nino12swcwnino12.blob.core.windows.net

Summary

This website contacted 6 IPs in 4 countries across 6 domains to perform 5 HTTP transactions. The main IP is 52.239.155.100, located in Washington, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is nino12swcwnino12.blob.core.windows.net.
TLS certificate: Issued by Microsoft IT TLS CA 5 on July 8th 2019. Valid for: 2 years.

This is the only time nino12swcwnino12.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	209.134.144.84 209.134.144.84	8015 (VISI-AS) (VISI-AS - Vector Internet Services)
1 1	66.203.65.115 66.203.65.115	17113 (AS-TIERP-...) (AS-TIERP-17113 - TierPoint)
1	52.143.137.150 52.143.137.150	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1b	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1	185.178.208.144 185.178.208.144	57724 (DDOS-GUARD) (DDOS-GUARD)
1	52.239.155.100 52.239.155.100	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
5	6

2 209.134.144.84 (Lakeville, United States) 1 redirects

ASN8015 (VISI-AS - Vector Internet Services, Inc., US)
PTR: usssa.links.govdelivery.com

links.ssa.gov	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.203.65.115 (United States) 1 redirects

ASN17113 (AS-TIERP-17113 - TierPoint, LLC, US)
PTR: static-115-65-203-66.axsne.net

www.xpressreg.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.143.137.150 (Paris, France)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

katkot12.azurewebsites.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1b (Netherlands)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.178.208.144 (Russian Federation)

ASN57724 (DDOS-GUARD, RU)
PTR: ddos-guard.net

layarshield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.239.155.100 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

nino12swcwnino12.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	ssa.gov 1 redirects links.ssa.gov	2 KB
1	windows.net nino12swcwnino12.blob.core.windows.net	906 B
1	layarshield.com layarshield.com	416 B
1	jquery.com code.jquery.com	32 KB
1	azurewebsites.net katkot12.azurewebsites.net	1 KB
1	xpressreg.net 1 redirects www.xpressreg.net	3 KB
5	6

	Domain	Requested by
2	links.ssa.gov	1 redirects
1	nino12swcwnino12.blob.core.windows.net	katkot12.azurewebsites.net
1	layarshield.com	katkot12.azurewebsites.net
1	code.jquery.com	katkot12.azurewebsites.net
1	katkot12.azurewebsites.net	links.ssa.gov
1	www.xpressreg.net	1 redirects
5	6

This site contains no links.

Subject Issuer	Validity	Valid
links.ssa.gov DigiCert SHA2 Secure Server CA	`2018-06-13` - `2020-07-11`	2 years	crt.sh
*.azurewebsites.net DigiCert SHA2 Secure Server CA	`2019-07-22` - `2021-07-22`	2 years	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
layarshield.com Let's Encrypt Authority X3	`2019-08-23` - `2019-11-21`	3 months	crt.sh
*.blob.core.windows.net Microsoft IT TLS CA 5	`2019-07-08` - `2021-07-08`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://nino12swcwnino12.blob.core.windows.net/owe12/update12.html?sp=r&st=2019-08-23T15:35:36Z&se=2019-08-24T03:35:36Z&spr=https&sv=2018-03-28&sig=F4gRCXGzjuPiDfbImnLOaHpOX1q23XLQFLa8gu%2BAdX0%3D&sr=b
Frame ID: D297BBB5EF4F8853A68E0B96C6FD43DD
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://links.ssa.gov/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwNzI0LjgzOT... HTTP 302
https://links.ssa.gov/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwNzI0LjgzOT... Page URL
https://www.xpressreg.net/EmailRedirect.asp?rid=111679579&url=https://katkot12.azurewebsites.net/timot... HTTP 302
https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman Page URL
https://nino12swcwnino12.blob.core.windows.net/owe12/update12.html?sp=r&st=2019-08-23T15:35:36Z&se=2019-08-24T03:35:36Z&spr... Page URL

