ziko.square7.ch
Open in
urlscan Pro
148.251.48.69
Malicious Activity!
Public Scan
Effective URL: http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Submission: On May 16 via manual from IT
Summary
This is the only time ziko.square7.ch was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 104.37.86.1 104.37.86.1 | 54456 (CLOUDACCE...) (CLOUDACCESS-NETWORK - CloudAccess.net) | |
2 8 | 148.251.48.69 148.251.48.69 | 24940 (HETZNER-AS) (HETZNER-AS) | |
2 | 88.99.13.69 88.99.13.69 | 24940 (HETZNER-AS) (HETZNER-AS) | |
3 | 94.130.236.100 94.130.236.100 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 35.186.216.54 35.186.216.54 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
23 | 6 |
ASN54456 (CLOUDACCESS-NETWORK - CloudAccess.net, LLC, US)
PTR: lamp123.cloudaccess.net
byegus.wpdevcloud.com |
ASN24940 (HETZNER-AS, DE)
PTR: static.69.13.99.88.clients.your-server.de
handerin11.1apps.com |
ASN15169 (GOOGLE - Google LLC, US)
PTR: 54.216.186.35.bc.googleusercontent.com
www.bitadexchange.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
square7.ch
2 redirects
ziko.square7.ch |
106 KB |
3 |
bplaced.net
www.bplaced.net |
4 KB |
2 |
1apps.com
handerin11.1apps.com |
14 KB |
1 |
bitadexchange.com
www.bitadexchange.com |
153 B |
1 |
wpdevcloud.com
byegus.wpdevcloud.com |
539 B |
0 |
jsbeautifiers.com
Failed
www.jsbeautifiers.com Failed |
|
0 |
Failed
function sub() { [native code] }. Failed |
|
23 | 7 |
Domain | Requested by | |
---|---|---|
8 | ziko.square7.ch |
2 redirects
ziko.square7.ch
|
3 | www.bplaced.net |
ziko.square7.ch
|
2 | handerin11.1apps.com |
ziko.square7.ch
|
1 | www.bitadexchange.com |
www.bplaced.net
|
1 | byegus.wpdevcloud.com | |
0 | www.jsbeautifiers.com Failed |
ziko.square7.ch
|
0 | lifbcibllhkdhoafpjfnlhfpfgnpldfl Failed |
ziko.square7.ch
|
23 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Frame ID: D00134B95086E9797D9D83D43E051BE0
Requests: 23 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://byegus.wpdevcloud.com/ Page URL
- http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://byegus.wpdevcloud.com/ Page URL
- http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 19- http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/img/bg.jpg HTTP 302
- http://www.bplaced.net/404
- http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/img/header-bg.png HTTP 302
- http://www.bplaced.net/404
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
byegus.wpdevcloud.com/ |
281 B 539 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/ |
10 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/ |
959 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
document_iterator.js
lifbcibllhkdhoafpjfnlhfpfgnpldfl/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
find_proxy.js
lifbcibllhkdhoafpjfnlhfpfgnpldfl/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
get_html_text.js
lifbcibllhkdhoafpjfnlhfpfgnpldfl/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
global_constants.js
lifbcibllhkdhoafpjfnlhfpfgnpldfl/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
name_injection_builder.js
lifbcibllhkdhoafpjfnlhfpfgnpldfl/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
number_injection_builder.js
lifbcibllhkdhoafpjfnlhfpfgnpldfl/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
menu_injection_builder.js
lifbcibllhkdhoafpjfnlhfpfgnpldfl/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
string_finder.js
lifbcibllhkdhoafpjfnlhfpfgnpldfl/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
change_sink.js
lifbcibllhkdhoafpjfnlhfpfgnpldfl/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
scr4.js
ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/ |
88 KB 89 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Key.jpg
handerin11.1apps.com/ |
7 KB 7 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sekure.png
handerin11.1apps.com/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
msc.jpg
ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/ |
943 B 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vbv.gif
ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cvv2.jpg
ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bpa.js
www.bplaced.net/pub/ |
