revengep0rnsincludes.z13.web.core.windows.net
Open in
urlscan Pro
52.239.221.33
Malicious Activity!
Public Scan
Submission: On May 26 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by Microsoft RSA TLS CA 01 on September 27th 2023. Valid for: a year.
This is the only time revengep0rnsincludes.z13.web.core.windows.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Tech Support Scam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
24 | 52.239.221.33 52.239.221.33 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2a04:4e42:600... 2a04:4e42:600::649 | 54113 (FASTLY) (FASTLY) | |
1 | 103.126.138.87 103.126.138.87 | 40676 (AS40676) (AS40676) | |
1 | 65.9.37.203 65.9.37.203 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 52.204.133.150 52.204.133.150 | 14618 (AMAZON-AES) (AMAZON-AES) | |
28 | 5 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
revengep0rnsincludes.z13.web.core.windows.net |
ASN16509 (AMAZON-02, US)
PTR: server-65-9-37-203.nrt12.r.cloudfront.net
d2fuc4clr7gvcn.cloudfront.net |
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-133-150.compute-1.amazonaws.com
track.gaug.es |
Apex Domain Subdomains |
Transfer | |
---|---|---|
24 |
windows.net
revengep0rnsincludes.z13.web.core.windows.net |
865 KB |
1 |
gaug.es
track.gaug.es — Cisco Umbrella Rank: 322516 |
389 B |
1 |
cloudfront.net
d2fuc4clr7gvcn.cloudfront.net |
2 KB |
1 |
ipwho.is
ipwho.is — Cisco Umbrella Rank: 66680 |
944 B |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 776 |
27 KB |
28 | 5 |
Domain | Requested by | |
---|---|---|
24 | revengep0rnsincludes.z13.web.core.windows.net |
revengep0rnsincludes.z13.web.core.windows.net
|
1 | track.gaug.es |
revengep0rnsincludes.z13.web.core.windows.net
|
1 | d2fuc4clr7gvcn.cloudfront.net |
revengep0rnsincludes.z13.web.core.windows.net
|
1 | ipwho.is |
revengep0rnsincludes.z13.web.core.windows.net
|
1 | code.jquery.com |
revengep0rnsincludes.z13.web.core.windows.net
|
28 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.web.core.windows.net Microsoft RSA TLS CA 01 |
2023-09-27 - 2024-09-27 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
ipwho.is GoGetSSL ECC DV CA |
2024-03-13 - 2025-03-13 |
a year | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2023-10-10 - 2024-09-19 |
a year | crt.sh |
*.gaug.es Sectigo RSA Domain Validation Secure Server CA |
2024-03-03 - 2025-04-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://revengep0rnsincludes.z13.web.core.windows.net/aznhd6wamku.html
Frame ID: 7E399AAF50B4102AC99F3563757F4B9E
Requests: 28 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
aznhd6wamku.html
revengep0rnsincludes.z13.web.core.windows.net/ |
24 KB 24 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tapa.css
revengep0rnsincludes.z13.web.core.windows.net/ |
19 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.4.4.min.js
code.jquery.com/ |
77 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
noir.js
revengep0rnsincludes.z13.web.core.windows.net/ |
82 KB 83 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f24.png
revengep0rnsincludes.z13.web.core.windows.net/ |
602 KB 602 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mncs.png
revengep0rnsincludes.z13.web.core.windows.net/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
msmm.png
revengep0rnsincludes.z13.web.core.windows.net/ |
148 B 518 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
set.png
revengep0rnsincludes.z13.web.core.windows.net/ |
360 B 730 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ques.png
revengep0rnsincludes.z13.web.core.windows.net/ |
349 B 719 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vsc.png
revengep0rnsincludes.z13.web.core.windows.net/ |
752 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
procs.png
revengep0rnsincludes.z13.web.core.windows.net/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bx1.png
revengep0rnsincludes.z13.web.core.windows.net/ |
83 KB 83 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bel.png
revengep0rnsincludes.z13.web.core.windows.net/ |
296 B 666 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pcm.png
revengep0rnsincludes.z13.web.core.windows.net/ |
428 B 798 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
phone.png
