onservlves.serv00.net
Open in
urlscan Pro
128.204.223.113
Malicious Activity!
Public Scan
Submission: On September 14 via manual from DO — Scanned from PL
Summary
TLS certificate: Issued by R11 on July 1st 2024. Valid for: 3 months.
This is the only time onservlves.serv00.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 128.204.223.113 128.204.223.113 | 57367 (ECO-ATMAN...) (ECO-ATMAN-PL ECO-ATMAN-) | |
5 | 172.67.139.119 172.67.139.119 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
12 | 2 |
ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL)
PTR: web8.serv00.com
onservlves.serv00.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
serv00.net
onservlves.serv00.net |
417 KB |
5 |
fontawesome.com
ka-f.fontawesome.com — Cisco Umbrella Rank: 5344 |
177 KB |
12 | 2 |
Domain | Requested by | |
---|---|---|
7 | onservlves.serv00.net |
onservlves.serv00.net
|
5 | ka-f.fontawesome.com |
onservlves.serv00.net
|
12 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.serv00.net R11 |
2024-07-01 - 2024-09-29 |
3 months | crt.sh |
ka-f.fontawesome.com WE1 |
2024-08-29 - 2024-11-27 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://onservlves.serv00.net/
Frame ID: DFC803E0786FECD3A1DCF35F3E9A7294
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
InicioDetected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
onservlves.serv00.net/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
onservlves.serv00.net/arch/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
onservlves.serv00.net/arch/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4a03c8ce1f.js
onservlves.serv00.net/arch/ |
11 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
functions.js
onservlves.serv00.net/arch/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fondo.png
onservlves.serv00.net/arch/ |
394 KB 394 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/ |
100 KB 22 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/ |
27 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-v5-font-face.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/ |
823 B 955 B |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/ |
2 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v6.2.0/webfonts/ |
147 KB 148 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
onservlves.serv00.net/ |
3 KB 3 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| FontAwesomeKitConfig function| layoutInit function| nextLayout function| prevLayout function| validateEmail function| cancelEnter0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ka-f.fontawesome.com
onservlves.serv00.net
128.204.223.113
172.67.139.119
0268dfa7fe8087f128d440c90568ec97f58a8106a75a873e95c99ade6f782f94
17e97452418b8595f162bfbd40f3fb96d1153cda5d2b0a49b0d0a05b01fce385
1952f2d7ec428aa08d086521dc27f72e64d5dedd6909be115155881b91765b12
1fe3aa4db1e71d7b765041ef9728d0d241c85a995c0129e2037285f048574f00
657b38d408d6552df456c765be754c08e6dee14da828fcfc3a05d25567d01521
6b6269b202721230c8818a5bf4dab7049879bb5dd8e29b16c9f81492ee4f6535
6d139c3115ef0721d09ae9ca2da8e31186228a67f355f2b0425c067b3709b997
8bc0ba67fa8fc1e6a5f3a83250fa02aa6a635602d5b4060e6f5975fb43645962
ad28ece0bf48b1488c82aaf700201d7f6b56a62e11b5b6a0a12481780c8a3417
c1081c5c02309927ef4aa2929fc0e14122fb47302d81ea4118acb9d643a1c65e
c6c1651291bdbeeaf76023bf75ea9e024acecc85244905df86a5bd98e294e3c0
d4b62932da96f2e723714952390ba9e6ed5c3f44950280081f49bbad4bb9dba0