gmailbb.webservis.ru
Open in
urlscan Pro
195.16.42.43
Malicious Activity!
Public Scan
URL:
http://gmailbb.webservis.ru/1.php
Submission: On December 03 via api from RU — Scanned from DE
Submission: On December 03 via api from RU — Scanned from DE
Summary
This website contacted 4 IPs
in 2 countries
across 4 domains to perform 11 HTTP transactions.
The main IP is 195.16.42.43, located in
Russian Federation and
belongs to SOVAM-AS PJSC "Vimpelcom", RU.
The main domain is gmailbb.webservis.ru.
This is the only time gmailbb.webservis.ru was scanned on urlscan.io!
This is the only time gmailbb.webservis.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 5 | 195.16.42.43 195.16.42.43 | 3216 (SOVAM-AS ...) (SOVAM-AS PJSC "Vimpelcom") | |
| 2 | 2a00:1450:400... 2a00:1450:4001:831::2003 | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:82f::200e | 15169 (GOOGLE) (GOOGLE) | |
| 11 | 4 |
5
195.16.42.43
(Russian Federation)
ASN3216 (SOVAM-AS PJSC "Vimpelcom", RU)
PTR: webservis.ru.freehosting.centre.ru
ASN3216 (SOVAM-AS PJSC "Vimpelcom", RU)
PTR: webservis.ru.freehosting.centre.ru
| gmailbb.webservis.ru |
1
2a00:1450:4001:82f::200e
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| www.google-analytics.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 5 |
webservis.ru
gmailbb.webservis.ru |
85 KB |
| 2 |
gstatic.com
ssl.gstatic.com |
2 KB |
| 1 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 36 |
17 KB |
| 0 |
google.com
Failed
accounts.google.com Failed mail.google.com Failed |
|
| 11 | 4 |
| Domain | Requested by | |
|---|---|---|
| 5 | gmailbb.webservis.ru |
gmailbb.webservis.ru
|
| 2 | ssl.gstatic.com |
gmailbb.webservis.ru
|
| 1 | www.google-analytics.com |
gmailbb.webservis.ru
|
| 0 | mail.google.com Failed | |
| 0 | accounts.google.com Failed |
gmailbb.webservis.ru
|
| 11 | 5 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| accounts.google.com |
| www.google.com |
| mail.google.com |
| play.google.com |
| itunes.apple.com |
| Subject Issuer | Validity | Valid |
|---|
This page contains 1 frames:
Primary Page:
http://gmailbb.webservis.ru/1.php
Frame ID: 188A6A58D9064F983CDD8CA649CAFD2E
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
Gmail: электронная почта от GooglePage URL History Show full URLs
-
http://gmailbb.webservis.ru/1.php
HTTP 307
https://gmailbb.webservis.ru/1.php HTTP 307
http://gmailbb.webservis.ru/1.php Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Google Analytics
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Page Statistics
11 Outgoing links
These are links going to different origins than the main page.
URL: https://accounts.google.com/SignUp?service=mail&continue=https%3A%2F%2Faccounts.google.com%2FManageAccount
Title: Создайте аккаунт
Title: Создайте аккаунт
Search URL Search Domain Scan URL
URL: https://accounts.google.com/RecoverAccount?service=mail
Title: Не удается войти в аккаунт?
Title: Не удается войти в аккаунт?
Search URL Search Domain Scan URL
URL: http://www.google.com/intl/ru/mobile/mail/#utm_source=ru-cpp-g4mc-gmhp&utm_medium=cpp&utm_campaign=ru
Title: Подробнее
Title: Подробнее
Search URL Search Domain Scan URL
URL: http://mail.google.com/mail/help/intl/ru/about.html
Title: О Gmail
Title: О Gmail
Search URL Search Domain Scan URL
URL: http://mail.google.com/mail/help/intl/ru/about_whatsnew.html
Title: Новые возможности!
Title: Новые возможности!
