wash-email.ru
Open in
urlscan Pro
31.31.196.138
Malicious Activity!
Public Scan
Effective URL: https://wash-email.ru/?_subid=3r7h5de480e6n7q9ddm&_token=uuid_3r7h5de480e6n7q9ddm_3r7h5de480e6n7q9ddm5b470194d91367.82...
Submission: On July 12 via manual from RU
Summary
TLS certificate: Issued by GlobalSign Domain Validation CA - SHA... on July 4th 2018. Valid for: a year.
This is the only time wash-email.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 34.253.47.235 34.253.47.235 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 1 | 5.79.70.8 5.79.70.8 | 60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands) | |
1 1 | 190.115.26.78 190.115.26.78 | 262254 (DANCOM LTD) (DANCOM LTD) | |
1 1 | 190.115.26.130 190.115.26.130 | 262254 (DANCOM LTD) (DANCOM LTD) | |
31 | 31.31.196.138 31.31.196.138 | 197695 (AS-REG) (AS-REG) | |
32 | 2 |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-253-47-235.eu-west-1.compute.amazonaws.com
dynam.esclick.me |
ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: lw1746.ua-hosting.company
5.79.70.8 |
ASN197695 (AS-REG, RU)
PTR: server151.hosting.reg.ru
wash-email.ru |
Apex Domain Subdomains |
Transfer | |
---|---|---|
31 |
wash-email.ru
wash-email.ru |
1 MB |
1 |
settclicks.net
1 redirects
settclicks.net |
686 B |
1 |
fittclicks.icu
1 redirects
fittclicks.icu |
330 B |
1 |
esclick.me
dynam.esclick.me |
2 KB |
32 | 4 |
Domain | Requested by | |
---|---|---|
31 | wash-email.ru |
wash-email.ru
|
1 | settclicks.net | 1 redirects |
1 | fittclicks.icu | 1 redirects |
1 | dynam.esclick.me | |
32 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.esclick.me COMODO RSA Domain Validation Secure Server CA |
2017-10-17 - 2020-12-03 |
3 years | crt.sh |
www.wash-email.ru GlobalSign Domain Validation CA - SHA256 - G2 |
2018-07-04 - 2019-07-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://wash-email.ru/?_subid=3r7h5de480e6n7q9ddm&_token=uuid_3r7h5de480e6n7q9ddm_3r7h5de480e6n7q9ddm5b470194d91367.82739634
Frame ID: CCD32704A91ABFB7DE65DFC5FDCF52F6
Requests: 32 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://dynam.esclick.me/Q3GqoDz0eWq Page URL
-
http://5.79.70.8/q7WLV4
HTTP 302
http://fittclicks.icu/public/4854853531593122?_subid=3r7h5de480e6n7q9ddm&_token=uuid_3r7h5de480e6n... HTTP 302
https://settclicks.net/public/4854853531593122?_subid=3r7h5de480e6n7q9ddm&_token=uuid_3r7h5de480e6n... HTTP 302
https://wash-email.ru/?_subid=3r7h5de480e6n7q9ddm&_token=uuid_3r7h5de480e6n7q9ddm_3r7h5de480e6n7q9... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://dynam.esclick.me/Q3GqoDz0eWq Page URL
-
http://5.79.70.8/q7WLV4
HTTP 302
http://fittclicks.icu/public/4854853531593122?_subid=3r7h5de480e6n7q9ddm&_token=uuid_3r7h5de480e6n7q9ddm_3r7h5de480e6n7q9ddm5b470194d91367.82739634 HTTP 302
https://settclicks.net/public/4854853531593122?_subid=3r7h5de480e6n7q9ddm&_token=uuid_3r7h5de480e6n7q9ddm_3r7h5de480e6n7q9ddm5b470194d91367.82739634 HTTP 302
https://wash-email.ru/?_subid=3r7h5de480e6n7q9ddm&_token=uuid_3r7h5de480e6n7q9ddm_3r7h5de480e6n7q9ddm5b470194d91367.82739634 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
32 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Q3GqoDz0eWq
dynam.esclick.me/ |
7 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
wash-email.ru/ Redirect Chain
|
26 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
%D0%91%D0%B5%D0%B7%D1%8B%D0%BC%D1%8F%D0%BD%D0%BD%D1%8B%D0%B91.css
wash-email.ru/ |
2 KB 528 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
wash-email.ru/ |
14 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-2.1.3.min.js
wash-email.ru/libs/jquery/ |
82 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
redirect.js
wash-email.ru/js/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
top.png
wash-email.ru/images/ |
424 KB 425 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0001.png
wash-email.ru/images/ |
17 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-1403475.jpg
wash-email.ru/images/ |
50 KB 50 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
shake2.gif
wash-email.ru/images/ |
397 KB 397 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0003.png
