productsgallerydetails.com
Open in
urlscan Pro
188.114.96.3
Malicious Activity!
Public Scan
Submission Tags: @ecarlesi possiblethreat phishing Search All
Submission: On April 15 via api from IT — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on April 14th 2024. Valid for: 3 months.
This is the only time productsgallerydetails.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Alibaba (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 104.16.85.20 104.16.85.20 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.185.74 142.250.185.74 | 15169 (GOOGLE) (GOOGLE) | |
1 | 151.101.66.137 151.101.66.137 | 54113 (FASTLY) (FASTLY) | |
8 | 154.72.194.117 154.72.194.117 | 327724 (NITA) (NITA) | |
15 | 5 |
ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f10.1e100.net
fonts.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
ecitizen.go.ug
ecitizen.go.ug |
249 KB |
4 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 315 |
81 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 771 |
30 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35 |
775 B |
1 |
productsgallerydetails.com
productsgallerydetails.com |
101 KB |
15 | 5 |
Domain | Requested by | |
---|---|---|
8 | ecitizen.go.ug |
productsgallerydetails.com
|
4 | cdn.jsdelivr.net |
productsgallerydetails.com
|
1 | code.jquery.com |
productsgallerydetails.com
|
1 | fonts.googleapis.com |
productsgallerydetails.com
|
1 | productsgallerydetails.com | |
15 | 5 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
productsgallerydetails.com GTS CA 1P5 |
2024-04-14 - 2024-07-13 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-02 - 2024-05-01 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-03-04 - 2024-05-27 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
*.ecitizen.go.ug R3 |
2024-04-14 - 2024-07-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://productsgallerydetails.com/
Frame ID: 8ADA7E873641676D4A0E18D3F63DCC8C
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
Alibaba Manufacturer Directory - Suppliers, Manufacturers, Exporters & ImportersDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
42 Outgoing links
These are links going to different origins than the main page.
Title: International
Search URL Search Domain Scan URL
Title: Español
Search URL Search Domain Scan URL
Title: Português
Search URL Search Domain Scan URL
Title: Deutsch
Search URL Search Domain Scan URL
Title: Français
Search URL Search Domain Scan URL
Title: Italiano
Search URL Search Domain Scan URL
Title: हिंदी
Search URL Search Domain Scan URL
Title: Pусский
Search URL Search Domain Scan URL
Title: 한국어
Search URL Search Domain Scan URL
Title: 日本語
Search URL Search Domain Scan URL
Title: اللغة العربية
Search URL Search Domain Scan URL
Title: ภาษาไทย
Search URL Search Domain Scan URL
Title: Nederlands
Search URL Search Domain Scan URL
Title: tiếng Việt
Search URL Search Domain Scan URL
Title: Indonesian
Search URL Search Domain Scan URL
Title: עברית
Search URL Search Domain Scan URL
Title: Alibaba Group
Search URL Search Domain Scan URL
Title: Taobao Marketplace
Search URL Search Domain Scan URL
Title: Tmall.com
Search URL Search Domain Scan URL
Title: Juhuasuan
Search URL Search Domain Scan URL
Title: AliExpress
Search URL Search Domain Scan URL
Title: 1688.com
Search URL Search Domain Scan URL
Title: Alimama
Search URL Search Domain Scan URL
Title: Fliggy
Search URL Search Domain Scan URL
Title: Taobao Global
Search URL Search Domain Scan URL
Title: Alibaba Cloud
Search URL Search Domain Scan URL
Title: AliOS
Search URL Search Domain Scan URL
Title: AliTelecom
Search URL Search Domain Scan URL
Title: HiChina
Search URL Search Domain Scan URL
Title: Autonavi
Search URL Search Domain Scan URL
Title: UCWeb
Search URL Search Domain Scan URL
Title: Umeng
Search URL Search Domain Scan URL
Title: Xiami
Search URL Search Domain Scan URL
Title: DingTalk
Search URL Search Domain Scan URL
Title: Alipay
Search URL Search Domain Scan URL
Title: Lazada
Search URL Search Domain Scan URL
Title: Product Listing Policy
Search URL Search Domain Scan URL
Title: Intellectual Property Protection
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: ©
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
productsgallerydetails.com/ |
2 MB 101 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/css/ |
158 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon
fonts.googleapis.com/ |
569 B 775 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.slim.min.js
cdn.jsdelivr.net/npm/jquery@3.7.1/dist/ |
69 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
popper.min.js
cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/ |
21 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/ |
81 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtjfjfjfjfgjfgjfjfjfjffg.png
ecitizen.go.ug/sitttes/img/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
load2.gif
ecitizen.go.ug/sitttes/img/ |
35 KB 35 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
barcode.png
ecitizen.go.ug/sitttes/img/ |
449 B 539 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
notice-icon.png
ecitizen.go.ug/sitttes/img/ |
301 B 395 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
notice2.png
ecitizen.go.ug/sitttes/img/ |
744 B 803 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
confirm.png
ecitizen.go.ug/sitttes/img/ |
741 B 801 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wi.jpg
ecitizen.go.ug/sitttes/img/ |
194 KB 194 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
ecitizen.go.ug/sitttes/img/ |
1 KB 546 B |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Alibaba (Online)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| dF function| $ function| jQuery function| Popper object| bootstrap function| _0x254bfc function| _0x366a40 function| _0x5438dd function| _0x20f7 function| _0x528f function| _0x2a5b2f function| _0x296ab40 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
code.jquery.com
ecitizen.go.ug
fonts.googleapis.com
productsgallerydetails.com
104.16.85.20
142.250.185.74
151.101.66.137
154.72.194.117
188.114.96.3
12a8e74153c9331dfb091e086a88a20f8b417399d86adf5d18202b095e4d15b5
14f7b024f41a5174b061dd3ce653f2fcbdb41e5ac9e1b13f7ce43dbc7d797cf1
19126b874a32753d42c12dfa6c17892bfd93820a5a5100ba1b34da4d07599b49
1ed2c655524e31b8e6fc672fa0bf2c5e40ceb54a751bd688220f702ab497f8d1
36b2057eb5eef261a2cbb8c149dcf3a11edaa15ccd8e3d462eb34999f5ff8f2a
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
97f86999497130c29fb1a19835e182e4f6ffc01eda4b53b09addb5ab641623f4
b14106503ec607d5b1f58a6585ac58d2b677c844ca452fccba917470e33d5502
de7805633c7a0de8664f0631249124bdc16c95538a7a3d6c888d8a291e735649
e639fea6b09edde576c7e201e64996e7429017d54351e8cc7e163ca0773551a5
f13161c98fa72a2e1f1bed49c4c65ffdcd43e71df1ebe07fd90cb376a21bd93b
f886516f3d41e9e7bd994c7f7a39a89cafae9483f90396cb0ddeafe8d1ea5e72
fd969eab7bf38ffda200dcbf707646810df3039138abe643793c20404ecf5900
fe28dc38bc057f6eb11180235bbe458b3295a39b674d889075d3d9a0b5071d9f
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e