u35670p30940.web0106.zxcs.nl Open in urlscan Pro
185.104.29.58 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://u35472p30735.web0106.zxcs.nl/owee.php
Effective URL:
http://u35670p30940.web0106.zxcs.nl/batwist/index.php
Submission: On July 16 via manual (July 16th 2018, 5:47:21 am UTC) from NL

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 16 HTTP transactions. The main IP is 185.104.29.58, located in Netherlands and belongs to AS-ZXCS, NL. The main domain is u35670p30940.web0106.zxcs.nl.

This is the only time u35670p30940.web0106.zxcs.nl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: International Card Services (Financial)

Domain & IP information

	IP Address	AS Autonomous System
15	185.104.29.58 185.104.29.58	206281 (AS-ZXCS) (AS-ZXCS)
1	205.185.208.52 205.185.208.52	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
16	2

15 185.104.29.58 (Netherlands)

ASN206281 (AS-ZXCS, NL)
PTR: web0106.zxcs.nl

u35472p30735.web0106.zxcs.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u35670p30940.web0106.zxcs.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.208.52 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	zxcs.nl u35472p30735.web0106.zxcs.nl u35670p30940.web0106.zxcs.nl	129 KB
1	jquery.com code.jquery.com	96 KB
16	2

	Domain	Requested by
14	u35670p30940.web0106.zxcs.nl	u35472p30735.web0106.zxcs.nl u35670p30940.web0106.zxcs.nl
1	code.jquery.com	u35670p30940.web0106.zxcs.nl
1	u35472p30735.web0106.zxcs.nl
16	3

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://u35670p30940.web0106.zxcs.nl/batwist/index.php
Frame ID: 1F0F5B7C62B29B0632B7B999B738D3F1
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://u35472p30735.web0106.zxcs.nl/owee.php Page URL
http://u35670p30940.web0106.zxcs.nl/batwist/index.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

