servj.ga Open in urlscan Pro
2606:4700:30::681b:9692 Malicious Activity! Public Scan

URL:
http://servj.ga/open24/
Submission: On May 20 via manual (May 20th 2019, 8:54:45 pm UTC) from US

Summary HTTP 16 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 16 HTTP transactions. The main IP is 2606:4700:30::681b:9692, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is servj.ga.

This is the only time servj.ga was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Permanent TSB (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:30:... 2606:4700:30::681b:9692	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2606:4700:30:... 2606:4700:30::681b:9792	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:81e::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
12	193.120.216.23 193.120.216.23	2110 (AS-BTIRE ...) (AS-BTIRE BT Ireland was previously known as Esat Net)
16	5

2 2606:4700:30::681b:9692 (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

servj.ga	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::681b:9792 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

servj.ga	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 193.120.216.23 (Belfast, United Kingdom)

ASN2110 (AS-BTIRE BT Ireland was previously known as Esat Net, EUnet Ireland & IEUnet., IE)

www.open24.ie	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	open24.ie www.open24.ie	747 KB
3	servj.ga 1 redirects servj.ga	6 KB
1	googletagmanager.com www.googletagmanager.com	25 KB
0	Failed function sub() { [native code] }. Failed
16	4

	Domain	Requested by
12	www.open24.ie	servj.ga www.open24.ie
3	servj.ga	1 redirects servj.ga
1	www.googletagmanager.com	servj.ga
0	www.open24.iehttps Failed	servj.ga
16	4

This site contains links to these domains. Also see Links.

Domain
www.permanenttsb.ie
www.open24.ie
twitter.com

Subject Issuer	Validity	Valid
*.google-analytics.com Google Internet Authority G3	`2019-04-30` - `2019-07-23`	3 months	crt.sh
www.open24.ie DigiCert SHA2 Secure Server CA	`2018-12-13` - `2020-01-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://servj.ga/open24/
Frame ID: 407E4C3571B093AA61606A538A2F52D6
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://servj.ga/open24 HTTP 301
http://servj.ga/open24/ Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
env /^google_tag_manager$/i

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^Modernizr$/i

SWFObject (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

env /^SWFObject$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

16
Requests

81 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

777 kB
Transfer

826 kB
Size

0
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.permanenttsb.ie/legal-information/legal-articles/cookies
Title: Learn more about cookies

Search URL Search Domain Scan URL

URL: https://www.open24.ie/online/Login/
Title:

Search URL Search Domain Scan URL

URL: https://www.permanenttsb.ie/about-us/need-help/all-about-online-banking/passwords/
Title: Forgot your password?

Search URL Search Domain Scan URL

URL: https://www.permanenttsb.ie/about-us/need-help/all-about-online-banking/
Title: logging in / registering

Search URL Search Domain Scan URL

URL: https://www.permanenttsb.ie/about-us/need-help/all-about-online-banking/technical-questions/
Title: technical issues

Search URL Search Domain Scan URL

URL: https://www.permanenttsb.ie/about-us/need-help/security/
Title: security concerns

Search URL Search Domain Scan URL

URL: https://www.open24.ie/online/Login/+353%201%202124101
Title: +353 1 2124101

Search URL Search Domain Scan URL

URL: https://www.permanenttsb.ie/psd2
Title: Learn more about PSD2, Third Party Providers and access to your accounts.

Search URL Search Domain Scan URL

URL: https://www.permanenttsb.ie/about-us/need-help/security/?utm_source=OPEN24&utm_medium=Banner&utm_term=Owned+Media&utm_content=Login+Banner&utm_campaign=Open+24+Owned+Media
Title: Learn more about keeping your account secure

Search URL Search Domain Scan URL

URL: https://twitter.com/askpermanenttsb
Title: @askpermanenttsb

Search URL Search Domain Scan URL

URL: https://www.permanenttsb.ie/contact-us/
Title: contact us

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://servj.ga/open24 HTTP 301
http://servj.ga/open24/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
servj.ga/open24/
Redirect Chain

http://servj.ga/open24
http://servj.ga/open24/

19 KB
6 KB

178ms
169ms

Document
text/html

2606:4700:30::681b:9692
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://servj.ga/open24/
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:9692 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3d1e39083bc6c9bdb12c33e070d33931af4f27831d433f60c6ce6d0ff95f3e1

Request headers

Host: servj.ga
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Cookie: __cfduid=d73b8a33d0a4c32f9c4152df4126eee241558385666
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 20 May 2019 20:54:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 19 May 2019 22:48:02 GMT
Server: cloudflare
CF-RAY: 4da134b3ca5ad71d-FRA
Content-Encoding: gzip

