ploertu.serveirc.com Open in urlscan Pro
50.6.173.96 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ploertu.serveirc.com/
Effective URL:
https://ploertu.serveirc.com/sign-in/index.php
Submission Tags: @ecarlesi threat phishing binance Search All
Submission: On August 21 via api (August 21st 2024, 3:01:06 am UTC) from IT — Scanned from IT

Summary HTTP 25 Redirects Links 46 Behaviour Indicators

Summary

This website contacted 8 IPs in 1 countries across 7 domains to perform 25 HTTP transactions. The main IP is 50.6.173.96, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is ploertu.serveirc.com.
TLS certificate: Issued by R10 on August 20th 2024. Valid for: 3 months.

This is the only time ploertu.serveirc.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Binance (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
4	50.6.173.96 50.6.173.96	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
1	2a04:4e42::729 2a04:4e42::729	54113 (FASTLY) (FASTLY)
1	2606:4700:10:... 2606:4700:10::6816:3b5b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	35.201.112.186 35.201.112.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2600:9000:26e... 2600:9000:26e8:1000:a:4e26:6080:93a1	16509 (AMAZON-02) (AMAZON-02)
1	35.186.194.58 35.186.194.58	15169 (GOOGLE) (GOOGLE)
1	34.120.195.249 34.120.195.249	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
25	8

4 50.6.173.96 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 50-6-173-96.unifiedlayer.com

ploertu.serveirc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::729 (United States)

ASN54113 (FASTLY, US)

browser.sentry-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3b5b (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-cookieyes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.112.186 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.112.201.35.bc.googleusercontent.com

edge.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:26e8:1000:a:4e26:6080:93a1 (United States)

ASN16509 (AMAZON-02, US)

public.cstatic.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.194.58 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com

rs.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com

o588082.ingest.sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	serveirc.com ploertu.serveirc.com	305 KB
3	fullstory.com edge.fullstory.com — Cisco Umbrella Rank: 4178 rs.fullstory.com — Cisco Umbrella Rank: 4041	80 KB
2	cstatic.us public.cstatic.us	17 KB
1	sentry.io o588082.ingest.sentry.io	358 B
1	cdn-cookieyes.com cdn-cookieyes.com — Cisco Umbrella Rank: 12284	35 KB
1	sentry-cdn.com browser.sentry-cdn.com — Cisco Umbrella Rank: 6607	27 KB
0	binance.us Failed static.binance.us Failed
25	7

	Domain	Requested by
4	ploertu.serveirc.com	ploertu.serveirc.com
2	public.cstatic.us
2	edge.fullstory.com	ploertu.serveirc.com browser.sentry-cdn.com
1	o588082.ingest.sentry.io	browser.sentry-cdn.com
1	rs.fullstory.com	browser.sentry-cdn.com
1	cdn-cookieyes.com	ploertu.serveirc.com
1	browser.sentry-cdn.com	ploertu.serveirc.com
0	static.binance.us Failed	ploertu.serveirc.com
25	8

This site contains links to these domains. Also see Links.

Domain
www.binance.us
support.binance.us
blog.binance.us
bamus.bamboohr.com
docs.binance.us
www.facebook.com
www.twitter.com
www.linkedin.com
t.me
www.youtube.com
www.instagram.com
www.reddit.com
discord.gg
www.tiktok.com

Subject Issuer	Validity	Valid
ploertu.serveirc.com R10	`2024-08-20` - `2024-11-18`	3 months	crt.sh
*.sentry-cdn.com GlobalSign Atlas R3 DV TLS CA 2024 Q2	`2024-06-04` - `2025-07-06`	a year	crt.sh
cdn-cookieyes.com WE1	`2024-07-25` - `2024-10-23`	3 months	crt.sh
edge.fullstory.com WR3	`2024-06-28` - `2024-09-27`	3 months	crt.sh
*.cstatic.us Amazon RSA 2048 M02	`2024-02-16` - `2025-03-17`	a year	crt.sh
rs.fullstory.com WR3	`2024-06-29` - `2024-09-27`	3 months	crt.sh
ingest.sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-02` - `2024-12-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ploertu.serveirc.com/sign-in/index.php
Frame ID: 18EA38FB6A9EB6AB39CEB9006CF71FEC
Requests: 29 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log In | Binance.US

Page URL History Show full URLs

https://ploertu.serveirc.com/ Page URL
https://ploertu.serveirc.com/sign-in/index.php Page URL

Detected technologies

Sentry (Issue Trackers) Expand

Overall confidence: 100%
Detected patterns

<script[^>]*src="[^"]*browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js
browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

25
Requests

48 %
HTTPS

43 %
IPv6

7
Domains

8
Subdomains

8
IPs

1
Countries

647 kB
Transfer

1121 kB
Size

1
Cookies

46 Outgoing links

These are links going to different origins than the main page.

