xzangoo.ru Open in urlscan Pro
2606:4700:3031::6815:3154 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://xzangoo.ru/web?__cf_chl_f_tk=0yomypawizz7qabvw.4ukx0shlynu4br_vvrtujhcgy-1669913945-0-ganycgzna2u&entity=60865
Effective URL:
https://xzangoo.ru/web/L-1666129700634f1f24de20b
Submission: On December 05 via manual (December 5th 2022, 7:51:34 pm UTC) from US — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3031::6815:3154, located in United States and belongs to CLOUDFLARENET, US. The main domain is xzangoo.ru.
TLS certificate: Issued by E1 on November 12th 2022. Valid for: 3 months.

This is the only time xzangoo.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

	IP Address		AS Autonomous System
3 19	2606:4700:303... 2606:4700:3031::6815:3154		13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	1

19 2606:4700:3031::6815:3154 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

xzangoo.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	xzangoo.ru 3 redirects xzangoo.ru	274 KB
16	1

	Domain	Requested by
19	xzangoo.ru	3 redirects xzangoo.ru
16	1

This site contains no links.

Subject Issuer	Validity	Valid
*.xzangoo.ru E1	`2022-11-12` - `2023-02-10`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://xzangoo.ru/web/L-1666129700634f1f24de20b
Frame ID: 7023132BB88CCA23405B0EF11371D91B
Requests: 13 HTTP requests in this frame

Frame: https://xzangoo.ru/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1670256000
Frame ID: 0362152A9284102DE752572DF69CC08E
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

435d42c5d9086531ec8b9898a090f447d8a6bee8

Page URL History Show full URLs

http://xzangoo.ru/web?__cf_chl_f_tk=0yomypawizz7qabvw.4ukx0shlynu4br_vvrtujhcgy-1669913945-0-g... HTTP 301
https://xzangoo.ru/web?entity=60865 HTTP 301
https://xzangoo.ru/web/?entity=60865 HTTP 302
https://xzangoo.ru/web/L-1666129700634f1f24de20b Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

