elektrostehroller.net
Open in
urlscan Pro
138.201.18.59
Malicious Activity!
Public Scan
Effective URL: https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081...
Submission Tags: falconsandbox
Submission: On January 20 via api from US
Summary
TLS certificate: Issued by R3 on December 25th 2020. Valid for: 3 months.
This is the only time elektrostehroller.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 18 | 138.201.18.59 138.201.18.59 | 24940 (HETZNER-AS) (HETZNER-AS) | |
2 | 2a00:1450:400... 2a00:1450:4001:802::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:809::2003 | 15169 (GOOGLE) (GOOGLE) | |
17 | 3 |
ASN24940 (HETZNER-AS, DE)
PTR: linuxhosting.cloudinhost.com
elektrostehroller.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
elektrostehroller.net
4 redirects
elektrostehroller.net |
72 KB |
2 |
google.com
www.google.com |
729 B |
1 |
gstatic.com
www.gstatic.com |
131 KB |
17 | 3 |
Domain | Requested by | |
---|---|---|
18 | elektrostehroller.net |
4 redirects
elektrostehroller.net
|
2 | www.google.com |
elektrostehroller.net
www.gstatic.com |
1 | www.gstatic.com |
www.google.com
|
17 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.elektrostehroller.net R3 |
2020-12-25 - 2021-03-25 |
3 months | crt.sh |
www.google.com GTS CA 1O1 |
2020-12-15 - 2021-03-09 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-12-15 - 2021-03-09 |
3 months | crt.sh |
*.google.com GTS CA 1O1 |
2020-12-15 - 2021-03-09 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081og4rwlcv5iv3cq1k74sa5d9hzo8jtpb62n0wgryfuxmel&data=bXNtaXRoQHB2YW11LmVkdQ==
Frame ID: DA86F39F81D1BC0A216744B92A2C0675
Requests: 16 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeiQDMaAAAAALmuBfdhiz74cD9AfVFUiInPZ_J0&co=aHR0cHM6Ly9lbGVrdHJvc3RlaHJvbGxlci5uZXQ6NDQz&hl=en&v=r8jtf1oixV0IGff4hgB4EzDF&size=invisible&cb=kpian42p260w
Frame ID: 26B8F698CAB6949B61FA97AECF2B20AB
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://elektrostehroller.net/.-o/?msmith%40pvamu.edu
HTTP 302
https://elektrostehroller.net/.-o/proc?referrer=msmith@pvamu.edu HTTP 302
https://elektrostehroller.net/.-o/proc?csrftoken=MTYxMTE3NjQwM2U3MDRjMDhlZmFhODllZDRiZDE2NmU4ODNlY2E3ZTU0N... Page URL
-
https://elektrostehroller.net/.-o/home
HTTP 302
https://elektrostehroller.net/.-o/proceed?data=msmith@pvamu.edu HTTP 302
https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3u... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://elektrostehroller.net/.-o/?msmith%40pvamu.edu
HTTP 302
https://elektrostehroller.net/.-o/proc?referrer=msmith@pvamu.edu HTTP 302
https://elektrostehroller.net/.-o/proc?csrftoken=MTYxMTE3NjQwM2U3MDRjMDhlZmFhODllZDRiZDE2NmU4ODNlY2E3ZTU0NjQ3YTMxMWU0NzZjYjQwNWY0ZTIwZmI4ZWMxMmVlODI0NjBlNDM0OA== Page URL
-
https://elektrostehroller.net/.-o/home
HTTP 302
https://elektrostehroller.net/.-o/proceed?data=msmith@pvamu.edu HTTP 302
https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081og4rwlcv5iv3cq1k74sa5d9hzo8jtpb62n0wgryfuxmel&data=bXNtaXRoQHB2YW11LmVkdQ== Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://elektrostehroller.net/.-o/?msmith%40pvamu.edu HTTP 302
- https://elektrostehroller.net/.-o/proc?referrer=msmith@pvamu.edu HTTP 302
- https://elektrostehroller.net/.-o/proc?csrftoken=MTYxMTE3NjQwM2U3MDRjMDhlZmFhODllZDRiZDE2NmU4ODNlY2E3ZTU0NjQ3YTMxMWU0NzZjYjQwNWY0ZTIwZmI4ZWMxMmVlODI0NjBlNDM0OA==
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
proc
elektrostehroller.net/.-o/ Redirect Chain
|
1 KB 982 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.google.com/recaptcha/ |
884 B 729 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/r8jtf1oixV0IGff4hgB4EzDF/ |
335 KB 131 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
anchor
www.google.com/recaptcha/api2/ Frame 26B8 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
1cl0ifkun2jtrwe6sx98avyh.php
elektrostehroller.net/.-o/ Redirect Chain
|
16 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
conv.css
elektrostehroller.net/.-o/css/ |
95 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mcsft_logo.svg
elektrostehroller.net/.-o/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow_left.svg
elektrostehroller.net/.-o/images/ |
513 B 650 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
enterpass.png
elektrostehroller.net/.-o/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
firstmsg.png
elektrostehroller.net/.-o/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
forgetpass.png
elektrostehroller.net/.-o/images/ |
713 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ellipsis_white.svg
elektrostehroller.net/.-o/images/ |
915 B 636 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ellipsis_grey.svg
elektrostehroller.net/.-o/images/ |
915 B 636 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
small-background.jpg
elektrostehroller.net/.-o/images/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
big-background.jpg
elektrostehroller.net/.-o/images/ |
31 KB 31 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
passwrd.png
elektrostehroller.net/.-o/images/ |
902 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sigin.png
elektrostehroller.net/.-o/images/ |
736 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| makeInputHere function| validateForm function| submitForm0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
elektrostehroller.net
www.google.com
www.gstatic.com
138.201.18.59
2a00:1450:4001:802::2004
2a00:1450:4001:809::2003
027d8049a78724303fd3fdf285f1c4a78274fb4733eaf79ce59fc3898db87d72
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
105c03d3360cdb953585482374b2cc953d090741037502b0609629f5bb0135b7
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
706de242e7c3cfc4b16ba8174723f26fb80566c3171e9e795f057476011a5de1
8d4af5ec8c33b5dc0cbc32ca17e405c2f596eb7864257e92280122a1278a1e57
a33593e9043efefbaf94d9ca220c885ce1c42dd2a7707f30ed072d7d71587da5
a786093bdf9daf5be1aed36749e4c052ba78ee135e3c4c38f9371916bde55a4f
bdf5cbd845dc385330f53ec907478ff290bf2a80957e97a06e6212ab21ee7e0b
cb310f9a318f49ce0a5ab7bb2b2e2d414267c168023b315c1e45ac92f89ea6cc
d19fffadd3448844a6dbe84367829270272056216face9083c9c01feccbf967e
e29db32031dc537aee9cb557b408395f3324f1e0f744349c0cdf943a3af39296
f32a760f15530284447282af5c7d0825babf8bc4739e073928f6128830819f7a
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea