azhilift.mycustomerconnect.com
Open in
urlscan Pro
52.34.207.165
Malicious Activity!
Public Scan
Effective URL: https://azhilift.mycustomerconnect.com/dhl-express-service.com/address/mso365.php?cmd=login_submit&id=400f4113f3f52af5f400195596326cb54...
Submission: On May 21 via manual from US
Summary
TLS certificate: Issued by Trustwave Organization Validation SHA... on June 26th 2018. Valid for: a year.
This is the only time azhilift.mycustomerconnect.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2620:101:2002... 2620:101:2002:11f0::1001 | 16417 () () | |
1 1 | 222.122.63.26 222.122.63.26 | 4766 (KIXS-AS-K...) (KIXS-AS-KR Korea Telecom) | |
1 | 222.73.201.89 222.73.201.89 | 4812 (CHINANET-...) (CHINANET-SH-AP China Telecom (Group)) | |
2 6 | 52.34.207.165 52.34.207.165 | 16509 () () | |
2 | 2001:4860:480... 2001:4860:4802:38::15 | 15169 () () | |
4 | 151.101.36.193 151.101.36.193 | 54113 () () | |
4 | 2001:4860:480... 2001:4860:4802:36::15 | 15169 () () | |
15 | 5 |
ASN4812 (CHINANET-SH-AP China Telecom (Group), CN)
www.spsppx.com.cn |
ASN16509 (,)
PTR: ec2-52-34-207-165.us-west-2.compute.amazonaws.com
azhilift.mycustomerconnect.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
mycustomerconnect.com
2 redirects
azhilift.mycustomerconnect.com |
208 KB |
4 |
svgur.com
svgur.com |
1 KB |
4 |
imgur.com
i.imgur.com |
395 KB |
2 |
svgshare.com
svgshare.com |
3 KB |
1 |
spsppx.com.cn
www.spsppx.com.cn |
485 B |
1 |
kcm.co.kr
1 redirects
search.kcm.co.kr |
293 B |
1 |
cisco.com
1 redirects
secure-web.cisco.com |
391 B |
15 | 7 |
Domain | Requested by | |
---|---|---|
6 | azhilift.mycustomerconnect.com |
2 redirects
www.spsppx.com.cn
azhilift.mycustomerconnect.com |
4 | svgur.com |
azhilift.mycustomerconnect.com
|
4 | i.imgur.com |
azhilift.mycustomerconnect.com
|
2 | svgshare.com |
azhilift.mycustomerconnect.com
|
1 | www.spsppx.com.cn | |
1 | search.kcm.co.kr | 1 redirects |
1 | secure-web.cisco.com | 1 redirects |
15 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.mycustomerconnect.com Trustwave Organization Validation SHA256 CA, Level 1 |
2018-06-26 - 2019-07-03 |
a year | crt.sh |
svgshare.com Let's Encrypt Authority X3 |
2019-04-22 - 2019-07-21 |
3 months | crt.sh |
*.imgur.com DigiCert SHA2 Secure Server CA |
2018-12-14 - 2020-02-12 |
a year | crt.sh |
svgur.com Let's Encrypt Authority X3 |
2019-04-23 - 2019-07-22 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://azhilift.mycustomerconnect.com/dhl-express-service.com/address/mso365.php?cmd=login_submit&id=400f4113f3f52af5f400195596326cb5400f4113f3f52af5f400195596326cb5&session=400f4113f3f52af5f400195596326cb5400f4113f3f52af5f400195596326cb5&login=aante@deloitte.com&idd=400f4113f3f52af5f400195596326cb5
Frame ID: 6A1FA4AA08B7C91A9B65DD350B6D43CC
Requests: 9 HTTP requests in this frame
Frame:
https://azhilift.mycustomerconnect.com/dhl-express-service.com/address/mso365.php?cmd=login_submit&id=400f4113f3f52af5f400195596326cb5400f4113f3f52af5f400195596326cb5&session=400f4113f3f52af5f400195596326cb5400f4113f3f52af5f400195596326cb5&login=aante@deloitte.com&idd=400f4113f3f52af5f400195596326cb5
Frame ID: 059FCD15CD1DBB192D38E5F6261909A6
Requests: 6 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://secure-web.cisco.com/1FBFNc7XatmHuS14L9cmPhlJb7hpIvHI4pWcdI7j1cjBc4ZuilTF3-wSE6wS5ETiN6ams47Y_vxl...
