www.server684037.nazwa.pl

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 5 HTTP transactions. The main IP is 85.128.184.235, located in Poland and belongs to NAZWA, PL. The main domain is www.server684037.nazwa.pl.
TLS certificate: Issued by Certum Domain Validation CA SHA2 on February 19th 2020. Valid for: 2 years.

This is the only time www.server684037.nazwa.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
3	85.128.184.235 85.128.184.235	15967 (NAZWA) (NAZWA)
2	89.161.254.183 89.161.254.183	12824 (HOMEPL-AS) (HOMEPL-AS)
5	2

3 85.128.184.235 (Poland)

ASN15967 (NAZWA, PL)
PTR: shared-amb235.rev.nazwa.pl

www.server684037.nazwa.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 89.161.254.183 (Poland)

ASN12824 (HOMEPL-AS, PL)
PTR: cloudserver2082475.home.pl

www.licznikodwiedzin.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	nazwa.pl www.server684037.nazwa.pl	9 KB
2	licznikodwiedzin.pl www.licznikodwiedzin.pl	1 KB
5	2

	Domain	Requested by
3	www.server684037.nazwa.pl	www.server684037.nazwa.pl
2	www.licznikodwiedzin.pl	www.server684037.nazwa.pl www.licznikodwiedzin.pl
5	2

This site contains no links.

Subject Issuer	Validity	Valid
*.nazwa.pl Certum Domain Validation CA SHA2	`2020-02-19` - `2022-02-18`	2 years	crt.sh
www.licznikodwiedzin.pl Certyfikat SSL	`2019-09-30` - `2020-09-29`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.server684037.nazwa.pl/weryfikacja/mobile/
Frame ID: FD4D3FD3E9678247FE3613E18A8D1797
Requests: 4 HTTP requests in this frame

Frame: https://www.licznikodwiedzin.pl/cnt/cnt.php?key=157910342&minDigits=7
Frame ID: 7F4636E3AD1564C2D34E2A13AAA7EE7F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

