xzangoo.ru Open in urlscan Pro
2606:4700:3034::ac43:a06f Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://xzangoo.ru/web/?entity=60865
Effective URL:
https://xzangoo.ru/web/L-1666129700634f1f24de20b
Submission: On December 08 via manual (December 8th 2022, 4:18:21 pm UTC) from IN — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3034::ac43:a06f, located in United States and belongs to CLOUDFLARENET, US. The main domain is xzangoo.ru.
TLS certificate: Issued by E1 on November 12th 2022. Valid for: 3 months.

This is the only time xzangoo.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3031::6815:3154	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 17	2606:4700:303... 2606:4700:3034::ac43:a06f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	1

1 2606:4700:3031::6815:3154 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

xzangoo.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:4700:3034::ac43:a06f (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

xzangoo.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	xzangoo.ru 2 redirects xzangoo.ru	282 KB
16	1

	Domain	Requested by
18	xzangoo.ru	2 redirects xzangoo.ru
16	1

This site contains no links.

Subject Issuer	Validity	Valid
*.xzangoo.ru E1	`2022-11-12` - `2023-02-10`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://xzangoo.ru/web/L-1666129700634f1f24de20b
Frame ID: DF9DE8BF2D29D7639B2F829BB49F1E9C
Requests: 13 HTTP requests in this frame

Frame: https://xzangoo.ru/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1670515200
Frame ID: 936909CDB4490DBB729F26FA3ADAF90A
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

46d3c9109679a31fcd7c7de2f5d2f5c8019eb279

Page URL History Show full URLs

http://xzangoo.ru/web/?entity=60865 HTTP 301
https://xzangoo.ru/web/?entity=60865 HTTP 302
https://xzangoo.ru/web/L-1666129700634f1f24de20b Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