URL: https://www.binance.us/

Search URL Search Domain Scan URL

URL: https://www.binance.us/about
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.binance.us/trust
Title: Trust

Search URL Search Domain Scan URL

URL: https://www.binance.us/compliance
Title: Compliance

Search URL Search Domain Scan URL

URL: https://support.binance.us/hc/en-us/articles/360050532193
Title: Licenses

Search URL Search Domain Scan URL

URL: https://blog.binance.us/
Title: Blog

Search URL Search Domain Scan URL

URL: https://support.binance.us/hc/en-us/categories/360003671074-Announcements
Title: Announcements

Search URL Search Domain Scan URL

URL: https://bamus.bamboohr.com/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.binance.us/terms-of-use
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://www.binance.us/privacy-policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.binance.us/cookie-policy
Title: Cookie Policy

Search URL Search Domain Scan URL

URL: https://support.binance.us/hc/en-us/articles/12384604895127-Binance-US-Law-Enforcement-Guide
Title: Law Enforcement Guide

Search URL Search Domain Scan URL

URL: https://www.binance.us/personal
Title: Do Not Sell My Personal Information

Search URL Search Domain Scan URL

URL: https://www.binance.us/buy
Title: Buy & Sell

Search URL Search Domain Scan URL

URL: https://www.binance.us/convert
Title: Convert

Search URL Search Domain Scan URL

URL: https://www.binance.us/spot-trade/btc_usd
Title: Spot Trading

Search URL Search Domain Scan URL

URL: https://www.binance.us/otc
Title: OTC

Search URL Search Domain Scan URL

URL: https://www.binance.us/staking
Title: Staking

Search URL Search Domain Scan URL

URL: https://www.binance.us/pay
Title: Pay

Search URL Search Domain Scan URL

URL: https://www.binance.us/institutions
Title: Institutions

Search URL Search Domain Scan URL

URL: https://www.binance.us/crypto-domains
Title: Crypto Domains

Search URL Search Domain Scan URL

URL: https://support.binance.us/hc/en-us
Title: Help Center

Search URL Search Domain Scan URL

URL: https://www.binance.us/tax
Title: Tax

Search URL Search Domain Scan URL

URL: https://www.binance.us/fees
Title: Fees

Search URL Search Domain Scan URL

URL: https://www.binance.us/trading-rules
Title: Trading Rules

Search URL Search Domain Scan URL

URL: https://www.binance.us/trade-limits
Title: Trade Limits

Search URL Search Domain Scan URL

URL: https://support.binance.us/hc/en-us/articles/360057263734-Digital-Asset-Listing
Title: Listing on Binance.US

Search URL Search Domain Scan URL

URL: https://docs.binance.us/#introduction
Title: API Documentation

Search URL Search Domain Scan URL

URL: https://www.binance.us/status
Title: Status

Search URL Search Domain Scan URL

URL: https://www.binance.us/price
Title: Crypto Prices

Search URL Search Domain Scan URL

URL: https://blog.binance.us/tag/education/
Title: Crypto Education

Search URL Search Domain Scan URL

URL: https://blog.binance.us/crypto-for-beginners/
Title: Crypto For Beginners

Search URL Search Domain Scan URL

URL: https://blog.binance.us/how-does-blockchain-work/
Title: What is a Blockchain?

Search URL Search Domain Scan URL

URL: https://blog.binance.us/what-is-bitcoin/
Title: What is Bitcoin?

Search URL Search Domain Scan URL

URL: https://blog.binance.us/what-is-ethereum/
Title: What is Ethereum?

