gtisgrzsit.com - urlscan.io

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 3 HTTP transactions. The main IP is 185.250.240.89, located in Turkey and belongs to AS43260, TR. The main domain is gtisgrzsit.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 5th 2020. Valid for: 3 months.

This is the only time gtisgrzsit.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: SF Express (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.123.16 167.89.123.16	11377 (SENDGRID) (SENDGRID)
1 2	185.250.240.89 185.250.240.89	43260 (AS43260) (AS43260)
4 6	163.171.131.19 163.171.131.19	54994 (QUANTILNE...) (QUANTILNETWORKS)
3	2

1 167.89.123.16 (United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789123x16.outbound-mail.sendgrid.net

u4804709.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.250.240.89 (Turkey) 1 redirects

ASN43260 (AS43260, TR)

gtisgrzsit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 163.171.131.19 (France) 4 redirects

ASN54994 (QUANTILNETWORKS, US)

www.sf-express.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	sf-express.com 4 redirects www.sf-express.com	4 KB
2	gtisgrzsit.com 1 redirects gtisgrzsit.com	17 KB
1	sendgrid.net 1 redirects u4804709.ct.sendgrid.net	294 B
3	3

	Domain	Requested by
6	www.sf-express.com	4 redirects gtisgrzsit.com
2	gtisgrzsit.com	1 redirects
1	u4804709.ct.sendgrid.net	1 redirects
3	3

This site contains links to these domains. Also see Links.

Domain
www.sf-express.com
www.sf-financial.com
origin.sf-express.com

Subject Issuer	Validity	Valid
gtisgrzsit.com cPanel, Inc. Certification Authority	`2020-06-05` - `2020-09-03`	3 months	crt.sh
*.sf-express.com DigiCert CN RSA CA G1	`2020-02-27` - `2022-04-02`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://gtisgrzsit.com/tred/SF-Express/SF-Express/SF-Express/jj7ryel35x6mh3qtvnt183qt.php?51726G15917810916ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a53&login=claims@navandgen.co.uk
Frame ID: AF6DDADD49E21A862F41D92E16915733
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://u4804709.ct.sendgrid.net/ls/click?upn=pRAF6aQCOg6rCIYkU4t4WFUQPGa5P8FGEdy9cpp6mxU8vNXPDGbSuihV7kg8Z2b... HTTP 302
https://gtisgrzsit.com/tred/SF-Express/SF-Express/SF-Express/?login=claims@navandgen.co.uk HTTP 302
https://gtisgrzsit.com/tred/SF-Express/SF-Express/SF-Express/jj7ryel35x6mh3qtvnt183qt.php?51726G159... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

19 kB
Transfer

19 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: http://www.sf-express.com/cn/sc/index.html
Title:

Search URL Search Domain Scan URL

URL: https://www.sf-financial.com/sfjrpc/?fc=ex&fp=nt&fa=pc&
Title: 金融

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/case_share/
Title: 成功案例

Search URL Search Domain Scan URL

URL: http://www.sf-express.com/cn/sc/about_us/
Title: 关于我们

Search URL Search Domain Scan URL

URL: http://origin.sf-express.com/cn/sc/
Title:

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://u4804709.ct.sendgrid.net/ls/click?upn=pRAF6aQCOg6rCIYkU4t4WFUQPGa5P8FGEdy9cpp6mxU8vNXPDGbSuihV7kg8Z2b0z-2F3Ti0c53Dbtj8OfC0mIG5-2F5S3lhSH4AQmea6S-2FtkVfFUQGOong4XJQxCIwn7PlVjdcx-2ByNVhA4EmFG0n5MEiw-3D-3DG2Ny_x4qYSFO27ufmWZiHcRmfhSqEM7DBq8h9B0NMoQeH8x-2Bj61S1vR66nlMHwDVuPE6YEznG2fjzIEVUPJC0Ej78LmGmx65Dn52aOWv4OsmmWsIGiQe3eMNlmzUq-2FX45PPt8hQJaHTWq9X2CtUZhcYPFzIdSgdeB7sEruk9eAPalib8JnSXvP8iTK0oNDzpnLYRD2bCYYmFZrFrMtuqvfEjeL5fc4T6-2B5WADhNH633Gb8ic-3D HTTP 302
https://gtisgrzsit.com/tred/SF-Express/SF-Express/SF-Express/?login=claims@navandgen.co.uk HTTP 302
https://gtisgrzsit.com/tred/SF-Express/SF-Express/SF-Express/jj7ryel35x6mh3qtvnt183qt.php?51726G15917810916ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a53&login=claims@navandgen.co.uk Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.sf-express.com/resource/images/index/sf.png HTTP 301
https://www.sf-express.com/resource/images/index/sf.png

Request Chain 1

http://www.sf-express.com/cn/sc/dynamic_function/images/index/header-phoneicon.png HTTP 301
https://www.sf-express.com/cn/sc/dynamic_function/images/index/header-phoneicon.png HTTP 302
http://www.sf-express.com/cn/sc/404.html HTTP 301
https://www.sf-express.com/cn/sc/404.html

