urlscan.io logo urlscan.io
SecurityTrails logo

www.ajaxxcs.com Open in urlscan Pro
148.72.219.61  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://u16891131.ct.sendgrid.net/ls/click?upn=i3wkg2IDUGnI-2BPVeimNMmbTZsn77vBwtnGNolMO4Giwohav83KMacFw5EQT9g9yLOgzpUy-2FRrrQA-2B...
Effective URL: https://www.ajaxxcs.com/ajaxcs/l_/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=0c4fecbaafdec4bb7841dd8f054ee09c6aca36a2...
Submission: On June 04 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 5 domains to perform 4 HTTP transactions. The main IP is 148.72.219.61, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is www.ajaxxcs.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on June 4th 2020. Valid for: 2 years.
This is the only time www.ajaxxcs.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.118.35 11377 (SENDGRID)
1 52.173.245.249 8075 (MICROSOFT...)
2 3 148.72.219.61 26496 (AS-26496-...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:3c01::f0... 63949 (LINODE-AP...)
4 5
1    167.89.118.35 (United States)

ASN11377 (SENDGRID, US)
PTR: o16789118x35.outbound-mail.sendgrid.net
u16891131.ct.sendgrid.net
1    52.173.245.249 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ajaxcs.azurewebsites.net
3    148.72.219.61 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-148-72-219-61.ip.secureserver.net
www.ajaxxcs.com
1    2606:4700::6810:85e5 (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2600:3c01::f03c:91ff:fe79:43b (United States)

ASN63949 (LINODE-AP Linode, LLC, US)
jsonip.com
Domain Requested by
3 www.ajaxxcs.com 2 redirects
1 jsonip.com cdnjs.cloudflare.com
1 cdnjs.cloudflare.com www.ajaxxcs.com
1 ajaxcs.azurewebsites.net
1 u16891131.ct.sendgrid.net 1 redirects
4 5

This site contains no links.

Subject Issuer Validity Valid
*.azurewebsites.net
Microsoft IT TLS CA 5		 2019-09-24 -
2021-09-24		 2 years crt.sh
ajaxxcs.com
Go Daddy Secure Certificate Authority - G2		 2020-06-04 -
2022-06-04		 2 years crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2		 2020-01-07 -
2020-10-09		 9 months crt.sh
jsonip.com
Let's Encrypt Authority X3		 2020-04-29 -
2020-07-28		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.ajaxxcs.com/ajaxcs/l_/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=0c4fecbaafdec4bb7841dd8f054ee09c6aca36a2c8b61245d6de0892ed18514590e89e44
Frame ID: 86F733780E90917DE5E71A420CC2AA08
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://u16891131.ct.sendgrid.net/ls/click?upn=i3wkg2IDUGnI-2BPVeimNMmbTZsn77vBwtnGNolMO4Giwohav83KMacFw5EQT9g... HTTP 302
    https://ajaxcs.azurewebsites.net/top.php/?email=shawn.gibbs@dc.gov Page URL
  2. https://www.ajaxxcs.com/ajaxcs?email=shawn.gibbs@dc.gov HTTP 301
    https://www.ajaxxcs.com/ajaxcs/?email=shawn.gibbs@dc.gov HTTP 303
    https://www.ajaxxcs.com/ajaxcs/l_/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=0c4fecbaafdec4bb7841... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