281 kB
Transfer

916 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://xzangoo.ru/web/?entity=60865 HTTP 301
https://xzangoo.ru/web/?entity=60865 HTTP 302
https://xzangoo.ru/web/L-1666129700634f1f24de20b Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request L-1666129700634f1f24de20b Show response xzangoo.ru/web/ Redirect Chain http://xzangoo.ru/web/?entity=60865 https://xzangoo.ru/web/?entity=60865 https://xzangoo.ru/web/L-1666129700634f1f24de20b	7 KB 3 KB	209ms 208ms	Document text/html	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fd6f04f69cb3f0ea38bc0969a2e61fb787c92c925913ebda171ec3805fa7aaa0` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 7766d0e28c589191-FRA content-encoding br content-type text/html; charset=UTF-8 date Thu, 08 Dec 2022 16:18:16 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qLLuf%2Fdrzsrt37b59PlXhy53I3OFdIwGK%2Ff7745QoHVDNf7eSFnwxMOP2C4Wdd3Cb3is%2BX3aSEcgVtytYUqxn4VFtVtSLmlQBhE3MXwUR6ieNwXAmKP0soYxvN1L7TkIzuux%2Fo1Xbrsi"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 7766d0e0efb49191-FRA content-type text/html; charset=UTF-8 date Thu, 08 Dec 2022 16:18:16 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location L-1666129700634f1f24de20b nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QtJYrNGwdPwNsxQPJ7h9qNb%2FvKKnWzMyngwfkRxZaVQ7%2FP%2BASZjX9M%2FR%2BWmKQWN2DlTiyGzheLTDdIX%2BzXWNQHM86%2F6t53HJ8Ggx%2BWyUAw7vRfbCTI7veKZ8Xri3%2BUQkGYqx%2Fnj%2BEbbI"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H3	200	styles.css xzangoo.ru/web/assets/css/	511 KB 69 KB	150ms 150ms	Stylesheet text/css	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/css/styles.css Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7b72e2bbf1b4ebe1796440e4b88159bb23f30398edf8053abedc27ddf370c76d` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:18:16 GMT content-encoding br cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"7fa38-63517ef4-380242;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eL6nN4RyWzIk0DOb6F0swkeGzxrCLlTP3J1gWH1tlI185OEKEZsBzCRTFtRuanauJhRGqQPJJujFa2stx%2Fju0IehTzPX7krnKQZW94%2FLqNfbWaFkLfmDwg2jb%2FmhHz1Njf4IyEvYWM7Y"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 7766d0e3dbb7900c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 15 Dec 2022 16:18:16 GMT
GET H3	200	jquery.min.js Show response xzangoo.ru/web/assets/js/	87 KB 32 KB	224ms 223ms	Script application/x-javascript	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/js/jquery.min.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:18:16 GMT content-encoding br cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"15d84-63517ef6-38027d;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eUTk4vBXtMKXV4CNwe7iONLZS7iuj8TIHWwXyfiGtmorhUx21eui2bCEI8n5Y8sTnVTq3C7wEUidagA5q3xb4Pc6JX9yVBMt2awaHieagvi9TDcALIKJh8bwe7vE63mLPUxcZOLhqWBG"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=604800 cf-ray 7766d0e3dbb9900c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 15 Dec 2022 16:18:16 GMT
GET H3	200	jquery.mask.js Show response xzangoo.ru/web/assets/js/	20 KB 6 KB	112ms 111ms	Script application/x-javascript	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/js/jquery.mask.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:18:16 GMT content-encoding br cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"4e98-63517ef6-38027b;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bFF9ewd63%2FS0Fra0eAO5JiYgsMCbpa3bDM3%2F6RNyTcL8o7rAcPElWy7rZa1vBRozbsSXbb8yHQJfncglAQB%2FecbqkrUMD3k%2FF%2FRGeyLmDL8I1nIdDJrhmeaJYQckh4FqlLQ5rMdTHd%2BF"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=604800 cf-ray 7766d0e3dbbd900c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 15 Dec 2022 16:18:16 GMT
GET H3	200	jquery.inputmask.bundle.min.js Show response xzangoo.ru/web/assets/js/	116 KB 29 KB	115ms 114ms	Script application/x-javascript	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/js/jquery.inputmask.bundle.min.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3b8af6338a757717d51602afc0adb70f545075353c001948062afd6863fe2896` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:18:16 GMT content-encoding br cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"1ce80-63517ef6-380279;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kXx4DSh8ccsWLHEcslYa6im1rPVm6X%2FmJJ5uCwlYdifopuf1uDxHxAh94s8Xqbj6h8OaKBvcy5EmQa1hwjOs65BIo95BM5zdY%2BoHcJPvXCRE%2Bv27ykqhGhHF1UTUv4yanjEaaqWhvZUe"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=604800 cf-ray 7766d0e3dbc0900c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 15 Dec 2022 16:18:16 GMT
GET H3	200	b_rgb.png xzangoo.ru/web/assets/img/	38 KB 39 KB	122ms 122ms	Image image/png	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/b_rgb.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:18:16 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "99fe-63517ef4-380255;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4rwyc6RFz3bi0A3hEt9B8PabhDS2gK0C4bb%2BtcEiwLk2p9x0RlFvDRQVCHFLNXeGQE8bslpooV%2FIKLoLjXMOmEQR20lHQla%2F0Oxw5lKevpNQtsMENQHFNvIDrZrNbsN8HGHG500P4cwe"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 7766d0e55e52900c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 39422 expires Thu, 15 Dec 2022 16:18:16 GMT
GET H3	200	m_l.png xzangoo.ru/web/assets/img/	19 KB 19 KB	141ms 141ms	Image image/png	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/m_l.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:18:16 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "4adf-63517ef4-38026a;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=80nazJrDc0k0VqK9vAhGeVWQoXf548iZYdUcFOKlG%2B58ao2sznMEZKZWBeUr0%2BkdEZnpAyEhW%2BXDBlVadWTNCK1Yb1zQroxs3OJum3PoyYzbrYtuaGtiStHlqs%2Fu6yQP2sTRe2Pmj1S9"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 7766d0e56e83900c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 19167 expires Thu, 15 Dec 2022 16:18:16 GMT
GET H3	200	Pc.js Show response xzangoo.ru/web/assets/js/	5 KB 2 KB	104ms 104ms	Script application/x-javascript	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/js/Pc.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fa80e724f5440ddda93ea93c1b50a771aab1bf8bc1f416fe0fa0de9f7b00121c` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:18:16 GMT content-encoding br cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"1242-63517ef6-380282;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lyKvIzvuoU9Hh7xTLSGAYG4oHCg84tKzp3bRaa3EG%2FhC7NBelmHeaIQ13meFMn1N1VvHlDxXoSwp59oui6tAS2BRVUd0sbC1hXKln5PgsixT3ALpEhDuMbFfGcdZaRHbOU%2BJxG%2F3NEsi"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=604800 cf-ray 7766d0e54e3a900c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 15 Dec 2022 16:18:16 GMT