revengep0rnsincludes.z13.web.core.windows.net/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dm.png
revengep0rnsincludes.z13.web.core.windows.net/ |
347 B 717 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cs.png
revengep0rnsincludes.z13.web.core.windows.net/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
re.gif
revengep0rnsincludes.z13.web.core.windows.net/ |
14 KB 15 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
scipt.js
revengep0rnsincludes.z13.web.core.windows.net/ |
2 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
custom.js
revengep0rnsincludes.z13.web.core.windows.net/ |
503 B 879 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
esc.js
revengep0rnsincludes.z13.web.core.windows.net/ |
87 B 462 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mn.js
revengep0rnsincludes.z13.web.core.windows.net/ |
349 B 725 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
ipwho.is/ |
672 B 944 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
websinfo.mp3
revengep0rnsincludes.z13.web.core.windows.net/ |
80 KB 0 |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
track.js
d2fuc4clr7gvcn.cloudfront.net/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.html
revengep0rnsincludes.z13.web.core.windows.net/ |
321 B 629 B |
Media
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
track.gif
track.gaug.es/ |
35 B 389 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
msmm.png
revengep0rnsincludes.z13.web.core.windows.net/ |
148 B 0 |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Tech Support Scam (Consumer)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| t function| toggleFullScreen function| addEvent string| ipadd string| city string| country string| isp string| currtime number| e number| isNS function| mischandler function| mousehandler function| win_onkeydown_handler object| _gauges5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
revengep0rnsincludes.z13.web.core.windows.net/ | Name: _gauges_unique_hour Value: 1 |
|
revengep0rnsincludes.z13.web.core.windows.net/ | Name: _gauges_unique_day Value: 1 |
|
revengep0rnsincludes.z13.web.core.windows.net/ | Name: _gauges_unique_month Value: 1 |
|
revengep0rnsincludes.z13.web.core.windows.net/ | Name: _gauges_unique_year Value: 1 |
|
revengep0rnsincludes.z13.web.core.windows.net/ | Name: _gauges_unique Value: 1 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
d2fuc4clr7gvcn.cloudfront.net
ipwho.is
revengep0rnsincludes.z13.web.core.windows.net
track.gaug.es
103.126.138.87
2a04:4e42:600::649
52.204.133.150
52.239.221.33
65.9.37.203
1062361de4627c89f8ea0541b529769540a46687daa3f4b5c9e4a84e3de604d5
23e2636c586a13f6dba4730d4d92fccd80ef8d0358e9c266e7cdd1d5123057f7
250008e9dc0fe4d75cdb46c8ba05ad92f49496361419cc526ebbddaefa2f84d2
30f7f9d420fc2b5e8591b145eadefb7769885635095959ba3b60665e42607aed
318698ae5e67c32550d6b40ac09848d598f6317f51a8f09638ba925f6e7cc479
44e95065a8f30e6a3731d62d8f605722e9ccaac967cc0276c849588ef6a0e698
44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7
46b5242c5eb6b3b71ef2606f2d0d700142ae58b53c6d018e6bf06bab62437e1b
46ebb2640aac2186a7cf13f528c03648fa9a498910289cdad41ba87b9770eb14
484ddeea1ea644aea09e21d6730a8370728ee2dccf80b4a369d7aa942d89415b
4b436b0b6a47db85c88f83dc3fe3fd9a96c0a4018b28832165df929dffe0bc86
517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c
6b9f628348d523202213cd2d2f1c5e2a1299516986980358a5ceea01aec37cf7
7064eadfcd3291fcb65d7cd1ca36820581f5b54826d68024dfc29dc203907ad6
82f774d495fd49fbfedde8197fbbd9c0b3847e82ab87b7dae677ad4028058877
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
863547e9f5235aa4208737d9d86f4d62aa4146acb258399089842f30e79627de
91a153765adebf4d2b7d63b597921108c39b30fc85d709cf0a2820064789a86c
ad3619bd3e93e1e3a05f7ac346ec2d8afdd5bb2a583a876c0a085ce57fe6f2f0
b3ab0ec911cf992c5351155a12e2fb12ca908bd36d658d05f2b4cf9912fd8dce
d78dca445132754bf14e22d2dd76a8273a5c77e9a084b12e17ca76d500d3b6e3
db8190f20449aab0238804f1056fcda92791da67ec4a1863246e6204d51144c6
df2698e6cf74ed890afa92da10051f880df2ce0b3257b73c5d9ae2f6bea82d3c
ef35b00fa94fa0b4991c624c8bff042893b37d4e0c04f03f71533a9cd28c1953
f4c18df7b565095e7218bdfe39ff9aeba8b825f6b97388ff57a6fea5408bc130
fc87db652e852c690d59e769f6885bda06a1d75738d641d980374851da581065