metroscan.com.au Open in urlscan Pro
2404:8280:a222:bbbb:bba1:47:ffff:ffff Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://potenzafaccia.com.br/saas/red.html
Effective URL:
https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d1...
Submission: On August 17 via api (August 17th 2024, 12:39:36 pm UTC) from US — Scanned from DE

Summary HTTP 16 Redirects Links 59 Behaviour Indicators

Summary

This website contacted 10 IPs in 7 countries across 9 domains to perform 16 HTTP transactions. The main IP is 2404:8280:a222:bbbb:bba1:47:ffff:ffff, located in Australia and belongs to DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU. The main domain is metroscan.com.au.
TLS certificate: Issued by R10 on July 24th 2024. Valid for: 3 months.

This is the only time metroscan.com.au was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: SF Express (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	200.170.163.95 200.170.163.95	16735 (ALGAR TEL...) (ALGAR TELECOM SA)
1	2a04:4e42:600... 2a04:4e42:600::649	54113 (FASTLY) (FASTLY)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2404:8280:a22... 2404:8280:a222:bbbb:bba1:47:ffff:ffff	38719 (DREAMSCAP...) (DREAMSCAPE-AS-AP Dreamscape Networks Limited)
1	123.56.12.94 123.56.12.94	37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.)
3	43.152.137.72 43.152.137.72	139341 (ACE-AS-AP...) (ACE-AS-AP ACE)
16	10

1 200.170.163.95 (Brazil)

ASN16735 (ALGAR TELECOM SA, BR)
PTR: phsdobrasil.corp.joinvix.com.br

potenzafaccia.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:8280:a222:bbbb:bba1:47:ffff:ffff (Australia) 1 redirects

ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)

metroscan.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 123.56.12.94 (Beijing, China)

ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)

webcert.cnmstl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 43.152.137.72 (Singapore)

ASN139341 (ACE-AS-AP ACE, SG)

www.sf-express.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	sf-express.com www.sf-express.com — Cisco Umbrella Rank: 181275 Failed	26 KB
2	metroscan.com.au 1 redirects metroscan.com.au	11 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1832 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 4508	31 KB
1	cnmstl.net webcert.cnmstl.net — Cisco Umbrella Rank: 539718	3 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 641	30 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 336	7 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1211	24 KB
1	potenzafaccia.com.br potenzafaccia.com.br	3 KB
0	ebs.org.cn Failed szcert.ebs.org.cn Failed
16	9

	Domain	Requested by
3	www.sf-express.com	metroscan.com.au
2	metroscan.com.au	1 redirects potenzafaccia.com.br
1	webcert.cnmstl.net	metroscan.com.au
1	stackpath.bootstrapcdn.com	potenzafaccia.com.br
1	ajax.googleapis.com	potenzafaccia.com.br
1	maxcdn.bootstrapcdn.com	potenzafaccia.com.br
1	cdnjs.cloudflare.com	potenzafaccia.com.br
1	code.jquery.com	potenzafaccia.com.br
1	potenzafaccia.com.br
0	szcert.ebs.org.cn Failed	metroscan.com.au
16	10

This site contains links to these domains. Also see Links.

Domain
www.sf-express.com
www.sf-financial.com
origin.sf-express.com
www.sfbest.com
hr.sf-express.com
ocs2odp.sf-express.com
weibo.com
ocs2-isp.sf-express.com
www.sf-tech.com.cn
dengta.sf-express.com
www.sf-airlines.com
www.sffix.cn
intl.sf-express.com
www.sfbuy.com
www.sfgy.org
sf-saas.com
qiao.sf-express.com
www.miitbeian.gov.cn
webcert.cnmstl.net
www.sznet110.gov.cn
szcert.ebs.org.cn
www.beian.gov.cn

Subject Issuer	Validity	Valid
potenzafaccia.com.br cPanel, Inc. Certification Authority	`2024-06-13` - `2024-09-11`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
cdnjs.cloudflare.com WE1	`2024-07-31` - `2024-10-29`	3 months	crt.sh
bootstrapcdn.com WE1	`2024-07-23` - `2024-10-21`	3 months	crt.sh
upload.video.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
cpcalendars.metroscan.com.au R10	`2024-07-24` - `2024-10-22`	3 months	crt.sh
webcert.cnmstl.net Secure Site Extended Validation CA G2	`2023-10-19` - `2024-11-15`	a year	crt.sh
*.sf-express.com DigiCert CN RSA CA G1	`2023-09-27` - `2024-10-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=
Frame ID: 3726538730CCB1957B7F0923F3267563
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