16
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

226 kB
Transfer

759 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://u35472p30735.web0106.zxcs.nl/owee.php Page URL
http://u35670p30940.web0106.zxcs.nl/batwist/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	owee.php Show response u35472p30735.web0106.zxcs.nl/	7 KB 4 KB	565ms 537ms	Document text/html	185.104.29.58 AS-ZXCS
General Check archive.org Show headers Download Go to Full URL http://u35472p30735.web0106.zxcs.nl/owee.php Protocol HTTP/1.1 Server 185.104.29.58 , Netherlands, ASN206281 (AS-ZXCS, NL), Reverse DNS web0106.zxcs.nl Software Apache/2 / PHP/7.0.30 Resource Hash `07c41addd284d9a1736744b41924de61347f6fbfdff49933188d7e56dcb533f4` Request headers Host u35472p30735.web0106.zxcs.nl Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 1F0F5B7C62B29B0632B7B999B738D3F1 Response headers Date Mon, 16 Jul 2018 05:47:10 GMT Server Apache/2 X-Powered-By PHP/7.0.30 Upgrade h2,h2c Connection Upgrade, Keep-Alive Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 3503 Keep-Alive timeout=2, max=100 Content-Type text/html; charset=UTF-8
POST H/1.1	200 OK	Primary Request index.php Show response u35670p30940.web0106.zxcs.nl/batwist/	33 KB 9 KB	563ms 550ms	Document text/html	185.104.29.58 AS-ZXCS
General Check archive.org Show headers Download Go to Full URL http://u35670p30940.web0106.zxcs.nl/batwist/index.php Requested by Host: u35472p30735.web0106.zxcs.nl URL: http://u35472p30735.web0106.zxcs.nl/owee.php Protocol HTTP/1.1 Server 185.104.29.58 , Netherlands, ASN206281 (AS-ZXCS, NL), Reverse DNS web0106.zxcs.nl Software Apache/2 / PHP/7.0.30 Resource Hash `590176d984fd023391a7166ee01308b58b07470fa332db5bfa6f3a82c29e10b0` Request headers Host u35670p30940.web0106.zxcs.nl Connection keep-alive Content-Length 5571 Pragma no-cache Cache-Control no-cache Origin http://u35472p30735.web0106.zxcs.nl Upgrade-Insecure-Requests 1 Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://u35472p30735.web0106.zxcs.nl/owee.php Accept-Encoding gzip, deflate Origin http://u35472p30735.web0106.zxcs.nl Upgrade-Insecure-Requests 1 Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 1F0F5B7C62B29B0632B7B999B738D3F1 Referer http://u35472p30735.web0106.zxcs.nl/owee.php Response headers Date Mon, 16 Jul 2018 05:47:10 GMT Server Apache/2 X-Powered-By PHP/7.0.30 Upgrade h2,h2c Connection Upgrade, Keep-Alive Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 9093 Keep-Alive timeout=2, max=100 Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	main-ics.css u35670p30940.web0106.zxcs.nl/batwist/css/	185 KB 28 KB	30ms 30ms	Stylesheet text/css	185.104.29.58 AS-ZXCS
General Check archive.org Show headers Download Go to Full URL http://u35670p30940.web0106.zxcs.nl/batwist/css/main-ics.css Requested by Host: u35670p30940.web0106.zxcs.nl URL: http://u35670p30940.web0106.zxcs.nl/batwist/index.php Protocol HTTP/1.1 Server 185.104.29.58 , Netherlands, ASN206281 (AS-ZXCS, NL), Reverse DNS web0106.zxcs.nl Software Apache/2 / Resource Hash `017963c4f0752f994e9ba98bcdc7512a5ecc903dd90b4d607ad8b905a5009a1b` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u35670p30940.web0106.zxcs.nl User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://u35670p30940.web0106.zxcs.nl/batwist/index.php Connection keep-alive Cache-Control no-cache Referer http://u35670p30940.web0106.zxcs.nl/batwist/index.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 16 Jul 2018 05:47:11 GMT Content-Encoding gzip Last-Modified Mon, 16 Jul 2018 04:28:29 GMT Server Apache/2 ETag "2e2bd-5711642ee3638-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=99 Content-Length 28675
GET H/1.1	200 OK	login-style.css u35670p30940.web0106.zxcs.nl/batwist/css/	211 KB 29 KB	44ms 30ms	Stylesheet text/css	185.104.29.58 AS-ZXCS
General Check archive.org Show headers Download Go to Full URL http://u35670p30940.web0106.zxcs.nl/batwist/css/login-style.css Requested by Host: u35670p30940.web0106.zxcs.nl URL: http://u35670p30940.web0106.zxcs.nl/batwist/index.php Protocol HTTP/1.1 Server 185.104.29.58 , Netherlands, ASN206281 (AS-ZXCS, NL), Reverse DNS web0106.zxcs.nl Software Apache/2 / Resource Hash `5c3d960d9ce4ea474f8dcf64ef769c301630e16e983dde081b431c07a5ce1dde` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host u35670p30940.web0106.zxcs.nl User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://u35670p30940.web0106.zxcs.nl/batwist/index.php Connection keep-alive Cache-Control no-cache Referer http://u35670p30940.web0106.zxcs.nl/batwist/index.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 16 Jul 2018 05:47:11 GMT Content-Encoding gzip Last-Modified Mon, 16 Jul 2018 04:28:29 GMT Server Apache/2 ETag "34ab0-5711642ee2e68-gzip" Vary Accept-Encoding,User-Agent Upgrade h2,h2c Connection Upgrade, Keep-Alive Accept-Ranges bytes Content-Type text/css Keep-Alive timeout=2, max=100 Content-Length 28836
