DANGEROUS

Tech-support scam — do not call

The page visually clones apple.com. Microsoft, Apple, and your ISP never call or pop up to ask for remote access or payment. Don't call any numbers shown, don't install "support" tools, and close the page — ideally by ending the browser process.

Security Review

Is saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.net legit or a scam?

Our verdict:Dangerous· 8/100

Fake Apple support page on Azure Front Door subdomain using cloned branding and a suspicious phone number to run a tech-support scam.

saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.netScanned 19h ago
0
Trust score
DANGEROUS
Score breakdown
Heuristics 0·MT 12
Screenshot of saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.netSee the live page ↓
Category tags
tech-support-scamphishing#tech support scam#clone site95% MT confidence
Technical red flags (4)
1 of 92 engines flaggedTech-Support ScamVisual clone of apple.comScam-network signals (55/100)
Warning signals (1)
Some abuse reports (28%)
Positive signals (3)
Not on major blacklistsDomain is 8 years oldEncrypted connection

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
1/92
Engines flagged this URL
Domain Age
8 years old
Registered May 8, 2018
Intelligence
Dangerous
Critical likelihood · 95% confidence

Website Preview

Screenshot of saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.net
LIVE RENDER
saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.net

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

98
/ 100
Critical visual riskVisual clone

The page visually mimics apple.com

The site uses social engineering and urgency tactics to impersonate Apple Support, featuring significant grammatical errors and a suspicious support phone number.

Visual risk98/100

What our vision model saw

6 signals

Urgency tactics claiming a fraudulent Apple Pay transaction to induce panic

Prominent display of a non-standard support phone number +1-866-881-3332

Poor grammar and punctuation including 'safest and Security' and missing spaces after exclamation points

Unprofessional layout with text overlaid on a generic stock photo of a call center

Impersonation of Apple Support branding without the official navigation or footer elements

Suspicious call-to-action demanding the user 'Immediately call' to freeze a transaction

Intelligence

Advanced threat intelligence
Analysis
Critical scam likelihoodengineMT · Guardiantrust12/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The page title and meta description copy Apple's official support contact page exactly. Visual analysis confirms it is a clone of apple.com with added urgency language about a fraudulent Apple Pay transaction. The only phone number shown is +1-866-881-3332, which does not match any official Apple contact. Multiple independent reports document the same azurefd.net subdomain pattern being used for phishing and tech-support scams. The hosting IP carries six abuse reports and the subdomain itself shows no legitimate business registration. These signals together indicate the site exists solely to extract money or remote access from callers.
Full dossier
Analysis complete

Page Content

The page presents itself as Apple's official support contact page with the exact title 'Contact - Official Apple' and matching meta description about Genius Bar appointments. Body text includes the non-standard phone number +1-866-881-3332 and repeated calls to 'Immediately call' to address a supposed fraudulent transaction. No legitimate Apple navigation, footer links, or verified contact methods appear. Grammar errors such as 'safest and Security' and missing spacing after punctuation are visible throughout.

Infrastructure

The URL resolves through Microsoft Azure Front Door on IP 150.171.109.72 with a valid Microsoft-issued SSL certificate. The IP carries an abuse score of 28/100 and six prior abuse reports. One redirect hop occurs within the same domain. External resources load only from apple.com, which helps the page mimic the real brand while the actual content remains attacker-controlled.

Domain History

The parent domain azurefd.net was registered in May 2018 through MarkMonitor and is a legitimate Microsoft service. The specific long random subdomain was created recently and carries no business registration. The same azurefd.net infrastructure has hosted numerous similar scam pages impersonating Apple and other brands.

Web Reputation

Five separate security reports link azurefd.net subdomains to phishing and tech-support campaigns. Resecurity documented widespread abuse of Azure Front Door for impersonation attacks. Joe Sandbox, Any.Run, Phishstats, and Gridinsoft each flagged comparable subdomains running system-alert or support scams. No positive reviews or legitimate business listings exist for this specific subdomain.

