xzangoo.ru Open in urlscan Pro
2606:4700:3034::ac43:a06f Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://xzangoo.ru/web/?entity=60865
Effective URL:
https://xzangoo.ru/web/L-1666129700634f1f24de20b
Submission: On December 08 via manual (December 8th 2022, 4:28:58 pm UTC) from IN — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3034::ac43:a06f, located in United States and belongs to CLOUDFLARENET, US. The main domain is xzangoo.ru.
TLS certificate: Issued by E1 on November 12th 2022. Valid for: 3 months.

This is the only time xzangoo.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

	IP Address		AS Autonomous System
2 18	2606:4700:303... 2606:4700:3034::ac43:a06f		13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	1

18 2606:4700:3034::ac43:a06f (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

xzangoo.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	xzangoo.ru 2 redirects xzangoo.ru	280 KB
16	1

	Domain	Requested by
18	xzangoo.ru	2 redirects xzangoo.ru
16	1

This site contains no links.

Subject Issuer	Validity	Valid
*.xzangoo.ru E1	`2022-11-12` - `2023-02-10`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://xzangoo.ru/web/L-1666129700634f1f24de20b
Frame ID: 174BDD0B1557870EBF1CBD5716A25AD8
Requests: 13 HTTP requests in this frame

Frame: https://xzangoo.ru/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1670515200
Frame ID: 174E816D2654959AB9B50FC5A2A361B8
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

2359b4594ad15c0d7ed13551fbfcf7fd45f3c13e

Page URL History Show full URLs

http://xzangoo.ru/web/?entity=60865 HTTP 301
https://xzangoo.ru/web/?entity=60865 HTTP 302
https://xzangoo.ru/web/L-1666129700634f1f24de20b Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