GET H/1.1	200 OK	jquery-3.3.1.js Show response code.jquery.com/	265 KB 96 KB	26ms 6ms	Script application/javascript	205.185.208.52 Highwinds Network...
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.3.1.js Requested by Host: u35670p30940.web0106.zxcs.nl URL: http://u35670p30940.web0106.zxcs.nl/batwist/index.php Protocol HTTP/1.1 Server 205.185.208.52 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US), Reverse DNS vip052.ssl.hwcdn.net Software nginx / Resource Hash `d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad` Request headers Referer http://u35670p30940.web0106.zxcs.nl/batwist/index.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 16 Jul 2018 05:47:11 GMT Content-Encoding gzip Last-Modified Sat, 20 Jan 2018 17:26:44 GMT Server nginx ETag W/"5a637bd4-42587" Vary Accept-Encoding X-HW 1531720031.dop009.fr8.t,1531720031.cds033.fr8.shn,1531720031.cds033.fr8.c Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control max-age=315360000 Connection Keep-Alive Accept-Ranges bytes Content-Length 98173
GET H/1.1	404 Not Found	5d4aa15f47dbbc8848e141699172fc7f.woff2 u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/sunot-regular-webfont/	0 0	15ms 14ms	Font text/html	185.104.29.58 AS-ZXCS
General Check archive.org Show headers Download Go to Full URL http://u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/sunot-regular-webfont/5d4aa15f47dbbc8848e141699172fc7f.woff2 Requested by Host: u35670p30940.web0106.zxcs.nl URL: http://u35670p30940.web0106.zxcs.nl/batwist/index.php Protocol HTTP/1.1 Server 185.104.29.58 , Netherlands, ASN206281 (AS-ZXCS, NL), Reverse DNS web0106.zxcs.nl Software Apache/2 / Resource Hash Request headers Pragma no-cache Origin http://u35670p30940.web0106.zxcs.nl Accept-Encoding gzip, deflate Host u35670p30940.web0106.zxcs.nl User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/login-style.css Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/login-style.css Origin http://u35670p30940.web0106.zxcs.nl Response headers Date Mon, 16 Jul 2018 05:47:11 GMT Server Apache/2 Connection Keep-Alive Keep-Alive timeout=2, max=99 Content-Length 408 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	d41e1eae596e167f975877da5b8658cc.woff2 u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/sunot-light-webfont/	0 0	15ms 15ms	Font text/html	185.104.29.58 AS-ZXCS
General Check archive.org Show headers Download Go to Full URL http://u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/sunot-light-webfont/d41e1eae596e167f975877da5b8658cc.woff2 Requested by Host: u35670p30940.web0106.zxcs.nl URL: http://u35670p30940.web0106.zxcs.nl/batwist/index.php Protocol HTTP/1.1 Server 185.104.29.58 , Netherlands, ASN206281 (AS-ZXCS, NL), Reverse DNS web0106.zxcs.nl Software Apache/2 / Resource Hash Request headers Pragma no-cache Origin http://u35670p30940.web0106.zxcs.nl Accept-Encoding gzip, deflate Host u35670p30940.web0106.zxcs.nl User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/login-style.css Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/login-style.css Origin http://u35670p30940.web0106.zxcs.nl Response headers Date Mon, 16 Jul 2018 05:47:11 GMT Server Apache/2 Connection Keep-Alive Keep-Alive timeout=2, max=98 Content-Length 406 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	563323f220bd5d70a04d6a182b7011ce.woff u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/icons/	0 0	27ms 15ms	Font text/html	185.104.29.58 AS-ZXCS
General Check archive.org Show headers Download Go to Full URL http://u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/icons/563323f220bd5d70a04d6a182b7011ce.woff Requested by Host: u35670p30940.web0106.zxcs.nl URL: http://u35670p30940.web0106.zxcs.nl/batwist/index.php Protocol HTTP/1.1 Server 185.104.29.58 , Netherlands, ASN206281 (AS-ZXCS, NL), Reverse DNS web0106.zxcs.nl Software Apache/2 / Resource Hash Request headers Pragma no-cache Origin http://u35670p30940.web0106.zxcs.nl Accept-Encoding gzip, deflate Host u35670p30940.web0106.zxcs.nl User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/login-style.css Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/login-style.css Origin http://u35670p30940.web0106.zxcs.nl Response headers Date Mon, 16 Jul 2018 05:47:11 GMT Server Apache/2 Connection Keep-Alive Keep-Alive timeout=2, max=98 Content-Length 391 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	d7cfa0e76cf13c91a985a876d5214044.woff u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/sunot-regular-webfont/	0 0	16ms 15ms	Font text/html	185.104.29.58 AS-ZXCS
