westsiouxexhaust.com Open in urlscan Pro
162.219.251.215 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://link.zixcentral.com/u/bdb5da0e/3GDAbcI76hGQr1XXhnsoMg?u=https%3A%2F%2Fvoicemaillinkedin.z20.web.core.windows.net%2Fv...
Effective URL:
https://westsiouxexhaust.com/Doc%20file/dell/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&...
Submission: On January 21 via manual (January 21st 2020, 3:07:33 pm UTC) from US

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 14 HTTP transactions. The main IP is 162.219.251.215, located in Los Angeles, United States and belongs to IHNET, US. The main domain is westsiouxexhaust.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 12th 2019. Valid for: 3 months.

This is the only time westsiouxexhaust.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 4	199.30.234.131 199.30.234.131	13380 (ASN-CUST) (ASN-CUST)
2	2001:4de0:ac1... 2001:4de0:ac19::1:b:2a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:3a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	52.239.184.1 52.239.184.1	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 9	162.219.251.215 162.219.251.215	33494 (IHNET) (IHNET)
14	5

4 199.30.234.131 (United States) 1 redirects

ASN13380 (ASN-CUST, US)

link.zixcentral.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac19::1:b:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.239.184.1 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

voicemaillinkedin.z20.web.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 162.219.251.215 (Los Angeles, United States) 2 redirects

ASN33494 (IHNET, US)
PTR: mail215.mets.unisonplatform.com

westsiouxexhaust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	westsiouxexhaust.com 2 redirects westsiouxexhaust.com	620 KB
4	zixcentral.com 1 redirects link.zixcentral.com	7 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com	29 KB
1	windows.net voicemaillinkedin.z20.web.core.windows.net	473 B
1	jquery.com code.jquery.com	30 KB
14	5

	Domain	Requested by
9	westsiouxexhaust.com	2 redirects westsiouxexhaust.com
4	link.zixcentral.com	1 redirects link.zixcentral.com
2	maxcdn.bootstrapcdn.com	link.zixcentral.com
1	voicemaillinkedin.z20.web.core.windows.net	code.jquery.com
1	code.jquery.com	link.zixcentral.com
14	5

This site contains no links.

Subject Issuer	Validity	Valid
*.zixcentral.com AffirmTrust Certificate Authority - OV1	`2019-03-28` - `2021-03-28`	2 years	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-09-14` - `2020-10-13`	a year	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
*.web.core.windows.net Microsoft IT TLS CA 4	`2019-05-09` - `2021-05-09`	2 years	crt.sh
westsiouxexhaust.com cPanel, Inc. Certification Authority	`2019-12-12` - `2020-03-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://westsiouxexhaust.com/Doc%20file/dell/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=
Frame ID: 631FB66846DE688E9B0E5E624A2CFA40
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://link.zixcentral.com/u/bdb5da0e/3GDAbcI76hGQr1XXhnsoMg?u=https%3A%2F%2Fvoicemaillinkedin.z20.web.... Page URL
https://link.zixcentral.com/filter HTTP 302
https://voicemaillinkedin.z20.web.core.windows.net/voice.html Page URL
https://westsiouxexhaust.com/Doc%20file/dell HTTP 301
https://westsiouxexhaust.com/Doc%20file/dell/ HTTP 302
https://westsiouxexhaust.com/Doc%20file/dell/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLig... Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

14
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

685 kB
Transfer

863 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://link.zixcentral.com/u/bdb5da0e/3GDAbcI76hGQr1XXhnsoMg?u=https%3A%2F%2Fvoicemaillinkedin.z20.web.core.windows.net%2Fvoice.html Page URL
https://link.zixcentral.com/filter HTTP 302
https://voicemaillinkedin.z20.web.core.windows.net/voice.html Page URL
https://westsiouxexhaust.com/Doc%20file/dell HTTP 301
https://westsiouxexhaust.com/Doc%20file/dell/ HTTP 302
https://westsiouxexhaust.com/Doc%20file/dell/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://link.zixcentral.com/filter HTTP 302
https://voicemaillinkedin.z20.web.core.windows.net/voice.html

