recursing-bose.35-228-3-255.plesk.page
Open in
urlscan Pro
35.228.3.255
Malicious Activity!
Public Scan
Effective URL: https://recursing-bose.35-228-3-255.plesk.page/sca/clients/xeqZkX.php?verification
Submission: On October 05 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by R3 on October 3rd 2021. Valid for: 3 months.
This is the only time recursing-bose.35-228-3-255.plesk.page was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Volksbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 104.218.237.129 104.218.237.129 | 39618 (HOSTCRAM) (HOSTCRAM) | |
1 16 | 35.228.3.255 35.228.3.255 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700::68... 2606:4700::6810:5714 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:3a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
2 | 2606:4700::68... 2606:4700::6810:125e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:801::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:811::2003 | 15169 (GOOGLE) (GOOGLE) | |
22 | 6 |
ASN15169 (GOOGLE, US)
PTR: 255.3.228.35.bc.googleusercontent.com
recursing-bose.35-228-3-255.plesk.page |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
plesk.page
1 redirects
recursing-bose.35-228-3-255.plesk.page |
269 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com |
358 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net |
47 KB |
1 |
gstatic.com
fonts.gstatic.com |
16 KB |
1 |
googleapis.com
fonts.googleapis.com |
2 KB |
1 |
jquery.com
code.jquery.com |
30 KB |
1 |
candaceowensismypresident.com
1 redirects
candaceowensismypresident.com |
282 B |
22 | 7 |
Domain | Requested by | |
---|---|---|
16 | recursing-bose.35-228-3-255.plesk.page |
1 redirects
recursing-bose.35-228-3-255.plesk.page
|
2 | cdnjs.cloudflare.com |
recursing-bose.35-228-3-255.plesk.page
|
2 | cdn.jsdelivr.net |
recursing-bose.35-228-3-255.plesk.page
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
recursing-bose.35-228-3-255.plesk.page
|
1 | code.jquery.com |
recursing-bose.35-228-3-255.plesk.page
|
1 | candaceowensismypresident.com | 1 redirects |
22 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
recursing-bose.35-228-3-255.plesk.page R3 |
2021-10-03 - 2022-01-01 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-07-03 - 2022-07-02 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-09-13 - 2021-11-20 |
2 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-09-13 - 2021-11-20 |
2 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://recursing-bose.35-228-3-255.plesk.page/sca/clients/xeqZkX.php?verification
Frame ID: 7C66901DBEFA68B27DA7B12228D86C77
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
LoginPage URL History Show full URLs
-
http://candaceowensismypresident.com/
HTTP 301
http://recursing-bose.35-228-3-255.plesk.page/sca/?pwd=vrbank HTTP 307
https://recursing-bose.35-228-3-255.plesk.page/sca/?pwd=vrbank HTTP 302
https://recursing-bose.35-228-3-255.plesk.page/sca/clients/xeqZkX.php?verification Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://candaceowensismypresident.com/
HTTP 301
http://recursing-bose.35-228-3-255.plesk.page/sca/?pwd=vrbank HTTP 307
https://recursing-bose.35-228-3-255.plesk.page/sca/?pwd=vrbank HTTP 302
https://recursing-bose.35-228-3-255.plesk.page/sca/clients/xeqZkX.php?verification Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
xeqZkX.php
recursing-bose.35-228-3-255.plesk.page/sca/clients/ Redirect Chain
|
4 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/ |
157 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style2.css
recursing-bose.35-228-3-255.plesk.page/sca/assets/css/ |
3 KB 985 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hihi.png
recursing-bose.35-228-3-255.plesk.page/sca/assets/imgs/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
imggg.jpg
recursing-bose.35-228-3-255.plesk.page/sca/assets/imgs/ |
230 KB 230 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hihi2.png
recursing-bose.35-228-3-255.plesk.page/sca/assets/imgs/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aa.png
recursing-bose.35-228-3-255.plesk.page/sca/assets/imgs/ |
199 B 367 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ll2.png
recursing-bose.35-228-3-255.plesk.page/sca/assets/imgs/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bb.png
recursing-bose.35-228-3-255.plesk.page/sca/assets/imgs/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ss.png
recursing-bose.35-228-3-255.plesk.page/sca/assets/imgs/ |
271 B 440 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
send.png
recursing-bose.35-228-3-255.plesk.page/sca/assets/imgs/ |
283 B 452 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aa2.png
recursing-bose.35-228-3-255.plesk.page/sca/assets/imgs/ |
236 B 404 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rr.png
recursing-bose.35-228-3-255.plesk.page/sca/assets/imgs/ |
807 B 976 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aa3.png
recursing-bose.35-228-3-255.plesk.page/sca/assets/imgs/ |
245 B 413 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/ |
82 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.js
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/js/ |
1 MB 355 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.payment.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
recursing-bose.35-228-3-255.plesk.page/sca/assets/js/ |
154 B 262 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
11 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pos.png
recursing-bose.35-228-3-255.plesk.page/sca/assets/imgs/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Volksbank (Banking)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery object| bootstrap object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
recursing-bose.35-228-3-255.plesk.page/ | Name: PHPSESSID Value: 28u8te556l6tb1k4oo395uhvnn |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
candaceowensismypresident.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
recursing-bose.35-228-3-255.plesk.page
104.218.237.129
2001:4de0:ac18::1:a:3a
2606:4700::6810:125e
2606:4700::6810:5714
2a00:1450:4001:801::200a
2a00:1450:4001:811::2003
35.228.3.255
01066344ed84a8cfc6518af2398dead9ce515b86e710c4ad301049541722ddd9
1d573b97bd2735bb26eddc224002a25af0a281b4dfafb5ff7c7e12f40edd2538
20a3ef6979bbe5e4de1afaecc703e1d34cbc5e3ceab36d378539506327692d72
2bca22a1028bb6fa8f110b462539c950f84f436124967db714b9a5652f79c37c
47d55a3214909e7935e548abaaf644a71f1e98b2673a1219d2bcc8d2f065a1b1
4aae948ab9c1d7636d75522574fb1688f23189e826e81db134d71c064bfb9c8c
5675b2d0285f7d4d409f4dbc88c69cded36857ef2a956e1c30630c9356db5a6c
63c83fd41eddc699dca109b396232bc1f649273842d5a7cb73eaa5ddbcda5b56
6655089d8a9b068a7a25bd28af37b4b12a725c25edd8a95af5530a6540cc4b41
6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37
7756d0be44faaee0f33b13ee55b948039216ec88dca9a5619cbddc9c250014e2
8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01
926a55e9a5aa9ae619f462dc740c189917b272d9f0bc7943baedb40c2616dc8d
a2f44de0c8e9379d4836d26953655d28c346683be98758f1d66849be347d7158
a410f97754bf2b2249b26eac11d46f6559d7be1bf7679ebb6ad068cc8a61c9c2
aab10431356c347c0d866af7650e0118a82d465f48ce4bbb778d727803e14e8c
b40dc7015b19e80a9d1efe26f673355619a8e6b81a6eb7102b7335a64dee1706
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d4c292b0b1a6f0d1032a219e7947d4e9b09c1d9b272c5a7395a72e7c73193c31
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
ff46d4e9e7f4b7e201eaf4a6fded88d845b6b9f6219f92ec74de7dcda28e94da