urlscan.io logo urlscan.io
SecurityTrails logo

aprilmarie21genesh.com Open in urlscan Pro
162.240.25.110  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://2215.suwandralampung.com/ji
Effective URL: https://aprilmarie21genesh.com/ship/SFTracking/?0=
Submission Tags: falconsandbox
Submission: On November 04 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 11 HTTP transactions. The main IP is 162.240.25.110, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is aprilmarie21genesh.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 3rd 2021. Valid for: 3 months.
This is the only time aprilmarie21genesh.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: SF Express (Transportation)

Domain & IP information

IP Address AS Autonomous System
2 2 209.126.86.114 40021 (CONTABO)
9 162.240.25.110 46606 (UNIFIEDLA...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 2606:4700::68... 13335 (CLOUDFLAR...)
11 3
Domain Requested by
9 aprilmarie21genesh.com aprilmarie21genesh.com
2 2215.suwandralampung.com 2 redirects
1 cdn.jsdelivr.net aprilmarie21genesh.com
1 code.jquery.com aprilmarie21genesh.com
11 4

This site contains no links.

Subject Issuer Validity Valid
aprilmarie21genesh.com
cPanel, Inc. Certification Authority		 2021-11-03 -
2022-02-01		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-03 -
2022-07-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://aprilmarie21genesh.com/ship/SFTracking/?0=
Frame ID: C03BCF53CD35E2E66B3218C063FF9817
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

顺丰速运

Page URL History Show full URLs

  1. http://2215.suwandralampung.com/ji HTTP 301
    http://2215.suwandralampung.com/ji/ HTTP 302
    https://aprilmarie21genesh.com/ship/SFTracking/?0= Page URL

Page Statistics

11
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

577 kB
Transfer

898 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://2215.suwandralampung.com/ji HTTP 301
    http://2215.suwandralampung.com/ji/ HTTP 302
    https://aprilmarie21genesh.com/ship/SFTracking/?0= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
aprilmarie21genesh.com/ship/SFTracking/
Redirect Chain
  • http://2215.suwandralampung.com/ji
  • http://2215.suwandralampung.com/ji/
  • https://aprilmarie21genesh.com/ship/SFTracking/?0=
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://aprilmarie21genesh.com/ship/SFTracking/?0=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.240.25.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.wingspanfund.com
Software
Apache /
Resource Hash
72bd75870f3185b82a3f5883c30c31d9ba72faf48e5a97db1de6914185c8a1b9

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Thu, 04 Nov 2021 06:34:38 GMT
Server
Apache
Content-Encoding
gzip
Vary
Accept-Encoding
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Connection
Keep-Alive
X-Powered-By
PHP/7.2.34
Location
https://aprilmarie21genesh.com/ship/SFTracking/?0=
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate, max-age=0
Expires
Thu, 04 Nov 2021 07:34:37 GMT
Content-Length
0
Date
Thu, 04 Nov 2021 06:34:37 GMT
jquery-1.11.3.js
code.jquery.com/ 		278 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-1.11.3.js
Requested by
Host: aprilmarie21genesh.com
URL: https://aprilmarie21genesh.com/ship/SFTracking/?0=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
2065aecca0fb9b0567358d352ed5f1ab72fce139bf449b4d09805f5d9c3725ed

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://aprilmarie21genesh.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 06:34:38 GMT
content-encoding
gzip
last-modified
Tue, 28 Apr 2015 16:20:58 GMT
server
nginx
etag
W/"553fb36a-456ea"
vary
Accept-Encoding
x-hw
1636007678.dop056.fr8.t,1636007678.cds284.fr8.hn,1636007678.cds280.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
84538
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/css/ 		150 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/css/bootstrap.min.css
Requested by
Host: aprilmarie21genesh.com
URL: https://aprilmarie21genesh.com/ship/SFTracking/?0=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0267260045096457f26914277f49eef5da5ec54ac6aee8579be4810332e518b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://aprilmarie21genesh.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 06:34:38 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
785303
x-jsd-version
5.0.0-beta1
x-cache
HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by
cache-fra19140-FRA
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"25617-q3SIoVyTmtfFSq15BDC3uaLXfq4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
6a8bd1589b45704b-FRA
coming-soon.min.css
aprilmarie21genesh.com/ship/SFTracking/css/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aprilmarie21genesh.com/ship/SFTracking/css/coming-soon.min.css
Requested by
Host: aprilmarie21genesh.com
URL: https://aprilmarie21genesh.com/ship/SFTracking/?0=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.240.25.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.wingspanfund.com
Software
Apache /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://aprilmarie21genesh.com/ship/SFTracking/?0=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 06:34:38 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
load.svg
aprilmarie21genesh.com/ship/SFTracking/img/ 		551 B
796 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aprilmarie21genesh.com/ship/SFTracking/img/load.svg
Requested by
Host: aprilmarie21genesh.com
URL: https://aprilmarie21genesh.com/ship/SFTracking/?0=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.240.25.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.wingspanfund.com
Software
Apache /
Resource Hash
04c1ebf43d13d96a2a40066f7991194291b23d68d8749de1cb60082dcd6abc41