5
Requests

40 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

10 kB
Transfer

30 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.server684037.nazwa.pl/weryfikacja/mobile/	15 KB 3 KB	143ms 34ms	Document text/html	85.128.184.235 NAZWA
General Check archive.org Show headers Download Go to Full URL https://www.server684037.nazwa.pl/weryfikacja/mobile/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.128.184.235 , Poland, ASN15967 (NAZWA, PL), Reverse DNS shared-amb235.rev.nazwa.pl Software Apache/2 / Resource Hash `9ff23f0b4fd800a91f08a221bf744518427e509907258618f21523754f7c6172` Request headers :method GET :authority www.server684037.nazwa.pl :scheme https :path /weryfikacja/mobile/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Wed, 12 Aug 2020 01:07:48 GMT content-type text/html content-length 3373 last-modified Sat, 08 Aug 2020 22:47:07 GMT etag "3bb3-5ac65804170c0" vary Accept-Encoding content-encoding br cache-control max-age=600, public server Apache/2 accept-ranges bytes
GET H2	200	style.css www.server684037.nazwa.pl/weryfikacja/mobile/	11 KB 3 KB	34ms 34ms	Stylesheet text/css	85.128.184.235 NAZWA
General Check archive.org Show headers Download Go to Full URL https://www.server684037.nazwa.pl/weryfikacja/mobile/style.css Requested by Host: www.server684037.nazwa.pl URL: https://www.server684037.nazwa.pl/weryfikacja/mobile/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.128.184.235 , Poland, ASN15967 (NAZWA, PL), Reverse DNS shared-amb235.rev.nazwa.pl Software Apache/2 / Resource Hash `5cb3a060c3b029c4a468c8e0fb33b5c08a708f5ff2680292b494d49b022a535e` Request headers Referer https://www.server684037.nazwa.pl/weryfikacja/mobile/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 12 Aug 2020 01:07:48 GMT content-encoding br last-modified Thu, 30 Apr 2020 18:24:46 GMT server Apache/2 etag "2ce4-5a4862de35780" vary Accept-Encoding content-type text/css status 200 cache-control max-age=600, public accept-ranges bytes content-length 2461
GET H2	200	start.php Show response www.licznikodwiedzin.pl/cnt/	2 KB 1 KB	119ms 35ms	Script text/html	89.161.254.183 HOMEPL-AS
General Check archive.org Show headers Download Go to Full URL https://www.licznikodwiedzin.pl/cnt/start.php?key=157910342 Requested by Host: www.server684037.nazwa.pl URL: https://www.server684037.nazwa.pl/weryfikacja/mobile/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.161.254.183 , Poland, ASN12824 (HOMEPL-AS, PL), Reverse DNS cloudserver2082475.home.pl Software IdeaWebServer/0.83.415 / Resource Hash `c5d15cbcc683069c646ec02c46e679d52e522fb54177e9ad6c2fc218d7983b7e` Request headers Referer https://www.server684037.nazwa.pl/weryfikacja/mobile/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers status 200 date Wed, 12 Aug 2020 01:07:48 GMT content-encoding gzip server IdeaWebServer/0.83.415 content-type text/html
GET H2	200	fb.png www.server684037.nazwa.pl/weryfikacja/mobile/	2 KB 3 KB	34ms 33ms	Image image/png	85.128.184.235 NAZWA
General Check archive.org Show headers Download Go to Show image Full URL https://www.server684037.nazwa.pl/weryfikacja/mobile/fb.png Requested by Host: www.server684037.nazwa.pl URL: https://www.server684037.nazwa.pl/weryfikacja/mobile/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.128.184.235 , Poland, ASN15967 (NAZWA, PL), Reverse DNS shared-amb235.rev.nazwa.pl Software Apache/2 / Resource Hash `48660be52c0b2dbbabc71f51863a28341d3ca0f1b11bfd131e1aceef6aedbaf9` Request headers Referer https://www.server684037.nazwa.pl/weryfikacja/mobile/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 12 Aug 2020 01:07:48 GMT last-modified Thu, 30 Apr 2020 18:24:44 GMT server Apache/2 etag "9a8-5a4862dc4d300" content-type image/png status 200 cache-control max-age=600, public accept-ranges bytes content-length 2472
GET H2	200	cnt.php www.licznikodwiedzin.pl/cnt/ Frame 7F46	0 0	34ms 34ms	Document text/html	89.161.254.183 HOMEPL-AS
General Check archive.org Show headers Download Go to Full URL https://www.licznikodwiedzin.pl/cnt/cnt.php?key=157910342&minDigits=7 Requested by Host: www.licznikodwiedzin.pl URL: https://www.licznikodwiedzin.pl/cnt/start.php?key=157910342 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.161.254.183 , Poland, ASN12824 (HOMEPL-AS, PL), Reverse DNS cloudserver2082475.home.pl Software IdeaWebServer/0.83.415 / Resource Hash Request headers :method GET :authority www.licznikodwiedzin.pl :scheme https :path /cnt/cnt.php?key=157910342&minDigits=7 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.server684037.nazwa.pl/weryfikacja/mobile/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.server684037.nazwa.pl/weryfikacja/mobile/ Response headers status 200 date Wed, 12 Aug 2020 01:07:48 GMT content-type text/html p3p CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM" server IdeaWebServer/0.83.415 set-cookie daily_157910342=1; expires=Thu, 13-Aug-2020 01:07:48 GMT; path=/ content-encoding gzip

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.licznikodwiedzin.pl
www.server684037.nazwa.pl
85.128.184.235
89.161.254.183
48660be52c0b2dbbabc71f51863a28341d3ca0f1b11bfd131e1aceef6aedbaf9
5cb3a060c3b029c4a468c8e0fb33b5c08a708f5ff2680292b494d49b022a535e
9ff23f0b4fd800a91f08a221bf744518427e509907258618f21523754f7c6172
c5d15cbcc683069c646ec02c46e679d52e522fb54177e9ad6c2fc218d7983b7e

www.server684037.nazwa.pl Open in urlscan Pro 85.128.184.235 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

5 Requests

40 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

10 kBTransfer

30 kBSize

0 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

www.server684037.nazwa.pl Open in urlscan Pro
85.128.184.235 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

40 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

10 kB
Transfer

30 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!