survey.zohopublic.com
Open in
urlscan Pro
204.141.42.97
Malicious Activity!
Public Scan
Submission: On September 20 via api from US
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 4th 2020. Valid for: 2 years.
This is the only time survey.zohopublic.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 204.141.42.97 204.141.42.97 | 2639 (ZOHO-AS) (ZOHO-AS) | |
1 | 204.141.43.162 204.141.43.162 | 2639 (ZOHO-AS) (ZOHO-AS) | |
4 | 204.141.42.123 204.141.42.123 | 2639 (ZOHO-AS) (ZOHO-AS) | |
13 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
zohopublic.com
survey.zohopublic.com |
95 KB |
4 |
zohostatic.com
css5.zohostatic.com js5.zohostatic.com |
244 KB |
1 |
zoho.com
webfonts.zoho.com |
4 KB |
13 | 3 |
Domain | Requested by | |
---|---|---|
8 | survey.zohopublic.com |
survey.zohopublic.com
|
3 | css5.zohostatic.com |
survey.zohopublic.com
css5.zohostatic.com |
1 | js5.zohostatic.com |
survey.zohopublic.com
|
1 | webfonts.zoho.com |
survey.zohopublic.com
|
13 | 4 |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.zohopublic.com Sectigo RSA Domain Validation Secure Server CA |
2020-03-04 - 2022-03-04 |
2 years | crt.sh |
*.zoho.com Thawte RSA CA 2018 |
2020-05-31 - 2021-05-31 |
a year | crt.sh |
*.zohostatic.com Thawte RSA CA 2018 |
2020-05-31 - 2021-05-31 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://survey.zohopublic.com/zs/MdB3fv
Frame ID: 29A8FBB10C29DB6EC7F23363E695715F
Requests: 13 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
MdB3fv
survey.zohopublic.com/zs/ |
37 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css
webfonts.zoho.com/ |
31 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
publishedform_utils.css
css5.zohostatic.com/zohosurvey/v5_88/dist/assets/styles/ |
314 KB 52 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
publishedform_utils.js
js5.zohostatic.com/zohosurvey/v5_88/js/ |
682 KB 190 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
form-structure.css
survey.zohopublic.com/survey/themes/new/form-styles/ |
25 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css
survey.zohopublic.com/survey/api/v1/public/livesurveys/MdB3fv/theme/web/download/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base-form-media.css
survey.zohopublic.com/survey/themes/new/form-styles/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
survey.png
survey.zohopublic.com/survey/images/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image
survey.zohopublic.com/survey/api/v1/public/livesurveys/MdB3fv/images/YzQ4NThhOTYtNDBhYi00ODEyLTkzMzItMzk1MjE1NzU2OTk5/web/download/ |
58 KB 58 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
zsLogo.svg
survey.zohopublic.com/themes/new/form-images/ |
6 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spacer.gif
survey.zohopublic.com/images/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
selectboxArrow.svg
css5.zohostatic.com/zohosurvey/v5_88/dist/assets/images/ |
214 B 551 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ico_search.svg
css5.zohostatic.com/zohosurvey/v5_88/dist/assets/images/ |
688 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)35 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| constuctScrollScript function| getScrollScriptContext function| setScrollWithSelector function| checkHasOverflow object| ZSC object| BarName object| ReviewCons object| ZSMIXIN_CONS object| ZSMixin_Util object| ZSCommonUtil object| ZS_Utils function| ZSEncodeURIComponent object| RatingUtil object| ZSPublishLogic object| CollectResponse object| CacheResponse function| domObserver object| DOMobserver_mixin object| domObserverMixin function| noScroll function| initializeScrollWithSelector function| initializeScroll function| getScrollContext function| setScroll function| valueSetter object| CustomScroll function| $ function| jQuery object| jQuery111306246072146924491 object| NProgress object| SuperScrollbar object| Ss function| ZSDynamicScript object| pageArray4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
survey.zohopublic.com/ | Name: _zcsr_tmp Value: 95d9fbf0-0628-4b68-a9d9-09dff4f68fc5 |
|
survey.zohopublic.com/ | Name: JSESSIONID Value: E03D03ECA8518F6193E891C1D608EE85 |
|
survey.zohopublic.com/ | Name: aprmjrnpkcrkks Value: 95d9fbf0-0628-4b68-a9d9-09dff4f68fc5 |
|
survey.zohopublic.com/ | Name: 53aac31ef0 Value: 4dc25f4aab3ce5280b95264f749eb59b |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000 |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
css5.zohostatic.com
js5.zohostatic.com
survey.zohopublic.com
webfonts.zoho.com
204.141.42.123
204.141.42.97
204.141.43.162
1c094cc992ef4594efb2627b08c9943b233e0eec11d825d3bcb0d80737e6249b
3b957f3762b4d2c56e94c18e0aa62220845a49d0d460438e3f2280528be21ca0
45502e342f9a8e79d9f356ae6ffdb96dcf73fc6193e35771f23b6b29238e9a57
5b44137cb1f67741894a85eda08861a2a4cf9dc67ca3dfe9250960809635350e
5c95dbee865718e6ccf78641b70f1f0282fc4e2e1931ba6c65abe7a26ce94bc8
6224d6dbc337c3e605bc817112b755a8277d1c44250f42e3c1f184792b398e09
64907bac65b3d6080557dbc26e2cc1ec94433cce8a4b7ad63dcf7ba4b959f948
6b5bb8ae1d61fea49925a29a378b51edb37c6aea67ae4271aac8df6a3ae5d54a
8112589963110a383ea6267dbe55eceb83723bc73a2093e16fbd5efdf7e69070
82540426ff98cad23eb41afa62b53df672dcbe95cb8e4ea6a5b8ee6eb8864b37
8cdc8909c7d0c73d5adf4898412e9597517eb50295140d41c4c39353c869c013
9a6f78b33c9a3634f6e0d35728320b4a63c838ccfc8f9ae946a855f339252e97
f0844f44dbe95958517b9b3287a5f1302f2f4b11f7f25cc4816012f102a5b1b3