urlscan.io logo urlscan.io
SecurityTrails logo

secureservers.z8.web.core.windows.net Open in urlscan Pro
20.38.113.97  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://secureservers.z8.web.core.windows.net/index.html#virnin@windwood-engr.us
Effective URL: https://secureservers.z8.web.core.windows.net/index.html
Submission: On February 18 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 17 HTTP transactions. The main IP is 20.38.113.97, located in Sydney, Australia and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is secureservers.z8.web.core.windows.net.
TLS certificate: Issued by Microsoft IT TLS CA 4 on January 16th 2020. Valid for: 2 years.
This is the only time secureservers.z8.web.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: GoDaddy (Online)

Domain & IP information

IP Address AS Autonomous System
1 20.38.113.97 8075 (MICROSOFT...)
13 2.20.21.198 20940 (AKAMAI-ASN1)
1 4 23.45.106.92 20940 (AKAMAI-ASN1)
17 3
Apex Domain
Subdomains		 Transfer
13 wsimg.com
img1.wsimg.com
383 KB
4 secureserver.net
events.secureserver.net
3 KB
1 windows.net
secureservers.z8.web.core.windows.net
62 KB
17 3
Domain Requested by
13 img1.wsimg.com secureservers.z8.web.core.windows.net
4 events.secureserver.net 1 redirects
1 secureservers.z8.web.core.windows.net
17 3
Subject Issuer Validity Valid
*.web.core.windows.net
Microsoft IT TLS CA 4		 2020-01-16 -
2022-01-16		 2 years crt.sh
*.wsimg.com
Starfield Secure Certificate Authority - G2		 2018-09-25 -
2020-09-25		 2 years crt.sh
*.secureserver.net
Starfield Secure Certificate Authority - G2		 2019-10-22 -
2021-10-22		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://secureservers.z8.web.core.windows.net/index.html
Frame ID: 9DD01E78F07EA0AD82528F3C60204400
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

447 kB
Transfer

1308 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • https://events.secureserver.net/image.aspx?corrid=1144626977&timestamp=1582068345475&event_type=page.request&page=%2Findex.html&hw=2&browx=1600&browy=1200&resx=1600&resy=1200&cdepth=24&cv=3.7.2&hit_id=4878a911-955a-59b1-a4ed-11af1321019c&referrer=&vs=visible&rand=2121040356&sitename=secureservers.z8.web.core.windows.net&location=https%3A%2F%2Fsecureservers.z8.web.core.windows.net%2Findex.html&visitor_guid=29d5157d-0c50-58d0-9385-5fcf90bd7abc&environment_name=prod HTTP 302
  • https://events.secureserver.net/image.aspx?corrid=1144626977&timestamp=1582068345475&event_type=page.request&page=%2Findex.html&hw=2&browx=1600&browy=1200&resx=1600&resy=1200&cdepth=24&cv=3.7.2&hit_id=4878a911-955a-59b1-a4ed-11af1321019c&referrer=&vs=visible&rand=2121040356&sitename=secureservers.z8.web.core.windows.net&location=https%3A%2F%2Fsecureservers.z8.web.core.windows.net%2Findex.html&visitor_guid=29d5157d-0c50-58d0-9385-5fcf90bd7abc&environment_name=prod&CookieTest=1

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.html
secureservers.z8.web.core.windows.net/ 		61 KB
62 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secureservers.z8.web.core.windows.net/index.html?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.38.113.97 Sydney, Australia, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
9dfcdc4fc99a4a941f99bd2881a0f70786b2ce6a177c106d62367bc50bd701e2

Request headers

Host
secureservers.z8.web.core.windows.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

Content-Length
62724
Content-Type
text/html
Content-MD5
si37I67MsipIY+gpQwrS0A==
Last-Modified
Tue, 18 Feb 2020 23:12:22 GMT
Accept-Ranges
bytes
ETag
"0x8D7B4C8029235AA"
Server
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id
da880811-701e-0003-75b2-e6b0c1000000
x-ms-version
2018-03-28
Date
Tue, 18 Feb 2020 23:25:43 GMT
uxfont.woff2
img1.wsimg.com/ux/fonts/uxfont/2.0/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/ux/fonts/uxfont/2.0/uxfont.woff2
Requested by
Host: secureservers.z8.web.core.windows.net
URL: https://secureservers.z8.web.core.windows.net/index.html?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.21.198 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-20-21-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
87c0f2934654d71243acb7e4fe45c610dc93eef0ccf6e1d5de01c1ef7f06daf5

