maerskvip.vc Open in urlscan Pro
47.246.23.164 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://maerskvip.vc/
Effective URL:
https://maerskvip.vc/index/login/index.html
Submission: On March 29 via manual (March 29th 2023, 12:20:30 pm UTC) from CA — Scanned from CA

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 47.246.23.164, located in United States and belongs to TAOBAO Zhejiang Taobao Network Co.,Ltd, CN. The main domain is maerskvip.vc.
TLS certificate: Issued by Certum Domain Validation CA SHA2 on February 22nd 2023. Valid for: a year.

This is the only time maerskvip.vc was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Maersk (Transportation)

Domain & IP information

	IP Address		AS Autonomous System
2 10	47.246.23.164 47.246.23.164		24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.)
8	2

10 47.246.23.164 (United States) 2 redirects

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)

maerskvip.vc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	maerskvip.vc 2 redirects maerskvip.vc	687 KB
8	1

	Domain	Requested by
10	maerskvip.vc	2 redirects maerskvip.vc
8	1

This site contains no links.

Subject Issuer	Validity	Valid
maerskvip.vc Certum Domain Validation CA SHA2	`2023-02-22` - `2024-03-22`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://maerskvip.vc/index/login/index.html
Frame ID: 3C87EC15EC03B8E3399EF63DBBD396A7
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

A.P. Moller - Maersk Group

Page URL History Show full URLs

http://maerskvip.vc/ HTTP 301
https://maerskvip.vc/ HTTP 302
https://maerskvip.vc/index/login/index.html Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

686 kB
Transfer

712 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://maerskvip.vc/ HTTP 301
https://maerskvip.vc/ HTTP 302
https://maerskvip.vc/index/login/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request index.html Show response
maerskvip.vc/index/login/
Redirect Chain

http://maerskvip.vc/
https://maerskvip.vc/
https://maerskvip.vc/index/login/index.html

33 KB
10 KB

168ms
168ms

Document
text/html

47.246.23.164
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL

https://maerskvip.vc/index/login/index.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

47.246.23.164 , United States, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),

Reverse DNS

Software

Tengine / PHP/7.4.30

Resource Hash

b8008eb8d82cfea22256d35a342e83f6840a95ab67017f2de64d471a3bedb967

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 29 Mar 2023 12:20:25 GMT
eagleid: 2ff6179d16800924249321585e
server: Tengine
strict-transport-security: max-age=5184000
timing-allow-origin: *
vary: Accept-Encoding
via: cache16.l2ot7-1[84,0], cache9.us10[86,0]
x-powered-by: PHP/7.4.30

Redirect headers

cache-control: no-cache,must-revalidate
content-type: text/html; charset=utf-8
date: Wed, 29 Mar 2023 12:20:24 GMT
eagleid: 2ff6179d16800924247671198e
location: /index/login/index.html
server: Tengine
strict-transport-security: max-age=5184000
timing-allow-origin: *
via: cache14.l2ot7-1[77,0], cache9.us10[78,0]
x-powered-by: PHP/7.4.30

GET
H2 200 style.css
maerskvip.vc/static/index/css/ 46 KB
46 KB 86ms
84ms Stylesheet
text/css 47.246.23.164
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL

https://maerskvip.vc/static/index/css/style.css?v=1680092424

Requested by

Host: maerskvip.vc
URL: https://maerskvip.vc/index/login/index.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

47.246.23.164 , United States, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),

Reverse DNS

Software

Tengine /

Resource Hash

d442a7c24d28092ce0747e6044da50141ca16fa5292bab04d68a9bbed08016c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://maerskvip.vc/index/login/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=5184000
date: Wed, 29 Mar 2023 12:20:25 GMT
via: cache14.l2ot7-1[1,0], cache9.us10[2,0]
last-modified: Tue, 28 Mar 2023 13:58:17 GMT
server: Tengine
etag: "6422f279-b67f"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
accept-ranges: bytes
timing-allow-origin: *
content-length: 46719
eagleid: 2ff6179d16800924251081908e
expires: Thu, 30 Mar 2023 00:20:25 GMT

