hikeekiplaod.work
Open in
urlscan Pro
162.241.65.84
Malicious Activity!
Public Scan
Effective URL: https://hikeekiplaod.work/Q5417hxpF3kYzWTgZLJbt6aviRNHylnq2eOX0D8VAsBCMKwjfEuSmGPIcU9oUNKWJxkS2gVQns4ORLXMDoumZEvqACiB63te...
Submission: On May 31 via manual from SG
Summary
TLS certificate: Issued by R3 on May 26th 2021. Valid for: 3 months.
This is the only time hikeekiplaod.work was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2620:101:2005... 2620:101:2005:11f0::1001 | 16417 (IRONPORT-...) (IRONPORT-SYSTEMS-INC) | |
3 | 162.241.65.84 162.241.65.84 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
6 | 152.199.23.37 152.199.23.37 | 15133 (EDGECAST) (EDGECAST) | |
1 | 2620:1ec:46::67 2620:1ec:46::67 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
10 | 3 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-65-84.unifiedlayer.com
y7jwzflp.kajizachiefls.cloud | |
hikeekiplaod.work |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
msftauth.net
aadcdn.msftauth.net |
4 KB |
2 |
hikeekiplaod.work
hikeekiplaod.work |
150 KB |
1 |
msauth.net
aadcdn.msauth.net |
1 KB |
1 |
kajizachiefls.cloud
y7jwzflp.kajizachiefls.cloud |
552 B |
1 |
cisco.com
1 redirects
secure-web.cisco.com |
325 B |
10 | 5 |
Domain | Requested by | |
---|---|---|
6 | aadcdn.msftauth.net |
hikeekiplaod.work
|
2 | hikeekiplaod.work |
y7jwzflp.kajizachiefls.cloud
hikeekiplaod.work |
1 | aadcdn.msauth.net |
hikeekiplaod.work
|
1 | y7jwzflp.kajizachiefls.cloud | |
1 | secure-web.cisco.com | 1 redirects |
10 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cpanel.hikeekiplaod.work R3 |
2021-05-26 - 2021-08-24 |
3 months | crt.sh |
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA |
2021-05-13 - 2022-05-13 |
a year | crt.sh |
aadcdn.msauth.net DigiCert SHA2 Secure Server CA |
2021-04-07 - 2022-04-07 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://hikeekiplaod.work/Q5417hxpF3kYzWTgZLJbt6aviRNHylnq2eOX0D8VAsBCMKwjfEuSmGPIcU9oUNKWJxkS2gVQns4ORLXMDoumZEvqACiB63te85Hw1zc7rjblpy9FPGYa0IfTtyemz47fv1QWpLDIr9ghsU0Cu2BSxbkTo65wXRiVOPYNcK3AH8ZFqjlJGaEMSqiCJOX6Ic0yuA7o9NKlHDGM3sTaznrZYxhFmvejQVpW8wfUP1L42kR5btEg/qT48G1DzlvJBkxUusZYet5XA6VpNEWya3SC7m9oncP2rhgILFHiOw0jRKQMf.php
Frame ID: E4E660F701D14E25A8E9BFDE45A7ABC8
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://secure-web.cisco.com/1ejYVrb5h6GQnglfn6_4KuhLyWDQt91X1HAVps_XQEKmivT4iPEU7Q1ZSB1uZTGzMbRHtgq5Q8DI...
