ttl-eg.com Open in urlscan Pro
173.212.254.65 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc
Submission: On August 27 via automatic, source openphish (August 27th 2018, 6:58:44 pm UTC)

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 2 domains to perform 15 HTTP transactions. The main IP is 173.212.254.65, located in Germany and belongs to CONTABO, DE. The main domain is ttl-eg.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 27th 2018. Valid for: 3 months.

This is the only time ttl-eg.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ali Express (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	173.212.254.65 173.212.254.65	51167 (CONTABO) (CONTABO)
9	104.111.216.213 104.111.216.213	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
4	213.244.178.240 213.244.178.240	3356 (LEVEL3) (LEVEL3 - Level 3 Parent)
15	4

2 173.212.254.65 (Germany)

ASN51167 (CONTABO, DE)
PTR: awsites.com

ttl-eg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.111.216.213 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-216-213.deploy.static.akamaitechnologies.com

i.alicdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.alicdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.244.178.240 (United Kingdom)

ASN3356 (LEVEL3 - Level 3 Parent, LLC, US)

g.alicdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
at.alicdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	alicdn.com i.alicdn.com assets.alicdn.com g.alicdn.com at.alicdn.com	147 KB
2	ttl-eg.com ttl-eg.com	23 KB
15	2

	Domain	Requested by
8	i.alicdn.com	ttl-eg.com
3	g.alicdn.com	ttl-eg.com
2	ttl-eg.com	ttl-eg.com
1	at.alicdn.com	ttl-eg.com
1	assets.alicdn.com	ttl-eg.com
15	5

This site contains no links.

Subject Issuer	Validity	Valid
ttl-eg.com cPanel, Inc. Certification Authority	`2018-07-27` - `2018-10-25`	3 months	crt.sh
ru.aliexpress.com DigiCert ECC Secure Server CA	`2018-05-28` - `2019-04-10`	10 months	crt.sh
*.alicdn.com GlobalSign Organization Validation CA - SHA256 - G2	`2018-02-28` - `2018-10-17`	8 months	crt.sh

This page contains 1 frames:

Primary Page: https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc
Frame ID: 7F070ED561E7E71AF412373BA89EC88C
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

