urlscan.io logo urlscan.io
SecurityTrails logo

salma.jcasitetest.com Open in urlscan Pro
148.72.84.242  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://synapsegum.com/sign-in/login.made-in-china.com
Effective URL: https://salma.jcasitetest.com/login.made-in-china.com/mic/index.php
Submission: On December 29 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 8 HTTP transactions. The main IP is 148.72.84.242, located in Ashburn, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is salma.jcasitetest.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 8th 2021. Valid for: 3 months.
This is the only time salma.jcasitetest.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Made in China (Supplychain)

Domain & IP information

IP Address AS Autonomous System
1 2 192.124.249.165 30148 (SUCURI-SEC)
2 148.72.84.242 26496 (AS-26496-...)
2 2.16.186.225 20940 (AKAMAI-ASN1)
1 2.16.187.56 20940 (AKAMAI-ASN1)
1 104.104.52.81 20940 (AKAMAI-ASN1)
1 184.31.90.156 16625 (AKAMAI-AS)
8 6
2    192.124.249.165 (Homewood, United States)

ASN30148 (SUCURI-SEC, US)
PTR: cloudproxy10165.sucuri.net
synapsegum.com
2    148.72.84.242 (Ashburn, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-148-72-84-242.ip.secureserver.net
salma.jcasitetest.com
2    2.16.186.225 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-225.deploy.static.akamaitechnologies.com
www.micstatic.com
1    2.16.187.56 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-187-56.deploy.static.akamaitechnologies.com
login.made-in-china.com
1    104.104.52.81 (Milan, Italy)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-104-52-81.deploy.static.akamaitechnologies.com
img1.wsimg.com
1    184.31.90.156 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-90-156.deploy.static.akamaitechnologies.com
img.secureserver.net
Domain Requested by
2 www.micstatic.com salma.jcasitetest.com
www.micstatic.com
2 salma.jcasitetest.com synapsegum.com
salma.jcasitetest.com
2 synapsegum.com 1 redirects
1 img.secureserver.net
1 img1.wsimg.com salma.jcasitetest.com
1 login.made-in-china.com salma.jcasitetest.com
8 6

This site contains no links.

Subject Issuer Validity Valid
salma.jcasitetest.com
cPanel, Inc. Certification Authority		 2021-10-08 -
2022-01-06		 3 months crt.sh
*.micstatic.com
DigiCert SHA2 Secure Server CA		 2021-09-02 -
2022-09-02		 a year crt.sh
*.made-in-china.com
DigiCert SHA2 Secure Server CA		 2021-09-21 -
2022-09-21		 a year crt.sh
*.wsimg.com
Starfield Secure Certificate Authority - G2		 2021-09-24 -
2022-10-26		 a year crt.sh
*.secureserver.net
Starfield Secure Certificate Authority - G2		 2021-09-16 -
2022-10-18		 a year crt.sh

This page contains 1 frames:

Primary Page: https://salma.jcasitetest.com/login.made-in-china.com/mic/index.php
Frame ID: FC6A69F5342E36549043C9E67E421A48
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign In | Made-in-China.com

Page URL History Show full URLs

  1. http://synapsegum.com/sign-in/login.made-in-china.com HTTP 301
    http://synapsegum.com/sign-in/login.made-in-china.com/ Page URL
  2. https://salma.jcasitetest.com/login.made-in-china.com/mic/index.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

8
Requests

88 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

87 kB
Transfer

183 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://synapsegum.com/sign-in/login.made-in-china.com HTTP 301
    http://synapsegum.com/sign-in/login.made-in-china.com/ Page URL
  2. https://salma.jcasitetest.com/login.made-in-china.com/mic/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://synapsegum.com/sign-in/login.made-in-china.com HTTP 301
  • http://synapsegum.com/sign-in/login.made-in-china.com/

