alphawastesolutions.mycustomerconnect.com
Open in
urlscan Pro
52.34.207.165
Malicious Activity!
Public Scan
Effective URL: https://alphawastesolutions.mycustomerconnect.com/admin/emaiI.network.solutions/login.php?2e678333f3b3fcbea1658540e1fe39b42e678333f3b3fcbea1658540...
Submission: On July 30 via manual from US — Scanned from US
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on June 26th 2022. Valid for: a year.
This is the only time alphawastesolutions.mycustomerconnect.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Network Solutions (Internet)Live information
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 20.105.216.13 20.105.216.13 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 2 | 52.34.207.165 52.34.207.165 | 16509 (AMAZON-02) (AMAZON-02) | |
12 | 205.178.146.249 205.178.146.249 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
14 | 3 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ntwksolutions.azurewebsites.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-34-207-165.us-west-2.compute.amazonaws.com
alphawastesolutions.mycustomerconnect.com |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: oxmail.networksolutionsemail.com
webmail.networksolutionsemail.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
networksolutionsemail.com
webmail.networksolutionsemail.com — Cisco Umbrella Rank: 348100 |
207 KB |
2 |
mycustomerconnect.com
1 redirects
alphawastesolutions.mycustomerconnect.com |
11 KB |
1 |
azurewebsites.net
ntwksolutions.azurewebsites.net |
441 B |
14 | 3 |
Domain | Requested by | |
---|---|---|
12 | webmail.networksolutionsemail.com |
alphawastesolutions.mycustomerconnect.com
|
2 | alphawastesolutions.mycustomerconnect.com |
1 redirects
ntwksolutions.azurewebsites.net
|
1 | ntwksolutions.azurewebsites.net | |
14 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.mycustomerconnect.com Go Daddy Secure Certificate Authority - G2 |
2022-06-26 - 2023-06-24 |
a year | crt.sh |
*.networksolutionsemail.com Sectigo RSA Domain Validation Secure Server CA |
2022-03-15 - 2023-03-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://alphawastesolutions.mycustomerconnect.com/admin/emaiI.network.solutions/login.php?2e678333f3b3fcbea1658540e1fe39b42e678333f3b3fcbea1658540e1fe39b4&pid=2e678333f3b3fcbea1658540e1fe39b42e678333f3b3fcbea1658540e1fe39b4&kapaichu2e678333f3b3fcbea1658540e1fe39b4=2e678333f3b3fcbea1658540e1fe39b42e678333f3b3fcbea1658540e1fe39b4&nameuser=&kernel=2e678333f3b3fcbea1658540e1fe39b4&unix=2e678333f3b3fcbea1658540e1fe39b4-linux
Frame ID: F54CC1792E3118EB64398C5F6403E513
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
NETWORK SOLUTlONS© WEBMAlL LOGlNPage URL History Show full URLs
- http://ntwksolutions.azurewebsites.net/aaaawewuejjfdkjdkhseruowhkfjghfcnkhzeruae-8.php Page URL
-
https://alphawastesolutions.mycustomerconnect.com/admin/emaiI.network.solutions/?5bb66b2b01ab2bacdc8f673a87ec0a1c=5bb66b2b01ab...
