xzangoo.ru Open in urlscan Pro
2606:4700:3031::6815:3154 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://xzangoo.ru/web?__cf_chl_f_tk=0yomypawizz7qabvw.4ukx0shlynu4br_vvrtujhcgy-1669913945-0-ganycgzna2u&entity=60865
Effective URL:
https://xzangoo.ru/web/L-1666129700634f1f24de20b
Submission: On December 08 via manual (December 8th 2022, 5:49:13 pm UTC) from IN — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3031::6815:3154, located in United States and belongs to CLOUDFLARENET, US. The main domain is xzangoo.ru.
TLS certificate: Issued by E1 on November 12th 2022. Valid for: 3 months.

This is the only time xzangoo.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

	IP Address		AS Autonomous System
3 19	2606:4700:303... 2606:4700:3031::6815:3154		13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	1

19 2606:4700:3031::6815:3154 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

xzangoo.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	xzangoo.ru 3 redirects xzangoo.ru	274 KB
16	1

	Domain	Requested by
19	xzangoo.ru	3 redirects xzangoo.ru
16	1

This site contains no links.

Subject Issuer	Validity	Valid
*.xzangoo.ru E1	`2022-11-12` - `2023-02-10`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://xzangoo.ru/web/L-1666129700634f1f24de20b
Frame ID: 3DDFB3F5445A3847477F028CA63AC65C
Requests: 13 HTTP requests in this frame

Frame: https://xzangoo.ru/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1670515200
Frame ID: 07B06916AD982C5A5E25CC9A7DAB69C7
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

bce90a4f0e7f777a0cf2dc3a2b5670a650be80f9

Page URL History Show full URLs

http://xzangoo.ru/web?__cf_chl_f_tk=0yomypawizz7qabvw.4ukx0shlynu4br_vvrtujhcgy-1669913945-0-g... HTTP 301
https://xzangoo.ru/web?entity=60865 HTTP 301
https://xzangoo.ru/web/?entity=60865 HTTP 302
https://xzangoo.ru/web/L-1666129700634f1f24de20b Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