Search URL Search Domain Scan URL

URL: https://blog.binance.us/crypto-staking/
Title: Crypto Staking Explained

Search URL Search Domain Scan URL

URL: https://blog.binance.us/crypto-tokens/
Title: Crypto Tokens vs. Coins

Search URL Search Domain Scan URL

URL: https://www.facebook.com/BinanceUS/

Search URL Search Domain Scan URL

URL: https://www.twitter.com/binanceus

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/binance-us

Search URL Search Domain Scan URL

URL: https://t.me/Binance_USA

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCOy0sepBMqnlzdaRr_Tlczw?view_as=subscriber

Search URL Search Domain Scan URL

URL: https://www.instagram.com/binanceus

Search URL Search Domain Scan URL

URL: https://www.reddit.com/r/BinanceUS/

Search URL Search Domain Scan URL

URL: https://discord.gg/amjFE7Grgr

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@binance.us

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ploertu.serveirc.com/ Page URL
https://ploertu.serveirc.com/sign-in/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
ploertu.serveirc.com/ 11 KB
4 KB 441ms
156ms Document
text/html 50.6.173.96
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://ploertu.serveirc.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 50.6.173.96 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 50-6-173-96.unifiedlayer.com
Software: Apache /
Resource Hash: d6102af988411b51f482dc357381f0e0bc9486a698e0e64b4ef8d309804bff08

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 21 Aug 2024 03:00:49 GMT
server: Apache
vary: Accept-Encoding

GET
H2 200 app.css
ploertu.serveirc.com/lib/css/ 91 KB
91 KB 130ms
129ms Stylesheet
text/css 50.6.173.96
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://ploertu.serveirc.com/lib/css/app.css
Requested by: Host: ploertu.serveirc.com
URL: https://ploertu.serveirc.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 50.6.173.96 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 50-6-173-96.unifiedlayer.com
Software: Apache /
Resource Hash: 67bbe0f3085c35b169d6320ba9ab82c0c447d3441342abaf219302b4d62f237b

Request headers

Referer: https://ploertu.serveirc.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 21 Aug 2024 03:00:49 GMT
last-modified: Wed, 02 Jan 2019 23:10:34 GMT
server: Apache
accept-ranges: bytes
content-length: 93454
content-type: text/css

GET
H2 200 Primary Request index.php Show response
ploertu.serveirc.com/sign-in/ 324 KB
206 KB 139ms
139ms Document
text/html 50.6.173.96
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://ploertu.serveirc.com/sign-in/index.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 50.6.173.96 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 50-6-173-96.unifiedlayer.com
Software: Apache /
Resource Hash: c50f3d7d45af77f856f13637c361b61c8d980fcab72ca469ca0c40a9300019b5

Request headers

Referer: https://ploertu.serveirc.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 21 Aug 2024 03:00:50 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
vary: Accept-Encoding

GET
H2 200 favicon.jpg
ploertu.serveirc.com/lib/img/ 4 KB
4 KB 129ms
129ms Other
image/jpeg 50.6.173.96
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://ploertu.serveirc.com/lib/img/favicon.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 50.6.173.96 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 50-6-173-96.unifiedlayer.com
Software: Apache /
Resource Hash

Request headers

Referer: https://ploertu.serveirc.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 21 Aug 2024 03:00:50 GMT
last-modified: Tue, 04 Feb 2020 02:45:54 GMT
server: Apache
accept-ranges: bytes
content-length: 3881
content-type: image/jpeg

GET page-06ea.93f7eef0.js
static.binance.us/static/chunks/ 0
0

GET page-eed8.c4ce71ff.js
static.binance.us/static/chunks/ 0
0

GET react.production.min.18.1.0.js
static.binance.us/static/react/ 0
0

GET react-dom.production.min.18.1.0.js
static.binance.us/static/react/ 0
0

GET
H2 200 bundle.tracing.min.js Show response
browser.sentry-cdn.com/7.48.0/ 82 KB
27 KB 58ms
17ms Script
application/javascript 2a04:4e42::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.sentry-cdn.com/7.48.0/bundle.tracing.min.js

Requested by

Host: ploertu.serveirc.com
URL: https://ploertu.serveirc.com/sign-in/index.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

bb29caa529bd32d5ddd1eb2af0bf3b2aacce9a8a1bce1056d81e7fd506029219

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ploertu.serveirc.com/
Origin: https://ploertu.serveirc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 21 Aug 2024 03:01:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Fri, 14 Apr 2023 09:51:02 GMT
server: Fastly
age: 390778
etag: "6b28eb50fa588ea9d27964e084916113"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 27791
expires: Tue, 08 Oct 2024 18:13:40 GMT

