srv88980.ht-test.ru
Open in
urlscan Pro
78.110.50.131
Malicious Activity!
Public Scan
Effective URL: http://srv88980.ht-test.ru/js/ll6qjxpsu12htwcygimewk0vzt.php?a=dmFuc2VydmljZXNAc3BzY29tbWVyY2UuY29t&.verify?service=nfpb=tr...
Submission: On August 10 via manual from US
Summary
This is the only time srv88980.ht-test.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.115.54 167.89.115.54 | 11377 (SENDGRID) (SENDGRID) | |
1 1 | 148.72.201.88 148.72.201.88 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
1 6 | 78.110.50.131 78.110.50.131 | 31240 (HT-SYSTEM...) (HT-SYSTEMS-AS Uplinks:) | |
1 2 | 2620:12a:8000::1 2620:12a:8000::1 | 54113 (FASTLY) (FASTLY) | |
6 | 2 |
ASN11377 (SENDGRID, US)
PTR: o16789115x54.outbound-mail.sendgrid.net
u5868380.ct.sendgrid.net |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-148-72-201-88.ip.secureserver.net
of3.gamingakhada.com |
ASN31240 (HT-SYSTEMS-AS Uplinks:, RU)
PTR: cl33-w.ht-systems.ru
srv88980.ht-test.ru |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
ht-test.ru
1 redirects
srv88980.ht-test.ru |
1 MB |
2 |
spscommerce.com
1 redirects
spscommerce.com |
5 KB |
1 |
gamingakhada.com
1 redirects
of3.gamingakhada.com |
348 B |
1 |
sendgrid.net
1 redirects
u5868380.ct.sendgrid.net |
274 B |
6 | 4 |
Domain | Requested by | |
---|---|---|
6 | srv88980.ht-test.ru |
1 redirects
srv88980.ht-test.ru
|
2 | spscommerce.com |
1 redirects
srv88980.ht-test.ru
|
1 | of3.gamingakhada.com | 1 redirects |
1 | u5868380.ct.sendgrid.net | 1 redirects |
6 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
spscommerce.com Let's Encrypt Authority X3 |
2020-07-31 - 2020-10-29 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://srv88980.ht-test.ru/js/ll6qjxpsu12htwcygimewk0vzt.php?a=dmFuc2VydmljZXNAc3BzY29tbWVyY2UuY29t&.verify?service=nfpb=true&_pageLabel=smep_portal_page_login&timedOut=true&_nfls&c=&i=0&false=dmFuc2VydmljZXNAc3BzY29tbWVyY2UuY29t&loginID=&.
Frame ID: 759E8DA41871723ED8D82E201F872371
Requests: 2 HTTP requests in this frame
Frame:
http://srv88980.ht-test.ru/js/ova.php?a=dmFuc2VydmljZXNAc3BzY29tbWVyY2UuY29t&i=0&c=
Frame ID: C161DDD593A2E6A9A799D57096F35EB7
Requests: 4 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://u5868380.ct.sendgrid.net/ls/click?upn=I-2B-2FNJdd07HuejN6-2BOxubPJiAqaHTDBCDFEosQUXowi0ClTJO4UdE7czrm...
HTTP 302
http://of3.gamingakhada.com/redir.php?email=vanservices@spscommerce.com HTTP 302
http://srv88980.ht-test.ru/js/index.php?x=x&a=vanservices@spscommerce.com HTTP 302
http://srv88980.ht-test.ru/js/ll6qjxpsu12htwcygimewk0vzt.php?a=dmFuc2VydmljZXNAc3BzY29tbWVyY2UuY29t&.ve... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- headers server /php\/?([\d.]+)?/i
Red Hat (Operating Systems) Expand
Detected patterns
- headers server /Red Hat/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://u5868380.ct.sendgrid.net/ls/click?upn=I-2B-2FNJdd07HuejN6-2BOxubPJiAqaHTDBCDFEosQUXowi0ClTJO4UdE7czrmOt2iM-2FhSEYgSGTc8Nb0EnBZEfNtB3FE-2FOecmOiTCpJmvuihT-2Fc-3DG1S7_vUkcFtZkAbSNsk45XxblRSOh6-2BfTbH684D2pxPDAYshQg1jeLfIExZazApTL8CW9JO5cl399yqMSaNNqmwrgyWwT35eP-2BZCs5sit2rLab0OodqV01RKWzRywtKzrHjLg6Qt-2B259P63uJenKbtFSekENE1UndV7pzvdiBoqux7WNX36JrNaLj-2Bn5KJpsR7Uo2chVmwJphjnjk2FutRe-2FygOmsyh-2FnAT7Rl6ByCVK9WBQ-3D
HTTP 302
http://of3.gamingakhada.com/redir.php?email=vanservices@spscommerce.com HTTP 302
http://srv88980.ht-test.ru/js/index.php?x=x&a=vanservices@spscommerce.com HTTP 302
http://srv88980.ht-test.ru/js/ll6qjxpsu12htwcygimewk0vzt.php?a=dmFuc2VydmljZXNAc3BzY29tbWVyY2UuY29t&.verify?service=nfpb=true&_pageLabel=smep_portal_page_login&timedOut=true&_nfls&c=&i=0&false=dmFuc2VydmljZXNAc3BzY29tbWVyY2UuY29t&loginID=&. Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- http://spscommerce.com/favicon.ico HTTP 301
- https://spscommerce.com/favicon.ico
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
ll6qjxpsu12htwcygimewk0vzt.php
srv88980.ht-test.ru/js/ Redirect Chain
|
941 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ova.php
srv88980.ht-test.ru/js/ Frame C161 |
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
default.jpg
srv88980.ht-test.ru/js/ico/bg/ |
1 MB 1 MB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
srv88980.ht-test.ru/js/css/ Frame C161 |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js.js
srv88980.ht-test.ru/js/ico/ Frame C161 |
6 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
spscommerce.com/ Frame C161 Redirect Chain
|
4 KB 5 KB |
Image
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
srv88980.ht-test.ru/ | Name: PHPSESSID Value: 638q63866dig66jsglm12v3ur7 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
of3.gamingakhada.com
spscommerce.com
srv88980.ht-test.ru
u5868380.ct.sendgrid.net
148.72.201.88
167.89.115.54
2620:12a:8000::1
78.110.50.131
14f17f7b19fd0bcd0142408b8a07275b0d79f96358d2bdd92430561b4db93d22
1bcbd711541fce74fc4c58fce450956c507db9e1e9d83af8f13ed448e114f9a0
20477b74e2f8b4c7d0a04b5ca90bbe06931767981af734c36cb41796e912e43f
9ac3a4e25e2772b4782032552fe6ac222e6a2219d66b18b4e8ace48922452634
a6baa596c961ffab09d260ba7d7c743114ff7016e13e853b9b0f25bceac17255