HTTP 302
http://y7jwzflp.kajizachiefls.cloud/ Page URL
- https://hikeekiplaod.work/bXJpa2loYW5hQGZhY2lsaXRpZXNmaXJzdC5jb20uYXU= Page URL
- https://hikeekiplaod.work/Q5417hxpF3kYzWTgZLJbt6aviRNHylnq2eOX0D8VAsBCMKwjfEuSmGPIcU9oUNKWJxkS2gVQns4O... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://secure-web.cisco.com/1ejYVrb5h6GQnglfn6_4KuhLyWDQt91X1HAVps_XQEKmivT4iPEU7Q1ZSB1uZTGzMbRHtgq5Q8DIBmpOjXj9y8DXvnRgtSRiIEBA_KYIqadHmnH1_SFEMMXcht18sP6q0CHmxcIbWeIzukQUqgObTAS3AtODxxHEj3skwmfcmDAGtUDWWAqLrEo2S8ZDdYwX3CZaYX1oIsa5CByh9aK7c7s1vltDJ9BDu6F9jHmZ3OyuIxx6GoAOtTN_hJgANCEIBNB-8GsVrTvpV2lSEfCxugY2XrMitOuchm4gnBMTsnonAamLp2mgn92WSLh1X1EJPUWd8_2A0MbP4_wZcA86xfg/http%3A%2F%2Fy7jwzflp.kajizachiefls.cloud%2F%23bXJpa2loYW5hQGZhY2lsaXRpZXNmaXJzdC5jb20uYXU%3D
HTTP 302
http://y7jwzflp.kajizachiefls.cloud/ Page URL
- https://hikeekiplaod.work/bXJpa2loYW5hQGZhY2lsaXRpZXNmaXJzdC5jb20uYXU= Page URL
- https://hikeekiplaod.work/Q5417hxpF3kYzWTgZLJbt6aviRNHylnq2eOX0D8VAsBCMKwjfEuSmGPIcU9oUNKWJxkS2gVQns4ORLXMDoumZEvqACiB63te85Hw1zc7rjblpy9FPGYa0IfTtyemz47fv1QWpLDIr9ghsU0Cu2BSxbkTo65wXRiVOPYNcK3AH8ZFqjlJGaEMSqiCJOX6Ic0yuA7o9NKlHDGM3sTaznrZYxhFmvejQVpW8wfUP1L42kR5btEg/qT48G1DzlvJBkxUusZYet5XA6VpNEWya3SC7m9oncP2rhgILFHiOw0jRKQMf.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://secure-web.cisco.com/1ejYVrb5h6GQnglfn6_4KuhLyWDQt91X1HAVps_XQEKmivT4iPEU7Q1ZSB1uZTGzMbRHtgq5Q8DIBmpOjXj9y8DXvnRgtSRiIEBA_KYIqadHmnH1_SFEMMXcht18sP6q0CHmxcIbWeIzukQUqgObTAS3AtODxxHEj3skwmfcmDAGtUDWWAqLrEo2S8ZDdYwX3CZaYX1oIsa5CByh9aK7c7s1vltDJ9BDu6F9jHmZ3OyuIxx6GoAOtTN_hJgANCEIBNB-8GsVrTvpV2lSEfCxugY2XrMitOuchm4gnBMTsnonAamLp2mgn92WSLh1X1EJPUWd8_2A0MbP4_wZcA86xfg/http%3A%2F%2Fy7jwzflp.kajizachiefls.cloud%2F%23bXJpa2loYW5hQGZhY2lsaXRpZXNmaXJzdC5jb20uYXU%3D HTTP 302
- http://y7jwzflp.kajizachiefls.cloud/
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
y7jwzflp.kajizachiefls.cloud/ Redirect Chain
|
344 B 552 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
bXJpa2loYW5hQGZhY2lsaXRpZXNmaXJzdC5jb20uYXU=
hikeekiplaod.work/ |
348 B 730 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
qT48G1DzlvJBkxUusZYet5XA6VpNEWya3SC7m9oncP2rhgILFHiOw0jRKQMf.php
hikeekiplaod.work/Q5417hxpF3kYzWTgZLJbt6aviRNHylnq2eOX0D8VAsBCMKwjfEuSmGPIcU9oUNKWJxkS2gVQns4ORLXMDoumZEvqACiB63te85Hw1zc7rjblpy9FPGYa0IfTtyemz47fv1QWpLDIr9ghsU0Cu2BSxbkTo65wXRiVOPYNcK3AH8ZFqjlJGaE... |
148 KB 149 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
info_4883eb1a3cbdddf5a79e28d320cfe5a9.svg
aadcdn.msftauth.net/ests/2.1/content/images/ |
342 B 358 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msftauth.net/ests/2.1/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg
aadcdn.msftauth.net/ests/2.1/content/images/ |
756 B 545 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
picker_more_7568a43cf440757c55d2e7f51557ae1f.svg
aadcdn.msftauth.net/ests/2.1/content/images/ |
899 B 408 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
picker_account_add_56e73414003cdb676008ff7857343074.svg
aadcdn.msftauth.net/ests/2.1/content/images/ |
222 B 335 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
aadcdn.msftauth.net/ests/2.1/content/images/ |
915 B 414 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2_bc3d32a696895f78c19df6c717586a5d.svg
aadcdn.msauth.net/shared/1.0/content/images/backgrounds/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msauth.net
aadcdn.msftauth.net
hikeekiplaod.work
secure-web.cisco.com
y7jwzflp.kajizachiefls.cloud
152.199.23.37
162.241.65.84
2620:101:2005:11f0::1001
2620:1ec:46::67
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
5d3357bd875b7335ace42e8ee3a64578e4253bed1a4e279109de403eedae3a69
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
749f85621d92a5b31b2a377a8c385a36d48a83327dad9a8a8da93cd831b8c9a2
b7fcd37eaafe3f08647ed072d5289eadfff6c660a26cdef31532b3fcfb4a0bb2
ddb659ffb3403c7e825556248006ec9fd357f0a5d69dc0956d4a3190e2d1616d
f3368544a6266f0fee3c4437a8144887bbad1de97be20a578c07946a8ed41b4f