gvuoyfsiob.cfolks.pl Open in urlscan Pro
185.208.164.121 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.bing.com/aclick?ld=e88Gz3o98-p49JzpAPPd1MGTVUCUxzlWU3Z9OyguGRQOPq8DHIjNuvNBLDonb4DIzxFwXy-hGrPdr0s9D4gKMJ...
Effective URL:
https://gvuoyfsiob.cfolks.pl/ing/
Submission: On May 26 via manual (May 26th 2023, 12:49:29 pm UTC) from ES — Scanned from ES

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 4 countries across 5 domains to perform 9 HTTP transactions. The main IP is 185.208.164.121, located in Poland and belongs to CF-GDA, PL. The main domain is gvuoyfsiob.cfolks.pl.
TLS certificate: Issued by Certum Domain Validation CA SHA2 on August 3rd 2022. Valid for: a year.

This is the only time gvuoyfsiob.cfolks.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	2a02:26f0:480... 2a02:26f0:480:22::1726:62db	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 8	185.208.164.121 185.208.164.121	41079 (CF-GDA) (CF-GDA)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1a	20446 (STACKPATH...) (STACKPATH-CDN)
1	193.41.234.21 193.41.234.21	16289 (ING-DIREC...) (ING-DIRECT-SPAIN)
9	4

1 2a02:26f0:480:22::1726:62db (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

www.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.208.164.121 (Poland) 2 redirects

ASN41079 (CF-GDA, PL)
PTR: s21.cyber-folks.pl

ingclientes.detailwatch.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gvuoyfsiob.cfolks.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.41.234.21 (Spain)

ASN16289 (ING-DIRECT-SPAIN, ES)

ing.ingdirect.es	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	cfolks.pl 1 redirects gvuoyfsiob.cfolks.pl	80 KB
1	ingdirect.es ing.ingdirect.es — Cisco Umbrella Rank: 864687	22 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 696	30 KB
1	detailwatch.online 1 redirects ingclientes.detailwatch.online	281 B
1	bing.com www.bing.com — Cisco Umbrella Rank: 69	3 KB
9	5

	Domain	Requested by
7	gvuoyfsiob.cfolks.pl	1 redirects www.bing.com gvuoyfsiob.cfolks.pl
1	ing.ingdirect.es	gvuoyfsiob.cfolks.pl
1	code.jquery.com	gvuoyfsiob.cfolks.pl
1	ingclientes.detailwatch.online	1 redirects
1	www.bing.com
9	5

This site contains no links.

Subject Issuer	Validity	Valid
r.bing.com Microsoft RSA TLS CA 01	`2022-11-15` - `2023-11-15`	a year	crt.sh
*.cfolks.pl Certum Domain Validation CA SHA2	`2022-08-03` - `2023-08-03`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
ing.ingdirect.es Entrust Certification Authority - L1M	`2022-06-13` - `2023-07-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://gvuoyfsiob.cfolks.pl/ing/
Frame ID: 2C2835923087FAEA652141511C027DD4
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Acceso clientes, ING

Page URL History Show full URLs

https://www.bing.com/aclick?ld=e88Gz3o98-p49JzpAPPd1MGTVUCUxzlWU3Z9OyguGRQOPq8DHIjNuvNBLDonb4DIzx... Page URL
https://ingclientes.detailwatch.online/ HTTP 302
https://gvuoyfsiob.cfolks.pl/ing HTTP 301
https://gvuoyfsiob.cfolks.pl/ing/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