GET
H2 200 jquery-3.2.1.js Show response
maerskvip.vc/static/index/js/ 272 KB
272 KB 167ms
165ms Script
application/javascript 47.246.23.164
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL

https://maerskvip.vc/static/index/js/jquery-3.2.1.js

Requested by

Host: maerskvip.vc
URL: https://maerskvip.vc/index/login/index.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

47.246.23.164 , United States, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),

Reverse DNS

Software

Tengine /

Resource Hash

19c2ff8384c14552104a2f7a5a830aef510669837d65fb0c20a9bee749e54b8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://maerskvip.vc/index/login/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=5184000
date: Wed, 29 Mar 2023 12:20:25 GMT
via: cache16.l2ot7-1[1,0], cache9.us10[5,0]
last-modified: Sat, 23 Apr 2022 02:04:16 GMT
server: Tengine
etag: "62635ea0-43f14"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
accept-ranges: bytes
timing-allow-origin: *
content-length: 278292
eagleid: 2ff6179d16800924251081910e
expires: Thu, 30 Mar 2023 00:20:25 GMT

GET
H2 200 ethers-v4.min.js Show response
maerskvip.vc/static/index/js/ 296 KB
297 KB 329ms
327ms Script
application/javascript 47.246.23.164
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL

https://maerskvip.vc/static/index/js/ethers-v4.min.js

Requested by

Host: maerskvip.vc
URL: https://maerskvip.vc/index/login/index.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

47.246.23.164 , United States, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),

Reverse DNS

Software

Tengine /

Resource Hash

2f426ca96f459f9229cf53665db2de4ec82d15ce49f767915378d87f733ccf9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://maerskvip.vc/index/login/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=5184000
date: Wed, 29 Mar 2023 12:20:25 GMT
via: cache37.l2ot7-1[4,0], cache9.us10[9,0]
last-modified: Fri, 10 Jun 2022 01:17:10 GMT
server: Tengine
etag: "62a29b96-4a1dc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
accept-ranges: bytes
timing-allow-origin: *
content-length: 303580
eagleid: 2ff6179d16800924251081911e
expires: Thu, 30 Mar 2023 00:20:25 GMT

GET
H2 200 function.js Show response
maerskvip.vc/static/index/js/ 18 KB
18 KB 407ms
405ms Script
application/javascript 47.246.23.164
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL

https://maerskvip.vc/static/index/js/function.js?v=1680092424

Requested by

Host: maerskvip.vc
URL: https://maerskvip.vc/index/login/index.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

47.246.23.164 , United States, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),

Reverse DNS

Software

Tengine /

Resource Hash

2ab7e527af5bb124b8b6613bfccee03351438ea06d548465c8fb14457645b6b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://maerskvip.vc/index/login/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=5184000
date: Wed, 29 Mar 2023 12:20:25 GMT
via: cache12.l2ot7-1[4,0], cache9.us10[9,0]
last-modified: Tue, 14 Feb 2023 10:12:26 GMT
server: Tengine
etag: "63eb5e8a-4913"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
accept-ranges: bytes
timing-allow-origin: *
content-length: 18707
eagleid: 2ff6179d16800924251081913e
expires: Thu, 30 Mar 2023 00:20:25 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 83171ce6831197c0f77fd1ab8b4795a6064b60f0376341672e2e989a5b2cef19

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 846f676a751142fccaed31408d0ba2be2769208c71987a41a374b2855c90d71d

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 logo.svg
maerskvip.vc/static/index/css/imgs/ 1 KB
1 KB 85ms
83ms Image
image/svg+xml 47.246.23.164
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://maerskvip.vc/static/index/css/imgs/logo.svg

Requested by

Host: maerskvip.vc
URL: https://maerskvip.vc/static/index/css/style.css?v=1680092424

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

47.246.23.164 , United States, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),

Reverse DNS

Software

Tengine /

Resource Hash

3ef5c8838576142629c3689181d544e4dea1094c41148a780198bf62a8b3b93a

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://maerskvip.vc/static/index/css/style.css?v=1680092424
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=5184000
date: Wed, 29 Mar 2023 12:20:25 GMT
via: cache37.l2ot7-1[0,0], cache9.us10[2,0]
last-modified: Tue, 13 Dec 2022 06:20:32 GMT
server: Tengine
etag: "639819b0-4d5"
content-type: image/svg+xml
accept-ranges: bytes
timing-allow-origin: *
content-length: 1237
eagleid: 2ff6179d16800924255552717e