273 kB
Transfer

828 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://xzangoo.ru/web?__cf_chl_f_tk=0yomypawizz7qabvw.4ukx0shlynu4br_vvrtujhcgy-1669913945-0-ganycgzna2u&entity=60865 HTTP 301
https://xzangoo.ru/web?entity=60865 HTTP 301
https://xzangoo.ru/web/?entity=60865 HTTP 302
https://xzangoo.ru/web/L-1666129700634f1f24de20b Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request L-1666129700634f1f24de20b Show response xzangoo.ru/web/ Redirect Chain http://xzangoo.ru/web?__cf_chl_f_tk=0yomypawizz7qabvw.4ukx0shlynu4br_vvrtujhcgy-1669913945-0-ganycgzna2u&entity=60865 https://xzangoo.ru/web?entity=60865 https://xzangoo.ru/web/?entity=60865 https://xzangoo.ru/web/L-1666129700634f1f24de20b	7 KB 3 KB	263ms 262ms	Document text/html	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2bdb4fa772bad23aff146885ad23351b5c46a5f3ef4fad42a5ee2cbe10b5a876` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 776755ff6c1690b8-FRA content-encoding br content-type text/html; charset=UTF-8 date Thu, 08 Dec 2022 17:49:08 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KfN5geFoFfxsDoTK7rnmJBt0tYjSM7a5%2FsWvbwWqfmYiP0ADkhRouElcIzu4ouliB6Qia3jFgbmNy%2FopV0hC9q2rPeQ0fkY1wZlZDvKyWiHPdxoc%2FdWioTH6XSZpZqtuBlBEwye%2B%2FEXF"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 776755fe5e25918e-FRA content-type text/html; charset=UTF-8 date Thu, 08 Dec 2022 17:49:08 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location L-1666129700634f1f24de20b nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OnTDcvKIEZDIKn2iOv7%2B3aSRyUwgB1ERnrZwvHquIG69AESDc6bB4O0uNyDcdtjGPJPz8KhGfUwoeb01Dz93HnCIB5917HiYVsfFMVwrvstMesaN3zfYJegjWL6nCFo%2FTkaZdNy%2F%2Bw01"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H3	200	styles.css xzangoo.ru/web/assets/css/	438 KB 64 KB	76ms 74ms	Stylesheet text/css	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/css/styles.css Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `509d5ca04b18cfe2f9d45d9490d0316d16b3b1faf8b3d51b591ce7fefcde616e` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 17:49:08 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4814 cf-polished origSize=522808 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-bgj minify last-modified Thu, 20 Oct 2022 17:01:40 GMT server cloudflare etag W/"7fa38-63517ef4-380242;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mmUHGs3ZI5TIriNkMWgPnv4QT1WaPtS88zxLmXLL29CIhQLQ6vlWZS%2FCXD%2FWnth86zopAFLHjmoX570uYRVE38Oj3l1PJ4S70a7U%2B50%2FXrNYQHNk6nhmoaCEm2%2FQOVTG%2BAIYzc4uE4g2"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 776756011e5090b8-FRA expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	jquery.min.js Show response xzangoo.ru/web/assets/js/	87 KB 32 KB	159ms 158ms	Script application/x-javascript	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/js/jquery.min.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 17:49:08 GMT content-encoding br cf-cache-status HIT last-modified Thu, 20 Oct 2022 17:01:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 4814 etag W/"15d84-63517ef6-38027d;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=atwamcYIT%2B5TktxolLuHkO1pH0kVqgkqIlfTljFJGKJEEzTPbFrvy8oIR9xQJZu7JN2sj7BVtP94bC%2FzTMhOINgyVWBA0iB4jF4Biw7bXBZzPPKbBz1YKmAGFKAOes0L7B8MBAVoSY9Y"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=604800 cf-ray 776756011e5690b8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	jquery.mask.js Show response xzangoo.ru/web/assets/js/	9 KB 4 KB	181ms 179ms	Script application/x-javascript	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/js/jquery.mask.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `01a36edc2d54892ba70d1a542092074e783410e0f9cc19a18253fe63a1b86b43` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 17:49:08 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4814 cf-polished origSize=20120 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-bgj minify last-modified Thu, 20 Oct 2022 17:01:42 GMT server cloudflare etag W/"4e98-63517ef6-38027b;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CxMZFhYljixfJzi8VPFnG1duNSXR0cI5iPcRA18J0xVxKggYNCjvsi3Mmqq5%2BdXg14vCE0K2bY6X1oCnognU6HGqnIHCfE%2BWnpyNLt4D951XRlWKlFFS3Jof7xZ%2BhhgKnQDeFu6hqIdX"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=604800 cf-ray 776756011e5790b8-FRA expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	jquery.inputmask.bundle.min.js Show response xzangoo.ru/web/assets/js/	116 KB 29 KB	107ms 106ms	Script application/x-javascript	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/js/jquery.inputmask.bundle.min.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3b8af6338a757717d51602afc0adb70f545075353c001948062afd6863fe2896` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 17:49:08 GMT content-encoding br cf-cache-status HIT last-modified Thu, 20 Oct 2022 17:01:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 4814 etag W/"1ce80-63517ef6-380279;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ITY2Wbuskexqtj7MIgxt9oMCyI2MyN%2FBf0T5iVKVHutw%2B0BJ%2BcCR5EzCYBJyC3NX%2FvswFoBycF3ntS4SjpRa%2FttYtdXFjIbB6HRpcUgpdhLoxCkhOU%2Bya0Ka7WuVnLkXuKEuLo7rwAf"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=604800 cf-ray 776756011e5a90b8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	b_rgb.png xzangoo.ru/web/assets/img/	38 KB 39 KB	68ms 67ms	Image image/png	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/b_rgb.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 17:49:08 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4814 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 39422 last-modified Thu, 20 Oct 2022 17:01:40 GMT server cloudflare etag "99fe-63517ef4-380255;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EBJWrWO8QsiVY%2Bn8S%2FFhoOfroCUgw3VbKmzXumdqV3W0YKUtXUPgDDT5YpczaQzok9vvJxb8s81kyLpbQ86ijKMUeCY%2BrTGFjrcBhVo0e4s%2FFyhBRozuXIUUH42HGhHgeecFEWs6Suc4"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 77675602581c90b8-FRA expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	m_l.png xzangoo.ru/web/assets/img/	19 KB 19 KB	69ms 69ms	Image image/png	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/m_l.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 17:49:08 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4814 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 19167 last-modified Thu, 20 Oct 2022 17:01:40 GMT server cloudflare etag "4adf-63517ef4-38026a;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=np3zxYLsu0EVQS0Ck7Dh3Zc4xveQpyMYHsgzkImAJ9O3%2Fq76E%2FDRmwlizVFcLzFmsOw1QFY5dzCITEusQAX1EEc%2BIKpYZ6%2BQYEz4MiZp5D07rnHXJ0nsJd1fr%2BIsNKt2mJdZOl746MCB"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 77675602683090b8-FRA expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	Pc.js Show response xzangoo.ru/web/assets/js/	3 KB 1 KB	64ms 63ms	Script application/x-javascript	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/js/Pc.