General Check archive.org Show headers Download Go to Full URL http://u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/sunot-regular-webfont/d7cfa0e76cf13c91a985a876d5214044.woff Requested by Host: u35670p30940.web0106.zxcs.nl URL: http://u35670p30940.web0106.zxcs.nl/batwist/index.php Protocol HTTP/1.1 Server 185.104.29.58 , Netherlands, ASN206281 (AS-ZXCS, NL), Reverse DNS web0106.zxcs.nl Software Apache/2 / Resource Hash Request headers Pragma no-cache Origin http://u35670p30940.web0106.zxcs.nl Accept-Encoding gzip, deflate Host u35670p30940.web0106.zxcs.nl User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/login-style.css Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/login-style.css Origin http://u35670p30940.web0106.zxcs.nl Response headers Date Mon, 16 Jul 2018 05:47:11 GMT Server Apache/2 Connection Keep-Alive Keep-Alive timeout=2, max=100 Content-Length 407 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	8ba5c54d292507036373ed4ee0bb8c04.woff u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/sunot-light-webfont/	0 0	16ms 15ms	Font text/html	185.104.29.58 AS-ZXCS
General Check archive.org Show headers Download Go to Full URL http://u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/sunot-light-webfont/8ba5c54d292507036373ed4ee0bb8c04.woff Requested by Host: u35670p30940.web0106.zxcs.nl URL: http://u35670p30940.web0106.zxcs.nl/batwist/index.php Protocol HTTP/1.1 Server 185.104.29.58 , Netherlands, ASN206281 (AS-ZXCS, NL), Reverse DNS web0106.zxcs.nl Software Apache/2 / Resource Hash Request headers Pragma no-cache Origin http://u35670p30940.web0106.zxcs.nl Accept-Encoding gzip, deflate Host u35670p30940.web0106.zxcs.nl User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/login-style.css Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/login-style.css Origin http://u35670p30940.web0106.zxcs.nl Response headers Date Mon, 16 Jul 2018 05:47:11 GMT Server Apache/2 Connection Keep-Alive Keep-Alive timeout=2, max=97 Content-Length 405 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	dbbcb35279f322bf1497666016d4ab74.ttf u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/icons/	0 0	16ms 15ms	Font text/html	185.104.29.58 AS-ZXCS
General Check archive.org Show headers Download Go to Full URL http://u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/icons/dbbcb35279f322bf1497666016d4ab74.ttf Requested by Host: u35670p30940.web0106.zxcs.nl URL: http://u35670p30940.web0106.zxcs.nl/batwist/index.php Protocol HTTP/1.1 Server 185.104.29.58 , Netherlands, ASN206281 (AS-ZXCS, NL), Reverse DNS web0106.zxcs.nl Software Apache/2 / Resource Hash Request headers Pragma no-cache Origin http://u35670p30940.web0106.zxcs.nl Accept-Encoding gzip, deflate Host u35670p30940.web0106.zxcs.nl User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/login-style.css Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/login-style.css Origin http://u35670p30940.web0106.zxcs.nl Response headers Date Mon, 16 Jul 2018 05:47:11 GMT Server Apache/2 Connection Keep-Alive Keep-Alive timeout=2, max=99 Content-Length 390 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	d9c89afb33c578f113762ea7872fb4e1.ttf u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/sunot-regular-webfont/	0 0	16ms 16ms	Font text/html	185.104.29.58 AS-ZXCS
General Check archive.org Show headers Download Go to Full URL http://u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/sunot-regular-webfont/d9c89afb33c578f113762ea7872fb4e1.ttf Requested by Host: u35670p30940.web0106.zxcs.nl URL: http://u35670p30940.web0106.zxcs.nl/batwist/index.php Protocol HTTP/1.1 Server 185.104.29.58 , Netherlands, ASN206281 (AS-ZXCS, NL), Reverse DNS web0106.zxcs.nl Software Apache/2 / Resource Hash Request headers Pragma no-cache Origin http://u35670p30940.web0106.zxcs.nl Accept-Encoding gzip, deflate Host u35670p30940.web0106.zxcs.nl User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/login-style.css Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/login-style.css Origin http://u35670p30940.web0106.zxcs.nl Response headers Date Mon, 16 Jul 2018 05:47:11 GMT Server Apache/2 Connection Keep-Alive Keep-Alive timeout=2, max=97 Content-Length 406 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	0c62ecea9fbe2abf19c8fc1d8d3adc52.ttf u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/sunot-light-webfont/	0 0	15ms 14ms	Font text/html	185.104.29.58 AS-ZXCS