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Cookie set 3GDAbcI76hGQr1XXhnsoMg Show response
link.zixcentral.com/u/bdb5da0e/ 2 KB
3 KB 776ms
156ms Document
text/html 199.30.234.131
ASN-CUST

General

Check archive.org

Show headers Download Go to

Full URL: https://link.zixcentral.com/u/bdb5da0e/3GDAbcI76hGQr1XXhnsoMg?u=https%3A%2F%2Fvoicemaillinkedin.z20.web.core.windows.net%2Fvoice.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 199.30.234.131 , United States, ASN13380 (ASN-CUST, US),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: e28a4d3ce46cc255311c8963e26608da71366362fe18d24d060cceb8dbc9c3e1

Request headers

Host: link.zixcentral.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User: ?1

Response headers

Server: nginx/1.12.2
Date: Tue, 21 Jan 2020 15:07:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2460
Connection: keep-alive
Cache-Control: no-cache
Set-Cookie: BIGipServer~ETP~link=!T2KZ6pjMDssD5NQ6BbBGkx3HYpi91Oob1p1dpzVyYP68XHp3yObmB634JKQiFa1c+H2E3sz80+Vgeu8=; path=/; Httponly; Secure

GET
H/1.1 200
OK app.css
link.zixcentral.com/css/ 819 B
1 KB 144ms
143ms Stylesheet
text/css 199.30.234.131
ASN-CUST

General

Check archive.org

Show headers Download Go to

Full URL: https://link.zixcentral.com/css/app.css?v=1
Requested by: Host: link.zixcentral.com
URL: https://link.zixcentral.com/u/bdb5da0e/3GDAbcI76hGQr1XXhnsoMg?u=https%3A%2F%2Fvoicemaillinkedin.z20.web.core.windows.net%2Fvoice.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 199.30.234.131 , United States, ASN13380 (ASN-CUST, US),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: 8c52987fbc48500c2a81bd52f81d44324e31e7ecadbebd111a02f912be232cfd

Request headers

Referer: https://link.zixcentral.com/u/bdb5da0e/3GDAbcI76hGQr1XXhnsoMg?u=https%3A%2F%2Fvoicemaillinkedin.z20.web.core.windows.net%2Fvoice.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 21 Jan 2020 15:07:14 GMT
Last-Modified: Wed, 18 Dec 2019 17:30:48 GMT
Server: nginx/1.12.2
ETag: "5dfa6248-333"
Content-Type: text/css
Cache-Control: max-age
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 819

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 118 KB
20 KB 23ms
8ms Stylesheet
text/css 2001:4de0:ac19::1:b:2a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Requested by: Host: link.zixcentral.com
URL: https://link.zixcentral.com/u/bdb5da0e/3GDAbcI76hGQr1XXhnsoMg?u=https%3A%2F%2Fvoicemaillinkedin.z20.web.core.windows.net%2Fvoice.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://link.zixcentral.com/u/bdb5da0e/3GDAbcI76hGQr1XXhnsoMg?u=https%3A%2F%2Fvoicemaillinkedin.z20.web.core.windows.net%2Fvoice.html
Origin: https://link.zixcentral.com

Response headers

date: Tue, 21 Jan 2020 15:07:14 GMT
content-encoding: gzip
last-modified: Wed, 12 Dec 2018 18:34:07 GMT
access-control-allow-origin: *
etag: "1544639647"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
status: 200
cache-control: public, max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
timing-allow-origin: *
content-length: 19740

GET
H/1.1 200
OK jquery-3.2.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 21ms
7ms Script
application/javascript 2001:4de0:ac19::1:b:3a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.min.js
Requested by: Host: link.zixcentral.com
URL: https://link.zixcentral.com/u/bdb5da0e/3GDAbcI76hGQr1XXhnsoMg?u=https%3A%2F%2Fvoicemaillinkedin.z20.web.core.windows.net%2Fvoice.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://link.zixcentral.com/u/bdb5da0e/3GDAbcI76hGQr1XXhnsoMg?u=https%3A%2F%2Fvoicemaillinkedin.z20.web.core.windows.net%2Fvoice.html
Origin: https://link.zixcentral.com

