charter-personalverification2.azurewebsites.net
Open in
urlscan Pro
40.122.114.229
Malicious Activity!
Public Scan
Effective URL: https://charter-personalverification2.azurewebsites.net/spect/zo/5th15be1thn65ed41tnh65e4d1gt6541nhed65t4g1nhj6e5d4g16/log/sycho/mail.html
Submission Tags: @ipnigh
Submission: On August 18 via api from GB
Summary
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on May 10th 2019. Valid for: 2 years.
This is the only time charter-personalverification2.azurewebsites.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Spectrum (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 10 | 40.122.114.229 40.122.114.229 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
3 | 204.9.29.117 204.9.29.117 | 394765 (NEXXPHASE) (NEXXPHASE - Verint Americas Inc) | |
4 | 34.197.1.58 34.197.1.58 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
4 | 2.18.232.23 2.18.232.23 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 | 142.136.168.58 142.136.168.58 | 3456 (TWC-3456-IT) (TWC-3456-IT - Charter Communications Inc) | |
1 2 | 63.140.40.131 63.140.40.131 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
22 | 6 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
charter-personalverification2.azurewebsites.net |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-197-1-58.compute-1.amazonaws.com
registration.timewarnercable.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-23.deploy.static.akamaitechnologies.com
assets.adobedtm.com |
ASN3456 (TWC-3456-IT - Charter Communications Inc, US)
PTR: twcnc.com
www.timewarnercable.com |
ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: timewarnercable.com.ssl.sc.omtrdc.net
metrics.timewarnercable.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
azurewebsites.net
1 redirects
charter-personalverification2.azurewebsites.net |
26 KB |
7 |
timewarnercable.com
1 redirects
registration.timewarnercable.com www.timewarnercable.com metrics.timewarnercable.com |
197 KB |
4 |
adobedtm.com
assets.adobedtm.com |
61 KB |
3 |
nextit.com
twc.nextit.com |
566 KB |
22 | 4 |
Domain | Requested by | |
---|---|---|
10 | charter-personalverification2.azurewebsites.net |
1 redirects
charter-personalverification2.azurewebsites.net
registration.timewarnercable.com |
4 | assets.adobedtm.com |
charter-personalverification2.azurewebsites.net
assets.adobedtm.com |
4 | registration.timewarnercable.com |
charter-personalverification2.azurewebsites.net
|
3 | twc.nextit.com |
charter-personalverification2.azurewebsites.net
twc.nextit.com |
2 | metrics.timewarnercable.com |
1 redirects
charter-personalverification2.azurewebsites.net
|
1 | www.timewarnercable.com |
charter-personalverification2.azurewebsites.net
|
22 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.timewarnercable.com |
help.twcable.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.azurewebsites.net DigiCert SHA2 Secure Server CA |
2019-05-10 - 2021-05-10 |
2 years | crt.sh |
*.nextit.com DigiCert SHA2 Secure Server CA |
2017-07-03 - 2019-09-05 |
2 years | crt.sh |
registration.timewarnercable.com DigiCert SHA2 Secure Server CA |
2018-07-30 - 2019-09-09 |
a year | crt.sh |
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA |
2019-06-27 - 2021-07-01 |
2 years | crt.sh |
timewarnercable.com DigiCert SHA2 Secure Server CA |
2018-08-28 - 2019-10-05 |
a year | crt.sh |
metrics.timewarnercable.com DigiCert SHA2 High Assurance Server CA |
2018-08-26 - 2019-11-29 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://charter-personalverification2.azurewebsites.net/spect/zo/5th15be1thn65ed41tnh65e4d1gt6541nhed65t4g1nhj6e5d4g16/log/sycho/mail.html
Frame ID: 3590F108773AD5D64F8505E090AF4429
Requests: 22 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://charter-personalverification2.azurewebsites.net/spect/zo/5th15be1thn65ed41tnh65e4d1gt6541nhed65t4g1nhj6e5d4g16/log/sycho/mai...
HTTP 301
https://charter-personalverification2.azurewebsites.net/spect/zo/5th15be1thn65ed41tnh65e4d1gt6541nhed65t4g1nhj6e5d4g16/log/sycho/mai... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Adobe DTM (Tag Managers) Expand
Detected patterns
- script /\/\/assets.adobedtm.com\//i
Page Statistics
8 Outgoing links
These are links going to different origins than the main page.
