axaq.blob.core.windows.net Open in urlscan Pro
20.209.85.97 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://axaq.blob.core.windows.net/seguro/index.html
Submission: On September 14 via automatic, source phishtank (September 14th 2024, 2:10:37 am UTC) — Scanned from DE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 13 HTTP transactions. The main IP is 20.209.85.97, located in Washington, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is axaq.blob.core.windows.net.
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 03 on April 5th 2024. Valid for: a year.

This is the only time axaq.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Scotiabank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
11	20.209.85.97 20.209.85.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
1	104.26.12.205 104.26.12.205	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	3

11 20.209.85.97 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

axaq.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.12.205 (None, )

ASN13335 (CLOUDFLARENET, US)

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	windows.net axaq.blob.core.windows.net	188 KB
1	ipify.org api.ipify.org — Cisco Umbrella Rank: 2048	155 B
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 407	31 KB
13	3

	Domain	Requested by
11	axaq.blob.core.windows.net	axaq.blob.core.windows.net
1	api.ipify.org	ajax.googleapis.com
1	ajax.googleapis.com	axaq.blob.core.windows.net
13	3

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft Azure RSA TLS Issuing CA 03	`2024-04-05` - `2025-03-31`	a year	crt.sh
upload.video.google.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
ipify.org WE1	`2024-07-18` - `2024-10-16`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://axaq.blob.core.windows.net/seguro/index.html
Frame ID: C719C30FB0EEDF50428A38A15311EC59
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Home Colpatria virtual

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

219 kB
Transfer

272 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request index.html Show response
axaq.blob.core.windows.net/seguro/ 13 KB
13 KB 470ms
117ms Document
text/html 20.209.85.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://axaq.blob.core.windows.net/seguro/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.209.85.97 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 3503b09313d8b88474eb3923041c3bb843ac8f1aeb9fcae68bd6f63967183997

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Length: 13154
Content-MD5: LiLx66SV5vCf4R6+Dww09g==
Content-Type: text/html
Date: Sat, 14 Sep 2024 02:10:25 GMT
ETag: 0x8DCCDEA842AE352
Last-Modified: Thu, 05 Sep 2024 20:37:10 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 70211b91-801e-00e8-184b-068785000000
x-ms-version: 2009-09-19

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.6.1/ 88 KB
31 KB 77ms
20ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js

Requested by

Host: axaq.blob.core.windows.net
URL: https://axaq.blob.core.windows.net/seguro/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://axaq.blob.core.windows.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 11:52:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 310681
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31100
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 18:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Sep 2025 11:52:25 GMT

GET
H/1.1 200
OK otroindex.css
axaq.blob.core.windows.net/seguro/axe/ 14 KB
14 KB 113ms
111ms Stylesheet
text/css 20.209.85.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://axaq.blob.core.windows.net/seguro/axe/otroindex.css
Requested by: Host: axaq.blob.core.windows.net
URL: https://axaq.blob.core.windows.net/seguro/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.209.85.97 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 6139d559bf164ac303858b02019b81c81d10e1b074010dcb7632e089dacf3c9a

Request headers

Referer: https://axaq.blob.core.windows.net/seguro/index.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 14 Sep 2024 02:10:25 GMT
Last-Modified: Thu, 05 Sep 2024 20:37:11 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: SArILcGq9dwzUgwbsya59A==
ETag: 0x8DCCDEA84B96427
Content-Type: text/css
x-ms-request-id: 70211c12-801e-00e8-0b4b-068785000000
x-ms-version: 2009-09-19
Content-Length: 14355

GET
H/1.1 200
OK canvas-dom-6.0.0.min.css
axaq.blob.core.windows.net/seguro/axe/ 141 KB
142 KB 229ms
111ms Stylesheet
text/css 20.209.85.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://axaq.blob.core.windows.net/seguro/axe/canvas-dom-6.0.0.min.css
Requested by: Host: axaq.blob.core.windows.net
URL: https://axaq.blob.core.windows.net/seguro/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.209.85.97 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 9e9655ac119b2a43f2e04e9acabf70639a800cf10f4750bdf9120bdae07f9683

Request headers

Referer: https://axaq.blob.core.windows.net/seguro/index.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 14 Sep 2024 02:10:26 GMT
Last-Modified: Thu, 05 Sep 2024 20:37:11 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: E/SLbAf4UZVY+KEsjsfGaw==
ETag: 0x8DCCDEA84D054D2
Content-Type: text/css
x-ms-request-id: 70211c99-801e-00e8-064b-068785000000
x-ms-version: 2009-09-19
Content-Length: 144651

GET
H/1.1 200
OK styles.4962d1d9c246b31b311c.css
axaq.blob.core.windows.net/seguro/axe/ 1 KB
1 KB 436ms
113ms Stylesheet
text/css 20.209.85.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://axaq.blob.core.windows.net/seguro/axe/styles.4962d1d9c246b31b311c.css
Requested by: Host: axaq.blob.core.windows.net
URL: https://axaq.blob.core.windows.net/seguro/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.209.85.97 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 16eb8047c3195432391e27135a4596dc2c17f5d4a96162f531baf9d80b859187

Request headers

Referer: https://axaq.blob.core.windows.net/seguro/index.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 14 Sep 2024 02:10:25 GMT
Last-Modified: Thu, 05 Sep 2024 20:37:11 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: QjhR6oO2TrkN5B2H06/ePQ==
ETag: 0x8DCCDEA84E2DDA8
Content-Type: text/css
x-ms-request-id: 1852be8b-c01e-00c6-4d4b-06d592000000
x-ms-version: 2009-09-19
Content-Length: 1084

GET
H/1.1 200
OK dance.svg
axaq.blob.core.windows.net/seguro/a%C3%B1a%C3%B1ai/ 12 KB
12 KB 439ms
117ms Image
image/svg+xml 20.209.85.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://axaq.blob.core.windows.net/seguro/a%C3%B1a%C3%B1ai/dance.svg
Requested by: Host: axaq.blob.core.windows.net
URL: https://axaq.blob.core.windows.net/seguro/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.209.85.97 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 2933c5c27784b1869ba9534af1f8ebd72d151dd5a7e581b588d5a36406c8956e

Request headers

Referer: https://axaq.blob.core.windows.net/seguro/index.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 14 Sep 2024 02:10:25 GMT
Last-Modified: Thu, 05 Sep 2024 20:37:12 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: OQtHpWM3X95HV4WSUkAYww==
ETag: 0x8DCCDEA8546391A
Content-Type: image/svg+xml
x-ms-request-id: c3c29b20-c01e-00a4-1a4b-0617b5000000
x-ms-version: 2009-09-19
Content-Length: 11925

GET
H/1.1 200
OK trippies.svg
axaq.blob.core.windows.net/seguro/a%C3%B1a%C3%B1ai/ 2 KB
3 KB 467ms
142ms Image
image/svg+xml 20.209.85.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://axaq.blob.core.windows.net/seguro/a%C3%B1a%C3%B1ai/trippies.svg
Requested by: Host: axaq.blob.core.windows.net
URL: https://axaq.blob.core.windows.net/seguro/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.209.85.97 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 192acd11e276a8a6131abbf54aa56e6563eaf3203ea4b7394ad2c88227e358b8

Request headers

Referer: https://axaq.blob.core.windows.net/seguro/index.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 14 Sep 2024 02:10:26 GMT
Last-Modified: Thu, 05 Sep 2024 20:37:12 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: t/kfhFYp38ECHMS61EULJw==
ETag: 0x8DCCDEA8548A767
Content-Type: image/svg+xml
x-ms-request-id: d3613068-701e-006a-574b-06c63b000000
x-ms-version: 2009-09-19
Content-Length: 2556

GET
H/1.1 200
OK sax.js Show response
axaq.blob.core.windows.net/seguro/leen/ 1 KB
1 KB 360ms
142ms Script
text/javascript 20.209.85.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://axaq.blob.core.windows.net/seguro/leen/sax.js
Requested by: Host: axaq.blob.core.windows.net
URL: https://axaq.blob.core.windows.net/seguro/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.209.85.97 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: b932fc84111aa752e1d8c1c1cb1dcb331338e1777fd17fdd9dc2da7123d2c604

Request headers

Referer: https://axaq.blob.core.windows.net/seguro/index.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 14 Sep 2024 02:10:26 GMT
Last-Modified: Thu, 05 Sep 2024 20:37:11 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: AgUd8pv3m8usG/85DP/aRg==
ETag: 0x8DCCDEA8502296F
Content-Type: text/javascript
x-ms-request-id: 536c5bb0-101e-000e-584b-0637a3000000
x-ms-version: 2009-09-19
Content-Length: 1089

GET
H2 200 / Show response
api.ipify.org/ 22 B
155 B 164ms
111ms XHR
application/json 104.26.12.205
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c99190b8d37e8fb2b6324eb7d320bec6dfcadba4114ce999c2d9bbc9cad16180

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://axaq.blob.core.windows.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 02:10:26 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: application/json
access-control-allow-origin: *
cf-ray: 8c2cd7346f4a3602-FRA
content-length: 22

GET
H/1.1 404
The specified blob does not exist. Scotia_W_Headline.woff2
axaq.blob.core.windows.net/seguro/axe/fonts/ 0
0 110ms
110ms Font
application/xml 20.209.85.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://axaq.blob.core.windows.net/seguro/axe/fonts/Scotia_W_Headline.woff2
Requested by: Host: axaq.blob.core.windows.net
URL: https://axaq.blob.core.windows.net/seguro/axe/canvas-dom-6.0.0.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.209.85.97 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

