obzornews.pro - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 45.147.197.150, located in Ukraine and belongs to ON-LINE-DATA Server location - Netherlands, Dronten, NL. The main domain is obzornews.pro.

This is the only time obzornews.pro was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Visa (Financial)

Domain & IP information

	IP Address	AS Autonomous System
3 8	45.147.197.150 45.147.197.150	204601 (ON-LINE-D...) (ON-LINE-DATA Server location - Netherlands)
2	185.129.100.100 185.129.100.100	57724 (DDOS-GUARD) (DDOS-GUARD)
7	2

8 45.147.197.150 (Ukraine) 3 redirects

ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL)
PTR: s23.server-panel.net

obzornews.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.129.100.100 (Russian Federation)

ASN57724 (DDOS-GUARD, RU)
PTR: ddos-guard.net

check.ddos-guard.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	obzornews.pro 3 redirects obzornews.pro	11 KB
2	ddos-guard.net check.ddos-guard.net	741 B
7	2

	Domain	Requested by
8	obzornews.pro	3 redirects obzornews.pro
2	check.ddos-guard.net	obzornews.pro
7	2

This site contains no links.

Subject Issuer	Validity	Valid
*.ddos-guard.net Sectigo RSA Domain Validation Secure Server CA	`2021-06-30` - `2022-07-31`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php
Frame ID: D2C32C12F3649957EE45C615D08B73D8
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://obzornews.pro/wp-content/themes/06/Visa.co.jp/ HTTP 302
http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca?cmd=_identi... HTTP 301
http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/?cmd=_ident... HTTP 302
http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php Page URL