Page Statistics

5
Requests

100 %
HTTPS

17 %
IPv6

6
Domains

6
Subdomains

6
IPs

4
Countries

36 kB
Transfer

93 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://links.ssa.gov/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwNzI0LjgzOTQ4MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwNzI0LjgzOTQ4MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xNjc5MzgxOCZlbWFpbGlkPXNlaXMuYXJlY2h5QHNzYS5nb3YmdXNlcmlkPXNlaXMuYXJlY2h5QHNzYS5nb3YmdGFyZ2V0aWQ9JmZsPSZtdmlkPSZleHRyYT0mJiY=&&&100&&&https://www.XpressReg.Net/EmailRedirect.asp?rid=111679579&url=https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman HTTP 302
https://links.ssa.gov/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwNzI0LjgzOTQ4MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwNzI0LjgzOTQ4MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xNjc5MzgxOCZlbWFpbGlkPXNlaXMuYXJlY2h5QHNzYS5nb3YmdXNlcmlkPXNlaXMuYXJlY2h5QHNzYS5nb3YmdGFyZ2V0aWQ9JmZsPSZtdmlkPSZleHRyYT0mJiY=&&&100&&&https://www.XpressReg.Net/EmailRedirect.asp?rid=111679579&url=https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman Page URL
https://www.xpressreg.net/EmailRedirect.asp?rid=111679579&url=https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman HTTP 302
https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman Page URL
https://nino12swcwnino12.blob.core.windows.net/owe12/update12.html?sp=r&st=2019-08-23T15:35:36Z&se=2019-08-24T03:35:36Z&spr=https&sv=2018-03-28&sig=F4gRCXGzjuPiDfbImnLOaHpOX1q23XLQFLa8gu%2BAdX0%3D&sr=b Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://links.ssa.gov/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwNzI0LjgzOTQ4MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwNzI0LjgzOTQ4MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xNjc5MzgxOCZlbWFpbGlkPXNlaXMuYXJlY2h5QHNzYS5nb3YmdXNlcmlkPXNlaXMuYXJlY2h5QHNzYS5nb3YmdGFyZ2V0aWQ9JmZsPSZtdmlkPSZleHRyYT0mJiY=&&&100&&&https://www.XpressReg.Net/EmailRedirect.asp?rid=111679579&url=https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman HTTP 302
https://links.ssa.gov/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwNzI0LjgzOTQ4MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwNzI0LjgzOTQ4MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xNjc5MzgxOCZlbWFpbGlkPXNlaXMuYXJlY2h5QHNzYS5nb3YmdXNlcmlkPXNlaXMuYXJlY2h5QHNzYS5nb3YmdGFyZ2V0aWQ9JmZsPSZtdmlkPSZleHRyYT0mJiY=&&&100&&&https://www.XpressReg.Net/EmailRedirect.asp?rid=111679579&url=https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman

Request Chain 1

https://www.xpressreg.net/EmailRedirect.asp?rid=111679579&url=https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman HTTP 302
https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman

5 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

track Show response
links.ssa.gov/
Redirect Chain

http://links.ssa.gov/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwNzI0LjgzOTQ4MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwNzI0LjgzOTQ4MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xNjc5MzgxOC...
https://links.ssa.gov/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwNzI0LjgzOTQ4MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwNzI0LjgzOTQ4MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xNjc5MzgxO...

442 B
1023 B

529ms
140ms

Document
text/html

209.134.144.84
Vector Internet S...

General

Check archive.org

Show headers Download Go to

Full URL

https://links.ssa.gov/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwNzI0LjgzOTQ4MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwNzI0LjgzOTQ4MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xNjc5MzgxOCZlbWFpbGlkPXNlaXMuYXJlY2h5QHNzYS5nb3YmdXNlcmlkPXNlaXMuYXJlY2h5QHNzYS5nb3YmdGFyZ2V0aWQ9JmZsPSZtdmlkPSZleHRyYT0mJiY=&&&100&&&https://www.XpressReg.Net/EmailRedirect.asp?rid=111679579&url=https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.134.144.84 Lakeville, United States, ASN8015 (VISI-AS - Vector Internet Services, Inc., US),

Reverse DNS

usssa.links.govdelivery.com

Software

Apache/2.2.15 (CentOS) /

Resource Hash

bfa75529ed09defa0dd905dc69fbc3495330f00664064116b42e472b22774c7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: links.ssa.gov
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 26 Aug 2019 13:44:33 GMT
Server: Apache/2.2.15 (CentOS)
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referer: links.ssa.gov
Referrer-Policy: origin
ETag: W/"aaa22233da919358443d4559a866ed27"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: 780ea34c-9bde-4232-a04d-a33c53f40548
X-Runtime: 0.007254
X-Served-By: prod-hyruleweb8.ep.gdi
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=utf-8
Strict-Transport-Security: max-age=31536000

Redirect headers

Location: https://links.ssa.gov/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwNzI0LjgzOTQ4MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwNzI0LjgzOTQ4MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xNjc5MzgxOCZlbWFpbGlkPXNlaXMuYXJlY2h5QHNzYS5nb3YmdXNlcmlkPXNlaXMuYXJlY2h5QHNzYS5nb3YmdGFyZ2V0aWQ9JmZsPSZtdmlkPSZleHRyYT0mJiY=&&&100&&&https://www.XpressReg.Net/EmailRedirect.asp?rid=111679579&url=https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