Request headers

Referer
https://secureservers.z8.web.core.windows.net/index.html?
Origin
https://secureservers.z8.web.core.windows.net
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 18 Feb 2020 23:25:44 GMT
last-modified
Tue, 01 Oct 2019 21:51:42 GMT
access-control-allow-origin
*
etag
W/"f46b9269a278d51:0"
content-type
application/font-woff2
status
200
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
content-length
12096
expires
Wed, 17 Feb 2021 23:25:44 GMT
Boing-Bold.woff2
img1.wsimg.com/ux/fonts/boing/1.0/ 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/ux/fonts/boing/1.0/Boing-Bold.woff2
Requested by
Host: secureservers.z8.web.core.windows.net
URL: https://secureservers.z8.web.core.windows.net/index.html?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.21.198 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-20-21-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
49f6c1034e3661e29c5de12d1c97e489565c7d55fec513c2668a57329367e082

Request headers

Referer
https://secureservers.z8.web.core.windows.net/index.html?
Origin
https://secureservers.z8.web.core.windows.net
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 18 Feb 2020 23:25:44 GMT
last-modified
Fri, 29 Jul 2016 18:49:38 GMT
access-control-allow-origin
*
etag
"ea5a8f5c9e9d11:0"
content-type
application/font-woff2
status
200
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
content-length
28220
expires
Wed, 17 Feb 2021 23:25:44 GMT
gd-sage-bold.woff2
img1.wsimg.com/ux/fonts/gd-sage/1.0/ 		39 KB
39 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/ux/fonts/gd-sage/1.0/gd-sage-bold.woff2
Requested by
Host: secureservers.z8.web.core.windows.net
URL: https://secureservers.z8.web.core.windows.net/index.html?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.21.198 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-20-21-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
89e3135e8430b71c9470eebafc1bb498233cdde661240a03d3e864fb59a890be

Request headers

Referer
https://secureservers.z8.web.core.windows.net/index.html?
Origin
https://secureservers.z8.web.core.windows.net
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 18 Feb 2020 23:25:44 GMT
last-modified
Thu, 04 Apr 2019 17:08:28 GMT
access-control-allow-origin
*
etag
"36811569ebd41:0"
content-type
application/font-woff2
status
200
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
content-length
40132
expires
Wed, 17 Feb 2021 23:25:44 GMT
gdsherpa-bold.woff2
img1.wsimg.com/ux/fonts/sherpa/1.0/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-bold.woff2
Requested by
Host: secureservers.z8.web.core.windows.net
URL: https://secureservers.z8.web.core.windows.net/index.html?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.21.198 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-20-21-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a976c28db56ea7a1e01ccb2b67f9ad923a0cfae8e0be17d0037b29ebb0e6c270

Request headers

Referer
https://secureservers.z8.web.core.windows.net/index.html?
Origin
https://secureservers.z8.web.core.windows.net
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 18 Feb 2020 23:25:44 GMT
last-modified
Thu, 21 Dec 2017 23:08:05 GMT
access-control-allow-origin
*
etag
"2a87a78eb07ad31:0"
content-type
application/font-woff2
status
200
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
content-length
25832
expires
Wed, 17 Feb 2021 23:25:44 GMT
gdsherpa-regular.woff2
img1.wsimg.com/ux/fonts/sherpa/1.0/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-regular.woff2
Requested by
Host: secureservers.z8.web.core.windows.net
URL: https://secureservers.z8.web.core.windows.net/index.html?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.21.198 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-20-21-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4e729cb03aae3843f08d49b187de566cce586da0b384787cc304dbe43a713b70

