galeria-nagosci.ct8.pl
Open in
urlscan Pro
136.243.156.120
Malicious Activity!
Public Scan
Effective URL: http://galeria-nagosci.ct8.pl/
Submission: On May 09 via manual from PL
Summary
This is the only time galeria-nagosci.ct8.pl was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 178.19.109.2 178.19.109.2 | 59491 (LIVENET-) (LIVENET-) | |
7 | 136.243.156.120 136.243.156.120 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 185.225.208.133 185.225.208.133 | 13213 (UK2NET-AS) (UK2NET-AS) | |
1 | 67.202.94.93 67.202.94.93 | 32748 (STEADFAST) (STEADFAST) | |
10 | 5 |
ASN59491 (LIVENET-, PL)
PTR: a1.slaskdatacenter.pl
skradzione-fotki.24lite.eu |
ASN24940 (HETZNER-AS, DE)
PTR: web1.ct8.pl
galeria-nagosci.ct8.pl |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
ct8.pl
galeria-nagosci.ct8.pl |
265 KB |
1 |
amung.us
whos.amung.us |
213 B |
1 |
waust.at
waust.at |
7 KB |
1 |
24lite.eu
skradzione-fotki.24lite.eu |
777 B |
10 | 4 |
Domain | Requested by | |
---|---|---|
7 | galeria-nagosci.ct8.pl |
galeria-nagosci.ct8.pl
|
1 | whos.amung.us |
waust.at
|
1 | waust.at |
galeria-nagosci.ct8.pl
|
1 | skradzione-fotki.24lite.eu | |
10 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
whos.amung.us |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://galeria-nagosci.ct8.pl/
Frame ID: 7A047D8682AD9899B6C2FF412902770F
Requests: 11 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://skradzione-fotki.24lite.eu/ Page URL
- http://galeria-nagosci.ct8.pl/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
- script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
LiteSpeed (Web Servers) Expand
Detected patterns
- headers server /^LiteSpeed$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: 10
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://skradzione-fotki.24lite.eu/ Page URL
- http://galeria-nagosci.ct8.pl/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
/
skradzione-fotki.24lite.eu/ |
826 B 777 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
galeria-nagosci.ct8.pl/ |
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
galeria-nagosci.ct8.pl/css/ |
120 KB 120 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
galeria-nagosci.ct8.pl/css/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
galeria-nagosci.ct8.pl/css/ |
94 KB 94 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
galeria-nagosci.ct8.pl/img/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d.js
waust.at/ |
13 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
galeria-nagosci.ct8.pl/js/ |
36 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.jpg
galeria-nagosci.ct8.pl/css/img/ |
3 KB 3 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
whos.amung.us/pingjs/ |
29 B 213 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery object| _wau object| jQuery111308842435286416686 string| wau_w_col string| wau_w_siz object| WAU_ren function| WAU_dynamic function| WAU_dynamic_request function| WAU_r_d function| WAU_insert function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_cps function| docReady object| x string| x1 string| x20 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
galeria-nagosci.ct8.pl
skradzione-fotki.24lite.eu
waust.at
whos.amung.us
136.243.156.120
178.19.109.2
185.225.208.133
67.202.94.93
2b90ad5a059f4dbb9c1f6d8add3c793548f9246b42db2f33bc78a4444ccc4f1f
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87
4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d
871a30497412ce9615aad98df8cfb14d9047b2c24ac58af9fa74a647db31da78
9047ff6e655ec998e18d6802a0403268b1d94cebb4fed92067d3f8964430ac78
91ed457060d283d82c386237d0a595ec8e4d4b127054e4c5e53a28424dd21972
a74fe7514fd7bcef0e1c0f34b581765bb0fa45b7ee6289be77fc8b9f9f41cc63
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
d749a58d0bb35e2815a76528ae1cd0bd3660d3b51de0335dae7967324498d170
e0435b7d2869ef2da9c06934a39e6d6428063d7b67756355e876700e6d49f0ab