Response headers

Date: Tue, 21 Jan 2020 15:07:14 GMT
Content-Encoding: gzip
Last-Modified: Mon, 20 Mar 2017 19:01:15 GMT
Server: nginx
ETag: W/"58d026fb-15283"
Vary: Accept-Encoding
X-HW: 1579619234.dop003.fr8.shc,1579619234.dop003.fr8.t,1579619234.cds133.fr8.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 30125

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ 36 KB
10 KB 28ms
12ms Script
text/javascript 2001:4de0:ac19::1:b:2a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
Requested by: Host: link.zixcentral.com
URL: https://link.zixcentral.com/u/bdb5da0e/3GDAbcI76hGQr1XXhnsoMg?u=https%3A%2F%2Fvoicemaillinkedin.z20.web.core.windows.net%2Fvoice.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://link.zixcentral.com/u/bdb5da0e/3GDAbcI76hGQr1XXhnsoMg?u=https%3A%2F%2Fvoicemaillinkedin.z20.web.core.windows.net%2Fvoice.html
Origin: https://link.zixcentral.com

Response headers

date: Tue, 21 Jan 2020 15:07:14 GMT
content-encoding: gzip
last-modified: Wed, 12 Dec 2018 18:33:51 GMT
access-control-allow-origin: *
etag: "1544639631"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
status: 200
cache-control: public, max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
timing-allow-origin: *
content-length: 9832

GET
H/1.1 200
OK logo.png
link.zixcentral.com/ 3 KB
3 KB 281ms
138ms Image
image/png 199.30.234.131
ASN-CUST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://link.zixcentral.com/logo.png
Requested by: Host: link.zixcentral.com
URL: https://link.zixcentral.com/u/bdb5da0e/3GDAbcI76hGQr1XXhnsoMg?u=https%3A%2F%2Fvoicemaillinkedin.z20.web.core.windows.net%2Fvoice.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 199.30.234.131 , United States, ASN13380 (ASN-CUST, US),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: 0168c4dfc58a529baa6f03a90b9f42c7324ddece9bc9c58cd5e75c37e9568ce3

Request headers

Referer: https://link.zixcentral.com/u/bdb5da0e/3GDAbcI76hGQr1XXhnsoMg?u=https%3A%2F%2Fvoicemaillinkedin.z20.web.core.windows.net%2Fvoice.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 21 Jan 2020 15:07:14 GMT
Cache-Control: no-cache
Server: nginx/1.12.2
Connection: keep-alive
Content-Length: 2916
Content-Type: image/png

GET
H/1.1

200
OK

voice.html
voicemaillinkedin.z20.web.core.windows.net/
Redirect Chain

https://link.zixcentral.com/filter
https://voicemaillinkedin.z20.web.core.windows.net/voice.html

89 B
473 B

711ms
297ms

Document
text/html

52.239.184.1
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://voicemaillinkedin.z20.web.core.windows.net/voice.html
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.2.1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.184.1 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

Host: voicemaillinkedin.z20.web.core.windows.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://link.zixcentral.com/u/bdb5da0e/3GDAbcI76hGQr1XXhnsoMg?u=https%3A%2F%2Fvoicemaillinkedin.z20.web.core.windows.net%2Fvoice.html
Accept-Encoding: gzip, deflate, br
Origin: https://link.zixcentral.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://link.zixcentral.com/u/bdb5da0e/3GDAbcI76hGQr1XXhnsoMg?u=https%3A%2F%2Fvoicemaillinkedin.z20.web.core.windows.net%2Fvoice.html

Response headers

Content-Length: 89
Content-Type: text/html; charset=utf-8
Content-MD5: lKdLtgmNZl7OJJMondIJgg==
Last-Modified: Mon, 20 Jan 2020 19:49:23 GMT
Accept-Ranges: bytes
ETag: "0x8D79DE1D996522A"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 803b4ca8-701e-0122-7f6c-d00bca000000
x-ms-version: 2018-03-28
Date: Tue, 21 Jan 2020 15:07:19 GMT

Redirect headers

Server: nginx/1.12.2
Date: Tue, 21 Jan 2020 15:07:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://voicemaillinkedin.z20.web.core.windows.net/voice.html
Cache-Control: no-cache

