urlscan.io logo urlscan.io
SecurityTrails logo

gtf69xx.pe.hu Open in urlscan Pro
31.170.166.180  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://gtf69xx.pe.hu/login.php
Submission: On March 20 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 8 HTTP transactions. The main IP is 31.170.166.180, located in United States and belongs to HOSTINGER-AS, LT. The main domain is gtf69xx.pe.hu.
This is the only time gtf69xx.pe.hu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 31.170.166.180 47583 (HOSTINGER-AS)
6 162.125.66.6 19679 (DROPBOX)
1 185.60.216.19 32934 (FACEBOOK)
8 3
Domain Requested by
6 dl.dropboxusercontent.com gtf69xx.pe.hu
1 static.xx.fbcdn.net gtf69xx.pe.hu
1 gtf69xx.pe.hu
8 3

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://gtf69xx.pe.hu/login.php
Frame ID: 1BCDD85EA5D84378CBBB474DC3CBBAE3
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i

Page Statistics

8
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

140 kB
Transfer

419 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.php
gtf69xx.pe.hu/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://gtf69xx.pe.hu/login.php
Protocol
HTTP/1.1
Server
31.170.166.180 , United States, ASN47583 (HOSTINGER-AS, LT),
Reverse DNS
Software
openresty / PHP/7.0.28
Resource Hash
a8378326749364d189d0cb55e9d769385ad8f1e7653cf9f2b12e9ed0a5f1de32

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
gtf69xx.pe.hu
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Connection
keep-alive
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 20 Mar 2018 23:53:35 GMT
Content-Encoding
gzip
Server
openresty
Connection
keep-alive
X-Powered-By
PHP/7.0.28
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
4SyundElK-001.css
dl.dropboxusercontent.com/s/r569q2xpt0xti0l/ 		86 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dl.dropboxusercontent.com/s/r569q2xpt0xti0l/4SyundElK-001.css
Requested by
Host: gtf69xx.pe.hu
URL: http://gtf69xx.pe.hu/login.php
Protocol
SPDY
Server
162.125.66.6 Frankfurt, Germany, ASN19679 (DROPBOX - Dropbox, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
34950715c4f9acf50431983b33cfc94ae64121c2b9431346d6104e0237e9163c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
http://gtf69xx.pe.hu/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

pragma
public
date
Tue, 20 Mar 2018 23:53:36 GMT
content-encoding
gzip
server
nginx
x-server-response-time
255
vary
Accept-Encoding
content-type
text/css; charset=utf-8
status
200
cache-control
max-age=60
content-disposition
inline; filename="4SyundElK-001.css"; filename*=UTF-8''4SyundElK-001.css
strict-transport-security
max-age=15552000; includeSubDomains
x-robots-tag
noindex, nofollow, noimageindex
x-dropbox-request-id
a0e8595e137e6cecb2643b05cc8dce17
4SyundElK-002.css
dl.dropboxusercontent.com/s/u7jck0wqkk9y3oh/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dl.dropboxusercontent.com/s/u7jck0wqkk9y3oh/4SyundElK-002.css
Requested by
Host: gtf69xx.pe.hu
URL: http://gtf69xx.pe.hu/login.php
Protocol
SPDY
Server
162.125.66.6 Frankfurt, Germany, ASN19679 (DROPBOX - Dropbox, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
fdc6cfe2677dd8c3da51bc3b92909bcf8ab8e6d04d989ec60f74feb9198a0c28
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
http://gtf69xx.pe.hu/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

pragma
public
date
Tue, 20 Mar 2018 23:53:35 GMT
content-encoding
gzip
server
nginx
x-server-response-time
355
vary
Accept-Encoding
content-type
text/css; charset=utf-8
status
200
cache-control
max-age=60
content-disposition
inline; filename="4SyundElK-002.css"; filename*=UTF-8''4SyundElK-002.css
strict-transport-security
max-age=15552000; includeSubDomains
x-robots-tag
noindex, nofollow, noimageindex
x-dropbox-request-id
3137db5ccb069958829a305ca53c25e6
4SyundElK-003.css
dl.dropboxusercontent.com/s/z3r1icfvhfi9eqh/ 		71 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dl.dropboxusercontent.com/s/z3r1icfvhfi9eqh/4SyundElK-003.css
Requested by
Host: gtf69xx.pe.hu
URL: http://gtf69xx.pe.hu/login.php
Protocol
SPDY
Server
162.125.66.6 Frankfurt, Germany, ASN19679 (DROPBOX - Dropbox, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
1797d4e480a124997d9632fa2f2311a5b2110ace440394ef760ad650b596d710
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
http://gtf69xx.pe.hu/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