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
synapsegum.com/sign-in/login.made-in-china.com/
Redirect Chain
  • http://synapsegum.com/sign-in/login.made-in-china.com
  • http://synapsegum.com/sign-in/login.made-in-china.com/
129 B
479 B 		Document
General
Check archive.org
Download Go to
Full URL
http://synapsegum.com/sign-in/login.made-in-china.com/
Protocol
HTTP/1.1
Server
192.124.249.165 Homewood, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10165.sucuri.net
Software
Sucuri/Cloudproxy /
Resource Hash
cc07771fdaf4a2c2827cfb30a5e81dff7a1b1e669df3147664267fd745bd14f0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
Sucuri/Cloudproxy
Date
Wed, 29 Dec 2021 13:00:28 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
125
Connection
keep-alive
X-Sucuri-ID
15015
X-XSS-Protection
1; mode=block
X-Frame-Options
SAMEORIGIN
X-Content-Type-Options
nosniff
Vary
Accept-Encoding
Content-Encoding
gzip
X-Sucuri-Cache
BYPASS

Redirect headers

Server
Sucuri/Cloudproxy
Date
Wed, 29 Dec 2021 13:00:28 GMT
Content-Type
text/html; charset=iso-8859-1
Content-Length
262
Connection
keep-alive
X-Sucuri-ID
15015
X-XSS-Protection
1; mode=block
X-Frame-Options
SAMEORIGIN
X-Content-Type-Options
nosniff
Location
http://synapsegum.com/sign-in/login.made-in-china.com/
X-Sucuri-Cache
BYPASS
Primary Request index.php
salma.jcasitetest.com/login.made-in-china.com/mic/ 		7 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://salma.jcasitetest.com/login.made-in-china.com/mic/index.php
Requested by
Host: synapsegum.com
URL: http://synapsegum.com/sign-in/login.made-in-china.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.84.242 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-148-72-84-242.ip.secureserver.net
Software
Apache / PHP/7.4.26
Resource Hash
0e69ea21101a992ddc555fe8b743a1cc86292719d29072abf973bc9f5b4891b9

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://synapsegum.com/

Response headers

x-powered-by
PHP/7.4.26
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
vary
Accept-Encoding
content-encoding
gzip
content-length
2285
content-type
text/html; charset=UTF-8
date
Wed, 29 Dec 2021 13:00:28 GMT
server
Apache
global_65d53e57.css
www.micstatic.com/gb/css/ 		79 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.micstatic.com/gb/css/global_65d53e57.css
Requested by
Host: salma.jcasitetest.com
URL: https://salma.jcasitetest.com/login.made-in-china.com/mic/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.186.225 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-186-225.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
45e51cad4213b395736ade53bcf14cc1ae7c2aa07a5875c10eb9ff4585200572

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://salma.jcasitetest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 13:00:29 GMT
content-encoding
gzip
last-modified
Mon, 17 Jun 2019 06:43:54 GMT
server
nginx
etag
"5d0736aa-13d31"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=31488692
accept-ranges
bytes
content-length
10260
expires
Wed, 28 Dec 2022 23:52:01 GMT
login.css
login.made-in-china.com/css/ 		21 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.made-in-china.com/css/login.css?t=oMKEghUFYpnY
Requested by
Host: salma.jcasitetest.com
URL: https://salma.jcasitetest.com/login.made-in-china.com/mic/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.187.56 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-187-56.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
5ad1330157ccb6d291a329dbcfdd06790c8580a5daefb8a720973cc309edc04c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://salma.jcasitetest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 13:00:29 GMT
content-encoding
gzip
last-modified
Tue, 21 Dec 2021 06:16:13 GMT
server
nginx
etag
W/"21910-1640067373000"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31532547
server-timing
app;dur=0
timing-allow-origin
*
content-length
4896
expires
Thu, 29 Dec 2022 12:02:56 GMT
ad.jpg
salma.jcasitetest.com/login.made-in-china.com/mic/images/ 		55 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://salma.jcasitetest.com/login.made-in-china.com/mic/images/ad.jpg
Requested by
Host: salma.jcasitetest.com
URL: https://salma.jcasitetest.com/login.made-in-china.com/mic/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.84.242 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-148-72-84-242.ip.secureserver.net
Software
Apache /
Resource Hash
0c80a7c503b1678793a85d9fb5e00f09306e0d7d0a60e814319b686fc73f9e72

