westsiouxexhaust.com
Open in
urlscan Pro
162.219.251.215
Malicious Activity!
Public Scan
Effective URL: https://westsiouxexhaust.com/Doc%20file/dell/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&...
Submission: On January 21 via manual from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 12th 2019. Valid for: 3 months.
This is the only time westsiouxexhaust.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 4 | 199.30.234.131 199.30.234.131 | 13380 (ASN-CUST) (ASN-CUST) | |
2 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:2a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:3a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 | 52.239.184.1 52.239.184.1 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 9 | 162.219.251.215 162.219.251.215 | 33494 (IHNET) (IHNET) | |
14 | 5 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
voicemaillinkedin.z20.web.core.windows.net |
ASN33494 (IHNET, US)
PTR: mail215.mets.unisonplatform.com
westsiouxexhaust.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
westsiouxexhaust.com
2 redirects
westsiouxexhaust.com |
620 KB |
4 |
zixcentral.com
1 redirects
link.zixcentral.com |
7 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
29 KB |
1 |
windows.net
voicemaillinkedin.z20.web.core.windows.net |
473 B |
1 |
jquery.com
code.jquery.com |
30 KB |
14 | 5 |
Domain | Requested by | |
---|---|---|
9 | westsiouxexhaust.com |
2 redirects
westsiouxexhaust.com
|
4 | link.zixcentral.com |
1 redirects
link.zixcentral.com
|
2 | maxcdn.bootstrapcdn.com |
link.zixcentral.com
|
1 | voicemaillinkedin.z20.web.core.windows.net |
code.jquery.com
|
1 | code.jquery.com |
link.zixcentral.com
|
14 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.zixcentral.com AffirmTrust Certificate Authority - OV1 |
2019-03-28 - 2021-03-28 |
2 years | crt.sh |
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA |
2019-09-14 - 2020-10-13 |
a year | crt.sh |
jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
*.web.core.windows.net Microsoft IT TLS CA 4 |
2019-05-09 - 2021-05-09 |
2 years | crt.sh |
westsiouxexhaust.com cPanel, Inc. Certification Authority |
2019-12-12 - 2020-03-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://westsiouxexhaust.com/Doc%20file/dell/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=
Frame ID: 631FB66846DE688E9B0E5E624A2CFA40
Requests: 14 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://link.zixcentral.com/u/bdb5da0e/3GDAbcI76hGQr1XXhnsoMg?u=https%3A%2F%2Fvoicemaillinkedin.z20.web.... Page URL
-
https://link.zixcentral.com/filter
HTTP 302
https://voicemaillinkedin.z20.web.core.windows.net/voice.html Page URL
-
https://westsiouxexhaust.com/Doc%20file/dell
HTTP 301
https://westsiouxexhaust.com/Doc%20file/dell/ HTTP 302
https://westsiouxexhaust.com/Doc%20file/dell/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLig... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://link.zixcentral.com/u/bdb5da0e/3GDAbcI76hGQr1XXhnsoMg?u=https%3A%2F%2Fvoicemaillinkedin.z20.web.core.windows.net%2Fvoice.html Page URL
-
https://link.zixcentral.com/filter
HTTP 302
https://voicemaillinkedin.z20.web.core.windows.net/voice.html Page URL
-
https://westsiouxexhaust.com/Doc%20file/dell
HTTP 301
https://westsiouxexhaust.com/Doc%20file/dell/ HTTP 302
https://westsiouxexhaust.com/Doc%20file/dell/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 6- https://link.zixcentral.com/filter HTTP 302
- https://voicemaillinkedin.z20.web.core.windows.net/voice.html
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
3GDAbcI76hGQr1XXhnsoMg
link.zixcentral.com/u/bdb5da0e/ |
2 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
link.zixcentral.com/css/ |
819 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.2.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ |
36 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
link.zixcentral.com/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
voice.html
voicemaillinkedin.z20.web.core.windows.net/ Redirect Chain
|
89 B 473 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
westsiouxexhaust.com/Doc%20file/dell/ Redirect Chain
|
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
conv.min.css
westsiouxexhaust.com/Doc%20file/dell/css/ |
18 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lofo.png
westsiouxexhaust.com/Doc%20file/dell/images/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
continue.png
westsiouxexhaust.com/Doc%20file/dell/images/ |
495 B 804 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
m7.png
westsiouxexhaust.com/Doc%20file/dell/images/ |
500 B 809 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
small.jpg
westsiouxexhaust.com/Doc%20file/dell/images/ |
8 KB 8 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
t1.jpg
westsiouxexhaust.com/Doc%20file/dell/images/ |
566 KB 566 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
link.zixcentral.com
maxcdn.bootstrapcdn.com
voicemaillinkedin.z20.web.core.windows.net
westsiouxexhaust.com
162.219.251.215
199.30.234.131
2001:4de0:ac19::1:b:2a
2001:4de0:ac19::1:b:3a
52.239.184.1
0168c4dfc58a529baa6f03a90b9f42c7324ddece9bc9c58cd5e75c37e9568ce3
02c670eb2cb59643bcbc1d64189c9b32408be0fd1de5d253beae9813892d010d
0b0e8860dc323f2d3431b407330217eaa8ed3a0c022a6949fb0ba9008a5a0cff
28716af890a232d0f275cb44df7c221e58930a57a9747259e9b676516edb8ca5
3d000cbdcdc0df76bfdcdf541c31d1c0fa0dec624bc480f069c13a8471e77272
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
7764c38d71f5ee52d39f237f08b4e82b4715c73bfa0afbaee30a60b0dfd058ca
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8c52987fbc48500c2a81bd52f81d44324e31e7ecadbebd111a02f912be232cfd
97a4488434a10d406081498268d1c4452209922cf1c5802134ad9d3693c41112
c2d5ac2e5a041d4925fd77de1880a678ad3638186f57e0970e0e081c6c8812d4
e28a4d3ce46cc255311c8963e26608da71366362fe18d24d060cceb8dbc9c3e1
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c