GET
H2 200 script.js Show response
cdn-cookieyes.com/client_data/c31bfca042867c842c4dd0e5/ 101 KB
35 KB 96ms
40ms Script
application/javascript 2606:4700:10::6816:3b5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cookieyes.com/client_data/c31bfca042867c842c4dd0e5/script.js
Requested by: Host: ploertu.serveirc.com
URL: https://ploertu.serveirc.com/sign-in/index.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0915e7ed2e0c2ca3c00d7e58552aeddc45eb43a3f2db6e397986c56454e0fa6f

Request headers

Referer: https://ploertu.serveirc.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 21 Aug 2024 03:01:01 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 20 Aug 2024 18:41:25 GMT
server: cloudflare
age: 29973
etag: "1920b-62021c5dac67b-gzip"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
accept-ranges: bytes
cf-ray: 8b67604d8ce283bb-MXP
content-length: 35098

GET
H2 200 fs.js Show response
edge.fullstory.com/s/ 283 KB
77 KB 66ms
20ms Script
application/javascript 35.201.112.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.fullstory.com/s/fs.js
Requested by: Host: ploertu.serveirc.com
URL: https://ploertu.serveirc.com/sign-in/index.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 186.112.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 95cb90b2b6fef7ff946e42af44c1ed56a56bb90151832c637d24dd989e84cb2e

Request headers

Referer: https://ploertu.serveirc.com/
Origin: https://ploertu.serveirc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 21 Aug 2024 02:55:17 GMT
content-encoding: br
age: 344
x-guploader-uploadid: AHxI1nO5AIF4X7mWnDirr4RoRAwiAAN5OiS4_NMZGFRxq0SW34AjUUaGJH4c-FrVTdShJW0yPRb1UsjFRA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77938
last-modified: Wed, 07 Aug 2024 18:12:35 GMT
server: UploadServer
etag: "8b2a2e0d59021a21598adfcb68d6d215"
vary: Accept-Encoding
x-goog-generation: 1723054355205543
x-goog-hash: crc32c=FeHn7g==, md5=iyouDVkCGiFZit/LaNbSFQ==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=3600,no-transform
x-goog-stored-content-length: 77938
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 21 Aug 2024 03:55:17 GMT

GET phone.png
static.binance.us/static/images/login/ 0
0

GET scan.png
static.binance.us/static/images/login/ 0
0

GET download-qr.png
static.binance.us/static/images/common/ 0
0

GET pci_dss_certification.png
static.binance.us/static/images/us/proudMember/ 0
0

GET soc_certified.png
static.binance.us/static/images/us/proudMember/ 0
0

GET iso_certified3x.png
static.binance.us/static/images/us/proudMember/ 0
0

GET logo-v2.svg
static.binance.us/static/images/us/common/ 0
0

GET webpack-runtime.5d264135.js
static.binance.us/static/ 0
0

GET main.33830402.js
static.binance.us/static/ 0
0

GET
DATA 200
OK truncated
/ 43 KB
43 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: edc76335a49135c6e589f3226fbc5391b1eddf09e2a1906df126eb4448bb19ca

Request headers

Referer
Origin: https://ploertu.serveirc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff2;charset=utf-8

GET
DATA 200
OK truncated
/ 46 KB
46 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 69e74e82f335f2bc96cd85a19d7bd75de6446b4c4c993c104374b89a1b8cc41a

Request headers

Referer
Origin: https://ploertu.serveirc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff2;charset=utf-8

GET
DATA 200
OK truncated
/ 46 KB
46 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 94859c76422f35136feca12df3ac4fc4bffa2fb98d6e5fff4ebec448f2406da6

Request headers

Referer
Origin: https://ploertu.serveirc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff2;charset=utf-8

GET
DATA 200
OK truncated
/ 46 KB
46 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1509697903bbe3632c463880e3e55e030c8568cfba63f8fb131faa58919b7e2

Request headers

Referer
Origin: https://ploertu.serveirc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff2;charset=utf-8