GET
H/1.1

200
OK

Cookie set timothy.timmermanwd5c56049564wtimothy.timmerman Show response
katkot12.azurewebsites.net/
Redirect Chain

https://www.xpressreg.net/EmailRedirect.asp?rid=111679579&url=https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman
https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman

1 KB
1 KB

400ms
93ms

Document
text/html

52.143.137.150
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman
Requested by: Host: links.ssa.gov
URL: https://links.ssa.gov/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwNzI0LjgzOTQ4MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwNzI0LjgzOTQ4MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xNjc5MzgxOCZlbWFpbGlkPXNlaXMuYXJlY2h5QHNzYS5nb3YmdXNlcmlkPXNlaXMuYXJlY2h5QHNzYS5nb3YmdGFyZ2V0aWQ9JmZsPSZtdmlkPSZleHRyYT0mJiY=&&&100&&&https://www.XpressReg.Net/EmailRedirect.asp?rid=111679579&url=https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.143.137.150 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / PHP/7.0.33 ASP.NET
Resource Hash: d3038c3ae08f5518bbb11d4dfff6841adc0fae7cdf694791e202d504e03c1c1a

Request headers

Host: katkot12.azurewebsites.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Referer: https://links.ssa.gov/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Referer: https://links.ssa.gov/

Response headers

Content-Length: 736
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/7.0.33 ASP.NET
Set-Cookie: ARRAffinity=ae5101c137df84b84072f3d13c875ac542dc4aadae38ddc0eac701e2a5de4d04;Path=/;HttpOnly;Domain=katkot12.azurewebsites.net
Date: Mon, 26 Aug 2019 13:44:34 GMT

Redirect headers

Cache-Control: private
Content-Type: text/html
Location: https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman
Server: Microsoft-IIS/8.5
Set-Cookie: ASPSESSIONIDACVCBDCD=AIHKMPMBHIKPGHLKNIOCJFGL; secure; path=/
Referrer-Policy: no-referrer-when-downgrade
Strict-Transport-Security: max-age=3600; includeSubdomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.cdsreg.com/ https://*.xpressreg.net/ https://*.xpressleadpro.com/ https://*.xpressleadpro.net/ https://*.xpresspaymentservice.com/ https://xpresspaymentservice.com/ https://*.exhibitoremails.com/ https://*.cdsdatasense.Com/ *.digicert.com/ https://*.twimg.com/ https://*.adroll.com/ https://*.ingo.me/ https://ingo.me/ https://*.facebook.net/ https://*.facebook.com/ https://*.doubleclick.net/ https://*.google-analytics.com/ https://*.googleapis.com/ https://*.ads-twitter.com/ https://*.olark.com/ https://*.google.com/ https://*.twitter.com/ https://*.googleadservices.com/ https://*.googletagmanager.com/ https://*.feathr.co/ https://ads.yahoo.com/ https://*.adsrvr.org/ https://*.cloudfront.net/ https://*.lytics.io/ https://hotel-widget-files.s3.amazonaws.com/ https://abm-assets.s3.amazonaws.com/ https://s3.amazonaws.com/ https://settings.luckyorange.net/ https://*.onpeak.com/ https://assets.adobedtm.com/ https://*.googletagmanager.com/ https://*.hotjar.com/ https://*.melissadata.net/ https://*.acs.org/ https://js.hs-scripts.com/ https://js.hs-scripts.com/ https://js.hsforms.net/ https://js.hsleadflows.net/ https://js.hs-analytics.net/ https://forms.hubspot.com/ https://*.xpressreg.local/ https://*.hscollectedforms.net/ https://*.marketo.net/ https://*.gstatic.com/ https://*.addthis.com/ https://app.webreg.me/ https://dpm.demdex.net/ https://acswso.tt.omtrdc.net/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://*.linkedin.com/ https://secure.quantserve.com/ https://rules.quantcount.com/ https://pixel-a.basis.net/ https://pixel.sitescout.com/ https://*.bing.com/ https://*.simplymeasured.com/ https://*.walkme.com/ https://*.dpmsrv.com/ https://*.marinsm.com/ https://*.prfct.co/ https://*.adnxs.com/ https://*.rlcdn.com/ https://*.youtube.com/ https://tags.tiqcdn.com/ https://*.informz.net/ https://*.omeda.com https://*.googletagservices.com https://*.googlesyndication.com https://*.olark.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net https://*.firebaseio.com https://*.googleapis.com https://invt.io http://teamplanner/; img-src * data:;
Date: Mon, 26 Aug 2019 13:44:33 GMT
Content-Length: 203

