secureservers.z8.web.core.windows.net
Open in
urlscan Pro
20.38.113.97
Malicious Activity!
Public Scan
Effective URL: https://secureservers.z8.web.core.windows.net/index.html
Submission: On February 18 via manual from US
Summary
TLS certificate: Issued by Microsoft IT TLS CA 4 on January 16th 2020. Valid for: 2 years.
This is the only time secureservers.z8.web.core.windows.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: GoDaddy (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 20.38.113.97 20.38.113.97 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
13 | 2.20.21.198 2.20.21.198 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 4 | 23.45.106.92 23.45.106.92 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
17 | 3 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
secureservers.z8.web.core.windows.net |
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-20-21-198.deploy.static.akamaitechnologies.com
img1.wsimg.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-45-106-92.deploy.static.akamaitechnologies.com
events.secureserver.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
wsimg.com
img1.wsimg.com |
383 KB |
4 |
secureserver.net
1 redirects
events.secureserver.net |
3 KB |
1 |
windows.net
secureservers.z8.web.core.windows.net |
62 KB |
17 | 3 |
Domain | Requested by | |
---|---|---|
13 | img1.wsimg.com |
secureservers.z8.web.core.windows.net
|
4 | events.secureserver.net | 1 redirects |
1 | secureservers.z8.web.core.windows.net | |
17 | 3 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.web.core.windows.net Microsoft IT TLS CA 4 |
2020-01-16 - 2022-01-16 |
2 years | crt.sh |
*.wsimg.com Starfield Secure Certificate Authority - G2 |
2018-09-25 - 2020-09-25 |
2 years | crt.sh |
*.secureserver.net Starfield Secure Certificate Authority - G2 |
2019-10-22 - 2021-10-22 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://secureservers.z8.web.core.windows.net/index.html
Frame ID: 9DD01E78F07EA0AD82528F3C60204400
Requests: 17 HTTP requests in this frame
59 Outgoing links
These are links going to different origins than the main page.
Title: Argentina - Espa�ol
Search URL Search Domain Scan URL
Title: Australia - English
Search URL Search Domain Scan URL
Title: Belgi� - Nederlands
Search URL Search Domain Scan URL
Title: Belgique - Fran�ais
Search URL Search Domain Scan URL
Title: Brasil - Portugu�s
Search URL Search Domain Scan URL
Title: Canada - English
Search URL Search Domain Scan URL
Title: Canada - Fran�ais
Search URL Search Domain Scan URL
Title: Chile - Espa�ol
Search URL Search Domain Scan URL
Title: Colombia - Espa�ol
Search URL Search Domain Scan URL
Title: Danmark - Dansk
Search URL Search Domain Scan URL
Title: Deutschland - Deutsch
Search URL Search Domain Scan URL
Title: Espa�a - Espa�ol
Search URL Search Domain Scan URL
Title: Estados Unidos - Espa�ol
Search URL Search Domain Scan URL
Title: France - Fran�ais
Search URL Search Domain Scan URL
Title: Hong Kong - English
Search URL Search Domain Scan URL
Title: India - English
Search URL Search Domain Scan URL
Title: India - ?????
Search URL Search Domain Scan URL
Title: India - ?????
Search URL Search Domain Scan URL
Title: India - ?????
