safeserversservices.com
Open in
urlscan Pro
172.105.80.207
Malicious Activity!
Public Scan
Effective URL: https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxff...
Submission: On May 17 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by R3 on April 21st 2021. Valid for: 3 months.
This is the only time safeserversservices.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Canada Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 142.93.236.13 142.93.236.13 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
1 2 | 108.61.189.90 108.61.189.90 | 20473 (AS-CHOOPA) (AS-CHOOPA) | |
5 | 172.105.80.207 172.105.80.207 | 63949 (LINODE-AP...) (LINODE-AP Linode) | |
2 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6810:7eaf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6810:125e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:82f::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:f48:2000... 2a00:f48:2000:1023::3 | 47447 (TTM) (TTM) | |
2 | 2a00:1450:400... 2a00:1450:4001:82b::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 185.59.220.194 185.59.220.194 | 60068 (CDN77 (^_^)/) (CDN77 (^_^)/) | |
18 | 9 |
ASN20473 (AS-CHOOPA, US)
PTR: 108.61.189.90.vultr.com
herelikenicetrck.com |
ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li2041-207.members.linode.com
safeserversservices.com |
ASN60068 (CDN77 (^_^)/, GB)
PTR: unn-185-59-220-194.datapacket.com
cdn.perpello.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
safeserversservices.com
safeserversservices.com |
80 KB |
2 |
gstatic.com
fonts.gstatic.com |
31 KB |
2 |
aws-cdn.net
tier1.aws-cdn.net |
36 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com |
90 KB |
2 |
unpkg.com
unpkg.com |
5 KB |
2 |
bootstrapcdn.com
stackpath.bootstrapcdn.com |
36 KB |
2 |
herelikenicetrck.com
1 redirects
herelikenicetrck.com |
2 KB |
1 |
perpello.io
cdn.perpello.io |
3 KB |
1 |
googleapis.com
fonts.googleapis.com |
729 B |
1 |
capostalsecure.com
1 redirects
karlje2.capostalsecure.com |
439 B |
18 | 10 |
Domain | Requested by | |
---|---|---|
5 | safeserversservices.com |
safeserversservices.com
|
2 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | tier1.aws-cdn.net |
safeserversservices.com
tier1.aws-cdn.net |
2 | cdnjs.cloudflare.com |
safeserversservices.com
cdnjs.cloudflare.com |
2 | unpkg.com |
safeserversservices.com
|
2 | stackpath.bootstrapcdn.com |
safeserversservices.com
|
2 | herelikenicetrck.com | 1 redirects |
1 | cdn.perpello.io |
tier1.aws-cdn.net
|
1 | fonts.googleapis.com |
safeserversservices.com
|
1 | karlje2.capostalsecure.com | 1 redirects |
18 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
herelikenicetrck.com R3 |
2021-05-11 - 2021-08-09 |
3 months | crt.sh |
safeserversservices.com R3 |
2021-04-21 - 2021-07-20 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-03-01 - 2022-02-28 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-04-13 - 2021-07-06 |
3 months | crt.sh |
tier1.aws-cdn.net R3 |
2021-05-06 - 2021-08-04 |
3 months | crt.sh |
*.google.com GTS CA 1O1 |
2021-04-13 - 2021-07-06 |
3 months | crt.sh |
cdn.perpello.io R3 |
2021-05-11 - 2021-08-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Frame ID: E125261550237CC176E1E50ECFAD908A
Requests: 18 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://karlje2.capostalsecure.com/
HTTP 302
https://herelikenicetrck.com/?flux_fts=tzlzaaxcaalppqxzoipeaplaoxaxqiczttzccc226e6&fname=Ayo&lname=Ogunba... HTTP 307
https://herelikenicetrck.com/go/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=105... Page URL
- https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=105099... Page URL
Detected technologies
Lua (Programming Languages) ExpandDetected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
OpenResty (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://karlje2.capostalsecure.com/
HTTP 302
https://herelikenicetrck.com/?flux_fts=tzlzaaxcaalppqxzoipeaplaoxaxqiczttzccc226e6&fname=Ayo&lname=Ogunbade&email=adeade5050@yahoo.com&server=capostalsecure.com&mx=yahoo&do=DI&survey=&ses=142&campaign=139198&male=&female=&lander=&number=&category=6 HTTP 307