GET
H/1.1 200
OK jquery-1.9.1.min.js Show response
code.jquery.com/ 90 KB
32 KB 41ms
15ms Script
application/javascript 2001:4de0:ac18::1:a:1b
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.9.1.min.js
Requested by: Host: katkot12.azurewebsites.net
URL: https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 26 Aug 2019 13:44:34 GMT
Content-Encoding: gzip
Last-Modified: Fri, 24 Oct 2014 00:16:07 GMT
Server: nginx
ETag: W/"54499a47-169d5"
Vary: Accept-Encoding
X-HW: 1566827074.dop143.fr8.t,1566827074.cds074.fr8.shn,1566827074.dop143.fr8.t,1566827074.cds011.fr8.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 32772

GET
H2 200 chekeml12.php Show response
layarshield.com//listemails/ 14 B
416 B 530ms
235ms XHR
text/html 185.178.208.144
DDOS-GUARD

General

Check archive.org

Show headers Download Go to

Full URL

https://layarshield.com//listemails/chekeml12.php?email=timothy.timmerman@lcra.org

Requested by

Host: katkot12.azurewebsites.net
URL: https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

185.178.208.144 , Russian Federation, ASN57724 (DDOS-GUARD, RU),

Reverse DNS

ddos-guard.net

Software

ngjit /

Resource Hash

caa6f1864df1f5b08acfc6ac4eebf7bf87e47caf3efadfcf67d43ef7e5d44ef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: cors
Referer: https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Aug 2019 13:44:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ngjit
status: 200
vary: Accept-Encoding
x-nginx-cache-status: HIT
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-server-powered-by: Engintron
content-type: text/html; charset=UTF-8
x-xss-protection: 1; mode=block
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 403
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. Primary Request update12.html Show response
nino12swcwnino12.blob.core.windows.net/owe12/ 544 B
906 B 521ms
99ms Document
application/xml 52.239.155.100
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://nino12swcwnino12.blob.core.windows.net/owe12/update12.html?sp=r&st=2019-08-23T15:35:36Z&se=2019-08-24T03:35:36Z&spr=https&sv=2018-03-28&sig=F4gRCXGzjuPiDfbImnLOaHpOX1q23XLQFLa8gu%2BAdX0%3D&sr=b
Requested by: Host: katkot12.azurewebsites.net
URL: https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.155.100 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: Microsoft-HTTPAPI/2.0 /
Resource Hash: f80343d4c8455cc16eed43404a398c0981c3561d6a3b6beae6b23410f9c08297

Request headers

Host: nino12swcwnino12.blob.core.windows.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Referer: https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Referer: https://katkot12.azurewebsites.net/timothy.timmermanwd5c56049564wtimothy.timmerman

Response headers

Content-Length: 544
Content-Type: application/xml
Server: Microsoft-HTTPAPI/2.0
x-ms-request-id: e383eb20-e01e-001b-2e14-5c9c0c000000
x-ms-error-code: AuthenticationFailed
Date: Mon, 26 Aug 2019 13:44:35 GMT

GET
DATA 200
OK truncated
/ 112 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7a9ebfb7c3ecda0476f5c7350a344469673eb940d967b3bf40054fe667570f0a

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
katkot12.azurewebsites.net
layarshield.com
links.ssa.gov
nino12swcwnino12.blob.core.windows.net
www.xpressreg.net
185.178.208.144
2001:4de0:ac18::1:a:1b
209.134.144.84
52.143.137.150
52.239.155.100
66.203.65.115
7a9ebfb7c3ecda0476f5c7350a344469673eb940d967b3bf40054fe667570f0a
bfa75529ed09defa0dd905dc69fbc3495330f00664064116b42e472b22774c7e
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
caa6f1864df1f5b08acfc6ac4eebf7bf87e47caf3efadfcf67d43ef7e5d44ef2
d3038c3ae08f5518bbb11d4dfff6841adc0fae7cdf694791e202d504e03c1c1a
f80343d4c8455cc16eed43404a398c0981c3561d6a3b6beae6b23410f9c08297

nino12swcwnino12.blob.core.windows.net Open in urlscan Pro 52.239.155.100 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

5 Requests

100 %HTTPS

17 %IPv6

6 Domains

6 Subdomains

6 IPs

4 Countries

36 kBTransfer

93 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

nino12swcwnino12.blob.core.windows.net Open in urlscan Pro
52.239.155.100 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

17 %
IPv6

6
Domains

6
Subdomains

6
IPs

4
Countries

36 kB
Transfer

93 kB
Size

0
Cookies

5 HTTP transactions
1 data transactions