tremulous.lol
Open in
urlscan Pro
172.67.130.205
Malicious Activity!
Public Scan
Submission: On July 24 via api from RU — Scanned from IT
Summary
TLS certificate: Issued by WE1 on July 22nd 2024. Valid for: 3 months.
This is the only time tremulous.lol was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: SberBank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 10 | 172.67.130.205 172.67.130.205 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.181.234 142.250.181.234 | 15169 (GOOGLE) (GOOGLE) | |
2 | 142.250.185.163 142.250.185.163 | 15169 (GOOGLE) (GOOGLE) | |
12 | 3 |
ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
tremulous.lol
1 redirects
tremulous.lol |
84 KB |
2 |
gstatic.com
fonts.gstatic.com |
54 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110 |
1 KB |
12 | 3 |
Domain | Requested by | |
---|---|---|
10 | tremulous.lol |
1 redirects
tremulous.lol
|
2 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
tremulous.lol
|
12 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
tremulous.lol WE1 |
2024-07-22 - 2024-10-20 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-07-01 - 2024-09-23 |
3 months | crt.sh |
*.gstatic.com WR2 |
2024-07-01 - 2024-09-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://tremulous.lol/lander/sber/
Frame ID: 802ACC55A238281B7EDDAFE6945D228D
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
СберБанк ИнвестицииPage URL History Show full URLs
-
https://tremulous.lol/lander/sber
HTTP 301
http://tremulous.lol/lander/sber/ HTTP 307
https://tremulous.lol/lander/sber/ Page URL
Detected technologies
Google Font API (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://tremulous.lol/lander/sber
HTTP 301
http://tremulous.lol/lander/sber/ HTTP 307
https://tremulous.lol/lander/sber/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
tremulous.lol/lander/sber/ Redirect Chain
|
17 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
11 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
tremulous.lol/lander/sber/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
landing.css
tremulous.lol/lander/sber/assets/landing/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
intlTelInput.css
tremulous.lol/lander/sber/assets/landing/css/ |
22 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
tremulous.lol/lander/sber/assets/landing/js/ |
87 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.validate.min.js
tremulous.lol/lander/sber/assets/landing/js/ |
24 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
form.js
tremulous.lol/lander/sber/assets/landing/js/ |
17 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ |
32 KB 33 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2
fonts.gstatic.com/s/montserrat/v26/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ru.webp
tremulous.lol/lander/sber/assets/landing/img/flags/ |
226 B 657 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
tremulous.lol/lander/sber/images/ |
28 KB 28 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: SberBank (Banking)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| phoneRegex number| numLimit string| phoneccValue string| countryName object| countryList object| countryData string| countryValue function| autoGeo function| numRule function| functionSuccess function| functionError function| functionBeforeSend function| limitText string| phonePlaceholder1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
tremulous.lol/ | Name: PHPSESSID Value: 925mm8i5b5vtaupqsqom60v5dd |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
tremulous.lol
142.250.181.234
142.250.185.163
172.67.130.205
189cb1d1d218780257404bd21f67c5766244776d8fa55844e22f63e89ee79459
22798a759b5bb551c54279a9d91dda9608f9f363f5a2841edd243bd253c9fd9d
3183bfeda628b7c107abb16bdc206be17b6feb545e84fc660b45e87ba5179195
57d4ea85a60012dac3014e047b85f06cbfd126366ed5d6e52df87726204a41fa
637f545351fbed7e7207fdf36e1381b0860f12fffde46a6fa43bdafcc7a05758
6f02fef6e9154d43edbf9e8a7c30f9910d2d981ae7fb7582ac8f6b9350635df9
84507c031fc78d2b8449214cb58a09c018092a0ddc39bc91869d002d43f1c104
8b78bb1528859e7b96ea89758d222d630ec82842a2a89aa4e998f25c4421f8e6
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
c85e24ab9408e85feee4cd5b8438251664a30ebca23abfd3c18035a74a196b5f
ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b
e5e6989bc6c282c097457238279dfed830042852d0cb2104082731da6b71b324