Title: Learn how to enable cookies >
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Terms, Conditions & Policies
Search URL Search Domain Scan URL
Title: Regulatory
Search URL Search Domain Scan URL
Title: Forward-Looking Statements Caution
Search URL Search Domain Scan URL
Title: California Privacy Rights
Search URL Search Domain Scan URL
Title: Website Terms of Use
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://charter-personalverification2.azurewebsites.net/spect/zo/5th15be1thn65ed41tnh65e4d1gt6541nhed65t4g1nhj6e5d4g16/log/sycho/mail.html
HTTP 301
https://charter-personalverification2.azurewebsites.net/spect/zo/5th15be1thn65ed41tnh65e4d1gt6541nhed65t4g1nhj6e5d4g16/log/sycho/mail.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 20- https://metrics.timewarnercable.com/b/ss/tsg2resdev3/1/JS-1.6.3/s89295321454281?AQB=1&ndh=1&pf=1&t=18%2F7%2F2019%202%3A25%3A44%200%20-120&ce=UTF-8&ns=twctsg&pageName=%20zo%20%3E%205th15be1thn65ed41tnh65e4d1gt6541nhed65t4g1nhj6e5d4g16%20%3E%20log%20%3E%20sycho%20%3E%20mail&g=https%3A%2F%2Fcharter-personalverification2.azurewebsites.net%2Fspect%2Fzo%2F5th15be1thn65ed41tnh65e4d1gt6541nhed65t4g1nhj6e5d4g16%2Flog%2Fsycho%2Fmail.html&cc=USD&events=events92&c50=tsg2resdev3&s=1600x1200&c=24&j=1.6&v=N&k=N&bw=1600&bh=1200&AQE=1 HTTP 302
- https://metrics.timewarnercable.com/b/ss/tsg2resdev3/1/JS-1.6.3/s89295321454281?AQB=1&pccr=true&vidn=2EAC4D8785313693-4000012AE0010B82&&ndh=1&pf=1&t=18%2F7%2F2019%202%3A25%3A44%200%20-120&ce=UTF-8&ns=twctsg&pageName=%20zo%20%3E%205th15be1thn65ed41tnh65e4d1gt6541nhed65t4g1nhj6e5d4g16%20%3E%20log%20%3E%20sycho%20%3E%20mail&g=https%3A%2F%2Fcharter-personalverification2.azurewebsites.net%2Fspect%2Fzo%2F5th15be1thn65ed41tnh65e4d1gt6541nhed65t4g1nhj6e5d4g16%2Flog%2Fsycho%2Fmail.html&cc=USD&events=events92&c50=tsg2resdev3&s=1600x1200&c=24&j=1.6&v=N&k=N&bw=1600&bh=1200&AQE=1
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
mail.html
charter-personalverification2.azurewebsites.net/spect/zo/5th15be1thn65ed41tnh65e4d1gt6541nhed65t4g1nhj6e5d4g16/log/sycho/ Redirect Chain
|
12 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
live-engage-33ab08eac0fc563c11786eaeaeafa297.js
charter-personalverification2.azurewebsites.net/assets/manifests/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NIT.Alme.Combined.min.css
twc.nextit.com/LiveEngage/css/ |
287 KB 145 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-e0840a2377ffb951560096d54780f0cc.css
charter-personalverification2.azurewebsites.net/spect/zo/5th15be1thn65ed41tnh65e4d1gt6541nhed65t4g1nhj6e5d4g16/log/sycho/ |
117 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
residential-3fb2aab5e1ac64a4882e2cd3667dd61b.js
registration.timewarnercable.com/assets/manifests/ |
757 KB 189 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
satelliteLib-bf4c9cc3c49ed4732bad6e252bbb04506eb5ba85.js
assets.adobedtm.com/a011e94b6ba81cdcfdf24acdb480b5e4204c4dea/ |
91 KB 29 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
password-073824b0f6d47b0bea411aa56050a644.css
registration.timewarnercable.com/assets/layouts/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
username-89f3e24688a380aa37e16091c863d204.css
registration.timewarnercable.com/assets/password/reset/ |
399 B 480 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Spectrum_Logo_White.png
www.timewarnercable.com/content/dam/careportals/common/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
username-68b329da9893e34099c7d8ad5cb9c940.js
charter-personalverification2.azurewebsites.net/assets/password/reset/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
residential-deferred-57a7c928205befe7cef982d99c35f28f.js
charter-personalverification2.azurewebsites.net/assets/manifests/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NIT.Alme.Combined.min.js
twc.nextit.com/LiveEngage/js/ |
1 MB 414 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
OpenSans-Regular.ttf
charter-personalverification2.azurewebsites.net/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
satellite-55f30acb66383100170008e0.js
assets.adobedtm.com/a011e94b6ba81cdcfdf24acdb480b5e4204c4dea/scripts/ |
77 KB 27 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
password-073824b0f6d47b0bea411aa56050a644.css
registration.timewarnercable.com/assets/layouts/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
username-68b329da9893e34099c7d8ad5cb9c940.js
charter-personalverification2.azurewebsites.net/assets/password/reset/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