Request headers

Referer
https://secureservers.z8.web.core.windows.net/index.html?
Origin
https://secureservers.z8.web.core.windows.net
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 18 Feb 2020 23:25:44 GMT
last-modified
Thu, 21 Dec 2017 23:08:07 GMT
access-control-allow-origin
*
etag
"ec1d1690b07ad31:0"
content-type
application/font-woff2
status
200
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
content-length
26620
expires
Wed, 17 Feb 2021 23:25:44 GMT
uxcore2.min.css
img1.wsimg.com/wrhs/2f8e5218e09bd0012bec23f5c701d809/ 		226 KB
37 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/wrhs/2f8e5218e09bd0012bec23f5c701d809/uxcore2.min.css
Requested by
Host: secureservers.z8.web.core.windows.net
URL: https://secureservers.z8.web.core.windows.net/index.html?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.21.198 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-20-21-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
eea4ba381f8d7a4f4ae45955d0ea0d6e27839112f805a4883ffe36f0303bd825

Request headers

Referer
https://secureservers.z8.web.core.windows.net/index.html?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

x-amz-version-id
eE8WwnrOobpmXLfz_fBI6ndBULJtm9Ps
content-encoding
gzip
x-amz-request-id
2572DF9F0CC9A7CF
x-amz-server-side-encryption
AES256
status
200
date
Tue, 18 Feb 2020 23:25:45 GMT
content-length
37322
x-amz-id-2
gZMHFBpGzLLUaQAgZ7vYiw+J9zRgAruc5doMQ6xggjESIomLBjT0+Qpq65ZUaN2dZT8VWu2yA5I=
last-modified
Thu, 24 Oct 2019 20:42:06 GMT
etag
"79d607ece78e5d7f5012f69480440ea6"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 17 Feb 2021 23:25:45 GMT
utilityheader.min.css
img1.wsimg.com/wrhs/8596654eac11ba952e6e1feafb37043f/ 		71 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/wrhs/8596654eac11ba952e6e1feafb37043f/utilityheader.min.css
Requested by
Host: secureservers.z8.web.core.windows.net
URL: https://secureservers.z8.web.core.windows.net/index.html?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.21.198 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-20-21-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ce3d9ff9283c62ed687f679116162a2c49df8173d887f2fc8b12df6289a1856f

Request headers

Referer
https://secureservers.z8.web.core.windows.net/index.html?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

x-amz-version-id
tNSxn3Lij3Jm607mksKppa.zyHMX6.p_
content-encoding
gzip
x-amz-request-id
47C62B23B59A2F5F
x-amz-server-side-encryption
AES256
status
200
date
Tue, 18 Feb 2020 23:25:45 GMT
content-length
12703
x-amz-id-2
3RU6wKldQ938r5pt8LNyrMKFYiffLsoac3wnI0IQvcsS7Rz5ZVGmMTJcObO57VI3Soq3gVJ8anA=
last-modified
Wed, 30 Oct 2019 21:41:46 GMT
etag
"8bda83806010db7a2a9d31dcce1f3d78"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 17 Feb 2021 23:25:45 GMT
tcc.min.js
img1.wsimg.com/wrhs/5c9b528df71b1f94049305db46cb91e4/ 		101 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/wrhs/5c9b528df71b1f94049305db46cb91e4/tcc.min.js
Requested by
Host: secureservers.z8.web.core.windows.net
URL: https://secureservers.z8.web.core.windows.net/index.html?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.21.198 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-20-21-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
702cdbf41879a81b680a2185466c7eda3f3f137372eb430fe47a51963d2e7f28

Request headers

Referer
https://secureservers.z8.web.core.windows.net/index.html?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

