feralchains.xyz
Open in
urlscan Pro
192.236.177.48
Malicious Activity!
Public Scan
Effective URL: https://feralchains.xyz/ulus/g938qwf32brow2dq0qlojzh0.php?client_id=35EFDB200FCA7DF119AF5535F21C8DB6&response_mode=form_...
Submission: On June 27 via manual from AU
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on June 21st 2020. Valid for: 3 months.
This is the only time feralchains.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telstra (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 4 | 192.236.177.48 192.236.177.48 | 54290 (HOSTWINDS) (HOSTWINDS) | |
17 | 2600:9000:218... 2600:9000:2182:e00:17:876d:b540:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 203.36.190.152 203.36.190.152 | 1221 (ASN-TELST...) (ASN-TELSTRA Telstra Corporation Ltd) | |
21 | 3 |
ASN54290 (HOSTWINDS, US)
PTR: hwsrv-742758.hostwindsdns.com
feralchains.xyz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
telstra.com.au
www.telstra.com.au |
439 KB |
4 |
feralchains.xyz
1 redirects
feralchains.xyz |
12 KB |
1 |
bigpond.com
signon.bigpond.com |
3 KB |
21 | 3 |
Domain | Requested by | |
---|---|---|
17 | www.telstra.com.au |
feralchains.xyz
|
4 | feralchains.xyz |
1 redirects
feralchains.xyz
|
1 | signon.bigpond.com |
feralchains.xyz
|
21 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.my.telstra.com.au |
Subject Issuer | Validity | Valid | |
---|---|---|---|
feralchains.xyz Let's Encrypt Authority X3 |
2020-06-21 - 2020-09-19 |
3 months | crt.sh |
www.telstra.com.au QuoVadis EV SSL ICA G3 |
2020-05-26 - 2021-05-26 |
a year | crt.sh |
signon.bigpond.com QuoVadis Global SSL ICA G2 |
2020-02-28 - 2022-02-28 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://feralchains.xyz/ulus/g938qwf32brow2dq0qlojzh0.php?client_id=35EFDB200FCA7DF119AF5535F21C8DB6&response_mode=form_post&response_type=code+id_token&scope=openid+profile&puid=&Connect_Authentication_Properties&&nonce=118617688335efdb200fca7df119af5535f21c8db6&redirect_uri=&ui_locales=en-US&mkt=en-US
Frame ID: 8586B83DB9C5491DE1855EBE259B70C4
Requests: 21 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://feralchains.xyz/ulus/sxrfgnczcd46zx4d9fmskhfd.php?client_id=512EBA3B1B55B651108CEE75FAA9B14B...
HTTP 302
https://feralchains.xyz/ulus/g938qwf32brow2dq0qlojzh0.php?client_id=35EFDB200FCA7DF119AF5535F21C8DB6... Page URL
Detected technologies
Adobe Experience Manager (CMS) ExpandDetected patterns
- script /\/etc\/designs\//i
PHP (Programming Languages) Expand
Detected patterns
- url /\.php(?:$|\?)/i
Java (Programming Languages) Expand
Detected patterns
- script /\/etc\/designs\//i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: My Account
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://feralchains.xyz/ulus/sxrfgnczcd46zx4d9fmskhfd.php?client_id=512EBA3B1B55B651108CEE75FAA9B14B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&puid=&Connect_Authentication_Properties&&nonce=1497702802512eba3b1b55b651108cee75faa9b14b&redirect_uri=&ui_locales=en-US&mkt=en-US
HTTP 302
https://feralchains.xyz/ulus/g938qwf32brow2dq0qlojzh0.php?client_id=35EFDB200FCA7DF119AF5535F21C8DB6&response_mode=form_post&response_type=code+id_token&scope=openid+profile&puid=&Connect_Authentication_Properties&&nonce=118617688335efdb200fca7df119af5535f21c8db6&redirect_uri=&ui_locales=en-US&mkt=en-US Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
g938qwf32brow2dq0qlojzh0.php
feralchains.xyz/ulus/ Redirect Chain
|
79 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-responsive.css
www.telstra.com.au/etc/designs/tcom/tcom-core/css/ |
70 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles-responsive.css
www.telstra.com.au/etc/designs/tcom/tcom-core/css/ |
306 KB 42 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aem-global-responsive.css
www.telstra.com.au/etc/designs/tcom/global/css/ |
115 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
service-qualifier.css
www.telstra.com.au/etc/designs/tcom/service-qualifier/css/ |
26 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr.js