50 %
IPv6

5
Domains

5
Subdomains

4
IPs

4
Countries

113 kB
Transfer

213 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.bing.com/aclick?ld=e88Gz3o98-p49JzpAPPd1MGTVUCUxzlWU3Z9OyguGRQOPq8DHIjNuvNBLDonb4DIzxFwXy-hGrPdr0s9D4gKMJAMJbZlb2Yx0b8KHN47hS4YWEMVe8sajkM52dOqqruJSEiJz2MmKcUpoM2t5Tg7GMeJ83qaggAFvkdECEoQGmd0qPu-22&u=aHR0cHMlM2ElMmYlMmZpbmdjbGllbnRlcy5kZXRhaWx3YXRjaC5vbmxpbmU&rlid=617c54849a9f15e9f86c30f4399e729d&ntb=1&ntb=1 Page URL
https://ingclientes.detailwatch.online/ HTTP 302
https://gvuoyfsiob.cfolks.pl/ing HTTP 301
https://gvuoyfsiob.cfolks.pl/ing/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	aclick www.bing.com/	2 KB 3 KB	413ms 213ms	Document text/html	2a02:26f0:480:22::1726:62db AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.bing.com/aclick?ld=e88Gz3o98-p49JzpAPPd1MGTVUCUxzlWU3Z9OyguGRQOPq8DHIjNuvNBLDonb4DIzxFwXy-hGrPdr0s9D4gKMJAMJbZlb2Yx0b8KHN47hS4YWEMVe8sajkM52dOqqruJSEiJz2MmKcUpoM2t5Tg7GMeJ83qaggAFvkdECEoQGmd0qPu-22&u=aHR0cHMlM2ElMmYlMmZpbmdjbGllbnRlcy5kZXRhaWx3YXRjaC5vbmxpbmU&rlid=617c54849a9f15e9f86c30f4399e729d&ntb=1&ntb=1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:22::1726:62db Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 accept-language es-ES,es;q=0.9 Response headers accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version alt-svc h3=":443"; ma=93600 cache-control no-store content-length 1966 content-type text/html; charset=UTF-8 date Fri, 26 May 2023 12:49:24 GMT expires Fri, 01 Jan 1990 00:00:00 GMT p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo pragma no-cache referrer-policy origin x-cdn-traceid 0.1bd53e17.1685105364.14333095 x-msedge-ref Ref A: BD8E7996618A4AA18D846D9D81579A87 Ref B: MIL30EDGE1518 Ref C: 2023-05-26T12:49:24Z
GET H2	200	Primary Request / Show response gvuoyfsiob.cfolks.pl/ing/ Redirect Chain https://ingclientes.detailwatch.online/ https://gvuoyfsiob.cfolks.pl/ing https://gvuoyfsiob.cfolks.pl/ing/	16 KB 3 KB	284ms 283ms	Document text/html	185.208.164.121 CF-GDA
General Check archive.org Show headers Download Go to Full URL https://gvuoyfsiob.cfolks.pl/ing/ Requested by Host: www.bing.com URL: https://www.bing.com/aclick?ld=e88Gz3o98-p49JzpAPPd1MGTVUCUxzlWU3Z9OyguGRQOPq8DHIjNuvNBLDonb4DIzxFwXy-hGrPdr0s9D4gKMJAMJbZlb2Yx0b8KHN47hS4YWEMVe8sajkM52dOqqruJSEiJz2MmKcUpoM2t5Tg7GMeJ83qaggAFvkdECEoQGmd0qPu-22&u=aHR0cHMlM2ElMmYlMmZpbmdjbGllbnRlcy5kZXRhaWx3YXRjaC5vbmxpbmU&rlid=617c54849a9f15e9f86c30f4399e729d&ntb=1&ntb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.208.164.121 , Poland, ASN41079 (CF-GDA, PL), Reverse DNS s21.cyber-folks.pl Software LiteSpeed / Resource Hash `b1c6b16c89f0c078a7fd7e693f566c2aea0d72f6417ca29f76ad79d93744bb69` Request headers Referer https://www.bing.com/aclick?ld=e88Gz3o98-p49JzpAPPd1MGTVUCUxzlWU3Z9OyguGRQOPq8DHIjNuvNBLDonb4DIzxFwXy-hGrPdr0s9D4gKMJAMJbZlb2Yx0b8KHN47hS4YWEMVe8sajkM52dOqqruJSEiJz2MmKcUpoM2t5Tg7GMeJ83qaggAFvkdECEoQGmd0qPu-22&u=aHR0cHMlM2ElMmYlMmZpbmdjbGllbnRlcy5kZXRhaWx3YXRjaC5vbmxpbmU&rlid=617c54849a9f15e9f86c30f4399e729d&ntb=1&ntb=1 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 accept-language es-ES,es;q=0.9 Response headers accept-ranges bytes content-encoding br content-length 3292 content-type text/html date Fri, 26 May 2023 12:49:25 GMT etag "4145-5ee56ae8-f30ea21e4e284a79;br" last-modified Sun, 14 Jun 2020 00:10:16 GMT server LiteSpeed vary Accept-Encoding,User-Agent Redirect headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 707 content-type text/html date Fri, 26 May 2023 12:49:25 GMT location https://gvuoyfsiob.cfolks.pl/ing/ server LiteSpeed vary User-Agent
GET H2	200	styles.css gvuoyfsiob.cfolks.pl/ing/	15 KB 4 KB	108ms 98ms	Stylesheet text/css	185.208.164.121 CF-GDA
General Check archive.org Show headers Download Go to Full URL https://gvuoyfsiob.cfolks.pl/ing/styles.css Requested by Host: gvuoyfsiob.cfolks.pl URL: https://gvuoyfsiob.cfolks.pl/ing/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.208.164.121 , Poland, ASN41079 (CF-GDA, PL), Reverse DNS s21.cyber-folks.pl Software LiteSpeed / Resource Hash `e008801612a41d04427fd522d313657cb123faf360e0a3821ac900c4b661f77e` Request headers accept-language es-ES,es;q=0.9 Referer https://gvuoyfsiob.cfolks.pl/ing/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 12:49:26 GMT content-encoding br last-modified Sun, 14 Jun 2020 11:12:26 GMT server LiteSpeed etag "3ab6-5ee6061a-228f643e18c9a5df;br" vary Accept-Encoding,User-Agent content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 4043 expires Fri, 02 Jun 2023 12:49:26 GMT
GET H2	200	jquery-3.5.1.min.js Show response code.jquery.com/	87 KB 30 KB	147ms 52ms	Script application/javascript	2001:4de0:ac18::1:a:1a STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.5.1.min.js Requested by Host: gvuoyfsiob.cfolks.pl URL: https://gvuoyfsiob.cfolks.pl/ing/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:1a , Netherlands, ASN20446 (STACKPATH-CDN, US), Reverse DNS Software nginx / Resource Hash `f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d` Request headers Referer https://gvuoyfsiob.cfolks.pl/ Origin https://gvuoyfsiob.cfolks.pl accept-language es-ES,es;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 12:49:26 GMT content-encoding gzip last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx etag W/"28feccc0-15d84" surrogate-control max-age=315360000;hw-h2proxy vary Accept-Encoding x-hw 1685105366.cdn4-pxy027-mad02.ma1.evs,1685105366.cds032.ma1.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000,public accept-ranges bytes content-length 30879
