account.herephyshy.info Open in urlscan Pro
2606:4700:3034::6815:96f  Malicious Activity! Public Scan

Submitted URL: http://account.herephyshy.info/
Effective URL: https://account.herephyshy.info/
Submission: On July 24 via api from US

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 12 HTTP transactions. The main IP is 2606:4700:3034::6815:96f, located in United States and belongs to CLOUDFLARENET, US. The main domain is account.herephyshy.info.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 22nd 2021. Valid for: a year.
This is the only time account.herephyshy.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

IP Address AS Autonomous System
1 2 2606:4700:303... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
12 4
Apex Domain
Subdomains
Transfer
5 gstatic.com
fonts.gstatic.com
ssl.gstatic.com
57 KB
2 herephyshy.info
account.herephyshy.info
445 KB
0 Failed
function sub() { [native code] }. Failed
12 3
Domain Requested by
3 fonts.gstatic.com account.herephyshy.info
2 ssl.gstatic.com
2 account.herephyshy.info 1 redirects
0 play.- Failed
12 4

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-01-22 -
2022-01-21
a year crt.sh
*.gstatic.com
GTS CA 1C3
2021-06-28 -
2021-09-20
3 months crt.sh

This page contains 1 frames:

Primary Page: https://account.herephyshy.info/
Frame ID: 4DB2D4285EE61A7D364AADB465A45B23
Requests: 13 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://account.herephyshy.info/ HTTP 301
    https://account.herephyshy.info/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

12
Requests

50 %
HTTPS

100 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

501 kB
Transfer

1606 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://account.herephyshy.info/ HTTP 301
    https://account.herephyshy.info/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
account.herephyshy.info/
Redirect Chain
  • http://account.herephyshy.info/
  • https://account.herephyshy.info/
2 MB
444 KB
Document
General
Full URL
https://account.herephyshy.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe77e770963b7bd126fe6a751bc7802fc2e457c16e484c4b474dab6584340b55

Request headers

:method
GET
:authority
account.herephyshy.info
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 24 Jul 2021 16:13:11 GMT
content-type
text/html; charset=utf-8
last-modified
Sat, 23 Jan 2021 17:46:37 GMT
access-control-allow-origin
*
expires
Sat, 24 Jul 2021 16:10:27 GMT
cache-control
max-age=600
x-proxy-cache
MISS
x-github-request-id
4520:D9C9:1B2142D:1C1E7D3:60FC391B
via
1.1 varnish
age
0
x-served-by
cache-fra19132-FRA
x-cache
MISS
x-cache-hits
0
x-timer
S1627143191.327034,VS0,VE87
vary
Accept-Encoding
x-fastly-request-id
13cbe26548be8eccbd24b6bc59a5c14d8a0c4489
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zlvmy3%2FVVtaug6c0P87%2F6wUKMpvgZargttBAftBpKdoP7Okj0iq8jwlfkKg4MtLhGRWham7QzAVdGeQstEFCr9XVvoMufU6XmXVaXNJttv4YaV4NAtODgy4cXRwvbFzSN%2Buv3i9wdVo%2Fj60TQILA5aBUibrTqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
673e6f31bdcf05d0-FRA
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

Date
Sat, 24 Jul 2021 16:13:11 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
max-age=3600
Expires
Sat, 24 Jul 2021 17:13:11 GMT
Location
https://account.herephyshy.info/
cf-request-id
0b7ae3d2e700004e9752a9e000000001
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tUKVgjm5vzHVzp0umquiio0WYWYbiRloJsdsw7RNgYRe8q2TgS7AXdwaqfnsaw6br66CJPo1L1riVtEbEYMy1pXcmrQg4Iq3QKAJnz9XHJTzEUnoWoE%2Bas7WbZYvd38riu1%2B0z%2FeAsTLJVLmmsRSrKEr%2FHMnPA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL
{"report_to":"cf-nel","max_age":604800}
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
673e6f317e1b4e97-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
truncated
/
267 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=UTF-8
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v14/
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
Requested by
Host: account.herephyshy.info
URL: https://account.herephyshy.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://account.herephyshy.info
Referer
https://account.herephyshy.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 20 Jul 2021 04:42:04 GMT
x-content-type-options
nosniff
age
387067
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21464
x-xss-protection
0
last-modified
Mon, 22 Apr 2019 23:42:59 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 20 Jul 2022 04:42:04 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: account.herephyshy.info
URL: https://account.herephyshy.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://account.herephyshy.info
Referer
https://account.herephyshy.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 19 Jul 2021 21:27:21 GMT
x-content-type-options
nosniff
age
413150
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 19 Jul 2022 21:27:21 GMT
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v14/
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
Requested by
Host: account.herephyshy.info
URL: https://account.herephyshy.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://account.herephyshy.info
Referer
https://account.herephyshy.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 20 Jul 2021 01:25:17 GMT
x-content-type-options
nosniff
age
398874
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21700
x-xss-protection
0
last-modified
Mon, 22 Apr 2019 23:43:33 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 20 Jul 2022 01:25:17 GMT
m=NpD4ec,SF3gsd,YLQSd,lCVo3d,o02Jie,rHjpXd,pB6Zqd,QLpTOd,oWOlDb,n73qwf,MpJwZc,bIf8i,omf1Od,zbML3c,zy0vNb,K0PMbc,otPmVb,rlNAl
ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.GR-XoYWnyYo.O/am=LwAAdiADNOAHAALMAwAAAAAAAAAMIBPKMkp9rfD-JQ/d=0/ct=zgms/rs=ABkqax20GPsfxtU0nM-YtQwAZU7tQLrO5w/
0
0
Script
General
Full URL
https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.GR-XoYWnyYo.O/am=LwAAdiADNOAHAALMAwAAAAAAAAAMIBPKMkp9rfD-JQ/d=0/ct=zgms/rs=ABkqax20GPsfxtU0nM-YtQwAZU7tQLrO5w/m=NpD4ec,SF3gsd,YLQSd,lCVo3d,o02Jie,rHjpXd,pB6Zqd,QLpTOd,oWOlDb,n73qwf,MpJwZc,bIf8i,omf1Od,zbML3c,zy0vNb,K0PMbc,otPmVb,rlNAl
Requested by
Host:
URL: /accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.GR-XoYWnyYo.O/am=LwAAdiADNOAHAALMAwAAAAAAAAAMIBPKMkp9rfD-JQ/d=1/ct=zgms/rs=ABkqax20GPsfxtU0nM-YtQwAZU7tQLrO5w/m=glifb,identifier_view,unknownerror_view
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://account.herephyshy.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

log
play.-/
0
0

log
play.-/
0
0

log
play.-/
0
0

log
play.-/
0
0

log
play.-/
0
0

m=NpD4ec,SF3gsd,YLQSd,lCVo3d,o02Jie,rHjpXd,pB6Zqd,QLpTOd,oWOlDb,n73qwf,MpJwZc,bIf8i,omf1Od,zbML3c,zy0vNb,K0PMbc,otPmVb,rlNAl
ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.GR-XoYWnyYo.O/am=LwAAdiADNOAHAALMAwAAAAAAAAAMIBPKMkp9rfD-JQ/d=0/ct=zgms/rs=ABkqax20GPsfxtU0nM-YtQwAZU7tQLrO5w/
0
0
Script
General
Full URL
https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.GR-XoYWnyYo.O/am=LwAAdiADNOAHAALMAwAAAAAAAAAMIBPKMkp9rfD-JQ/d=0/ct=zgms/rs=ABkqax20GPsfxtU0nM-YtQwAZU7tQLrO5w/m=NpD4ec,SF3gsd,YLQSd,lCVo3d,o02Jie,rHjpXd,pB6Zqd,QLpTOd,oWOlDb,n73qwf,MpJwZc,bIf8i,omf1Od,zbML3c,zy0vNb,K0PMbc,otPmVb,rlNAl
Requested by
Host:
URL: /accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.GR-XoYWnyYo.O/am=LwAAdiADNOAHAALMAwAAAAAAAAAMIBPKMkp9rfD-JQ/d=1/ct=zgms/rs=ABkqax20GPsfxtU0nM-YtQwAZU7tQLrO5w/m=glifb,identifier_view,unknownerror_view
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://account.herephyshy.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

log
play.-/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
play.-
URL
https://play.-/log?format=json&hasfast=true
Domain
play.-
URL
https://play.-/log?format=json&hasfast=true
Domain
play.-
URL
https://play.-/log?format=json&hasfast=true
Domain
play.-
URL
https://play.-/log?format=json&hasfast=true
Domain
play.-
URL
https://play.-/log?format=json&hasfast=true
Domain
play.-
URL
https://play.-/log?format=json&hasfast=true

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| WIZ_global_data function| redirect object| botguard string| viewPathPrefix boolean| cssLoaded object| _G object| postmessage function| _F_getAverageFps function| _DumpException function| _B_err object| closure_lm_729955 function| AF_initDataInitializeCallback function| AF_initDataCallback object| ID_wizbind function| wiz_progress object| AF_initDataKeys object| AF_dataServiceRequests object| AF_initDataChunkQueue number| closure_uid_336579727 function| onSmsReceived function| setSkUiEvent function| setFido2SkUiEvent function| onFetchPhoneNumberInfo boolean| ly11Pc function| onAccountAdd

0 Cookies