37.252.127.10
Open in
urlscan Pro
37.252.127.10
Malicious Activity!
Public Scan
URL:
http://37.252.127.10/jkg/sfexpress/source/?email=*
Submission: On November 01 via api from BE — Scanned from DE
Submission: On November 01 via api from BE — Scanned from DE
Summary
This website contacted 6 IPs
in 5 countries
across 5 domains to perform 21 HTTP transactions.
The main IP is 37.252.127.10, located in
Netherlands and
belongs to TILAA, NL.
The main domain is 37.252.127.10.
This is the only time 37.252.127.10 was scanned on urlscan.io!
This is the only time 37.252.127.10 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: SF Express (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 8 | 37.252.127.10 37.252.127.10 | 196752 (TILAA) (TILAA) | |
| 3 10 | 43.152.26.151 43.152.26.151 | 139341 (ACE-AS-AP...) (ACE-AS-AP ACE) | |
| 3 3 | 43.152.26.58 43.152.26.58 | 139341 (ACE-AS-AP...) (ACE-AS-AP ACE) | |
| 2 | 13.32.99.51 13.32.99.51 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 2 | 81.71.20.246 81.71.20.246 | 45090 (TENCENT-N...) (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited) | |
| 1 | 202.181.195.170 202.181.195.170 | 7540 (HKCIX-AS-...) (HKCIX-AS-AP HongKong Commercial Internet Exchange) | |
| 21 | 6 |
2
13.32.99.51
(United States)
ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-51.fra60.r.cloudfront.net
ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-51.fra60.r.cloudfront.net
| www.joc.com |
2
81.71.20.246
(China)
ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN)
ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN)
| www.sf-airlines.com |
1
202.181.195.170
(Hong Kong)
ASN7540 (HKCIX-AS-AP HongKong Commercial Internet Exchange, HK)
PTR: ixa180.serverhk.com
ASN7540 (HKCIX-AS-AP HongKong Commercial Internet Exchange, HK)
PTR: ixa180.serverhk.com
| www.hino.com.hk |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 13 |
sf-express.com
6 redirects
www.sf-express.com — Cisco Umbrella Rank: 191918 |
881 KB |
| 2 |
sf-airlines.com
1 redirects
www.sf-airlines.com |
356 KB |
| 2 |
joc.com
www.joc.com — Cisco Umbrella Rank: 408595 |
262 KB |
| 1 |
hino.com.hk
www.hino.com.hk |
135 KB |
| 0 |
pcdn.co
Failed
s29755.pcdn.co Failed |
|
| 21 | 5 |
| Domain | Requested by | |
|---|---|---|
| 13 | www.sf-express.com |
6 redirects
37.252.127.10
|
| 2 | www.sf-airlines.com |
1 redirects
37.252.127.10
|
| 2 | www.joc.com |
37.252.127.10
|
| 1 | www.hino.com.hk |
37.252.127.10
|
| 0 | s29755.pcdn.co Failed |
37.252.127.10
|
| 21 | 5 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| prod.int.joc.com Amazon RSA 2048 M02 |
2023-03-10 - 2024-04-07 |
a year | crt.sh |
| *.sf-express.com DigiCert CN RSA CA G1 |
2022-12-26 - 2023-12-26 |
a year | crt.sh |
| hino.com.hk Go Daddy Secure Certificate Authority - G2 |
2023-06-26 - 2024-06-25 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
http://37.252.127.10/jkg/sfexpress/source/?email=*
Frame ID: 3547A999EB4BC5AB4E9C4AFDEB9DBF28
Requests: 18 HTTP requests in this frame
Frame:
http://37.252.127.10/jkg/sfexpress/source/content/login.php?email=*
Frame ID: 324C78A4E5E63C150098DA6E9F796B2E
Requests: 3 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- https://www.sf-express.com/cn/sc/download/IMG20190905_171924.jpg HTTP 302
- http://www.sf-express.com/cn/sc/404.html HTTP 302
- https://www.sf-express.com/cn/sc/404.html
- https://www.sf-express.com/cn/sc/download/SF-CN-Logistics-Warehousing-Service-633x255.jpg HTTP 302
- http://www.sf-express.com/cn/sc/404.html HTTP 302
- https://www.sf-express.com/cn/sc/404.html
- http://www.sf-airlines.com/sfaImage/2019/09/1909100944581164.jpg HTTP 302
- https://www.sf-airlines.com/sfaImage/2019/09/1909100944581164.jpg
- https://www.sf-express.com/cn/sc/download/SF-CN-Logistics-Warehousing-Service-633x255.jpg HTTP 302
- http://www.sf-express.com/cn/sc/404.html HTTP 302
- https://www.sf-express.com/cn/sc/404.html
21 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
37.252.127.10/jkg/sfexpress/source/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.css
37.252.127.10/jkg/sfexpress/source/ |