278 kB
Transfer

908 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://xzangoo.ru/web/?entity=60865 HTTP 301
https://xzangoo.ru/web/?entity=60865 HTTP 302
https://xzangoo.ru/web/L-1666129700634f1f24de20b Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request L-1666129700634f1f24de20b Show response xzangoo.ru/web/ Redirect Chain http://xzangoo.ru/web/?entity=60865 https://xzangoo.ru/web/?entity=60865 https://xzangoo.ru/web/L-1666129700634f1f24de20b	7 KB 3 KB	148ms 147ms	Document text/html	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0d115ddc435061e6060e0f98a68e4733b80091545a3a5a053f9ff6eff05e8738` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 7766e0756b0eb75a-AMS content-encoding br content-type text/html; charset=UTF-8 date Thu, 08 Dec 2022 16:28:54 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MZH6zjodmfkMbuj0Y3qIVHBw9KCCSuC8Sm5Ic7Y7JYsQcDhYUfvfVa85dyU9FvdTgXfhiOo6EczBW1s4wpwbFZVacELaMm0l1BOtpbMnme1CMUxBjiyiQLEDhOz%2FujWqARTzUd2QQFOw"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 7766e07449d0b75a-AMS content-type text/html; charset=UTF-8 date Thu, 08 Dec 2022 16:28:53 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location L-1666129700634f1f24de20b nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bVjbak53YuxDRtlQN8K8TEjjmHn8LZ%2BoMf5c1pPYLcmt%2B6GuC1z%2BHTZ%2BsTxH%2BjmsezOt8G9KsqIPgMIapfNX9o01VWUMSfzJVjt%2FoRXpr5dxaMIGk%2F%2BVNXQIvi4dGI96dBIYKbApUhTB"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H3	200	styles.css xzangoo.ru/web/assets/css/	511 KB 69 KB	96ms 95ms	Stylesheet text/css	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/css/styles.css Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7b72e2bbf1b4ebe1796440e4b88159bb23f30398edf8053abedc27ddf370c76d` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:28:54 GMT content-encoding br cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"7fa38-63517ef4-380242;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FdAt5PvdmONbyPssCsoJ5JBizPY57mvqY%2FohooxoYo%2FWh3b2JY8KRFdFbOJa6Bqai%2Bxm1HnvjsCTSEqdlxFnZTGAMgdfXN3RdZXpSvNn7PY65kf72c2Xx2usfaOyr%2Bn%2B3J6%2BGPIM0cGd"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 7766e0765f7990fa-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	jquery.min.js Show response xzangoo.ru/web/assets/js/	87 KB 32 KB	69ms 68ms	Script application/x-javascript	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/js/jquery.min.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:28:54 GMT content-encoding br cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"15d84-63517ef6-38027d;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DbCRTIJXQiNRtu%2FERyvu05ACBHmSB66E6EH7Upg69YgYa5rhZJ0PFoB2FIMQyDJ8MHdcVtMnlpogkuwowxWds4w3zevjjyNYHdBBtDA30VRb774eCSgNTSDHBo5oKp%2FeoPcTuMDpdWmJ"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=604800 cf-ray 7766e0765f7c90fa-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	jquery.mask.js Show response xzangoo.ru/web/assets/js/	20 KB 6 KB	104ms 103ms	Script application/x-javascript	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/js/jquery.mask.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:28:54 GMT content-encoding br cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"4e98-63517ef6-38027b;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wet6WLyI7%2FijKEaLwayIooYhs9GTQA9zfmzGO3DG5snR%2BeNncuINeLqAO3rw1NiQsod1YS86H4D0DYQIWUkMbrgJCvGxMQf5QPFuJU8CFFB%2BuyBDt%2FrW4gaUvFMH2w9D3Q%2FJY9Pvbq8U"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=604800 cf-ray 7766e0765f7d90fa-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	jquery.inputmask.bundle.min.js Show response xzangoo.ru/web/assets/js/	116 KB 29 KB	84ms 82ms	Script application/x-javascript	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/js/jquery.inputmask.bundle.min.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3b8af6338a757717d51602afc0adb70f545075353c001948062afd6863fe2896` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:28:54 GMT content-encoding br cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"1ce80-63517ef6-380279;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FeIwXXKgm3vq6U9KALmvwURJ0vAdSI63jU346EZe1v38fomgqwMSociqfrjGk5xBwMwH9owl99aUB%2BtL7XwsqWFhmxwnyK0kJHUnvNfg7lbyFGMv%2FhDXJZomX2jJs3c1eitU9I6o2%2BGg"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=604800 cf-ray 7766e0765f7f90fa-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	b_rgb.png xzangoo.ru/web/assets/img/	38 KB 39 KB	76ms 76ms	Image image/png	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/b_rgb.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:28:54 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "99fe-63517ef4-380255;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DenwoKR9MmWhGW4zVK%2BbcrBcMcUBkVy5%2BEl5caIvvOAAD3yVSiVejRubAYmPtFAVxdHq3EgPiVoKKt4HHSoyHWgYffQ7vtHh0%2FnKt8wdouhLeZMOYjIBxcyrIzs9z0gM2cgd8asr%2BieQ"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 7766e07718b990fa-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 39422 expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	m_l.png xzangoo.ru/web/assets/img/	19 KB 19 KB	91ms 91ms	Image image/png	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/m_l.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:28:54 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "4adf-63517ef4-38026a;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lBC2FX%2Bxp9bpy1vuNYn2N5aAQZxYXGzQgEx0tsWDYYq1483eOPg846cGtvXkq%2B6OdP70OcopRXku2Cqe8bjL8X8fjhxYb5OVOXJGuyMCWGhWFSU3TJsfPBW0gaVD4yrCqxk6eDbFvr2r"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 7766e07728ec90fa-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 19167 expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	Pc.js Show response xzangoo.ru/web/assets/js/	5 KB 2 KB	61ms 60ms	Script application/x-javascript	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/js/Pc.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fa80e724f5440ddda93ea93c1b50a771aab1bf8bc1f416fe0fa0de9f7b00121c` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:28:54 GMT content-encoding br cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"1242-63517ef6-380282;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EJzFykvyFZfOOrrQD1IMBuDKRynRPPlHANA%2BZJN2YikFv39f6Pg4TovDd3kGvjUj%2FW%2BP0u57yoWEvZfNkNhTzR8D2zcKPEvRhscgeeFgWKo9lSIw8hcyreLk1p2QBArNu9ow0BQxIn9L"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=604800 cf-ray 7766e07708aa90fa-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	fsd-secure-esp-sprite.png xzangoo.ru/web/assets/img/	473 B 987 B	63ms 62ms	Image image/png	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/fsd-secure-esp-sprite.