bobe.z13.web.core.windows.net

Summary

This website contacted 3 IPs in 1 countries across 6 domains to perform 4 HTTP transactions. The main IP is 57.150.87.132, located in Washington, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is bobe.z13.web.core.windows.net.
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 08 on September 10th 2024. Valid for: a year.

This is the only time bobe.z13.web.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	142.250.186.166 142.250.186.166	15169 (GOOGLE) (GOOGLE)
1 1	54.235.205.181 54.235.205.181	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2606:4700::68... 2606:4700::6811:ce1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	57.150.87.132 57.150.87.132	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:ec80:300... 2a02:ec80:300:ed1a::2:b	14907 (WIKIMEDIA) (WIKIMEDIA)
1	148.163.158.107 148.163.158.107	22843 (PROOFPOIN...) (PROOFPOINT-ASN-US-EAST)
4	3

1 142.250.186.166 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.235.205.181 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-235-205-181.compute-1.amazonaws.com

deimlingjeliho.emlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:ce1f (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

deimlingjeliho.activehosted.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 57.150.87.132 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bobe.z13.web.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:ec80:300:ed1a::2:b (United States)

ASN14907 (WIKIMEDIA, US)

upload.wikimedia.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 148.163.158.107 (United States)

ASN22843 (PROOFPOINT-ASN-US-EAST, US)
PTR: mx0b-0000ec08.pphosted.com

secmail.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	windows.net bobe.z13.web.core.windows.net	6 KB
1	bankofamerica.com secmail.bankofamerica.com — Cisco Umbrella Rank: 58931	2 KB
1	wikimedia.org upload.wikimedia.org — Cisco Umbrella Rank: 3371	4 KB
1	activehosted.com 1 redirects deimlingjeliho.activehosted.com	890 B
1	emlnk.com 1 redirects deimlingjeliho.emlnk.com	217 B
1	doubleclick.net 1 redirects ad.doubleclick.net — Cisco Umbrella Rank: 150	21 B
4	6

	Domain	Requested by
2	bobe.z13.web.core.windows.net
1	secmail.bankofamerica.com	bobe.z13.web.core.windows.net
1	upload.wikimedia.org	bobe.z13.web.core.windows.net
1	deimlingjeliho.activehosted.com	1 redirects
1	deimlingjeliho.emlnk.com	1 redirects
1	ad.doubleclick.net	1 redirects
4	6

This site contains links to these domains. Also see Links.

Domain
aa.com

Subject Issuer	Validity	Valid
*.web.core.windows.net Microsoft Azure RSA TLS Issuing CA 08	`2024-09-10` - `2025-09-05`	a year	crt.sh
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2024-09-26` - `2025-10-17`	a year	crt.sh
secmail.bankofamerica.com Entrust Certification Authority - L1M	`2024-07-09` - `2025-07-16`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://bobe.z13.web.core.windows.net/
Frame ID: 9FEBF70C22A7C075CCB6B78D221C286C
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

secured

Page URL History Show full URLs

https://ad.doubleclick.net/ddm/clk/472873934;278909115;y?//%E2%80%8Bd%C2%ADei%C2%ADm%C2%ADli%C2%ADn%C2%... HTTP 302
https://deimlingjeliho.emlnk.com/lt.php?x=3DZy~GDLIaXOD8B.zQ1HgeV0~a6ki_fyvulhXaQ7Unmh5HWs0Ey.y.S-2Y2hmN~y&dc... HTTP 307
https://deimlingjeliho.activehosted.com/lt.php?x=3DZy~GDLIaXOD8B.zQ1HgeV0~a6ki_fyvulhXaQ7Unmh5HWs0Ey.y.S-2Y2hmN~y&dc... HTTP 302
https://bobe.z13.web.core.windows.net/ Page URL

Page Statistics

4
Requests

100 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

3
IPs

1
Countries

13 kB
Transfer

17 kB
Size

6
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://aa.com/
Title: If you require assistance opening this message, please click here.

