Report Overview

  1. Submitted URL

    www.mashangyoushu.cn/das.php

  2. IP

    39.96.24.137

    ASN

    #37963 Hangzhou Alibaba Advertising Co.,Ltd.

  3. Submitted

    2023-01-26 19:35:36

    Access

  4. Website Title

  5. Final URL

  6. Tags

  7. urlquery detections

    Phishing - Nordea

Detections

  2. urlquery

    16

  3. Network Intrusion Detection

    0

  4. Threat Detection Systems

    80

Domain Summary

Domain / FQDNRankRegisteredFirst SeenLast Seen
firefox.settings.services.mozilla.com8670001-01-01T00:00:00Z0001-01-01T00:00:00Z
ic.tynt.com43000001-01-01T00:00:00Z0001-01-01T00:00:00Z
cdn.tynt.com72600001-01-01T00:00:00Z0001-01-01T00:00:00Z
de.tynt.com12520001-01-01T00:00:00Z0001-01-01T00:00:00Z
widgets.amung.us126230001-01-01T00:00:00Z0001-01-01T00:00:00Z
content-signature-2.cdn.mozilla.net11520001-01-01T00:00:00Z0001-01-01T00:00:00Z
www.mashangyoushu.cnunknown0001-01-01T00:00:00Z0001-01-01T00:00:00Z
certificate.dokument.35-158-186-246.cprapid.comunknown0001-01-01T00:00:00Z0001-01-01T00:00:00Z
ocsp.pki.goog1750001-01-01T00:00:00Z0001-01-01T00:00:00Z
r3.o.lencr.org3440001-01-01T00:00:00Z0001-01-01T00:00:00Z
contile.services.mozilla.com11140001-01-01T00:00:00Z0001-01-01T00:00:00Z
www.gstatic.comunknown0001-01-01T00:00:00Z0001-01-01T00:00:00Z
whos.amung.us126870001-01-01T00:00:00Z0001-01-01T00:00:00Z
t.dtscout.com119510001-01-01T00:00:00Z0001-01-01T00:00:00Z
push.services.mozilla.com21400001-01-01T00:00:00Z0001-01-01T00:00:00Z
ocsp.sectigo.com4870001-01-01T00:00:00Z0001-01-01T00:00:00Z
img-getpocket.cdn.mozilla.net16310001-01-01T00:00:00Z0001-01-01T00:00:00Z
www.mitid.dkunknown0001-01-01T00:00:00Z0001-01-01T00:00:00Z

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish
SeverityIndicatorAlert
mediumwww.mashangyoushu.cn/das.phpNordea Bank
mediumcertificate.dokument.35-158-186-246.cprapid.com/id/dklogin.phpNordea Bank

PhishTank
SeverityIndicatorAlert
mediumcertificate.dokument.35-158-186-246.cprapid.com/id/dklogin.phpOther

Fortinet's Web Filter
SeverityIndicatorAlert
mediumwww.mashangyoushu.cn/das.phpPhishing
mediumcertificate.dokument.35-158-186-246.cprapid.com/idPhishing
mediumcertificate.dokument.35-158-186-246.cprapid.com/id/dklogin.phpPhishing
mediumcertificate.dokument.35-158-186-246.cprapid.com/id/frame/mitlogin.phpPhishing
mediumcertificate.dokument.35-158-186-246.cprapid.com/id/partials/js/jquery.jsPhishing
mediumcertificate.dokument.35-158-186-246.cprapid.com/id/all/nemid-830ab2367a74a48b4e61ce97be19c0bd.svgPhishing
mediumcertificate.dokument.35-158-186-246.cprapid.com/id/Phishing
mediumcertificate.dokument.35-158-186-246.cprapid.com/id/all/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woffPhishing
mediumcertificate.dokument.35-158-186-246.cprapid.com/id/all/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svgPhishing
mediumcertificate.dokument.35-158-186-246.cprapid.com/id/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.downloadPhishing
mediumcertificate.dokument.35-158-186-246.cprapid.com/id/all/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woffPhishing
mediumcertificate.dokument.35-158-186-246.cprapid.com/id/all/no-connection-83f79e2367a313b468986e12a237c346.svgPhishing
mediumcertificate.dokument.35-158-186-246.cprapid.com/id/all/empty-3857ebe69f653487f8c9d99adde4657f.svgPhishing
mediumcertificate.dokument.35-158-186-246.cprapid.com/id/all/technical-error-91ca9eec9eed6ed945355d650bb10d41.svgPhishing
mediumcertificate.dokument.35-158-186-246.cprapid.com/id/partials/status.phpPhishing
mediumcertificate.dokument.35-158-186-246.cprapid.com/id/partials/status.phpPhishing

