![](/screenshots/936eae31-aaca-48bd-bd72-8d32d9b6f24b.png)
safeweb.norton.com
Open in
urlscan Pro
104.42.58.25
Public Scan
Effective URL: https://safeweb.norton.com/images/STW/default/&stwurl=mx2.dnsmadeeasy.com
Submission: On September 25 via manual from CH
Summary
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on January 18th 2020. Valid for: 2 years.
This is the only time safeweb.norton.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 9 | 104.42.58.25 104.42.58.25 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
5 | 18.197.253.20 18.197.253.20 | 16509 (AMAZON-02) (AMAZON-02) | |
1 3 | 34.254.111.26 34.254.111.26 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 34.248.49.247 34.248.49.247 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 15.236.175.233 15.236.175.233 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 66.117.28.86 66.117.28.86 | 15224 (OMNITURE) (OMNITURE) | |
1 | 54.194.111.119 54.194.111.119 | 16509 (AMAZON-02) (AMAZON-02) | |
19 | 6 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
safeweb.norton.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
nexus.ensighten.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-111-26.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-49-247.eu-west-1.compute.amazonaws.com
symantec.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-175-233.eu-west-3.compute.amazonaws.com
oms.norton.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-111-119.eu-west-1.compute.amazonaws.com
symantec.tt.omtrdc.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
norton.com
1 redirects
safeweb.norton.com oms.norton.com |
398 KB |
5 |
ensighten.com
nexus.ensighten.com |
91 KB |
4 |
demdex.net
1 redirects
dpm.demdex.net symantec.demdex.net |
3 KB |
1 |
omtrdc.net
symantec.tt.omtrdc.net |
946 B |
1 |
everesttech.net
1 redirects
cm.everesttech.net |
554 B |
19 | 5 |
Domain | Requested by | |
---|---|---|
9 | safeweb.norton.com |
1 redirects
safeweb.norton.com
|
5 | nexus.ensighten.com |
safeweb.norton.com
nexus.ensighten.com |
3 | dpm.demdex.net |
1 redirects
safeweb.norton.com
|
2 | oms.norton.com |
nexus.ensighten.com
|
1 | symantec.tt.omtrdc.net |
nexus.ensighten.com
|
1 | cm.everesttech.net | 1 redirects |
1 | symantec.demdex.net |
nexus.ensighten.com
|
19 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
community.norton.com |
sitedirector.norton.com |
www.nortonlifelock.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
shasta-clt.norton.com DigiCert SHA2 Secure Server CA |
2020-01-18 - 2022-01-18 |
2 years | crt.sh |
nexus.ensighten.com DigiCert SHA2 Secure Server CA |
2020-09-09 - 2021-10-11 |
a year | crt.sh |
*.demdex.net DigiCert SHA2 High Assurance Server CA |
2018-01-09 - 2021-02-12 |
3 years | crt.sh |
oms.norton.com DigiCert SHA2 High Assurance Server CA |
2020-08-28 - 2021-09-29 |
a year | crt.sh |
*.tt.omtrdc.net DigiCert SHA2 High Assurance Server CA |
2017-10-19 - 2020-11-25 |
3 years | crt.sh |
This page contains 2 frames:
Primary Page:
https://safeweb.norton.com/images/STW/default/&stwurl=mx2.dnsmadeeasy.com
Frame ID: A43E134319738521C16D9B5DF4B0438B
Requests: 18 HTTP requests in this frame
Frame:
https://symantec.demdex.net/dest5.html?d_nsid=0
Frame ID: FC50D0EB9D49F709ADFC868E8886CE13
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/936eae31-aaca-48bd-bd72-8d32d9b6f24b.png)
Page URL History Show full URLs
-
http://safeweb.norton.com/images/STW/default/&stwurl=mx2.dnsmadeeasy.com
HTTP 301
https://safeweb.norton.com/images/STW/default/&stwurl=mx2.dnsmadeeasy.com Page URL
Detected technologies
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
13 Outgoing links
These are links going to different origins than the main page.