Search URL Search Domain Scan URL
URL: https://play.google.com/store/apps/details?id=com.google.android.gm&hl=ru
Title: Google Play
Title: Google Play
Search URL Search Domain Scan URL
URL: https://itunes.apple.com/app/gmail/id422689480?mt=8
Title: Apple App Store
Title: Apple App Store
Search URL Search Domain Scan URL
URL: http://www.google.com/apps/intl/ru/business/gmail.html#utm_medium=et&utm_source=gmail-signin-ru&utm_campaign=crossnav
Title: Gmail для работы
Title: Gmail для работы
Search URL Search Domain Scan URL
URL: http://mail.google.com/mail/help/intl/ru/privacy.html
Title: Политика конфиденциальности
Title: Политика конфиденциальности
Search URL Search Domain Scan URL
URL: http://mail.google.com/mail/help/intl/ru/program_policies.html
Title: Правила программы
Title: Правила программы
Search URL Search Domain Scan URL
URL: http://www.google.com/accounts/TOS?loc=RU&hl=ru
Title: Условия использования
Title: Условия использования
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://gmailbb.webservis.ru/1.php
HTTP 307
https://gmailbb.webservis.ru/1.php HTTP 307
http://gmailbb.webservis.ru/1.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 7- http://www.google-analytics.com/ga.js HTTP 307
- https://www.google-analytics.com/ga.js
11 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
1.php
gmailbb.webservis.ru/ Redirect Chain
|
75 KB 75 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
google_logo_41.png
gmailbb.webservis.ru/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
filing_cabinet-g42.png
gmailbb.webservis.ru/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
nosign-r42.png
gmailbb.webservis.ru/ |
795 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mobile_phone-42.gif
gmailbb.webservis.ru/ |
859 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
googlemail-64.png
accounts.google.com//ssl.gstatic.com/images/icons/product/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
google-signin-flat.png
ssl.gstatic.com/accounts/ui/ |
531 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
checkmark.png
ssl.gstatic.com/ui/v1/menu/ |
239 B 981 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ga.js
www.google-analytics.com/ Redirect Chain
|
45 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
c.gif
mail.google.com/mail/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
favicon.ico
accounts.google.com//mail.google.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- accounts.google.com
- URL
- https://accounts.google.com//ssl.gstatic.com/images/icons/product/googlemail-64.png
- Domain
- mail.google.com
- URL
- https://mail.google.com/mail/images/c.gif?t=1733184332646
- Domain
- accounts.google.com
- URL
- https://accounts.google.com//mail.google.com/favicon.ico
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)42 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| gaia_hasInnerTextProperty function| gaia_attachEvent function| gaia_getElementsByClass object| botguard function| gaia_parseFragment function| gaia_prefillEmail function| gaia_setFocus function| gaia_onLoginSubmit object| hashParams object| langChooser string| langChooserParam string| langChooserUrl function| gaia_appendParam function| gaia_swapHiResLogo object| _gaq object| BrowserSupport_ boolean| is_browser_supported number| start_time function| SetGmailCookie function| lg function| gaiacb_onLoginSubmit function| StripParam number| fixed function| FixForm function| el object| CP object| quota_elem string| ONE_PX function| LogRoundtripTime function| GetRoundtripTimeFunction function| MaybePingUser function| OnLoad function| updateQuota string| PAD function| format string| google_conversion_type number| google_conversion_id string| google_conversion_language string| google_conversion_format string| google_conversion_color function| LoadConversionScript object| _gat0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.google.com
gmailbb.webservis.ru
mail.google.com
ssl.gstatic.com
www.google-analytics.com
accounts.google.com
mail.google.com
195.16.42.43
2a00:1450:4001:82f::200e
2a00:1450:4001:831::2003
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
2210e36b5b21e54cd4dc2ccdcc06138db8598d704ebf19052e5caa84edb4a675
27e1143c791de1891ed8352b36f886cb39d3c7eec70dc89de86777fb39a257aa
2991102bf5c783ea6f018731a8939ee97a4d7562a76e8188775447e3c6e0876f
59022682c32e4db4e05c3d0b01bad9bb2d935dd5455356c70017e882fdbc139f
6f3f99760c210cdd9a6df7ccc3e1fdd91ed1bd615ec3db6ace198e12ffd83352
a32f0e99d5833416b25c92c81991b5bd56c998f6c71c254c4b19a198e80f260a
d5e6375ce8f96f9ca4243b005142c525c5755140c30b082c8faba85e58ad7388