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request jj7ryel35x6mh3qtvnt183qt.php Show response gtisgrzsit.com/tred/SF-Express/SF-Express/SF-Express/ Redirect Chain http://u4804709.ct.sendgrid.net/ls/click?upn=pRAF6aQCOg6rCIYkU4t4WFUQPGa5P8FGEdy9cpp6mxU8vNXPDGbSuihV7kg8Z2b0z-2F3Ti0c53Dbtj8OfC0mIG5-2F5S3lhSH4AQmea6S-2FtkVfFUQGOong4XJQxCIwn7PlVjdcx-2ByNVhA4EmFG0... https://gtisgrzsit.com/tred/SF-Express/SF-Express/SF-Express/?login=claims@navandgen.co.uk https://gtisgrzsit.com/tred/SF-Express/SF-Express/SF-Express/jj7ryel35x6mh3qtvnt183qt.php?51726G15917810916ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa8015350...	16 KB 16 KB	202ms 197ms	Document text/html	185.250.240.89 AS43260
General Check archive.org Show headers Download Go to Full URL https://gtisgrzsit.com/tred/SF-Express/SF-Express/SF-Express/jj7ryel35x6mh3qtvnt183qt.php?51726G15917810916ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a53&login=claims@navandgen.co.uk Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.250.240.89 , Turkey, ASN43260 (AS43260, TR), Reverse DNS Software Apache / Resource Hash `ab44a8bcbb2f2dd390b12d6a505f0a42a8a5ecce1711ca710797ede497dd708b` Request headers Host gtisgrzsit.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 10 Jun 2020 09:24:52 GMT Server Apache Keep-Alive timeout=5, max=99 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Date Wed, 10 Jun 2020 09:24:51 GMT Server Apache Location jj7ryel35x6mh3qtvnt183qt.php?51726G15917810916ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a53&login=claims@navandgen.co.uk Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	sf.png www.sf-express.com/resource/images/index/ Redirect Chain http://www.sf-express.com/resource/images/index/sf.png https://www.sf-express.com/resource/images/index/sf.png	3 KB 3 KB	177ms 58ms	Image image/png	163.171.131.19 QUANTILNETWORKS
General Check archive.org Show headers Download Go to Show image Full URL https://www.sf-express.com/resource/images/index/sf.png Requested by Host: gtisgrzsit.com URL: https://gtisgrzsit.com/tred/SF-Express/SF-Express/SF-Express/jj7ryel35x6mh3qtvnt183qt.php?51726G15917810916ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a53&login=claims@navandgen.co.uk Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 163.171.131.19 , France, ASN54994 (QUANTILNETWORKS, US), Reverse DNS Software nginx / Resource Hash `8a73edb31547956a8ef9b87d84795705f1efb0f65531c3b3a58d83fbcb6d93c9` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 10 Jun 2020 08:26:22 GMT Via 1.1 ID-0314217270070252 uproxy-10 Last-Modified Wed, 20 May 2020 07:14:58 GMT Server nginx Age 1 ETag "5ec4d8f2-afc" X-Ws-Request-Id 5ee0992e_PSfgblPAR1vr66_19911-7369 Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 2812 X-Via 1.1 PSxgHKG8vk84:4 (Cdn Cache Server V2.0), 1.1 PSfgblPAR1jr69:10 (Cdn Cache Server V2.0) Redirect headers Location https://www.sf-express.com/resource/images/index/sf.png Date Wed, 10 Jun 2020 08:26:21 GMT Server Cdn Cache Server V2.0 Connection keep-alive Content-Length 0 X-Ws-Request-Id 5ee0992d_PSfgblPAR1ke67_36955-58460 X-Via 1.0 PSfgblPAR1jr69:10 (Cdn Cache Server V2.0)
GET H/1.1	200 OK	404.html www.sf-express.com/cn/sc/ Redirect Chain http://www.sf-express.com/cn/sc/dynamic_function/images/index/header-phoneicon.png https://www.sf-express.com/cn/sc/dynamic_function/images/index/header-phoneicon.png http://www.sf-express.com/cn/sc/404.html https://www.sf-express.com/cn/sc/404.html	0 0	66ms 66ms	Image text/html	163.171.131.19 QUANTILNETWORKS
General Check archive.org Show headers Download Go to Show image Full URL https://www.sf-express.com/cn/sc/404.html Requested by Host: gtisgrzsit.com URL: https://gtisgrzsit.com/tred/SF-Express/SF-Express/SF-Express/jj7ryel35x6mh3qtvnt183qt.php?51726G15917810916ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a536ccef5d65a970ee9acaa801535029a53&login=claims@navandgen.co.uk Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 163.171.131.19 , France, ASN54994 (QUANTILNETWORKS, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Redirect headers Location https://www.sf-express.com/cn/sc/404.html Date Wed, 10 Jun 2020 08:26:22 GMT Server Cdn Cache Server V2.0 Connection keep-alive Content-Length 0 X-Ws-Request-Id 5ee0992e_PSfgblPAR1ke67_36955-58479 X-Via 1.0 PSfgblPAR1ai68:6 (Cdn Cache Server V2.0)

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: SF Express (Transportation)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

gtisgrzsit.com
u4804709.ct.sendgrid.net
www.sf-express.com
163.171.131.19
167.89.123.16
185.250.240.89
8a73edb31547956a8ef9b87d84795705f1efb0f65531c3b3a58d83fbcb6d93c9
ab44a8bcbb2f2dd390b12d6a505f0a42a8a5ecce1711ca710797ede497dd708b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

gtisgrzsit.com Open in urlscan Pro 185.250.240.89 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

3 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

3 Countries

19 kBTransfer

19 kBSize

0 Cookies

5 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

gtisgrzsit.com Open in urlscan Pro
185.250.240.89 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

19 kB
Transfer

19 kB
Size

0
Cookies

3 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!