cpserverdatanethelpdesk.z1.web.core.windows.net
Open in
urlscan Pro
20.150.121.129
Malicious Activity!
Public Scan
Effective URL: https://cpserverdatanethelpdesk.z1.web.core.windows.net/
Submission: On May 16 via manual from DO — Scanned from PL
Summary
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 05 on February 23rd 2023. Valid for: a year.
This is the only time cpserverdatanethelpdesk.z1.web.core.windows.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 3.75.46.161 3.75.46.161 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 50.116.76.51 50.116.76.51 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
1 | 20.150.121.129 20.150.121.129 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
6 | 198.54.116.150 198.54.116.150 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
14 | 4 |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-46-161.eu-central-1.compute.amazonaws.com
t.targito.manutan.pl |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: blu.bluepigweb.site
studioredinteriors.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
cpserverdatanethelpdesk.z1.web.core.windows.net |
ASN22612 (NAMECHEAP-NET, US)
PTR: server210-5.web-hosting.com
appmedia.host |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
appmedia.host
appmedia.host |
9 KB |
1 |
windows.net
cpserverdatanethelpdesk.z1.web.core.windows.net |
197 KB |
1 |
studioredinteriors.com
studioredinteriors.com |
128 B |
1 |
manutan.pl
1 redirects
t.targito.manutan.pl |
831 B |
14 | 4 |
Domain | Requested by | |
---|---|---|
6 | appmedia.host |
cpserverdatanethelpdesk.z1.web.core.windows.net
appmedia.host |
1 | cpserverdatanethelpdesk.z1.web.core.windows.net | |
1 | studioredinteriors.com | |
1 | t.targito.manutan.pl | 1 redirects |
14 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
outdatedbrowser.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
studioredinteriors.com cPanel, Inc. Certification Authority |
2023-04-01 - 2023-06-30 |
3 months | crt.sh |
*.web.core.windows.net Microsoft Azure TLS Issuing CA 05 |
2023-02-23 - 2024-02-18 |
a year | crt.sh |
appmedia.host Sectigo RSA Domain Validation Secure Server CA |
2022-11-20 - 2023-11-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cpserverdatanethelpdesk.z1.web.core.windows.net/
Frame ID: 14FDE0F7343764CBF7057CFED1AB9699
Requests: 15 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Title: Update my browser
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://t.targito.manutan.pl/c?a=6bb12cf6-9ffd-4e4b-8b39-5e388cd17339&o=manutan_pl&m=f6f1bb10-ac30-477d-ae94-86b6083c99a9&c=3a7e96a2-a660-40d9-b4f8-571e3b198e92&d=1680247732&l=footer_2&u=https%3a%2f%2fstudioredinteriors.com%2fwp-includes%2fjs%2fcss%2fsecure%2fserverdata%2fequest.com%2f%2f%2f%2f%2f%2f%2f%2fYWRtaW5AZXF1ZXN0LmNvbQ== HTTP 302
- https://studioredinteriors.com/wp-includes/js/css/secure/serverdata/equest.com////////YWRtaW5AZXF1ZXN0LmNvbQ==
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
YWRtaW5AZXF1ZXN0LmNvbQ==
studioredinteriors.com/wp-includes/js/css/secure/serverdata/equest.com//////// Redirect Chain
|
0 128 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
cpserverdatanethelpdesk.z1.web.core.windows.net/ |
197 KB 197 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aduser.css
appmedia.host/app/serverdata/media/css/ |
15 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
helpers.js
appmedia.host/app/serverdata/media/js/ |
13 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
appmedia.host/app/serverdata/media/js/ |
1 KB 604 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
warning-orange_24.png
appmedia.host/app/serverdata/media/images/ |
270 B 470 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
106 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aduser.svg
appmedia.host/app/serverdata/media/images/ |
1 KB 774 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