电子发票和包裹跟踪

Page URL History Show full URLs

http://potenzafaccia.com.br/saas/red.html HTTP 307
https://potenzafaccia.com.br/saas/red.html Page URL
http://metroscan.com.au/SFINVOICE/SF-Express/?login= HTTP 307
https://metroscan.com.au/SFINVOICE/SF-Express/?login= HTTP 302
https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

63 %
HTTPS

56 %
IPv6

9
Domains

10
Subdomains

10
IPs

7
Countries

133 kB
Transfer

343 kB
Size

0
Cookies

59 Outgoing links

These are links going to different origins than the main page.

URL: http://www.sf-express.com/cn/sc/index.html

Search URL Search Domain Scan URL

URL: https://www.sf-financial.com/sfjrpc/?fc=ex&fp=nt&fa=pc&
Title: 金融

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/case_share/
Title: 成功案例

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/about_us/
Title: 关于我们

Search URL Search Domain Scan URL

URL: http://origin.sf-express.com/cn/sc/

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/express/express_service/city_distribution/SF_Rush/
Title: 快递服务

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/express/cold_service/food_service/fresh_match/
Title: 冷运服务

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/express/storage_service/storage_services/warehouse_management/
Title: 仓储服务

Search URL Search Domain Scan URL

URL: https://www.sf-financial.com/index.html?fc=ex&fp=nb&fa=pc&
Title: 财富管理

Search URL Search Domain Scan URL

URL: http://www.sfbest.com/
Title: 顺丰优选网上商城

Search URL Search Domain Scan URL

URL: http://www.sfbest.com/html/activity/1474966515.html
Title: 顺丰优选门店

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/case_share/index.html_364584038.html
Title: 3C电子行业

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/case_share/index.html_836109172.html
Title: 医疗行业

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/case_share/index.html_591155569.html
Title: 生鲜行业

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/case_share/index.html_1045342821.html
Title: 快消行业

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/dynamic_function/order/quick/
Title: 我要寄件

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/dynamic_function/waybill/
Title: 运单追踪

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/dynamic_function/price/
Title: 运费时效查询

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/dynamic_function/range/
Title: 收寄范围查询

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/dynamic_function/store/
Title: 服务网点查询

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/dynamic_function/accept/
Title: 收寄标准查询

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/dynamic_function/sf_care/
Title: 更多内容查询

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/investor_relations/corporate_governance/
Title: 公司治理

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/investor_relations/latest_announcement/
Title: 公司公告

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/investor_relations/periodic_report/financial_statements/
Title: 定期报告

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/investor_relations/stock_information/
Title: 投资者联络

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/investor_relations/investor_relations_calendar/board_meeting/
Title: 投资者关系日历

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/about_us/about_sf/company_introduction/
Title: 关于顺丰

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/news/
Title: 新闻资讯

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/notice/
Title: 服务公告

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/promotions/
Title: 促销活动

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/about_us/member_interests/Individual_members/Membership_Levels_and_Growing_Value/
Title: 会员权益

Search URL Search Domain Scan URL

URL: http://hr.sf-express.com/
Title: 人才招聘

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/purchase_information/
Title: 集团采购

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/Customer-Service-Hotlines/
Title: 客户服务热线

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/cooperative_consultation/
Title: 合作咨询

Search URL Search Domain Scan URL

URL: http://ocs2odp.sf-express.com/app/init?orgName=sy&channelId=469&clientType=1&accountId=
Title: 在线客服

Search URL Search Domain Scan URL

URL: http://weibo.com/sfsuyun?is_hot=1

Search URL Search Domain Scan URL

URL: http://ocs2-isp.sf-express.com/?orgName=sy&channelId=469&clientType=1#/pc/home

Search URL Search Domain Scan URL

URL: http://www.sf-tech.com.cn/

Search URL Search Domain Scan URL

URL: http://dengta.sf-express.com/

Search URL Search Domain Scan URL

URL: http://www.sf-airlines.com/sfa/zh/index.html

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/industrial_park/about_us/Introduction/

Search URL Search Domain Scan URL

URL: https://www.sffix.cn/sffix/home.html?chn=173595CFF4554A79087301422BFE33A1&hmsr=baidu&hmpl=%E5%85%AC%E5%8F%B8&hmcu=%E5%85%AC%E5%8F%B8&hmkw=17&hmci