5
Subdomains

4
IPs

3
Countries

170 kB
Transfer

408 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request details.php Show response ttl-eg.com/wp-content/updat/alixacz/	13 KB 13 KB	88ms 87ms	Document text/html	173.212.254.65 CONTABO
General Check archive.org Show headers Download Go to Full URL https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 173.212.254.65 , Germany, ASN51167 (CONTABO, DE), Reverse DNS awsites.com Software Apache / Resource Hash `0f8b7bec9f60b52cd5b8b3d042deef4f737b724141a63a36a5c21f9e875a17b7` Request headers Host ttl-eg.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 7F070ED561E7E71AF412373BA89EC88C Response headers Date Mon, 27 Aug 2018 18:58:34 GMT Server Apache Keep-Alive timeout=5, max=98 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET S	200	/ i.alicdn.com/ae-login/login/	36 KB 9 KB	18ms 16ms	Stylesheet text/css	104.111.216.213 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://i.alicdn.com/ae-login/login/??buyerlogin.c5e9b325.css Requested by Host: ttl-eg.com URL: https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc Protocol SPDY Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.111.216.213 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a104-111-216-213.deploy.static.akamaitechnologies.com Software Tengine / Resource Hash `0323a8b351dcfcfca553ec4354acc937447d87a32d05d826dc6326fd14701c76` Request headers Referer https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 27 Aug 2018 18:58:34 GMT content-encoding gzip fw_ip 104.111.216.213 status 200 content-length 8709 last-modified Tue, 27 Feb 2018 09:47:32 GMT server Tengine vary Accept-Encoding content-type text/css access-control-allow-origin * access-control-expose-headers FW_IP cache-control max-age=27285285 served-from 2.22.50.182 timing-allow-origin , network_info DE_FRANKFURT_24940 expires Tue, 09 Jul 2019 14:13:19 GMT
GET S	200	/ i.alicdn.com/sc-isle/	1 B 298 B	20ms 18ms	Stylesheet text/css	104.111.216.213 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://i.alicdn.com/sc-isle/??common.00000000.css Requested by Host: ttl-eg.com URL: https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc Protocol SPDY Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.111.216.213 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a104-111-216-213.deploy.static.akamaitechnologies.com Software Tengine / Resource Hash `01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b` Request headers Referer https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 27 Aug 2018 18:58:34 GMT content-encoding gzip fw_ip 104.111.216.213 status 200 content-length 21 last-modified Thu, 22 Sep 2016 06:30:39 GMT server Tengine vary Accept-Encoding content-type text/css access-control-allow-origin * access-control-expose-headers FW_IP cache-control max-age=11738356 served-from 2.16.187.31 timing-allow-origin * network_info DE_FRANKFURT_24940 expires Thu, 10 Jan 2019 15:37:50 GMT
GET S	200	/ i.alicdn.com/sc-header/20150921135500/dist/	72 KB 12 KB	37ms 35ms	Stylesheet text/css	104.111.216.213 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://i.alicdn.com/sc-header/20150921135500/dist/??header.css?t=814958 Requested by Host: ttl-eg.com URL: https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc Protocol SPDY Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.111.216.213 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a104-111-216-213.deploy.static.akamaitechnologies.com Software Tengine / Resource Hash `2f4ae956c27cebeb5f68eb9eb1098224d2b8d1946f330fc146c07ee9a6e609ad` Request headers Referer https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 27 Aug 2018 18:58:34 GMT content-encoding gzip fw_ip 104.111.216.213 status 200 content-length 12140 last-modified Mon, 21 Sep 2015 05:55:01 GMT server Tengine vary Accept-Encoding content-type text/css access-control-allow-origin * access-control-expose-headers FW_IP cache-control max-age=26155519 served-from 2.16.187.6 timing-allow-origin * network_info DE_FRANKFURT_24940 expires Wed, 26 Jun 2019 12:23:53 GMT