4
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

1
Countries

276 kB
Transfer

738 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://u16891131.ct.sendgrid.net/ls/click?upn=i3wkg2IDUGnI-2BPVeimNMmbTZsn77vBwtnGNolMO4Giwohav83KMacFw5EQT9g9yLOgzpUy-2FRrrQA-2Bh-2FAf7h8-2Bv6VIWQ2ztbi-2BOGQnWWrTpc-3D4oWA_0diz1ZOwft0sRjljse1d4xOQIHDelnnMFf542KoEsWN6G1CAgzjhkiLIn84DqTvSooLBmeJRKKOm2RKMeoENAAk9Ym1r8KdRVu-2FkQ5ikZMMioA8l5mx3p1gQ2ndsMgdiPdrGduXuk9HM1SWu9skXzaUXYE2-2BPv4HfG1B9EvtXfoNXN1wGu-2BoHKJnDYRsK8NpRkTJM5aUfXW6I46vfbMsXG1ybStgL5v5YJmR4JUTM-2Bs-3D HTTP 302
    https://ajaxcs.azurewebsites.net/top.php/?email=shawn.gibbs@dc.gov Page URL
  2. https://www.ajaxxcs.com/ajaxcs?email=shawn.gibbs@dc.gov HTTP 301
    https://www.ajaxxcs.com/ajaxcs/?email=shawn.gibbs@dc.gov HTTP 303
    https://www.ajaxxcs.com/ajaxcs/l_/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=0c4fecbaafdec4bb7841dd8f054ee09c6aca36a2c8b61245d6de0892ed18514590e89e44 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://u16891131.ct.sendgrid.net/ls/click?upn=i3wkg2IDUGnI-2BPVeimNMmbTZsn77vBwtnGNolMO4Giwohav83KMacFw5EQT9g9yLOgzpUy-2FRrrQA-2Bh-2FAf7h8-2Bv6VIWQ2ztbi-2BOGQnWWrTpc-3D4oWA_0diz1ZOwft0sRjljse1d4xOQIHDelnnMFf542KoEsWN6G1CAgzjhkiLIn84DqTvSooLBmeJRKKOm2RKMeoENAAk9Ym1r8KdRVu-2FkQ5ikZMMioA8l5mx3p1gQ2ndsMgdiPdrGduXuk9HM1SWu9skXzaUXYE2-2BPv4HfG1B9EvtXfoNXN1wGu-2BoHKJnDYRsK8NpRkTJM5aUfXW6I46vfbMsXG1ybStgL5v5YJmR4JUTM-2Bs-3D HTTP 302
  • https://ajaxcs.azurewebsites.net/top.php/?email=shawn.gibbs@dc.gov

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set /
ajaxcs.azurewebsites.net/top.php/
Redirect Chain
  • http://u16891131.ct.sendgrid.net/ls/click?upn=i3wkg2IDUGnI-2BPVeimNMmbTZsn77vBwtnGNolMO4Giwohav83KMacFw5EQT9g9yLOgzpUy-2FRrrQA-2Bh-2FAf7h8-2Bv6VIWQ2ztbi-2BOGQnWWrTpc-3D4oWA_0diz1ZOwft0sRjljse1d4xOQ...
  • https://ajaxcs.azurewebsites.net/top.php/?email=shawn.gibbs@dc.gov
3 B
577 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ajaxcs.azurewebsites.net/top.php/?email=shawn.gibbs@dc.gov
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.173.245.249 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / PHP/7.3.14 ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host
ajaxcs.azurewebsites.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length
125
Content-Type
text/html; charset=UTF-8
Content-Encoding
gzip
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
X-Powered-By
PHP/7.3.14 ASP.NET
Refresh
0; url=https://www.ajaxxcs.com/ajaxcs?email=shawn.gibbs@dc.gov
Set-Cookie
ARRAffinity=20326fba7b0b24b00085d3d90c9d455a172027336c98b66beb68d8c28b9aa4e1;Path=/;HttpOnly;Domain=ajaxcs.azurewebsites.net
Date
Thu, 04 Jun 2020 20:51:44 GMT

Redirect headers

Server
nginx
Date
Thu, 04 Jun 2020 20:51:44 GMT
Content-Type
text/html; charset=utf-8
Content-Length
89
Connection
keep-alive
Location
https://ajaxcs.azurewebsites.net/top.php/?email=shawn.gibbs@dc.gov
X-Robots-Tag
noindex, nofollow
Primary Request /
www.ajaxxcs.com/ajaxcs/l_/
Redirect Chain
  • https://www.ajaxxcs.com/ajaxcs?email=shawn.gibbs@dc.gov
  • https://www.ajaxxcs.com/ajaxcs/?email=shawn.gibbs@dc.gov
  • https://www.ajaxxcs.com/ajaxcs/l_/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=0c4fecbaafdec4bb7841dd8f054ee09c6aca36a2c8b61245d6de0892ed18514590e89e44
277 KB
202 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.ajaxxcs.com/ajaxcs/l_/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=0c4fecbaafdec4bb7841dd8f054ee09c6aca36a2c8b61245d6de0892ed18514590e89e44
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.219.61 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-148-72-219-61.ip.secureserver.net
Software
Apache/2.4.43 (cPanel) OpenSSL/1.1.1g mod_bwlimited/1.4 Phusion_Passenger/5.3.7 / PHP/7.3.17
Resource Hash
d0013e0794b328f7b8c83439d85cf7dd249fb2ac0012cbb90bdb968442a6bae5

