kax.z19.web.core.windows.net
Open in
urlscan Pro
40.122.216.21
Malicious Activity!
Public Scan
Effective URL: https://kax.z19.web.core.windows.net/?b0989c458980f0109c459079b9abd145b0989c458980f0109c459079b9abd145b0989c458980f0109c459079b9abd14...
Submission: On September 18 via manual from US
Summary
TLS certificate: Issued by Microsoft IT TLS CA 2 on May 1st 2019. Valid for: 2 years.
This is the only time kax.z19.web.core.windows.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: LinkedIn (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 52.176.61.128 52.176.61.128 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
3 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1a | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
3 | 2606:4700::68... 2606:4700::6813:c597 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
3 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:3a | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
1 | 52.226.8.133 52.226.8.133 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
2 | 40.122.216.21 40.122.216.21 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
4 | 23.111.9.35 23.111.9.35 | 33438 (HIGHWINDS2) (HIGHWINDS2 - Highwinds Network Group) | |
4 | 2606:4700::68... 2606:4700::6813:c497 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
3 | 2606:4700:20:... 2606:4700:20::6819:c613 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 2a02:26f0:6c0... 2a02:26f0:6c00:296::25ea | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
25 | 10 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
ka.azurewebsites.net |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
code.jquery.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
stackpath.bootstrapcdn.com | |
maxcdn.bootstrapcdn.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
tobz.z13.web.core.windows.net |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
kax.z19.web.core.windows.net |
ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)
use.fontawesome.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
a.imge.to | |
c.imge.to |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
cloudflare.com
cdnjs.cloudflare.com |
192 KB |
4 |
fontawesome.com
use.fontawesome.com |
88 KB |
3 |
imge.to
a.imge.to c.imge.to |
51 KB |
3 |
windows.net
tobz.z13.web.core.windows.net kax.z19.web.core.windows.net |
27 KB |
3 |
bootstrapcdn.com
stackpath.bootstrapcdn.com maxcdn.bootstrapcdn.com |
43 KB |
3 |
jquery.com
code.jquery.com |
89 KB |
2 |
azurewebsites.net
1 redirects
ka.azurewebsites.net |
3 KB |
1 |
licdn.com
static.licdn.com |
141 KB |
25 | 8 |
Domain | Requested by | |
---|---|---|
7 | cdnjs.cloudflare.com |
ka.azurewebsites.net
kax.z19.web.core.windows.net use.fontawesome.com |
4 | use.fontawesome.com |
kax.z19.web.core.windows.net
use.fontawesome.com |
3 | code.jquery.com |
ka.azurewebsites.net
kax.z19.web.core.windows.net |
2 | a.imge.to |
kax.z19.web.core.windows.net
|
2 | maxcdn.bootstrapcdn.com |
kax.z19.web.core.windows.net
|
2 | kax.z19.web.core.windows.net |
ka.azurewebsites.net
kax.z19.web.core.windows.net |
2 | ka.azurewebsites.net | 1 redirects |
1 | static.licdn.com |
kax.z19.web.core.windows.net
|
1 | c.imge.to |
kax.z19.web.core.windows.net
|
1 | tobz.z13.web.core.windows.net |
ka.azurewebsites.net
|
1 | stackpath.bootstrapcdn.com |
ka.azurewebsites.net
|
25 | 11 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-08-10 - 2020-02-16 |
6 months | crt.sh |
*.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA |
2018-10-03 - 2019-10-12 |
a year | crt.sh |
*.web.core.windows.net Microsoft IT TLS CA 5 |
2019-05-02 - 2021-05-02 |
2 years | crt.sh |
*.fontawesome.com DigiCert SHA2 Secure Server CA |
2018-09-17 - 2019-11-21 |
a year | crt.sh |
ssl392375.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-08-09 - 2020-02-15 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://kax.z19.web.core.windows.net/?b0989c458980f0109c459079b9abd145b0989c458980f0109c459079b9abd145b0989c458980f0109c459079b9abd145b0989c458980f0109c459079b9abd145b0989c458980f0109c459079b9abd145b0989c458980f0109c459079b9abd145b0989c458980f0109c459079b9abd145b0989c458980f0109c459079b9abd145
Frame ID: 7BEFA3D45EAA769242D3EEE91A471F0B
Requests: 25 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://ka.azurewebsites.net/ivan.wong@prudential.com Page URL
-
http://ka.azurewebsites.net/?5a3507b5a9d2fba8bc8355c188278f45=secured&key=5a3507b5a9d2fba8bc8355c188278f...
