mukhtalifventures.com
Open in
urlscan Pro
192.185.41.246
Malicious Activity!
Public Scan
Effective URL: https://mukhtalifventures.com/failure/index1.php?email=info@rscomponents.cz&dlrfax64q23jpcokugimnv5ytzwh8bs97e01
Submission: On June 03 via manual from GB
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on May 12th 2020. Valid for: 3 months.
This is the only time mukhtalifventures.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 78.110.50.123 78.110.50.123 | 31240 (HT-SYSTEM...) (HT-SYSTEMS-AS Uplinks:) | |
9 | 192.185.41.246 192.185.41.246 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 1 | 80.169.5.117 80.169.5.117 | 8220 (COLT) (COLT) | |
1 | 23.8.12.187 23.8.12.187 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
11 | 3 |
ASN31240 (HT-SYSTEMS-AS Uplinks:, RU)
PTR: cl7-w.ht-systems.ru
vz-tkani.ru |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-41-246.unifiedlayer.com
mukhtalifventures.com |
ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-8-12-187.deploy.static.akamaitechnologies.com
cz.rs-online.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
mukhtalifventures.com
mukhtalifventures.com |
14 KB |
1 |
rs-online.com
cz.rs-online.com |
617 B |
1 |
rscomponents.cz
1 redirects
rscomponents.cz |
220 B |
1 |
vz-tkani.ru
vz-tkani.ru |
642 B |
11 | 4 |
Domain | Requested by | |
---|---|---|
9 | mukhtalifventures.com |
vz-tkani.ru
mukhtalifventures.com |
1 | cz.rs-online.com |
mukhtalifventures.com
|
1 | rscomponents.cz | 1 redirects |
1 | vz-tkani.ru | |
11 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
mail.jwf-group.com Let's Encrypt Authority X3 |
2020-05-12 - 2020-08-10 |
3 months | crt.sh |
www.rs-online.com DigiCert ECC Extended Validation Server CA |
2020-03-31 - 2022-06-29 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://mukhtalifventures.com/failure/index1.php?email=info@rscomponents.cz&dlrfax64q23jpcokugimnv5ytzwh8bs97e01
Frame ID: 1C3B0AEE7ECEFAFD300D1FB69B46E37D
Requests: 11 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://vz-tkani.ru/libraries/fof/disable.php?email=info@rscomponents.cz Page URL
- https://mukhtalifventures.com/failure/?email=info@rscomponents.cz Page URL
- https://mukhtalifventures.com/failure/index1.php?email=info@rscomponents.cz&dlrfax64q23jpcokugimnv5ytzwh8b... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
- headers server /php\/?([\d.]+)?/i
Red Hat (Operating Systems) Expand
Detected patterns
- headers server /Red Hat/i
mod_dav (Web Server Extensions) Expand
Detected patterns
- headers server /\b(?:mod_)?DAV\b(?:\/([\d.]+))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
- headers server /\b(?:mod_)?DAV\b(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://vz-tkani.ru/libraries/fof/disable.php?email=info@rscomponents.cz Page URL
- https://mukhtalifventures.com/failure/?email=info@rscomponents.cz Page URL
- https://mukhtalifventures.com/failure/index1.php?email=info@rscomponents.cz&dlrfax64q23jpcokugimnv5ytzwh8bs97e01 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- http://rscomponents.cz/favicon.ico HTTP 301
- https://cz.rs-online.com/favicon.ico
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
disable.php
vz-tkani.ru/libraries/fof/ |
436 B 642 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
mukhtalifventures.com/failure/ |
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
Primary Request
index1.php
mukhtalifventures.com/failure/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
mukhtalifventures.com/failure/shared/ |
17 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr.js
mukhtalifventures.com/failure/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
cz.rs-online.com/ Redirect Chain
|
318 B 617 B |
Image
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr.js
mukhtalifventures.com/failure/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg_header_shadow.png
mukhtalifventures.com/brand/br/US_HSBC_EN/rv/6b644/resources/common/ |
746 B 746 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
white15.png
mukhtalifventures.com/brand/br/US_HSBC_EN/rv/6b644/resources/common/ |
746 B 746 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
help2.gif
mukhtalifventures.com/brand/br/US_HSBC_EN/rv/6b644/resources/common/ |
746 B 746 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_encrypted.png
mukhtalifventures.com/brand/br/US_HSBC_EN/rv/6b644/resources/common/ |
746 B 746 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| setScreenWidth function| addLoadEvent boolean| isCookieEnabled function| FocusOnElementID function| checkReturnChar function| SubmitHiddenForm0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cz.rs-online.com
mukhtalifventures.com
rscomponents.cz
vz-tkani.ru
192.185.41.246
23.8.12.187
78.110.50.123
80.169.5.117
0a08b7006e07517c933f6a62b0440213af1ab5fb8c1d02989efb855d21265c5f
1d7487275952362c9fa7db39ee86daefda8d1aa2f304c94ac6313c8904e4cd25
63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666
68590f9a253d542431bcc5b3e2bba7b9e9123cc38af87f335c6d85de14572de8
e9438621e869a1ffc48a84161566995706471c950c50a8afe847dcfc1b05f194