s1383.use1.mysecurecloudhost.com
Open in
urlscan Pro
192.250.231.2
Malicious Activity!
Public Scan
Submitted URL: https://r.esmailnews.esdubai.com/tr/cl/2Vgu1LCXhow-QLD4PxLkRcIA1vqDM4sM6cbT0o1jANDC5Tw2fYppIv-y1FMFSs06gLi278kDvuMd9g8Y2lNYnkStO3...
Effective URL: https://s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/cc.php
Submission: On July 15 via manual from AU — Scanned from FR
Effective URL: https://s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/cc.php
Submission: On July 15 via manual from AU — Scanned from FR
Summary
This website contacted 6 IPs
in 3 countries
across 7 domains to perform 31 HTTP transactions.
The main IP is 192.250.231.2, located in
United Kingdom and
belongs to WHG-USE1, GB.
The main domain is s1383.use1.mysecurecloudhost.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 24th 2024. Valid for: a year.
This is the only time s1383.use1.mysecurecloudhost.com was scanned on urlscan.io!
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 24th 2024. Valid for: a year.
This is the only time s1383.use1.mysecurecloudhost.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 1.179.112.197 1.179.112.197 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
| 1 | 2606:4700:440... 2606:4700:4400::6812:2546 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 1 | 172.67.199.228 172.67.199.228 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 21 | 192.250.231.2 192.250.231.2 | 14670 (WHG-USE1) (WHG-USE1) | |
| 6 | 172.67.139.119 172.67.139.119 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2606:4700:303... 2606:4700:3037::ac43:a669 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 31 | 6 |
21
192.250.231.2
(United Kingdom)
ASN14670 (WHG-USE1, GB)
PTR: s1383.use1.mysecurecloudhost.com
ASN14670 (WHG-USE1, GB)
PTR: s1383.use1.mysecurecloudhost.com
| s1383.use1.mysecurecloudhost.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 21 |
mysecurecloudhost.com
s1383.use1.mysecurecloudhost.com |
218 KB |
| 6 |
fontawesome.com
ka-f.fontawesome.com — Cisco Umbrella Rank: 4910 |
283 KB |
| 1 |
killbot.org
killbot.org |
2 KB |
| 1 |
ko.gl
1 redirects
ko.gl |
653 B |
| 1 |
sibautomation.com
sibautomation.com — Cisco Umbrella Rank: 22784 |
|
| 1 |
esdubai.com
r.esmailnews.esdubai.com |
757 B |
| 0 |
lwegatech.info
Failed
lwegatech.info Failed |
|
| 31 | 7 |
| Domain | Requested by | |
|---|---|---|
| 21 | s1383.use1.mysecurecloudhost.com |
r.esmailnews.esdubai.com
s1383.use1.mysecurecloudhost.com |
| 6 | ka-f.fontawesome.com |
s1383.use1.mysecurecloudhost.com
|
| 1 | killbot.org |
s1383.use1.mysecurecloudhost.com
|
| 1 | ko.gl | 1 redirects |
| 1 | sibautomation.com |
r.esmailnews.esdubai.com
|
| 1 | r.esmailnews.esdubai.com | |
| 0 | lwegatech.info Failed | |
| 31 | 7 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| lwegatech.info |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| r.esmailnews.esdubai.com R10 |
2024-06-24 - 2024-09-22 |
3 months | crt.sh |
| sibautomation.com WE1 |
2024-06-07 - 2024-09-05 |
3 months | crt.sh |
| whgi.net Sectigo RSA Domain Validation Secure Server CA |
2024-05-24 - 2025-05-24 |
a year | crt.sh |
| ka-f.fontawesome.com WE1 |
2024-07-01 - 2024-09-29 |
3 months | crt.sh |
| killbot.org WE1 |
2024-06-18 - 2024-09-16 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/cc.php
Frame ID: 5C8A27DDC2A749D97CFB7DAAE4500C70
Requests: 30 HTTP requests in this frame
Frame:
https://sibautomation.com/cm.html?id=3209688
Frame ID: B4C2BDACDF6ADE903EA68A2CADDBB53F
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
DHLPage URL History Show full URLs
- https://r.esmailnews.esdubai.com/tr/cl/2Vgu1LCXhow-QLD4PxLkRcIA1vqDM4sM6cbT0o1jANDC5Tw2fYppIv-y1FMFSs06gLi278... Page URL
-
https://ko.gl/qxBPx
HTTP 301
https://s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/cc.php Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
URL: https://lwegatech.info/Zy4ECJuPp168ec0WJ3CFlUVndKSR00rr/payment
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://r.esmailnews.esdubai.com/tr/cl/2Vgu1LCXhow-QLD4PxLkRcIA1vqDM4sM6cbT0o1jANDC5Tw2fYppIv-y1FMFSs06gLi278kDvuMd9g8Y2lNYnkStO3232XW7joWm6DaATSSw904vKOdwwT7sb7644Y_JyyL1KHlTyW4OrNaarTBuc5IGNosFyuyXNaReeyPXpQvHYEP2wne8rhwkyBFXWdMpiyb4CCITr5Nevx640OUKO2B461VLSC8CLVzY0d_G3b-nfzHcRKSX22XqVF0nXHkPKA Page URL
-
https://ko.gl/qxBPx
HTTP 301
https://s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/cc.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
31 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
2Vgu1LCXhow-QLD4PxLkRcIA1vqDM4sM6cbT0o1jANDC5Tw2fYppIv-y1FMFSs06gLi278kDvuMd9g8Y2lNYnkStO3232XW7joWm6DaATSSw904vKOdwwT7sb7644Y_JyyL1KHlTyW4OrNaarTBuc5IGNosFyuyXNaReeyPXpQvHYEP2wne8rhwkyBFXWdMpiyb4C...