Search URL Search Domain Scan URL

URL: http://intl.sf-express.com/

Search URL Search Domain Scan URL

URL: http://www.sfbuy.com/index

Search URL Search Domain Scan URL

URL: http://www.sfgy.org/

Search URL Search Domain Scan URL

URL: http://sf-saas.com/

Search URL Search Domain Scan URL

URL: https://hr.sf-express.com/

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/use_clause/
Title: 使用条款

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/services_network/
Title: 服务网络

Search URL Search Domain Scan URL

URL: https://qiao.sf-express.com/
Title: 丰桥平台

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/Privacy_Policy/
Title: 隐私政策

Search URL Search Domain Scan URL

URL: http://www.miitbeian.gov.cn/
Title: 粤 ICP 备08034243号

Search URL Search Domain Scan URL

URL: http://webcert.cnmstl.net/cert/code?sn=c6cc6af3fac440c28901c15a104582fe

Search URL Search Domain Scan URL

URL: http://www.sznet110.gov.cn/webrecord/innernet/Welcome.jsp?bano=4403101900826

Search URL Search Domain Scan URL

URL: http://www.sznet110.gov.cn/index.jsp

Search URL Search Domain Scan URL

URL: https://szcert.ebs.org.cn/B943BEFD-EF5E-4747-AD73-B875A1FC5CC7

Search URL Search Domain Scan URL

URL: http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=44030502003091
Title: 粤公网安备 44030502003091号

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://potenzafaccia.com.br/saas/red.html HTTP 307
https://potenzafaccia.com.br/saas/red.html Page URL
http://metroscan.com.au/SFINVOICE/SF-Express/?login= HTTP 307
https://metroscan.com.au/SFINVOICE/SF-Express/?login= HTTP 302
https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://potenzafaccia.com.br/saas/red.html HTTP 307
https://potenzafaccia.com.br/saas/red.html

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

red.html
potenzafaccia.com.br/saas/
Redirect Chain

http://potenzafaccia.com.br/saas/red.html
https://potenzafaccia.com.br/saas/red.html

2 KB
3 KB

1168ms
237ms

Document
text/html

200.170.163.95
ALGAR TELECOM SA

General

Check archive.org

Show headers Download Go to

Full URL: https://potenzafaccia.com.br/saas/red.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 200.170.163.95 , Brazil, ASN16735 (ALGAR TELECOM SA, BR),
Reverse DNS: phsdobrasil.corp.joinvix.com.br
Software: Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 2548
Content-Type: text/html
Date: Sat, 17 Aug 2024 12:39:25 GMT
Keep-Alive: timeout=5, max=100
Last-Modified: Thu, 15 Aug 2024 02:43:19 GMT
Server: Apache

Redirect headers

Location: https://potenzafaccia.com.br/saas/red.html
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 jquery-3.2.1.slim.min.js
code.jquery.com/ 68 KB
24 KB 660ms
7ms Script
application/javascript 2a04:4e42:600::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.slim.min.js
Requested by: Host: potenzafaccia.com.br
URL: https://potenzafaccia.com.br/saas/red.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://potenzafaccia.com.br/
Origin: https://potenzafaccia.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 17 Aug 2024 12:39:26 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 2701784
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 23856
x-served-by: cache-lga21963-LGA, cache-fra-etou8220094-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1723898367.790526,VS0,VE0
etag: W/"28feccc0-10fdd"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 11, 25038

GET
H3 200 popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ 19 KB
7 KB 470ms
52ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

Requested by

Host: potenzafaccia.com.br
URL: https://potenzafaccia.com.br/saas/red.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://potenzafaccia.com.br/
Origin: https://potenzafaccia.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 17 Aug 2024 12:39:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 149767
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6157
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-4af4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5JUI99VeAgT8P%2FCxNNZELlcU%2BqXBPH2qqFzWdWTpHDpQybH6c6g%2FyXnkMj7vmfB26GnXs7ZKyzT%2BmA7Fq08EIpUOwC%2FmaJm4NeUslBFTUvB9vjrgptfgOGSIpw120TjPUF9Q2D9X"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8b49ba16f9ec363d-FRA
expires: Thu, 07 Aug 2025 12:39:26 GMT

GET
H2 200 bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ 48 KB
15 KB 681ms
27ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

