sijiwuxi.com
Open in
urlscan Pro
23.254.147.26
Malicious Activity!
Public Scan
URL:
http://sijiwuxi.com/images/fedexexpres/login.php
Submission: On July 23 via automatic, source phishtank
Submission: On July 23 via automatic, source phishtank
Summary
This website contacted 2 IPs
in 1 countries
across 2 domains to perform 18 HTTP transactions.
The main IP is 23.254.147.26, located in
Seattle, United States and
belongs to HOSTWINDS - Hostwinds LLC., US.
The main domain is sijiwuxi.com.
This is the only time sijiwuxi.com was scanned on urlscan.io!
This is the only time sijiwuxi.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 17 | 23.254.147.26 23.254.147.26 | 54290 (HOSTWINDS) (HOSTWINDS - Hostwinds LLC.) | |
| 1 | 54.148.84.95 54.148.84.95 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 18 | 2 |
17
23.254.147.26
(Seattle, United States)
ASN54290 (HOSTWINDS - Hostwinds LLC., US)
PTR: dal-shared-1.masterns.com
ASN54290 (HOSTWINDS - Hostwinds LLC., US)
PTR: dal-shared-1.masterns.com
| sijiwuxi.com |
1
54.148.84.95
(Boardman, United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-148-84-95.us-west-2.compute.amazonaws.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-148-84-95.us-west-2.compute.amazonaws.com
| www.sitepoint.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 17 |
sijiwuxi.com
sijiwuxi.com |
545 KB |
| 1 |
sitepoint.com
www.sitepoint.com |
6 KB |
| 18 | 2 |
| Domain | Requested by | |
|---|---|---|
| 17 | sijiwuxi.com |
sijiwuxi.com
|
| 1 | www.sitepoint.com |
sijiwuxi.com
|
| 18 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| sitepoint.com SSL.com Premium EV CA |
2018-08-07 - 2019-09-23 |
a year | crt.sh |
| 1970-01-01 - 1970-01-01 |
a few seconds | crt.sh |
This page contains 1 frames:
Primary Page:
http://sijiwuxi.com/images/fedexexpres/login.php
Frame ID: DA86CDE936728C0A565FD869FBFCAE37
Requests: 18 HTTP requests in this frame
Screenshot
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- url /\.php(?:$|\?)/i
OpenSSL
(Web Server Extensions)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
login.php
sijiwuxi.com/images/fedexexpres/ |
5 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
MaskedPassword.js
www.sitepoint.com/examples/password/MaskedPassword/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
f1.png
sijiwuxi.com/images/fedexexpres/images/ |
29 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
hd.png
sijiwuxi.com/images/fedexexpres/images/ |
68 KB 68 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
rc.png
sijiwuxi.com/images/fedexexpres/images/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
al.png
sijiwuxi.com/images/fedexexpres/images/ |
40 KB 41 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
nt.gif
sijiwuxi.com/images/fedexexpres/images/ |
10 KB 10 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ot.png
sijiwuxi.com/images/fedexexpres/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sq.png
sijiwuxi.com/images/fedexexpres/images/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
yh.png
sijiwuxi.com/images/fedexexpres/images/ |
157 KB 158 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
gl.png
sijiwuxi.com/images/fedexexpres/images/ |
45 KB 45 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fd.png
sijiwuxi.com/images/fedexexpres/images/ |
134 KB 135 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
f5.png
sijiwuxi.com/images/fedexexpres/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
f2.png
sijiwuxi.com/images/fedexexpres/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
f3.png
sijiwuxi.com/images/fedexexpres/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
f4.png
sijiwuxi.com/images/fedexexpres/images/ |
186 B 510 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
f6.png
sijiwuxi.com/images/fedexexpres/images/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
btn.png
sijiwuxi.com/images/fedexexpres/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| MaskedPassword function| unhideBody0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
sijiwuxi.com
www.sitepoint.com
23.254.147.26
54.148.84.95
03650986ac2a943fae10a61b68eb58f6161d23c85934cdf88100208ef9bdf848
087b0c097858f80b99c334a23b84e81d0dc1211d1aeda0f12ee9f8fcfc12102f
1d4bc8e9524be79329e92ef22df984e5351ba9d413b9d3620cbe519024357509
1d7a70e8ff47fe7a35c9f755df07649d85accc98ec01ced0e5e7ce5aabe8982c
2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825
2f14a2944817d72c57e6503a8df63dbcc287ea3a3b9dc6c82da6890033ef953a
3cc2ae31b27fa77ccd29b7e0cad979ad3c26c6fae8a189cf84c9974f63b35fc9
457f655b0f21c478295b01a76846e8dafd10ca3dcde168c4f3a15b05bb72f347
4b8a33654547d9e6bd9552300a0ccb1fa64d2cbe6dfcf231549d118260c16652
51caf3b342e9876449eca69fd61d2d21059177136ea43a3a9ea32952caf42b23
5e880406525dd553822d33c3b21db483665c6ac76f1f0e2ccc148049a41edfbb
67b0a5db8fcfb4f099e02bc9c83cc8e0e1b93afe4b92f8889415810e1c7ef7d3
6fe42e95c05ef66c71d1608a94e8c6fb03c32ba41cbe5b5159b6e85710548a88
8905d5b6f578fee79588cf97f8be9f7c35d330a4180fadee6efada3b26ab3924
93cd7c20d5c89b51a6a269555e322839ceb50c1cd8bc70956ec944726e2a6e89
a3ac2dd6b109d52be93627d0a5ac01c344f3d74301dbd49d900e779df5c20c4a
b2121b2d3aa1802b18205da28704f7fa554a3dae2da7028b4a351a3cb6aad4a2
d9bf1f8eaf8661d4037ef011414a8cd08e2fe9aa7e58b846f4636bde2697a468