standingwites.com
Open in
urlscan Pro
162.241.125.10
Malicious Activity!
Public Scan
Effective URL: https://standingwites.com/M20LIESGbxNzWn4FphT9J1iCrYqulQRP58ytgZfasVX6cmek7oAKHOvjwDU3rfgPnL6eyi9Uc3zTpHaEOqFjB5oWXRlZ1mGk...
Submission: On April 15 via manual from ES — Scanned from ES
Summary
TLS certificate: Issued by R3 on April 14th 2022. Valid for: 3 months.
This is the only time standingwites.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 162.241.125.10 162.241.125.10 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
7 | 2 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-125-10.unifiedlayer.com
meiertobler.bjoiytresy.bar | |
standingwites.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
bjoiytresy.bar
meiertobler.bjoiytresy.bar |
178 KB |
2 |
standingwites.com
standingwites.com |
84 KB |
7 | 2 |
Domain | Requested by | |
---|---|---|
5 | meiertobler.bjoiytresy.bar |
meiertobler.bjoiytresy.bar
|
2 | standingwites.com |
standingwites.com
|
7 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
passwordreset.microsoftonline.com |
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.bjoiytresy.bar R3 |
2022-04-14 - 2022-07-13 |
3 months | crt.sh |
standingwites.com R3 |
2022-04-14 - 2022-07-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://standingwites.com/M20LIESGbxNzWn4FphT9J1iCrYqulQRP58ytgZfasVX6cmek7oAKHOvjwDU3rfgPnL6eyi9Uc3zTpHaEOqFjB5oWXRlZ1mGkJxtM4uYhSNQ27w8IKVDCbAv0pH93MwOsUxX48GoJRvb0tFCQBT7fn16lkKDZPLcy5aiEjSgIYhuWemzqA2Vr/9Nyc4osMK85egnbzlBG3HraY0IRDjVv6XOJufZLUQhP1FSmp7ECWTAkq2itx.php
Frame ID: C5AF027D398238B6D12DAF397FAF5DB3
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Sign in to your accountPage URL History Show full URLs
- https://meiertobler.bjoiytresy.bar/ Page URL
- https://meiertobler.bjoiytresy.bar/O02QAkLbxYzZ34raUNpu6Gw81ysEfMJKChctPlWRHIDVogTeiSv9BmnjqX75sZDrH5KIap64yQP0... Page URL
- https://standingwites.com/bWVpZXJ0b2JsZXIuYmpvaXl0cmVzeS5iYXI=/nico.bocale@meiertobler.ch Page URL
- https://standingwites.com/M20LIESGbxNzWn4FphT9J1iCrYqulQRP58ytgZfasVX6cmek7oAKHOvjwDU3rfgPnL6eyi9Uc3zT... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Forgotten my password
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://meiertobler.bjoiytresy.bar/ Page URL
- https://meiertobler.bjoiytresy.bar/O02QAkLbxYzZ34raUNpu6Gw81ysEfMJKChctPlWRHIDVogTeiSv9BmnjqX75sZDrH5KIap64yQP0en1ShJMTtEBlU3fCRX8V2oxGkic97NOAuzbmjgFqLwWv?SVnzw2bUtFREo04N3QuA9qxiMhCD1v6gp7GsIJ8HKjOcfT5XlBkmYerWLZPaorEmQjz5LVnG2WgabFDXU8uIN30JvTwM1ZStxhfe9iyPRc6CqKYHBp7s4AkOzws7jOQMlSfRAi6pTFBtN1V0GoKkHcnULmIWb3ghJa2CDx4Pure9XZEqyY85%20=%27%20+%20nico.bocale@meiertobler.ch Page URL
- https://standingwites.com/bWVpZXJ0b2JsZXIuYmpvaXl0cmVzeS5iYXI=/nico.bocale@meiertobler.ch Page URL
- https://standingwites.com/M20LIESGbxNzWn4FphT9J1iCrYqulQRP58ytgZfasVX6cmek7oAKHOvjwDU3rfgPnL6eyi9Uc3zTpHaEOqFjB5oWXRlZ1mGkJxtM4uYhSNQ27w8IKVDCbAv0pH93MwOsUxX48GoJRvb0tFCQBT7fn16lkKDZPLcy5aiEjSgIYhuWemzqA2Vr/9Nyc4osMK85egnbzlBG3HraY0IRDjVv6XOJufZLUQhP1FSmp7ECWTAkq2itx.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
meiertobler.bjoiytresy.bar/ |
724 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
meiertobler.bjoiytresy.bar/ |
87 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
fragment.php
meiertobler.bjoiytresy.bar/ |
26 B 342 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
O02QAkLbxYzZ34raUNpu6Gw81ysEfMJKChctPlWRHIDVogTeiSv9BmnjqX75sZDrH5KIap64yQP0en1ShJMTtEBlU3fCRX8V2oxGkic97NOAuzbmjgFqLwWv
meiertobler.bjoiytresy.bar/ |
833 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
meiertobler.bjoiytresy.bar/ |
87 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nico.bocale@meiertobler.ch
standingwites.com/bWVpZXJ0b2JsZXIuYmpvaXl0cmVzeS5iYXI=/ |
289 B 671 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
9Nyc4osMK85egnbzlBG3HraY0IRDjVv6XOJufZLUQhP1FSmp7ECWTAkq2itx.php
standingwites.com/M20LIESGbxNzWn4FphT9J1iCrYqulQRP58ytgZfasVX6cmek7oAKHOvjwDU3rfgPnL6eyi9Uc3zTpHaEOqFjB5oWXRlZ1mGkJxtM4uYhSNQ27w8IKVDCbAv0pH93MwOsUxX48GoJRvb0tFCQBT7fn16lkKDZPLcy5aiEjSgIYhuWemzqA2Vr/ |
83 KB 83 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
513 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
meiertobler.bjoiytresy.bar/ | Name: PHPSESSID Value: 3a11f627b8798147e81e5fc0b01bbffc |
|
standingwites.com/ | Name: PHPSESSID Value: b5ee90e06d7e577ed267cc33c5324495 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
meiertobler.bjoiytresy.bar
standingwites.com
162.241.125.10
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
29eb206419475d809b490f2ab5c816cf427e7fc3e6097b7c20bcc105de9154de
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
5c04b673b0ed0c70e2a99329fc553e9730eb625f316822244010e749ddb8ec6c
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f
ed2999417405e6eaddcb067a95667b2f4fea72cc6d6f279c63f24be575d9254f