pxi.ferter.net
Open in
urlscan Pro
104.250.187.73
Malicious Activity!
Public Scan
Submission: On July 31 via api from TW
Summary
This is the only time pxi.ferter.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 104.250.187.73 104.250.187.73 | 3223 (VOXILITY) (VOXILITY) | |
7 | 2a00:1450:400... 2a00:1450:4001:801::200a | 15169 (GOOGLE) (GOOGLE) | |
8 | 2 |
ASN15169 (GOOGLE, US)
firebasestorage.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
googleapis.com
firebasestorage.googleapis.com |
87 KB |
1 |
ferter.net
pxi.ferter.net |
6 KB |
8 | 2 |
Domain | Requested by | |
---|---|---|
7 | firebasestorage.googleapis.com |
pxi.ferter.net
|
1 | pxi.ferter.net | |
8 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
upload.video.google.com GTS CA 1O1 |
2020-07-07 - 2020-09-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://pxi.ferter.net/ONedrive/one-drive-e-signature/dashboard/
Frame ID: 2C44803ADABB7B0A193520E82B1B2C12
Requests: 8 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
pxi.ferter.net/ONedrive/one-drive-e-signature/dashboard/ |
5 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
one.png
firebasestorage.googleapis.com/v0/b/one0drive.appspot.com/o/ |
22 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b.jpg
firebasestorage.googleapis.com/v0/b/one0drive.appspot.com/o/ |
59 KB 60 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
of.png
firebasestorage.googleapis.com/v0/b/one0drive.appspot.com/o/ |
457 B 746 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ot.png
firebasestorage.googleapis.com/v0/b/one0drive.appspot.com/o/ |
361 B 658 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ao.png
firebasestorage.googleapis.com/v0/b/one0drive.appspot.com/o/ |
427 B 715 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ya.png
firebasestorage.googleapis.com/v0/b/one0drive.appspot.com/o/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
an.png
firebasestorage.googleapis.com/v0/b/one0drive.appspot.com/o/ |
494 B 805 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| an function| of function| ou function| ao function| ya0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
firebasestorage.googleapis.com
pxi.ferter.net
104.250.187.73
2a00:1450:4001:801::200a
11f6bf364f364f2c539450a43f8922429d882505d1f7a7f6b702581702104597
4a1a760b8219df5d045b706e4aed02245e35102e9de8412fc00ce356bda6b3dc
5e337e802ad173ebe9bf2244db2b77262a0dd8f6c89b8d6dfb2ef649a730cf1f
62308587d8095e0d250f492b6bdcc583db0887733dfc1cbb25517b20b02e0ce9
7b289c8b999ed425b9f99b072f590722752f82f3f2107b497210459a63e33c9b
9f5812201213197d46d28f422ea9941ff80110a07f3c06a03c8eb4ca0edfbc5a
bd3a31c1b2c86530f923999f17d9f4a67517dab0352430057724cd251fcbd6c2
c6a5a7526ea13dbe6f7c542d376523d7ddc58d991b499a69fcdb9c9302579bcc