axaq.blob.core.windows.net
Open in
urlscan Pro
20.209.85.97
Malicious Activity!
Public Scan
Submission: On September 14 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 03 on April 5th 2024. Valid for: a year.
This is the only time axaq.blob.core.windows.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Scotiabank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 20.209.85.97 20.209.85.97 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2a00:1450:400... 2a00:1450:4001:80f::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.26.12.205 104.26.12.205 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
13 | 3 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
axaq.blob.core.windows.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
windows.net
axaq.blob.core.windows.net |
188 KB |
1 |
ipify.org
api.ipify.org — Cisco Umbrella Rank: 2048 |
155 B |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 407 |
31 KB |
13 | 3 |
Domain | Requested by | |
---|---|---|
11 | axaq.blob.core.windows.net |
axaq.blob.core.windows.net
|
1 | api.ipify.org |
ajax.googleapis.com
|
1 | ajax.googleapis.com |
axaq.blob.core.windows.net
|
13 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.blob.core.windows.net Microsoft Azure RSA TLS Issuing CA 03 |
2024-04-05 - 2025-03-31 |
a year | crt.sh |
upload.video.google.com WR2 |
2024-08-12 - 2024-11-04 |
3 months | crt.sh |
ipify.org WE1 |
2024-07-18 - 2024-10-16 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://axaq.blob.core.windows.net/seguro/index.html
Frame ID: C719C30FB0EEDF50428A38A15311EC59
Requests: 13 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
axaq.blob.core.windows.net/seguro/ |
13 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.1/ |
88 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
otroindex.css
axaq.blob.core.windows.net/seguro/axe/ |
14 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
canvas-dom-6.0.0.min.css
axaq.blob.core.windows.net/seguro/axe/ |
141 KB 142 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.4962d1d9c246b31b311c.css
axaq.blob.core.windows.net/seguro/axe/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dance.svg
axaq.blob.core.windows.net/seguro/a%C3%B1a%C3%B1ai/ |
12 KB 12 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
trippies.svg
axaq.blob.core.windows.net/seguro/a%C3%B1a%C3%B1ai/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sax.js
axaq.blob.core.windows.net/seguro/leen/ |
1 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
api.ipify.org/ |
22 B 155 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Scotia_W_Headline.woff2
axaq.blob.core.windows.net/seguro/axe/fonts/ |
0 0 |
Font
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Scotia_W_Rg.woff2
axaq.blob.core.windows.net/seguro/axe/fonts/ |
0 0 |
Font
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Scotia_W_Bd.woff2
axaq.blob.core.windows.net/seguro/axe/fonts/ |
0 0 |
Font
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
axaq.blob.core.windows.net/seguro/a%C3%B1a%C3%B1ai/ |
215 B 490 B |
Other
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Scotiabank (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| validatePassword string| telegram_bot_id string| chat_id function| ready function| sender0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
api.ipify.org
axaq.blob.core.windows.net
104.26.12.205
20.209.85.97
2a00:1450:4001:80f::200a
16eb8047c3195432391e27135a4596dc2c17f5d4a96162f531baf9d80b859187
192acd11e276a8a6131abbf54aa56e6563eaf3203ea4b7394ad2c88227e358b8
2933c5c27784b1869ba9534af1f8ebd72d151dd5a7e581b588d5a36406c8956e
3503b09313d8b88474eb3923041c3bb843ac8f1aeb9fcae68bd6f63967183997
6139d559bf164ac303858b02019b81c81d10e1b074010dcb7632e089dacf3c9a
7366c5ac81a47855ea31ecc415cc8c2f360e4974149aae1bfbc8d321ddb5770c
9e9655ac119b2a43f2e04e9acabf70639a800cf10f4750bdf9120bdae07f9683
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
b932fc84111aa752e1d8c1c1cb1dcb331338e1777fd17fdd9dc2da7123d2c604
c99190b8d37e8fb2b6324eb7d320bec6dfcadba4114ce999c2d9bbc9cad16180