www.browntrouts.com
Open in
urlscan Pro
192.210.150.179
Malicious Activity!
Public Scan
Effective URL: https://www.browntrouts.com/.../sfexpress/cmd-login=ca34bf1005b905c9f32588e9cf821582/?email=dionte@legalshield.com?&loginpag...
Submission Tags: 6726182
Submission: On August 10 via api from NL
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on August 4th 2020. Valid for: 3 months.
This is the only time www.browntrouts.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: SF Express (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.123.54 167.89.123.54 | 11377 (SENDGRID) (SENDGRID) | |
1 9 | 192.210.150.179 192.210.150.179 | 36352 (AS-COLOCR...) (AS-COLOCROSSING) | |
8 | 203.205.137.123 203.205.137.123 | 132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building) | |
2 | 13.226.155.53 13.226.155.53 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 34.204.215.146 34.204.215.146 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 118.89.51.58 118.89.51.58 | 45090 (CNNIC-TEN...) (CNNIC-TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited) | |
1 | 69.172.66.58 69.172.66.58 | 132585 (SIA-HK-AS...) (SIA-HK-AS SkyExchange Internet Access) | |
23 | 6 |
ASN11377 (SENDGRID, US)
PTR: o16789123x54.outbound-mail.sendgrid.net
track.empleyado.com |
ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
www.sf-express.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-53.dus51.r.cloudfront.net
s29755.pcdn.co |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-204-215-146.compute-1.amazonaws.com
www.joc.com |
ASN45090 (CNNIC-TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN)
www.sf-airlines.com |
ASN132585 (SIA-HK-AS SkyExchange Internet Access, HK)
PTR: 69-172-66-058.static.imsbiz.com
www.hino.com.hk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
browntrouts.com
1 redirects
www.browntrouts.com |
41 KB |
8 |
sf-express.com
www.sf-express.com |
2 MB |
3 |
joc.com
www.joc.com |
410 KB |
2 |
pcdn.co
s29755.pcdn.co |
178 KB |
1 |
hino.com.hk
www.hino.com.hk |
134 KB |
1 |
sf-airlines.com
www.sf-airlines.com |
355 KB |
1 |
empleyado.com
1 redirects
track.empleyado.com |
275 B |
23 | 7 |
Domain | Requested by | |
---|---|---|
9 | www.browntrouts.com |
1 redirects
www.browntrouts.com
|
8 | www.sf-express.com |
www.browntrouts.com
|
3 | www.joc.com |
www.browntrouts.com
|
2 | s29755.pcdn.co |
www.browntrouts.com
|
1 | www.hino.com.hk |
www.browntrouts.com
|
1 | www.sf-airlines.com |
www.browntrouts.com
|
1 | track.empleyado.com | 1 redirects |
23 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
browntrouts.com Let's Encrypt Authority X3 |
2020-08-04 - 2020-11-02 |
3 months | crt.sh |
*.sf-express.com DigiCert CN RSA CA G1 |
2020-02-27 - 2022-04-02 |
2 years | crt.sh |
pcdn.co Amazon |
2019-12-10 - 2021-01-10 |
a year | crt.sh |
*.fairplay.ihs.com DigiCert SHA2 Secure Server CA |
2019-01-29 - 2021-01-28 |
2 years | crt.sh |
crown-motors.com Go Daddy Secure Certificate Authority - G2 |
2020-07-11 - 2021-07-01 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://www.browntrouts.com/.../sfexpress/cmd-login=ca34bf1005b905c9f32588e9cf821582/?email=dionte@legalshield.com?&loginpage=&reff=MzUyOGM0M2RkOTI1MDAwNjNmYjU5ZGQxOGU2YTM5YzE=
Frame ID: BFB70ABAFEFE4CAAD5CBFE5CFC729590
Requests: 20 HTTP requests in this frame
Frame:
https://www.browntrouts.com/.../sfexpress/cmd-login=ca34bf1005b905c9f32588e9cf821582/content/login.php?email=dionte@legalshield.com?
Frame ID: 9348BA675AAC948B4DE2DAD7CFFA7691
Requests: 3 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://track.empleyado.com/ls/click?upn=GEpFW-2Fo48oMEiHucWon8LnNjFPummjGGRis-2BkMb92qh8I6EHOwh-2FONKcL...