https://herelikenicetrck.com/go/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich Page URL
- https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://karlje2.capostalsecure.com/ HTTP 302
- https://herelikenicetrck.com/?flux_fts=tzlzaaxcaalppqxzoipeaplaoxaxqiczttzccc226e6&fname=Ayo&lname=Ogunbade&email=adeade5050@yahoo.com&server=capostalsecure.com&mx=yahoo&do=DI&survey=&ses=142&campaign=139198&male=&female=&lander=&number=&category=6 HTTP 307
- https://herelikenicetrck.com/go/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
index.html
herelikenicetrck.com/go/ca/ttcapost/ Redirect Chain
|
834 B 937 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
index.html
safeserversservices.com/ca/ttcapost/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/ |
157 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pure-min.css
unpkg.com/purecss@1.0.0/build/ |
16 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
grids-responsive-min.css
unpkg.com/purecss@1.0.0/build/ |
8 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/ |
58 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
4 KB 729 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
custom.css
safeserversservices.com/ca/ttcapost/css/ |
6 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
safeserversservices.com/ca/ttcapost/img/ |
12 KB 12 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
security-seals-bw.png
safeserversservices.com/ca/ttcapost/img/ |
53 KB 53 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.0.min.js
tier1.aws-cdn.net/jquery/ |
89 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/ |
59 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.min.js
safeserversservices.com/ca/ttcapost/js/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/ |
78 KB 79 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
tier1.aws-cdn.net/jquery/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
perpello.js
cdn.perpello.io/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Canada Post (Transportation)41 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| a124a_0x64b8 function| a124a_0x3c53 function| a124a_0x3dcae7 function| a124a_0x2e541b function| $ function| jQuery object| bootstrap function| load function| getUrlParameter object| d number| year string| lpdomain string| ffurl string| ffdomain string| host string| fname string| lname string| city string| session string| fluxf string| fluxffn function| loading function| hideShow function| Action function| ActionRedirect function| ActionUpdate function| OSRedirect function| getUrlVariable string| perpellourl object| Perpello0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.perpello.io
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
herelikenicetrck.com
karlje2.capostalsecure.com
safeserversservices.com
stackpath.bootstrapcdn.com
tier1.aws-cdn.net
unpkg.com
108.61.189.90
142.93.236.13
172.105.80.207
185.59.220.194
2606:4700::6810:125e
2606:4700::6810:7eaf
2606:4700::6812:bcf
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::200a
2a00:f48:2000:1023::3
0334dd97236be16e5a0ce82e2ceb4f1efccfcc3e74b36b6e8900b31234688a32
097942d22775f7512c75f379d4b361b2d5474bee0f8ec8aa8155caae08282d78
09d091c65f50bbc5722438e8debe3ba18cf1c30599253c80b2fc376dd4880ca1
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
308a3d52ae3ea3e94c720a85dabb2cc5da3220bcd1fedfea04537c38ee73c20c
434cc2ad4b3621f5d6631d2e30a25f1bddc2bc5ea8548236d70698b00578ffc4
4c6ebb42fa0054b863ddc446a470c22b36d7440a0571cfae5023973aaed2ba0a
58843d446a4ac9176eb66d66bbc1788cd32ab4298a7df10d7926b51b38b0ed51
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
62a9e74bf710eef13b81f56375fc7e24c8b91050fa9ba66a75e9a3f35aece8f5
6eb234f51e4578d93379be744cb10392b2757fe77a582e4e812f0e5718fa5cea
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
93bfe5cd98a2389220aeb8615aa43e257e70d89e596fe7e5dc73d454a09be0eb
9c214017962f2b403ee2f8a0dd51333b467aa3f082c5fc93fdb86f0b3d90a19b
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999
e467e89a41e68909313eef448847f3446650158fb5d046295fea70fd7d776b87