273 kB
Transfer

827 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://xzangoo.ru/web?__cf_chl_f_tk=0yomypawizz7qabvw.4ukx0shlynu4br_vvrtujhcgy-1669913945-0-ganycgzna2u&entity=60865 HTTP 301
https://xzangoo.ru/web?entity=60865 HTTP 301
https://xzangoo.ru/web/?entity=60865 HTTP 302
https://xzangoo.ru/web/L-1666129700634f1f24de20b Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request L-1666129700634f1f24de20b Show response xzangoo.ru/web/ Redirect Chain http://xzangoo.ru/web?__cf_chl_f_tk=0yomypawizz7qabvw.4ukx0shlynu4br_vvrtujhcgy-1669913945-0-ganycgzna2u&entity=60865 https://xzangoo.ru/web?entity=60865 https://xzangoo.ru/web/?entity=60865 https://xzangoo.ru/web/L-1666129700634f1f24de20b	7 KB 3 KB	156ms 156ms	Document text/html	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ab4686bb9630bc535c709a198b8dfc7e8910f65862fc65f54e5400c0a7747c2b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 774f511d7bb82199-DUS content-encoding br content-type text/html; charset=UTF-8 date Mon, 05 Dec 2022 19:51:30 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tNHU0RZVhmk0P8DHoS4le6bpsfqmUj9ao90rzlTUaumWZfPBmCLpvC8SqhbaRjP0bqmsm%2FfMR6EAu3pvF3T7mdxCZQ0FEoYrbdBWAPP8UQRkmCIOqQgHTyr4H7uE3T2YvjWHI16RRuBi"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 774f511c0b599975-FRA content-type text/html; charset=UTF-8 date Mon, 05 Dec 2022 19:51:30 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location L-1666129700634f1f24de20b nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2IzqvN8PLimfDXuqJPYdhjbk%2BhKzRRtf7PDxK0oUbNE1Mp2AibOLlKIRiOy9N%2F3Da3FxMq7BYwoU24W38MoSsGFMxLPAJ3sXCHIHGa%2BfQ23cQQU8YmQCfhNAcHt8%2BJ6%2Bf9mEKbbfpas4"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H3	200	styles.css xzangoo.ru/web/assets/css/	438 KB 64 KB	44ms 44ms	Stylesheet text/css	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/css/styles.css Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `509d5ca04b18cfe2f9d45d9490d0316d16b3b1faf8b3d51b591ce7fefcde616e` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 19:51:30 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 110606 cf-polished origSize=522808 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-bgj minify last-modified Thu, 20 Oct 2022 17:01:40 GMT server cloudflare etag W/"7fa38-63517ef4-380242;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H6%2BPFag3vF236EGfTf%2BruU5EJgkvD8Z75ApikcoHDRPglthmNfN35IEAOukD9bj%2FZEK4CCnxcLEzhwXSbV9WcwiEdh0MGeXOQg67crvUzu80hvYuwhecaT2J6IOpeNLou25H2AEjur05"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 774f511e7db82199-DUS expires Sun, 11 Dec 2022 13:08:04 GMT
GET H3	200	jquery.min.js Show response xzangoo.ru/web/assets/js/	87 KB 32 KB	94ms 93ms	Script application/x-javascript	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/js/jquery.min.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 19:51:30 GMT content-encoding br cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"15d84-63517ef6-38027d;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F3QqtIg7nJoy%2BIsJ0Iyn%2BSZhYFeBDyp4%2B%2BwO%2ByDTHYnQeFCqpEtKRYOtinKwR0lvpQaxwr66nxsK1T%2BeaoqsKOs%2FK9KD6DtLJu4n5%2FiV9pdnTlXUF7fhN%2F5mwZvu1Q7OTIrVpP7CM7s9"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=604800 cf-ray 774f511e7dbd2199-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 12 Dec 2022 19:51:30 GMT
GET H3	200	jquery.mask.js Show response xzangoo.ru/web/assets/js/	9 KB 4 KB	59ms 59ms	Script application/x-javascript	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/js/jquery.mask.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `01a36edc2d54892ba70d1a542092074e783410e0f9cc19a18253fe63a1b86b43` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 19:51:30 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 110605 cf-polished origSize=20120 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-bgj minify last-modified Thu, 20 Oct 2022 17:01:42 GMT server cloudflare etag W/"4e98-63517ef6-38027b;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kp0Sfa8Hc0O20fLJHDib6nJ0yVWrxdSYJQqqZBjVh%2FbrduSbF1xnIID9MmtxKAIw%2FuFiKhFacju7Vl1zmcxnvSjgTxbcWfisM9pihLDQoSYjnFXoDgADRnz8DGJMOBSrW%2FHLBKCQcAzS"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=604800 cf-ray 774f511e7dbe2199-DUS expires Sun, 11 Dec 2022 13:08:05 GMT
GET H3	200	jquery.inputmask.bundle.min.js Show response xzangoo.ru/web/assets/js/	116 KB 29 KB	29ms 29ms	Script application/x-javascript	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/js/jquery.inputmask.bundle.min.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3b8af6338a757717d51602afc0adb70f545075353c001948062afd6863fe2896` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 19:51:30 GMT content-encoding br cf-cache-status HIT last-modified Thu, 20 Oct 2022 17:01:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 110605 etag W/"1ce80-63517ef6-380279;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bgSdr7RDA3IJRq%2Fg6ukfnGpdmJgo%2FYUtks8388Jrlp8RYwRQDsyJxjPwYqDlOXJrV%2FQqrYUwouq5ZGlVUC3d6TkfLDGynsqFjGvdEfcnnq0TpKa5uz0GQ5aCF%2FPbsjVTnzPCPBUobgZJ"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=604800 cf-ray 774f511e7dbf2199-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Sun, 11 Dec 2022 13:08:05 GMT
GET H3	200	b_rgb.png xzangoo.ru/web/assets/img/	38 KB 39 KB	35ms 34ms	Image image/png	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/b_rgb.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 19:51:30 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 112437 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 39422 last-modified Thu, 20 Oct 2022 17:01:40 GMT server cloudflare etag "99fe-63517ef4-380255;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iUivfXYu86FQ%2BPs%2F2%2BzNSYdLEeHqY1yuI4BS4aHw%2FX81Z45F5ZobsHKXamobzJeWjT4suaRcX8iM3XvF26VtRBOZexaN%2FGblw%2FzTjgnzkWyxDwOcHdbI7DbI1sJ5AoEOGV2t4MYN96zY"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 774f511f1f012199-DUS expires Sun, 11 Dec 2022 12:37:33 GMT
GET H3	200	m_l.png xzangoo.ru/web/assets/img/	19 KB 19 KB	30ms 29ms	Image image/png	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/m_l.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 19:51:30 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 15391 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 19167 last-modified Thu, 20 Oct 2022 17:01:40 GMT server cloudflare etag "4adf-63517ef4-38026a;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v0Ke8a6BOw1Lp%2BZwjsW4DRzkAlvRilDl4cNM5mEN5h2eMtXBV2CX2h%2Boj71n8SJ2a08liHmKIA59%2Bi805LlE2f8ux1%2Bes%2BCJz9T7iiq3MaJxQ99H%2F0rmqCaSbyTKN6XkHq0R14tV%2FnIq"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 774f511f3f352199-DUS expires Mon, 12 Dec 2022 15:34:59 GMT
GET H3	200	Pc.js Show response xzangoo.ru/web/assets/js/	3 KB 1 KB	23ms 23ms	Script application/x-javascript	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/web/assets/js/Pc.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `bf4d619085082575da0a0c3fe947efade853bd1a77f75027df57249da2bc289b` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/L-1666129700634f1f24de20b User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 19:51:30 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 110605 cf-polished origSize=4674 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-bgj minify last-modified Thu, 20 Oct 2022 17:01:42 GMT server cloudflare etag W/"1242-63517ef6-380282;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jolOkRaOppUtEHPotIf2HohaPYLAQAIwR4bZpMSIyo9cU1tjHSOqzzDQ%2BLX%2BbKQ265prwQYUDb8i6huUeYso02Q%2BNZYPkpp2yU62jdS35STAM4RsUX3407PUHQ3s70w4O3%2BnWh5%2Fn1Ls"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=604800 cf-ray 774f511efeca2199-DUS expires Sun, 11 Dec 2022 13:08:05 GMT
GET H3	200	fsd-secure-esp-sprite.png xzangoo.ru/web/assets/img/	473 B 988 B	71ms 71ms	Image image/png	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/fsd-secure-esp-sprite.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 19:51:30 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "1d9-63517ef4-38025c;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uq6F4I8zUvAhovTA4p1%2FJ6GArdEqKuxh2Frj7qnU%2FeaolfOKxHPOP90xL6KDu0qe5VWVmWGxd0ChZgwOCOuy09E7weWQxtJ%2Fi8sRWMUjPFwOtzEfRp%2BJzEUVSr0sJkL2jq0cU6s4PbTW"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 774f511f4f3f2199-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 473 expires Mon, 12 Dec 2022 19:51:30 GMT
GET H3	200	help-qm-fsd.png xzangoo.ru/web/assets/img/	3 KB 4 KB	63ms 63ms	Image image/png	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/help-qm-fsd.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e1ac56ae25629e508f729b799d563d71920902a4cb26cf3bb602beb3e368775e` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 19:51:30 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "c94-63517ef4-380261;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wpPlWXqoF82cBg4s1JUqMJo0FFdPUfeQ%2F1uilJrJ2jYFzQ%2BqQTPidkt9sXx6bZKfS1DmqH2Ka1%2F96ayBvdprU2JkDXgdUNG%2F4%2FlPoQLk9fTRs66UW009jO8mZPwRfM5KQGtsB2hROTf2"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 774f511f4f462199-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 3220 expires Mon, 12 Dec 2022 19:51:30 GMT
GET H3	200	sign-in-sprite.png xzangoo.ru/web/assets/img/	3 KB 4 KB	47ms 47ms	Image image/png	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/sign-in-sprite.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2a1b1589e316d02ab75481e7aa88c9975afd2e87f17982fb6d38b6ebe2425a4c` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 19:51:30 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "c2f-63517ef4-38026c;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ZI6c4biveTR5xLu1I%2FoD1kuQSimPz%2BNfcSLidL8tKWh9UNyyP5KBXD3eyCNiCU3TGHmB7zUq5koaLj3w1edWe9Ipq6mJbwYCqDmY9PIlEvxU3T0JKIV1OU9%2FAJkEzxi5q0KOJJ44q0o"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 774f511f4f492199-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 3119 expires Mon, 12 Dec 2022 19:51:30 GMT
GET H3	200	gfootb-static-sprite.png xzangoo.ru/web/assets/img/	48 KB 48 KB	92ms 91ms	Image image/png	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/gfootb-static-sprite.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 19:51:30 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "be1b-63517ef4-38025e;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J2vC3ZFx0SiT1gCAgW2gl60lQhyVDtlYyd3lEMnupmMCJmFSUFsIfMy2ckw5IweIsXsZJ8Aga%2BtYNqeoxTJomw2%2Blh%2B2O%2BSlFxC%2Few0aer4J61kaJ9vl90rE%2BFnTXhJmCEfeuaTh72sy"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 774f511f6f9b2199-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 48667 expires Mon, 12 Dec 2022 19:51:30 GMT
GET H3	200	gfoot-home-icon.png xzangoo.ru/web/assets/img/	144 B 658 B	61ms 60ms	Image image/png	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xzangoo.ru/web/assets/img/gfoot-home-icon.png Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452` Request headers accept-language de-DE,de;q=0.9 Referer https://xzangoo.ru/web/assets/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 19:51:30 GMT cf-cache-status MISS last-modified Thu, 20 Oct 2022 17:01:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "90-63517ef4-38025d;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tpWCsbGbLUOdk9ZVMQzJWo9VxNIKY0HzgxnmTulGys6F9l1PuJwFQQgjRI4yCNlzJdq5aY%2B9bEb6S9G226DpJ95gbd17aNeEg8i8NDpNC93%2BURwZNkO6%2FCFeQ2kNwV5XLNFsE6ylqpsh"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 774f511f6fa12199-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 144 expires Mon, 12 Dec 2022 19:51:30 GMT
GET H3	200	invisible.js Show response xzangoo.ru/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame 0362	34 KB 15 KB	23ms 20ms	Script application/javascript	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1670256000 Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `18819c1dc660136c7ef05d15f490f25c6a2f071dd5286a74443a18363c04a82d` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 19:51:30 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BqJOVthlSlVV0f8sdPiDgqxdgi9UGlJpLfPLqQ1SrIiBq0gXiop67L5XMqTzFTlfjxRZiMoZ%2Fin8QuUVgt%2BQ2n70y9DyOYtFz122ZVcNJYzychY%2F4RVwSjY7ySOWnf8YU%2Fzr0nXHaSIF"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 774f511f7fb72199-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	pica.js xzangoo.ru/cdn-cgi/challenge-platform/h/g/scripts/ Frame 0362	19 KB 9 KB	30ms 29ms	Other application/javascript	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/cdn-cgi/challenge-platform/h/g/scripts/pica.js Requested by Host: xzangoo.ru URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0b29c7b859e67488a9f6146104ae62073f223b78dc5efcca0c44cbedd82a99dc` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 19:51:30 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Y4WW2x38xmv85vVXI0CigTMjUHG5HiKdCixSV2NZgBlsbOx81MNLi6z%2ByNk9AWm0fnDe6tm6AHErXenadkw%2FKZpCYVEuR3%2BMZTlr1dPouD%2BmjhG0CoQG7WsXawWivGwW9P%2FDIrhn%2FQm"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 774f511fa8162199-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST H3	200	774f511d7bb82199 Show response xzangoo.ru/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 0362	2 B 668 B	39ms 38ms	XHR text/plain	2606:4700:3031::6815:3154 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xzangoo.ru/cdn-cgi/challenge-platform/h/g/cv/result/774f511d7bb82199 Requested by Host: xzangoo.ru URL: https://xzangoo.ru/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1670256000 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3154 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df` Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Content-Type application/json Response headers date Mon, 05 Dec 2022 19:51:30 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bGdU1qC33T8qb2z3XQeXfdQxikt%2BBDBo1eXzsND7SBQbPdmp6msFLDz9cwssR%2FSjasjZWfJWZ%2BiU%2FmblAU0nI1EgUj0VRr0SKXzMOugxALZK07NJyDjRdF%2Fta9do3Ui2%2F8Y1t0cc9%2F%2Fx"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 cf-ray 774f51214b5e2199-DUS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			xzangoo.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: k042mnqg3813j8pvlpr9aijpq4
			.xzangoo.ru/	1970-01-20 07:57:51	Name: __cf_bm Value: Sj6SypubCbF7VOWJ_IdqQOHAVbHgmzGkOTRS16Y967c-1670269890-0-AZpEH3fk04CTe8oe/+MI0xi0js3vcfIczpA+Dg1txzwXyuE8dC1yFE4PUsZlwOUmlGaMrtURq/vKZEozEnqJUUb4yVKrcqlUm7tCxpJCAwk9WWJvcc8iNBD1WVwJHNviyBOxIy1PetX/7jk06XSemns=