x-amz-version-id
Go6DwV8ML8KnbwWLcMqqO8pGeuYkilFH
content-encoding
gzip
x-amz-request-id
048C56079EFF4255
x-amz-server-side-encryption
AES256
status
200
date
Tue, 18 Feb 2020 23:25:45 GMT
content-length
25488
x-amz-id-2
QR3xAi/D3pdC2kyCB42VI+v6VelEuqS3dDcH2LbCpKb9bcETQrftdQlMiqSFNYdecpfRsUJWKqc=
last-modified
Tue, 29 Oct 2019 00:04:49 GMT
etag
"5c9b528df71b1f94049305db46cb91e4"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 17 Feb 2021 23:25:45 GMT
polyfill.min.js
img1.wsimg.com/poly/v3/ 		72 B
615 B 		Script
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/poly/v3/polyfill.min.js?features=Promise,Promise.prototype.finally,fetch,AbortController,Intl.~locale.en-US&rum=0&unknown=polyfill&flags=gated
Requested by
Host: secureservers.z8.web.core.windows.net
URL: https://secureservers.z8.web.core.windows.net/index.html?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.21.198 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-20-21-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://secureservers.z8.web.core.windows.net/index.html?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
normalized-user-agent
chrome/74.0.0
detected-user-agent
Chrome/74.0.3729
status
200
date
Tue, 18 Feb 2020 23:25:45 GMT
request_came_from_shield
HHN
server-timing
HIT-CLUSTER, fastly;desc="Edge time";dur=1, HIT-CLUSTER, fastly;desc="Edge time";dur=1
content-length
90
referrer-policy
origin-when-cross-origin
etag
W/"5a-M7Ohx9dOsJ/5OWr3pJp2+3rdA70"
vary
Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=172800, s-maxage=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 20 Feb 2020 23:25:45 GMT
vendor.min.js
img1.wsimg.com/wrhs/8cb36bd60ad5db1a5950fb0863a1627c/ 		221 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/wrhs/8cb36bd60ad5db1a5950fb0863a1627c/vendor.min.js
Requested by
Host: secureservers.z8.web.core.windows.net
URL: https://secureservers.z8.web.core.windows.net/index.html?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.21.198 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-20-21-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
39a2d460178d50f5a9ddd6e0cdd4b977f43a591024a23a282d17f641eccfebe2

Request headers

Referer
https://secureservers.z8.web.core.windows.net/index.html?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

x-amz-version-id
GwP.BhixK4zmsJJ_XtLC42zX0xIs8uTA
content-encoding
gzip
x-amz-request-id
3F6F7AA4E6610D0F
x-amz-server-side-encryption
AES256
status
200
date
Tue, 18 Feb 2020 23:25:45 GMT
content-length
62078
x-amz-id-2
Yc99EObuLFzvZg/13WOQwQG/S+4dRN310+ALe3jLmPVjM9b9RxLRnmAaYYQjdL8aeNbXVG9eFFA=
last-modified
Wed, 26 Jun 2019 18:26:06 GMT
etag
"8cb36bd60ad5db1a5950fb0863a1627c"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 17 Feb 2021 23:25:45 GMT
uxcore2.min.js
img1.wsimg.com/wrhs/8e93d094e3e56d9eed7c8ed37e369088/ 		247 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/wrhs/8e93d094e3e56d9eed7c8ed37e369088/uxcore2.min.js
Requested by
Host: secureservers.z8.web.core.windows.net
URL: https://secureservers.z8.web.core.windows.net/index.html?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.21.198 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-20-21-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
45d939eb7451442e348692e09e9924f5b8b6c26dcfdb358aa41751437092f4b2

Request headers

Referer
https://secureservers.z8.web.core.windows.net/index.html?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

x-amz-version-id
U6zBmHRe.TQqJg.8IEizUdPtjBINbdPm
content-encoding
gzip
x-amz-request-id
4CFA1FCEE446BA88
x-amz-server-side-encryption
AES256
status
200
date
Tue, 18 Feb 2020 23:25:45 GMT
content-length
59320
x-amz-id-2
OQqVGxoDSKUUBHsnaCdtUtrSyhv+dpbfIcInLCeDCxGLGZpZwyO3uNQQ0AMlj3y9nALJVNhw/PE=
last-modified
Thu, 24 Oct 2019 20:42:12 GMT
etag
"8e93d094e3e56d9eed7c8ed37e369088"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 17 Feb 2021 23:25:45 GMT
heartbeat.min.js
img1.wsimg.com/wrhs/4a3e8d4a329e0cbc5c9e16996cb9b3f7/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/wrhs/4a3e8d4a329e0cbc5c9e16996cb9b3f7/heartbeat.min.js
Requested by
Host: secureservers.z8.web.core.windows.net
URL: https://secureservers.z8.web.core.windows.net/index.html?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.21.198 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-20-21-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
192491b286f108eaf8039bee71fcf5e0e6bea567bd040177b004e74c6de324b9