Requested by

Host: potenzafaccia.com.br
URL: https://potenzafaccia.com.br/saas/red.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://potenzafaccia.com.br/
Origin: https://potenzafaccia.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 17 Aug 2024 12:39:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 1048
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 210073
cdn-cachedat: 03/18/2024 12:46:36
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: a89806ab8e3f41e7142a82dab8aa3025
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 8b49ba18794618bf-FRA
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
30 KB 662ms
9ms Script
text/javascript 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: potenzafaccia.com.br
URL: https://potenzafaccia.com.br/saas/red.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://potenzafaccia.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 13 Aug 2024 14:07:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 340332
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30028
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 13 Aug 2025 14:07:14 GMT

GET
H2 200 bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 50 KB
16 KB 671ms
19ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

Requested by

Host: potenzafaccia.com.br
URL: https://potenzafaccia.com.br/saas/red.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://potenzafaccia.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 17 Aug 2024 12:39:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 723
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 13540699
cdn-cachedat: 11/15/2021 23:30:00
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: a35b0179a28ed953258d0fb41376a09c
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 8b49ba18791f047a-FRA
cdn-requestpullsuccess: True

GET
H2

200

Primary Request jycwpie26l8m1prjukulo6df.php Show response
metroscan.com.au/SFINVOICE/SF-Express/
Redirect Chain

http://metroscan.com.au/SFINVOICE/SF-Express/?login=
https://metroscan.com.au/SFINVOICE/SF-Express/?login=
https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca...

46 KB
10 KB

258ms
258ms

Document
text/html

2404:8280:a222:bbbb:bba1:47:ffff:ffff
DREAMSCAPE-AS-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=
Requested by: Host: potenzafaccia.com.br
URL: https://potenzafaccia.com.br/saas/red.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2404:8280:a222:bbbb:bba1:47:ffff:ffff , Australia, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU),
Reverse DNS
Software: Apache / PHP/5.6.40
Resource Hash: b8778a5dbcbbe8d6b174e026705e54ed9f48acfb306fc829d63630773c306390

Request headers

Referer: https://potenzafaccia.com.br/saas/red.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-length: 10572
content-type: text/html; charset=UTF-8
date: Sat, 17 Aug 2024 12:38:40 GMT
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/5.6.40

Redirect headers

content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 17 Aug 2024 12:38:39 GMT
location: jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=
server: Apache
x-powered-by: PHP/5.6.40

GET sf.png
www.sf-express.com/resource/images/index/ 0
0

GET
H/1.1 200
OK officialbrand_small_h_img.jpg
webcert.cnmstl.net/images/cert/code/ 3 KB
3 KB 2514ms
160ms Image
image/png 123.56.12.94
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webcert.cnmstl.net/images/cert/code/officialbrand_small_h_img.jpg?sn=c6cc6af3fac440c28901c15a104582fe&t=1476167429157
Requested by: Host: metroscan.com.au
URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 123.56.12.94 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: /
Resource Hash: 75fab0d1416ba599a70fae571a4dd33f2f81b99fc84269c99b8710049ffe6caf

Request headers

Referer: https://metroscan.com.au/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 17 Aug 2024 12:39:32 GMT
Content-Encoding: gzip
Connection: keep-alive
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/png; charset=utf-8

GET
H/1.1 200
OK security_site_1.png
www.sf-express.com/.gallery/other/ 3 KB
4 KB 1250ms
20ms Image
image/png 43.152.137.72
ACE-AS-AP ACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.sf-express.com/.gallery/other/security_site_1.png
Requested by: Host: metroscan.com.au
URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 43.152.137.72 , Singapore, ASN139341 (ACE-AS-AP ACE, SG),
Reverse DNS
Software: openresty /
Resource Hash: ec3c1154d95327d79118d2ea0320ead3e3ab4e29431c21c34012a1f896c36dc4

Request headers

Referer: https://metroscan.com.au/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Object-Version-Limit: 3
Date: Fri, 26 Jul 2024 15:31:08 GMT
X-Openstack-Request-Id: txaa30cca566c77164aab43-17e5cd08717922b0
X-Cache-Lookup: Cache Hit
Last-Modified: Mon, 15 Jul 2024 14:07:27 GMT
Server: openresty
Etag: 77af529422f2f8b1a7f6799aed2be544
Content-Type: image/png
Access-Control-Allow-Origin: *
X-Timestamp: 1721052446.92330
X-NWS-LOG-UUID: 11492161079967506261
Connection: keep-alive
Accept-Ranges: bytes
X-Trans-Id: txaa30cca566c77164aab43-17e5cd08717922b0
Content-Length: 3270