HTTP 302
https://kax.z19.web.core.windows.net/?b0989c458980f0109c459079b9abd145b0989c458980f0109c459079b9abd145b0989c45898... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://ka.azurewebsites.net/ivan.wong@prudential.com Page URL
-
http://ka.azurewebsites.net/?5a3507b5a9d2fba8bc8355c188278f45=secured&key=5a3507b5a9d2fba8bc8355c188278f45&fukk=aXZhbi53b25nQHBydWRlbnRpYWwuY29t
HTTP 302
https://kax.z19.web.core.windows.net/?b0989c458980f0109c459079b9abd145b0989c458980f0109c459079b9abd145b0989c458980f0109c459079b9abd145b0989c458980f0109c459079b9abd145b0989c458980f0109c459079b9abd145b0989c458980f0109c459079b9abd145b0989c458980f0109c459079b9abd145b0989c458980f0109c459079b9abd145 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
ivan.wong@prudential.com
ka.azurewebsites.net/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.3.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/ |
20 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/ |
49 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.9.1.min.js
code.jquery.com/ |
90 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d.js
tobz.z13.web.core.windows.net/ |
5 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
kax.z19.web.core.windows.net/ Redirect Chain
|
12 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d.js
kax.z19.web.core.windows.net/ |
9 KB 9 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ |
118 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3fa6ba2462.js
use.fontawesome.com/ |
9 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.3.0/css/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Ak3y1.png
a.imge.to/2019/08/07/ |
14 KB 15 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AkP4Z.png
a.imge.to/2019/08/07/ |
10 KB 10 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Ak5QA.png
c.imge.to/2019/08/07/ |
25 KB 26 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.2.min.js
code.jquery.com/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/ |
82 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ |
36 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrapvalidator.min.js
cdnjs.cloudflare.com/ajax/libs/bootstrap-validator/0.4.5/js/ |
55 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3fa6ba2462.css
use.fontawesome.com/ |
1 KB 685 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome-css.min.css
use.fontawesome.com/releases/v4.7.0/css/ |
30 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
photo_splash_signin_1141x759_v4.jpg
static.licdn.com/scds/common/u/images/apps/uas/ |
140 KB 141 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff2
use.fontawesome.com/releases/v4.7.0/fonts/ |
75 KB 76 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.3.0/fonts/ |
55 KB 56 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ |
75 KB 76 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: LinkedIn (Social Network)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| Aes object| Base64 object| Utf8 string| tim string| tim2 string| output string| ctrTxt object| FontAwesomeCdnConfig string| cssUrl function| $ function| jQuery string| hash string| str string| dec string| two function| sendmails0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a.imge.to
c.imge.to
cdnjs.cloudflare.com
code.jquery.com
ka.azurewebsites.net
kax.z19.web.core.windows.net
maxcdn.bootstrapcdn.com
stackpath.bootstrapcdn.com
static.licdn.com
tobz.z13.web.core.windows.net
use.fontawesome.com
2001:4de0:ac18::1:a:1a
2001:4de0:ac19::1:b:3a
23.111.9.35
2606:4700:20::6819:c613
2606:4700::6813:c497
2606:4700::6813:c597
2a02:26f0:6c00:296::25ea
40.122.216.21
52.176.61.128
52.226.8.133
02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5
07a5faa68ffe1b878e19dc7762f808f88ceebc87e474ce614f1073ea32287aa5
0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
30052f65174a9e2d75f3ac731c71c6dc14f48a4585a29b176401df4051d64ece
38035dbdfc46c0d29f5ba00623432994304043db344ce95cc12f00d303883f0a
4559870c9dac03f9327adc98ed4a66b3f701f77f64fbeb7ca30d5098ddd28be5
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
5574bfd6e7793088ee363fa4d2f45cd0133db25e049c3c3303408bcb8199f92e
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350
5bf88e5e2e7489ddfc74c38e00087ca16aaa321d25453a2b451beb91fb227d78
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
a5630f5d0685d9ef320ed43d0996b26df3a6026023d5cb5793583155cbfbb1aa
a8c5cb039624fc9574b08f6beab86699ad9d4160c67e47ed21e8b851b0325214
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
af705ae3a5642c8e210a8746f196ad95fdd1582892a1c468e108c3b19a10a987
ba80e84bec7c9f229e0416035f470171a72806f36090c25f068bcbb0bd160231
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c67215cb72fca6e1912e29e0f2384c9899857d3c452f095588c1bdf937baf789
dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c