eyky4.ru.com Open in urlscan Pro
185.221.216.111 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://is.gd/spedizionesicura_carte.com
Effective URL:
https://eyky4.ru.com/
Submission: On September 21 via manual (September 21st 2023, 3:42:41 pm UTC) from IT — Scanned from IT

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 17 HTTP transactions. The main IP is 185.221.216.111, located in Chicago, United States and belongs to HOST4GEEKS-LLC, US. The main domain is eyky4.ru.com.
TLS certificate: Issued by R3 on September 20th 2023. Valid for: 3 months.

This is the only time eyky4.ru.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Volksbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.25.233.53 104.25.233.53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	172.67.83.132 172.67.83.132	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	185.221.216.111 185.221.216.111	393960 (HOST4GEEK...) (HOST4GEEKS-LLC)
17	2

1 104.25.233.53 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

is.gd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.83.132 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

is.gd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.221.216.111 (Chicago, United States)

ASN393960 (HOST4GEEKS-LLC, US)
PTR: ironprize.net

eyky4.ru.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	ru.com eyky4.ru.com	153 KB
2	is.gd 2 redirects is.gd — Cisco Umbrella Rank: 85930	445 B
0	Failed function sub() { [native code] }. Failed
17	3

	Domain	Requested by
10	eyky4.ru.com	eyky4.ru.com
2	is.gd	2 redirects
0	ifibfemgeogfhoebkmokieepdoobkbpo Failed	eyky4.ru.com
17	3

This site contains no links.

Subject Issuer	Validity	Valid
eyky4.ru.com R3	`2023-09-20` - `2023-12-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://eyky4.ru.com/
Frame ID: C9379A35A358CB6DCF36316C8F92966B
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://is.gd/spedizionesicura_carte.com HTTP 301
https://is.gd/spedizionesicura_carte.com HTTP 301
https://eyky4.ru.com/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

59 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

153 kB
Transfer

151 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://is.gd/spedizionesicura_carte.com HTTP 301
https://is.gd/spedizionesicura_carte.com HTTP 301
https://eyky4.ru.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response eyky4.ru.com/ Redirect Chain http://is.gd/spedizionesicura_carte.com https://is.gd/spedizionesicura_carte.com https://eyky4.ru.com/	11 KB 11 KB	245ms 95ms	Document text/html	185.221.216.111 HOST4GEEKS-LLC
General Check archive.org Show headers Download Go to Full URL https://eyky4.ru.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.221.216.111 Chicago, United States, ASN393960 (HOST4GEEKS-LLC, US), Reverse DNS ironprize.net Software Apache / Resource Hash `873eca06bd6125c459141a8455c5a375d30ea992dc58965cde6e111a9f9b01a3` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Thu, 21 Sep 2023 15:42:35 GMT Keep-Alive timeout=5, max=100 Server Apache Transfer-Encoding chunked Redirect headers cf-cache-status DYNAMIC cf-ray 80a36b3e4e7dc31c-VIE content-type text/html; charset=UTF-8 date Thu, 21 Sep 2023 15:42:35 GMT location https://eyky4.ru.com server cloudflare
GET		hunter.js ifibfemgeogfhoebkmokieepdoobkbpo/content/captcha/turnstile/	0 0

GET		hunter.js ifibfemgeogfhoebkmokieepdoobkbpo/content/captcha/arkoselabs/	0 0

GET		hunter.js ifibfemgeogfhoebkmokieepdoobkbpo/content/captcha/recaptcha/	0 0

GET		hunter.js ifibfemgeogfhoebkmokieepdoobkbpo/content/captcha/keycaptcha/	0 0

GET		hunter.js ifibfemgeogfhoebkmokieepdoobkbpo/content/captcha/hcaptcha/	0 0

GET		communication_helpers.js ifibfemgeogfhoebkmokieepdoobkbpo/content/	0 0

GET		core_helpers.js ifibfemgeogfhoebkmokieepdoobkbpo/content/	0 0

GET H/1.1	200 OK	direct-banking.css eyky4.ru.com/jsp/	5 KB 5 KB	84ms 73ms	Stylesheet text/css	185.221.216.111 HOST4GEEKS-LLC
General Check archive.org Show headers Download Go to Full URL https://eyky4.ru.com/jsp/direct-banking.css Requested by Host: eyky4.ru.com URL: https://eyky4.ru.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.221.216.111 Chicago, United States, ASN393960 (HOST4GEEKS-LLC, US), Reverse DNS ironprize.net Software Apache / Resource Hash `412cf6849e73c0558c004672752051609555bd96a38f0c11120c68f994e8b67c` Request headers accept-language it-IT,it;q=0.9 Referer https://eyky4.ru.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 15:42:35 GMT Last-Modified Thu, 21 Sep 2023 13:02:28 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 4814
GET H/1.1	200 OK	jquery-1.12.4.min.js Show response eyky4.ru.com/jsp/	95 KB 95 KB	271ms 186ms	Script application/javascript	185.221.216.111 HOST4GEEKS-LLC
General Check archive.org Show headers Download Go to Full URL https://eyky4.ru.com/jsp/jquery-1.12.4.min.js Requested by Host: eyky4.ru.com URL: https://eyky4.ru.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.221.216.111 Chicago, United States, ASN393960 (HOST4GEEKS-LLC, US), Reverse DNS ironprize.net Software Apache / Resource Hash `668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404` Request headers accept-language it-IT,it;q=0.9 Referer https://eyky4.ru.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 15:42:35 GMT Last-Modified Thu, 21 Sep 2023 13:02:28 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 97163
GET H/1.1	200 OK	jquery.timers.js Show response eyky4.ru.com/jsp/	3 KB 4 KB	382ms 242ms	Script application/javascript	185.221.216.111 HOST4GEEKS-LLC
General Check archive.org Show headers Download Go to Full URL https://eyky4.ru.com/jsp/jquery.timers.js Requested by Host: eyky4.ru.com URL: https://eyky4.ru.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.221.216.111 Chicago, United States, ASN393960 (HOST4GEEKS-LLC, US), Reverse DNS ironprize.net Software Apache / Resource Hash `62caefacbd8e09f7892d07251a53bf847d5eb6440303bd65733b430ef846b2eb` Request headers accept-language it-IT,it;q=0.9 Referer https://eyky4.ru.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 15:42:35 GMT Last-Modified Thu, 21 Sep 2023 13:02:30 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3335
GET H/1.1	404 Not Found	jquery.url.min.js eyky4.ru.com/jsp/	0 0	433ms 282ms	Script text/html	185.221.216.111 HOST4GEEKS-LLC
General Check archive.org Show headers Download Go to Full URL https://eyky4.ru.com/jsp/jquery.url.min.js Requested by Host: eyky4.ru.com URL: https://eyky4.ru.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.221.216.111 Chicago, United States, ASN393960 (HOST4GEEKS-LLC, US), Reverse DNS ironprize.net Software Apache / Resource Hash Request headers accept-language it-IT,it;q=0.9 Referer https://eyky4.ru.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 15:42:35 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	jquery.i18n.properties.js Show response eyky4.ru.com/jsp/	20 KB 20 KB	487ms 310ms	Script application/javascript	185.221.216.111 HOST4GEEKS-LLC
General Check archive.org Show headers Download Go to Full URL https://eyky4.ru.com/jsp/jquery.i18n.properties.js Requested by Host: eyky4.ru.com URL: https://eyky4.ru.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.221.216.111 Chicago, United States, ASN393960 (HOST4GEEKS-LLC, US), Reverse DNS ironprize.net Software Apache / Resource Hash `86e5b1adf53642a8d2ae63cdab3163ddb01f5b681395624dc29d6a423a0e70a4` Request headers accept-language it-IT,it;q=0.9 Referer https://eyky4.ru.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 15:42:35 GMT Last-Modified Thu, 21 Sep 2023 13:02:30 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 20704
GET H/1.1	404 Not Found	utils.js eyky4.ru.com/jsp/	0 0	628ms 395ms	Script text/html	185.221.216.111 HOST4GEEKS-LLC
General Check archive.org Show headers Download Go to Full URL https://eyky4.ru.com/jsp/utils.js?v=12 Requested by Host: eyky4.ru.com URL: https://eyky4.ru.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.221.216.111 Chicago, United States, ASN393960 (HOST4GEEKS-LLC, US), Reverse DNS ironprize.net Software Apache / Resource Hash Request headers accept-language it-IT,it;q=0.9 Referer https://eyky4.ru.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 15:42:35 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	logo-volksbank-2019.png eyky4.ru.com/jsp/	4 KB 4 KB	78ms 78ms	Image image/png	185.221.216.111 HOST4GEEKS-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://eyky4.ru.com/jsp/logo-volksbank-2019.png Requested by Host: eyky4.ru.com URL: https://eyky4.ru.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.221.216.111 Chicago, United States, ASN393960 (HOST4GEEKS-LLC, US), Reverse DNS ironprize.net Software Apache / Resource Hash `f9daaa0d5f8be240569fbeb10ec316f23908a1d0753a4abc10fc09a035cbd9fe` Request headers accept-language it-IT,it;q=0.9 Referer https://eyky4.ru.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 15:42:36 GMT Last-Modified Thu, 21 Sep 2023 13:02:30 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 3982
GET H/1.1	200 OK	direct-banking-2019.png eyky4.ru.com/jsp/	4 KB 4 KB	77ms 77ms	Image image/png	185.221.216.111 HOST4GEEKS-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://eyky4.ru.com/jsp/direct-banking-2019.png Requested by Host: eyky4.ru.com URL: https://eyky4.ru.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.221.216.111 Chicago, United States, ASN393960 (HOST4GEEKS-LLC, US), Reverse DNS ironprize.net Software Apache / Resource Hash `2e4c3f1e4a548d3162b59c6b73c66bbaa7453fee26d4228724f05d6a64b189e5` Request headers accept-language it-IT,it;q=0.9 Referer https://eyky4.ru.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 15:42:36 GMT Last-Modified Thu, 21 Sep 2023 13:02:28 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 4352
GET H/1.1	200 OK	60sec-ccw-inf.gif eyky4.ru.com/jsp/	9 KB 9 KB	88ms 88ms	Image image/gif	185.221.216.111 HOST4GEEKS-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://eyky4.ru.com/jsp/60sec-ccw-inf.gif Requested by Host: eyky4.ru.com URL: https://eyky4.ru.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.221.216.111 Chicago, United States, ASN393960 (HOST4GEEKS-LLC, US), Reverse DNS ironprize.net Software Apache / Resource Hash `59b9447876b2df552b018b9110614d56003ae975386bac07643a7a478e65f2b3` Request headers accept-language it-IT,it;q=0.9 Referer https://eyky4.ru.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Thu, 21 Sep 2023 15:42:36 GMT Last-Modified Thu, 21 Sep 2023 13:02:28 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 9285

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ifibfemgeogfhoebkmokieepdoobkbpo
URL: chrome-extension://ifibfemgeogfhoebkmokieepdoobkbpo/content/captcha/turnstile/hunter.js

Domain: ifibfemgeogfhoebkmokieepdoobkbpo
URL: chrome-extension://ifibfemgeogfhoebkmokieepdoobkbpo/content/captcha/arkoselabs/hunter.js

Domain: ifibfemgeogfhoebkmokieepdoobkbpo
URL: chrome-extension://ifibfemgeogfhoebkmokieepdoobkbpo/content/captcha/recaptcha/hunter.js

Domain: ifibfemgeogfhoebkmokieepdoobkbpo
URL: chrome-extension://ifibfemgeogfhoebkmokieepdoobkbpo/content/captcha/keycaptcha/hunter.js

Domain: ifibfemgeogfhoebkmokieepdoobkbpo
URL: chrome-extension://ifibfemgeogfhoebkmokieepdoobkbpo/content/captcha/hcaptcha/hunter.js

Domain: ifibfemgeogfhoebkmokieepdoobkbpo
URL: chrome-extension://ifibfemgeogfhoebkmokieepdoobkbpo/content/communication_helpers.js

Domain: ifibfemgeogfhoebkmokieepdoobkbpo
URL: chrome-extension://ifibfemgeogfhoebkmokieepdoobkbpo/content/core_helpers.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Volksbank (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery object| jQuery112409844680280984441

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			eyky4.ru.com/	1970-01-21 00:31:10	Name: COOKIE_KEY Value: 169531095568

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: chrome-extension://ifibfemgeogfhoebkmokieepdoobkbpo/content/captcha/turnstile/hunter.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: chrome-extension://ifibfemgeogfhoebkmokieepdoobkbpo/content/captcha/arkoselabs/hunter.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: chrome-extension://ifibfemgeogfhoebkmokieepdoobkbpo/content/captcha/recaptcha/hunter.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: chrome-extension://ifibfemgeogfhoebkmokieepdoobkbpo/content/captcha/keycaptcha/hunter.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: chrome-extension://ifibfemgeogfhoebkmokieepdoobkbpo/content/captcha/hcaptcha/hunter.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: chrome-extension://ifibfemgeogfhoebkmokieepdoobkbpo/content/communication_helpers.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: chrome-extension://ifibfemgeogfhoebkmokieepdoobkbpo/content/core_helpers.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: https://eyky4.ru.com/jsp/jquery.url.min.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://eyky4.ru.com/jsp/utils.js?v=12 Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

eyky4.ru.com
ifibfemgeogfhoebkmokieepdoobkbpo
is.gd
ifibfemgeogfhoebkmokieepdoobkbpo
104.25.233.53
172.67.83.132
185.221.216.111
2e4c3f1e4a548d3162b59c6b73c66bbaa7453fee26d4228724f05d6a64b189e5
412cf6849e73c0558c004672752051609555bd96a38f0c11120c68f994e8b67c
59b9447876b2df552b018b9110614d56003ae975386bac07643a7a478e65f2b3
62caefacbd8e09f7892d07251a53bf847d5eb6440303bd65733b430ef846b2eb
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
86e5b1adf53642a8d2ae63cdab3163ddb01f5b681395624dc29d6a423a0e70a4
873eca06bd6125c459141a8455c5a375d30ea992dc58965cde6e111a9f9b01a3
f9daaa0d5f8be240569fbeb10ec316f23908a1d0753a4abc10fc09a035cbd9fe

eyky4.ru.com Open in urlscan Pro 185.221.216.111 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

59 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

153 kBTransfer

151 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

9 Console Messages

Indicators

eyky4.ru.com Open in urlscan Pro
185.221.216.111 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

59 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

153 kB
Transfer

151 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!