HTTP 302
https://www.browntrouts.com/.../sfexpress/?email=dionte@legalshield.com? HTTP 302
https://www.browntrouts.com/.../sfexpress/cmd-login=ca34bf1005b905c9f32588e9cf821582/?email=dionte@legal... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://track.empleyado.com/ls/click?upn=GEpFW-2Fo48oMEiHucWon8LnNjFPummjGGRis-2BkMb92qh8I6EHOwh-2FONKcLxp8G9shORTmfhPAVAO37JxiIZULT2L8hI4Hud7s-2BCJf9nG3RTYZhaM0o9GV8HzazXQOvmUHb0G7_jYEnrcVPrD97MqAV1V67vdfuW-2B1c0oLveVLd8tceEUSK25mNnDifsYwqKV2zPi-2FxcESOyTxyA2kzzNpBfFYDIciafGld67s9CpJTnacJvVmzFxpqYKUaCdnB9TFs0zlnNo7x9-2BiaSX-2Bbi-2BXZs1XpqsciqCZzWMyBr5AVRCvhm7Tp8dcRQpC3kCqMUTCtzAMp8LCEKwgSizTUwibynPB5wAFzsZNYUFJ-2BN5umOEx8HEY-3D
HTTP 302
https://www.browntrouts.com/.../sfexpress/?email=dionte@legalshield.com? HTTP 302
https://www.browntrouts.com/.../sfexpress/cmd-login=ca34bf1005b905c9f32588e9cf821582/?email=dionte@legalshield.com?&loginpage=&reff=MzUyOGM0M2RkOTI1MDAwNjNmYjU5ZGQxOGU2YTM5YzE= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.browntrouts.com/.../sfexpress/cmd-login=ca34bf1005b905c9f32588e9cf821582/ Redirect Chain
|
5 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
www.browntrouts.com/.../sfexpress/cmd-login=ca34bf1005b905c9f32588e9cf821582/ |
820 B 807 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
www.browntrouts.com/.../sfexpress/cmd-login=ca34bf1005b905c9f32588e9cf821582/photos/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
www.browntrouts.com/.../sfexpress/cmd-login=ca34bf1005b905c9f32588e9cf821582/content/ Frame 9348 |
140 B 345 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
www.browntrouts.com/.../sfexpress/cmd-login=ca34bf1005b905c9f32588e9cf821582/ |
82 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.js
www.browntrouts.com/.../sfexpress/cmd-login=ca34bf1005b905c9f32588e9cf821582/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
IMG20190905_171924.jpg
www.sf-express.com/cn/sc/download/ |
311 KB 312 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SF_Express_Taiwan_KPA-1063_20180126-1.jpg
s29755.pcdn.co/wp-content/uploads/2018/07/ |
88 KB 89 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SF-CN-Logistics-Warehousing-Service-633x255.jpg
www.sf-express.com/cn/sc/download/ |
647 KB 647 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SFExpress.jpg
www.joc.com/sites/default/files/field_feature_image/ |
147 KB 148 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
HP-banner-new-web-en-1349x487.jpg
www.sf-express.com/.gallery/gb/index/ |
283 KB 284 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
PCkuaidifuwu-0213.jpg
www.sf-express.com/.gallery/index/ |
50 KB 51 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
HP-banner-SF-Direct-en-1349x487.jpg
www.sf-express.com/.gallery/de/index/ |
411 KB 411 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1909100944581164.jpg
www.sf-airlines.com/sfaImage/2019/09/ |
355 KB 355 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
IRCE-1.jpg
www.sf-express.com/.gallery/us/news/ |
132 KB 133 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
share-00-sf-hero.jpg
www.hino.com.hk/sites/default/files/content/photos/ |
134 KB 134 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SF%20Express%20couriers%20loading%20packages%20in%20a%20van-700x464.JPG
www.joc.com/sites/default/files/field_feature_image/ |
114 KB 114 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.php
www.browntrouts.com/.../sfexpress/cmd-login=ca34bf1005b905c9f32588e9cf821582/content/ Frame 9348 |
11 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
www.browntrouts.com/.../sfexpress/cmd-login=ca34bf1005b905c9f32588e9cf821582/content/photos/ Frame 9348 |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SF_Express_Taiwan_KPA-1063_20180126-1.jpg
s29755.pcdn.co/wp-content/uploads/2018/07/ |
88 KB 89 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SF-CN-Logistics-Warehousing-Service-633x255.jpg
www.sf-express.com/cn/sc/download/ |
647 KB 647 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SFExpress.jpg
www.joc.com/sites/default/files/field_feature_image/ |
147 KB 148 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
HP-banner-new-web-en-1349x487.jpg
www.sf-express.com/.gallery/gb/index/ |
64 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: SF Express (Transportation)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| bgImageArray string| base number| secs function| backgroundSequence0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
s29755.pcdn.co
track.empleyado.com
www.browntrouts.com
www.hino.com.hk
www.joc.com
www.sf-airlines.com
www.sf-express.com
118.89.51.58
13.226.155.53
167.89.123.54
192.210.150.179
203.205.137.123
34.204.215.146
69.172.66.58
17d6d4e2cce6d35a5e80fbf7ec5575c9ab4d24238ddf53a0e323bbb7080da58d
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
2de66c0df4f6674858e2d003b386e50494d3b1ec2ce68ae0412dff5baa1be665
44c9d9efcaea62ef98c04baa0d3757b9deffd89e14faa0d54bd1f5bf9375e331
54f540899777787f97d73f9bbea7fb8f360d28ad4c586614aff01e9c41462bf7
5d51e902b4f7b3f4c0fb8e8b9a48e47684f8d73ce659044f952870b59139de46
5d8addca1b6686b67164975015f19b8c0aa54f21ea24e924b6fb12bd7c7525dd
7413fcee4ad8ee388696fb78091aa1493fb0b0aa87e394e381236b9f05c23a6b
7b023a328dd0ae326c0f09ec6bbed26905b1b81d404766a1f3653cf9dbef18e2
8a73edb31547956a8ef9b87d84795705f1efb0f65531c3b3a58d83fbcb6d93c9
93a421ba7ef34d01590b6582dead61eb43a9c49faa4a95e582fff6a36d35b84c
9c7206c4e9778296d64f59c828284e967f16500d38b2f24dec43836ca92ba183
a667428dc46e3ce5e3a3c27d897ba6239d642a44c19f939a82d41e65a25a3520
a6748c8b4c037a6b33b0f0af525136220f65c288611d06bee67bd60ad48a8b09
bd2374bc1ca03459a2e8b0377f792dd61410a3aea23a111412968fbd511f5341
d9442b18e50a6475d6c3d920d456cb1a9a2d412fcd3d3de60eabec68f7d5dc4d
f6982c1c6a5841f10a68cb84533609d1a6fb674fbde53b87dd456fb1a454bf0e
fbcbac2c0cbfa3673bc939cdda59b801f0fe05b7d21b23bd093933bd45ed1cb0