GET H3	200	fsd-secure-esp-sprite.png xzangoo.ru/web/assets/img/	473 B 986 B	167ms 167ms	Image image/png	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/fsd-secure-esp-sprite.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:18:16 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "1d9-63517ef4-38025c;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RkO6S12w%2BhgloM61gckR7Dhd5GUkQz9pIEDm4lJpnohHgSjU265XPvvlu3PBe6UhS%2FCZkwd3WjjabtxGK0s6jFD1aaKmNdjthi4EIVOiHv9AFY6DqmnH4gwLtLoUUThu2rTnZKoN%2BzHZ"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 7766d0e56e90900c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 473 expires Thu, 15 Dec 2022 16:18:16 GMT
GET H3	200	help-qm-fsd.png xzangoo.ru/web/assets/img/	3 KB 4 KB	126ms 125ms	Image image/png	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/help-qm-fsd.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e1ac56ae25629e508f729b799d563d71920902a4cb26cf3bb602beb3e368775e` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:18:16 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "c94-63517ef4-380261;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FOBZekfY5ytcYaLtiYYlWLyiNAembMp%2FhlxZ9JdfnkkN59GmjAl6l8TG%2Biq5H4SR4vF5ojfX8kZZPCBGbqomSb5yDLem612%2BF8xmIwfqOUkhg5pW60XQAutDOMGz0oWvcrdx9XNBa1Ul"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 7766d0e57e93900c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 3220 expires Thu, 15 Dec 2022 16:18:16 GMT
GET H3	200	sign-in-sprite.png xzangoo.ru/web/assets/img/	3 KB 4 KB	119ms 119ms	Image image/png	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/sign-in-sprite.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2a1b1589e316d02ab75481e7aa88c9975afd2e87f17982fb6d38b6ebe2425a4c` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:18:16 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "c2f-63517ef4-38026c;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PZ6K%2Bigdx%2BqwrwZlgf838nSjGhN1BouNOt6A3Vs0mnq2VFe00DpP%2BA2onlM2g8s0oCE6lW97yBd3xNG%2F%2BHdxrbYwBOgCSUFx12cxPbkFhDWHZuuNpMOM%2BpydwZtg5k9NV69TR8PupNpm"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 7766d0e57e94900c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 3119 expires Thu, 15 Dec 2022 16:18:16 GMT
GET H3	200	gfootb-static-sprite.png xzangoo.ru/web/assets/img/	48 KB 48 KB	137ms 137ms	Image image/png	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/gfootb-static-sprite.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:18:16 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "be1b-63517ef4-38025e;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eRkQoauDw0tX7UAB6SCEJsmpxuMBsgZtM8qjyhb3C%2BTCILjKsnE84z2d%2Bh0L%2BE1OB8Mtmju%2B%2B2yqu6cAA6qXhgJDXn0kGH8bt57v8gUihjX9JTDJDmCR%2Fc6Tb3try6hvgfi5AiE1f0N%2B"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 7766d0e58eb8900c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 48667 expires Thu, 15 Dec 2022 16:18:16 GMT
GET H3	200	gfoot-home-icon.png xzangoo.ru/web/assets/img/	144 B 658 B	129ms 128ms	Image image/png	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/gfoot-home-icon.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:18:16 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "90-63517ef4-38025d;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wy5VXprtYFKo1pouDDF7E%2FqAhw5fqo2gr8O1RbCmjCvkiLHR1EDXbyC50KRmQ4XMiVOL0fEC4%2BjO6bm5903tXNv0OY7916NhcLD2aUjj3l75tWIn%2FQFXN61ipwQIe3lFEpRj%2Bi4r3j7T"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 7766d0e58eba900c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 144 expires Thu, 15 Dec 2022 16:18:16 GMT
GET H3	200	invisible.js Show response xzangoo.ru/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame 9369	39 KB 16 KB	61ms 61ms	Script application/javascript	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1670515200 Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `dfed1c303bbefcf8cf5a8131fd9d40b140f5a645fdec160ffd60c5f58babb633` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:18:16 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ivq57lQ5oL6jgfGnq09OVY8ATW5wnB%2BHVISKRCjafDDj%2FHaSs0NLseSZqbFoNwU5B3M%2BhBLkH6S5wCPGYWGZBaWGA8zk12mIBi6RY8RX7dvUle0KKTAr71SFQq2kl5GtkurVsvGnHvI3"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 7766d0e6786b900c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	pica.js xzangoo.ru/cdn-cgi/challenge-platform/h/b/scripts/ Frame 9369	21 KB 9 KB	65ms 65ms	Other application/javascript	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/cdn-cgi/challenge-platform/h/b/scripts/pica.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `37e101bb9ce9602212277ef11e64e2e39963619ac1f597f106107f201777275f` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:18:16 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4dtHeyw9vVTzJoWsA%2BgxOaik1oMrPAnLe8fombUPhhuyAGiH%2F33n9%2Fdec6j5LxhHv3tze6dbxTDo9M7n7%2FbpyKbkasgNMGjHaBDOO2dSZgCJOYxKsC5lY33mgtzOfgnqGy%2Fthn6LH1b3"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 7766d0e6e93c900c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST H3	200	7766d0e28c589191 Show response xzangoo.ru/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 9369	2 B 662 B	74ms 74ms	XHR text/plain	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/cdn-cgi/challenge-platform/h/b/cv/result/7766d0e28c589191 Requested by Host: xzangoo.ru URL: https://xzangoo.ru/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1670515200 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df` Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Content-Type application/json Response headers date Thu, 08 Dec 2022 16:18:17 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rt%2FP4eZtiDADvMlUdxkKAEeg7160m2xOW%2F7aZKIEWeSyK3b6dMJYeh0C1Y7o9qqFspMhWpAQZqcqvZQvl43dqMiiGrq3y2BnWLX3TkTlPXp7DISK4k5rxsMdP7C5LDgrcg99fyODVqTJ"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 cf-ray 7766d0e97e35900c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			xzangoo.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: 5ftasntutadkbc4egddo4migkf
			.xzangoo.ru/	1970-01-20 08:01:58	Name: __cf_bm Value: 1MuBl2KwS0eZSVXGits9Xu4CIC32eSqwoBpxl.M02qk-1670516297-0-AU2ysXicKRvHDtfe4oo3aaK/TdOROSv4O3/ZIUm8Ab0MVMpYZdkW+k10TPoO6PYNKK9iVxQ4JiTO2CEiXpJaXk892XVdTGHHJBA+mTqz6lSR9VkiREI6OTk+RtEgtn+gz71cH2xihZcBg0+yHRhhKHI=