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://aprilmarie21genesh.com/ship/SFTracking/?0=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 06:34:39 GMT
Last-Modified
Sat, 16 Jan 2021 17:42:14 GMT
Server
Apache
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
551
id.png
aprilmarie21genesh.com/ship/SFTracking/img/ 		68 KB
68 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aprilmarie21genesh.com/ship/SFTracking/img/id.png
Requested by
Host: aprilmarie21genesh.com
URL: https://aprilmarie21genesh.com/ship/SFTracking/?0=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.240.25.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.wingspanfund.com
Software
Apache /
Resource Hash
30554a7f660b20c5c8e0cdece06166d70848d19d668709bf8700d657e26e6024

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://aprilmarie21genesh.com/ship/SFTracking/?0=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 06:34:39 GMT
Last-Modified
Sat, 16 Jan 2021 15:30:24 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
69126
side.png
aprilmarie21genesh.com/ship/SFTracking/img/ 		61 KB
61 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aprilmarie21genesh.com/ship/SFTracking/img/side.png
Requested by
Host: aprilmarie21genesh.com
URL: https://aprilmarie21genesh.com/ship/SFTracking/?0=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.240.25.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.wingspanfund.com
Software
Apache /
Resource Hash
b6aa7a87368a36c428a10c5580ab5273d469d369ac95bd2cc9ad9ee32ccc5baa

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://aprilmarie21genesh.com/ship/SFTracking/?0=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 06:34:39 GMT
Last-Modified
Sat, 16 Jan 2021 17:20:48 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
62283
odui.png
aprilmarie21genesh.com/ship/SFTracking/img/ 		61 KB
61 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aprilmarie21genesh.com/ship/SFTracking/img/odui.png
Requested by
Host: aprilmarie21genesh.com
URL: https://aprilmarie21genesh.com/ship/SFTracking/?0=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.240.25.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.wingspanfund.com
Software
Apache /
Resource Hash
ea1a8763f6d07e40eaa0c00308e2d7a943e79e195b8637a110277e513d5befd4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://aprilmarie21genesh.com/ship/SFTracking/?0=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 06:34:39 GMT
Last-Modified
Sat, 16 Jan 2021 17:29:10 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
62126
down.jpg
aprilmarie21genesh.com/ship/SFTracking/img/ 		180 KB
180 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aprilmarie21genesh.com/ship/SFTracking/img/down.jpg
Requested by
Host: aprilmarie21genesh.com
URL: https://aprilmarie21genesh.com/ship/SFTracking/?0=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.240.25.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.wingspanfund.com
Software
Apache /
Resource Hash
480b487cf01b6ce8d3ab94cbfebeedcea5951e2a2e6f2e3aeee9c06a0bb96bc5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://aprilmarie21genesh.com/ship/SFTracking/?0=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 06:34:39 GMT
Last-Modified
Sat, 16 Jan 2021 15:34:18 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
184523
imp.png
aprilmarie21genesh.com/ship/SFTracking/img/ 		48 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aprilmarie21genesh.com/ship/SFTracking/img/imp.png
Requested by
Host: aprilmarie21genesh.com
URL: https://aprilmarie21genesh.com/ship/SFTracking/?0=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.240.25.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.wingspanfund.com
Software
Apache /
Resource Hash
7dff56c2e4fd60c7f2a24d123a935cedaae1f2225176bbfd9f371f8d50f97762

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://aprilmarie21genesh.com/ship/SFTracking/?0=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 06:34:39 GMT
Last-Modified
Sat, 16 Jan 2021 17:13:08 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
49651
inp.png
aprilmarie21genesh.com/ship/SFTracking/img/ 		48 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aprilmarie21genesh.com/ship/SFTracking/img/inp.png
Requested by
Host: aprilmarie21genesh.com
URL: https://aprilmarie21genesh.com/ship/SFTracking/?0=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.240.25.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.wingspanfund.com
Software
Apache /
Resource Hash
13b63b46b6875b1d2e2f32bd07b5599f2075cbb34c988ced0c63d3011baf5f0a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://aprilmarie21genesh.com/ship/SFTracking/?0=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 06:34:39 GMT
Last-Modified
Sat, 16 Jan 2021 17:14:24 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
49601

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: SF Express (Transportation)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery object| jQuery111302411825598235442

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://aprilmarie21genesh.com/ship/SFTracking/css/coming-soon.min.css
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)