Search URL Search Domain Scan URL
Title: Indonesia - Bahasa Indonesia
Search URL Search Domain Scan URL
Title: Ireland - English
Search URL Search Domain Scan URL
Title: Israel - English
Search URL Search Domain Scan URL
Title: Italia - Italiano
Search URL Search Domain Scan URL
Title: Malaysia - English
Search URL Search Domain Scan URL
Title: M�xico - Espa�ol
Search URL Search Domain Scan URL
Title: Nederland - Nederlands
Search URL Search Domain Scan URL
Title: New Zealand - English
Search URL Search Domain Scan URL
Title: Norge - Bokm�l
Search URL Search Domain Scan URL
Title: �sterreich - Deutsch
Search URL Search Domain Scan URL
Title: Pakistan - English
Search URL Search Domain Scan URL
Title: Per� - Espa�ol
Search URL Search Domain Scan URL
Title: Philippines - English
Search URL Search Domain Scan URL
Title: Polska - Polski
Search URL Search Domain Scan URL
Title: Portugal - Portugu�s
Search URL Search Domain Scan URL
Title: Schweiz - Deutsch
Search URL Search Domain Scan URL
Title: Singapore - English
Search URL Search Domain Scan URL
Title: South Africa - English
Search URL Search Domain Scan URL
Title: Suisse - Fran�ais
Search URL Search Domain Scan URL
Title: Suomi - Suomi
Search URL Search Domain Scan URL
Title: Sverige - Svenska
Search URL Search Domain Scan URL
Title: Svizzera - Italiano
Search URL Search Domain Scan URL
Title: T�rkiye - T�rk�e
Search URL Search Domain Scan URL
Title: United Arab Emirates - English
Search URL Search Domain Scan URL
Title: United Kingdom - English
Search URL Search Domain Scan URL
Title: United States - English
Search URL Search Domain Scan URL
Title: Venezuela - Espa�ol
Search URL Search Domain Scan URL
Title: Vi?t Nam - Ti?ng Vi?t
Search URL Search Domain Scan URL
Title: ????da - ????????
Search URL Search Domain Scan URL
Title: ?????? - ???????
Search URL Search Domain Scan URL
Title: ??????? - ??????????
Search URL Search Domain Scan URL
Title: ??? - ???
Search URL Search Domain Scan URL
Title: ???? - ???
Search URL Search Domain Scan URL
Title: ?? - ????
Search URL Search Domain Scan URL
Title: ??? - ????
Search URL Search Domain Scan URL
Title: ?? - ???
Search URL Search Domain Scan URL
Title: ?? - ????
Search URL Search Domain Scan URL
Title: Phone numbers and hours
Search URL Search Domain Scan URL
Title: Get Help
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 14- https://events.secureserver.net/image.aspx?corrid=1144626977×tamp=1582068345475&event_type=page.request&page=%2Findex.html&hw=2&browx=1600&browy=1200&resx=1600&resy=1200&cdepth=24&cv=3.7.2&hit_id=4878a911-955a-59b1-a4ed-11af1321019c&referrer=&vs=visible&rand=2121040356&sitename=secureservers.z8.web.core.windows.net&location=https%3A%2F%2Fsecureservers.z8.web.core.windows.net%2Findex.html&visitor_guid=29d5157d-0c50-58d0-9385-5fcf90bd7abc&environment_name=prod HTTP 302
- https://events.secureserver.net/image.aspx?corrid=1144626977×tamp=1582068345475&event_type=page.request&page=%2Findex.html&hw=2&browx=1600&browy=1200&resx=1600&resy=1200&cdepth=24&cv=3.7.2&hit_id=4878a911-955a-59b1-a4ed-11af1321019c&referrer=&vs=visible&rand=2121040356&sitename=secureservers.z8.web.core.windows.net&location=https%3A%2F%2Fsecureservers.z8.web.core.windows.net%2Findex.html&visitor_guid=29d5157d-0c50-58d0-9385-5fcf90bd7abc&environment_name=prod&CookieTest=1
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
secureservers.z8.web.core.windows.net/ |
61 KB 62 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uxfont.woff2
img1.wsimg.com/ux/fonts/uxfont/2.0/ |
12 KB 12 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Boing-Bold.woff2
img1.wsimg.com/ux/fonts/boing/1.0/ |
28 KB 28 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gd-sage-bold.woff2