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://salma.jcasitetest.com/login.made-in-china.com/mic/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 13:00:29 GMT
last-modified
Mon, 06 Dec 2021 06:10:40 GMT
server
Apache
accept-ranges
bytes
etag
"2e1690-dc83-5d2741dc26509"
content-length
56451
content-type
image/jpeg
tcc_l.combined.1.0.6.min.js
img1.wsimg.com/tcc/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js
Requested by
Host: salma.jcasitetest.com
URL: https://salma.jcasitetest.com/login.made-in-china.com/mic/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.104.52.81 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-104-52-81.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
aa5c1ec4d2ea00eb517eadeb3b65e55b577b7a5ed42d7c2611d15d9050c18350

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://salma.jcasitetest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 13:00:29 GMT
content-encoding
gzip
last-modified
Fri, 31 Mar 2017 16:26:41 GMT
etag
"52ef5c943baad21:0"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
content-length
4564
expires
Thu, 29 Dec 2022 13:00:29 GMT
logo-2.png
www.micstatic.com/gb/img/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.micstatic.com/gb/img/logo-2.png
Requested by
Host: www.micstatic.com
URL: https://www.micstatic.com/gb/css/global_65d53e57.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.186.225 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-186-225.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ca230ee7ab7b30cd3cbc57dd169a65432fa2d051e0460f0369df4139aaa6aa76

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.micstatic.com/gb/css/global_65d53e57.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 13:00:29 GMT
last-modified
Thu, 24 Sep 2020 12:32:19 GMT
server
nginx
etag
"5f6c91d3-1e9f"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31489972
accept-ranges
bytes
content-length
7839
expires
Thu, 29 Dec 2022 00:13:21 GMT
event
img.secureserver.net/t/1/tl/ 		43 B
379 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.secureserver.net/t/1/tl/event?cts=1640782828990&tce=1640782828034&tcs=1640782827827&tdc=1640782828789&tdclee=1640782828601&tdcles=1640782828601&tdi=1640782828601&tdl=1640782828365&tdle=1640782827827&tdls=1640782827819&tfs=1640782827818&tns=1640782827818&trqs=1640782828034&tre=1640782828358&trps=1640782828357&tles=1640782828789&tlee=1640782828790&ht=perf&dh=salma.jcasitetest.com&dr=http%3A%2F%2Fsynapsegum.com%2F&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.93%20Safari%2F537.36&vci=2049968293&cv=1.0.6&z=1334945888&vg=263191ed-9077-4501-ba55-0f2eeec1eb7c&vtg=263191ed-9077-4501-ba55-0f2eeec1eb7c&ap=cpbh&trfd=%7B%22cts%22%3A1640782828600%2C%22tccl.baseHost%22%3A%22secureserver.net%22%2C%22ap%22%3A%22cpbh%22%2C%22server%22%3A%22a2plvcpnl257281%22%2C%22id%22%3A%223184441%22%7D&dp=%2Flogin.made-in-china.com%2Fmic%2Findex.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.31.90.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-90-156.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://salma.jcasitetest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Date
Wed, 29 Dec 2021 13:00:29 GMT
X-Frame-Options
DENY
Content-Type
image/gif
Cache-Control
private
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Content-Length
43
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Made in China (Supplychain)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _trfd function| tcg function| tcp object| perfhandler object| TCCTracker object| _trfq object| true

3 Cookies

Domain/Path Name / Value
salma.jcasitetest.com/ Name: PHPSESSID
Value: 879b426d4bfbe136c4fe93592fcd7531
salma.jcasitetest.com/ Name: _tccl_visitor
Value: 263191ed-9077-4501-ba55-0f2eeec1eb7c
salma.jcasitetest.com/ Name: _tccl_visit
Value: 263191ed-9077-4501-ba55-0f2eeec1eb7c

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block