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ad.doubleclick.net/ddm/clk/472873934;278909115;y?//%E2%80%8Bd%C2%ADei%C2%ADm%C2%ADli%C2%ADn%C2%ADgj%C2%ADel%C2%ADih%C2%ADo.%C2%ADe%C2%ADm%C2%ADln%C2%ADk.%C2%ADc%C2%ADom%C2%AD/lt.php?x=3DZy~GDLIaXOD8B.zQ1HgeV0~a6ki_fyvulhXaQ7Unmh5HWs0Ey.y.S-2Y2hmN~y HTTP 302
https://deimlingjeliho.emlnk.com/lt.php?x=3DZy~GDLIaXOD8B.zQ1HgeV0~a6ki_fyvulhXaQ7Unmh5HWs0Ey.y.S-2Y2hmN~y&dclid=CIPoz9DrrokDFRqKgwcdcHcU2w HTTP 307
https://deimlingjeliho.activehosted.com/lt.php?x=3DZy~GDLIaXOD8B.zQ1HgeV0~a6ki_fyvulhXaQ7Unmh5HWs0Ey.y.S-2Y2hmN~y&dclid=CIPoz9DrrokDFRqKgwcdcHcU2w HTTP 302
https://bobe.z13.web.core.windows.net/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
bobe.z13.web.core.windows.net/
Redirect Chain

https://ad.doubleclick.net/ddm/clk/472873934;278909115;y?//%E2%80%8Bd%C2%ADei%C2%ADm%C2%ADli%C2%ADn%C2%ADgj%C2%ADel%C2%ADih%C2%ADo.%C2%ADe%C2%ADm%C2%ADln%C2%ADk.%C2%ADc%C2%ADom%C2%AD/lt.php?x=3DZy~...
https://deimlingjeliho.emlnk.com/lt.php?x=3DZy~GDLIaXOD8B.zQ1HgeV0~a6ki_fyvulhXaQ7Unmh5HWs0Ey.y.S-2Y2hmN~y&dclid=CIPoz9DrrokDFRqKgwcdcHcU2w
https://deimlingjeliho.activehosted.com/lt.php?x=3DZy~GDLIaXOD8B.zQ1HgeV0~a6ki_fyvulhXaQ7Unmh5HWs0Ey.y.S-2Y2hmN~y&dclid=CIPoz9DrrokDFRqKgwcdcHcU2w
https://bobe.z13.web.core.windows.net/

3 KB
3 KB

452ms
112ms

Document
text/html

57.150.87.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bobe.z13.web.core.windows.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 57.150.87.132 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: a2915e32779c3894e362ee3139c6cf7852608638fc5430055115c6b6d9a545a9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Content-Length: 2963
Content-MD5: j3krrgkyPbhd89qGiMwDdQ==
Content-Type: text/html
Date: Sun, 27 Oct 2024 15:08:39 GMT
ETag: "0x8DCF45C2CB37400"
Last-Modified: Thu, 24 Oct 2024 18:46:30 GMT
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a5e84937-e01e-0051-5882-2878f6000000
x-ms-version: 2018-03-28

Redirect headers

cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8d939a46e8afd394-FRA
content-type: text/html; charset=UTF-8
date: Sun, 27 Oct 2024 15:08:39 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://bobe.z13.web.core.windows.net/
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-decorator-operation: hosted.activecampaign-hosted.svc.cluster.local:80/*
x-envoy-upstream-service-time: 294
x-privacy-policy: You can find our privacy policy here: https://www.activecampaign.com/help/privacy-policy/
x-request-id: d45809c7-d767-4af4-9d23-177fa058f61b
x-robots-tag: noindex

GET
H2 200 Microsoft_Outlook_new_logo.svg
upload.wikimedia.org/wikipedia/commons/7/76/ 10 KB
4 KB 212ms
170ms Image
image/svg+xml 2a02:ec80:300:ed1a::2:b
WIKIMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://upload.wikimedia.org/wikipedia/commons/7/76/Microsoft_Outlook_new_logo.svg

Requested by

Host: bobe.z13.web.core.windows.net
URL: https://bobe.z13.web.core.windows.net/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a02:ec80:300:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),

Reverse DNS

Software

envoy /

Resource Hash

b59793f3a979b8785894215604d94cc8ea45ed692b75f4aa99a5c2c5c37ad040

Security Headers

Name	Value
Strict-Transport-Security	max-age=106384710; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://bobe.z13.web.core.windows.net/

Response headers

access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
content-encoding: gzip
etag: W/6bec7d03b4fe4e1353a6cf6f8d9ee839
age: 0
x-object-meta-sha1base36: mqnb7myrg9pkp3xuozdh2gus2ux59ae
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
x-content-type-options: nosniff
server-timing: cache;desc="hit-local", host;desc="cp3075"
x-cache: cp3075 hit, cp3075 miss
date: Sun, 27 Oct 2024 15:08:39 GMT
content-type: image/svg+xml
last-modified: Sat, 21 Sep 2024 05:56:51 GMT
vary: Accept-Encoding
x-client-ip: 2001:ac8:20:3d00:1011:a724:6a7e:938
x-cache-status: hit-local
strict-transport-security: max-age=106384710; includeSubDomains; preload
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
timing-allow-origin: *
accept-ranges: bytes
access-control-allow-origin: *
server: envoy