GET
H2 200 web Show response
edge.fullstory.com/s/settings/o-1G0Z16-na1/v1/ 27 KB
3 KB 21ms
21ms XHR
application/json 35.201.112.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.fullstory.com/s/settings/o-1G0Z16-na1/v1/web
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/7.48.0/bundle.tracing.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 186.112.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 2cf828066217cff2aa1c2ae000940666e4beb1f30bb59beec5acc6b0a94d7844

Request headers

Referer: https://ploertu.serveirc.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 21 Aug 2024 02:53:49 GMT
content-encoding: gzip
age: 432
x-guploader-uploadid: AHxI1nNqnE-ocv3MM2LYD8NEY3WnhaBVyW6teS51KPRDWdMgEY1oXwgPQ8MFXIs1QYfkKc0lIx4
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2942
last-modified: Wed, 21 Aug 2024 02:50:46 GMT
server: UploadServer
etag: "cc38748be7135102ac86b1e52912fa49"
x-goog-generation: 1724199346768894
x-goog-hash: crc32c=OCH5Tw==, md5=zDh0i+cTUQKshrHlKRL6SQ==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public,max-age=900,no-transform
x-goog-stored-content-length: 2942
accept-ranges: bytes
content-type: application/json
expires: Wed, 21 Aug 2024 03:08:49 GMT

GET
H2 200 favicon.png
public.cstatic.us/static/images/common/ 7 KB
7 KB 136ms
31ms Other
image/png 2600:9000:26e8:1000:a:4e26:6080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://public.cstatic.us/static/images/common/favicon.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26e8:1000:a:4e26:6080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 162eb4df100e881a31aa8b0b7ee6837872adb7199bc22d094310e46505868d6f

Request headers

Referer: https://ploertu.serveirc.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 20 Aug 2024 04:14:25 GMT
via: 1.1 fd6dc3eaf39d0b931b4b1369a7e91ac0.cloudfront.net (CloudFront)
last-modified: Tue, 12 Sep 2023 12:38:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P10
age: 82930
x-amz-server-side-encryption: AES256
etag: "2080463ebfec297e82c99607af404e76"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 7300
x-amz-cf-id: aAy6B5z4hfXnRg1uBhxb-T7X1rnX9Yp7Y45Hf4fjRS3M81-qo72YSg==

POST
H2 202 page Show response
rs.fullstory.com/rec/ 92 B
293 B 196ms
149ms XHR
text/plain 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rs.fullstory.com/rec/page

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/7.48.0/bundle.tracing.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

58.194.186.35.bc.googleusercontent.com

Software

Resource Hash

daec44b1c2de1f529d41689315537f4a49421128f1483f3fc7eda5f4cf7e9658

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ploertu.serveirc.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 21 Aug 2024 03:01:02 GMT
via: 1.1 google
x-content-type-options: nosniff
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://ploertu.serveirc.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 92

GET
H2 200 favicon.ico
public.cstatic.us/static/images/common/ 9 KB
10 KB 33ms
32ms Other
image/vnd.microsoft.icon 2600:9000:26e8:1000:a:4e26:6080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://public.cstatic.us/static/images/common/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26e8:1000:a:4e26:6080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fc7e361e23247e9373d6a12b52bb7846786bdfd2649b102318f8582c3232bf0a

Request headers

Referer: https://ploertu.serveirc.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 21 Aug 2024 01:45:15 GMT
via: 1.1 fd6dc3eaf39d0b931b4b1369a7e91ac0.cloudfront.net (CloudFront)
last-modified: Tue, 12 Sep 2023 12:38:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P10
age: 4553
x-amz-server-side-encryption: AES256
etag: "a3b6c5a29ff8fd630c3eb9affd9c2f77"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/vnd.microsoft.icon
accept-ranges: bytes
content-length: 9662
x-amz-cf-id: oOihcx84ikeyPghbugmKOJ4HBFNxX6Px9_iRmigrBpCkhEjdUwYc7g==

POST
H2 403 / Show response
o588082.ingest.sentry.io/api/6330624/envelope/ 56 B
358 B 105ms
44ms Fetch
application/json 34.120.195.249
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://o588082.ingest.sentry.io/api/6330624/envelope/?sentry_key=3e4a5cec1dcf4a5788d2db3bf6c3e357&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.48.0

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/7.48.0/bundle.tracing.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

7c1e2d0f6a27b6701cbfc14d4b2c6863a2de1753603e0eafaf1a1c42a4e22b65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://ploertu.serveirc.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 21 Aug 2024 03:01:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: static.binance.us
URL: https://static.binance.us/static/chunks/page-06ea.93f7eef0.js