HTTP 302
http://search.kcm.co.kr/jump.php?sid=312&url=http%3A%2F%2Fwww%2Espsppx%2Ecom%2Ecn%2F%2Ed%2Eh%2El%2Ee... HTTP 302
http://www.spsppx.com.cn/.d.h.l.e.x.p.r.e.s.s/ Page URL
-
https://azhilift.mycustomerconnect.com/dhl-express-service.com/?apache=permis_konkosa&login=aante@deloitte.com&&
HTTP 302
https://azhilift.mycustomerconnect.com/dhl-express-service.com/address/?cmd=open_servlet&uid=ba65ec15c6366f86c3c441... HTTP 302
https://azhilift.mycustomerconnect.com/dhl-express-service.com/address/mso365.php?cmd=login_submit&id=400f4113f3f52... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- headers server /php\/?([\d.]+)?/i
Windows Server (Operating Systems) Expand
Detected patterns
- headers server /Win32|Win64/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://secure-web.cisco.com/1FBFNc7XatmHuS14L9cmPhlJb7hpIvHI4pWcdI7j1cjBc4ZuilTF3-wSE6wS5ETiN6ams47Y_vxlccPKZ10tB2hOkNE__RR9L2j0BBI6-gvCWFELawTRm8xD9kkhk6f32aTA-8T1vPz8wHaQzYm8Mw0jMjodLhz4tUyfQGagCll5tREair8ahyAovzrJW_c9OjnhAGYqIoDGnRdhcpTSxqfWQaXqC0H6uuRuBzCms5wMH7j2hr5zxiALHD4-2UECTn9kDuV1IjS0sQ54Hl5acFF7brSr6QOl1fwS5ZCfQAVqoQk12ktK8fLKMFE1JGiNTg4wku6x7FRscM55Uuex326-fwfUhnkdAcPwBm3UDrZwMEHXIpf-WQsQwcVSFDcCyWMPg2scZ2CmtPRttZGMmRrxYU0GXyM5IlAmgApdshZ7MMMUgn9NOxm6cZSd6R3PkTyf_j2j6KHbWoAJOMq-VTU50wJOyx_rDxp_EuzCTZd5CxQAFmbphcqXayPrQEhQurzI_oi0AfSJ9H0HygTiUJg/http%3A%2F%2Fsearch.kcm.co.kr%2Fjump.php%3Fsid%3D312%26url%3Dhttp%253A%252F%252Fwww%252Espsppx%252Ecom%252Ecn%252F%252Ed%252Eh%252El%252Ee%252Ex%252Ep%252Er%252Ee%252Es%252Es%252F%23aante%40deloitte.com%26
HTTP 302
http://search.kcm.co.kr/jump.php?sid=312&url=http%3A%2F%2Fwww%2Espsppx%2Ecom%2Ecn%2F%2Ed%2Eh%2El%2Ee%2Ex%2Ep%2Er%2Ee%2Es%2Es%2F HTTP 302
http://www.spsppx.com.cn/.d.h.l.e.x.p.r.e.s.s/ Page URL
-
https://azhilift.mycustomerconnect.com/dhl-express-service.com/?apache=permis_konkosa&login=aante@deloitte.com&&
HTTP 302
https://azhilift.mycustomerconnect.com/dhl-express-service.com/address/?cmd=open_servlet&uid=ba65ec15c6366f86c3c441e96618ba74ba65ec15c6366f86c3c441e96618ba74&sakamanje=ba65ec15c6366f86c3c441e96618ba74ba65ec15c6366f86c3c441e96618ba74&login=aante@deloitte.com&kernel=ba65ec15c6366f86c3c441e96618ba74&unix=ba65ec15c6366f86c3c441e96618ba74-linux HTTP 302
https://azhilift.mycustomerconnect.com/dhl-express-service.com/address/mso365.php?cmd=login_submit&id=400f4113f3f52af5f400195596326cb5400f4113f3f52af5f400195596326cb5&session=400f4113f3f52af5f400195596326cb5400f4113f3f52af5f400195596326cb5&login=aante@deloitte.com&idd=400f4113f3f52af5f400195596326cb5 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://secure-web.cisco.com/1FBFNc7XatmHuS14L9cmPhlJb7hpIvHI4pWcdI7j1cjBc4ZuilTF3-wSE6wS5ETiN6ams47Y_vxlccPKZ10tB2hOkNE__RR9L2j0BBI6-gvCWFELawTRm8xD9kkhk6f32aTA-8T1vPz8wHaQzYm8Mw0jMjodLhz4tUyfQGagCll5tREair8ahyAovzrJW_c9OjnhAGYqIoDGnRdhcpTSxqfWQaXqC0H6uuRuBzCms5wMH7j2hr5zxiALHD4-2UECTn9kDuV1IjS0sQ54Hl5acFF7brSr6QOl1fwS5ZCfQAVqoQk12ktK8fLKMFE1JGiNTg4wku6x7FRscM55Uuex326-fwfUhnkdAcPwBm3UDrZwMEHXIpf-WQsQwcVSFDcCyWMPg2scZ2CmtPRttZGMmRrxYU0GXyM5IlAmgApdshZ7MMMUgn9NOxm6cZSd6R3PkTyf_j2j6KHbWoAJOMq-VTU50wJOyx_rDxp_EuzCTZd5CxQAFmbphcqXayPrQEhQurzI_oi0AfSJ9H0HygTiUJg/http%3A%2F%2Fsearch.kcm.co.kr%2Fjump.php%3Fsid%3D312%26url%3Dhttp%253A%252F%252Fwww%252Espsppx%252Ecom%252Ecn%252F%252Ed%252Eh%252El%252Ee%252Ex%252Ep%252Er%252Ee%252Es%252Es%252F%23aante%40deloitte.com%26 HTTP 302