GET
H/1.1 200
200 Image
secmail.bankofamerica.com/securereader/ 2 KB
2 KB 636ms
114ms Image
image/gif 148.163.158.107
PROOFPOINT-ASN-US...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secmail.bankofamerica.com/securereader/Image?c=lock&b=1&rnd=0.00823190732671009

Requested by

Host: bobe.z13.web.core.windows.net
URL: https://bobe.z13.web.core.windows.net/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),

Reverse DNS

mx0b-0000ec08.pphosted.com

Software

/

Resource Hash

5992d4bcf7f1b705fa08aa8a3b0e4c5c1974c6e76b6ba5a69a7d21d0fd939247

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://bobe.z13.web.core.windows.net/

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Cache-Control: max-age=2592000
Expect-CT: max-age=86400, enforce
Connection: Keep-Alive
X-Content-Type-Options: nosniff
Expires: Tue, 26 Nov 2024 15:08:40 GMT
X-UA-Compatible: IE=edge
Keep-Alive: timeout=5, max=100
Date: Sun, 27 Oct 2024 15:08:40 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/gif
Server
X-Frame-Options: SAMEORIGIN

GET
H/1.1 404
The requested content does not exist. favicon.ico
bobe.z13.web.core.windows.net/ 3 KB
3 KB 95ms
95ms Other
text/html 57.150.87.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bobe.z13.web.core.windows.net/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 57.150.87.132 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: a2915e32779c3894e362ee3139c6cf7852608638fc5430055115c6b6d9a545a9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://bobe.z13.web.core.windows.net/

Response headers

x-ms-request-id: a5e84a81-e01e-0051-0982-2878f6000000
Content-Length: 2963
x-ms-version: 2018-03-28
Date: Sun, 27 Oct 2024 15:08:40 GMT
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-21 09:55:37	Name: IDE Value: AHWqTUn1yjSybMRkuOJCqw06p58jsKq66xSx9WvIM7oHCw-FVUDt-8guWGZR-xeYxSE
.doubleclick.net/	1970-01-21 00:34:01	Name: FLC Value: COmzgAMQu6H_hAEYzve94QEoi7W_BDD2rvm4BnAA2rgEDjIMOgoKCCgwmBe9_cE6
.doubleclick.net/	1970-01-21 04:53:13	Name: receive-cookie-deprecation Value: 1
deimlingjeliho.activehosted.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 77d926ae0cf7a16f90333f8afb65bba5
.deimlingjeliho.activehosted.com/	1970-01-21 01:17:13	Name: cmp1003338368 Value: 3640f50711ff37d26dabaa1e317cf322
.activehosted.com/	1970-01-21 00:34:03	Name: __cf_bm Value: zZqkKPvWs5HqPxEVWKYig8q8DCTZG.PZ2AsF1xVqB0g-1730041719-1.0.1.1-rx9qXNRMbM3GxwFCXQI49mcnIuxF_WWdQFAg74uZiNL1ymQYOP3Mm1LqvadcjT9XHFcx7Dd1kjEV4cZiFjXINg

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://bobe.z13.web.core.windows.net/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (The requested content does not exist.)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
bobe.z13.web.core.windows.net
deimlingjeliho.activehosted.com
deimlingjeliho.emlnk.com
secmail.bankofamerica.com
upload.wikimedia.org
142.250.186.166
148.163.158.107
2606:4700::6811:ce1f
2a02:ec80:300:ed1a::2:b
54.235.205.181
57.150.87.132
5992d4bcf7f1b705fa08aa8a3b0e4c5c1974c6e76b6ba5a69a7d21d0fd939247
a2915e32779c3894e362ee3139c6cf7852608638fc5430055115c6b6d9a545a9
b59793f3a979b8785894215604d94cc8ea45ed692b75f4aa99a5c2c5c37ad040

bobe.z13.web.core.windows.net Open in urlscan Pro 57.150.87.132 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

4 Requests

100 %HTTPS

33 %IPv6

6 Domains

6 Subdomains

3 IPs

1 Countries

13 kBTransfer

17 kBSize

6 Cookies

1 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

6 Cookies

1 Console Messages

Indicators

bobe.z13.web.core.windows.net Open in urlscan Pro
57.150.87.132 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

3
IPs

1
Countries

13 kB
Transfer

17 kB
Size

6
Cookies

4 HTTP transactions
0 data transactions