Page Statistics

7
Requests

29 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

10 kB
Transfer

11 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://obzornews.pro/wp-content/themes/06/Visa.co.jp/ HTTP 302
http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca?cmd=_identifier_Demarrer_ID=4223329370499+_TIme:Tue,Jul,06,2021-2:59am HTTP 301
http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/?cmd=_identifier_Demarrer_ID=4223329370499+_TIme:Tue,Jul,06,2021-2:59am HTTP 302
http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request access.php Show response obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/ Redirect Chain http://obzornews.pro/wp-content/themes/06/Visa.co.jp/ http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca?cmd=_identifier_Demarrer_ID=4223329370499+_TIme:Tue,Jul,06,2021-2:59am http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/?cmd=_identifier_Demarrer_ID=4223329370499+_TIme:Tue,Jul,06,2021-2:59am http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php	4 KB 2 KB	132ms 131ms	Document text/html	45.147.197.150 Netherlands
General Check archive.org Show headers Download Go to Full URL http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php Protocol HTTP/1.1 Server 45.147.197.150 , Ukraine, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS s23.server-panel.net Software ddos-guard / PHP/7.4.5 Resource Hash `2193b77bfd742c5c5b984a9ad4c0b1fe9ed4ad1423cd00f32dd69f68ea907a01` Request headers Host obzornews.pro Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Cookie __ddg1=BImOgjeiZYzTORGSzm4o; PHPSESSID=12567860fddb23a27e35b3d5ada630c4 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Server ddos-guard Connection keep-alive Keep-Alive timeout=60 Date Tue, 06 Jul 2021 00:59:42 GMT Content-Type text/html; charset=UTF-8 X-Powered-By PHP/7.4.5 Vary Accept-Encoding Referrer-Policy no-referrer-when-downgrade Content-Encoding gzip Transfer-Encoding chunked Redirect headers Server ddos-guard Connection keep-alive Keep-Alive timeout=60 Date Tue, 06 Jul 2021 00:59:42 GMT Content-Type text/html; charset=UTF-8 X-Powered-By PHP/7.4.5 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Set-Cookie PHPSESSID=12567860fddb23a27e35b3d5ada630c4; path=/ Location access.php Referrer-Policy no-referrer-when-downgrade Content-Encoding gzip Vary Accept-Encoding Transfer-Encoding chunked
GET H2	200	check.js Show response check.ddos-guard.net/	152 B 489 B	102ms 33ms	Script application/javascript	185.129.100.100 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL https://check.ddos-guard.net/check.js Requested by Host: obzornews.pro URL: http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.129.100.100 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software ddos-guard / Resource Hash `80200cf887f4d8e09f13ddfd6365bbd6869ca6622e448668ce9d1cc8c6aadfd7` Request headers Referer http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Jul 2021 00:59:41 GMT last-modified Thu, 01 Jan 1970 00:00:00 GMT server ddos-guard etag 7sV2f4OilfE1emyg p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" cache-control private, s-maxage=0, max-age=31536000 content-type application/javascript content-length 152 expires Wed, 06 Jul 2022 00:59:41 GMT
GET H/1.1	200 OK	association_logo.png obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/Document_files/	3 KB 3 KB	47ms 46ms	Image image/png	45.147.197.150 Netherlands
General Check archive.org Show headers Download Go to Show image Full URL http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/Document_files/association_logo.png Requested by Host: obzornews.pro URL: http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php Protocol HTTP/1.1 Server 45.147.197.150 , Ukraine, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS s23.server-panel.net Software ddos-guard / Resource Hash `c9953101beaf3aa72e1abcdfafe3dfdbcc73bf08817968ccd112008facaaa5f6` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host obzornews.pro Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Referer* http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php Cookie __ddg1=BImOgjeiZYzTORGSzm4o; PHPSESSID=12567860fddb23a27e35b3d5ada630c4 Connection keep-alive Cache-Control no-cache Referer http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 06 Jul 2021 00:59:42 GMT Last-Modified Tue, 06 Jul 2021 00:59:41 GMT Server ddos-guard Age 0 ETag "60e3aafd-c7e" Content-Type image/png Connection keep-alive Accept-Ranges bytes x-ddg-cachegen 1617709427 Keep-Alive timeout=60 Content-Length 3198
GET H/1.1	200 OK	cv.png obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/	3 KB 3 KB	68ms 57ms	Image image/png	45.147.197.150 Netherlands
General Check archive.org Show headers Download Go to Show image Full URL http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/cv.png Requested by Host: obzornews.pro URL: http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php Protocol HTTP/1.1 Server 45.147.197.150 , Ukraine, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS s23.server-panel.net Software ddos-guard / Resource Hash `f3e6a952bc9fced2d4ffe5ab311ee446c1a9c857e730599f7ed8a5c7d7d279c6` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host obzornews.pro Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Referer* http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php Cookie __ddg1=BImOgjeiZYzTORGSzm4o; PHPSESSID=12567860fddb23a27e35b3d5ada630c4 Connection keep-alive Cache-Control no-cache Referer http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 06 Jul 2021 00:59:42 GMT Last-Modified Tue, 06 Jul 2021 00:59:41 GMT Server ddos-guard Age 0 ETag "60e3aafd-bb0" Content-Type image/png Connection keep-alive Accept-Ranges bytes x-ddg-cachegen 1617709427 Keep-Alive timeout=60 Content-Length 2992
GET H/1.1	404 Not Found	captcha.js obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/Document_file/	0 0	79ms 68ms	Script text/html	45.147.197.150 Netherlands
General Check archive.org Show headers Download Go to Full URL http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/Document_file/captcha.js Requested by Host: obzornews.pro URL: http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php Protocol HTTP/1.1 Server 45.147.197.150 , Ukraine, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS s23.server-panel.net Software ddos-guard / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host obzornews.pro Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept / Referer http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php Cookie __ddg1=BImOgjeiZYzTORGSzm4o; PHPSESSID=12567860fddb23a27e35b3d5ada630c4 Connection keep-alive Cache-Control no-cache Referer http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 06 Jul 2021 00:59:42 GMT Content-Encoding gzip Server ddos-guard Age 0 x-ddg-cachegen 1617709427 Vary Accept-Encoding Content-Type text/html; charset=iso-8859-1 Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=60
GET H/1.1	200 Ok	Cookie set 7sV2f4OilfE1emyg obzornews.pro/.well-known/ddos-guard/id/	68 B 418 B	34ms 34ms	Image image/png	45.147.197.150 Netherlands
General Check archive.org Show headers Download Go to Show image Full URL http://obzornews.pro/.well-known/ddos-guard/id/7sV2f4OilfE1emyg Requested by Host: obzornews.pro URL: http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php Protocol HTTP/1.1 Server 45.147.197.150 , Ukraine, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS s23.server-panel.net Software ddos-guard / Resource Hash `f309b7c03d9cae63a9bedbee6ed655f3dbcdb194132943639344dead5f3b9710` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host obzornews.pro Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Referer* http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php Cookie __ddg1=BImOgjeiZYzTORGSzm4o; PHPSESSID=12567860fddb23a27e35b3d5ada630c4 Connection keep-alive Cache-Control no-cache Referer http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 06 Jul 2021 00:59:42 GMT Server ddos-guard Content-Type image/png Set-Cookie __ddg2=7sV2f4OilfE1emyg; Domain=obzornews.pro; Path=/; HttpOnly; Expires=Wed, 06-Jul-2022 00:59:42 GMT Cache-Control no-cache Connection keep-alive Keep-Alive timeout=60 Content-Length 68 Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H2	200	7sV2f4OilfE1emyg check.ddos-guard.net/set/id/	68 B 252 B	32ms 32ms	Image image/png	185.129.100.100 DDOS-GUARD
General Check archive.org Show headers Download Go to Show image Full URL https://check.ddos-guard.net/set/id/7sV2f4OilfE1emyg Requested by Host: obzornews.pro URL: http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.129.100.100 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software ddos-guard / Resource Hash `f309b7c03d9cae63a9bedbee6ed655f3dbcdb194132943639344dead5f3b9710` Request headers Referer http://obzornews.pro/wp-content/themes/06/Visa.co.jp/2d1d371d18b33bda5179f549f84162ca/access.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Tue, 06 Jul 2021 00:59:41 GMT server ddos-guard p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" cache-control no-cache content-type image/png content-length 68 expires Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Visa (Financial)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.obzornews.pro/	1970-01-20 04:17:49	Name: __ddg2 Value: 7sV2f4OilfE1emyg
obzornews.pro/	1969-12-31 23:59:59	Name: PHPSESSID Value: 12567860fddb23a27e35b3d5ada630c4
.obzornews.pro/	1970-01-20 04:17:49	Name: __ddg1 Value: BImOgjeiZYzTORGSzm4o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

check.ddos-guard.net
obzornews.pro
185.129.100.100
45.147.197.150
2193b77bfd742c5c5b984a9ad4c0b1fe9ed4ad1423cd00f32dd69f68ea907a01
80200cf887f4d8e09f13ddfd6365bbd6869ca6622e448668ce9d1cc8c6aadfd7
c9953101beaf3aa72e1abcdfafe3dfdbcc73bf08817968ccd112008facaaa5f6
f309b7c03d9cae63a9bedbee6ed655f3dbcdb194132943639344dead5f3b9710
f3e6a952bc9fced2d4ffe5ab311ee446c1a9c857e730599f7ed8a5c7d7d279c6

obzornews.pro Open in urlscan Pro 45.147.197.150 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

7 Requests

29 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

10 kBTransfer

11 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

3 Cookies

Indicators

obzornews.pro Open in urlscan Pro
45.147.197.150 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

29 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

10 kB
Transfer

11 kB
Size

3
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!