standingwites.com Open in urlscan Pro
162.241.125.10  Malicious Activity! Public Scan

Submitted URL: https://meiertobler.bjoiytresy.bar/#bmljby5ib2NhbGVAbWVpZXJ0b2JsZXIuY2g
Effective URL: https://standingwites.com/M20LIESGbxNzWn4FphT9J1iCrYqulQRP58ytgZfasVX6cmek7oAKHOvjwDU3rfgPnL6eyi9Uc3zTpHaEOqFjB5oWXRlZ1mGk...
Submission: On April 15 via manual from ES — Scanned from ES

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 7 HTTP transactions. The main IP is 162.241.125.10, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is standingwites.com.
TLS certificate: Issued by R3 on April 14th 2022. Valid for: 3 months.
This is the only time standingwites.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
7 162.241.125.10 46606 (UNIFIEDLA...)
7 2
Apex Domain
Subdomains
Transfer
5 bjoiytresy.bar
meiertobler.bjoiytresy.bar
178 KB
2 standingwites.com
standingwites.com
84 KB
7 2
Domain Requested by
5 meiertobler.bjoiytresy.bar meiertobler.bjoiytresy.bar
2 standingwites.com standingwites.com
7 2

This site contains links to these domains. Also see Links.

Domain
passwordreset.microsoftonline.com
www.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
*.bjoiytresy.bar
R3
2022-04-14 -
2022-07-13
3 months crt.sh
standingwites.com
R3
2022-04-14 -
2022-07-13
3 months crt.sh

This page contains 1 frames:

Primary Page: https://standingwites.com/M20LIESGbxNzWn4FphT9J1iCrYqulQRP58ytgZfasVX6cmek7oAKHOvjwDU3rfgPnL6eyi9Uc3zTpHaEOqFjB5oWXRlZ1mGkJxtM4uYhSNQ27w8IKVDCbAv0pH93MwOsUxX48GoJRvb0tFCQBT7fn16lkKDZPLcy5aiEjSgIYhuWemzqA2Vr/9Nyc4osMK85egnbzlBG3HraY0IRDjVv6XOJufZLUQhP1FSmp7ECWTAkq2itx.php
Frame ID: C5AF027D398238B6D12DAF397FAF5DB3
Requests: 10 HTTP requests in this frame

Screenshot

Page Title

Sign in to your account

Page URL History Show full URLs

  1. https://meiertobler.bjoiytresy.bar/ Page URL
  2. https://meiertobler.bjoiytresy.bar/O02QAkLbxYzZ34raUNpu6Gw81ysEfMJKChctPlWRHIDVogTeiSv9BmnjqX75sZDrH5KIap64yQP0... Page URL
  3. https://standingwites.com/bWVpZXJ0b2JsZXIuYmpvaXl0cmVzeS5iYXI=/nico.bocale@meiertobler.ch Page URL
  4. https://standingwites.com/M20LIESGbxNzWn4FphT9J1iCrYqulQRP58ytgZfasVX6cmek7oAKHOvjwDU3rfgPnL6eyi9Uc3zT... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

262 kB
Transfer

265 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://meiertobler.bjoiytresy.bar/ Page URL
  2. https://meiertobler.bjoiytresy.bar/O02QAkLbxYzZ34raUNpu6Gw81ysEfMJKChctPlWRHIDVogTeiSv9BmnjqX75sZDrH5KIap64yQP0en1ShJMTtEBlU3fCRX8V2oxGkic97NOAuzbmjgFqLwWv?SVnzw2bUtFREo04N3QuA9qxiMhCD1v6gp7GsIJ8HKjOcfT5XlBkmYerWLZPaorEmQjz5LVnG2WgabFDXU8uIN30JvTwM1ZStxhfe9iyPRc6CqKYHBp7s4AkOzws7jOQMlSfRAi6pTFBtN1V0GoKkHcnULmIWb3ghJa2CDx4Pure9XZEqyY85%20=%27%20+%20nico.bocale@meiertobler.ch Page URL
  3. https://standingwites.com/bWVpZXJ0b2JsZXIuYmpvaXl0cmVzeS5iYXI=/nico.bocale@meiertobler.ch Page URL
  4. https://standingwites.com/M20LIESGbxNzWn4FphT9J1iCrYqulQRP58ytgZfasVX6cmek7oAKHOvjwDU3rfgPnL6eyi9Uc3zTpHaEOqFjB5oWXRlZ1mGkJxtM4uYhSNQ27w8IKVDCbAv0pH93MwOsUxX48GoJRvb0tFCQBT7fn16lkKDZPLcy5aiEjSgIYhuWemzqA2Vr/9Nyc4osMK85egnbzlBG3HraY0IRDjVv6XOJufZLUQhP1FSmp7ECWTAkq2itx.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
meiertobler.bjoiytresy.bar/
724 B
1 KB
Document
General
Full URL
https://meiertobler.bjoiytresy.bar/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.125.10 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
162-241-125-10.unifiedlayer.com
Software
Apache /
Resource Hash
29eb206419475d809b490f2ab5c816cf427e7fc3e6097b7c20bcc105de9154de