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b(Line 6) Message: Error parsing a meta element's content: ';' is not a valid key-value pair separator. Please use ',' instead.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

xzangoo.ru
2606:4700:3031::6815:3154
2606:4700:3034::ac43:a06f
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2a1b1589e316d02ab75481e7aa88c9975afd2e87f17982fb6d38b6ebe2425a4c
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
37e101bb9ce9602212277ef11e64e2e39963619ac1f597f106107f201777275f
3b8af6338a757717d51602afc0adb70f545075353c001948062afd6863fe2896
6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a
7b72e2bbf1b4ebe1796440e4b88159bb23f30398edf8053abedc27ddf370c76d
8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01
a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4
dfed1c303bbefcf8cf5a8131fd9d40b140f5a645fdec160ffd60c5f58babb633
e1ac56ae25629e508f729b799d563d71920902a4cb26cf3bb602beb3e368775e
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fa80e724f5440ddda93ea93c1b50a771aab1bf8bc1f416fe0fa0de9f7b00121c
fd6f04f69cb3f0ea38bc0969a2e61fb787c92c925913ebda171ec3805fa7aaa0

xzangoo.ru Open in urlscan Pro 2606:4700:3034::ac43:a06f Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

281 kBTransfer

916 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

xzangoo.ru Open in urlscan Pro
2606:4700:3034::ac43:a06f Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

281 kB
Transfer

916 kB
Size

2
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!