GET
H/1.1

200
OK

Primary Request login.php Show response
westsiouxexhaust.com/Doc%20file/dell/
Redirect Chain

https://westsiouxexhaust.com/Doc%20file/dell
https://westsiouxexhaust.com/Doc%20file/dell/
https://westsiouxexhaust.com/Doc%20file/dell/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=

5 KB
5 KB

172ms
171ms

Document
text/html

162.219.251.215
IHNET

General

Check archive.org

Show headers Download Go to

Full URL

https://westsiouxexhaust.com/Doc%20file/dell/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

162.219.251.215 Los Angeles, United States, ASN33494 (IHNET, US),

Reverse DNS

mail215.mets.unisonplatform.com

Software

Apache /

Resource Hash

3d000cbdcdc0df76bfdcdf541c31d1c0fa0dec624bc480f069c13a8471e77272

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;

Request headers

Host: westsiouxexhaust.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://voicemaillinkedin.z20.web.core.windows.net/voice.html
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://voicemaillinkedin.z20.web.core.windows.net/voice.html

Response headers

Date: Tue, 21 Jan 2020 15:07:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Keep-Alive: timeout=5, max=19998
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Tue, 21 Jan 2020 15:07:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Location: login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=
Content-Length: 0
Keep-Alive: timeout=5, max=19999
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK conv.min.css
westsiouxexhaust.com/Doc%20file/dell/css/ 18 KB
18 KB 167ms
167ms Stylesheet
text/css 162.219.251.215
IHNET

General

Check archive.org

Show headers Download Go to

Full URL

https://westsiouxexhaust.com/Doc%20file/dell/css/conv.min.css

Requested by

Host: westsiouxexhaust.com
URL: https://westsiouxexhaust.com/Doc%20file/dell/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

162.219.251.215 Los Angeles, United States, ASN33494 (IHNET, US),

Reverse DNS

mail215.mets.unisonplatform.com

Software

Apache /

Resource Hash

c2d5ac2e5a041d4925fd77de1880a678ad3638186f57e0970e0e081c6c8812d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;

Request headers

Referer: https://westsiouxexhaust.com/Doc%20file/dell/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 21 Jan 2020 15:07:21 GMT
Last-Modified: Mon, 09 Jul 2018 22:59:30 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=19997
Content-Length: 18000

GET
H/1.1 200
OK lofo.png
westsiouxexhaust.com/Doc%20file/dell/images/ 20 KB
20 KB 478ms
167ms Image
image/png 162.219.251.215
IHNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://westsiouxexhaust.com/Doc%20file/dell/images/lofo.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

162.219.251.215 Los Angeles, United States, ASN33494 (IHNET, US),

Reverse DNS

mail215.mets.unisonplatform.com

Software

Apache /

Resource Hash

28716af890a232d0f275cb44df7c221e58930a57a9747259e9b676516edb8ca5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;

Request headers

Referer: https://westsiouxexhaust.com/Doc%20file/dell/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 21 Jan 2020 15:07:21 GMT
Last-Modified: Tue, 10 Jul 2018 01:59:34 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=19996
Content-Length: 20631

GET
H/1.1 200
OK continue.png
westsiouxexhaust.com/Doc%20file/dell/images/ 495 B
804 B 491ms
171ms Image
image/png 162.219.251.215
IHNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://westsiouxexhaust.com/Doc%20file/dell/images/continue.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

162.219.251.215 Los Angeles, United States, ASN33494 (IHNET, US),

Reverse DNS

mail215.mets.unisonplatform.com

Software

Apache /

Resource Hash

97a4488434a10d406081498268d1c4452209922cf1c5802134ad9d3693c41112

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;

Request headers

Referer: https://westsiouxexhaust.com/Doc%20file/dell/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 21 Jan 2020 15:07:21 GMT
Last-Modified: Thu, 05 Jul 2018 19:19:32 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=20000
Content-Length: 495

GET
H/1.1 200
OK m7.png
westsiouxexhaust.com/Doc%20file/dell/images/ 500 B
809 B 492ms
172ms Image
image/png 162.219.251.215
IHNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://westsiouxexhaust.com/Doc%20file/dell/images/m7.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

