ploertu.serveirc.com
Open in
urlscan Pro
50.6.173.96
Malicious Activity!
Public Scan
Effective URL: https://ploertu.serveirc.com/sign-in/index.php
Submission Tags: @ecarlesi threat phishing binance Search All
Submission: On August 21 via api from IT — Scanned from IT
Summary
TLS certificate: Issued by R10 on August 20th 2024. Valid for: 3 months.
This is the only time ploertu.serveirc.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Binance (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 50.6.173.96 50.6.173.96 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
1 | 2a04:4e42::729 2a04:4e42::729 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700:10:... 2606:4700:10::6816:3b5b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 35.201.112.186 35.201.112.186 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
2 | 2600:9000:26e... 2600:9000:26e8:1000:a:4e26:6080:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 35.186.194.58 35.186.194.58 | 15169 (GOOGLE) (GOOGLE) | |
1 | 34.120.195.249 34.120.195.249 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
25 | 8 |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 50-6-173-96.unifiedlayer.com
ploertu.serveirc.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.112.201.35.bc.googleusercontent.com
edge.fullstory.com |
ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com
rs.fullstory.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o588082.ingest.sentry.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
serveirc.com
ploertu.serveirc.com |
305 KB |
3 |
fullstory.com
edge.fullstory.com — Cisco Umbrella Rank: 4178 rs.fullstory.com — Cisco Umbrella Rank: 4041 |
80 KB |
2 |
cstatic.us
public.cstatic.us |
17 KB |
1 |
sentry.io
o588082.ingest.sentry.io |
358 B |
1 |
cdn-cookieyes.com
cdn-cookieyes.com — Cisco Umbrella Rank: 12284 |
35 KB |
1 |
sentry-cdn.com
browser.sentry-cdn.com — Cisco Umbrella Rank: 6607 |
27 KB |
0 |
binance.us
Failed
static.binance.us Failed |
|
25 | 7 |
Domain | Requested by | |
---|---|---|
4 | ploertu.serveirc.com |
ploertu.serveirc.com
|
2 | public.cstatic.us | |
2 | edge.fullstory.com |
ploertu.serveirc.com
browser.sentry-cdn.com |
1 | o588082.ingest.sentry.io |
browser.sentry-cdn.com
|
1 | rs.fullstory.com |
browser.sentry-cdn.com
|
1 | cdn-cookieyes.com |
ploertu.serveirc.com
|
1 | browser.sentry-cdn.com |
ploertu.serveirc.com
|
0 | static.binance.us Failed |
ploertu.serveirc.com
|
25 | 8 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ploertu.serveirc.com R10 |
2024-08-20 - 2024-11-18 |
3 months | crt.sh |
*.sentry-cdn.com GlobalSign Atlas R3 DV TLS CA 2024 Q2 |
2024-06-04 - 2025-07-06 |
a year | crt.sh |
cdn-cookieyes.com WE1 |
2024-07-25 - 2024-10-23 |
3 months | crt.sh |
edge.fullstory.com WR3 |
2024-06-28 - 2024-09-27 |
3 months | crt.sh |
*.cstatic.us Amazon RSA 2048 M02 |
2024-02-16 - 2025-03-17 |
a year | crt.sh |
rs.fullstory.com WR3 |
2024-06-29 - 2024-09-27 |
3 months | crt.sh |
ingest.sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-11-02 - 2024-12-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ploertu.serveirc.com/sign-in/index.php
Frame ID: 18EA38FB6A9EB6AB39CEB9006CF71FEC
Requests: 29 HTTP requests in this frame
Screenshot
Page Title
Log In | Binance.USPage URL History Show full URLs
- https://ploertu.serveirc.com/ Page URL
- https://ploertu.serveirc.com/sign-in/index.php Page URL
Detected technologies
Sentry (Issue Trackers) ExpandDetected patterns
- <script[^>]*src="[^"]*browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js
- browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js
PHP (Programming Languages) Expand
Detected patterns
- \.php(?:$|\?)