GET S	200	/ Show response i.alicdn.com/sc-isle/	137 KB 46 KB	41ms 39ms	Script application/javascript	104.111.216.213 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://i.alicdn.com/sc-isle/??loader.1ab001e3.js Requested by Host: ttl-eg.com URL: https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc Protocol SPDY Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.111.216.213 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a104-111-216-213.deploy.static.akamaitechnologies.com Software Tengine / Resource Hash `b030696b45adad88f512bef1cfbb220b8767885da3c1adf45f44c40838fa6369` Request headers Referer https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 27 Aug 2018 18:58:34 GMT content-encoding gzip fw_ip 104.111.216.213 status 200 content-length 46601 last-modified Mon, 11 Apr 2016 01:53:02 GMT server Tengine vary Accept-Encoding content-type application/javascript access-control-allow-origin * access-control-expose-headers FW_IP cache-control max-age=30056692 served-from 2.22.50.247 timing-allow-origin , network_info DE_FRANKFURT_24940 expires Sat, 10 Aug 2019 16:03:26 GMT
GET S	200	global-min.css assets.alicdn.com/g/tb/global/	27 KB 7 KB	48ms 47ms	Stylesheet text/css	104.111.216.213 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://assets.alicdn.com/g/tb/global/global-min.css Requested by Host: ttl-eg.com URL: https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc Protocol SPDY Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.111.216.213 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a104-111-216-213.deploy.static.akamaitechnologies.com Software Tengine / Resource Hash `630ea44c8896e26935be4f98e0d0cde0bb508668e1c2987166f748a8aee3acde` Request headers Referer https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 27 Aug 2018 18:58:34 GMT content-encoding gzip x-oss-request-id 5B64F3A714D5E9EB45E69268 content-md5 LaY8UTUztdS5XNGS/ubGuA== status 200 content-length 6557 x-oss-object-type Normal server Tengine vary Accept-Encoding content-type text/css access-control-allow-origin * cache-control max-age=538206, s-maxage=3600 served-from 2.16.187.6 x-oss-storage-class Standard timing-allow-origin * network_info DE_FRANKFURT_24940 x-oss-server-time 3 expires Mon, 03 Sep 2018 00:28:40 GMT
GET S	200	/ g.alicdn.com//vip/register/2.8.9/xcommon/css/	10 KB 4 KB	14ms 13ms	Stylesheet text/css	213.244.178.240 Level 3 Parent
General Check archive.org Show headers Download Go to Full URL https://g.alicdn.com//vip/register/2.8.9/xcommon/css/??base.css,form.css,btn.css,dialog.css,msg.css,responsive.css?t=201404171640 Requested by Host: ttl-eg.com URL: https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 213.244.178.240 , United Kingdom, ASN3356 (LEVEL3 - Level 3 Parent, LLC, US), Reverse DNS Software Tengine / Resource Hash `fe3f1f75ec1843494db6e165ca6ae0316db33432ba7c56e14d58edb664858fdd` Request headers Referer https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 27 Aug 2018 18:58:29 GMT content-encoding gzip x-oss-request-id 5B8449D509B875AE28D7CC35 content-md5 toYALXZ1SY7s2vTn0sULfg== age 5 x-cache HIT TCP_MEM_HIT dirn:-2:-2 mlen:-1 status 200 x-swift-cachetime 3600 x-swift-savetime Mon, 27 Aug 2018 18:58:29 GMT content-length 3741 x-oss-object-type Normal access-control-allow-origin * server Tengine vary Accept-Encoding content-type text/css via cache49.l2de1[226,200-0,M], cache13.l2de1[227,0], cache1.nl1[0,200-0,H], cache7.nl1[1,0] cache-control max-age=2592000,s-maxage=3600 x-oss-storage-class Standard timing-allow-origin * eagleid d5f4b28715353963143868670e x-oss-server-time 16
GET S	200	nc.css g.alicdn.com/sd/ncpc/	13 KB 4 KB	15ms 13ms	Stylesheet text/css	213.244.178.240 Level 3 Parent
General Check archive.org Show headers Download Go to Full URL https://g.alicdn.com/sd/ncpc/nc.css?t=2016062600 Requested by Host: ttl-eg.com URL: https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 213.244.178.240 , United Kingdom, ASN3356 (LEVEL3 - Level 3 Parent, LLC, US), Reverse DNS Software Tengine / Resource Hash `7b415ad0298d877243ffeb4d88b358387460346b817297e4686f5ed2ff45b5b6` Request headers Referer https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 27 Aug 2018 18:58:29 GMT content-encoding gzip x-oss-request-id 5B8449D54564C42EFE68F698 content-md5 Mr9GwosglBFTycm6qjIGOw== age 5 x-cache HIT TCP_MEM_HIT dirn:-2:-2 mlen:-1 status 200 x-swift-cachetime 3600 x-swift-savetime Mon, 27 Aug 2018 18:58:29 GMT content-length 3815 x-oss-object-type Normal access-control-allow-origin * server Tengine vary Accept-Encoding content-type text/css via cache2.l2de1[195,200-0,M], cache7.l2de1[196,0], cache4.nl1[0,200-0,H], cache7.nl1[0,0] cache-control max-age=3600,s-maxage=3600 x-oss-storage-class Standard timing-allow-origin * x-oss-hash-crc64ecma 9398947675609427353 eagleid d5f4b28715353963143878671e x-oss-server-time 1