Request headers

Referer
https://secureservers.z8.web.core.windows.net/index.html?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

x-amz-version-id
LS5uHfIbxGg5tWx6.ME7hRA_J8sAktht
content-encoding
gzip
x-amz-request-id
0A3C008E01C9E72E
x-amz-server-side-encryption
AES256
status
200
date
Tue, 18 Feb 2020 23:25:45 GMT
content-length
1197
x-amz-id-2
ndIGYEaUoNOYkg/XhSnrtSfmAPc0Gtnft8OaLyjMvMu8T86P0of3iWg82i/re8/JaYvQGVElh5I=
last-modified
Wed, 21 Aug 2019 21:34:41 GMT
etag
"4a3e8d4a329e0cbc5c9e16996cb9b3f7"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 17 Feb 2021 23:25:45 GMT
utilityheader.min.js
img1.wsimg.com/wrhs/586ff291e3158461918a1094121d7a6c/ 		249 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/wrhs/586ff291e3158461918a1094121d7a6c/utilityheader.min.js
Requested by
Host: secureservers.z8.web.core.windows.net
URL: https://secureservers.z8.web.core.windows.net/index.html?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.21.198 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-20-21-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
771610443820fc1f8cc915349ac904a01d97a44f39eb5a1109b78e789a481040

Request headers

Referer
https://secureservers.z8.web.core.windows.net/index.html?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

x-amz-version-id
xsrCo8IV10Q4J5L6sgwXR02aHXLzmuMq
content-encoding
gzip
x-amz-request-id
7822BFF5152BA4C8
x-amz-server-side-encryption
AES256
status
200
date
Tue, 18 Feb 2020 23:25:45 GMT
content-length
56051
x-amz-id-2
cFIjH9lE8849P6TgeBYGA8smKaD1tgEuOI8ztpMnu09dGiW60awchZVli84mHxx3iFblLutzhPM=
last-modified
Thu, 24 Oct 2019 20:21:15 GMT
etag
"586ff291e3158461918a1094121d7a6c"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 17 Feb 2021 23:25:45 GMT
pageEvents.aspx
events.secureserver.net/ 		43 B
658 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.secureserver.net/pageEvents.aspx?timestamp=1582068345470&corrid=1144626977&event_type=page.event&eventdate=2020-02-18T23%3A25%3A45.470Z&eventtype=experiment&e_id=traffic.tcc.instrumentation.experiment.add_experiment&usrin=experiment_type%2Cabn%5Eexperiment_id%2Csso.split_io.react_layout.deepsee%5Evariant_id%2Coff%5Econtent_id%2Cundefined%5Eexperiment_source%2CSplitIO&hit_id=5b9fe067-8b81-5dcf-8f79-c623c110a2ea&referrer=&vs=visible&rand=922087316&sitename=secureservers.z8.web.core.windows.net&page=%2Findex.html&location=https%3A%2F%2Fsecureservers.z8.web.core.windows.net%2Findex.html&visitor_guid=29d5157d-0c50-58d0-9385-5fcf90bd7abc&environment_name=prod
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.45.106.92 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-45-106-92.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secureservers.z8.web.core.windows.net/index.html?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Date
Tue, 18 Feb 2020 23:25:45 GMT
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET, PUT, POST, DELETE, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
https://secureservers.z8.web.core.windows.net, *
Access-Control-Max-Age
1000
Cache-Control
private
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
43
X-XSS-Protection
1; mode=block
image.aspx
events.secureserver.net/
Redirect Chain
  • https://events.secureserver.net/image.aspx?corrid=1144626977&timestamp=1582068345475&event_type=page.request&page=%2Findex.html&hw=2&browx=1600&browy=1200&resx=1600&resy=1200&cdepth=24&cv=3.7.2&hit...
  • https://events.secureserver.net/image.aspx?corrid=1144626977&timestamp=1582068345475&event_type=page.request&page=%2Findex.html&hw=2&browx=1600&browy=1200&resx=1600&resy=1200&cdepth=24&cv=3.7.2&hit...
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.secureserver.net/image.aspx?corrid=1144626977&timestamp=1582068345475&event_type=page.request&page=%2Findex.html&hw=2&browx=1600&browy=1200&resx=1600&resy=1200&cdepth=24&cv=3.7.2&hit_id=4878a911-955a-59b1-a4ed-11af1321019c&referrer=&vs=visible&rand=2121040356&sitename=secureservers.z8.web.core.windows.net&location=https%3A%2F%2Fsecureservers.z8.web.core.windows.net%2Findex.html&visitor_guid=29d5157d-0c50-58d0-9385-5fcf90bd7abc&environment_name=prod&CookieTest=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.45.106.92 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-45-106-92.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secureservers.z8.web.core.windows.net/index.html?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Date
Tue, 18 Feb 2020 23:25:45 GMT
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET, PUT, POST, DELETE, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
https://secureservers.z8.web.core.windows.net, *
Access-Control-Max-Age
1000
Cache-Control
private
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
43
X-XSS-Protection
1; mode=block