r.esmailnews.esdubai.com/tr/cl/ |
610 B 757 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cm.html
sibautomation.com/ Frame B4C2 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
cc.php
s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/ Redirect Chain
|
347 KB 51 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
f7165dd215.js.t%C3%A9l%C3%A9chargement
s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/4_files/ |
11 KB 11 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.min.js.t%C3%A9l%C3%A9chargement
s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/4_files/ |
3 KB 3 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.css
s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/4_files/ |
12 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
app.css
s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/4_files/ |
429 KB 50 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
font-awesome.min.css
s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/4_files/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.png
s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/4_files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
loading.gif
s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/4_files/ |
17 KB 17 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
loading-circle.gif
s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/4_files/ |
74 KB 74 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
foo.png
s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/4_files/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
free.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/ |
100 KB 22 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/ |
27 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
free-v5-font-face.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/ |
823 B 961 B |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/ |
2 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
whois
killbot.org/api/v2/ |
4 KB 2 KB |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
roboto-latin-400-normal.woff2
s1383.use1.mysecurecloudhost.com/fonts/vendor/@fontsource/roboto/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
webfa-solid-900.woff2
s1383.use1.mysecurecloudhost.com/fonts/vendor/@fortawesome/fontawesome-free/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v6.2.0/webfonts/ |
147 KB 148 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
fontawesome-webfont.woff2
s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
webfa-brands-400.woff2
s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/4_files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
roboto-all-400-normal.woff
s1383.use1.mysecurecloudhost.com/fonts/vendor/@fontsource/roboto/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
webfa-brands-400.woff
s1383.use1.mysecurecloudhost.com/fonts/vendor/@fortawesome/fontawesome-free/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
webfa-solid-900.woff
s1383.use1.mysecurecloudhost.com/fonts/vendor/@fortawesome/fontawesome-free/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
fontawesome-webfont.woff
s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
fontawesome-webfont.ttf
s1383.use1.mysecurecloudhost.com/~onedotcl/DH/dh/torsion/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
webfa-brands-400.ttf
s1383.use1.mysecurecloudhost.com/fonts/vendor/@fortawesome/fontawesome-free/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
webfa-solid-900.ttf
s1383.use1.mysecurecloudhost.com/fonts/vendor/@fortawesome/fontawesome-free/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
free-fa-brands-400.woff2
ka-f.fontawesome.com/releases/v6.2.0/webfonts/ |
105 KB 106 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
favicon.gif
lwegatech.info/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- lwegatech.info
- URL
- https://lwegatech.info/images/favicon.gif
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| FontAwesomeKitConfig object| _0x3185 function| _0x501f function| _0x34aede3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| sibautomation.com/ | Name: uuid Value: 1781a8ab-b989-48e6-a783-f3bf85997967 |
|
| ko.gl/ | Name: PHPSESSID Value: c3ujk44tj5nto5qsipc4lkvhij |
|
| ko.gl/ | Name: short_427685 Value: 1 |
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ka-f.fontawesome.com
killbot.org
ko.gl
lwegatech.info
r.esmailnews.esdubai.com
s1383.use1.mysecurecloudhost.com
sibautomation.com
lwegatech.info
1.179.112.197
172.67.139.119
172.67.199.228
192.250.231.2
2606:4700:3037::ac43:a669
2606:4700:4400::6812:2546
17e97452418b8595f162bfbd40f3fb96d1153cda5d2b0a49b0d0a05b01fce385
36839348d4cd3d5ffcb15317bc5e8f32b77c644d0c6c0f8f19bdf216caf49293
3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756
657b38d408d6552df456c765be754c08e6dee14da828fcfc3a05d25567d01521
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
84eac8fd2fea8b107d3d4a4c36382098e68d8cde92e0429f54bd001c435a57d9
a8831773f69697c641e349c519d162ad5afe58cc583703d96f98a79d29087ef1
ad28ece0bf48b1488c82aaf700201d7f6b56a62e11b5b6a0a12481780c8a3417
af2d8b18228e5de40356984301eba416c02bdb4a9f4a3946e1a157abb3b16d94
b190178e8f5c67d19cb90a22dc3a12330fd72252edaf07f2254aea76e52c18c6
b295c038ce8c8abe1b78d74f3e9fc8d5df7c216de73fb8a93b60bd26e7152a72
c1081c5c02309927ef4aa2929fc0e14122fb47302d81ea4118acb9d643a1c65e
c22aba3fb12027fa3dd7d0175af7ef8401839d9f78d6e1bc95bb8e6cff12702f
c6c1651291bdbeeaf76023bf75ea9e024acecc85244905df86a5bd98e294e3c0
ce6a239fde88d8fb01c7a10d6f7b27d1bc23f5462d02f5ebb4927479fa32a302
e27e483960d99f1d6f66f0f8901024d5cc9a715d245cae4e8cbeac930a6c3b9d
e482bef5a72cc8052c2662cd0c8c5c0278bfe3394d03686199f584373a79130c
ed8d0e25cb85ed54f9cae35774049876b66d6941df0c07570e601d9b27067071