GET S	200	havana.2d4a8439.css i.alicdn.com/sc-isle/register/css/	42 KB 28 KB	47ms 46ms	Stylesheet text/css	104.111.216.213 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://i.alicdn.com/sc-isle/register/css/havana.2d4a8439.css Requested by Host: ttl-eg.com URL: https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc Protocol SPDY Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.111.216.213 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a104-111-216-213.deploy.static.akamaitechnologies.com Software Tengine / Resource Hash `7b5ef210b473ddd882bdbf7273c5554fc3d8bb0e9eca04423bba9df516390d0e` Request headers Referer https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 27 Aug 2018 18:58:34 GMT content-encoding gzip fw_ip 104.111.216.213 status 200 content-length 28668 last-modified Fri, 03 Nov 2017 04:32:12 GMT server Tengine vary Accept-Encoding content-type text/css access-control-allow-origin * access-control-expose-headers FW_IP cache-control max-age=20098365 served-from 2.20.138.61 timing-allow-origin * network_info DE_FRANKFURT_24940 expires Wed, 17 Apr 2019 09:51:19 GMT
GET S	200	lang_en.css g.alicdn.com//vip/register/2.8.9/xcommon/css/	125 B 307 B	15ms 14ms	Stylesheet text/css	213.244.178.240 Level 3 Parent
General Check archive.org Show headers Download Go to Full URL https://g.alicdn.com//vip/register/2.8.9/xcommon/css/lang_en.css Requested by Host: ttl-eg.com URL: https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 213.244.178.240 , United Kingdom, ASN3356 (LEVEL3 - Level 3 Parent, LLC, US), Reverse DNS Software Tengine / Resource Hash `99fbafb5f5a59329d3dd90dfe5210b38b94f1e3899db72c1481f73b261c09004` Request headers Referer https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 27 Aug 2018 18:12:26 GMT via cache39.l2de1[213,200-0,M], cache34.l2de1[214,0], cache4.nl1[0,200-0,H], cache7.nl1[0,0] x-oss-request-id 5B843F0A4564C42EFE643A93 content-md5 KZ6RueMh71Jrh74Bzx6Mew== age 2768 x-cache HIT TCP_MEM_HIT dirn:0:277176052 mlen:-1 status 200 x-swift-cachetime 3600 x-swift-savetime Mon, 27 Aug 2018 18:12:26 GMT content-length 125 x-oss-object-type Normal server Tengine content-type text/css access-control-allow-origin * cache-control max-age=2592000,s-maxage=3600 x-oss-storage-class Standard accept-ranges bytes timing-allow-origin * eagleid d5f4b28715353963143878672e x-oss-server-time 7
GET S	200	/ i.alicdn.com/sc-isle/register/css/	484 B 542 B	47ms 47ms	Stylesheet text/css	104.111.216.213 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://i.alicdn.com/sc-isle/register/css/??common.fa56f68d.css Requested by Host: ttl-eg.com URL: https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc Protocol SPDY Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.111.216.213 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a104-111-216-213.deploy.static.akamaitechnologies.com Software Tengine / Resource Hash `2b83d120775a662cf2b19266ec8d2b1abfb41e7e65ee8b197cd64c86ed3f8c63` Request headers Referer https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 27 Aug 2018 18:58:34 GMT content-encoding gzip fw_ip 104.111.216.213 status 200 content-length 265 last-modified Mon, 21 Nov 2016 12:27:20 GMT server Tengine vary Accept-Encoding content-type text/css access-control-allow-origin * access-control-expose-headers FW_IP cache-control max-age=4257089 served-from 2.16.187.6 timing-allow-origin * network_info DE_FRANKFURT_24940 expires Tue, 16 Oct 2018 01:30:03 GMT
GET H/1.1	200 OK	footer.png ttl-eg.com/wp-content/updat/alixacz/images/	9 KB 10 KB	17ms 16ms	Image image/png	173.212.254.65 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://ttl-eg.com/wp-content/updat/alixacz/images/footer.png Requested by Host: ttl-eg.com URL: https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 173.212.254.65 , Germany, ASN51167 (CONTABO, DE), Reverse DNS awsites.com Software Apache / Resource Hash `e4755f4a51653a02b0c33ffd21a86e91829268a72b0c7342d66d1c9c3fde627f` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host ttl-eg.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc Connection keep-alive Cache-Control no-cache Referer https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 27 Aug 2018 18:58:34 GMT Last-Modified Mon, 09 Apr 2018 15:00:48 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 9522
GET S	200	step.92ce906a.png i.alicdn.com/sc-isle/register/img/	1 KB 1 KB	18ms 18ms	Image image/png	104.111.216.213 Akamai Technologies