Redirect headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Date
Tue, 18 Feb 2020 23:25:45 GMT
X-Frame-Options
DENY
Location
https://events.secureserver.net/image.aspx?corrid=1144626977&timestamp=1582068345475&event_type=page.request&page=%2Findex.html&hw=2&browx=1600&browy=1200&resx=1600&resy=1200&cdepth=24&cv=3.7.2&hit_id=4878a911-955a-59b1-a4ed-11af1321019c&referrer=&vs=visible&rand=2121040356&sitename=secureservers.z8.web.core.windows.net&location=https%3A%2F%2Fsecureservers.z8.web.core.windows.net%2Findex.html&visitor_guid=29d5157d-0c50-58d0-9385-5fcf90bd7abc&environment_name=prod&CookieTest=1
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
0
b.aspx
events.secureserver.net/ 		43 B
658 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.secureserver.net/b.aspx?timestamp=1582068345571&corrid=1144626977&event_type=page.log&eventdate=2020-02-18T23%3A25%3A45.571Z&eventtype=pageperf&nav_type=hard&tccin=auto&connectEnd=1582068343939&connectStart=1582068340104&domComplete=1582068345558&domContentLoadedEventEnd=1582068345558&domContentLoadedEventStart=1582068345558&domInteractive=1582068345558&domLoading=1582068344220&domainLookupEnd=1582068340104&domainLookupStart=1582068340104&fetchStart=1582068339853&navigationStart=1582068339853&requestStart=1582068343939&responseEnd=1582068344702&responseStart=1582068344219&loadEventStart=1582068345558&loadEventEnd=0&transferSize=63096&encodedBodySize=62724&decodedBodySize=62724&navigationType=navigate&hit_id=e055a4cd-792e-572b-b773-9f57aa6af93a&referrer=&vs=visible&rand=1968401926&sitename=secureservers.z8.web.core.windows.net&page=%2Findex.html&location=https%3A%2F%2Fsecureservers.z8.web.core.windows.net%2Findex.html&visitor_guid=29d5157d-0c50-58d0-9385-5fcf90bd7abc&environment_name=prod
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.45.106.92 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-45-106-92.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secureservers.z8.web.core.windows.net/index.html?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Date
Tue, 18 Feb 2020 23:25:45 GMT
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET, PUT, POST, DELETE, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
https://secureservers.z8.web.core.windows.net, *
Access-Control-Max-Age
1000
Cache-Control
private
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
43
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: GoDaddy (Online)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| _expDataLayer object| sso string| split object| ux object| _analyticsDataLayer boolean| _tccPageReqFired object| _tccInternal object| _tccTrackingValues object| _trfq object| tcc object| babelHelpers object| React object| ReactDOM object| PropTypes object| ReactTransitionGroup object| heartbeat function| setImmediate function| clearImmediate object| UtilityHeader string| hash function| sendmails

5 Cookies

Domain/Path Name / Value
.windows.net/ Name: visitor
Value: vid=29d5157d-0c50-58d0-9385-5fcf90bd7abc
.windows.net/ Name: fb_sessiontraffic
Value: S_TOUCH=&pathway=29d5157d-0c50-58d0-9385-5fcf90bd7abc&V_DATE=&pc=0
.windows.net/ Name: _policy
Value: %7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D
.windows.net/ Name: pathway
Value: 29d5157d-0c50-58d0-9385-5fcf90bd7abc
.windows.net/ Name: traffic
Value: