urlscan.io logo urlscan.io
SecurityTrails logo

galeria-nagosci.ct8.pl Open in urlscan Pro
136.243.156.120  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://skradzione-fotki.24lite.eu/
Effective URL: http://galeria-nagosci.ct8.pl/
Submission: On May 09 via manual from PL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 10 HTTP transactions. The main IP is 136.243.156.120, located in Strullendorf, Germany and belongs to HETZNER-AS, DE. The main domain is galeria-nagosci.ct8.pl.
This is the only time galeria-nagosci.ct8.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 178.19.109.2 59491 (LIVENET-)
7 136.243.156.120 24940 (HETZNER-AS)
1 185.225.208.133 13213 (UK2NET-AS)
1 67.202.94.93 32748 (STEADFAST)
10 5
Apex Domain
Subdomains		 Transfer
7 ct8.pl
galeria-nagosci.ct8.pl
265 KB
1 amung.us
whos.amung.us
213 B
1 waust.at
waust.at
7 KB
1 24lite.eu
skradzione-fotki.24lite.eu
777 B
10 4
Domain Requested by
7 galeria-nagosci.ct8.pl galeria-nagosci.ct8.pl
1 whos.amung.us waust.at
1 waust.at galeria-nagosci.ct8.pl
1 skradzione-fotki.24lite.eu
10 4

This site contains links to these domains. Also see Links.

Domain
whos.amung.us
Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://galeria-nagosci.ct8.pl/
Frame ID: 7A047D8682AD9899B6C2FF412902770F
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://skradzione-fotki.24lite.eu/ Page URL
  2. http://galeria-nagosci.ct8.pl/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
  • script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

10
Requests

0 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

273 kB
Transfer

280 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://skradzione-fotki.24lite.eu/ Page URL
  2. http://galeria-nagosci.ct8.pl/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set /
skradzione-fotki.24lite.eu/ 		826 B
777 B 		Document
General
Check archive.org
Download Go to
Full URL
http://skradzione-fotki.24lite.eu/
Protocol
HTTP/1.1
Server
178.19.109.2 , Poland, ASN59491 (LIVENET-, PL),
Reverse DNS
a1.slaskdatacenter.pl
Software
LiteSpeed / PHP/5.6.40
Resource Hash
a74fe7514fd7bcef0e1c0f34b581765bb0fa45b7ee6289be77fc8b9f9f41cc63

Request headers

Host
skradzione-fotki.24lite.eu
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Connection
Keep-Alive
X-Powered-By
PHP/5.6.40
Set-Cookie
odslony1=1; expires=Sun, 10-May-2020 21:58:32 GMT; Max-Age=86400; domain=skradzione-fotki.24lite.eu
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Content-Length
431
Content-Encoding
gzip
Date
Sat, 09 May 2020 21:58:32 GMT
Server
LiteSpeed
Primary Request /
galeria-nagosci.ct8.pl/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://galeria-nagosci.ct8.pl/
Protocol
HTTP/1.1
Server
136.243.156.120 Strullendorf, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
web1.ct8.pl
Software
nginx / PHP/7.1.33
Resource Hash
d749a58d0bb35e2815a76528ae1cd0bd3660d3b51de0335dae7967324498d170

Request headers

Host
galeria-nagosci.ct8.pl
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://skradzione-fotki.24lite.eu/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://skradzione-fotki.24lite.eu/

Response headers

Server
nginx
Date
Sat, 09 May 2020 21:58:33 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.1.33
bootstrap.min.css
galeria-nagosci.ct8.pl/css/ 		120 KB
120 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://galeria-nagosci.ct8.pl/css/bootstrap.min.css
Requested by
Host: galeria-nagosci.ct8.pl
URL: http://galeria-nagosci.ct8.pl/
Protocol
HTTP/1.1
Server
136.243.156.120 Strullendorf, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
web1.ct8.pl
Software
nginx /
Resource Hash
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87

Request headers

Referer
http://galeria-nagosci.ct8.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 09 May 2020 21:58:33 GMT
Last-Modified
Sat, 09 May 2020 18:56:06 GMT
Server
nginx
ETag
"5eb6fcc6-1deac"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes, bytes
Content-Length
122540
styles.css
galeria-nagosci.ct8.pl/css/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://galeria-nagosci.ct8.pl/css/styles.css
Requested by
Host: galeria-nagosci.ct8.pl
URL: http://galeria-nagosci.ct8.pl/
Protocol
HTTP/1.1
Server
136.243.156.120 Strullendorf, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
web1.ct8.pl
Software
nginx /
Resource Hash
871a30497412ce9615aad98df8cfb14d9047b2c24ac58af9fa74a647db31da78

Request headers

Referer
http://galeria-nagosci.ct8.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 09 May 2020 21:58:33 GMT
Last-Modified
Sat, 09 May 2020 18:56:06 GMT
Server
nginx
ETag
"5eb6fcc6-5e6"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes, bytes
Content-Length
1510
jquery.min.js
galeria-nagosci.ct8.pl/css/ 		94 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://galeria-nagosci.ct8.pl/css/jquery.min.js
Requested by
Host: galeria-nagosci.ct8.pl
URL: http://galeria-nagosci.ct8.pl/
Protocol
HTTP/1.1
Server
136.243.156.120 Strullendorf, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
web1.ct8.pl
Software
nginx /
Resource Hash
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Request headers

Referer
http://galeria-nagosci.ct8.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 09 May 2020 21:58:33 GMT
Last-Modified
Sat, 09 May 2020 18:56:06 GMT
Server
nginx
ETag
"5eb6fcc6-176f8"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes, bytes
Content-Length
95992
logo.png
galeria-nagosci.ct8.pl/img/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://galeria-nagosci.ct8.pl/img/logo.png
Requested by
Host: galeria-nagosci.ct8.pl
URL: http://galeria-nagosci.ct8.pl/
Protocol
HTTP/1.1
Server
136.243.156.120 Strullendorf, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
web1.ct8.pl
Software
nginx /
Resource Hash
91ed457060d283d82c386237d0a595ec8e4d4b127054e4c5e53a28424dd21972

Request headers

Referer
http://galeria-nagosci.ct8.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 09 May 2020 21:58:33 GMT
Last-Modified
Sat, 09 May 2020 18:56:07 GMT
Server
nginx
ETag
"5eb6fcc7-1e27"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes, bytes
Content-Length
7719
d.js
waust.at/ 		13 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://waust.at/d.js
Requested by
Host: galeria-nagosci.ct8.pl
URL: http://galeria-nagosci.ct8.pl/
Protocol
HTTP/1.1
Server
185.225.208.133 , Germany, ASN13213 (UK2NET-AS, GB),
Reverse DNS
Software
/
Resource Hash
e0435b7d2869ef2da9c06934a39e6d6428063d7b67756355e876700e6d49f0ab

Request headers

Referer
http://galeria-nagosci.ct8.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 09 May 2020 21:58:33 GMT
Content-Encoding
gzip
Last-Modified
Fri, 01 May 2020 05:10:58 GMT
ETag
W/"5eabaf62-32e2"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, private
Connection
keep-alive
Expires
Sun, 10 May 2020 21:58:33 GMT
bootstrap.min.js
galeria-nagosci.ct8.pl/js/ 		36 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://galeria-nagosci.ct8.pl/js/bootstrap.min.js
Requested by
Host: galeria-nagosci.ct8.pl
URL: http://galeria-nagosci.ct8.pl/
Protocol
HTTP/1.1
Server
136.243.156.120 Strullendorf, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
web1.ct8.pl
Software
nginx /
Resource Hash
4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327

Request headers

Referer
http://galeria-nagosci.ct8.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 09 May 2020 21:58:33 GMT
Last-Modified
Sat, 09 May 2020 18:56:08 GMT
Server
nginx
ETag
"5eb6fcc8-8fd0"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes, bytes
Content-Length
36816
bg.jpg
galeria-nagosci.ct8.pl/css/img/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://galeria-nagosci.ct8.pl/css/img/bg.jpg
Requested by
Host: galeria-nagosci.ct8.pl
URL: http://galeria-nagosci.ct8.pl/
Protocol
HTTP/1.1
Server
136.243.156.120 Strullendorf, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
web1.ct8.pl
Software
nginx /
Resource Hash
2b90ad5a059f4dbb9c1f6d8add3c793548f9246b42db2f33bc78a4444ccc4f1f

Request headers

Referer
http://galeria-nagosci.ct8.pl/css/styles.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 09 May 2020 21:58:33 GMT
Server
nginx
Connection
keep-alive
ETag
"5dd615b2-a10"
Content-Length
2576
Content-Type
text/html
/
whos.amung.us/pingjs/ 		29 B
213 B 		Script
General
Check archive.org
Download Go to
Full URL
http://whos.amung.us/pingjs/?k=u5xfqm5kqz&t=Zaloguj%20si%C4%99%20aby%20odblokowac&c=d&y=http%3A%2F%2Fskradzione-fotki.24lite.eu%2F&a=0&r=6853
Requested by
Host: waust.at
URL: http://waust.at/d.js
Protocol
HTTP/1.1
Server
67.202.94.93 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS
amung.us
Software
/
Resource Hash
9047ff6e655ec998e18d6802a0403268b1d94cebb4fed92067d3f8964430ac78

Request headers

Referer
http://galeria-nagosci.ct8.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 09 May 2020 21:58:33 GMT
content-encoding
gzip
transfer-encoding
chunked
content-type
text/javascript;charset=UTF-8
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d

Request headers

Referer
http://galeria-nagosci.ct8.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery object| _wau object| jQuery111308842435286416686 string| wau_w_col string| wau_w_siz object| WAU_ren function| WAU_dynamic function| WAU_dynamic_request function| WAU_r_d function| WAU_insert function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_cps function| docReady object| x string| x1 string| x2

0 Cookies