Page Statistics
46 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: About Us
Search URL Search Domain Scan URL
Title: Trust
Search URL Search Domain Scan URL
Title: Compliance
Search URL Search Domain Scan URL
Title: Licenses
Search URL Search Domain Scan URL
Title: Blog
Search URL Search Domain Scan URL
Title: Announcements
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Cookie Policy
Search URL Search Domain Scan URL
Title: Law Enforcement Guide
Search URL Search Domain Scan URL
Title: Do Not Sell My Personal Information
Search URL Search Domain Scan URL
Title: Buy & Sell
Search URL Search Domain Scan URL
Title: Convert
Search URL Search Domain Scan URL
Title: Spot Trading
Search URL Search Domain Scan URL
Title: OTC
Search URL Search Domain Scan URL
Title: Staking
Search URL Search Domain Scan URL
Title: Pay
Search URL Search Domain Scan URL
Title: Institutions
Search URL Search Domain Scan URL
Title: Crypto Domains
Search URL Search Domain Scan URL
Title: Help Center
Search URL Search Domain Scan URL
Title: Tax
Search URL Search Domain Scan URL
Title: Fees
Search URL Search Domain Scan URL
Title: Trading Rules
Search URL Search Domain Scan URL
Title: Trade Limits
Search URL Search Domain Scan URL
Title: Listing on Binance.US
Search URL Search Domain Scan URL
Title: API Documentation
Search URL Search Domain Scan URL
Title: Status
Search URL Search Domain Scan URL
Title: Crypto Prices
Search URL Search Domain Scan URL
Title: Crypto Education
Search URL Search Domain Scan URL
Title: Crypto For Beginners
Search URL Search Domain Scan URL
Title: What is a Blockchain?
Search URL Search Domain Scan URL
Title: What is Bitcoin?
Search URL Search Domain Scan URL
Title: What is Ethereum?
Search URL Search Domain Scan URL
Title: Crypto Staking Explained
Search URL Search Domain Scan URL
Title: Crypto Tokens vs. Coins
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://ploertu.serveirc.com/ Page URL
- https://ploertu.serveirc.com/sign-in/index.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
ploertu.serveirc.com/ |
11 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.css
ploertu.serveirc.com/lib/css/ |
91 KB 91 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
index.php
ploertu.serveirc.com/sign-in/ |
324 KB 206 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.jpg
ploertu.serveirc.com/lib/img/ |
4 KB 4 KB |
Other
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
page-06ea.93f7eef0.js
static.binance.us/static/chunks/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
page-eed8.c4ce71ff.js
static.binance.us/static/chunks/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
react.production.min.18.1.0.js
static.binance.us/static/react/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
react-dom.production.min.18.1.0.js
static.binance.us/static/react/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.tracing.min.js
browser.sentry-cdn.com/7.48.0/ |
82 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
cdn-cookieyes.com/client_data/c31bfca042867c842c4dd0e5/ |
101 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fs.js
edge.fullstory.com/s/ |
283 KB 77 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
phone.png
static.binance.us/static/images/login/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
scan.png
static.binance.us/static/images/login/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
download-qr.png
static.binance.us/static/images/common/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
pci_dss_certification.png
static.binance.us/static/images/us/proudMember/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
soc_certified.png
static.binance.us/static/images/us/proudMember/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
iso_certified3x.png
static.binance.us/static/images/us/proudMember/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
logo-v2.svg
static.binance.us/static/images/us/common/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
webpack-runtime.5d264135.js