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `bf4d619085082575da0a0c3fe947efade853bd1a77f75027df57249da2bc289b` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 17:49:08 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4814 cf-polished origSize=4674 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-bgj minify last-modified Thu, 20 Oct 2022 17:01:42 GMT server cloudflare etag W/"1242-63517ef6-380282;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ecjyQSniDj%2FIRBFpv4%2FZ7N0qFsVTqqFaaldFlg7boQr3lSebbyzsJJSza1IeoPKjlzwvVKGT%2FuTrRE47bx%2FghP1feNX5vTeH0hQrRerX2M0Dwlz6v4AzHn9dUfJVfbGcKI%2BrUcYUHalD"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=604800 cf-ray 77675602581a90b8-FRA expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	fsd-secure-esp-sprite.png xzangoo.ru/web/assets/img/	473 B 995 B	68ms 68ms	Image image/png	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/fsd-secure-esp-sprite.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 17:49:08 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4814 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 473 last-modified Thu, 20 Oct 2022 17:01:40 GMT server cloudflare etag "1d9-63517ef4-38025c;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wXJ4sfJxVYk7JSouGaczjEiOlBusyNmpobbjrjjmDh6VZxwTZAIbk3B8CFwB6DqG25jPKz%2F%2BydQEpqBCsL%2FdnEvvKdgTNmKxNGKoHRRmtciHywPq5I%2B4mIwOSI%2BgUyuCWYY4rboGf78h"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 77675602683490b8-FRA expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	help-qm-fsd.png xzangoo.ru/web/assets/img/	3 KB 4 KB	38ms 38ms	Image image/png	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/help-qm-fsd.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e1ac56ae25629e508f729b799d563d71920902a4cb26cf3bb602beb3e368775e` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 17:49:08 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4814 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 3220 last-modified Thu, 20 Oct 2022 17:01:40 GMT server cloudflare etag "c94-63517ef4-380261;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wqg9V41d%2B13XsJrMVYHaM%2FkFcHhRetLwe5hMtPgNvI82WBth0B7kG7jzUt6b7P0iDwFkhOAr9iPYOxdXISYhNWMbofgHm3ubjW6gPf0ob1HhpJZFbnHiLVKNg104gCZS0JzL9VnN2oYv"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 77675602783b90b8-FRA expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	sign-in-sprite.png xzangoo.ru/web/assets/img/	3 KB 4 KB	225ms 224ms	Image image/png	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/sign-in-sprite.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2a1b1589e316d02ab75481e7aa88c9975afd2e87f17982fb6d38b6ebe2425a4c` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 17:49:09 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4814 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 3119 last-modified Thu, 20 Oct 2022 17:01:40 GMT server cloudflare etag "c2f-63517ef4-38026c;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MOX0bWQ9%2BrSXPRgYKdsG324QNVLV7oIikpudaySKGIMyASg3D2uZXpVk9Ve7n8V6%2B5cMnWc%2FyXp63ydTdvgO8oaou7h9vvydONAdoXlY7VPNb49SrnXGsM%2FFlJZP2Mz0zT5Vr4KQPGlu"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 77675602784090b8-FRA expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	gfootb-static-sprite.png xzangoo.ru/web/assets/img/	48 KB 48 KB	67ms 67ms	Image image/png	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/gfootb-static-sprite.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 17:49:08 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4814 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 48667 last-modified Thu, 20 Oct 2022 17:01:40 GMT server cloudflare etag "be1b-63517ef4-38025e;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nCD2Q5mlSrJZZ9bO5tKSXOlqpBBqQhPkvwNqSxlMbCWOsPrxAtQGJZhlZ7IHNF%2ByE6pORjOFpbnoW4UUetVdbXvap8oPB1wmbAtWlAE4mxn%2F0TtC8N3vuOYpwBf%2FD28SI0G609wMWfsE"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 77675602985a90b8-FRA expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	gfoot-home-icon.png xzangoo.ru/web/assets/img/	144 B 663 B	38ms 38ms	Image image/png	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/gfoot-home-icon.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 17:49:08 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4814 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 144 last-modified Thu, 20 Oct 2022 17:01:40 GMT server cloudflare etag "90-63517ef4-38025d;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lwOTuC4jZoZN3ry565JNW%2BQi%2FI8VZ9HY5IrHhQS3B2iuSkxdvd0Ce%2BRYJrk0lQpLvS1bM4gTVgvw6JXIn%2FMnEgfMKR7uZabytUnM1HPtqb8dexTUsqYoc8fyRicMvbgZaFWhhwxO4fQC"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 77675602985c90b8-FRA expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	invisible.js Show response xzangoo.ru/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame 07B0	36 KB 15 KB	65ms 60ms	Script application/javascript	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1670515200 Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e9f3380105c01f50111f954589a39cf33adfcfcd93c1f966a2b09ef9befc8924` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 17:49:09 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZDdqe5KHXInIxDYEkrGESlObuv5nRKJsXJoCRm7a%2Fk2pKHnOT07RaNc9Q%2FYm0FA0D80cyZsdXNqW1DBG6Gfj2SHAG0u9vB%2Fb6iiL2LLZqck3U7DIsACtta5EvyQgLu%2FotRd5HWNjS%2Bxs"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 7767560308d590b8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	pica.js xzangoo.ru/cdn-cgi/challenge-platform/h/b/scripts/ Frame 07B0	20 KB 8 KB	73ms 73ms	Other application/javascript	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/cdn-cgi/challenge-platform/h/b/scripts/pica.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1764ea75289b8d39195182851e03d700b208f9785572c2ec44d3377553db9d60` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 17:49:09 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6cF8Gp5TTmalLrnkuw5m1XZCZxMLOeli5g2LOWKiY8Kr6UWLD9wCWSH4DePE6rr4jniTfVXN5UJ1IjVr1GYUAmcNm4crFGVcKzM3Ldee4BFgDZJ%2BzyuDx2nS1Kut8NtBGA552JxreKbA"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 77675603796390b8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST H3	200	776755ff6c1690b8 Show response xzangoo.ru/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 07B0	2 B 667 B	81ms 81ms	XHR text/plain	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/cdn-cgi/challenge-platform/h/b/cv/result/776755ff6c1690b8 Requested by Host: xzangoo.ru URL: https://xzangoo.ru/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1670515200 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df` Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Content-Type application/json Response headers date Thu, 08 Dec 2022 17:49:09 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zQ7ghU7Km5QKl19R7TGLyPW66KZP8PwX6NosFWeWWbR2Q9HR6%2FQ8AssHuPTChA%2F8piLFDx4NBknC9Ym7wZY6SwGfzUMk%2F29PXg1sIA8v%2FImojKxk5vawAO4KiiMh%2FY7uBdelG5e7RtHY"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 cf-ray 776756061c8d90b8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			xzangoo.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: 0iuif66mo65ud1redufsmehol8
			.xzangoo.ru/	1970-01-20 08:02:03	Name: __cf_bm Value: BZOWU7R6Anii0iCKXVYwULtqpObkur1tC.WAT_BDj74-1670521749-0-AYISdSdKUCOQw6c+2v+iBam0GbWazY3w0o+bEO5wDyeMSQO/DqIETqDrq03ZuVJri0ab68SdKwbZD2R0sfPuB3amRJnCbAf8lKHNhoM0r9IvJXyEbByZoXxy6as/UdNT7wyprIAdEgBOQNWCymnOLM8=