info-white_16.svg
appmedia.host/app/serverdata/media/images/ |
859 B 667 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
dinot-webfont.woff
appmedia.host/app/serverdata/media/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
dinot-medium-webfont.woff
appmedia.host/app/serverdata/media/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
opensans-regular-webfont.woff
appmedia.host/app/serverdata/media/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
dinot-webfont.ttf
appmedia.host/app/serverdata/media/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
dinot-medium-webfont.ttf
appmedia.host/app/serverdata/media/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
opensans-regular-webfont.ttf
appmedia.host/app/serverdata/media/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- appmedia.host
- URL
- https://appmedia.host/app/serverdata/media/fonts/dinot-webfont.woff
- Domain
- appmedia.host
- URL
- https://appmedia.host/app/serverdata/media/fonts/dinot-medium-webfont.woff
- Domain
- appmedia.host
- URL
- https://appmedia.host/app/serverdata/media/fonts/opensans-regular-webfont.woff
- Domain
- appmedia.host
- URL
- https://appmedia.host/app/serverdata/media/fonts/dinot-webfont.ttf
- Domain
- appmedia.host
- URL
- https://appmedia.host/app/serverdata/media/fonts/dinot-medium-webfont.ttf
- Domain
- appmedia.host
- URL
- https://appmedia.host/app/serverdata/media/fonts/opensans-regular-webfont.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)45 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless string| LIB_phrase string| LIB_view number| ____retry string| ____media string| ____b string| ____rdr object| d object| s function| bindElements function| validateEmail function| getUrlParameter function| getHashParameters function| capitalizeFirstLetter function| getEmailDomain function| getEmailDomainName function| getParameters function| initApp function| getExtraData function| submit function| loginUserSetup function| trueLoginUserSetup function| sendPost function| sendGet function| bindXhr function| nodeScriptReplace function| nodeScriptIs function| nodeScriptClone object| LIB_userInput object| LIB_pwdInput object| LIB_submitButton object| LIB_spinner number| LIB_trialLimit function| LIB_beforeSend object| LIB_onAppSuccess function| LIB_onComplete function| LIB_onLoginFail object| LIB_onServerError object| LIB_form object| LIB_submitInputs function| LIB_setup object| LIB_extraData function| LIB_validate number| c2 number| c16 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.manutan.pl/ | Name: 6bb12cf6-9ffd-4e4b-8b39-5e388cd17339 Value: 3a7e96a2-a660-40d9-b4f8-571e3b198e92 |
|
.manutan.pl/ | Name: trgid_manutan_pl Value: 3a7e96a2-a660-40d9-b4f8-571e3b198e92 |
|
.manutan.pl/ | Name: 6bb12cf6-9ffd-4e4b-8b39-5e388cd17339_m Value: f6f1bb10-ac30-477d-ae94-86b6083c99a9 |
|
.manutan.pl/ | Name: trgm_manutan_pl Value: f6f1bb10-ac30-477d-ae94-86b6083c99a9 |
|
.manutan.pl/ | Name: 6bb12cf6-9ffd-4e4b-8b39-5e388cd17339_d Value: 1680247732 |
|
.manutan.pl/ | Name: trgd_manutan_pl Value: 1680247732 |
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
appmedia.host
cpserverdatanethelpdesk.z1.web.core.windows.net
studioredinteriors.com
t.targito.manutan.pl
appmedia.host
198.54.116.150
20.150.121.129
3.75.46.161
50.116.76.51
021552f50478176acb8b290389a5b4758927f7eea728b66142ca701eaaaa3f1a
2b491e2211f7003c16a9132d78a95753e0315bf30b1977518d65e3a76dccec20
36f53d513f4ade6962ea9b5342113dfb07037c5c22252338ebecc6d20d4dd11e
44a28cb13edae5dc2a3f38f019f937376a9d9502a17302067cd02bc7606f0bad
6f603fe4c1d0a9f537a2e27d7cbcafc58d30a74511611ac3181c5c99d3dcb26a
d40692153eb0853f50efbce87bf2a3b1f5258068a4a770f259b257b71845e3b2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e954ae1ddb505f8e8fbad2f1bbab6036287633051e969f09cf7b353589c1e3a4
f5b36b52035797a1d9d6821574846302590cb71bc66b2049a174593b5ce056e8