img1.wsimg.com/ux/fonts/gd-sage/1.0/ |
39 KB 39 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gdsherpa-bold.woff2
img1.wsimg.com/ux/fonts/sherpa/1.0/ |
25 KB 25 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gdsherpa-regular.woff2
img1.wsimg.com/ux/fonts/sherpa/1.0/ |
26 KB 26 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uxcore2.min.css
img1.wsimg.com/wrhs/2f8e5218e09bd0012bec23f5c701d809/ |
226 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utilityheader.min.css
img1.wsimg.com/wrhs/8596654eac11ba952e6e1feafb37043f/ |
71 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tcc.min.js
img1.wsimg.com/wrhs/5c9b528df71b1f94049305db46cb91e4/ |
101 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfill.min.js
img1.wsimg.com/poly/v3/ |
72 B 615 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor.min.js
img1.wsimg.com/wrhs/8cb36bd60ad5db1a5950fb0863a1627c/ |
221 KB 61 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uxcore2.min.js
img1.wsimg.com/wrhs/8e93d094e3e56d9eed7c8ed37e369088/ |
247 KB 58 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
heartbeat.min.js
img1.wsimg.com/wrhs/4a3e8d4a329e0cbc5c9e16996cb9b3f7/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utilityheader.min.js
img1.wsimg.com/wrhs/586ff291e3158461918a1094121d7a6c/ |
249 KB 55 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pageEvents.aspx
events.secureserver.net/ |
43 B 658 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image.aspx
events.secureserver.net/ Redirect Chain
|
43 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b.aspx
events.secureserver.net/ |
43 B 658 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: GoDaddy (Online)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| _expDataLayer object| sso string| split object| ux object| _analyticsDataLayer boolean| _tccPageReqFired object| _tccInternal object| _tccTrackingValues object| _trfq object| tcc object| babelHelpers object| React object| ReactDOM object| PropTypes object| ReactTransitionGroup object| heartbeat function| setImmediate function| clearImmediate object| UtilityHeader string| hash function| sendmails5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.windows.net/ | Name: visitor Value: vid=29d5157d-0c50-58d0-9385-5fcf90bd7abc |
|
.windows.net/ | Name: fb_sessiontraffic Value: S_TOUCH=&pathway=29d5157d-0c50-58d0-9385-5fcf90bd7abc&V_DATE=&pc=0 |
|
.windows.net/ | Name: _policy Value: %7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D |
|
.windows.net/ | Name: pathway Value: 29d5157d-0c50-58d0-9385-5fcf90bd7abc |
|
.windows.net/ | Name: traffic Value: |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
events.secureserver.net
img1.wsimg.com
secureservers.z8.web.core.windows.net
2.20.21.198
20.38.113.97
23.45.106.92
192491b286f108eaf8039bee71fcf5e0e6bea567bd040177b004e74c6de324b9
39a2d460178d50f5a9ddd6e0cdd4b977f43a591024a23a282d17f641eccfebe2
45d939eb7451442e348692e09e9924f5b8b6c26dcfdb358aa41751437092f4b2
49f6c1034e3661e29c5de12d1c97e489565c7d55fec513c2668a57329367e082
4e729cb03aae3843f08d49b187de566cce586da0b384787cc304dbe43a713b70
702cdbf41879a81b680a2185466c7eda3f3f137372eb430fe47a51963d2e7f28
771610443820fc1f8cc915349ac904a01d97a44f39eb5a1109b78e789a481040
87c0f2934654d71243acb7e4fe45c610dc93eef0ccf6e1d5de01c1ef7f06daf5
89e3135e8430b71c9470eebafc1bb498233cdde661240a03d3e864fb59a890be
9dfcdc4fc99a4a941f99bd2881a0f70786b2ce6a177c106d62367bc50bd701e2
a976c28db56ea7a1e01ccb2b67f9ad923a0cfae8e0be17d0037b29ebb0e6c270
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
ce3d9ff9283c62ed687f679116162a2c49df8173d887f2fc8b12df6289a1856f
eea4ba381f8d7a4f4ae45955d0ea0d6e27839112f805a4883ffe36f0303bd825