accountsrecovery.online.oxfordeditorials.com

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 185.34.216.213, located in Netherlands and belongs to ASN-ROUTELABEL, NL. The main domain is accountsrecovery.online.oxfordeditorials.com.
TLS certificate: Issued by R10 on July 18th 2024. Valid for: 3 months.

This is the only time accountsrecovery.online.oxfordeditorials.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yahoo (Online)

Domain & IP information

	IP Address		AS Autonomous System
5	185.34.216.213 185.34.216.213		198203 (ASN-ROUTE...) (ASN-ROUTELABEL)
5	1

5 185.34.216.213 (Netherlands)

ASN198203 (ASN-ROUTELABEL, NL)

accountsrecovery.online.oxfordeditorials.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	oxfordeditorials.com accountsrecovery.online.oxfordeditorials.com	223 KB
5	1

	Domain	Requested by
5	accountsrecovery.online.oxfordeditorials.com	accountsrecovery.online.oxfordeditorials.com
5	1

This site contains no links.

Subject Issuer	Validity	Valid
*.online.oxfordeditorials.com R10	`2024-07-18` - `2024-10-16`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://accountsrecovery.online.oxfordeditorials.com/
Frame ID: 86C0B5CF8736676F69AFAE8A89BA4C64
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Account Validation

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

223 kB
Transfer

227 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response accountsrecovery.online.oxfordeditorials.com/	4 KB 1 KB	310ms 38ms	Document text/html	185.34.216.213 ASN-ROUTELABEL
General Check archive.org Show headers Download Go to Full URL https://accountsrecovery.online.oxfordeditorials.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.34.216.213 , Netherlands, ASN198203 (ASN-ROUTELABEL, NL), Reverse DNS Software LiteSpeed / RAMNODE.COM Resource Hash `fa1a35be1bb06274c11a94bd1fc93557938c7917c23a8935b56480e0cb58f38b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-encoding br content-length 966 content-type text/html; charset=UTF-8 date Sat, 20 Jul 2024 04:20:16 GMT server LiteSpeed vary Accept-Encoding x-powered-by RAMNODE.COM
GET H2	200	edit.css accountsrecovery.online.oxfordeditorials.com/	3 KB 871 B	84ms 83ms	Stylesheet text/css	185.34.216.213 ASN-ROUTELABEL
General Check archive.org Show headers Download Go to Full URL https://accountsrecovery.online.oxfordeditorials.com/edit.css Requested by Host: accountsrecovery.online.oxfordeditorials.com URL: https://accountsrecovery.online.oxfordeditorials.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.34.216.213 , Netherlands, ASN198203 (ASN-ROUTELABEL, NL), Reverse DNS Software LiteSpeed / RAMNODE.COM Resource Hash `41a680aeafc758263e3f87950773e8bc5b2de0e58b5adde4c1bbbf358fa98c87` Request headers Referer https://accountsrecovery.online.oxfordeditorials.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 04:20:16 GMT content-encoding br last-modified Thu, 18 Jul 2024 05:13:56 GMT server LiteSpeed x-powered-by RAMNODE.COM vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 830 expires Sat, 27 Jul 2024 04:20:16 GMT
GET H2	200	logo.jpg accountsrecovery.online.oxfordeditorials.com/	55 KB 55 KB	64ms 64ms	Image image/jpeg	185.34.216.213 ASN-ROUTELABEL
General Check archive.org Show headers Download Go to Show image Full URL https://accountsrecovery.online.oxfordeditorials.com/logo.jpg Requested by Host: accountsrecovery.online.oxfordeditorials.com URL: https://accountsrecovery.online.oxfordeditorials.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.34.216.213 , Netherlands, ASN198203 (ASN-ROUTELABEL, NL), Reverse DNS Software LiteSpeed / RAMNODE.COM Resource Hash `44e4c38e72261b9c1ff134f0b10767d87f5a8339a7cfbae03667e9c53a8cdf2b` Request headers Referer https://accountsrecovery.online.oxfordeditorials.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 04:20:16 GMT last-modified Thu, 18 Jul 2024 05:13:56 GMT server LiteSpeed x-powered-by RAMNODE.COM content-type image/jpeg cache-control public, max-age=604800 accept-ranges bytes content-length 56036 expires Sat, 27 Jul 2024 04:20:16 GMT
GET H2	200	image8-2.png accountsrecovery.online.oxfordeditorials.com/	164 KB 164 KB	75ms 74ms	Image image/png	185.34.216.213 ASN-ROUTELABEL
General Check archive.org Show headers Download Go to Show image Full URL https://accountsrecovery.online.oxfordeditorials.com/image8-2.png Requested by Host: accountsrecovery.online.oxfordeditorials.com URL: https://accountsrecovery.online.oxfordeditorials.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.34.216.213 , Netherlands, ASN198203 (ASN-ROUTELABEL, NL), Reverse DNS Software LiteSpeed / RAMNODE.COM Resource Hash `23c8ca01aa0816e0c0c0604741180bbf95975baa6a8f3d53ab79fe9d72422f4b` Request headers Referer https://accountsrecovery.online.oxfordeditorials.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 04:20:16 GMT last-modified Thu, 18 Jul 2024 05:13:56 GMT server LiteSpeed x-powered-by RAMNODE.COM content-type image/png cache-control public, max-age=604800 accept-ranges bytes content-length 167817 expires Sat, 27 Jul 2024 04:20:16 GMT
GET H3	200	favicon.png accountsrecovery.online.oxfordeditorials.com/	1 KB 2 KB	41ms 41ms	Other image/png	185.34.216.213 ASN-ROUTELABEL
General Check archive.org Show headers Download Go to Full URL https://accountsrecovery.online.oxfordeditorials.com/favicon.png Protocol H3 Security QUIC, , AES_128_GCM Server 185.34.216.213 , Netherlands, ASN198203 (ASN-ROUTELABEL, NL), Reverse DNS Software LiteSpeed / RAMNODE.COM Resource Hash `4a491acd00880c407a2b749619003716c87e9c25ac344e5934c13e8f9aa0e8b3` Request headers Referer https://accountsrecovery.online.oxfordeditorials.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Sat, 20 Jul 2024 04:20:16 GMT last-modified Thu, 18 Jul 2024 05:13:56 GMT server LiteSpeed x-powered-by RAMNODE.COM content-type image/png cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 1406 expires Sat, 27 Jul 2024 04:20:16 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Yahoo (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	warning	URL: https://accountsrecovery.online.oxfordeditorials.com/ Message: [DOM] Found 2 elements with non-unique id #user: (More info: https://goo.gl/9p2vKq) %o %o
recommendation	verbose	URL: https://accountsrecovery.online.oxfordeditorials.com/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accountsrecovery.online.oxfordeditorials.com
185.34.216.213
23c8ca01aa0816e0c0c0604741180bbf95975baa6a8f3d53ab79fe9d72422f4b
41a680aeafc758263e3f87950773e8bc5b2de0e58b5adde4c1bbbf358fa98c87
44e4c38e72261b9c1ff134f0b10767d87f5a8339a7cfbae03667e9c53a8cdf2b
4a491acd00880c407a2b749619003716c87e9c25ac344e5934c13e8f9aa0e8b3
fa1a35be1bb06274c11a94bd1fc93557938c7917c23a8935b56480e0cb58f38b

accountsrecovery.online.oxfordeditorials.com Open in urlscan Pro 185.34.216.213 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

223 kBTransfer

227 kBSize

0 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

accountsrecovery.online.oxfordeditorials.com Open in urlscan Pro
185.34.216.213 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

223 kB
Transfer

227 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!