OpenSans-Bold.ttf
charter-personalverification2.azurewebsites.net/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
residential-deferred-57a7c928205befe7cef982d99c35f28f.js
charter-personalverification2.azurewebsites.net/assets/manifests/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
satellite-5577350c66303900141c0500.js
assets.adobedtm.com/a011e94b6ba81cdcfdf24acdb480b5e4204c4dea/scripts/ |
235 B 471 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
satellite-544855f6618ab202cc0001c0.js
assets.adobedtm.com/a011e94b6ba81cdcfdf24acdb480b5e4204c4dea/scripts/ |
15 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
GetConfiguration
twc.nextit.com/almeapi/api/Configuration/ |
6 KB 7 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s89295321454281
metrics.timewarnercable.com/b/ss/tsg2resdev3/1/JS-1.6.3/ Redirect Chain
|
43 B 768 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Spectrum (Telecommunication)110 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| lpTag string| liveEngageSiteId string| mboxCopyright number| mboxVersion object| mboxFactories object| mboxFactoryDefault function| mboxLoadSCPlugin function| mboxTrack function| mboxTrackDefer function| mboxTrackLink undefined| demdex_raw undefined| tapMboxBuilder function| $ function| jQuery function| DP_jQuery_1566087943409 function| _ object| Backbone function| mboxUrlBuilder function| mboxStandardFetcher function| mboxAjaxFetcher function| mboxMap function| mboxFactory function| mboxSignaler function| mboxList function| mboxLocatorDefault function| mboxLocatorNode function| mboxCreate function| mboxDefine function| mboxUpdate function| mbox function| mboxOfferContent function| mboxOfferAjax function| mboxOfferDefault function| mboxCookieManager function| mboxSession function| mboxPC function| mboxGetPageParameter function| mboxSetCookie function| mboxGetCookie function| mboxCookiePageDomain function| mboxShiftArray function| mboxGenerateId function| mboxScreenHeight function| mboxScreenWidth function| mboxBrowserWidth function| mboxBrowserHeight function| mboxBrowserTimeOffset function| mboxScreenColorDepth function| mboxScPluginFetcher function| mboxVizTargetUrl function| jpackage object| twc string| s_account function| Visitor object| _satellite object| s_c_il number| s_c_in object| visitor object| s number| noneIndex function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq boolean| runOnce number| s_objectID number| s_giq function| check object| angular function| Spinner object| core object| __core-js_shared__ object| firebase function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| NIT object| NITAgentSettings function| clearSessionCookies string| val string| f0 string| j string| tempEvar75 string| n string| s_tnt object| s_i_tsg2resdev3 object| jQuery1112019177617598619845 function| AskAlme function| askalme function| askAlme function| lpChatMethod function| lpGetAuthenticationToken function| onFocus undefined| d undefined| expires function| queryHandler function| urlHandler object| urlObject function| getUrlObject object| entityMap function| cleanValue function| flashTrack function| getPageTitle string| pageTitle function| getPropByName function| trackPageNameFromFlash function| trackVideoActionFromFlash function| trackVideoNameFromFlash0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.adobedtm.com
charter-personalverification2.azurewebsites.net
metrics.timewarnercable.com
registration.timewarnercable.com
twc.nextit.com
www.timewarnercable.com
142.136.168.58
2.18.232.23
204.9.29.117
34.197.1.58
40.122.114.229
63.140.40.131
01148e0436139d091516908f6ead502ef9b79dc49e153530149d3892fcadb3b5
114e132f7dea6c791f041465022044455543f54a9751c1e8af52b68b18eb70e9
2847b32984bf6c970865ea4e48ef04094bc347a4a297d6172adeb0b79a6ddbbd
2c44a15c6525cc371931ab2f9f5dfb239d43570e60e6d03bf6a484edb36b0a6c
4d64965d0183a8dc14ec5cc483792e3a9883f238131f5322482654988db45f2d
4f56e56126793fb8ee95268febdf502e9ec4045b3375163ad69083d68650a544
555505816de342b84adcc239e5ea0a221341c0eb6aefe1e93783006b133c5ad8
5913bb4a9fd7d858b0879c770d688f148a30216eb57dd32afcd3119371966cbc
8012c400680cc6a7cbee2c573a8efbe539417e38f4dea37459742e44cc5c3d01
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
ad58701cd2418ec758c563d0903e33abf6b6bd4b3ba8f3d9f5d7482c2acfb6f8
c1c5ccbfd59083efdaf0afc3a4edf5076482b6896390f294edd5561e4cb0b083
c9561de33baca3be5fc0fbe735fb7296a3a44d0f973922322af5bf80b551796e