text-for-people.ru
Open in
urlscan Pro
46.102.173.65
Malicious Activity!
Public Scan
URL:
http://text-for-people.ru/wp-includes/Office366/32235b6a433d47f815c1b63cc9f6c556/Login.php?websrc=59c275dc2e97dd3b896ed4ff...
Submission: On April 08 via manual from RO
Submission: On April 08 via manual from RO
Summary
This website contacted 4 IPs
in 3 countries
across 3 domains to perform 17 HTTP transactions.
The main IP is 46.102.173.65, located in
Romania and
belongs to INES Bucharest / ROMANIA, RO.
The main domain is text-for-people.ru.
This is the only time text-for-people.ru was scanned on urlscan.io!
This is the only time text-for-people.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 14 | 46.102.173.65 46.102.173.65 | 12310 (INES Buch...) (INES Bucharest / ROMANIA) | |
| 2 | 2a02:26f0:10c... 2a02:26f0:10c:383::35c1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 | 2a02:26f0:eb:... 2a02:26f0:eb:397::35c1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:808::200a | 15169 (GOOGLE) (GOOGLE) | |
| 17 | 4 |
14
46.102.173.65
(Romania)
ASN12310 (INES Bucharest / ROMANIA, RO)
PTR: cloud.nextgenerationwebhost.com
ASN12310 (INES Bucharest / ROMANIA, RO)
PTR: cloud.nextgenerationwebhost.com
| text-for-people.ru |
2
2a02:26f0:10c:383::35c1
(Ascension Island)
ASN20940 (AKAMAI-ASN1, US)
ASN20940 (AKAMAI-ASN1, US)
| secure.aadcdn.microsoftonline-p.com |
1
2a02:26f0:eb:397::35c1
(Ascension Island)
ASN20940 (AKAMAI-ASN1, US)
ASN20940 (AKAMAI-ASN1, US)
| secure.aadcdn.microsoftonline-p.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 14 |
text-for-people.ru
1 redirects
text-for-people.ru |
297 KB |
| 3 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com |
294 KB |
| 1 |
googleapis.com
fonts.googleapis.com |
1 KB |
| 17 | 3 |
| Domain | Requested by | |
|---|---|---|
| 14 | text-for-people.ru |
1 redirects
text-for-people.ru
|
| 3 | secure.aadcdn.microsoftonline-p.com |
text-for-people.ru
|
| 1 | fonts.googleapis.com |
text-for-people.ru
|
| 17 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.microsoft.com |
| privacy.microsoft.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| secure.aadcdn.microsoftonline-p.com Microsoft IT TLS CA 4 |
2019-07-17 - 2021-07-17 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
http://text-for-people.ru/wp-includes/Office366/32235b6a433d47f815c1b63cc9f6c556/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=83&id=4135300343
Frame ID: CD4D1BD480B5E2EB20FAE58043F9519D
Requests: 6 HTTP requests in this frame
Frame:
http://text-for-people.ru/wp-includes/Office366/32235b6a433d47f815c1b63cc9f6c556/data_files/Prefetch.html/
Frame ID: EE02BEBB28AF5DFAF8CF4D9EAC379D87
Requests: 11 HTTP requests in this frame
2 Outgoing links
These are links going to different origins than the main page.
URL: https://www.microsoft.com/en-US/servicesagreement/
Title: Terms of use
Title: Terms of use
Search URL Search Domain Scan URL
URL: https://privacy.microsoft.com/en-US/privacystatement
Title: Privacy & Cookies
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- http://text-for-people.ru/wp-includes/Office366/32235b6a433d47f815c1b63cc9f6c556/data_files/Prefetch.html HTTP 301
- http://text-for-people.ru/wp-includes/Office366/32235b6a433d47f815c1b63cc9f6c556/data_files/Prefetch.html/
17 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
Login.php
text-for-people.ru/wp-includes/Office366/32235b6a433d47f815c1b63cc9f6c556/ |
9 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
converged.login.min.css
text-for-people.ru/wp-includes/Office366/32235b6a433d47f815c1b63cc9f6c556/data_files/ |
84 KB 85 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
microsoft_logo.svg
text-for-people.ru/wp-includes/Office366/32235b6a433d47f815c1b63cc9f6c556/data_files/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
picker_account_aad.svg
secure.aadcdn.microsoftonline-p.com/ests/2.1.6970.12/content/images/ |
756 B 772 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
text-for-people.ru/wp-includes/Office366/32235b6a433d47f815c1b63cc9f6c556/data_files/Prefetch.html/ Frame EE02 Redirect Chain
|
11 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
0-small.jpg
secure.aadcdn.microsoftonline-p.com/ests/2.1.6387.8/content/images/backgrounds/ |
1 KB 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
0.jpg
secure.aadcdn.microsoftonline-p.com/ests/2.1.6387.8/content/images/backgrounds/ |
291 KB 291 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.css
text-for-people.ru/wp-content/themes/radiate/ Frame EE02 |
35 KB 36 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
css
fonts.googleapis.com/ Frame EE02 |
6 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
genericons.css
text-for-people.ru/wp-content/themes/radiate/genericons/ Frame EE02 |
28 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.js
text-for-people.ru/wp-includes/js/jquery/ Frame EE02 |
95 KB 95 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-migrate.min.js
text-for-people.ru/wp-includes/js/jquery/ Frame EE02 |
10 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wp-emoji-release.min.js
text-for-people.ru/wp-includes/js/ Frame EE02 |
11 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
navigation.js
text-for-people.ru/wp-content/themes/radiate/js/ Frame EE02 |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
skip-link-focus-fix.js
text-for-people.ru/wp-content/themes/radiate/js/ Frame EE02 |
761 B 1015 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
custom.js
text-for-people.ru/wp-content/themes/radiate/js/ Frame EE02 |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wp-embed.min.js
text-for-people.ru/wp-includes/js/ Frame EE02 |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
secure.aadcdn.microsoftonline-p.com
text-for-people.ru
2a00:1450:4001:808::200a
2a02:26f0:10c:383::35c1
2a02:26f0:eb:397::35c1
46.102.173.65
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
1f4378909ce85760673932ce62235ddf37a6e87ca4f3644517768242d62493e7
2c0f62d3ef9d8be52a239c5692cdf66470146beada661f802797e6f26ca41135
2fbee2777036299082aa3e3ca78011a6a4d8133ddd37cded13166cd4cc08db23
43ef9366a8696d70468a80347ee458ba8a99b813e00c165489fa797cfb0ef19b
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4f962ec8ae085492d496fcbbd74185ab1c8e377438dbcb5ec4f8517b7bd9293f
53954ce8ed3982e290595d45d6076377526a7ec036e202e8fd76863b0f33d18a
549bffa1c6d412e36a8eab7630e90783665ac071220b220be545478500cae0f8
5d3357bd875b7335ace42e8ee3a64578e4253bed1a4e279109de403eedae3a69
62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214
a767d7e7af88326afb37242f2828280a2c930945cb94b636b1f05a0afb634621
ba26cff05ea0ca8afc20e45774ef289527316594a749df4e975d48335438f296
c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b
dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0
fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e
fe252696b3fbcc91eb73e918c616e9a96b4ba8fd3216b504a39dd2cace47fa2f