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://xzangoo.ru/web/L-1666129700634f1f24de20b(Line 6) Message: Error parsing a meta element's content: ';' is not a valid key-value pair separator. Please use ',' instead.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

xzangoo.ru
2606:4700:3031::6815:3154
01a36edc2d54892ba70d1a542092074e783410e0f9cc19a18253fe63a1b86b43
0b29c7b859e67488a9f6146104ae62073f223b78dc5efcca0c44cbedd82a99dc
18819c1dc660136c7ef05d15f490f25c6a2f071dd5286a74443a18363c04a82d
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2a1b1589e316d02ab75481e7aa88c9975afd2e87f17982fb6d38b6ebe2425a4c
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
3b8af6338a757717d51602afc0adb70f545075353c001948062afd6863fe2896
509d5ca04b18cfe2f9d45d9490d0316d16b3b1faf8b3d51b591ce7fefcde616e
6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a
8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01
a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452
ab4686bb9630bc535c709a198b8dfc7e8910f65862fc65f54e5400c0a7747c2b
bf4d619085082575da0a0c3fe947efade853bd1a77f75027df57249da2bc289b
ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4
e1ac56ae25629e508f729b799d563d71920902a4cb26cf3bb602beb3e368775e
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

xzangoo.ru Open in urlscan Pro 2606:4700:3031::6815:3154 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

273 kBTransfer

827 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

xzangoo.ru Open in urlscan Pro
2606:4700:3031::6815:3154 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

273 kB
Transfer

827 kB
Size

2
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!