www.stotras.com.au
Open in
urlscan Pro
27.121.66.192
Malicious Activity!
Public Scan
Submission: On April 20 via automatic, source openphish
Summary
This is the only time www.stotras.com.au was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
14 | 27.121.66.192 27.121.66.192 | 24446 (NETREGIST...) (NETREGISTRY-AS-AP NetRegistry Pty Ltd.) | |
1 | 2.19.41.58 2.19.41.58 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2.19.32.164 2.19.32.164 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 66.117.29.4 66.117.29.4 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
21 | 5 |
ASN24446 (NETREGISTRY-AS-AP NetRegistry Pty Ltd., AU)
PTR: cp392.ezyreg.com
www.stotras.com.au |
ASN15224 (OMNITURE - Adobe Systems Inc., US)
windowslive.tt.omtrdc.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
stotras.com.au
www.stotras.com.au |
289 KB |
1 |
omtrdc.net
windowslive.tt.omtrdc.net |
439 B |
1 |
bkrtx.com
tags.bkrtx.com |
39 KB |
1 |
gfx.ms
auth.gfx.ms |
208 B |
0 |
microsoft.com
Failed
s.imp.microsoft.com Failed |
|
0 |
live.com
Failed
sc.imp.live.com Failed |
|
21 | 6 |
Domain | Requested by | |
---|---|---|
14 | www.stotras.com.au |
www.stotras.com.au
|
1 | windowslive.tt.omtrdc.net |
www.stotras.com.au
|
1 | tags.bkrtx.com |
www.stotras.com.au
|
1 | auth.gfx.ms |
www.stotras.com.au
|
0 | s.imp.microsoft.com Failed |
www.stotras.com.au
|
0 | sc.imp.live.com Failed |
www.stotras.com.au
|
21 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
go.microsoft.com |
account.live.com |
signup.live.com |
login.live.com |
Subject Issuer | Validity | Valid |
---|
This page contains 3 frames:
Primary Page:
http://www.stotras.com.au/web2/Docusign/outlook/
Frame ID: E9B7B4B799AEED23AE26B6AF4A3B6631
Requests: 5 HTTP requests in this frame
Frame:
http://www.stotras.com.au/web2/Docusign/outlook/files/EN-US.htm
Frame ID: A9B4DC9AC649F5802B936E422B07FAC8
Requests: 3 HTTP requests in this frame
Frame:
http://www.stotras.com.au/web2/Docusign/outlook/files/EN-US(1).htm
Frame ID: DBE0870C5FD97A95AB85D75F0B733260
Requests: 13 HTTP requests in this frame
7 Outgoing links
These are links going to different origins than the main page.
Title: What's this?
Search URL Search Domain Scan URL
Title: Can't access your account?
Search URL Search Domain Scan URL
Title: Sign up now
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Title: Help Center
Search URL Search Domain Scan URL
Title: Feedback
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.stotras.com.au/web2/Docusign/outlook/ |
16 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
R3WinLive1033.css
www.stotras.com.au/web2/Docusign/outlook/files/ |
32 KB 32 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Login_Strings_JS1033.js
www.stotras.com.au/web2/Docusign/outlook/files/ |
5 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Login_Core.js
www.stotras.com.au/web2/Docusign/outlook/files/ |
106 KB 106 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
controls.png
auth.gfx.ms/14.500.21741.00/ |
0 208 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
EN-US.htm
www.stotras.com.au/web2/Docusign/outlook/files/ Frame A9B4 |
627 B 868 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
EN-US(1).htm
www.stotras.com.au/web2/Docusign/outlook/files/ Frame DBE0 |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header.css
www.stotras.com.au/web2/Docusign/outlook/files/ Frame A9B4 |
195 B 435 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_mail.png
www.stotras.com.au/web2/Docusign/outlook/files/ Frame A9B4 |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
www.stotras.com.au/web2/Docusign/outlook/files/ Frame DBE0 |
5 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mbox.js
www.stotras.com.au/web2/Docusign/outlook/files/ Frame DBE0 |
26 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sdrive_ls2_475x340.jpg
www.stotras.com.au/web2/Docusign/outlook/files/ Frame DBE0 |
58 KB 58 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style_win8.css
www.stotras.com.au/web2/Docusign/outlook/files/ Frame DBE0 |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bk-coretag.js
www.stotras.com.au/web2/Docusign/outlook/files/ Frame DBE0 |
27 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
standard
www.stotras.com.au/web2/Docusign/outlook/files/ Frame DBE0 |
2 KB 2 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bk-coretag.js
tags.bkrtx.com/js/ Frame DBE0 |
38 KB 39 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
standard
windowslive.tt.omtrdc.net/m2/windowslive/mbox/ Frame DBE0 |
177 B 439 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
style.css
sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/css/ Frame DBE0 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
style_win8.css
sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/css/ Frame DBE0 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