Request headers

:method
GET
:authority
www.ajaxxcs.com
:scheme
https
:path
/ajaxcs/l_/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=0c4fecbaafdec4bb7841dd8f054ee09c6aca36a2c8b61245d6de0892ed18514590e89e44
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://ajaxcs.azurewebsites.net/top.php/?email=shawn.gibbs@dc.gov
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
PHPSESSID=6908a64c4bfdc3e76df2f578b016679a
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://ajaxcs.azurewebsites.net/top.php/?email=shawn.gibbs@dc.gov

Response headers

status
200
date
Thu, 04 Jun 2020 20:51:46 GMT
server
Apache/2.4.43 (cPanel) OpenSSL/1.1.1g mod_bwlimited/1.4 Phusion_Passenger/5.3.7
x-powered-by
PHP/7.3.17
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
vary
Accept-Encoding,User-Agent
content-encoding
gzip
content-type
text/html; charset=UTF-8

Redirect headers

status
303
date
Thu, 04 Jun 2020 20:51:45 GMT
server
Apache/2.4.43 (cPanel) OpenSSL/1.1.1g mod_bwlimited/1.4 Phusion_Passenger/5.3.7
x-powered-by
PHP/7.3.17
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
set-cookie
PHPSESSID=6908a64c4bfdc3e76df2f578b016679a; path=/
location
./l_/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=0c4fecbaafdec4bb7841dd8f054ee09c6aca36a2c8b61245d6de0892ed18514590e89e44
vary
User-Agent
content-length
0
content-type
text/html; charset=UTF-8
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/ 		257 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/jquery.js
Requested by
Host: www.ajaxxcs.com
URL: https://www.ajaxxcs.com/ajaxcs/l_/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=0c4fecbaafdec4bb7841dd8f054ee09c6aca36a2c8b61245d6de0892ed18514590e89e44
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8eb3cb67ef2f0f1b76167135cef6570a409c79b23f0bc0ede71c9a4018f1408a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://www.ajaxxcs.com/ajaxcs/l_/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=0c4fecbaafdec4bb7841dd8f054ee09c6aca36a2c8b61245d6de0892ed18514590e89e44
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 04 Jun 2020 20:51:47 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
686254
status
200
alt-svc
h3-27=":443"; ma=86400
cf-request-id
0322b3c10e0000dff74a8a3200000001
served-in-seconds
0.003
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:20:15 GMT
server
cloudflare
etag
W/"5afd494f-40464"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
59e488ae7dd9dff7-FRA
expires
Tue, 25 May 2021 20:51:47 GMT
truncated
/ 		182 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
af2f34f614775d10be35a59ea0bc3c012009150cdc29808a5eb80c5df9e89cdd

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
/
jsonip.com/ 		152 B
453 B 		Script
General
Check archive.org
Download Go to
Full URL
https://jsonip.com/?callback=jQuery30005560058542894133_1591303907638&_=1591303907639
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/jquery.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:3c01::f03c:91ff:fe79:43b , United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
762ecc66a08a7d921bc9d230eae62c6aec5a0da3c740f70b7af79964f9d28f83
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
https://www.ajaxxcs.com/ajaxcs/l_/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=0c4fecbaafdec4bb7841dd8f054ee09c6aca36a2c8b61245d6de0892ed18514590e89e44
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 04 Jun 2020 20:51:48 GMT
Server
nginx/1.16.1
Strict-Transport-Security
max-age=31536000;
Access-Control-Allow-Methods
GET
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Connection
keep-alive
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d4c180e2dd4023dfd295189d3bc38575a1dab757414d3099ec527f1672fe7e8e

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4e2628910827da43efd757a230f9784be0cacdfeeaaba506e495408741529665

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		11 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2254bb7f8e34d197be6494c8eabad04f9a5ed388bc70c001582af77ed689fb39

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
192523e01ff16f61bdde96064d09f040c23a55dfad33275604b339bb1ccd8dd8

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery function| getIPAddress string| x

2 Cookies

Domain/Path Name / Value
www.ajaxxcs.com/ Name: PHPSESSID
Value: 6908a64c4bfdc3e76df2f578b016679a
www.ajaxxcs.com/ajaxcs/l_ Name: ip11
Value: 2a01:4f8:192:5414::2