General Check archive.org Show headers Download Go to Show image Full URL https://i.alicdn.com/sc-isle/register/img/step.92ce906a.png Requested by Host: ttl-eg.com URL: https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc Protocol SPDY Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.111.216.213 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a104-111-216-213.deploy.static.akamaitechnologies.com Software Tengine / Resource Hash `f27383e4c87af993ceb8c790eefc91a1242212173456062e8a159195d2ac8d48` Request headers Referer https://i.alicdn.com/sc-isle/register/css/havana.2d4a8439.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 27 Aug 2018 18:58:34 GMT last-modified Mon, 21 Nov 2016 12:27:20 GMT server Tengine fw_ip 104.111.216.213 status 200 content-type image/png access-control-allow-origin * access-control-expose-headers FW_IP cache-control max-age=5643945 served-from 2.22.50.183 timing-allow-origin * network_info DE_FRANKFURT_24940 content-length 1064 expires Thu, 01 Nov 2018 02:44:19 GMT
GET S	200	login-image.0c7229fb.png i.alicdn.com/ae-login/images/	28 KB 28 KB	8ms 8ms	Image image/png	104.111.216.213 Akamai Technologies
General Check archive.org Show headers Download Go to Show image Full URL https://i.alicdn.com/ae-login/images/login-image.0c7229fb.png Requested by Host: ttl-eg.com URL: https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc Protocol SPDY Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.111.216.213 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a104-111-216-213.deploy.static.akamaitechnologies.com Software Tengine / Resource Hash `df70362d28184e54e58588ab08b1214d0c1bf6bb1852eadd66082133b5bba5b2` Request headers Referer https://i.alicdn.com/ae-login/login/??buyerlogin.c5e9b325.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 27 Aug 2018 18:58:34 GMT last-modified Tue, 27 Feb 2018 09:47:32 GMT server Tengine fw_ip 104.111.216.213 status 200 content-type image/png access-control-allow-origin * access-control-expose-headers FW_IP cache-control max-age=17148649 served-from 2.16.187.6 timing-allow-origin * network_info DE_FRANKFURT_24940 content-length 28386 expires Thu, 14 Mar 2019 06:29:23 GMT
GET S	200	font_1408947319_9759417.woff at.alicdn.com/t/	7 KB 7 KB	13ms 13ms	Font application/octet-stream	213.244.178.240 Level 3 Parent
General Check archive.org Show headers Download Go to Full URL https://at.alicdn.com/t/font_1408947319_9759417.woff Requested by Host: ttl-eg.com URL: https://ttl-eg.com/wp-content/updat/alixacz/details.php?Step1_aliexpress-update=df4cc48c24121eeede7ae5585f4692fb34fc Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 213.244.178.240 , United Kingdom, ASN3356 (LEVEL3 - Level 3 Parent, LLC, US), Reverse DNS Software Tengine / Resource Hash `66826c770b29f5802cb7a0c95e9ec303b1154d6a8261ac0c745612b230caa9ab` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://g.alicdn.com//vip/register/2.8.9/xcommon/css/??base.css,form.css,btn.css,dialog.css,msg.css,responsive.css?t=201404171640 Origin https://ttl-eg.com Response headers date Sat, 05 May 2018 02:05:25 GMT via cache56.l2de1[0,200-0,H], cache46.l2de1[1,0], cache6.nl1[0,200-0,H], cache6.nl1[0,0] x-oss-request-id 5AED1165A9F0156E1B371C3B age 9910389 x-cache HIT TCP_MEM_HIT dirn:4:462049943 mlen:-1 status 200 x-oss-bucket-storage-type standard x-swift-cachetime 22596531 x-swift-savetime Thu, 16 Aug 2018 19:16:34 GMT content-length 7212 x-oss-object-type Normal last-modified Mon, 25 Aug 2014 06:15:20 GMT server Tengine etag "6263B6510067A6374C30B3B5F3C3212A" content-type application/octet-stream access-control-allow-origin * cache-control max-age=31557600 x-oss-storage-class Standard accept-ranges bytes timing-allow-origin * eagleid d5f4b28615353963144768157e
GET DATA	200 OK	truncated /	13 KB 0		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2d303e5e7d94da2b21df48b7b62b6d10b2e5b434da6848c15f35c6e517b9d7bd` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Origin https://ttl-eg.com Response headers Access-Control-Allow-Origin * Content-Type application/x-font-woff;charset=utf-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ali Express (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://i.alicdn.com/sc-isle/??loader.1ab001e3.js(Line 5) Message: Gdata 已不推荐使用，请大家使用全局变量替代！
console-api	log	URL: https://i.alicdn.com/sc-isle/??loader.1ab001e3.js(Line 5) Message: Gdata 已不推荐使用，请大家使用全局变量替代！
console-api	log	URL: https://i.alicdn.com/sc-isle/??loader.1ab001e3.js(Line 5) Message: Gdata 已不推荐使用，请大家使用全局变量替代！
console-api	log	URL: https://i.alicdn.com/sc-isle/??loader.1ab001e3.js(Line 5) Message: Gdata 已不推荐使用，请大家使用全局变量替代！
console-api	log	URL: https://i.alicdn.com/sc-isle/??loader.1ab001e3.js(Line 5) Message: Gdata 已不推荐使用，请大家使用全局变量替代！