820 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.png
37.252.127.10/jkg/sfexpress/source/photos/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
index.php
37.252.127.10/jkg/sfexpress/source/content/ Frame 324C |
118 B 379 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.min.js
37.252.127.10/jkg/sfexpress/source/ |
82 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
script.js
37.252.127.10/jkg/sfexpress/source/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
404.html
www.sf-express.com/cn/sc/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
SF_Express_Taiwan_KPA-1063_20180126-1.jpg
s29755.pcdn.co/wp-content/uploads/2018/07/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
404.html
www.sf-express.com/cn/sc/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
SFExpress.jpg
www.joc.com/sites/default/files/field_feature_image/ |
147 KB 148 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
HP-banner-new-web-en-1349x487.jpg
www.sf-express.com/.gallery/gb/index/ |
283 KB 284 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
PCkuaidifuwu-0213.jpg
www.sf-express.com/.gallery/index/ |
50 KB 51 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
HP-banner-SF-Direct-en-1349x487.jpg
www.sf-express.com/.gallery/de/index/ |
411 KB 412 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1909100944581164.jpg
www.sf-airlines.com/sfaImage/2019/09/ Redirect Chain
|
355 KB 355 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
IRCE-1.jpg
www.sf-express.com/.gallery/us/news/ |
132 KB 133 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
share-00-sf-hero.jpg
www.hino.com.hk/sites/default/files/content/photos/ |
134 KB 135 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
SF%20Express%20couriers%20loading%20packages%20in%20a%20van-700x464.JPG
www.joc.com/sites/default/files/field_feature_image/ |
114 KB 114 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
login.php
37.252.127.10/jkg/sfexpress/source/content/ Frame 324C |
10 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.png
37.252.127.10/jkg/sfexpress/source/content/photos/ Frame 324C |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
SF_Express_Taiwan_KPA-1063_20180126-1.jpg
s29755.pcdn.co/wp-content/uploads/2018/07/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
404.html
www.sf-express.com/cn/sc/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- s29755.pcdn.co
- URL
- https://s29755.pcdn.co/wp-content/uploads/2018/07/SF_Express_Taiwan_KPA-1063_20180126-1.jpg
- Domain
- s29755.pcdn.co
- URL
- https://s29755.pcdn.co/wp-content/uploads/2018/07/SF_Express_Taiwan_KPA-1063_20180126-1.jpg
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: SF Express (Transportation)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| $ function| jQuery object| bgImageArray string| base number| secs function| backgroundSequence0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
s29755.pcdn.co
www.hino.com.hk
www.joc.com
www.sf-airlines.com
www.sf-express.com
s29755.pcdn.co
13.32.99.51
202.181.195.170
37.252.127.10
43.152.26.151
43.152.26.58
81.71.20.246
17d6d4e2cce6d35a5e80fbf7ec5575c9ab4d24238ddf53a0e323bbb7080da58d
190c54a4a29a238db4da3ab709b90813b3d76758fb33131f5a520c6ea7dc54bb
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
44c9d9efcaea62ef98c04baa0d3757b9deffd89e14faa0d54bd1f5bf9375e331
54f540899777787f97d73f9bbea7fb8f360d28ad4c586614aff01e9c41462bf7
5ae9b15e727e6b6199189cf58e3f76362345a374f097751bb3df6edba47eb3fc
5d51e902b4f7b3f4c0fb8e8b9a48e47684f8d73ce659044f952870b59139de46
69d5d312c7b1e9e322b1223d43602627086a51fa13a2be7603162c1e53e8ab50
7413fcee4ad8ee388696fb78091aa1493fb0b0aa87e394e381236b9f05c23a6b
7b023a328dd0ae326c0f09ec6bbed26905b1b81d404766a1f3653cf9dbef18e2
8a73edb31547956a8ef9b87d84795705f1efb0f65531c3b3a58d83fbcb6d93c9
9c7206c4e9778296d64f59c828284e967f16500d38b2f24dec43836ca92ba183
a6748c8b4c037a6b33b0f0af525136220f65c288611d06bee67bd60ad48a8b09
bd2374bc1ca03459a2e8b0377f792dd61410a3aea23a111412968fbd511f5341
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fbcbac2c0cbfa3673bc939cdda59b801f0fe05b7d21b23bd093933bd45ed1cb0