GET
H2 200 logoTitle.svg
maerskvip.vc/static/index/css/imgs/ 2 KB
2 KB 87ms
86ms Image
image/svg+xml 47.246.23.164
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://maerskvip.vc/static/index/css/imgs/logoTitle.svg

Requested by

Host: maerskvip.vc
URL: https://maerskvip.vc/static/index/css/style.css?v=1680092424

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

47.246.23.164 , United States, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),

Reverse DNS

Software

Tengine /

Resource Hash

6c0aae257f5a2999e27ca570b934c0ce20bb32da5a61050053cb6542897b457a

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://maerskvip.vc/static/index/css/style.css?v=1680092424
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=5184000
date: Wed, 29 Mar 2023 12:20:25 GMT
via: cache16.l2ot7-1[1,0], cache9.us10[5,0]
last-modified: Tue, 13 Dec 2022 06:55:48 GMT
server: Tengine
etag: "639821f4-94f"
content-type: image/svg+xml
accept-ranges: bytes
timing-allow-origin: *
content-length: 2383
eagleid: 2ff6179d16800924255552719e

GET
H2 200 icon.png
maerskvip.vc/static/index/css/imgs/ 39 KB
39 KB 85ms
85ms Image
image/png 47.246.23.164
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://maerskvip.vc/static/index/css/imgs/icon.png

Requested by

Host: maerskvip.vc
URL: https://maerskvip.vc/static/index/css/style.css?v=1680092424

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

47.246.23.164 , United States, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),

Reverse DNS

Software

Tengine /

Resource Hash

a62ab079bf00fae41d00abd7c34af9a943ece066c4e756cdde6d05dc8b7c4e47

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://maerskvip.vc/static/index/css/style.css?v=1680092424
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=5184000
date: Wed, 29 Mar 2023 12:20:25 GMT
via: cache14.l2ot7-1[1,0], cache9.us10[4,0]
last-modified: Tue, 31 Jan 2023 07:25:18 GMT
server: Tengine
etag: "63d8c25e-9b10"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 39696
eagleid: 2ff6179d16800924255552720e
expires: Fri, 28 Apr 2023 12:20:25 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Maersk (Transportation)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			maerskvip.vc/index/login	1969-12-31 23:59:59	Name: thinkphp_show_page_trace Value: 0\|0
			maerskvip.vc/	1969-12-31 23:59:59	Name: PHPSESSID Value: 02569f5201fb4fa085972b43e9f454f9

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=5184000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

maerskvip.vc
47.246.23.164
19c2ff8384c14552104a2f7a5a830aef510669837d65fb0c20a9bee749e54b8b
2ab7e527af5bb124b8b6613bfccee03351438ea06d548465c8fb14457645b6b3
2f426ca96f459f9229cf53665db2de4ec82d15ce49f767915378d87f733ccf9a
3ef5c8838576142629c3689181d544e4dea1094c41148a780198bf62a8b3b93a
6c0aae257f5a2999e27ca570b934c0ce20bb32da5a61050053cb6542897b457a
83171ce6831197c0f77fd1ab8b4795a6064b60f0376341672e2e989a5b2cef19
846f676a751142fccaed31408d0ba2be2769208c71987a41a374b2855c90d71d
a62ab079bf00fae41d00abd7c34af9a943ece066c4e756cdde6d05dc8b7c4e47
b8008eb8d82cfea22256d35a342e83f6840a95ab67017f2de64d471a3bedb967
d442a7c24d28092ce0747e6044da50141ca16fa5292bab04d68a9bbed08016c4

maerskvip.vc Open in urlscan Pro 47.246.23.164 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

686 kBTransfer

712 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

maerskvip.vc Open in urlscan Pro
47.246.23.164 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

686 kB
Transfer

712 kB
Size

2
Cookies

8 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!