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:28:54 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "1d9-63517ef4-38025c;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pn2IueBAwk98flxM0oklVDQ2OytEzxT80qM7YWjM5zw6D1T4TWh23KcuR45myv%2BHSX2%2Bcwce7yqYPF%2FRkKqIimILcvjWXcB9WetJVvAi%2Fo1n4eS1ZNWUba7ffCKgE9zHvg4wG9fKc2p7"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 7766e07738fb90fa-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 473 expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	help-qm-fsd.png xzangoo.ru/web/assets/img/	3 KB 4 KB	58ms 58ms	Image image/png	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/help-qm-fsd.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e1ac56ae25629e508f729b799d563d71920902a4cb26cf3bb602beb3e368775e` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:28:54 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "c94-63517ef4-380261;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7bDA7GJSvfEcx6VvdcmRZwiZkXQnRaKhWrdDhnUXfmK%2FNg%2B3kfdtHO71C0ZOyeC1%2FyDxQC85G%2FzCByo%2FkfGLAOvmnIQR1hCjZkog8D%2FIZTnuEi%2FV1IyA4eDVM7kNUO5WIXW6VqWwZjoT"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 7766e077390290fa-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 3220 expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	sign-in-sprite.png xzangoo.ru/web/assets/img/	3 KB 4 KB	72ms 72ms	Image image/png	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/sign-in-sprite.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2a1b1589e316d02ab75481e7aa88c9975afd2e87f17982fb6d38b6ebe2425a4c` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:28:54 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "c2f-63517ef4-38026c;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=plWW2zX0LByJ0lbSkLXnE2mRHKOvRJ5X2ry6w3w191mvG0NMQxJJIZdUjft03gQ%2BpwOe4zxHrGiOpAf68GqalvYT8SPPnY%2BL9u7ID58saO9DIe03euJIrXIynbWx63OAXAqG4OQVueq3"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 7766e077390390fa-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 3119 expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	gfootb-static-sprite.png xzangoo.ru/web/assets/img/	48 KB 48 KB	111ms 110ms	Image image/png	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/gfootb-static-sprite.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:28:54 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "be1b-63517ef4-38025e;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=di8g1x5cNYzjiNDPhY890ksmeWYWbDzwnv%2BOhnOKoEOfEzNGTUMDaMrfs7629lZP1epSQLbx1MMaL4L4UnaFdCnhvGA1MGXrctki4BqAcZVVP7P7dxpMBvLijrr%2FWJIqYg1GZrxx5o9Y"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 7766e077492790fa-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 48667 expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	gfoot-home-icon.png xzangoo.ru/web/assets/img/	144 B 652 B	72ms 72ms	Image image/png	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/gfoot-home-icon.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:28:54 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "90-63517ef4-38025d;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qw0K2MS8r1tRsH48vJsRzBx4F11kXvWVu5ZHCb0JWdo0X7M0pGDXKsaAA2Bu4d39RcKPzL4bRD4Rd3NlPxbls248gy5ARbAcUv1Uztw8RbwuPgpZa1AXjRNoaY4UQLLhJFdfoHDS0n9G"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 7766e077492990fa-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 144 expires Thu, 15 Dec 2022 16:28:54 GMT
GET H3	200	invisible.js Show response xzangoo.ru/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame 174E	33 KB 14 KB	11ms 11ms	Script application/javascript	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1670515200 Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2fd4b024d9bffd859ec3de8c24e26b5b5ef620305cfad6d4b4f9864b481261f3` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:28:54 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mI0xOSdP3boiYJvgZpCwQwKDIdVDAntTkLixo07rbrflz%2FICAVzjy9DYFYypB8FZGHBMBfeartmAqTUc2COVoM92uCF6qngA93%2BPJl%2BPQ0a8pdk22K%2Feuye248%2FWfa2rcu7NcgL3xxeM"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 7766e077898090fa-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	pica.js xzangoo.ru/cdn-cgi/challenge-platform/h/b/scripts/ Frame 174E	18 KB 8 KB	37ms 36ms	Other application/javascript	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/cdn-cgi/challenge-platform/h/b/scripts/pica.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `79f64da9e3878da345df1a570ebe0f63dde3d9f1cd8356da3477a22ac48e6a3b` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Thu, 08 Dec 2022 16:28:54 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xTWQlBG5DgXcqBSJFTOFCbB1yND59Epb19rk3WStZdAuJiGvzpIqSqYwH1nDXuwH5b21I3WXCd%2BWnQpOvszFk4%2FIbftQnESmpve7GzUndchfS6dj2U11HrhkwYxzDFi%2FHfjy%2FRWONcvc"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 7766e077b9e190fa-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST H3	200	7766e0756b0eb75a Show response xzangoo.ru/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 174E	2 B 667 B	49ms 48ms	XHR text/plain	2606:4700:3034::ac43:a06f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/cdn-cgi/challenge-platform/h/b/cv/result/7766e0756b0eb75a Requested by Host: xzangoo.ru URL: https://xzangoo.ru/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1670515200 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a06f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df` Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Content-Type application/json Response headers date Thu, 08 Dec 2022 16:28:54 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=076ZoRehT46UEEIvCifqQxZML7sG0Nxw7pNlWMgPYGuYtR1r2%2FZRcwaS5ictsFSeQxIU4f6gKkCR44pMZyWJJJQg2yrA%2Fe8W7Qo2KKFy36eZZ0XZ%2FEhPDDnLfxNsdFAK%2B3PeU42GqvSl"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 cf-ray 7766e0798cfc90fa-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			xzangoo.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: d2h089ob7tt8aan2cid27rk05h
			.xzangoo.ru/	1970-01-20 08:01:58	Name: __cf_bm Value: Pojp85mROk0oQOK3RMFv_cvH4Msril_HgpIUsKX13Ik-1670516934-0-AWkEIDUC2cMyGEpZwbuj+nCf5s5YuxYqZh89yUs3rJB60e+H6aF7IJdkWslRhvqjnagb1d+8gzzP4r5FepFoYoBZBSjzkjKg4IzkTNuXGzYK+mRzN8AA6FT5n+uoi3iMCDTS1F7sBbzjAcvqEzXM9vw=

