holitsmail.xyz
Open in
urlscan Pro
104.21.4.90
Malicious Activity!
Public Scan
Submission: On December 25 via api from US — Scanned from US
Summary
TLS certificate: Issued by GTS CA 1P5 on December 25th 2023. Valid for: 3 months.
This is the only time holitsmail.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 104.21.4.90 104.21.4.90 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
holitsmail.xyz
holitsmail.xyz |
43 KB |
10 | 1 |
Domain | Requested by | |
---|---|---|
10 | holitsmail.xyz |
holitsmail.xyz
|
10 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
holitsmail.xyz GTS CA 1P5 |
2023-12-25 - 2024-03-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://holitsmail.xyz/
Frame ID: 1B69E9CFA7425D2E230B2A313EC0E6E5
Requests: 10 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
holitsmail.xyz/ |
4 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
holitsmail.xyz/assets/css/ |
13 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ms_logo.svg
holitsmail.xyz/assets/img/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
question_mark.svg
holitsmail.xyz/assets/img/ |
2 KB 923 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
option.svg
holitsmail.xyz/assets/img/ |
2 KB 915 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
back.png
holitsmail.xyz/assets/img/ |
240 B 680 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.7.1.min.js
holitsmail.xyz/assets/js/ |
85 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
holitsmail.xyz/assets/js/ |
4 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bg.svg
holitsmail.xyz/assets/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
stat
holitsmail.xyz/ |
0 493 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery function| stat1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
holitsmail.xyz/ | Name: PHPSESSID Value: cno1tlvu5n9qokk501hndbtree |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
holitsmail.xyz
104.21.4.90
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
64880a2419804e4b2a2b18b917736d2e33f6e7f139d5aa5c4f9af54ea765a6db
6f04c457f02fe26c80e8d9858407ac5682b0474c2d7940638d77e4d1bec8ce80
6f0a762926db3e56e1f02051af602c2fd71f0e8cc633a4b5678613101299d9d2
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea
ab50358475adae73a435466c72d1a48ab124e8ae06614663716a46dce5ac8b83
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a