162.219.251.215 Los Angeles, United States, ASN33494 (IHNET, US),

Reverse DNS

mail215.mets.unisonplatform.com

Software

Apache /

Resource Hash

0b0e8860dc323f2d3431b407330217eaa8ed3a0c022a6949fb0ba9008a5a0cff

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;

Request headers

Referer: https://westsiouxexhaust.com/Doc%20file/dell/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 21 Jan 2020 15:07:21 GMT
Last-Modified: Sun, 30 Jul 2017 23:11:48 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=20000
Content-Length: 500

GET
H/1.1 404
Not Found small.jpg
westsiouxexhaust.com/Doc%20file/dell/images/ 8 KB
8 KB 769ms
451ms Image
text/html 162.219.251.215
IHNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://westsiouxexhaust.com/Doc%20file/dell/images/small.jpg?x=12f4b8b543125cc986c79cd85320812f

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

162.219.251.215 Los Angeles, United States, ASN33494 (IHNET, US),

Reverse DNS

mail215.mets.unisonplatform.com

Software

Apache /

Resource Hash

02c670eb2cb59643bcbc1d64189c9b32408be0fd1de5d253beae9813892d010d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;

Request headers

Referer: https://westsiouxexhaust.com/Doc%20file/dell/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 21 Jan 2020 15:07:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate, max-age=0
Transfer-Encoding: chunked
Connection: Keep-Alive
Link: <https://westsiouxexhaust.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=20000
Expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H/1.1 200
OK t1.jpg
westsiouxexhaust.com/Doc%20file/dell/images/ 566 KB
566 KB 493ms
173ms Image
image/jpeg 162.219.251.215
IHNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://westsiouxexhaust.com/Doc%20file/dell/images/t1.jpg?x=f5a9a9531b8f4bcc86eabb19472d15d5

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

162.219.251.215 Los Angeles, United States, ASN33494 (IHNET, US),

Reverse DNS

mail215.mets.unisonplatform.com

Software

Apache /

Resource Hash

7764c38d71f5ee52d39f237f08b4e82b4715c73bfa0afbaee30a60b0dfd058ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;

Request headers

Referer: https://westsiouxexhaust.com/Doc%20file/dell/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 21 Jan 2020 15:07:21 GMT
Last-Modified: Tue, 15 Aug 2017 12:31:30 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=20000
Content-Length: 579468

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
link.zixcentral.com
maxcdn.bootstrapcdn.com
voicemaillinkedin.z20.web.core.windows.net
westsiouxexhaust.com
162.219.251.215
199.30.234.131
2001:4de0:ac19::1:b:2a
2001:4de0:ac19::1:b:3a
52.239.184.1
0168c4dfc58a529baa6f03a90b9f42c7324ddece9bc9c58cd5e75c37e9568ce3
02c670eb2cb59643bcbc1d64189c9b32408be0fd1de5d253beae9813892d010d
0b0e8860dc323f2d3431b407330217eaa8ed3a0c022a6949fb0ba9008a5a0cff
28716af890a232d0f275cb44df7c221e58930a57a9747259e9b676516edb8ca5
3d000cbdcdc0df76bfdcdf541c31d1c0fa0dec624bc480f069c13a8471e77272
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
7764c38d71f5ee52d39f237f08b4e82b4715c73bfa0afbaee30a60b0dfd058ca
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8c52987fbc48500c2a81bd52f81d44324e31e7ecadbebd111a02f912be232cfd
97a4488434a10d406081498268d1c4452209922cf1c5802134ad9d3693c41112
c2d5ac2e5a041d4925fd77de1880a678ad3638186f57e0970e0e081c6c8812d4
e28a4d3ce46cc255311c8963e26608da71366362fe18d24d060cceb8dbc9c3e1
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

westsiouxexhaust.com Open in urlscan Pro 162.219.251.215 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

40 %IPv6

5 Domains

5 Subdomains

5 IPs

2 Countries

685 kBTransfer

863 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

westsiouxexhaust.com Open in urlscan Pro
162.219.251.215 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

685 kB
Transfer

863 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!