142 B 638 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
style.js
www.jsbeautifiers.com/js/script/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
404
www.bplaced.net/ Redirect Chain
|
0 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
404
www.bplaced.net/ Redirect Chain
|
0 2 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
display.php
www.bitadexchange.com/a/ |
0 153 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- lifbcibllhkdhoafpjfnlhfpfgnpldfl
- URL
- chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/document_iterator.js
- Domain
- lifbcibllhkdhoafpjfnlhfpfgnpldfl
- URL
- chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/find_proxy.js
- Domain
- lifbcibllhkdhoafpjfnlhfpfgnpldfl
- URL
- chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/get_html_text.js
- Domain
- lifbcibllhkdhoafpjfnlhfpfgnpldfl
- URL
- chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/global_constants.js
- Domain
- lifbcibllhkdhoafpjfnlhfpfgnpldfl
- URL
- chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/name_injection_builder.js
- Domain
- lifbcibllhkdhoafpjfnlhfpfgnpldfl
- URL
- chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/number_injection_builder.js
- Domain
- lifbcibllhkdhoafpjfnlhfpfgnpldfl
- URL
- chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/menu_injection_builder.js
- Domain
- lifbcibllhkdhoafpjfnlhfpfgnpldfl
- URL
- chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/string_finder.js
- Domain
- lifbcibllhkdhoafpjfnlhfpfgnpldfl
- URL
- chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/change_sink.js
- Domain
- www.jsbeautifiers.com
- URL
- http://www.jsbeautifiers.com/js/script/style.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)85 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| _uacct number| _userv number| _ufsc string| _udn string| _uhash string| _utimeout string| _ugifpath string| _utsp number| _uflash number| _utitle number| _ulink number| _uanchor string| _utcp number| _usample number| _uctm string| _ucto string| _uccn string| _ucmd string| _ucsr string| _uctr string| _ucct string| _ucid string| _ucno object| _uOsr object| _uOkw object| _uOno object| _uRno undefined| _uff undefined| _udh undefined| _udt number| _ubl string| _udo undefined| _uu number| _ufns number| _uns string| _ur number| _ufno number| _ust object| _ubd object| _udl string| _udlh string| _uwv string| _ugifpath2 function| urchinTracker function| _uGH function| _uInfo function| _uVoid function| _uCInfo function| _uRef function| _uOrg function| _uGCse function| _uBInfo function| __utmSetTrans function| _uFlash function| __utmLinkerUrl function| __utmLinker function| __utmLinkPost function| __utmSetVar function| _uGCS function| _uGC function| _uDomain function| _uHash function| _uFixA function| _uTrim function| _uEC function| __utmVisitorCode function| _uIN function| _uES function| _uUES function| _uVG function| _uSP function| urchinPathCopy function| _uCO function| _uGT string| _utk function| _uNx function| $ function| jQuery string| ML string| MI string| OT number| j function| numbersonly function| checkCC function| verifLength0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
byegus.wpdevcloud.com
handerin11.1apps.com
lifbcibllhkdhoafpjfnlhfpfgnpldfl
www.bitadexchange.com
www.bplaced.net
www.jsbeautifiers.com
ziko.square7.ch
lifbcibllhkdhoafpjfnlhfpfgnpldfl
www.jsbeautifiers.com
104.37.86.1
148.251.48.69
35.186.216.54
88.99.13.69
94.130.236.100
17aace29a159013e8057221b1838f10046b9d87f285e3480108b59198d973bf0
23e3ca8349931478ce6cc6ffb2b4b759871e6e54fb098884a3862487abb0a461
3027be183d76090288de1293f37fc372429179a05de71a425179a34926ceb8bf
34add6364f41b6d9b4f69628bb7aba5b3d64be040ef70ac7ead71e9d19d9ae9d
4d1b9a00cb37404f2642d46b66af2b15f69585db1799d1a3707211b47b4bc5d1
588fb35a5e9c0b68560696b1b53b8f7f821c8f96f56e8af85c9ae3901c36573e
7c25f85e6f20857db2c95251baf8fb664b6d8011ab349f72a427e58970c83853
7ddeb41efa4f209abec80ca0c304391dc91af21d6731d077dc35b74132554842
87f420855778823c4c969d61e90c7a4c61faaa47ab25e9d6dddf2081e447e983
b89f1d205a75911c66cd92f108b0e1e1769b7f2bd09dd1e59faa4d8a2adf6975
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855