www.open24.safelog.su Open in urlscan Pro
93.157.63.156 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.open24.safelog.su/
Effective URL:
https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/
Submission: On August 08 via automatic, source certstream-suspicious (August 8th 2020, 10:14:08 am UTC)

Summary HTTP 22 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 22 HTTP transactions. The main IP is 93.157.63.156, located in Russian Federation and belongs to NFORCE, NL. The main domain is www.open24.safelog.su.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 8th 2020. Valid for: 3 months.

This is the only time www.open24.safelog.su was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Permanent TSB (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 20	93.157.63.156 93.157.63.156	43350 (NFORCE) (NFORCE)
1	151.101.12.193 151.101.12.193	54113 (FASTLY) (FASTLY)
22	3

20 93.157.63.156 (Russian Federation) 2 redirects

ASN43350 (NFORCE, NL)
PTR: hr.thegpauk.com

www.open24.safelog.su	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	safelog.su 2 redirects www.open24.safelog.su	1 MB
1	imgur.com i.imgur.com	17 KB
22	2

	Domain	Requested by
20	www.open24.safelog.su	2 redirects www.open24.safelog.su
1	i.imgur.com	www.open24.safelog.su
22	2

This site contains no links.

Subject Issuer	Validity	Valid
open24.safelog.su Let's Encrypt Authority X3	`2020-08-08` - `2020-11-06`	3 months	crt.sh
*.imgur.com DigiCert SHA2 Secure Server CA	`2020-01-15` - `2022-03-16`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/
Frame ID: 083D665D4E07685B7E18160939588B1A
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.open24.safelog.su/ Page URL
https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2 HTTP 301
https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/ HTTP 302
https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

22
Requests

86 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1052 kB
Transfer

1048 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.open24.safelog.su/ Page URL
https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2 HTTP 301
https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/ HTTP 302
https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Cookie set / Show response
www.open24.safelog.su/ 728 B
982 B 539ms
99ms Document
text/html 93.157.63.156
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.open24.safelog.su/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.156 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: hr.thegpauk.com
Software: Apache / PHP/7.3.20
Resource Hash: ff0b998f6297af456d08549ea2e640bb57d0b6de7d2eb47b29cca478be1865d2

Request headers

Host: www.open24.safelog.su
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 08 Aug 2020 10:13:52 GMT
Server: Apache
X-Powered-By: PHP/7.3.20
Set-Cookie: real=OK
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

Primary Request / Show response
www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/
Redirect Chain

https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2?
https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/?
https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?

10 KB
11 KB

144ms
141ms

Document
text/html

93.157.63.156
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
Requested by: Host: www.open24.safelog.su
URL: https://www.open24.safelog.su/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.156 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: hr.thegpauk.com
Software: Apache / PHP/7.3.20
Resource Hash: 00284a1eb9895d721a7f407f3a2a012065ad3a30f9b0091ff5121bdeea61610f

Request headers

Host: www.open24.safelog.su
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://www.open24.safelog.su/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: real=OK; bid=d0e33d6784b75974ec5798e06e56fbc2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.open24.safelog.su/

Response headers

Date: Sat, 08 Aug 2020 10:13:53 GMT
Server: Apache
X-Powered-By: PHP/7.3.20
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=77
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Sat, 08 Aug 2020 10:13:53 GMT
Server: Apache
X-Powered-By: PHP/7.3.20
Set-Cookie: bid=d0e33d6784b75974ec5798e06e56fbc2; expires=Mon, 07-Sep-2020 10:13:53 GMT; Max-Age=2592000; path=/
location: login/?
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK jquery.min.js Show response
www.open24.safelog.su/bower_components/jquery/dist/ 85 KB
85 KB 113ms
33ms Script
application/javascript 93.157.63.156
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.open24.safelog.su/bower_components/jquery/dist/jquery.min.js
Requested by: Host: www.open24.safelog.su
URL: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.156 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: hr.thegpauk.com
Software: Apache /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Referer: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 08 Aug 2020 10:13:54 GMT
Last-Modified: Mon, 05 Jun 2017 02:55:06 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=80
Content-Length: 86659

GET
H/1.1 200
OK ua-parser.min.js Show response
www.open24.safelog.su/bower_components/ua-parser-js/dist/ 17 KB
17 KB 114ms
34ms Script
application/javascript 93.157.63.156
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.open24.safelog.su/bower_components/ua-parser-js/dist/ua-parser.min.js
Requested by: Host: www.open24.safelog.su
URL: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.156 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: hr.thegpauk.com
Software: Apache /
Resource Hash: 0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896