Referer: https://axaq.blob.core.windows.net/seguro/axe/canvas-dom-6.0.0.min.css
Origin: https://axaq.blob.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-request-id: 70211dc9-801e-00e8-204b-068785000000
Date: Sat, 14 Sep 2024 02:10:26 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 404
The specified blob does not exist. Scotia_W_Rg.woff2
axaq.blob.core.windows.net/seguro/axe/fonts/ 0
0 110ms
109ms Font
application/xml 20.209.85.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://axaq.blob.core.windows.net/seguro/axe/fonts/Scotia_W_Rg.woff2
Requested by: Host: axaq.blob.core.windows.net
URL: https://axaq.blob.core.windows.net/seguro/axe/canvas-dom-6.0.0.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.209.85.97 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

Referer: https://axaq.blob.core.windows.net/seguro/axe/canvas-dom-6.0.0.min.css
Origin: https://axaq.blob.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-request-id: c3c29b99-c01e-00a4-0c4b-0617b5000000
Date: Sat, 14 Sep 2024 02:10:26 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 404
The specified blob does not exist. Scotia_W_Bd.woff2
axaq.blob.core.windows.net/seguro/axe/fonts/ 0
0 112ms
112ms Font
application/xml 20.209.85.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://axaq.blob.core.windows.net/seguro/axe/fonts/Scotia_W_Bd.woff2
Requested by: Host: axaq.blob.core.windows.net
URL: https://axaq.blob.core.windows.net/seguro/axe/canvas-dom-6.0.0.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.209.85.97 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

Referer: https://axaq.blob.core.windows.net/seguro/axe/canvas-dom-6.0.0.min.css
Origin: https://axaq.blob.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-request-id: 1852bf24-c01e-00c6-594b-06d592000000
Date: Sat, 14 Sep 2024 02:10:26 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 404
The specified blob does not exist. favicon.ico
axaq.blob.core.windows.net/seguro/a%C3%B1a%C3%B1ai/ 215 B
490 B 110ms
109ms Other
application/xml 20.209.85.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://axaq.blob.core.windows.net/seguro/a%C3%B1a%C3%B1ai/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.209.85.97 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 7366c5ac81a47855ea31ecc415cc8c2f360e4974149aae1bfbc8d321ddb5770c

Request headers

Referer: https://axaq.blob.core.windows.net/seguro/index.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-request-id: 1852bfb3-c01e-00c6-654b-06d592000000
Date: Sat, 14 Sep 2024 02:10:26 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Scotiabank (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	warning	URL: https://axaq.blob.core.windows.net/seguro/index.html Message: [DOM] Found 2 elements with non-unique id #: (More info: https://goo.gl/9p2vKq) %o %o
network	error	URL: https://axaq.blob.core.windows.net/seguro/axe/fonts/Scotia_W_Rg.woff2 Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
network	error	URL: https://axaq.blob.core.windows.net/seguro/axe/fonts/Scotia_W_Headline.woff2 Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
network	error	URL: https://axaq.blob.core.windows.net/seguro/axe/fonts/Scotia_W_Bd.woff2 Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
network	error	URL: https://axaq.blob.core.windows.net/seguro/a%C3%B1a%C3%B1ai/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
api.ipify.org
axaq.blob.core.windows.net
104.26.12.205
20.209.85.97
2a00:1450:4001:80f::200a
16eb8047c3195432391e27135a4596dc2c17f5d4a96162f531baf9d80b859187
192acd11e276a8a6131abbf54aa56e6563eaf3203ea4b7394ad2c88227e358b8
2933c5c27784b1869ba9534af1f8ebd72d151dd5a7e581b588d5a36406c8956e
3503b09313d8b88474eb3923041c3bb843ac8f1aeb9fcae68bd6f63967183997
6139d559bf164ac303858b02019b81c81d10e1b074010dcb7632e089dacf3c9a
7366c5ac81a47855ea31ecc415cc8c2f360e4974149aae1bfbc8d321ddb5770c
9e9655ac119b2a43f2e04e9acabf70639a800cf10f4750bdf9120bdae07f9683
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
b932fc84111aa752e1d8c1c1cb1dcb331338e1777fd17fdd9dc2da7123d2c604
c99190b8d37e8fb2b6324eb7d320bec6dfcadba4114ce999c2d9bbc9cad16180

axaq.blob.core.windows.net Open in urlscan Pro 20.209.85.97 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

219 kBTransfer

272 kBSize

0 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

5 Console Messages

Indicators

axaq.blob.core.windows.net Open in urlscan Pro
20.209.85.97 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

219 kB
Transfer

272 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!