![](/screenshots/1cfd246c-01c4-4301-9cb3-5907de687580.png)
654minnesotasx.z13.web.core.windows.net
Open in
urlscan Pro
20.60.128.65
Malicious Activity!
Public Scan
Submission: On June 04 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by Microsoft RSA TLS CA 01 on September 27th 2023. Valid for: a year.
This is the only time 654minnesotasx.z13.web.core.windows.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Tech Support Scam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
17 | 20.60.128.65 20.60.128.65 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
1 | 65.9.37.32 65.9.37.32 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 54.145.108.95 54.145.108.95 | 14618 (AMAZON-AES) (AMAZON-AES) | |
20 | 4 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
654minnesotasx.z13.web.core.windows.net |
ASN16509 (AMAZON-02, US)
PTR: server-65-9-37-32.nrt12.r.cloudfront.net
d2fuc4clr7gvcn.cloudfront.net |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-145-108-95.compute-1.amazonaws.com
track.gaug.es |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
windows.net
654minnesotasx.z13.web.core.windows.net |
1 MB |
1 |
gaug.es
track.gaug.es — Cisco Umbrella Rank: 540803 |
389 B |
1 |
cloudfront.net
d2fuc4clr7gvcn.cloudfront.net |
2 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 1124 |
27 KB |
20 | 4 |
Domain | Requested by | |
---|---|---|
17 | 654minnesotasx.z13.web.core.windows.net |
654minnesotasx.z13.web.core.windows.net
|
1 | track.gaug.es |
654minnesotasx.z13.web.core.windows.net
|
1 | d2fuc4clr7gvcn.cloudfront.net |
654minnesotasx.z13.web.core.windows.net
|
1 | code.jquery.com |
654minnesotasx.z13.web.core.windows.net
|
20 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.web.core.windows.net Microsoft RSA TLS CA 01 |
2023-09-27 - 2024-09-27 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2023-10-10 - 2024-09-19 |
a year | crt.sh |
*.gaug.es Sectigo RSA Domain Validation Secure Server CA |
2024-03-03 - 2025-04-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://654minnesotasx.z13.web.core.windows.net/Tsjhfr8ew9sx-c0f9rews3ocid9esxc-0feos4icde6sc0f-rew3psoifdc-0fr4eosx7icdsxc0d-ew4psoi6dsc0ew-oskic0f4repso6cidsc-0fewpsod/azbf7wsmj8rf.html
Frame ID: 10B80669E6E25FD15AE6889EEE340DE7
Requests: 20 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
azbf7wsmj8rf.html
654minnesotasx.z13.web.core.windows.net/Tsjhfr8ew9sx-c0f9rews3ocid9esxc-0feos4icde6sc0f-rew3psoifdc-0fr4eosx7icdsxc0d-ew4psoi6dsc0ew-oskic0f4repso6cidsc-0fewpsod/ |
12 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tapa.css
654minnesotasx.z13.web.core.windows.net/Tsjhfr8ew9sx-c0f9rews3ocid9esxc-0feos4icde6sc0f-rew3psoifdc-0fr4eosx7icdsxc0d-ew4psoi6dsc0ew-oskic0f4repso6cidsc-0fewpsod/ |
19 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.4.4.min.js
code.jquery.com/ |
77 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
noir.js
654minnesotasx.z13.web.core.windows.net/Tsjhfr8ew9sx-c0f9rews3ocid9esxc-0feos4icde6sc0f-rew3psoifdc-0fr4eosx7icdsxc0d-ew4psoi6dsc0ew-oskic0f4repso6cidsc-0fewpsod/ |
82 KB 83 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js1.js
654minnesotasx.z13.web.core.windows.net/Tsjhfr8ew9sx-c0f9rews3ocid9esxc-0feos4icde6sc0f-rew3psoifdc-0fr4eosx7icdsxc0d-ew4psoi6dsc0ew-oskic0f4repso6cidsc-0fewpsod/ |
317 B 693 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js2.js
654minnesotasx.z13.web.core.windows.net/Tsjhfr8ew9sx-c0f9rews3ocid9esxc-0feos4icde6sc0f-rew3psoifdc-0fr4eosx7icdsxc0d-ew4psoi6dsc0ew-oskic0f4repso6cidsc-0fewpsod/ |
567 B 943 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
micro.js
654minnesotasx.z13.web.core.windows.net/Tsjhfr8ew9sx-c0f9rews3ocid9esxc-0feos4icde6sc0f-rew3psoifdc-0fr4eosx7icdsxc0d-ew4psoi6dsc0ew-oskic0f4repso6cidsc-0fewpsod/ |
3 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f24.png
654minnesotasx.z13.web.core.windows.net/Tsjhfr8ew9sx-c0f9rews3ocid9esxc-0feos4icde6sc0f-rew3psoifdc-0fr4eosx7icdsxc0d-ew4psoi6dsc0ew-oskic0f4repso6cidsc-0fewpsod/ |
472 KB 472 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nbx1.jpg
654minnesotasx.z13.web.core.windows.net/Tsjhfr8ew9sx-c0f9rews3ocid9esxc-0feos4icde6sc0f-rew3psoifdc-0fr4eosx7icdsxc0d-ew4psoi6dsc0ew-oskic0f4repso6cidsc-0fewpsod/ |
42 KB 42 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bx2.jpg