What this means for you

Anyone who calls the displayed number will reach scammers who may attempt remote access, charge fees, or steal payment details. Do not call the number or enter any information on this page.

Risk Factors
7
  • Exact visual and textual clone of Apple's official support contact page
  • Non-standard phone number +1-866-881-3332 displayed as the only contact method
  • Urgency language claiming a fraudulent Apple Pay transaction to create panic
  • Hosted on azurefd.net subdomain pattern repeatedly linked to tech-support scams
  • Hosting IP shows six abuse reports and moderate abuse score
  • Grammar and layout errors inconsistent with official Apple branding
  • No business registration or verifiable Apple partnership found
AI Recommendation
Close the page immediately and do not call any number shown. Use Apple's official website or the Apple Support app to reach verified support channels.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.net, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Clones apple.com
The page impersonates a well-known brand's site.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
5 scam reports
Key findings
6 headline facts from open-web research
  • Domain is a long random subdomain of z02.azurefd.net (Microsoft Azure Front Door CDN service, registered May 2018)
  • Page title/description impersonates official Apple support contact page ('Contact - Official Apple', Genius Bar appointments)
  • azurefd.net subdomains widely documented in phishing and tech-support scam campaigns since at least 2022 (Resecurity report, Joe Sandbox, Any.Run, Phishstats)
  • Similar Apple-themed scam pages observed on other z02.azurefd.net subdomains (e.g., cysasjasj-bpe9fjh4dresheh0.z02.azurefd.net, paiasidao-argsdngafkeubtf2.z02.azurefd.net)
  • No direct mentions or reports found specifically naming this exact subdomain in public search results
  • azurefd.net frequently abused for hosting fake support, login, and credential-harvesting pages that leverage Microsoft's legitimate CDN infrastructure
Scam reports (5)
Direct quotes from public scam databases, forums, and news.
  • Resecurityopen

    "Cybercriminals Use Azure Front Door in Phishing Attacks... spike in phishing content delivered via Azure Front Door (AFD)... impersonates various services appearing to be legitimately created on the “azurefd.net” domain"

  • Joe Sandboxopen

    "z02.azurefd.net /?utm_medium=paid&utm_source=fb&utm_id ... tech support scam variant. This page exhibits: - **System alert mimicry**"

  • Gridinsoftopen

    "Voaspoeaes-chenc7fda6huh4bp.z02.azurefd.net ... classified as scam website... deceptive offers, non-fulfillment after payment, or data collection under false pretenses"

  • Phishstatsopen

    "Phishing report: azurefd.net (US)... z02.azurefd.net /info1/index.html"

  • Any.Runopen

    "4839794398349343-g4eydqdkguhcdvgs.z02.azurefd.net ... PHISHING [ANY.RUN] Suspected Phishing Domain"

Impersonation / typosquat
Clone of apple.com

Page title and description exactly match Apple support contact page content; multiple similar pages on *.z02.azurefd.net use identical 'Contact - Official Apple' title and Genius Bar text

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Resecurity reported a spike in phishing pages delivered through Azure Front Door, noting that attackers create subdomains on azurefd.net to appear legitimate. Joe Sandbox and Any.Run each analyzed similar subdomains running tech-support scam variants with system-alert mimicry. Gridinsoft and Phishstats classified comparable azurefd.net URLs as scam sites using deceptive offers and data collection under false pretenses. No legitimate business registration or positive reviews were located for this specific subdomain.

Domain Timeline

  1. May 8, 2018
    Domain registered

    First appeared in WHOIS records — 8.2 years old today.

  2. Jul 7, 2026
    Latest security review — Flagged as dangerous

    This scan re-ran every check; the current findings are detailed above.

saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.net is an established domain now carrying threat signals. An older domain that starts tripping security checks is a classic pattern for an asset that was sold, repurposed, or compromised — the age alone is not reassurance.

Threat Detection

Scam Network

Cross-site correlation

This site shares signals with a broader cluster

High correlation

Many scams don't operate alone. We correlate third-party scripts, hosting infrastructure, brand-impersonation signals, and the AI evidence package to detect when a site is part of a broader scam network.