GET
H/1.1 200
OK security_site_2.png
www.sf-express.com/.gallery/other/ 3 KB
3 KB 1253ms
23ms Image
image/png 43.152.137.72
ACE-AS-AP ACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.sf-express.com/.gallery/other/security_site_2.png
Requested by: Host: metroscan.com.au
URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 43.152.137.72 , Singapore, ASN139341 (ACE-AS-AP ACE, SG),
Reverse DNS
Software: elb /
Resource Hash: 006ac205426fd7b3e79f3d6d414889d52f87daa2731a8264469984850714c18d

Request headers

Referer: https://metroscan.com.au/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Object-Version-Limit: 3
Date: Fri, 26 Jul 2024 14:53:30 GMT
X-Openstack-Request-Id: txd760e00d34ef39eceeba4-17e5cafa88a298d2
X-Cache-Lookup: Cache Hit
Last-Modified: Mon, 15 Jul 2024 14:07:28 GMT
Server: elb
Etag: c3cb66c5e0559e2dcd136a35378b07a0
Content-Type: image/png
Access-Control-Allow-Origin: *
X-Timestamp: 1721052447.00790
X-NWS-LOG-UUID: 17781526762778958340
Connection: keep-alive
Accept-Ranges: bytes
X-Trans-Id: txd760e00d34ef39eceeba4-17e5cafa88a298d2
Content-Length: 2707

GET govIcon.gif
szcert.ebs.org.cn/Images/ 0
0

GET
H/1.1 200
OK security_site_3.png
www.sf-express.com/.gallery/other/ 19 KB
19 KB 1310ms
18ms Image
image/png 43.152.137.72
ACE-AS-AP ACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.sf-express.com/.gallery/other/security_site_3.png
Requested by: Host: metroscan.com.au
URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 43.152.137.72 , Singapore, ASN139341 (ACE-AS-AP ACE, SG),
Reverse DNS
Software: openresty /
Resource Hash: a20583c81805fe64f7fa210851ce29754af9d25fd6aa5a3225a9557529602513

Request headers

Referer: https://metroscan.com.au/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Object-Version-Limit: 3
Date: Fri, 26 Jul 2024 14:53:30 GMT
X-Openstack-Request-Id: tx9d12a4de20a5e1206ccc4-17e5cafaba025496
X-Cache-Lookup: Cache Hit
Last-Modified: Mon, 15 Jul 2024 14:07:28 GMT
Server: openresty
Etag: d0289dc0a46fc5b15b3363ffa78cf6c7
Content-Type: image/png
Access-Control-Allow-Origin: *
X-Timestamp: 1721052447.13496
X-NWS-LOG-UUID: 12813017984050780430
Connection: keep-alive
Accept-Ranges: bytes
X-Trans-Id: tx9d12a4de20a5e1206ccc4-17e5cafaba025496
Content-Length: 19256

GET header-phoneicon.png
www.sf-express.com/cn/sc/dynamic_function/images/index/ 0
0

GET label-top-r-btn.png
www.sf-express.com/cn/sc/dynamic_function/images/index/ 0
0

GET bottom-nav-cn.png
www.sf-express.com/cn/sc/dynamic_function/images/index/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.sf-express.com
URL: https://www.sf-express.com/resource/images/index/sf.png

Domain: szcert.ebs.org.cn
URL: https://szcert.ebs.org.cn/Images/govIcon.gif

Domain: www.sf-express.com
URL: https://www.sf-express.com/cn/sc/dynamic_function/images/index/header-phoneicon.png

Domain: www.sf-express.com
URL: https://www.sf-express.com/cn/sc/dynamic_function/images/index/label-top-r-btn.png

Domain: www.sf-express.com
URL: https://www.sf-express.com/cn/sc/dynamic_function/images/index/bottom-nav-cn.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: SF Express (Transportation)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