654minnesotasx.z13.web.core.windows.net/Tsjhfr8ew9sx-c0f9rews3ocid9esxc-0feos4icde6sc0f-rew3psoifdc-0fr4eosx7icdsxc0d-ew4psoi6dsc0ew-oskic0f4repso6cidsc-0fewpsod/ |
114 KB 114 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nmnbx.png
654minnesotasx.z13.web.core.windows.net/Tsjhfr8ew9sx-c0f9rews3ocid9esxc-0feos4icde6sc0f-rew3psoifdc-0fr4eosx7icdsxc0d-ew4psoi6dsc0ew-oskic0f4repso6cidsc-0fewpsod/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
re.gif
654minnesotasx.z13.web.core.windows.net/Tsjhfr8ew9sx-c0f9rews3ocid9esxc-0feos4icde6sc0f-rew3psoifdc-0fr4eosx7icdsxc0d-ew4psoi6dsc0ew-oskic0f4repso6cidsc-0fewpsod/ |
14 KB 15 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
msmm.png
654minnesotasx.z13.web.core.windows.net/Tsjhfr8ew9sx-c0f9rews3ocid9esxc-0feos4icde6sc0f-rew3psoifdc-0fr4eosx7icdsxc0d-ew4psoi6dsc0ew-oskic0f4repso6cidsc-0fewpsod/ |
168 B 538 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
track.js
d2fuc4clr7gvcn.cloudfront.net/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.png
654minnesotasx.z13.web.core.windows.net/Tsjhfr8ew9sx-c0f9rews3ocid9esxc-0feos4icde6sc0f-rew3psoifdc-0fr4eosx7icdsxc0d-ew4psoi6dsc0ew-oskic0f4repso6cidsc-0fewpsod/ |
525 KB 525 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jp.mp4
654minnesotasx.z13.web.core.windows.net/Tsjhfr8ew9sx-c0f9rews3ocid9esxc-0feos4icde6sc0f-rew3psoifdc-0fr4eosx7icdsxc0d-ew4psoi6dsc0ew-oskic0f4repso6cidsc-0fewpsod/ |
80 KB 0 |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webs.mp4
654minnesotasx.z13.web.core.windows.net/Tsjhfr8ew9sx-c0f9rews3ocid9esxc-0feos4icde6sc0f-rew3psoifdc-0fr4eosx7icdsxc0d-ew4psoi6dsc0ew-oskic0f4repso6cidsc-0fewpsod/ |
8 KB 9 KB |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ai2.mp3
654minnesotasx.z13.web.core.windows.net/Tsjhfr8ew9sx-c0f9rews3ocid9esxc-0feos4icde6sc0f-rew3psoifdc-0fr4eosx7icdsxc0d-ew4psoi6dsc0ew-oskic0f4repso6cidsc-0fewpsod/ |
321 B 629 B |
Media
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
track.gif
track.gaug.es/ |
35 B 389 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
msmm.png
654minnesotasx.z13.web.core.windows.net/Tsjhfr8ew9sx-c0f9rews3ocid9esxc-0feos4icde6sc0f-rew3psoifdc-0fr4eosx7icdsxc0d-ew4psoi6dsc0ew-oskic0f4repso6cidsc-0fewpsod/ |
168 B 0 |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Tech Support Scam (Consumer)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| toggleFullScreen function| addEvent string| phone_number number| e number| isNS function| mischandler function| mousehandler function| win_onkeydown_handler object| _gauges5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
654minnesotasx.z13.web.core.windows.net/ | Name: _gauges_unique_hour Value: 1 |
|
654minnesotasx.z13.web.core.windows.net/ | Name: _gauges_unique_day Value: 1 |
|
654minnesotasx.z13.web.core.windows.net/ | Name: _gauges_unique_month Value: 1 |
|
654minnesotasx.z13.web.core.windows.net/ | Name: _gauges_unique_year Value: 1 |
|
654minnesotasx.z13.web.core.windows.net/ | Name: _gauges_unique Value: 1 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
654minnesotasx.z13.web.core.windows.net
code.jquery.com
d2fuc4clr7gvcn.cloudfront.net
track.gaug.es
20.60.128.65
2a04:4e42:200::649
54.145.108.95
65.9.37.32
034cc2f36042ce8f0186275de708ab78f2277eea6bb56a785ad523bfbc0da810
0589be7715d2320e559eae6bd26f3528e97450c70293da2e1e8ce45f77f99ab1
0af0f73f486ffdfc6d2d222716fcffa825781bca81801b874faebdb08db5d83f
0b94cb93989d5c1a97ff8e96aafbf5a48c74b5c00c2e567d8eaafb110eea9972
11d4d0aa8bf0ab597bee785cd9d03301787faee4aae43d66ab53b15f0fe7d849
19b6a129117e2802d5a936a664e4b1f85ccc20c429791b909318440985bf27b9
1ab5ef4e7e196cb1ff39df44e1a0a39f6880b906ef6fd6da3cfdbb92ffd33115
3389f1cc669aa74e99cbb0dbf1bc979c58e842feec75ed59f0339b5d41e47db8
46b5242c5eb6b3b71ef2606f2d0d700142ae58b53c6d018e6bf06bab62437e1b
4b436b0b6a47db85c88f83dc3fe3fd9a96c0a4018b28832165df929dffe0bc86
517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
860078ea9aab8de67b9df3fc0ddb041850f41df8d5ea28287876f6fa5e18d5fd
9d6dc5a40f8acc323e73d0127d135a363b937f1f3a22a97feec81a480244fd9a
b1850c878854b3f86309d4d84063ff3602a7c4e8a68ef5c46312d86b4ae7f578
b46a38ffbc127d4e61507602bdd9d60dd68d568391f282fb43a4a28fb3dab09a
ddef18a3c5f162834c6387fbf59dc219da59406bf7a8da8facf167a7f6d9ccc7
df2698e6cf74ed890afa92da10051f880df2ce0b3257b73c5d9ae2f6bea82d3c