Redirect headers

Date: Mon, 20 May 2019 20:54:27 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d73b8a33d0a4c32f9c4152df4126eee241558385666; expires=Tue, 19-May-20 20:54:26 GMT; path=/; domain=.servj.ga; HttpOnly
Location: http://servj.ga/open24/
Server: cloudflare
CF-RAY: 4da134b29ef6d71d-FRA

GET
H/1.1 404
Not Found gtm5445.html
servj.ga/www.googletagmanager.com/ 0
0 185ms
176ms Script
text/html 2606:4700:30::681b:9792
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://servj.ga/www.googletagmanager.com/gtm5445.html?id=GTM-TPF9GVK
Requested by: Host: servj.ga
URL: http://servj.ga/open24/
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:9792 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: http://servj.ga/open24/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 20 May 2019 20:54:27 GMT
Content-Encoding: gzip
Server: cloudflare
Connection: keep-alive
CF-RAY: 4da134b51e04bebf-FRA
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 64 KB
25 KB 19ms
15ms Script
application/javascript 2a00:1450:4001:81e::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id={SET_YOUR_ID}

Requested by

Host: servj.ga
URL: http://servj.ga/open24/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

26d969975f59caebddd1e076b9db58e3c980d46034b7a1a63fac2cb42277a79c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://servj.ga/open24/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 20 May 2019 20:54:27 GMT
content-encoding: br
last-modified: Mon, 20 May 2019 17:43:49 GMT
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 25207
x-xss-protection: 0
expires: Mon, 20 May 2019 20:54:27 GMT

GET
H/1.1 200
OK redirection_mobile.min.js Show response
www.open24.ie/online/js/base/ 2 KB
2 KB 263ms
46ms Script
application/x-javascript 193.120.216.23
AS-BTIRE BT Irela...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.open24.ie/online/js/base/redirection_mobile.min.js

Requested by

Host: servj.ga
URL: http://servj.ga/open24/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

193.120.216.23 Belfast, United Kingdom, ASN2110 (AS-BTIRE BT Ireland was previously known as Esat Net, EUnet Ireland & IEUnet., IE),

Reverse DNS

Software

Microsoft-IIS/7.5 / ASP.NET

Resource Hash

1efad86a4518dbf1b080bbc574d77f3e04d5cdf65f88fb12e4e443b64c9a94c8

Security Headers

Name	Value
X-Frame-Options	SameOrigin

Request headers

Referer: http://servj.ga/open24/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 20 May 2019 20:53:37 GMT
ETag: "07d78af28fad11:0"
Last-Modified: Fri, 19 Aug 2016 14:48:02 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Frame-Options: SameOrigin
Content-Type: application/x-javascript
Accept-Ranges: bytes
Content-Length: 2238

GET
H/1.1 200
OK style
www.open24.ie/online/css/ 193 KB
194 KB 343ms
133ms Stylesheet
text/css 193.120.216.23
AS-BTIRE BT Irela...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.open24.ie/online/css/style?v=hANhxCny741j1VLl6E61WsoLC333EhtyjqmMINtQ23k1

Requested by

Host: servj.ga
URL: http://servj.ga/open24/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

193.120.216.23 Belfast, United Kingdom, ASN2110 (AS-BTIRE BT Ireland was previously known as Esat Net, EUnet Ireland & IEUnet., IE),

Reverse DNS

Software

Microsoft-IIS/7.5 / ASP.NET

Resource Hash

98c96e551690e6974d04209eccfbb9fccda31c4034f05c1e5bff83c312c11620

Security Headers

Name	Value
X-Frame-Options	SameOrigin

Request headers

Referer: http://servj.ga/open24/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 20 May 2019 20:53:37 GMT
Vary: User-Agent
Last-Modified: Mon, 20 May 2019 20:53:38 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Frame-Options: SameOrigin
Content-Type: text/css; charset=utf-8
Cache-Control: public
Content-Length: 198053
Expires: Tue, 19 May 2020 20:53:38 GMT

GET
H/1.1 200
OK modernizr Show response
www.open24.ie/online/js/libraries/ 12 KB
12 KB 330ms
93ms Script
text/javascript 193.120.216.23
AS-BTIRE BT Irela...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.open24.ie/online/js/libraries/modernizr?v=yqhzs2iwYmQp-xIGVgoAjHmm9J7LuO1RqI3lzD4FPpk1

Requested by

Host: servj.ga
URL: http://servj.ga/open24/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

193.120.216.23 Belfast, United Kingdom, ASN2110 (AS-BTIRE BT Ireland was previously known as Esat Net, EUnet Ireland & IEUnet., IE),

Reverse DNS

Software

Microsoft-IIS/7.5 / ASP.NET

Resource Hash

1daf3ae375d7fddc76d200833766842061f35d337a70f6af0c713bd9b98e7f39

Security Headers

Name	Value
X-Frame-Options	SameOrigin

Request headers

Referer: http://servj.ga/open24/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 20 May 2019 20:53:37 GMT
Vary: User-Agent
Last-Modified: Mon, 20 May 2019 20:53:38 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Frame-Options: SameOrigin
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Content-Length: 11935
Expires: Tue, 19 May 2020 20:53:38 GMT

GET logo.png
www.open24.iehttps//www.open24.ie/online/img/ 0
0

GET
H/1.1 200
OK logo.png
www.open24.ie/online/img/ 3 KB
3 KB 47ms
46ms Image
image/png 193.120.216.23
AS-BTIRE BT Irela...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.open24.ie/online/img/logo.png

Requested by

Host: servj.ga
URL: http://servj.ga/open24/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

193.120.216.23 Belfast, United Kingdom, ASN2110 (AS-BTIRE BT Ireland was previously known as Esat Net, EUnet Ireland & IEUnet., IE),

Reverse DNS

Software

Microsoft-IIS/7.5 / ASP.NET

Resource Hash

c769665aa1cab2a4c3aeaeb1f5283b2a4a461a288b314e79fb7148bc57712e64

Security Headers

Name	Value
X-Frame-Options	SameOrigin

Request headers

Referer: http://servj.ga/open24/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 20 May 2019 20:53:37 GMT
ETag: "07d78af28fad11:0"
Last-Modified: Fri, 19 Aug 2016 14:48:02 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Frame-Options: SameOrigin
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 3185

GET
H/1.1 200
OK jquery-3.3.1.min.js Show response
www.open24.ie/online/js/base/libraries/ 85 KB
85 KB 315ms
129ms Script
application/x-javascript 193.120.216.23
AS-BTIRE BT Irela...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.open24.ie/online/js/base/libraries/jquery-3.3.1.min.js

Requested by

Host: servj.ga
URL: http://servj.ga/open24/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

193.120.216.23 Belfast, United Kingdom, ASN2110 (AS-BTIRE BT Ireland was previously known as Esat Net, EUnet Ireland & IEUnet., IE),

Reverse DNS

Software

Microsoft-IIS/7.5 / ASP.NET

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Frame-Options	SameOrigin

Request headers

Referer: http://servj.ga/open24/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 20 May 2019 20:53:37 GMT
ETag: "07bb449d8d41:0"
Last-Modified: Mon, 11 Mar 2019 12:52:22 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Frame-Options: SameOrigin
Content-Type: application/x-javascript
Accept-Ranges: bytes
Content-Length: 86927

GET
H/1.1 200
OK utils Show response
www.open24.ie/online/js/ 926 B
1 KB 126ms
47ms Script
text/javascript 193.120.216.23
AS-BTIRE BT Irela...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.open24.ie/online/js/utils?v=JNcsSJGf8ULOKGoo5Ehpguq2ADmhjYVZwRaUhEnBSgM1

Requested by

Host: servj.ga
URL: http://servj.ga/open24/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

193.120.216.23 Belfast, United Kingdom, ASN2110 (AS-BTIRE BT Ireland was previously known as Esat Net, EUnet Ireland & IEUnet., IE),

Reverse DNS

Software

Microsoft-IIS/7.5 / ASP.NET

Resource Hash

20640f26d130ad057a2222e3d2904c52089c58033fa473ef4c7055392bf34655

Security Headers

Name	Value
X-Frame-Options	SameOrigin

Request headers

Referer: http://servj.ga/open24/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 20 May 2019 20:53:37 GMT
Vary: User-Agent
Last-Modified: Mon, 20 May 2019 20:53:38 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Frame-Options: SameOrigin
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Content-Length: 926
Expires: Tue, 19 May 2020 20:53:38 GMT

GET
H/1.1 200
OK app_plugins Show response
www.open24.ie/online/js/ 330 KB
331 KB 48ms
48ms Script
text/javascript 193.120.216.23
AS-BTIRE BT Irela...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.open24.ie/online/js/app_plugins?v=3V_fqna35-_Y2juw4BT9smM8LIn-U_0TKYBSSfA3fUg1

Requested by

Host: servj.ga
URL: http://servj.ga/open24/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

193.120.216.23 Belfast, United Kingdom, ASN2110 (AS-BTIRE BT Ireland was previously known as Esat Net, EUnet Ireland & IEUnet., IE),

Reverse DNS

Software

Microsoft-IIS/7.5 / ASP.NET

Resource Hash

b312a9f67a06d9f95db2239633cc6f5607a484f0d333f6316c3547dd62650967

Security Headers

Name	Value
X-Frame-Options	SameOrigin

Request headers

Referer: http://servj.ga/open24/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 20 May 2019 20:53:37 GMT
Vary: User-Agent
Last-Modified: Mon, 20 May 2019 20:53:38 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Frame-Options: SameOrigin
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Content-Length: 338189
Expires: Tue, 19 May 2020 20:53:38 GMT

GET
H/1.1 200
OK clearlocalstorage Show response
www.open24.ie/online/js/ 20 B
377 B 54ms
53ms Script
text/javascript 193.120.216.23
AS-BTIRE BT Irela...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.open24.ie/online/js/clearlocalstorage?v=qKHyBcKv5rCPcI6spRlh6eENrdfURMNAj0Grn-5aOXk1

Requested by

Host: servj.ga
URL: http://servj.ga/open24/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

193.120.216.23 Belfast, United Kingdom, ASN2110 (AS-BTIRE BT Ireland was previously known as Esat Net, EUnet Ireland & IEUnet., IE),

Reverse DNS

Software

Microsoft-IIS/7.5 / ASP.NET

Resource Hash

128bfa12addc3d4b8abf45a8d1b00586799609215a0f996f2430a32656d15b5b

Security Headers

Name	Value
X-Frame-Options	SameOrigin

Request headers

Referer: http://servj.ga/open24/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 20 May 2019 20:53:37 GMT
Vary: User-Agent
Last-Modified: Mon, 20 May 2019 20:53:38 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Frame-Options: SameOrigin
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Content-Length: 20
Expires: Tue, 19 May 2020 20:53:38 GMT

GET
H/1.1 200
OK ganalytics Show response
www.open24.ie/online/js/ 938 B
1 KB 48ms
47ms Script
text/javascript 193.120.216.23
AS-BTIRE BT Irela...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.open24.ie/online/js/ganalytics?v=wt9zQlCPM9CbNSZey3pP-q3U5slknnq2deDkKQ9MNnY1

Requested by

Host: servj.ga
URL: http://servj.ga/open24/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

193.120.216.23 Belfast, United Kingdom, ASN2110 (AS-BTIRE BT Ireland was previously known as Esat Net, EUnet Ireland & IEUnet., IE),

Reverse DNS

Software

Microsoft-IIS/7.5 / ASP.NET

Resource Hash

4a4d8beea6c52b67f2a766fa3b1b27c8d17564f034bf379e52ad372c39fcc68c

Security Headers

Name	Value
X-Frame-Options	SameOrigin

Request headers

Referer: http://servj.ga/open24/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 20 May 2019 20:53:37 GMT
Vary: User-Agent
Last-Modified: Mon, 20 May 2019 20:53:38 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Frame-Options: SameOrigin
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Content-Length: 938
Expires: Tue, 19 May 2020 20:53:38 GMT

GET
H/1.1 200
OK bg.png
www.open24.ie/online/img/ 10 KB
10 KB 44ms
43ms Image
image/png 193.120.216.23
AS-BTIRE BT Irela...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.open24.ie/online/img/bg.png

Requested by

Host: www.open24.ie
URL: https://www.open24.ie/online/js/libraries/modernizr?v=yqhzs2iwYmQp-xIGVgoAjHmm9J7LuO1RqI3lzD4FPpk1

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

193.120.216.23 Belfast, United Kingdom, ASN2110 (AS-BTIRE BT Ireland was previously known as Esat Net, EUnet Ireland & IEUnet., IE),

Reverse DNS

Software

Microsoft-IIS/7.5 / ASP.NET

Resource Hash

ce0b28cde1675780f6b254f38d6e2e180a4f452141dc80223354c3b106542fbe

Security Headers

Name	Value
X-Frame-Options	SameOrigin

Request headers

Referer: https://www.open24.ie/online/css/style?v=hANhxCny741j1VLl6E61WsoLC333EhtyjqmMINtQ23k1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 20 May 2019 20:53:37 GMT
ETag: "07d78af28fad11:0"
Last-Modified: Fri, 19 Aug 2016 14:48:02 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Frame-Options: SameOrigin
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 10017

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Referer: http://servj.ga/open24/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK bg-overlay.png
www.open24.ie/online/img/ 57 KB
57 KB 138ms
134ms Image
image/png 193.120.216.23
AS-BTIRE BT Irela...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.open24.ie/online/img/bg-overlay.png

Requested by

Host: servj.ga
URL: http://servj.ga/open24/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

193.120.216.23 Belfast, United Kingdom, ASN2110 (AS-BTIRE BT Ireland was previously known as Esat Net, EUnet Ireland & IEUnet., IE),

Reverse DNS

Software

Microsoft-IIS/7.5 / ASP.NET

Resource Hash

eec808eb5f0de8bff9a1317b09b5100dc8e5a04213e23b38478588f0f2039b1d

Security Headers

Name	Value
X-Frame-Options	SameOrigin

Request headers

Referer: https://www.open24.ie/online/css/style?v=hANhxCny741j1VLl6E61WsoLC333EhtyjqmMINtQ23k1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 20 May 2019 20:53:37 GMT
ETag: "07d78af28fad11:0"
Last-Modified: Fri, 19 Aug 2016 14:48:02 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Frame-Options: SameOrigin
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 58165

GET
H/1.1 200
OK icons.png
www.open24.ie/online/img/ 49 KB
49 KB 75ms
53ms Image
image/png 193.120.216.23
AS-BTIRE BT Irela...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.open24.ie/online/img/icons.png

Requested by

Host: servj.ga
URL: http://servj.ga/open24/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

193.120.216.23 Belfast, United Kingdom, ASN2110 (AS-BTIRE BT Ireland was previously known as Esat Net, EUnet Ireland & IEUnet., IE),

Reverse DNS

Software

Microsoft-IIS/7.5 / ASP.NET

Resource Hash

9e7956aaa3fd23a37639939bdb89431661dde3186ffb5ca54ba1f4e34999c2bb

Security Headers

Name	Value
X-Frame-Options	SameOrigin

Request headers

Referer: https://www.open24.ie/online/css/style?v=hANhxCny741j1VLl6E61WsoLC333EhtyjqmMINtQ23k1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 20 May 2019 20:53:37 GMT
ETag: "07d78af28fad11:0"
Last-Modified: Fri, 19 Aug 2016 14:48:02 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Frame-Options: SameOrigin
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 50315

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.open24.iehttps
URL: https://www.open24.iehttps//www.open24.ie/online/img/logo.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Permanent TSB (Banking)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

servj.ga
www.googletagmanager.com
www.open24.ie
www.open24.iehttps
www.open24.iehttps
193.120.216.23
2606:4700:30::681b:9692
2606:4700:30::681b:9792
2a00:1450:4001:81e::2008
128bfa12addc3d4b8abf45a8d1b00586799609215a0f996f2430a32656d15b5b
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1daf3ae375d7fddc76d200833766842061f35d337a70f6af0c713bd9b98e7f39
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
1efad86a4518dbf1b080bbc574d77f3e04d5cdf65f88fb12e4e443b64c9a94c8
20640f26d130ad057a2222e3d2904c52089c58033fa473ef4c7055392bf34655
26d969975f59caebddd1e076b9db58e3c980d46034b7a1a63fac2cb42277a79c
4a4d8beea6c52b67f2a766fa3b1b27c8d17564f034bf379e52ad372c39fcc68c
98c96e551690e6974d04209eccfbb9fccda31c4034f05c1e5bff83c312c11620
9e7956aaa3fd23a37639939bdb89431661dde3186ffb5ca54ba1f4e34999c2bb
b312a9f67a06d9f95db2239633cc6f5607a484f0d333f6316c3547dd62650967
c769665aa1cab2a4c3aeaeb1f5283b2a4a461a288b314e79fb7148bc57712e64
ce0b28cde1675780f6b254f38d6e2e180a4f452141dc80223354c3b106542fbe
d3d1e39083bc6c9bdb12c33e070d33931af4f27831d433f60c6ce6d0ff95f3e1
eec808eb5f0de8bff9a1317b09b5100dc8e5a04213e23b38478588f0f2039b1d

servj.ga Open in urlscan Pro 2606:4700:30::681b:9692 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

81 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

5 IPs

3 Countries

777 kBTransfer

826 kBSize

0 Cookies

11 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

0 Cookies

Indicators

servj.ga Open in urlscan Pro
2606:4700:30::681b:9692 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

81 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

777 kB
Transfer

826 kB
Size

0
Cookies

16 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!