www.telstra.com.au/etc/designs/tcom/tcom-core/js/ |
14 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
telstra-auth.css
www.telstra.com.au/content/dam/tcom/css/ |
2 KB 999 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.0-spectrum-gradient-blue.png
www.telstra.com.au/etc/designs/tcom/tcom-core/img/telstra/ |
19 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
help-mask.png
www.telstra.com.au/global/icons/small/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-woff.css
www.telstra.com.au/etc/designs/tcom/tcom-core/css/fonts/ |
48 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles-print.css
www.telstra.com.au/etc/designs/tcom/tcom-core/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-check-usage.png
www.telstra.com.au/content/dam/tcom/external/why-register/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-billing.png
www.telstra.com.au/content/dam/tcom/external/why-register/ |
809 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-recharge.png
www.telstra.com.au/content/dam/tcom/external/why-register/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-direct-debit.png
www.telstra.com.au/content/dam/tcom/external/why-register/ |
904 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer.js
signon.bigpond.com/res/javascript/telstra/default/ |
8 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
telstra-logo.png
www.telstra.com.au/etc/designs/tcom/tcom-core/img/telstra/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
td-original-icons.woff
www.telstra.com.au/etc/designs/tcom/tcom-core/fonts/ |
243 KB 244 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Akkurat-Light.woff
feralchains.xyz/res/fonts/telstra/onePortal/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Akkurat-Light.ttf
feralchains.xyz/res/fonts/telstra/onePortal/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
akkurat-light.woff
www.telstra.com.au/etc/designs/tcom/tcom-core/fonts/ |
42 KB 42 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telstra (Telecommunication)25 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate string| telstra_global_lhnav_id number| telstra_global_tabId number| telstra_global_loginState number| isSSL boolean| telstra_application object| tcom string| fontPath string| ua object| injectref function| loadCSS object| html5 object| Modernizr function| yepnope function| initialise object| lpTag object| arrLPvars function| makeExternalLinksSpawnPopUps function| hasClass function| addEventToLink function| addTitleToLink function| openLinkInNewWindow function| autoPopUp function| addLoadEventForPopUps0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
feralchains.xyz
signon.bigpond.com
www.telstra.com.au
192.236.177.48
203.36.190.152
2600:9000:2182:e00:17:876d:b540:93a1
12bfc7f0910cff13dd762a781677184f390082a6c658078a361e376baf9eae8e
4890bb6b4e63aba0604d30d543f399fd98fcd0ce4d865549169a10b4446078aa
54263a35ce69698a3901414c90a003d620a08eab1e849cb39a609cf07de0cc8c
56cb43ed3ba5756576ac101c53688d7c2b949d487c6ef63fa0b2c02db82fc255
70fc84e3176cdcab8eaaa17939ee817757fb915a4ff4be13d257cb60090e6124
8696698527293c663d55573ed3d147fb4cd4a8f4c3f2a4734127546152454a64
88f3efc6de85f417cd1b9f0acff456783ce8ea7e71e7761af829aead1a85e95b
9e0f4f63a3c0a6f7fd770186cdaf0e919e4c094b354cb9fe1372e07eee79f47b
a0a9a9c5a2741432e08d9ddc9d8341368d016b8ebbee337f4707968fa20a7739
a0b027d11c610b8a958c64c1b2e2092daecc6a5c168565b350dcf617598caa65
a28b3f5f942d642a5b57da40425850d52299304744ac62ea830bb87d0b721ebc
a3cdcb5516bad3f7afb88a7636a509f60703494627c035203d5a928699590c9c
b5e124dca3ebff5d1ee63bdbe1ed96fa7c4cc2d14ebf418a496f1bcf09bf94cc
c19d47568c1d6cdfcf41a5d6a6698c42148c60a9d388687b24f8768d31eb9181
cb712b04023996038aa7db8ad9c244be327b7fb09069f0e0f3d15c7cd60f6bf9
e62bb05dcaeac95f9f4878ec1c836a18788d84d0d3e54606abc0e5cdb7950009
ee97eb142f67ad74085a987c2fdf0e5475a9d5f4d5da1fac59da680c5b3f8952
efc88e897f2d69707a034b073ffcee758661c90d93cdb09c389fda1e38d6f74b
f7621b285adcac43d385bcbe612c1e54a509255afeade342302da93ad200f527