customers.su
Open in
urlscan Pro
190.115.31.22
Malicious Activity!
Public Scan
Effective URL: https://customers.su/clients/65b973092e27a/?verification
Submission: On January 30 via api from US — Scanned from US
Summary
TLS certificate: Issued by R3 on January 26th 2024. Valid for: 3 months.
This is the only time customers.su was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Chase (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 3 | 186.2.163.165 186.2.163.165 | 59692 (IQWEB) (IQWEB) | |
1 13 | 190.115.31.22 190.115.31.22 | 59692 (IQWEB) (IQWEB) | |
12 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
customers.su
1 redirects
customers.su |
670 KB |
3 |
humancheck.su
3 redirects
humancheck.su |
561 B |
12 | 2 |
Domain | Requested by | |
---|---|---|
13 | customers.su |
1 redirects
customers.su
|
3 | humancheck.su | 3 redirects |
12 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
customers.su R3 |
2024-01-26 - 2024-04-25 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://customers.su/clients/65b973092e27a/?verification
Frame ID: DEF0F30A91D3D3A1FA0EF9367783F478
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
SecuredPage URL History Show full URLs
-
http://humancheck.su/cbo?at3koirvx?aev0fpz85
HTTP 301
https://humancheck.su/cbo?at3koirvx?aev0fpz85 HTTP 301
https://humancheck.su/cbo/?at3koirvx?aev0fpz85 HTTP 302
https://customers.su/?pwd=read HTTP 302
https://customers.su/clients/65b973092e27a/?verification Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://humancheck.su/cbo?at3koirvx?aev0fpz85
HTTP 301
https://humancheck.su/cbo?at3koirvx?aev0fpz85 HTTP 301
https://humancheck.su/cbo/?at3koirvx?aev0fpz85 HTTP 302
https://customers.su/?pwd=read HTTP 302
https://customers.su/clients/65b973092e27a/?verification Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
customers.su/clients/65b973092e27a/ Redirect Chain
|
24 KB 25 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
base.css
customers.su/ui/css/ |
29 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fonts.css
customers.su/ui/css/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
forget.css
customers.su/ui/css/ |
23 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
customers.su/ui/js/libs/ |
105 KB 105 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.inputmask.min.js
customers.su/ui/js/libs/ |
119 KB 119 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sorry.js
customers.su/ui/js/ |
2 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ww.svg
customers.su/ui/pics/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bgdesk.jpeg
customers.su/ui/pics/ |
245 KB 245 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-regular.woff
customers.su/ui/fonts/ |
24 KB 24 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-semibold.woff
customers.su/ui/fonts/ |
25 KB 25 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dcefont.woff
customers.su/ui/fonts/ |
69 KB 69 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Chase (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| Inputmask function| default4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.humancheck.su/ | Name: __ddg1_ Value: 7ccvI5yv6i7JTI4iHHd0 |
|
.customers.su/ | Name: __ddg1_ Value: Ei0iFTh8bDAW6fOUe522 |
|
customers.su/ | Name: PHPSESSID Value: e415f6251b61c43b001994c461226f57 |
|
customers.su/ | Name: ruser Value: 65b973092e27a__here |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests; |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
customers.su
humancheck.su
186.2.163.165
190.115.31.22
38e6598d39689b79c8b1d3ee5f56288db872835c66b19abe44056a13e34c8c64
4260832a0138b5765264ca97102673f3d3263b92015f8eb3b2b7c7d100d969e7
5877d37730cc123e650c22dc1b1fbe8c28a932ca22b9a3d1c2bf421d5482ddfd
59d80a8b0bfbfdbb12a8d3083108973ed05d576821d5615bebbc0289f93c0cf6
64a0e8cdf9ed71c0786cd28aa3f4677acaa39c83a2344ce17a1a6e82b97de691
6ea71f4189e78297e3d1834c586a10dd39826ed8361cb1268b847cef45e03cb1
b1c065909eeff23e3114b738f050aaed1059feb59f9c0bdacc18b52245014ea9
b8422277fc69c8e6ab51112dbf25048e40425cc497490fee251b56d7ef0ca179
bcb82a8a26c4e2be9045d8ba249cb65ae4fdaa2e99cc141c7fa0b644a136b9ec
d2113460c69de50edc6206a20deec3c2bc2733929f53817f1faca74ab34c33e3
d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0
eea71a343c9142c3ce363189deac523b66318a3c2be39add1e922fb3a9186b4c