pragma
public
date
Tue, 20 Mar 2018 23:53:36 GMT
content-encoding
gzip
server
nginx
x-server-response-time
399
vary
Accept-Encoding
content-type
text/css; charset=utf-8
status
200
cache-control
max-age=60
content-disposition
inline; filename="4SyundElK-003.css"; filename*=UTF-8''4SyundElK-003.css
strict-transport-security
max-age=15552000; includeSubDomains
x-robots-tag
noindex, nofollow, noimageindex
x-dropbox-request-id
544e93b930fc12c718e56279758dfe1b
4SyundElK-004.js
dl.dropboxusercontent.com/s/i1r5f93n5cjcn1k/ 		240 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dl.dropboxusercontent.com/s/i1r5f93n5cjcn1k/4SyundElK-004.js
Requested by
Host: gtf69xx.pe.hu
URL: http://gtf69xx.pe.hu/login.php
Protocol
SPDY
Server
162.125.66.6 Frankfurt, Germany, ASN19679 (DROPBOX - Dropbox, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
61f78d32d049e9aaed8661e8d2d7d5f08761741e5c4c814ad562aa9a86c42a10
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
http://gtf69xx.pe.hu/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma
public
date
Tue, 20 Mar 2018 23:53:35 GMT
content-encoding
gzip
server
nginx
x-server-response-time
303
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=60
content-disposition
inline; filename="4SyundElK-004.js"; filename*=UTF-8''4SyundElK-004.js
strict-transport-security
max-age=15552000; includeSubDomains
x-robots-tag
noindex, nofollow, noimageindex
x-dropbox-request-id
3d777d0c194fde860682d4b5870c9b33
4SyundElK-iLOGOOO2.png
dl.dropboxusercontent.com/s/m62oi2d3dx54d5f/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dl.dropboxusercontent.com/s/m62oi2d3dx54d5f/4SyundElK-iLOGOOO2.png
Requested by
Host: gtf69xx.pe.hu
URL: http://gtf69xx.pe.hu/login.php
Protocol
SPDY
Server
162.125.66.6 Frankfurt, Germany, ASN19679 (DROPBOX - Dropbox, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
527b47b6ad2fe861da2d0cd38366a6737bd56132b07b6d2eff3734b03ddc9558
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://dl.dropboxusercontent.com/s/r569q2xpt0xti0l/4SyundElK-001.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

pragma
public
date
Tue, 20 Mar 2018 23:53:36 GMT
server
nginx
etag
141n
x-server-response-time
307
strict-transport-security
max-age=15552000; includeSubDomains
content-type
image/png
status
200
cache-control
max-age=60
content-disposition
inline; filename="4SyundElK-iLOGOOO2.png"; filename*=UTF-8''4SyundElK-iLOGOOO2.png
accept-ranges
bytes
x-robots-tag
noindex, nofollow, noimageindex
content-length
2016
x-dropbox-request-id
e5562fad3c629af2245e4158c1699f36
O7nelmd9XSI.png
static.xx.fbcdn.net/rsrc.php/v3/yU/r/ 		95 B
876 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/O7nelmd9XSI.png
Requested by
Host: gtf69xx.pe.hu
URL: http://gtf69xx.pe.hu/login.php
Protocol
SPDY
Server
185.60.216.19 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
c0f9968d0fa5f4deff86babccd6df52306138314607a6f3f0acd2e7afc783d1c
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dl.dropboxusercontent.com/s/z3r1icfvhfi9eqh/4SyundElK-003.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

x-fb-debug
PZMhrVxLHUyPBnHvFxusJJrermCZeH0Dow9SuGTcjqsfuBR5e0E00kYfTaMeC5bacrEY5VyXQKp6z+ZFdaNlSQ==
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
OcEdZWIg79UvSWVADRSQCg==
date
Tue, 20 Mar 2018 23:53:36 GMT
status
200
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
access-control-allow-credentials
true
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
timing-allow-origin
*
content-length
95
x-xss-protection
0
expires
Tue, 12 Feb 2019 19:58:32 GMT
4SyundElK-iLOGOOO1.png
dl.dropboxusercontent.com/s/bglqhgh90ipzto5/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dl.dropboxusercontent.com/s/bglqhgh90ipzto5/4SyundElK-iLOGOOO1.png
Requested by
Host: gtf69xx.pe.hu
URL: http://gtf69xx.pe.hu/login.php
Protocol
SPDY
Server
162.125.66.6 Frankfurt, Germany, ASN19679 (DROPBOX - Dropbox, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
6f12e7d43af3fc54aaf5279e0f9c36cfe23bf4ce01baed57b6cd09979bb6d9b5
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://dl.dropboxusercontent.com/s/r569q2xpt0xti0l/4SyundElK-001.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

pragma
public
date
Tue, 20 Mar 2018 23:53:36 GMT
server
nginx
etag
140n
x-server-response-time
301
strict-transport-security
max-age=15552000; includeSubDomains
content-type
image/png
status
200
cache-control
max-age=60
content-disposition
inline; filename="4SyundElK-iLOGOOO1.png"; filename*=UTF-8''4SyundElK-iLOGOOO1.png
accept-ranges
bytes
x-robots-tag
noindex, nofollow, noimageindex
content-length
7163
x-dropbox-request-id
33a70e39a458f419a75d97bace4ff85a

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

number| __DEV__ function| __annotator function| __bodyWrapper function| __t function| __w function| FB_enumerate function| __m object| babelHelpers function| define function| require function| requireDynamic function| requireLazy function| __d object| Env object| ErrorUtils function| ProfilingCounters object| TimeSlice function| Arbiter object| JSCC function| $ function| ge function| emptyFunction function| goURI object| PageEvents function| _domcontentready function| onloadRegister_DEPRECATED function| onloadRegister function| onafterloadRegister_DEPRECATED function| onafterloadRegister function| onleaveRegister function| onbeforeunloadRegister function| onunloadRegister object| Parent function| wait_for_load

0 Cookies