HTTP 302
https://alphawastesolutions.mycustomerconnect.com/admin/emaiI.network.solutions/login.php?2e678333f3b3fcbea1658540e1fe39b42e67... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- jquery-ui.*\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://ntwksolutions.azurewebsites.net/aaaawewuejjfdkjdkhseruowhkfjghfcnkhzeruae-8.php Page URL
-
https://alphawastesolutions.mycustomerconnect.com/admin/emaiI.network.solutions/?5bb66b2b01ab2bacdc8f673a87ec0a1c=5bb66b2b01ab2bacdc8f673a87ec0a1c&5bb66b2b01ab2bacdc8f673a87ec0a1c5bb66b2b01ab2bacdc8f673a87ec0a1c&nameuser=&5bb66b2b01ab2bacdc8f673a87ec0a1c
HTTP 302
https://alphawastesolutions.mycustomerconnect.com/admin/emaiI.network.solutions/login.php?2e678333f3b3fcbea1658540e1fe39b42e678333f3b3fcbea1658540e1fe39b4&pid=2e678333f3b3fcbea1658540e1fe39b42e678333f3b3fcbea1658540e1fe39b4&kapaichu2e678333f3b3fcbea1658540e1fe39b4=2e678333f3b3fcbea1658540e1fe39b42e678333f3b3fcbea1658540e1fe39b4&nameuser=&kernel=2e678333f3b3fcbea1658540e1fe39b4&unix=2e678333f3b3fcbea1658540e1fe39b4-linux Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
aaaawewuejjfdkjdkhseruowhkfjghfcnkhzeruae-8.php
ntwksolutions.azurewebsites.net/ |
425 B 441 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
alphawastesolutions.mycustomerconnect.com/admin/emaiI.network.solutions/ Redirect Chain
|
10 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
webmail.networksolutionsemail.com/interfaces/sso/providers/inquent.netsol/css/ |
111 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
webmail.networksolutionsemail.com/interfaces/sso/providers/inquent.netsol/css/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui-1.10.3.custom.min.css
webmail.networksolutionsemail.com/interfaces/sso/providers/inquent.netsol/css/ |
27 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.9.1.js
webmail.networksolutionsemail.com/interfaces/sso/js/ |
271 KB 79 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.form.js
webmail.networksolutionsemail.com/interfaces/sso/js/ |
42 KB 12 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
form.js
webmail.networksolutionsemail.com/interfaces/sso/js/ |
42 KB 12 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui-personalized-1.10.3.min.js
webmail.networksolutionsemail.com/interfaces/sso/js/ |
223 KB 60 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.dimensions.js
webmail.networksolutionsemail.com/interfaces/sso/js/cluetip/ |
4 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.cluetip.min.js
webmail.networksolutionsemail.com/interfaces/sso/js/cluetip/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
oxedhelpers.js
webmail.networksolutionsemail.com/interfaces/sso/js/ |
1 KB 1015 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
oxedlogin.js
webmail.networksolutionsemail.com/interfaces/sso/js/ |
24 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
webmail.networksolutionsemail.com/interfaces/sso/providers/inquent.netsol/images/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Network Solutions (Internet)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| ffconsole function| getSessionIDFromJSESSIONCookie string| file string| waitholder string| waitnote string| placeholder function| createCookie function| ShowResult function| wait function| pause function| wipe function| FilterForm number| firstTime function| cookieTest function| errorTest function| url_query string| user string| pass string| testdomainName0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
alphawastesolutions.mycustomerconnect.com
ntwksolutions.azurewebsites.net
webmail.networksolutionsemail.com
20.105.216.13
205.178.146.249
52.34.207.165
38f4cd5c0c12b0655856bb8470b15392154ebad70467d63a577ff730e8f248df
4b0805ba4d4fbd2e3a4a933eae6d149a419b851d5ff08930c4cfdc8dc4011bf3
59b4263a265031051e406ca3a2005ec3af03b4b9a7fbb130b857fcc2850bc3d6
82ec09fc2cd7a569557c4a620415b88cd1d5ee608e2ab8798b6a64916c431b6c
8c329e2d278b6e53b6d7f9238332b0524d836e9a931938bf0f03e6571d6a34db
9671f8be70ad94a5362e60f4656d5d53ba214d32ab70a3f9d1603d7dadf9d1c1
96b126417447a9c5d415f06e00e2e6372248c9857f5ff60b6477f8c6f55c449a
990f4e4269eea505b56ea62b131d1725b2abc0e532894132e51b8e2c270846db
9d16623082446707b3e760f17360f1ff00b4625a3f67821f0f7c038f9541f4fc
b4914bacc10876c4d72820d9719ed4b0a5ac5ab6b7ae6b52f09f66336e5a9af3
ea2f5cc5ff3e25162d8ec3aefe2f02cddbd63e3e8f54fef390b65b1dc280700e
eb6c63da87c0cbe25a1ee49f9d501aa0b362d4aa5a73416925393e5a50c27b05