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b(Line 6) Message: Error parsing a meta element's content: ';' is not a valid key-value pair separator. Please use ',' instead.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

xzangoo.ru
2606:4700:3034::ac43:a06f
0d115ddc435061e6060e0f98a68e4733b80091545a3a5a053f9ff6eff05e8738
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2a1b1589e316d02ab75481e7aa88c9975afd2e87f17982fb6d38b6ebe2425a4c
2fd4b024d9bffd859ec3de8c24e26b5b5ef620305cfad6d4b4f9864b481261f3
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
3b8af6338a757717d51602afc0adb70f545075353c001948062afd6863fe2896
6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a
79f64da9e3878da345df1a570ebe0f63dde3d9f1cd8356da3477a22ac48e6a3b
7b72e2bbf1b4ebe1796440e4b88159bb23f30398edf8053abedc27ddf370c76d
8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01
a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4
e1ac56ae25629e508f729b799d563d71920902a4cb26cf3bb602beb3e368775e
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fa80e724f5440ddda93ea93c1b50a771aab1bf8bc1f416fe0fa0de9f7b00121c

xzangoo.ru Open in urlscan Pro 2606:4700:3034::ac43:a06f Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

278 kBTransfer

908 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

xzangoo.ru Open in urlscan Pro
2606:4700:3034::ac43:a06f Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

278 kB
Transfer

908 kB
Size

2
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!