Suspicion score
0/100
ClearLowModerateHighCritical
Evidence (2)
  • Evidence confirms this site is a clone of apple.com.
  • Screenshot analysis found visual cloning of apple.com.
Linked signals (2)
Clone of apple.comClone of apple.com

Antivirus Engines

Detection matrix · live
1 engine flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

1Malicious0Suspicious58Harmless92Engines
0
of 92
LevelBlue
Malicious· phishing

1 antivirus engine flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗

Scam-Type Likelihood

2 scam-type patterns detected
Scam-Type Likelihood

2 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Tech Support Scam
Tech Support Scam
High likelihood
100/100
  • Classic tech-support scare copy found (fake Microsoft/Apple alert, remote-access instructions).
  • Primary scraped category: fake tech-support page.
  • AI analyst tagged this as a tech-support scam.
Brand Impersonation
Moderate likelihood
55/100
  • Visual clone of apple.com detected in the screenshot.
  • AI analyst tagged this as a brand / clone-site impersonation.
  • Clustered with known brand-impersonation infrastructure.

Technical Details

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbers+1-866-881-3332
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No postal address visible on the page.
  • Scam family match: Tech-Support Scam.
  • Phone number listed (+1-866-881-3332).

Domain & Encryption

Domain History
Age8 years old
RegistrarMarkMonitor Inc.
RegisteredMay 8, 2018
ExpiresMay 8, 2027
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerMicrosoft Corporation · Microsoft TLS G2 ECC CA OCSP 02
ExpiresDec 8, 2026 (154d)
Self-signedNo
Hosting & Technology
HostingMicrosoft Corporation
Server locationUS

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
No
Punycode
No
  • 1307http://saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.net/
  • 2200https://saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.net/

Server Reputation

Abuse Intelligence
Confidence score28%
Reports on file6
ISPMicrosoft Corporation
Usage typeContent Delivery Network

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

What to do

Tech-support scam — do not call

Pages like this impersonate Microsoft, Apple, or your ISP to trick you into calling a number or granting remote access.

  • Do not interact with saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.net

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Do not call the number and do not install any "support" tool

    Microsoft, Apple, Google, and legitimate ISPs never show a pop-up with a phone number. Installing AnyDesk, TeamViewer, or "Windows Support" at their request hands over your computer.

  • Close the page — end the browser process if needed

    If the page has locked your browser, press Ctrl+Shift+Esc (Windows) or Cmd+Option+Esc (Mac) and end the browser task. Reopen your browser with "Don't restore tabs".

  • If you already gave remote access or paid

    Disconnect the device from the internet. Run a full scan with Malwarebytes or a reputable AV. Change your passwords from a different device. Call your bank to dispute any payment and request a new card.

    Open

Final Verdict

0
Trust / 100
Final Verdict·saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.net
DANGEROUS

This is a fake Apple support page hosted on a Microsoft Azure subdomain. The strongest signal is the visual clone of apple.com combined with a suspicious phone number and urgency tactics designed to trick users into calling scammers.

Close the page immediately and do not call any number shown. Use Apple's official website or the Apple Support app to reach verified support channels.

AV engines
92
MT passes
2
Net signals
2
Scan another URL
Security review completemalwaretips.com/url-scan

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.net as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.net scored 8/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.net presents a valid TLSv1.3 certificate issued by Microsoft Corporation · Microsoft TLS G2 ECC CA OCSP 02, expiring in 154 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.net is 8.2 years old, registered on 5/8/2018 through MarkMonitor Inc.. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • 1 out of 92 antivirus engines in our malware network flagged saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.net as malicious or suspicious (1 outright malicious). Even one detection is a meaningful signal.
  • No. saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.net is not currently listed on the major browser blocklist feeds that modern browsers use.
  • saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.net resolves to an IP operated by Microsoft Corporation in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on July 7, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around saraha73sdhvzjhsdzvbjhsdbjhwds-aahga0dzerb3afa0.z02.azurefd.net have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.
Recently scanned

Other Dangerous reports

Browse all reports
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.