Domain: static.binance.us
URL: https://static.binance.us/static/chunks/page-eed8.c4ce71ff.js

Domain: static.binance.us
URL: https://static.binance.us/static/react/react.production.min.18.1.0.js

Domain: static.binance.us
URL: https://static.binance.us/static/react/react-dom.production.min.18.1.0.js

Domain: static.binance.us
URL: https://static.binance.us/static/images/login/phone.png

Domain: static.binance.us
URL: https://static.binance.us/static/images/login/scan.png

Domain: static.binance.us
URL: https://static.binance.us/static/images/common/download-qr.png

Domain: static.binance.us
URL: https://static.binance.us/static/images/us/proudMember/pci_dss_certification.png

Domain: static.binance.us
URL: https://static.binance.us/static/images/us/proudMember/soc_certified.png

Domain: static.binance.us
URL: https://static.binance.us/static/images/us/proudMember/iso_certified3x.png

Domain: static.binance.us
URL: https://static.binance.us/static/images/us/common/logo-v2.svg

Domain: static.binance.us
URL: https://static.binance.us/static/webpack-runtime.5d264135.js

Domain: static.binance.us
URL: https://static.binance.us/static/main.33830402.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Binance (Crypto Exchange)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ploertu.serveirc.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 46ca689a7d8a7f9b455c0290479ec555

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://ploertu.serveirc.com/sign-in/index.php Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://o588082.ingest.sentry.io/api/6330624/envelope/?sentry_key=3e4a5cec1dcf4a5788d2db3bf6c3e357&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.48.0 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

browser.sentry-cdn.com
cdn-cookieyes.com
edge.fullstory.com
o588082.ingest.sentry.io
ploertu.serveirc.com
public.cstatic.us
rs.fullstory.com
static.binance.us
static.binance.us
2600:9000:26e8:1000:a:4e26:6080:93a1
2606:4700:10::6816:3b5b
2a04:4e42::729
34.120.195.249
35.186.194.58
35.201.112.186
50.6.173.96
0915e7ed2e0c2ca3c00d7e58552aeddc45eb43a3f2db6e397986c56454e0fa6f
162eb4df100e881a31aa8b0b7ee6837872adb7199bc22d094310e46505868d6f
2cf828066217cff2aa1c2ae000940666e4beb1f30bb59beec5acc6b0a94d7844
67bbe0f3085c35b169d6320ba9ab82c0c447d3441342abaf219302b4d62f237b
69e74e82f335f2bc96cd85a19d7bd75de6446b4c4c993c104374b89a1b8cc41a
7c1e2d0f6a27b6701cbfc14d4b2c6863a2de1753603e0eafaf1a1c42a4e22b65
94859c76422f35136feca12df3ac4fc4bffa2fb98d6e5fff4ebec448f2406da6
95cb90b2b6fef7ff946e42af44c1ed56a56bb90151832c637d24dd989e84cb2e
bb29caa529bd32d5ddd1eb2af0bf3b2aacce9a8a1bce1056d81e7fd506029219
c50f3d7d45af77f856f13637c361b61c8d980fcab72ca469ca0c40a9300019b5
d6102af988411b51f482dc357381f0e0bc9486a698e0e64b4ef8d309804bff08
daec44b1c2de1f529d41689315537f4a49421128f1483f3fc7eda5f4cf7e9658
e1509697903bbe3632c463880e3e55e030c8568cfba63f8fb131faa58919b7e2
edc76335a49135c6e589f3226fbc5391b1eddf09e2a1906df126eb4448bb19ca
fc7e361e23247e9373d6a12b52bb7846786bdfd2649b102318f8582c3232bf0a

ploertu.serveirc.com Open in urlscan Pro 50.6.173.96 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

25 Requests

48 %HTTPS

43 %IPv6

7 Domains

8 Subdomains

8 IPs

1 Countries

647 kBTransfer

1121 kBSize

1 Cookies

46 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

ploertu.serveirc.com Open in urlscan Pro
50.6.173.96 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

48 %
HTTPS

43 %
IPv6

7
Domains

8
Subdomains

8
IPs

1
Countries

647 kB
Transfer

1121 kB
Size

1
Cookies

25 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!