Request headers

Referer: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 08 Aug 2020 10:13:54 GMT
Last-Modified: Thu, 12 Oct 2017 07:16:24 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=80
Content-Length: 17048

GET
H/1.1 200
OK font-awesome.min.css
www.open24.safelog.su/bower_components/font-awesome/css/ 30 KB
31 KB 47ms
44ms Stylesheet
text/css 93.157.63.156
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.open24.safelog.su/bower_components/font-awesome/css/font-awesome.min.css
Requested by: Host: www.open24.safelog.su
URL: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.156 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: hr.thegpauk.com
Software: Apache /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

Referer: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 08 Aug 2020 10:13:53 GMT
Last-Modified: Sun, 09 Apr 2017 03:29:24 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=76
Content-Length: 31000

GET
H/1.1 200
OK core_form.js Show response
www.open24.safelog.su/core/form/ 17 KB
17 KB 114ms
34ms Script
application/javascript 93.157.63.156
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.open24.safelog.su/core/form/core_form.js
Requested by: Host: www.open24.safelog.su
URL: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.156 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: hr.thegpauk.com
Software: Apache /
Resource Hash: e4ab97d38f8e98966bcd9ff7a4aac5851f56cfaea426822f88aff8d583dd6221

Request headers

Referer: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 08 Aug 2020 10:13:54 GMT
Last-Modified: Thu, 06 Feb 2020 20:59:34 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=80
Content-Length: 17473

GET
H/1.1 200
OK core_token.js Show response
www.open24.safelog.su/core/token/ 9 KB
9 KB 114ms
34ms Script
application/javascript 93.157.63.156
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.open24.safelog.su/core/token/core_token.js
Requested by: Host: www.open24.safelog.su
URL: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.156 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: hr.thegpauk.com
Software: Apache /
Resource Hash: ff9d47ea41f6c8beffe4ff61e3ccc873a4a3f76e435b9ea94f6da1808e56fe34

Request headers

Referer: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 08 Aug 2020 10:13:54 GMT
Last-Modified: Thu, 06 Feb 2020 20:57:12 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=80
Content-Length: 9296

GET
H/1.1 200
OK core_form.css
www.open24.safelog.su/core/form/ 3 KB
3 KB 48ms
46ms Stylesheet
text/css 93.157.63.156
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.open24.safelog.su/core/form/core_form.css
Requested by: Host: www.open24.safelog.su
URL: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.156 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: hr.thegpauk.com
Software: Apache /
Resource Hash: 197477b6faa3d9b019f73d3f208edd36a0c060f5ff162d7392f0775815039d5d

Request headers

Referer: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 08 Aug 2020 10:13:53 GMT
Last-Modified: Thu, 06 Feb 2020 19:39:30 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=80
Content-Length: 2816

GET
H/1.1 200
OK css.css
www.open24.safelog.su/login/form/ 196 B
436 B 83ms
35ms Stylesheet
text/css 93.157.63.156
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.open24.safelog.su/login/form/css.css
Requested by: Host: www.open24.safelog.su
URL: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.156 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: hr.thegpauk.com
Software: Apache /
Resource Hash: bfcf985351e11980c45e4426637b808ffdbaa1aca18a06efa03635493c427bb8

Request headers

Referer: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 08 Aug 2020 10:13:54 GMT
Last-Modified: Thu, 06 Feb 2020 13:42:30 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=79
Content-Length: 196

GET
H/1.1 200
OK style.css
www.open24.safelog.su/login/ 192 KB
193 KB 96ms
33ms Stylesheet
text/css 93.157.63.156
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.open24.safelog.su/login/style.css
Requested by: Host: www.open24.safelog.su
URL: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.156 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: hr.thegpauk.com
Software: Apache /
Resource Hash: 5dbca0eb5f8dc6dbc1726af62c69e154456f0e70266dad748d40faa7476a8f2b

Request headers

Referer: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 08 Aug 2020 10:13:54 GMT
Last-Modified: Thu, 06 Feb 2020 13:40:42 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=75
Content-Length: 197023

GET
H/1.1 200
OK logo.png
www.open24.safelog.su/login/ 3 KB
3 KB 34ms
33ms Image
image/png 93.157.63.156
NFORCE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.open24.safelog.su/login/logo.png
Requested by: Host: www.open24.safelog.su
URL: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.156 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: hr.thegpauk.com
Software: Apache /
Resource Hash: c769665aa1cab2a4c3aeaeb1f5283b2a4a461a288b314e79fb7148bc57712e64