Title: User Forums
Search URL Search Domain Scan URL
Title: Leave Feedback
Search URL Search Domain Scan URL
Title: Norton Account
Search URL Search Domain Scan URL
Title: Norton Family
Search URL Search Domain Scan URL
Title: Norton Online Backup
Search URL Search Domain Scan URL
Title: Norton Password Manager
Search URL Search Domain Scan URL
Title: Norton Management
Search URL Search Domain Scan URL
Title: Norton Mobile Security
Search URL Search Domain Scan URL
Title: Norton Update Center
Search URL Search Domain Scan URL
Title: Norton.com
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Terms of Service
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://safeweb.norton.com/images/STW/default/&stwurl=mx2.dnsmadeeasy.com
HTTP 301
https://safeweb.norton.com/images/STW/default/&stwurl=mx2.dnsmadeeasy.com Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 8- https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1601034507902 HTTP 302
- https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1601034507902
- https://cm.everesttech.net/cm/dd?d_uuid=84704472182803191080835270383587283328 HTTP 302
- https://dpm.demdex.net/ibs:dpid=411&dpuuid=X23ZDAAABlOCFVL0
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
&stwurl=mx2.dnsmadeeasy.com
safeweb.norton.com/images/STW/default/ Redirect Chain
|
20 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
application-8522d12989b90bb08bf350f6eace01e8.css
safeweb.norton.com/assets/ |
152 KB 152 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
application-f426810b71b715a2bc477b26372e926d.js
safeweb.norton.com/assets/ |
202 KB 202 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Bootstrap.js
nexus.ensighten.com/symantec/cp1/ |
204 KB 67 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
om_code_min.js
nexus.ensighten.com/symantec/scode/ |
922 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s_code_min.js
nexus.ensighten.com/symantec/scode/ |
64 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-master-norton.gif
safeweb.norton.com/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nav-user.png
safeweb.norton.com/images/global/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NortonLifeLock-Horizontal-Greyscale-Light.png
safeweb.norton.com/images/global/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rd
dpm.demdex.net/id/ Redirect Chain
|
367 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrows.png
safeweb.norton.com/images/global/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header-bg1.png
safeweb.norton.com/images/global/ |
947 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
serverComponent.php
nexus.ensighten.com/symantec/cp1/ |
273 B 415 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
663687745e8b82875c31e7bdb4d675de.js
nexus.ensighten.com/symantec/cp1/code/ |
247 B 429 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
![]() symantec.demdex.net/ Frame FC50 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
id
oms.norton.com/ |
48 B 483 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibs:dpid=411&dpuuid=X23ZDAAABlOCFVL0
dpm.demdex.net/ Redirect Chain
|
42 B 915 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s35503511675560
oms.norton.com/b/ss/symanteccom/1/JS-2.22.0/ |
43 B 611 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
json
symantec.tt.omtrdc.net/m2/symantec/mbox/ |
1 KB 946 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
103 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| onToggle function| toggleFooter function| getcsrfToken number| toggleState function| logout function| ls_cb function| onHelpfulClick function| onReviewSortByClick boolean| reportAbuseAjaxReq function| reportAbuse boolean| addSiteajaxReq function| addSite boolean| siteAddFnAjReq function| siteAddFn boolean| delSiteAjaxReq boolean| rmSiteFrmAjaxReq function| SiteRemove undefined| site_db_id undefined| verify_method boolean| metaPopAjaxReq boolean| metaFormAjaReq function| metaVerify boolean| filePopAjaxReq boolean| fileFormAjaReq function| fileVerify boolean| feedReq function| callFeedBack boolean| commentAjaxReq boolean| onrFrmAjaxReq function| addOwner boolean| ownerAjaxReq function| ownerAddFn boolean| emailFrmAjaxReq function| subscribe_email boolean| subEmailAjaxReq function| subEmailFn boolean| captchAjaxReq function| showNewImage function| validateShareForm function| getShareData function| $ function| jQuery object| jQuery17109507498983002629 object| autoLoginLogout object| Turbolinks object| ensBootstraps object| Bootstrapper function| targetPageParams object| ruleMETA object| adobe function| Visitor object| s_c_il number| s_c_in object| visitor function| _log object| ___target_traces object| v function| mboxCreate function| mboxDefine function| mboxUpdate object| _enslog function| getMetaData function| getReportSuite object| metaData function| s_getLoadTime function| removeTxt function| internalSearchLinkClick_Natural function| s_doPlugins function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_Media function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq string| s_account object| s number| s_loadT object| _numeric_ string| PageN object| expiration_date function| trackCustomDownload object| uStudio number| s_objectID number| s_giq undefined| s_code function| timerReset function| headerSignInclick function| siteValidate object| val function| validateDispName function| dispErrMap function| showMsg function| showAlert function| closeAlert string| url string| s_tnt string| tmp object| s_i_symanteccom string| tntVal string| ipGeoLocation object| ttMETA function| debugttMETA3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.norton.com/ | Name: mbox Value: session#51e6196c32e24433ac70deb550cb06ae#1601036368 |
|
.norton.com/ | Name: at_check Value: true |
|
.norton.com/ | Name: AMCV_67C716D751E567F70A490D4C%40AdobeOrg Value: 1585540135%7CMCIDTS%7C18531%7CvVersion%7C4.4.0 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cm.everesttech.net
dpm.demdex.net
nexus.ensighten.com
oms.norton.com
safeweb.norton.com
symantec.demdex.net
symantec.tt.omtrdc.net
104.42.58.25
15.236.175.233
18.197.253.20
34.248.49.247
34.254.111.26
54.194.111.119
66.117.28.86
3435d8acbc3833ef3b80190629db1851ed83590d7a107613109ea5286152cd55
48e2459cd5160ab33f258bcd86d78661909d6a9c0f974d8b5a37ec97031d33ce
4fb542b079add88738a70a092f4d3f86c75c9e3297c2c5a30c14da7725824c40
7fa7ba7691e054afed137d1d56a288f2e35917531a8ae1cb8ff07d402b9cf318
89e2536f63e24e339b8e83ea201af16a264323ee5fc9a8860c39c3f2bc3f99c6
905d6cc1a25f01a3b390f04719becc11d4138be61c2ca16735a1cede4e196dbb
923b40884f5301af15d65908e4ac996a88020c7570d5be396e1d60ad20b4006e
94256d70bf38d1677d48ed645cdee348c6528d2478c31fa644a7a19b4fcbbe7f
961fb2a7d67efdc1bb679e15009627a9b1ce7ddac5fb56e356bec79ace81ad69
96903fbeb0fd38c4b2b8008d5813f7ba528252d67bf50ffb6012330a6b7a6fbc
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
b0af1ba507123f8538b84c9d1e17587636c10a23718406e55826129ef19cb069
b1573b65b148e8bb5a25aabec1d9dd0b25868ae881c2e7d7ae5bfd58a5e5cd45
dff718e065a28a394895cbb1c2ee9377fb76bbaad0d1eab3dce7873487e4d339
e476916f43267774e4f0c2ac31f0e4410f0d368a385580665cf855e9ae5dc1e5
e5445a3c82de892f26cedb6c9caa2a98db2f7b0bf97c6e742bbc94a653298999
ec22080d138768a606790d95f2d6e3cbe5e5249d99a91f6fc442f822501d5cea
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629