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.alicdn.com
at.alicdn.com
g.alicdn.com
i.alicdn.com
ttl-eg.com
104.111.216.213
173.212.254.65
213.244.178.240
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
0323a8b351dcfcfca553ec4354acc937447d87a32d05d826dc6326fd14701c76
0f8b7bec9f60b52cd5b8b3d042deef4f737b724141a63a36a5c21f9e875a17b7
2b83d120775a662cf2b19266ec8d2b1abfb41e7e65ee8b197cd64c86ed3f8c63
2d303e5e7d94da2b21df48b7b62b6d10b2e5b434da6848c15f35c6e517b9d7bd
2f4ae956c27cebeb5f68eb9eb1098224d2b8d1946f330fc146c07ee9a6e609ad
630ea44c8896e26935be4f98e0d0cde0bb508668e1c2987166f748a8aee3acde
66826c770b29f5802cb7a0c95e9ec303b1154d6a8261ac0c745612b230caa9ab
7b415ad0298d877243ffeb4d88b358387460346b817297e4686f5ed2ff45b5b6
7b5ef210b473ddd882bdbf7273c5554fc3d8bb0e9eca04423bba9df516390d0e
99fbafb5f5a59329d3dd90dfe5210b38b94f1e3899db72c1481f73b261c09004
b030696b45adad88f512bef1cfbb220b8767885da3c1adf45f44c40838fa6369
df70362d28184e54e58588ab08b1214d0c1bf6bb1852eadd66082133b5bba5b2
e4755f4a51653a02b0c33ffd21a86e91829268a72b0c7342d66d1c9c3fde627f
f27383e4c87af993ceb8c790eefc91a1242212173456062e8a159195d2ac8d48
fe3f1f75ec1843494db6e165ca6ae0316db33432ba7c56e14d58edb664858fdd

ttl-eg.com Open in urlscan Pro 173.212.254.65 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

0 %IPv6

2 Domains

5 Subdomains

4 IPs

3 Countries

170 kBTransfer

408 kBSize

0 Cookies

0 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

5 Console Messages

Indicators

ttl-eg.com Open in urlscan Pro
173.212.254.65 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

5
Subdomains

4
IPs

3
Countries

170 kB
Transfer

408 kB
Size

0
Cookies

15 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!