profile_images/769109750520786944
last-modified
Fri, 26 Aug 2016 09:48:28 GMT
server
ECS (frb/6738)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
9c92519a4d1bbc127424957bdcc7107592046b87f08b51343da79f2b53596059
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
rp.png
singapost-sgx.is-an-accountant.com/sg/sg-post/assets/img/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://singapost-sgx.is-an-accountant.com/sg/sg-post/assets/img/rp.png
Requested by
Host: singapost-sgx.is-an-accountant.com
URL: http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
Protocol
HTTP/1.1
Server
165.22.66.0 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
whmback.duckdns.org
Software
Apache /
Resource Hash
23585145958c63dcf5e504dc76100493dbb02dab2f7f4bc695d601eccc684727
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 06:12:22 GMT
Origin
https://www.fbi.gov
Connection
keep-alive, Keep-Alive
X_FORWARDED_FOR
104.16.77.187
X-Forwarded-Proto
https
Content-Length
2876
X-XSS-Protection
1; mode=block
Server
Apache
X-Content-Type
nosniff
REMOTE_ADDR
104.16.77.187
Last-Modified
Fri, 01 Jan 2021 07:14:06 GMT
X-Forwarded-Host
www.fbi.gov
Host
www.fbi.gov
Content-Type
image/png
Referer
https://www.fbi.gov
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
carton-xl_0.png
www.singpost.com/sites/default/files/ 		38 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.singpost.com/sites/default/files/carton-xl_0.png
Requested by
Host: singapost-sgx.is-an-accountant.com
URL: http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:2213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e155919cbd9e6b7cd3d4f0ea9ebcb6b5a626f85d172b927b8edabcf364521f3e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://singapost-sgx.is-an-accountant.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 06:12:22 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
5178
content-length
38475
last-modified
Thu, 18 Nov 2021 02:49:50 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"964b-5d1073653ef80"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
User-Agent, Accept-Encoding
content-type
image/png
cache-control
public, max-age=1209600
accept-ranges
bytes
cf-ray
6bdd851a2c74c28b-FRA
expires
Wed, 29 Dec 2021 06:12:22 GMT
cccc.png
singapost-sgx.is-an-accountant.com/sg/sg-post/assets/img/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://singapost-sgx.is-an-accountant.com/sg/sg-post/assets/img/cccc.png
Requested by
Host: singapost-sgx.is-an-accountant.com
URL: http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
Protocol
HTTP/1.1
Server
165.22.66.0 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
whmback.duckdns.org
Software
Apache /
Resource Hash
76dc0f524b990f1a1dcb4e8fe32c0deeb5a4cd2402877250e5f29936e643ef0d
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 06:12:22 GMT
Origin
https://www.fbi.gov
Connection
keep-alive, Keep-Alive
X_FORWARDED_FOR
104.16.77.187
X-Forwarded-Proto
https
Content-Length
6932
X-XSS-Protection
1; mode=block
Server
Apache
X-Content-Type
nosniff
REMOTE_ADDR
104.16.77.187
Last-Modified
Wed, 23 Dec 2020 18:48:20 GMT
X-Forwarded-Host
www.fbi.gov
Host
www.fbi.gov
Content-Type
image/png
Referer
https://www.fbi.gov
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
crypt.png
singapost-sgx.is-an-accountant.com/sg/sg-post/assets/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://singapost-sgx.is-an-accountant.com/sg/sg-post/assets/img/crypt.png
Requested by
Host: singapost-sgx.is-an-accountant.com
URL: http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
Protocol
HTTP/1.1
Server
165.22.66.0 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
whmback.duckdns.org
Software
Apache /
Resource Hash
c6fc8dcbd9126717ca5e8d792c6dcdf5d7aa4823b2a0445d14db1fad8d0a8f90
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://singapost-sgx.is-an-accountant.com/sg/sg-post/d5405e6ea92c20c/payment.php?payment
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 06:12:22 GMT
Origin
https://www.fbi.gov
Connection
keep-alive, Keep-Alive
X_FORWARDED_FOR
104.16.77.187
X-Forwarded-Proto
https
Content-Length
1699
X-XSS-Protection
1; mode=block
Server
Apache
X-Content-Type
nosniff
REMOTE_ADDR
104.16.77.187
Last-Modified
Wed, 07 Jun 2017 00:31:48 GMT
X-Forwarded-Host
www.fbi.gov
Host
www.fbi.gov
Content-Type
image/png
Referer
https://www.fbi.gov
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
api.found.ee
URL
https://api.found.ee/dmp/fire/8a0c1f5c-42ad-4e6f-a2d6-9f28cb9b83b5?uid=&ne=true&ca=N&au=&de=http://singapost-sgx.is-an-accountant.com/sg/sg-post/&dl=https://found.ee/v8rzp&rl=&dt=found.ee&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Singapore Post (Transportation)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery function| type_carte function| handleExpInput

4 Cookies

Domain/Path Name / Value
singapost-sgx.is-an-accountant.com/ Name: PHPSESSID
Value: bfefd910ecbcfb19460a8f089cfd7df0
.adnxs.com/ Name: uuid2
Value: 741065367974922335
.adnxs.com/ Name: anj
Value: dTM7k!M4/8CxrEQF']wIg2H`eu[VJu!@wnf-Te9(>wL5L!!'*`$Rz0k
found.ee/ Name: cookieAcceptance
Value: N

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload