xfiles-uk.net - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 4 HTTP transactions. The main IP is 82.221.139.160, located in Reykjavik, Iceland and belongs to THORDC-AS, IS. The main domain is xfiles-uk.net.

This is the only time xfiles-uk.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ukr.net (Online)

Domain & IP information

	IP Address		AS Autonomous System
3	82.221.139.160 82.221.139.160		50613 (THORDC-AS) (THORDC-AS)
4	2

3 82.221.139.160 (Reykjavik, Iceland)

ASN50613 (THORDC-AS, IS)
PTR: vps118928.iceservers.net

xfiles-uk.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	xfiles-uk.net xfiles-uk.net	13 KB
0	Failed function sub() { [native code] }. Failed
4	2

	Domain	Requested by
3	xfiles-uk.net	xfiles-uk.net
0	localhost Failed	xfiles-uk.net
4	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://xfiles-uk.net/files/
Frame ID: 5C16BED635220A60089307D37B3F46FC
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Система єлектронного

Page URL History Show full URLs

http://xfiles-uk.net/files/ HTTP 307
https://xfiles-uk.net/files/ HTTP 307
http://xfiles-uk.net/files/ Page URL

Page Statistics

4
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

13 kB
Transfer

49 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://xfiles-uk.net/files/ HTTP 307
https://xfiles-uk.net/files/ HTTP 307
http://xfiles-uk.net/files/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response xfiles-uk.net/files/ Redirect Chain http://xfiles-uk.net/files/ https://xfiles-uk.net/files/ http://xfiles-uk.net/files/	7 KB 3 KB	507ms 50ms	Document text/html	82.221.139.160 THORDC-AS
General Check archive.org Show headers Download Go to Full URL http://xfiles-uk.net/files/ Protocol HTTP/1.1 Server 82.221.139.160 Reykjavik, Iceland, ASN50613 (THORDC-AS, IS), Reverse DNS vps118928.iceservers.net Software Apache/2.4.41 (Ubuntu) / Resource Hash `2d6c45eeaa14ba77d75d8eb15bd6d442538062788cbb205c9849a59cece77fe7` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Encoding gzip Content-Length 2297 Content-Type text/html Date Thu, 03 Oct 2024 15:59:42 GMT ETag "1a63-622f0ea7ddee8-gzip" Keep-Alive timeout=5, max=100 Last-Modified Wed, 25 Sep 2024 12:39:41 GMT Server Apache/2.4.41 (Ubuntu) Vary Accept-Encoding Redirect headers Location http://xfiles-uk.net/files/ Non-Authoritative-Reason HttpsUpgrades
GET H/1.1	200 OK	bundle.css xfiles-uk.net/files/css/	29 KB 9 KB	50ms 49ms	Stylesheet text/css	82.221.139.160 THORDC-AS
General Check archive.org Show headers Download Go to Full URL http://xfiles-uk.net/files/css/bundle.css Requested by Host: xfiles-uk.net URL: http://xfiles-uk.net/files/ Protocol HTTP/1.1 Server 82.221.139.160 Reykjavik, Iceland, ASN50613 (THORDC-AS, IS), Reverse DNS vps118928.iceservers.net Software Apache/2.4.41 (Ubuntu) / Resource Hash `2b9bbf1bf280af60665584324fd456bc5b65ca625893b50bf18daa30302dc1be` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Referer http://xfiles-uk.net/files/ Response headers Content-Encoding gzip ETag "7477-622f0eb12bf96-gzip" Connection Keep-Alive Accept-Ranges bytes Content-Length 9232 Keep-Alive timeout=5, max=99 Date Thu, 03 Oct 2024 15:59:42 GMT Last-Modified Wed, 25 Sep 2024 12:39:51 GMT Vary Accept-Encoding Server Apache/2.4.41 (Ubuntu) Content-Type text/css
GET H/1.1	200 OK	bundle.js Show response xfiles-uk.net/files/js/	459 B 618 B	96ms 49ms	Script application/javascript	82.221.139.160 THORDC-AS
General Check archive.org Show headers Download Go to Full URL http://xfiles-uk.net/files/js/bundle.js Requested by Host: xfiles-uk.net URL: http://xfiles-uk.net/files/ Protocol HTTP/1.1 Server 82.221.139.160 Reykjavik, Iceland, ASN50613 (THORDC-AS, IS), Reverse DNS vps118928.iceservers.net Software Apache/2.4.41 (Ubuntu) / Resource Hash `22fe9fe2a7909db1a9c3aba4caa34376fc2d29493165eefb15b6fc850f3c481b` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Referer http://xfiles-uk.net/files/ Response headers Content-Encoding gzip ETag "1cb-622f0eafe0e41-gzip" Connection Keep-Alive Accept-Ranges bytes Content-Length 268 Keep-Alive timeout=5, max=100 Date Thu, 03 Oct 2024 15:59:42 GMT Last-Modified Wed, 25 Sep 2024 12:39:50 GMT Vary Accept-Encoding Server Apache/2.4.41 (Ubuntu) Content-Type application/javascript
GET		modj localhost/login/	0 0

GET DATA	200 OK	truncated /	12 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `70def77f0078649a8205d918fdc8a12cd3e089f69d00c07b361a65899d2476a9` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Referer http://xfiles-uk.net/ Response headers Content-Type image/svg+xml;charset=utf-8
GET DATA	200 OK	truncated /	429 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b05bd86cf15107075c6d6f06e56667df1c3f6039f2d8aa5b882896278a2c84dc` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Referer http://xfiles-uk.net/ Response headers Content-Type image/svg+xml

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: localhost
URL: http://localhost/login/modj

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ukr.net (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| coll object| img

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: http://xfiles-uk.net/files/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

localhost
xfiles-uk.net
localhost
82.221.139.160
22fe9fe2a7909db1a9c3aba4caa34376fc2d29493165eefb15b6fc850f3c481b
2b9bbf1bf280af60665584324fd456bc5b65ca625893b50bf18daa30302dc1be
2d6c45eeaa14ba77d75d8eb15bd6d442538062788cbb205c9849a59cece77fe7
70def77f0078649a8205d918fdc8a12cd3e089f69d00c07b361a65899d2476a9
b05bd86cf15107075c6d6f06e56667df1c3f6039f2d8aa5b882896278a2c84dc

xfiles-uk.net Open in urlscan Pro 82.221.139.160 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

4 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

13 kBTransfer

49 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

xfiles-uk.net Open in urlscan Pro
82.221.139.160 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

13 kB
Transfer

49 kB
Size

0
Cookies

4 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!