static.binance.us/static/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
main.33830402.js
static.binance.us/static/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
43 KB 43 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
46 KB 46 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
46 KB 46 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
46 KB 46 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web
edge.fullstory.com/s/settings/o-1G0Z16-na1/v1/ |
27 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.png
public.cstatic.us/static/images/common/ |
7 KB 7 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
page
rs.fullstory.com/rec/ |
92 B 293 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
public.cstatic.us/static/images/common/ |
9 KB 10 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
o588082.ingest.sentry.io/api/6330624/envelope/ |
56 B 358 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- static.binance.us
- URL
- https://static.binance.us/static/chunks/page-06ea.93f7eef0.js
- Domain
- static.binance.us
- URL
- https://static.binance.us/static/chunks/page-eed8.c4ce71ff.js
- Domain
- static.binance.us
- URL
- https://static.binance.us/static/react/react.production.min.18.1.0.js
- Domain
- static.binance.us
- URL
- https://static.binance.us/static/react/react-dom.production.min.18.1.0.js
- Domain
- static.binance.us
- URL
- https://static.binance.us/static/images/login/phone.png
- Domain
- static.binance.us
- URL
- https://static.binance.us/static/images/login/scan.png
- Domain
- static.binance.us
- URL
- https://static.binance.us/static/images/common/download-qr.png
- Domain
- static.binance.us
- URL
- https://static.binance.us/static/images/us/proudMember/pci_dss_certification.png
- Domain
- static.binance.us
- URL
- https://static.binance.us/static/images/us/proudMember/soc_certified.png
- Domain
- static.binance.us
- URL
- https://static.binance.us/static/images/us/proudMember/iso_certified3x.png
- Domain
- static.binance.us
- URL
- https://static.binance.us/static/images/us/common/logo-v2.svg
- Domain
- static.binance.us
- URL
- https://static.binance.us/static/webpack-runtime.5d264135.js
- Domain
- static.binance.us
- URL
- https://static.binance.us/static/main.33830402.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Binance (Crypto Exchange)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| Sentry object| __SENTRY__ string| _fs_host string| _fs_script string| _fs_org string| _fs_namespace function| FS string| _fs_loaded function| _fs_shutdown1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ploertu.serveirc.com/ | Name: PHPSESSID Value: 46ca689a7d8a7f9b455c0290479ec555 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
browser.sentry-cdn.com
cdn-cookieyes.com
edge.fullstory.com
o588082.ingest.sentry.io
ploertu.serveirc.com
public.cstatic.us
rs.fullstory.com
static.binance.us
static.binance.us
2600:9000:26e8:1000:a:4e26:6080:93a1
2606:4700:10::6816:3b5b
2a04:4e42::729
34.120.195.249
35.186.194.58
35.201.112.186
50.6.173.96
0915e7ed2e0c2ca3c00d7e58552aeddc45eb43a3f2db6e397986c56454e0fa6f
162eb4df100e881a31aa8b0b7ee6837872adb7199bc22d094310e46505868d6f
2cf828066217cff2aa1c2ae000940666e4beb1f30bb59beec5acc6b0a94d7844
67bbe0f3085c35b169d6320ba9ab82c0c447d3441342abaf219302b4d62f237b
69e74e82f335f2bc96cd85a19d7bd75de6446b4c4c993c104374b89a1b8cc41a
7c1e2d0f6a27b6701cbfc14d4b2c6863a2de1753603e0eafaf1a1c42a4e22b65
94859c76422f35136feca12df3ac4fc4bffa2fb98d6e5fff4ebec448f2406da6
95cb90b2b6fef7ff946e42af44c1ed56a56bb90151832c637d24dd989e84cb2e
bb29caa529bd32d5ddd1eb2af0bf3b2aacce9a8a1bce1056d81e7fd506029219
c50f3d7d45af77f856f13637c361b61c8d980fcab72ca469ca0c40a9300019b5
d6102af988411b51f482dc357381f0e0bc9486a698e0e64b4ef8d309804bff08
daec44b1c2de1f529d41689315537f4a49421128f1483f3fc7eda5f4cf7e9658
e1509697903bbe3632c463880e3e55e030c8568cfba63f8fb131faa58919b7e2
edc76335a49135c6e589f3226fbc5391b1eddf09e2a1906df126eb4448bb19ca
fc7e361e23247e9373d6a12b52bb7846786bdfd2649b102318f8582c3232bf0a