GET H2	200	main.js Show response gvuoyfsiob.cfolks.pl/ing/	6 KB 2 KB	106ms 97ms	Script application/javascript	185.208.164.121 CF-GDA
General Check archive.org Show headers Download Go to Full URL https://gvuoyfsiob.cfolks.pl/ing/main.js Requested by Host: gvuoyfsiob.cfolks.pl URL: https://gvuoyfsiob.cfolks.pl/ing/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.208.164.121 , Poland, ASN41079 (CF-GDA, PL), Reverse DNS s21.cyber-folks.pl Software LiteSpeed / Resource Hash `67db6306e67299fb89ef09489bd0a4be9ba0aa7a027eb7a0efb28b8dd8fd44b5` Request headers accept-language es-ES,es;q=0.9 Referer https://gvuoyfsiob.cfolks.pl/ing/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 12:49:26 GMT content-encoding br last-modified Fri, 26 May 2023 11:31:56 GMT server LiteSpeed etag "19e6-647098ac-b97c2dd45b229399;br" vary Accept-Encoding,User-Agent content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes content-length 1640 expires Fri, 02 Jun 2023 12:49:26 GMT
GET H2	200	ing-lion-reversed.svg gvuoyfsiob.cfolks.pl/ing/	27 KB 12 KB	107ms 106ms	Image image/svg+xml	185.208.164.121 CF-GDA
General Check archive.org Show headers Download Go to Show image Full URL https://gvuoyfsiob.cfolks.pl/ing/ing-lion-reversed.svg Requested by Host: gvuoyfsiob.cfolks.pl URL: https://gvuoyfsiob.cfolks.pl/ing/styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.208.164.121 , Poland, ASN41079 (CF-GDA, PL), Reverse DNS s21.cyber-folks.pl Software LiteSpeed / Resource Hash `6b3c4d3e255d73ca9e57959f5860c8357dbfad51249a6ee5a969c0d75f38f462` Request headers accept-language es-ES,es;q=0.9 Referer https://gvuoyfsiob.cfolks.pl/ing/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 12:49:26 GMT content-encoding br last-modified Thu, 04 Jun 2020 23:09:16 GMT server LiteSpeed etag "6c45-5ed97f1c-f70e8e77f74da35c;br" vary Accept-Encoding,User-Agent content-type image/svg+xml cache-control public, max-age=604800 accept-ranges bytes content-length 12377 expires Fri, 02 Jun 2023 12:49:26 GMT
GET H/1.1	404 Not Found	logoING.svg ing.ingdirect.es/app-login/assets/images/svg/	22 B 22 B	344ms 170ms	Image text/html	193.41.234.21 ING-DIRECT-SPAIN
General Check archive.org Show headers Download Go to Show image Full URL https://ing.ingdirect.es/app-login/assets/images/svg/logoING.svg Requested by Host: gvuoyfsiob.cfolks.pl URL: https://gvuoyfsiob.cfolks.pl/ing/styles.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 193.41.234.21 , Spain, ASN16289 (ING-DIRECT-SPAIN, ES), Reverse DNS Software / Resource Hash `e9e18797898538013a66ff759d88668598c674e0e5b6d1873c404a549640617d` Request headers accept-language es-ES,es;q=0.9 Referer https://gvuoyfsiob.cfolks.pl/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Fri, 26 May 2023 12:49:26 GMT Connection keep-alive Content-Length 22 x-pool-ipc dfwg Content-Type text/html
GET H2	200	INGMeWeb-Regular.woff2 gvuoyfsiob.cfolks.pl/ing/font/	29 KB 29 KB	140ms 140ms	Font font/woff2	185.208.164.121 CF-GDA
General Check archive.org Show headers Download Go to Full URL https://gvuoyfsiob.cfolks.pl/ing/font/INGMeWeb-Regular.woff2 Requested by Host: gvuoyfsiob.cfolks.pl URL: https://gvuoyfsiob.cfolks.pl/ing/styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.208.164.121 , Poland, ASN41079 (CF-GDA, PL), Reverse DNS s21.cyber-folks.pl Software LiteSpeed / Resource Hash `f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155` Request headers Referer https://gvuoyfsiob.cfolks.pl/ing/styles.css Origin https://gvuoyfsiob.cfolks.pl accept-language es-ES,es;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 12:49:26 GMT last-modified Thu, 04 Jun 2020 23:04:44 GMT server LiteSpeed etag "73b0-5ed97e0c-bdaf1792552cb3a9;;;" vary User-Agent content-type font/woff2 cache-control public, max-age=604800 accept-ranges bytes content-length 29616 expires Fri, 02 Jun 2023 12:49:26 GMT
GET H2	200	INGMeWeb-Bold.woff2 gvuoyfsiob.cfolks.pl/ing/font/	30 KB 30 KB	227ms 227ms	Font font/woff2	185.208.164.121 CF-GDA
General Check archive.org Show headers Download Go to Full URL https://gvuoyfsiob.cfolks.pl/ing/font/INGMeWeb-Bold.woff2 Requested by Host: gvuoyfsiob.cfolks.pl URL: https://gvuoyfsiob.cfolks.pl/ing/styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.208.164.121 , Poland, ASN41079 (CF-GDA, PL), Reverse DNS s21.cyber-folks.pl Software LiteSpeed / Resource Hash `3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e` Request headers Referer https://gvuoyfsiob.cfolks.pl/ing/styles.css Origin https://gvuoyfsiob.cfolks.pl accept-language es-ES,es;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 12:49:26 GMT last-modified Thu, 04 Jun 2020 23:04:44 GMT server LiteSpeed etag "76f8-5ed97e0c-f8087fa73056ba2f;;;" vary User-Agent content-type font/woff2 cache-control public, max-age=604800 accept-ranges bytes content-length 30456 expires Fri, 02 Jun 2023 12:49:26 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery function| isValidDate