- http://search.kcm.co.kr/jump.php?sid=312&url=http%3A%2F%2Fwww%2Espsppx%2Ecom%2Ecn%2F%2Ed%2Eh%2El%2Ee%2Ex%2Ep%2Er%2Ee%2Es%2Es%2F HTTP 302
- http://www.spsppx.com.cn/.d.h.l.e.x.p.r.e.s.s/
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
www.spsppx.com.cn/.d.h.l.e.x.p.r.e.s.s/ Redirect Chain
|
261 B 485 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
mso365.php
azhilift.mycustomerconnect.com/dhl-express-service.com/address/ Redirect Chain
|
10 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
converged.v2.login.min.css
azhilift.mycustomerconnect.com/dhl-express-service.com/address/ |
93 KB 93 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9vk.svg
svgshare.com/i/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MssAE2X.png
i.imgur.com/ |
87 KB 87 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9u0.svg
svgur.com/i/ |
915 B 350 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9uL.svg
svgur.com/i/ |
915 B 350 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mso365.php
azhilift.mycustomerconnect.com/dhl-express-service.com/address/ Frame 059F |
10 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JLZO6zZ.jpg
i.imgur.com/ |
602 B 669 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7ZWcmUa.jpg
i.imgur.com/ |
221 KB 221 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
converged.v2.login.min.css
azhilift.mycustomerconnect.com/dhl-express-service.com/address/ Frame 059F |
93 KB 93 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9vk.svg
svgshare.com/i/ Frame 059F |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MssAE2X.png
i.imgur.com/ Frame 059F |
87 KB 87 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9u0.svg
svgur.com/i/ Frame 059F |
915 B 350 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9uL.svg
svgur.com/i/ Frame 059F |
915 B 350 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
azhilift.mycustomerconnect.com
i.imgur.com
search.kcm.co.kr
secure-web.cisco.com
svgshare.com
svgur.com
www.spsppx.com.cn
151.101.36.193
2001:4860:4802:36::15
2001:4860:4802:38::15
222.122.63.26
222.73.201.89
2620:101:2002:11f0::1001
52.34.207.165
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0cc4c661f0339c272ee711aecbe02a52e518ae95c8fa7552f1e4634cffe4d87b
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
3431e25fe3b9258d100d12a2880169aedee20dfa357e637d3674a4260b660ef5
602ade30c513674e50511f6eec801063ce4aad3b8757a4405a53e6367dcdeedd
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
c214f1ca05ba00736a7111ad3a2436f4ad60561b9d6a50c8333ede97972d00c6
dae1dd4c9f81f6ae7a92974a903d67ba081b9bd5cd28f91788854ca25fb81f9e
ecc685ca21e268a74a0aad4ae1bf40cd2869bd092cbd0b8cd8945f113bebd92d