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Fri, 15 Apr 2022 12:36:06 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked
jquery.js
meiertobler.bjoiytresy.bar/
87 KB
88 KB
Script
General
Full URL
https://meiertobler.bjoiytresy.bar/jquery.js
Requested by
Host: meiertobler.bjoiytresy.bar
URL: https://meiertobler.bjoiytresy.bar/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.125.10 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
162-241-125-10.unifiedlayer.com
Software
Apache /
Resource Hash
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://meiertobler.bjoiytresy.bar/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 15 Apr 2022 12:36:07 GMT
Last-Modified
Tue, 08 Feb 2022 13:08:16 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
89475
fragment.php
meiertobler.bjoiytresy.bar/
26 B
342 B
XHR
General
Full URL
https://meiertobler.bjoiytresy.bar/fragment.php
Requested by
Host: meiertobler.bjoiytresy.bar
URL: https://meiertobler.bjoiytresy.bar/jquery.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.125.10 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
162-241-125-10.unifiedlayer.com
Software
Apache /
Resource Hash

Request headers

Accept
*/*
Referer
https://meiertobler.bjoiytresy.bar/
X-Requested-With
XMLHttpRequest
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Fri, 15 Apr 2022 12:36:07 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Expires
Thu, 19 Nov 1981 08:52:00 GMT
O02QAkLbxYzZ34raUNpu6Gw81ysEfMJKChctPlWRHIDVogTeiSv9BmnjqX75sZDrH5KIap64yQP0en1ShJMTtEBlU3fCRX8V2oxGkic97NOAuzbmjgFqLwWv
meiertobler.bjoiytresy.bar/
833 B
1 KB
Document
General
Full URL
https://meiertobler.bjoiytresy.bar/O02QAkLbxYzZ34raUNpu6Gw81ysEfMJKChctPlWRHIDVogTeiSv9BmnjqX75sZDrH5KIap64yQP0en1ShJMTtEBlU3fCRX8V2oxGkic97NOAuzbmjgFqLwWv?SVnzw2bUtFREo04N3QuA9qxiMhCD1v6gp7GsIJ8HKjOcfT5XlBkmYerWLZPaorEmQjz5LVnG2WgabFDXU8uIN30JvTwM1ZStxhfe9iyPRc6CqKYHBp7s4AkOzws7jOQMlSfRAi6pTFBtN1V0GoKkHcnULmIWb3ghJa2CDx4Pure9XZEqyY85%20=%27%20+%20nico.bocale@meiertobler.ch
Requested by
Host: meiertobler.bjoiytresy.bar
URL: https://meiertobler.bjoiytresy.bar/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.125.10 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
162-241-125-10.unifiedlayer.com
Software
Apache /
Resource Hash
ed2999417405e6eaddcb067a95667b2f4fea72cc6d6f279c63f24be575d9254f

Request headers

Referer
https://meiertobler.bjoiytresy.bar/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Length
833
Content-Type
text/html; charset=UTF-8
Date
Fri, 15 Apr 2022 12:36:08 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=97
Pragma
no-cache
Server
Apache
jquery.js
meiertobler.bjoiytresy.bar/
87 KB
88 KB
Script
General
Full URL
https://meiertobler.bjoiytresy.bar/jquery.js
Requested by
Host: meiertobler.bjoiytresy.bar
URL: https://meiertobler.bjoiytresy.bar/O02QAkLbxYzZ34raUNpu6Gw81ysEfMJKChctPlWRHIDVogTeiSv9BmnjqX75sZDrH5KIap64yQP0en1ShJMTtEBlU3fCRX8V2oxGkic97NOAuzbmjgFqLwWv?SVnzw2bUtFREo04N3QuA9qxiMhCD1v6gp7GsIJ8HKjOcfT5XlBkmYerWLZPaorEmQjz5LVnG2WgabFDXU8uIN30JvTwM1ZStxhfe9iyPRc6CqKYHBp7s4AkOzws7jOQMlSfRAi6pTFBtN1V0GoKkHcnULmIWb3ghJa2CDx4Pure9XZEqyY85%20=%27%20+%20nico.bocale@meiertobler.ch
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.125.10 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
162-241-125-10.unifiedlayer.com
Software
Apache /
Resource Hash

