staookilbainbfae.z1.web.core.windows.net
Open in
urlscan Pro
20.150.30.97
Malicious Activity!
Public Scan
Submission Tags: falconsandbox
Submission: On September 04 via api from US — Scanned from IT
Summary
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 04 on June 17th 2024. Valid for: a year.
This is the only time staookilbainbfae.z1.web.core.windows.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Tech Support Scam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
24 | 20.150.30.97 20.150.30.97 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
25 | 2 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
staookilbainbfae.z1.web.core.windows.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
24 |
windows.net
staookilbainbfae.z1.web.core.windows.net |
3 MB |
1 |
userstatics.com
userstatics.com — Cisco Umbrella Rank: 303208 |
719 B |
25 | 2 |
Domain | Requested by | |
---|---|---|
24 | staookilbainbfae.z1.web.core.windows.net |
staookilbainbfae.z1.web.core.windows.net
|
1 | userstatics.com |
staookilbainbfae.z1.web.core.windows.net
|
25 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.web.core.windows.net Microsoft Azure RSA TLS Issuing CA 04 |
2024-06-17 - 2025-06-12 |
a year | crt.sh |
userstatics.com WE1 |
2024-07-24 - 2024-10-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://staookilbainbfae.z1.web.core.windows.net/wintossfo/index.html
Frame ID: 1BC9C03D5C866A73A3DD2804CAD2C1FC
Requests: 25 HTTP requests in this frame
Screenshot
Page Title
Top Trend UpdateDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
staookilbainbfae.z1.web.core.windows.net/wintossfo/ |
16 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tapa.css
staookilbainbfae.z1.web.core.windows.net/wintossfo/css/ |
19 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
staookilbainbfae.z1.web.core.windows.net/wintossfo/css/ |
216 KB 216 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
staookilbainbfae.z1.web.core.windows.net/wintossfo/js/ |
83 KB 83 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
staookilbainbfae.z1.web.core.windows.net/wintossfo/js/ |
59 KB 59 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
staookilbainbfae.z1.web.core.windows.net/wintossfo/css/ |
27 KB 27 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
esc.js
staookilbainbfae.z1.web.core.windows.net/wintossfo/js/ |
99 B 474 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
flscn.js
staookilbainbfae.z1.web.core.windows.net/wintossfo/js/ |
269 B 645 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
staookilbainbfae.z1.web.core.windows.net/wintossfo/js/ |
2 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f24.png
staookilbainbfae.z1.web.core.windows.net/wintossfo/images/ |
3 MB 3 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bx2.png
staookilbainbfae.z1.web.core.windows.net/wintossfo/images/ |
35 KB 35 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg1.png
staookilbainbfae.z1.web.core.windows.net/wintossfo/images/ |
81 KB 81 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mnc.png
staookilbainbfae.z1.web.core.windows.net/wintossfo/images/ |
187 B 557 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
msmm.png
staookilbainbfae.z1.web.core.windows.net/wintossfo/images/ |
168 B 538 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bel.png
staookilbainbfae.z1.web.core.windows.net/wintossfo/images/ |
276 B 646 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
set.png
staookilbainbfae.z1.web.core.windows.net/wintossfo/images/ |
364 B 734 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ques.png
staookilbainbfae.z1.web.core.windows.net/wintossfo/images/ |
349 B 719 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vsc.png
staookilbainbfae.z1.web.core.windows.net/wintossfo/images/ |
722 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.jpg
staookilbainbfae.z1.web.core.windows.net/wintossfo/images/ |
38 KB 39 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
msmm.png
staookilbainbfae.z1.web.core.windows.net/wintossfo/images/ |
168 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
beep.mp3
staookilbainbfae.z1.web.core.windows.net/wintossfo/media/ |
8 KB 9 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
eng.mp3
staookilbainbfae.z1.web.core.windows.net/wintossfo/media/ |
108 KB 108 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
userstatics.com/get/ |
133 B 719 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
w3.html
staookilbainbfae.z1.web.core.windows.net/wintossfo/ |
321 B 629 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
w1.html
staookilbainbfae.z1.web.core.windows.net/wintossfo/ |
321 B 629 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Tech Support Scam (Consumer)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| bootstrap function| chat function| getVariableFromURl function| showd2 function| beep1 number| isNS function| mischandler function| mousehandler function| win_onkeydown_handler function| addEvent1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
staookilbainbfae.z1.web.core.windows.net/wintossfo | Name: PHPREFS Value: full |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
staookilbainbfae.z1.web.core.windows.net
userstatics.com
188.114.97.3
20.150.30.97
0589be7715d2320e559eae6bd26f3528e97450c70293da2e1e8ce45f77f99ab1
1ab5ef4e7e196cb1ff39df44e1a0a39f6880b906ef6fd6da3cfdbb92ffd33115
31c6dbe9d867436244f38566adad57e3870f4c8489c6804280eb564bfac5c1bd
34ccdb50687c38ca7f6f04c46aaba862b1e93f6bd1ab158915a4ae1034f2e65e
3616cf46b53ecac41813d66874380a99715b0b31baf1c27c5db0ba320b9369c8
36c93ecca4ea10ed850a8b04465a4141f6afc135419d644181e63a98da87a376
436ecc90fab5ed1034b68a4a0e924e0132d93d9e7fb59b4fe23018eb7d9242c1
44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7
454416ec68477096729394f35a1b720eb956967a51ce1e574e9852b20000e4b2
4c1606563842cce5f1788329d4417ae3618b33c6365c56a7122439b6ab45c977
62930ea036d5c32e44c5494f064992f80489ce53f17f5bc563d24e5641dfcd2e
721664da709158888e363cb551254e6cc3c4b06b4af5be1466c0499261c3d961
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
83a132d9141372a3c75799bd6194a5752b3db074ef77a9e9a3249ff9fbc38d23
932ea15108928991bcf0c0a46415fc652de5ffc0158c35205357b90c65eeb386
9fa4f2ad709ff397d792afa42087c38ac2d13ac10ee104e557f594ffbf93a603
a1f303eeebda55b956a0a38543a044a78ec37da52823f8957cc62c522f7b36d2
b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a
bec4f9f92b1a1a83c36be46a4e82724612c79c231315506f65efb262abd08836
c5a324f181af16879b6c4c52b731b23392f2816def159b157c4de620cff1cd41
ce26d1b76dae2f3b5d0ccc8d0ecd88d2edb411101b8a4c5edc4d9aa7008c9b04
df9690fea031319de38a437cb6d393026c4aae70642ed394c4254ed64f035b26
e0e43d19124c60a22fea6be28fe321d3cd96a4c26e5eb8da36729d70c836fb4e
e580866861ef53a03e486e128ad421357ce20cc66ac955d1601c9cfe2bbf3e03