crytptpodlog.azurewebsites.net Open in urlscan Pro
20.49.104.41 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://crytptpodlog.azurewebsites.net/
Effective URL:
https://crytptpodlog.azurewebsites.net/
Submission: On May 10 via api (May 10th 2023, 3:19:05 am UTC) from US — Scanned from DE

Summary HTTP 24 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 24 HTTP transactions. The main IP is 20.49.104.41, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is crytptpodlog.azurewebsites.net.
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 02 on March 10th 2023. Valid for: a year.

This is the only time crytptpodlog.azurewebsites.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Crypto.com (Crypto)

Domain & IP information

	IP Address	AS Autonomous System
1 10	20.49.104.41 20.49.104.41	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	20.38.37.39 20.38.37.39	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
9	23.36.162.17 23.36.162.17	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	23.36.162.205 23.36.162.205	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
24	4

10 20.49.104.41 (Tappahannock, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

crytptpodlog.azurewebsites.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.38.37.39 (Phoenix, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

chat.officemyoffice.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.36.162.17 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-162-17.deploy.static.akamaitechnologies.com

cdn.livechatinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.36.162.205 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-162-205.deploy.static.akamaitechnologies.com

api.livechatinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.livechatinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
accounts.livechatinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	livechatinc.com cdn.livechatinc.com — Cisco Umbrella Rank: 5442 api.livechatinc.com — Cisco Umbrella Rank: 5050 secure.livechatinc.com — Cisco Umbrella Rank: 6394 accounts.livechatinc.com — Cisco Umbrella Rank: 6956	387 KB
10	azurewebsites.net 1 redirects crytptpodlog.azurewebsites.net	894 KB
1	officemyoffice.com chat.officemyoffice.com	1004 B
24	3

	Domain	Requested by
10	crytptpodlog.azurewebsites.net	1 redirects crytptpodlog.azurewebsites.net
9	cdn.livechatinc.com	chat.officemyoffice.com secure.livechatinc.com
3	api.livechatinc.com	cdn.livechatinc.com
1	accounts.livechatinc.com	cdn.livechatinc.com
1	secure.livechatinc.com	cdn.livechatinc.com
1	chat.officemyoffice.com	crytptpodlog.azurewebsites.net
24	6

This site contains no links.

Subject Issuer	Validity	Valid
*.azurewebsites.net Microsoft Azure TLS Issuing CA 02	`2023-03-10` - `2024-03-04`	a year	crt.sh
chat.officemyoffice.com R3	`2023-04-03` - `2023-07-02`	3 months	crt.sh
livechat.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-09`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://crytptpodlog.azurewebsites.net/
Frame ID: D6E185F63C098058B07D3DED800288FA
Requests: 14 HTTP requests in this frame

Frame: https://secure.livechatinc.com/customer/action/open_chat?license_id=15406401&group=0&embedded=1&widget_version=3&unique_groups=0
Frame ID: 85FFEB0137E3019704E34D3E7E712F35
Requests: 9 HTTP requests in this frame

Frame: https://cdn.livechatinc.com/widget/o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2
Frame ID: 9D8565671F52A01D49CFB844CCE4BC96
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Crypto | LogIn

Page URL History Show full URLs

http://crytptpodlog.azurewebsites.net/ HTTP 301
https://crytptpodlog.azurewebsites.net/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

LiveChat (Live Chat) Expand

Overall confidence: 100%
Detected patterns

cdn\.livechatinc\.com/.*tracking\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

24
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

6
Subdomains

4
IPs

2
Countries

1282 kB
Transfer

2088 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://crytptpodlog.azurewebsites.net/ HTTP 301
https://crytptpodlog.azurewebsites.net/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
crytptpodlog.azurewebsites.net/
Redirect Chain

http://crytptpodlog.azurewebsites.net/
https://crytptpodlog.azurewebsites.net/

4 KB
2 KB

293ms
104ms

Document
text/html

20.49.104.41
MICROSOFT-CORP-MS...

General

Domain/Path	Expires	Name / Value
.accounts.livechatinc.com/v2/customer/token	1970-01-20 21:17:28	Name: __lc_cid Value: 7b4e5f27-4d5d-4c7e-8507-3ca01e40f394
.accounts.livechatinc.com/v2/customer/token	1970-01-20 21:17:28	Name: __lc_cst Value: 9266335a822ac51582942797b19b6333bba6577011aa85b778c09329574e0ea9c582fa82fba23646bfe5062dd421d8e4b21ac9e5684323ce1b151ab28eac
.accounts.livechatinc.com/customer/token	1970-01-20 21:17:28	Name: __lc_cid Value: 7b4e5f27-4d5d-4c7e-8507-3ca01e40f394
.accounts.livechatinc.com/customer/token	1970-01-20 21:17:28	Name: __lc_cst Value: 9266335a822ac51582942797b19b6333bba6577011aa85b778c09329574e0ea9c582fa82fba23646bfe5062dd421d8e4b21ac9e5684323ce1b151ab28eac
accounts.livechatinc.com/	1970-01-20 11:41:28	Name: __oauth_redirect_detector Value: counter=1&t=1683688772&tag=ca60373b4b19b607906ea5a1609449dfababfabc

crytptpodlog.azurewebsites.net Open in urlscan Pro 20.49.104.41 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

24 Requests

100 %HTTPS

0 %IPv6

3 Domains

6 Subdomains

4 IPs

2 Countries

1282 kBTransfer

2088 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

5 Cookies

Indicators

crytptpodlog.azurewebsites.net Open in urlscan Pro
20.49.104.41 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

6
Subdomains

4
IPs

2
Countries

1282 kB
Transfer

2088 kB
Size

5
Cookies

24 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!