Request headers

Referer: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 08 Aug 2020 10:13:54 GMT
Last-Modified: Thu, 06 Feb 2020 13:17:40 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=73
Content-Length: 3185

GET
H/1.1 200
OK blank.png
www.open24.safelog.su/login/ 95 B
335 B 34ms
34ms Image
image/png 93.157.63.156
NFORCE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.open24.safelog.su/login/blank.png
Requested by: Host: www.open24.safelog.su
URL: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.156 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: hr.thegpauk.com
Software: Apache /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 08 Aug 2020 10:13:54 GMT
Last-Modified: Thu, 06 Feb 2020 13:17:40 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=79
Content-Length: 95

GET
H/1.1 200
OK form.js Show response
www.open24.safelog.su/login/form/ 3 KB
3 KB 34ms
33ms Script
application/javascript 93.157.63.156
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.open24.safelog.su/login/form/form.js?v=5f2e7ae1e1719
Requested by: Host: www.open24.safelog.su
URL: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.156 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: hr.thegpauk.com
Software: Apache /
Resource Hash: 18571c128f051a03cc8bf063e8aac464d02a15a726d6e9bd7c96190b1592b6c7

Request headers

Referer: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 08 Aug 2020 10:13:54 GMT
Last-Modified: Thu, 06 Feb 2020 13:43:44 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=74
Content-Length: 3011

GET
H/1.1 200
OK token.js Show response
www.open24.safelog.su/login/token/ 1 KB
2 KB 33ms
33ms Script
application/javascript 93.157.63.156
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.open24.safelog.su/login/token/token.js?v=5f2e7ae1e171c
Requested by: Host: www.open24.safelog.su
URL: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.156 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: hr.thegpauk.com
Software: Apache /
Resource Hash: 34988a1701379769e0588bb84b5d76a7673fb82914dd5c69c26cd1113cdbafa2

Request headers

Referer: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 08 Aug 2020 10:13:54 GMT
Last-Modified: Thu, 06 Feb 2020 14:02:38 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=79
Content-Length: 1304

GET
H/1.1 200
OK bg.png
www.open24.safelog.su/login/ 10 KB
10 KB 34ms
33ms Image
image/png 93.157.63.156
NFORCE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.open24.safelog.su/login/bg.png
Requested by: Host: www.open24.safelog.su
URL: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.156 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: hr.thegpauk.com
Software: Apache /
Resource Hash: ce0b28cde1675780f6b254f38d6e2e180a4f452141dc80223354c3b106542fbe

Request headers

Referer: https://www.open24.safelog.su/login/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 08 Aug 2020 10:13:54 GMT
Last-Modified: Thu, 06 Feb 2020 13:17:40 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=79
Content-Length: 10017

GET
H/1.1 200
OK bg-overlay.png
www.open24.safelog.su/login/ 57 KB
57 KB 34ms
34ms Image
image/png 93.157.63.156
NFORCE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.open24.safelog.su/login/bg-overlay.png
Requested by: Host: www.open24.safelog.su
URL: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.156 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: hr.thegpauk.com
Software: Apache /
Resource Hash: eec808eb5f0de8bff9a1317b09b5100dc8e5a04213e23b38478588f0f2039b1d

Request headers

Referer: https://www.open24.safelog.su/login/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 08 Aug 2020 10:13:54 GMT
Last-Modified: Thu, 06 Feb 2020 13:17:40 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=79
Content-Length: 58165

GET
H/1.1 200
OK icons.png
www.open24.safelog.su/login/ 49 KB
49 KB 35ms
35ms Image
image/png 93.157.63.156
NFORCE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.open24.safelog.su/login/icons.png
Requested by: Host: www.open24.safelog.su
URL: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.156 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: hr.thegpauk.com
Software: Apache /
Resource Hash: 9e7956aaa3fd23a37639939bdb89431661dde3186ffb5ca54ba1f4e34999c2bb

Request headers

Referer: https://www.open24.safelog.su/login/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 08 Aug 2020 10:13:54 GMT
Last-Modified: Thu, 06 Feb 2020 13:17:40 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=78
Content-Length: 50315

GET
H/1.1 200
OK newloader.gif
www.open24.safelog.su/login/form/ 544 KB
544 KB 34ms
33ms Image
image/gif 93.157.63.156
NFORCE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.open24.safelog.su/login/form/newloader.gif
Requested by: Host: www.open24.safelog.su
URL: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.156 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: hr.thegpauk.com
Software: Apache /
Resource Hash: 32bfc673211421c1a5a33acc98291840183582f11d15490954b42a81d79d4630