mnemonic secure dns

No alerts detected


Quad9 DNS
SeverityIndicatorAlert
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed
mediumcprapid.comSinkholed

ThreatFox

No alerts detected


JavaScript (13)

HTTP Transactions (59)

URLIPResponseSize
r3.o.lencr.org/
23.36.76.226200 OK503 B
r3.o.lencr.org/
23.36.76.226200 OK503 B
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK939 B
r3.o.lencr.org/
23.36.76.226200 OK503 B
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK5.3 kB
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK12 B
www.mashangyoushu.cn/das.php
39.96.24.137200 OK198 B
certificate.dokument.35-158-186-246.cprapid.com/id
35.158.186.246301 Moved Permanently267 B
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK329 B
www.mashangyoushu.cn/favicon.ico
39.96.24.137200 OK4.3 kB
r3.o.lencr.org/
23.36.76.226200 OK503 B
certificate.dokument.35-158-186-246.cprapid.com/id/dklogin.php
35.158.186.246200 OK18 kB
certificate.dokument.35-158-186-246.cprapid.com/id/frame/mitlogin.php
35.158.186.246200 OK8.0 kB
certificate.dokument.35-158-186-246.cprapid.com/id/frame/mitd.css
35.158.186.246200 OK56 kB
certificate.dokument.35-158-186-246.cprapid.com/id/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
35.158.186.246200 OK46 kB
push.services.mozilla.com/
52.41.131.197101 Switching Protocols0 B
certificate.dokument.35-158-186-246.cprapid.com/id/partials/js/jquery.js
35.158.186.246200 OK272 kB
certificate.dokument.35-158-186-246.cprapid.com/id/all/nemid-830ab2367a74a48b4e61ce97be19c0bd.svg
35.158.186.246200 OK2.3 kB
certificate.dokument.35-158-186-246.cprapid.com/id/all/banner.png
35.158.186.246200 OK40 kB
certificate.dokument.35-158-186-246.cprapid.com/id/
35.158.186.246302 Found3.1 kB
certificate.dokument.35-158-186-246.cprapid.com/id/all/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
35.158.186.246200 OK32 kB
certificate.dokument.35-158-186-246.cprapid.com/id/all/5e73b3c67b0510c4c5cf-6629cb5350d6f3276b2dccc43bd3f397.png
35.158.186.246200 OK40 kB
certificate.dokument.35-158-186-246.cprapid.com/id/all/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
35.158.186.246200 OK3.1 kB
certificate.dokument.35-158-186-246.cprapid.com/id/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download
35.158.186.246404 Not Found10 kB
certificate.dokument.35-158-186-246.cprapid.com/id/all/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
35.158.186.246200 OK31 kB
certificate.dokument.35-158-186-246.cprapid.com/id/all/no-connection-83f79e2367a313b468986e12a237c346.svg
35.158.186.246200 OK5.0 kB
certificate.dokument.35-158-186-246.cprapid.com/id/all/empty-3857ebe69f653487f8c9d99adde4657f.svg
35.158.186.246200 OK1.6 kB
certificate.dokument.35-158-186-246.cprapid.com/id/all/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
35.158.186.246200 OK2.8 kB
certificate.dokument.35-158-186-246.cprapid.com/id/all/translate_24dp.png
35.158.186.246200 OK825 B
ocsp.pki.goog/gts1c3
142.250.74.131200 OK471 B
www.gstatic.com/images/branding/product/2x/translate_24dp.png
216.58.211.3200 OK1.8 kB
ocsp.pki.goog/gts1c3
142.250.74.131200 OK471 B
ocsp.sectigo.com/