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://meiertobler.bjoiytresy.bar/O02QAkLbxYzZ34raUNpu6Gw81ysEfMJKChctPlWRHIDVogTeiSv9BmnjqX75sZDrH5KIap64yQP0en1ShJMTtEBlU3fCRX8V2oxGkic97NOAuzbmjgFqLwWv?SVnzw2bUtFREo04N3QuA9qxiMhCD1v6gp7GsIJ8HKjOcfT5XlBkmYerWLZPaorEmQjz5LVnG2WgabFDXU8uIN30JvTwM1ZStxhfe9iyPRc6CqKYHBp7s4AkOzws7jOQMlSfRAi6pTFBtN1V0GoKkHcnULmIWb3ghJa2CDx4Pure9XZEqyY85%20=%27%20+%20nico.bocale@meiertobler.ch
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 15 Apr 2022 12:36:08 GMT
Last-Modified
Tue, 08 Feb 2022 13:08:16 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
89475
nico.bocale@meiertobler.ch
standingwites.com/bWVpZXJ0b2JsZXIuYmpvaXl0cmVzeS5iYXI=/
289 B
671 B
Document
General
Full URL
https://standingwites.com/bWVpZXJ0b2JsZXIuYmpvaXl0cmVzeS5iYXI=/nico.bocale@meiertobler.ch
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.125.10 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
162-241-125-10.unifiedlayer.com
Software
Apache /
Resource Hash

Request headers

Referer
https://meiertobler.bjoiytresy.bar/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Fri, 15 Apr 2022 12:36:10 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked
Primary Request 9Nyc4osMK85egnbzlBG3HraY0IRDjVv6XOJufZLUQhP1FSmp7ECWTAkq2itx.php
standingwites.com/M20LIESGbxNzWn4FphT9J1iCrYqulQRP58ytgZfasVX6cmek7oAKHOvjwDU3rfgPnL6eyi9Uc3zTpHaEOqFjB5oWXRlZ1mGkJxtM4uYhSNQ27w8IKVDCbAv0pH93MwOsUxX48GoJRvb0tFCQBT7fn16lkKDZPLcy5aiEjSgIYhuWemzqA2Vr/
83 KB
83 KB
Document
General
Full URL
https://standingwites.com/M20LIESGbxNzWn4FphT9J1iCrYqulQRP58ytgZfasVX6cmek7oAKHOvjwDU3rfgPnL6eyi9Uc3zTpHaEOqFjB5oWXRlZ1mGkJxtM4uYhSNQ27w8IKVDCbAv0pH93MwOsUxX48GoJRvb0tFCQBT7fn16lkKDZPLcy5aiEjSgIYhuWemzqA2Vr/9Nyc4osMK85egnbzlBG3HraY0IRDjVv6XOJufZLUQhP1FSmp7ECWTAkq2itx.php
Requested by
Host: standingwites.com
URL: https://standingwites.com/bWVpZXJ0b2JsZXIuYmpvaXl0cmVzeS5iYXI=/nico.bocale@meiertobler.ch
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.125.10 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
162-241-125-10.unifiedlayer.com
Software
Apache /
Resource Hash
5c04b673b0ed0c70e2a99329fc553e9730eb625f316822244010e749ddb8ec6c

Request headers

Referer
https://standingwites.com/bWVpZXJ0b2JsZXIuYmpvaXl0cmVzeS5iYXI=/nico.bocale@meiertobler.ch
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Fri, 15 Apr 2022 12:36:11 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=99
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

accept-language
es-ES,es;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
513 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

accept-language
es-ES,es;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

accept-language
es-ES,es;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails

2 Cookies

Domain/Path Name / Value
meiertobler.bjoiytresy.bar/ Name: PHPSESSID
Value: 3a11f627b8798147e81e5fc0b01bbffc
standingwites.com/ Name: PHPSESSID
Value: b5ee90e06d7e577ed267cc33c5324495