16 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login= Message: Mixed Content: The page at 'https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=' was loaded over HTTPS, but requested an insecure element 'http://www.sf-express.com/resource/images/index/sf.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login= Message: Mixed Content: The page at 'https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=' was loaded over HTTPS, but requested an insecure element 'http://webcert.cnmstl.net/images/cert/code/officialbrand_small_h_img.jpg?sn=c6cc6af3fac440c28901c15a104582fe&t=1476167429157'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login= Message: Mixed Content: The page at 'https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=' was loaded over HTTPS, but requested an insecure element 'http://www.sf-express.com/.gallery/other/security_site_1.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login= Message: Mixed Content: The page at 'https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=' was loaded over HTTPS, but requested an insecure element 'http://www.sf-express.com/.gallery/other/security_site_2.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login= Message: Mixed Content: The page at 'https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=' was loaded over HTTPS, but requested an insecure element 'http://szcert.ebs.org.cn/Images/govIcon.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login= Message: Mixed Content: The page at 'https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=' was loaded over HTTPS, but requested an insecure element 'http://www.sf-express.com/.gallery/other/security_site_3.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login= Message: Mixed Content: The page at 'https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=' was loaded over HTTPS, but requested an insecure element 'http://www.sf-express.com/resource/images/index/sf.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login= Message: Mixed Content: The page at 'https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=' was loaded over HTTPS, but requested an insecure element 'http://webcert.cnmstl.net/images/cert/code/officialbrand_small_h_img.jpg?sn=c6cc6af3fac440c28901c15a104582fe&t=1476167429157'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login= Message: Mixed Content: The page at 'https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=' was loaded over HTTPS, but requested an insecure element 'http://www.sf-express.com/.gallery/other/security_site_1.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login= Message: Mixed Content: The page at 'https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=' was loaded over HTTPS, but requested an insecure element 'http://www.sf-express.com/.gallery/other/security_site_2.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login= Message: Mixed Content: The page at 'https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=' was loaded over HTTPS, but requested an insecure element 'http://szcert.ebs.org.cn/Images/govIcon.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login= Message: Mixed Content: The page at 'https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=' was loaded over HTTPS, but requested an insecure element 'http://www.sf-express.com/.gallery/other/security_site_3.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login= Message: Mixed Content: The page at 'https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=' was loaded over HTTPS, but requested an insecure element 'http://www.sf-express.com/cn/sc/dynamic_function/images/index/header-phoneicon.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login= Message: Mixed Content: The page at 'https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=' was loaded over HTTPS, but requested an insecure element 'http://www.sf-express.com/cn/sc/dynamic_function/images/index/label-top-r-btn.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login= Message: Mixed Content: The page at 'https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login=' was loaded over HTTPS, but requested an insecure element 'http://www.sf-express.com/cn/sc/dynamic_function/images/index/bottom-nav-cn.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
recommendation	verbose	URL: https://metroscan.com.au/SFINVOICE/SF-Express/jycwpie26l8m1prjukulo6df.php?JG78Ab1723898320b5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19bb5fd2052ca6a94c719ab396dc958d19b&login= Message: [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdnjs.cloudflare.com
code.jquery.com
maxcdn.bootstrapcdn.com
metroscan.com.au
potenzafaccia.com.br
stackpath.bootstrapcdn.com
szcert.ebs.org.cn
webcert.cnmstl.net
www.sf-express.com
szcert.ebs.org.cn
www.sf-express.com
104.17.25.14
123.56.12.94
200.170.163.95
2404:8280:a222:bbbb:bba1:47:ffff:ffff
2606:4700::6812:acf
2606:4700::6812:bcf
2a00:1450:4001:813::200a
2a04:4e42:600::649
43.152.137.72
006ac205426fd7b3e79f3d6d414889d52f87daa2731a8264469984850714c18d
75fab0d1416ba599a70fae571a4dd33f2f81b99fc84269c99b8710049ffe6caf
a20583c81805fe64f7fa210851ce29754af9d25fd6aa5a3225a9557529602513
b8778a5dbcbbe8d6b174e026705e54ed9f48acfb306fc829d63630773c306390
ec3c1154d95327d79118d2ea0320ead3e3ab4e29431c21c34012a1f896c36dc4

metroscan.com.au Open in urlscan Pro 2404:8280:a222:bbbb:bba1:47:ffff:ffff Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

63 %HTTPS

56 %IPv6

9 Domains

10 Subdomains

10 IPs

7 Countries

133 kBTransfer

343 kBSize

0 Cookies

59 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

16 Console Messages

Indicators

metroscan.com.au Open in urlscan Pro
2404:8280:a222:bbbb:bba1:47:ffff:ffff Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

63 %
HTTPS

56 %
IPv6

9
Domains

10
Subdomains

10
IPs

7
Countries

133 kB
Transfer

343 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!