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bing.com/	1969-12-31 23:59:59	Name: _EDGE_S Value: F=1&SID=01DB25E1FA5568C21E2636FCFB2269E2
.bing.com/	1970-01-20 21:26:41	Name: _EDGE_V Value: 1
.bing.com/	1970-01-20 21:26:41	Name: MUID Value: 2A65D991D4C0679409FECA8CD5B7667B

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://ing.ingdirect.es/app-login/assets/images/svg/logoING.svg Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
gvuoyfsiob.cfolks.pl
ing.ingdirect.es
ingclientes.detailwatch.online
www.bing.com
185.208.164.121
193.41.234.21
2001:4de0:ac18::1:a:1a
2a02:26f0:480:22::1726:62db
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
67db6306e67299fb89ef09489bd0a4be9ba0aa7a027eb7a0efb28b8dd8fd44b5
6b3c4d3e255d73ca9e57959f5860c8357dbfad51249a6ee5a969c0d75f38f462
b1c6b16c89f0c078a7fd7e693f566c2aea0d72f6417ca29f76ad79d93744bb69
e008801612a41d04427fd522d313657cb123faf360e0a3821ac900c4b661f77e
e9e18797898538013a66ff759d88668598c674e0e5b6d1873c404a549640617d
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

gvuoyfsiob.cfolks.pl Open in urlscan Pro 185.208.164.121 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

50 %IPv6

5 Domains

5 Subdomains

4 IPs

4 Countries

113 kBTransfer

213 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

3 Cookies

1 Console Messages

Indicators

gvuoyfsiob.cfolks.pl Open in urlscan Pro
185.208.164.121 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

50 %
IPv6

5
Domains

5
Subdomains

4
IPs

4
Countries

113 kB
Transfer

213 kB
Size

3
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!