sdrive_ls2_475x340.jpg
sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/images/ Frame DBE0 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
zag.gif
s.imp.microsoft.com/ Frame DBE0 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- sc.imp.live.com
- URL
- https://sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/css/style.css
- Domain
- sc.imp.live.com
- URL
- https://sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/css/style_win8.css
- Domain
- sc.imp.live.com
- URL
- https://sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/images/sdrive_ls2_475x340.jpg
- Domain
- s.imp.microsoft.com
- URL
- https://s.imp.microsoft.com/zag.gif?Log=1&tntcalltype=1&tntPCID=1370633705144-955793.22_02&tntANID=01FE774EFBACAC2A71C2E0E7FFFFFFFF&tntSessionID=1370935023889-964799&tntCampaignID=63261&tntCampaignName=SISU%20Evergreen%20untargeted%3Fc000015868%7Cet01%7CA24BD08&tntOfferID=48734&tntOfferName=en%20US%20Ol%20SISU%20SDrive%20LS1?o00000030440|AB44ABE8&tntMbox=PROD-outlook_signin&tntRecipeID=3&tntRecipeName=EE04%3Fee04%7CDF36C0A7&tntPage=http%3A//www.stotras.com.au/web2/Docusign/outlook/files/EN-US%281%29.htm&tntMrkt=en-us&tntFirstSession=false&tntTrafficType=0&tntPageID=1524256816201-754224&tntTime=1524256816507&tntTitle=Sign%20In&tntGeoCountry=indonesia&tntGeoState=jakarta%20raya&tntGeoDMA=not%20metroized&tntGeoCity=&tntGeoZip=&tntReferrer=http%3A//www.stotras.com.au/web2/Docusign/outlook/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)149 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| PROOF number| g_iSRSFailed string| g_sSRSSuccess function| _DY object| g_dtFirstByte object| g_objPageMode function| _U function| _AU boolean| __Login_Strings object| $Q object| $aD object| $d function| _c function| _B function| _X function| _Am function| _F function| _I function| strOrDefault function| _Bv function| _DW function| _G function| _Ac function| _Ca function| _Ao object| $N object| $AF object| $Ad object| $C function| CE function| _S object| $e object| $l object| $aK object| $B function| _AE function| _Aa function| _N object| WL object| UI object| $r object| $J object| QS object| $AB object| $R object| $E object| $D object| $Ae object| $q object| $x object| $aB object| $z object| $p object| $ac object| $aj object| $n object| $X object| $j object| _K object| $v object| $f object| $ag object| $o object| $ab object| $L object| $aF object| $A object| DD object| UP object| $aa object| $G object| BHO function| _Av function| _DV function| DoHelp object| $O object| $Z function| _Dh function| _AP object| $ai object| $aG object| $aE object| $0 object| $I function| OnBack function| WLWorkflow function| evt_Login_onload function| _Dv function| _R function| _B9 boolean| __Login_Core object| _J object| _AN object| $i object| _fs object| $g function| _C function| _A function| _Ae function| _3 object| $Af object| $aI function| _Ah function| _AB function| _Ag function| _Dw function| _A4 function| _Bi function| _BR function| _CA function| _AC function| _CN function| _D function| _AR function| _Bu function| _Aw function| _Dc function| _CD function| _Ce function| _AW function| _BA function| _BV function| _Bb function| _BI function| _BU function| _Z function| _Dg object| $AA function| _Au function| _Ar function| $Ac function| _A1 function| _Cu function| _CV function| _Cw function| _DC function| _Az function| _BH function| _Bw function| _C7 function| _Ai function| _Bs function| _Cb function| _Ay function| _BF function| BM_ModernIFrame function| _BT function| _AI function| _CF0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
auth.gfx.ms
s.imp.microsoft.com
sc.imp.live.com
tags.bkrtx.com
windowslive.tt.omtrdc.net
www.stotras.com.au
s.imp.microsoft.com
sc.imp.live.com
2.19.32.164
2.19.41.58
27.121.66.192
66.117.29.4
073e02d1fb476072d58d0062f34f572d3f92b99de9ba0c641f073074f8210852
0a5318c07463a5ca8220492266cb43a459fd33514fbd77f3bc81bc86ca981563
11f52dffb2f7f3d9d4dd96ab064e1d89fc70fc4330dd0f43b908e283b2507646
1201c9e70331fab3bfeaae83d453b392f35eeccc008f0674c30b74492e9b1fa0
1d2216be7e7f5ec07ae65fc21adc3b3e6011cc0c494df1a972f4d16735478f4d
1f73b5c4310620c8c8e984a5dd058b0fab0e7042c4114f3baefd2cbc35d4e1af
63ec758c63e0dfff8c905f1ec84f8ba484a40647aa51ab9093bb4944929e5c05
6b1af85883b2ab64690488468bf9fb0699b82e0b8c3239129847e726bcd79c1b
92215d3fcdb46879d8f63a45cbaa411a89419bb01e8e2917795a2c362641868a
b33dc43b2da625ef57a5d5c99ba9e12a1edbd3df40397eb05b67e4b7bc987cff
c054424dbb5bf1dd9a0639d4a942c3c0976c13db70bd82d2fbb8c2f975361e81
c49f903bc315ca24e8683d34d94d7863b6ae196b3430ed9e04c81e14a5ceb4ad
caf380f27bcda4b7d549bf77b61fc62399998f8d13d534cc9c1446c14743cd6e
dcb33d7016ff38c70a20c157aa2821b2850fddbe1882cad5eca073ecbc157855
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f6de9ced41ed54dbfc4f51abfeb65d843bd8dd33a45cbb773ecf5f92d065dd52
fb77cb2ac0c0d46608ffc0ec98440b227557ec2e3f2fe6056342652b3047054b