Request headers

Referer: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 08 Aug 2020 10:13:54 GMT
Last-Modified: Mon, 16 Sep 2019 05:51:54 GMT
Server: Apache
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=78
Content-Length: 557122

GET
H2 200 ki3RMAF.png
i.imgur.com/ 16 KB
17 KB 234ms
168ms Image
image/png 151.101.12.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/ki3RMAF.png

Requested by

Host: www.open24.safelog.su
URL: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

360083059a460294256e7773a7cc9defd74c066b933faf8447ac1aa58c7e3c8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.open24.safelog.su/a1b2c3/d0e33d6784b75974ec5798e06e56fbc2/login/?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 08 Aug 2020 10:13:54 GMT
x-content-type-options: nosniff
age: 0
x-cache: MISS, MISS
status: 200
content-length: 16764
x-served-by: cache-bwi5125-BWI, cache-fra19176-FRA
last-modified: Thu, 06 Feb 2020 14:13:51 GMT
server: cat factory 1.0
x-timer: S1596881634.296834,VS0,VE137
etag: "14df3706010e8fed287560622dfb4ef8"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 0

GET home.php
www.open24.safelog.su/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.open24.safelog.su
URL: https://www.open24.safelog.su/home.php?pl=token&link=open24&bid=d0e33d6784b75974ec5798e06e56fbc2&callback=jQuery32109228762852408599_1596881634139&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1596881634140

Domain: www.open24.safelog.su
URL: https://www.open24.safelog.su/home.php?pl=token&link=open24&bid=d0e33d6784b75974ec5798e06e56fbc2&callback=jQuery32109228762852408599_1596881634141&data=%7B%22mes%22%3A%22User%20on%20Login%20page%22%7D&_=1596881634142

Domain: www.open24.safelog.su
URL: https://www.open24.safelog.su/home.php?pl=token&link=open24&bid=d0e33d6784b75974ec5798e06e56fbc2&callback=jQuery32109228762852408599_1596881634143&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1596881634144

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Permanent TSB (Banking)

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.open24.safelog.su/	1970-01-19 12:17:53	Name: bid Value: d0e33d6784b75974ec5798e06e56fbc2
			www.open24.safelog.su/	1969-12-31 23:59:59	Name: real Value: OK

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

i.imgur.com
www.open24.safelog.su
www.open24.safelog.su
151.101.12.193
93.157.63.156
00284a1eb9895d721a7f407f3a2a012065ad3a30f9b0091ff5121bdeea61610f
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
18571c128f051a03cc8bf063e8aac464d02a15a726d6e9bd7c96190b1592b6c7
197477b6faa3d9b019f73d3f208edd36a0c060f5ff162d7392f0775815039d5d
32bfc673211421c1a5a33acc98291840183582f11d15490954b42a81d79d4630
34988a1701379769e0588bb84b5d76a7673fb82914dd5c69c26cd1113cdbafa2
360083059a460294256e7773a7cc9defd74c066b933faf8447ac1aa58c7e3c8f
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
5dbca0eb5f8dc6dbc1726af62c69e154456f0e70266dad748d40faa7476a8f2b
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
9e7956aaa3fd23a37639939bdb89431661dde3186ffb5ca54ba1f4e34999c2bb
bfcf985351e11980c45e4426637b808ffdbaa1aca18a06efa03635493c427bb8
c769665aa1cab2a4c3aeaeb1f5283b2a4a461a288b314e79fb7148bc57712e64
ce0b28cde1675780f6b254f38d6e2e180a4f452141dc80223354c3b106542fbe
e4ab97d38f8e98966bcd9ff7a4aac5851f56cfaea426822f88aff8d583dd6221
eec808eb5f0de8bff9a1317b09b5100dc8e5a04213e23b38478588f0f2039b1d
ff0b998f6297af456d08549ea2e640bb57d0b6de7d2eb47b29cca478be1865d2
ff9d47ea41f6c8beffe4ff61e3ccc873a4a3f76e435b9ea94f6da1808e56fe34

www.open24.safelog.su Open in urlscan Pro 93.157.63.156 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

86 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

1052 kBTransfer

1048 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

42 JavaScript Global Variables

2 Cookies

Indicators

www.open24.safelog.su Open in urlscan Pro
93.157.63.156 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

86 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1052 kB
Transfer

1048 kB
Size

2
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!