account.herephyshy.info
Open in
urlscan Pro
2606:4700:3034::6815:96f
Malicious Activity!
Public Scan
Effective URL: https://account.herephyshy.info/
Submission: On July 24 via api from US
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 22nd 2021. Valid for: a year.
This is the only time account.herephyshy.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 2606:4700:303... 2606:4700:3034::6815:96f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2a00:1450:400... 2a00:1450:4001:812::2003 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:802::2003 | 15169 (GOOGLE) (GOOGLE) | |
12 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
gstatic.com
fonts.gstatic.com ssl.gstatic.com |
57 KB |
2 |
herephyshy.info
1 redirects
account.herephyshy.info |
445 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
12 | 3 |
Domain | Requested by | |
---|---|---|
3 | fonts.gstatic.com |
account.herephyshy.info
|
2 | ssl.gstatic.com | |
2 | account.herephyshy.info | 1 redirects |
0 | play.- Failed | |
12 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-01-22 - 2022-01-21 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-06-28 - 2021-09-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://account.herephyshy.info/
Frame ID: 4DB2D4285EE61A7D364AADB465A45B23
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://account.herephyshy.info/
HTTP 301
https://account.herephyshy.info/ Page URL
Detected technologies
Varnish (Cache Tools) ExpandDetected patterns
- headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://account.herephyshy.info/
HTTP 301
https://account.herephyshy.info/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
account.herephyshy.info/ Redirect Chain
|
2 MB 444 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
267 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v14/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v14/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=NpD4ec,SF3gsd,YLQSd,lCVo3d,o02Jie,rHjpXd,pB6Zqd,QLpTOd,oWOlDb,n73qwf,MpJwZc,bIf8i,omf1Od,zbML3c,zy0vNb,K0PMbc,otPmVb,rlNAl
ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.GR-XoYWnyYo.O/am=LwAAdiADNOAHAALMAwAAAAAAAAAMIBPKMkp9rfD-JQ/d=0/ct=zgms/rs=ABkqax20GPsfxtU0nM-YtQwAZU7tQLrO5w/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
log
play.-/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
log
play.-/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
log
play.-/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
log
play.-/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
log
play.-/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
m=NpD4ec,SF3gsd,YLQSd,lCVo3d,o02Jie,rHjpXd,pB6Zqd,QLpTOd,oWOlDb,n73qwf,MpJwZc,bIf8i,omf1Od,zbML3c,zy0vNb,K0PMbc,otPmVb,rlNAl
ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.GR-XoYWnyYo.O/am=LwAAdiADNOAHAALMAwAAAAAAAAAMIBPKMkp9rfD-JQ/d=0/ct=zgms/rs=ABkqax20GPsfxtU0nM-YtQwAZU7tQLrO5w/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
log
play.-/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- play.-
- URL
- https://play.-/log?format=json&hasfast=true
- Domain
- play.-
- URL
- https://play.-/log?format=json&hasfast=true
- Domain
- play.-
- URL
- https://play.-/log?format=json&hasfast=true
- Domain
- play.-
- URL
- https://play.-/log?format=json&hasfast=true
- Domain
- play.-
- URL
- https://play.-/log?format=json&hasfast=true
- Domain
- play.-
- URL
- https://play.-/log?format=json&hasfast=true
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)36 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| WIZ_global_data function| redirect object| botguard string| viewPathPrefix boolean| cssLoaded object| _G object| postmessage function| _F_getAverageFps function| _DumpException function| _B_err object| closure_lm_729955 function| AF_initDataInitializeCallback function| AF_initDataCallback object| ID_wizbind function| wiz_progress object| AF_initDataKeys object| AF_dataServiceRequests object| AF_initDataChunkQueue number| closure_uid_336579727 function| onSmsReceived function| setSkUiEvent function| setFido2SkUiEvent function| onFetchPhoneNumberInfo boolean| ly11Pc function| onAccountAdd0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
account.herephyshy.info
fonts.gstatic.com
play.-
ssl.gstatic.com
play.-
2606:4700:3034::6815:96f
2a00:1450:4001:802::2003
2a00:1450:4001:812::2003
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
fe77e770963b7bd126fe6a751bc7802fc2e457c16e484c4b474dab6584340b55