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b(Line 6) Message: Error parsing a meta element's content: ';' is not a valid key-value pair separator. Please use ',' instead.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

xzangoo.ru
2606:4700:3031::6815:3154
01a36edc2d54892ba70d1a542092074e783410e0f9cc19a18253fe63a1b86b43
1764ea75289b8d39195182851e03d700b208f9785572c2ec44d3377553db9d60
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2a1b1589e316d02ab75481e7aa88c9975afd2e87f17982fb6d38b6ebe2425a4c
2bdb4fa772bad23aff146885ad23351b5c46a5f3ef4fad42a5ee2cbe10b5a876
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
3b8af6338a757717d51602afc0adb70f545075353c001948062afd6863fe2896
509d5ca04b18cfe2f9d45d9490d0316d16b3b1faf8b3d51b591ce7fefcde616e
6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a
8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01
a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452
bf4d619085082575da0a0c3fe947efade853bd1a77f75027df57249da2bc289b
ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4
e1ac56ae25629e508f729b799d563d71920902a4cb26cf3bb602beb3e368775e
e9f3380105c01f50111f954589a39cf33adfcfcd93c1f966a2b09ef9befc8924
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

xzangoo.ru Open in urlscan Pro 2606:4700:3031::6815:3154 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

273 kBTransfer

828 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

xzangoo.ru Open in urlscan Pro
2606:4700:3031::6815:3154 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

273 kB
Transfer

828 kB
Size

2
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!