wash-email.ru/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-marketing-5.jpg
wash-email.ru/images/ |
379 KB 380 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0004.png
wash-email.ru/images/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0006.png
wash-email.ru/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
red.png
wash-email.ru/images/ |
14 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2018-06-12_16-02-39.png
wash-email.ru/images/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0005.png
wash-email.ru/images/ |
865 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0007.png
wash-email.ru/images/ |
868 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0008.png
wash-email.ru/images/ |
862 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0009.png
wash-email.ru/images/ |
871 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0010.png
wash-email.ru/images/ |
879 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0011.png
wash-email.ru/images/ |
865 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0012.png
wash-email.ru/images/ |
885 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0013.png
wash-email.ru/images/ |
871 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0014.png
wash-email.ru/images/ |
862 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0015.png
wash-email.ru/images/ |
879 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ring.gif
wash-email.ru/images/ |
6 KB 6 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0016.png
wash-email.ru/images/ |
548 B 753 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0017.png
wash-email.ru/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0018.png
wash-email.ru/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0333.png
wash-email.ru/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0334.png
wash-email.ru/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
number| page_id function| $ function| jQuery string| cookee_page_id object| pages function| setCookie function| readCookie function| redirectPage function| load function| init1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
wash-email.ru/ | Name: page_id Value: 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dynam.esclick.me
fittclicks.icu
settclicks.net
wash-email.ru
190.115.26.130
190.115.26.78
31.31.196.138
34.253.47.235
5.79.70.8
0d8aec018da6044a54bf88ecbb0806e5bc64a61dbe3efc6b21ce5192dab1d26a
11c9d34b46ada1d1ee637bc3fde25e863fd4cb3807bb27ca1eb412284208d223
25b1c6f65b8898a606673197a7490c5f8a7fffede396f65633cc1bfda073b4a6
342ccb6de2a13cbdd1203aaafb2f82b37bfaf909be15cc0033ef49505edaaf24
34a74b12917dd6b3541c728c902dcb6e4f74c3475ddc30d4c703b634ce0b2b58
3f8f074a7ed591db8b273c424a6cc6809380654d51eb5652c62349b9616f976b
4dfd211d21b8bbb324c67a259f0f96016cd82dabfef14b018920998751c91014
4ed9faecaebe33e90b4e40f9fdad3dd7f7f56c97238529d2db7629264dd8226e
60dd5631d10232824c33a60c985c48519cbad42ef99d5b40c0dfdbe4dc89db48
64062ebb8dcd51b9133f68bcaaf6024cfd6671c2fa840abb87f750c7ca6ae1b6
69bf8cb8467f11226a07eda5a74541f747a9f31e27fd8d94da436634a88cc63e
6f600e39a6016e4840cefdd6417941da4f461ba80d0d717084b09748e2f1ac5e
7058feaa14b2e65c283395e3d349f10c4d7e9d8f360403a2242d4bd35dd1580a
72ea84a34fd37751a253118c67b474628092976a597a4728f700a98d33321b6e
7845b47224ed958c98bd3faed50cff6f789bdcd7ea2efbad13010720de18e18c
794977563b301347722197da829626afb391a0d73f473dc588e15182b26c5c11
851c73de79ff6959f521c380169e1ff6ab14a3b89b77eac622515d7f8fec2012
8a5a0a4ae6fa3dfb0d03b1f5d22904c32b9576a3066e1cd33ac05337c81fdaaa
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3
8b9abe00e2107f20685b930319025a7e0e26f7deeccb072e269af5caaddba066
a3f6f613be41ba401c5bd3fe344b9d4cad5e3c579c4e6a855e3cc60d8c7c760a
ba804698337b82c07d3baa8e45d55d50dcc30c2e56f74bb952ce038d7da0651b
bb13330128447f67c42f58d3922b30c9853bb77bb8c7240d847f28ed61e3d81c
beda2b281c0722730fbe8f2e517e6ac55cf7a00c3b744dfc409a2598805e894d
e8d90bfca4c10e2310637c8b3025e5eaf9e6f441abe33480328ae26312d39196
ecce8890fb132e645eb931fff5e9f8975c75dfad905ce8e6d25e555dab467da3
fb3d02de7b9112ab5dc6c0685cd7b3725f1efec5b286073bb9c7a76e05005e1b
fe6f5a9b1f8db6727c5c54d53f20ebd4848f196cb1c0e437e8cfaf9d9887797d