172.64.155.188200 OK471 B
r3.o.lencr.org/
23.36.76.226200 OK503 B
r3.o.lencr.org/
23.36.76.226200 OK503 B
r3.o.lencr.org/
23.36.76.226200 OK503 B
r3.o.lencr.org/
23.36.76.226200 OK503 B
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
34.120.237.76200 OK5.9 kB
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa3e6d9a5-dd7d-4337-a00f-a145350a1a29.jpeg
34.120.237.76200 OK10 kB
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09ccbe5e-77b1-4d6d-98f5-a477f3861d8c.jpeg
34.120.237.76200 OK13 kB
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg
34.120.237.76200 OK9.6 kB
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05a55fc3-efb4-4124-a48d-b57fc1e9bea4.jpeg
34.120.237.76200 OK7.4 kB
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8017df09-37d9-4c4b-9051-0442b3eb8fbf.jpeg
34.120.237.76200 OK9.3 kB
cdn.tynt.com/tc.js
104.18.36.173200 OK6.7 kB
ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1674761727656&dn=TC&iso=0&pu=https%3A%2F%2Fcertificate.dokument.35-158-186-246.cprapid.com%2Fid%2Fdklogin.php&r=http%3A%2F%2Fwww.mashangyoushu.cn%2F&t=Nordea%20identification
67.202.105.34204 No Content0 B
ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1674761727656&dn=TC&iso=0&pu=https%3A%2F%2Fcertificate.dokument.35-158-186-246.cprapid.com%2Fid%2Fdklogin.php&r=http%3A%2F%2Fwww.mashangyoushu.cn%2F
67.202.105.34204 No Content0 B
de.tynt.com/deb/v2?id=w!holland001&dn=TC&cc=1&r=http%3A%2F%2Fwww.mashangyoushu.cn%2F&pu=https%3A%2F%2Fcertificate.dokument.35-158-186-246.cprapid.com%2Fid%2Fdklogin.php
67.202.105.32200 OK4 B
ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1674761727656&dn=TC&iso=0&pu=https%3A%2F%2Fcertificate.dokument.35-158-186-246.cprapid.com%2Fid%2Fdklogin.php
67.202.105.34204 No Content0 B
ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1674761727656&dn=TC&iso=0&pu=https%3A%2F%2Fcertificate.dokument.35-158-186-246.cprapid.com%2Fid%2Fdklogin.php
67.202.105.34204 No Content0 B
certificate.dokument.35-158-186-246.cprapid.com/id/partials/status.php
35.158.186.246500 Internal Server Error0 B
certificate.dokument.35-158-186-246.cprapid.com/id/partials/status.php
35.158.186.246500 Internal Server Error0 B
www.mitid.dk/assets/fonts/IBMPlexSans-Bold.woff2
95.100.107.92200 OK0 B
t.dtscout.com/i/?l=https%3A%2F%2Fcertificate.dokument.35-158-186-246.cprapid.com%2Fid%2Fdklogin.php&j=http%3A%2F%2Fwww.mashangyoushu.cn%2F
141.101.120.10200 OK0 B
t.dtscout.com/pv/?_a=v&_h=certificate.dokument.35-158-186-246.cprapid.com&_ss=7492o1k99d&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=4awe&_cb=_dtspv.c
141.101.120.10200 OK0 B
widgets.amung.us/small.js
172.67.8.141200 OK0 B
www.mitid.dk/assets/fonts/IBMPlexSans-Medium.woff2
95.100.107.92200 OK0 B
certificate.dokument.35-158-186-246.cprapid.com/id/all/translateelement.css
35.158.186.246200 OK0 B
whos.amung.us/pingjs/?k=holland001&t=Nordea%20identification&c=s&x=https%3A%2F%2Fcertificate.dokument.35-158-186-246.cprapid.com%2Fid%2Fdklogin.php&y=http%3A%2F%2Fwww.mashangyoushu.cn%2F&a=0&d=1.057&v=27&r=1755
172.67.8.141200 OK0 B
www.mitid.dk/assets/fonts/IBMPlexSans-SemiBold.woff2
95.100.107.92200 OK0 B