General Check archive.org Show headers Download Go to Full URL http://u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/sunot-light-webfont/0c62ecea9fbe2abf19c8fc1d8d3adc52.ttf Requested by Host: u35670p30940.web0106.zxcs.nl URL: http://u35670p30940.web0106.zxcs.nl/batwist/index.php Protocol HTTP/1.1 Server 185.104.29.58 , Netherlands, ASN206281 (AS-ZXCS, NL), Reverse DNS web0106.zxcs.nl Software Apache/2 / Resource Hash Request headers Pragma no-cache Origin http://u35670p30940.web0106.zxcs.nl Accept-Encoding gzip, deflate Host u35670p30940.web0106.zxcs.nl User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/login-style.css Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/login-style.css Origin http://u35670p30940.web0106.zxcs.nl Response headers Date Mon, 16 Jul 2018 05:47:11 GMT Server Apache/2 Connection Keep-Alive Keep-Alive timeout=2, max=96 Content-Length 404 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	sunot-regular-webfont.woff2 u35670p30940.web0106.zxcs.nl/batwist/css/fonts/	24 KB 24 KB	16ms 16ms	Font application/octet-stream	185.104.29.58 AS-ZXCS
General Check archive.org Show headers Download Go to Full URL http://u35670p30940.web0106.zxcs.nl/batwist/css/fonts/sunot-regular-webfont.woff2 Protocol HTTP/1.1 Server 185.104.29.58 , Netherlands, ASN206281 (AS-ZXCS, NL), Reverse DNS web0106.zxcs.nl Software Apache/2 / Resource Hash `d91f25688cdae541c16ba2ea41c25a64cc0f974fd94b698882f2df549695c34c` Request headers Pragma no-cache Origin http://u35670p30940.web0106.zxcs.nl Accept-Encoding gzip, deflate Host u35670p30940.web0106.zxcs.nl User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/main-ics.css Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/main-ics.css Origin http://u35670p30940.web0106.zxcs.nl Response headers Date Mon, 16 Jul 2018 05:47:11 GMT Content-Encoding gzip Last-Modified Mon, 16 Jul 2018 04:28:33 GMT Server Apache/2 ETag "5fb8-57116432330b8-gzip" Vary Accept-Encoding,User-Agent Access-Control-Allow-Origin * Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=95 Content-Length 24465
GET H/1.1	200 OK	sunot-light-webfont.woff2 u35670p30940.web0106.zxcs.nl/batwist/css/fonts/	24 KB 24 KB	17ms 16ms	Font application/octet-stream	185.104.29.58 AS-ZXCS
General Check archive.org Show headers Download Go to Full URL http://u35670p30940.web0106.zxcs.nl/batwist/css/fonts/sunot-light-webfont.woff2 Protocol HTTP/1.1 Server 185.104.29.58 , Netherlands, ASN206281 (AS-ZXCS, NL), Reverse DNS web0106.zxcs.nl Software Apache/2 / Resource Hash `d8231f32420dc458b2a7285736be68b26788704f46b652c44c7297cce29acb93` Request headers Pragma no-cache Origin http://u35670p30940.web0106.zxcs.nl Accept-Encoding gzip, deflate Host u35670p30940.web0106.zxcs.nl User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/main-ics.css Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/main-ics.css Origin http://u35670p30940.web0106.zxcs.nl Response headers Date Mon, 16 Jul 2018 05:47:11 GMT Content-Encoding gzip Last-Modified Mon, 16 Jul 2018 04:28:32 GMT Server Apache/2 ETag "5fa8-57116431e1420-gzip" Vary Accept-Encoding,User-Agent Access-Control-Allow-Origin * Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=96 Content-Length 24469
GET H/1.1	200 OK	icons.woff u35670p30940.web0106.zxcs.nl/batwist/css/fonts/	11 KB 11 KB	15ms 15ms	Font application/x-font-woff	185.104.29.58 AS-ZXCS
General Check archive.org Show headers Download Go to Full URL http://u35670p30940.web0106.zxcs.nl/batwist/css/fonts/icons.woff Protocol HTTP/1.1 Server 185.104.29.58 , Netherlands, ASN206281 (AS-ZXCS, NL), Reverse DNS web0106.zxcs.nl Software Apache/2 / Resource Hash `c1f3874cc3f5467a309962d1f127dc7c0f5bfdba58e6084a779d4dacefcefb8d` Request headers Pragma no-cache Origin http://u35670p30940.web0106.zxcs.nl Accept-Encoding gzip, deflate Host u35670p30940.web0106.zxcs.nl User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/main-ics.css Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://u35670p30940.web0106.zxcs.nl/batwist/css/main-ics.css Origin http://u35670p30940.web0106.zxcs.nl Response headers Date Mon, 16 Jul 2018 05:47:11 GMT Content-Encoding gzip Last-Modified Mon, 16 Jul 2018 04:28:31 GMT Server Apache/2 ETag "2b98-5711643103d28-gzip" Vary Accept-Encoding,User-Agent Content-Type application/x-font-woff Access-Control-Allow-Origin * Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=98 Content-Length 11157

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: International Card Services (Financial)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
u35472p30735.web0106.zxcs.nl
u35670p30940.web0106.zxcs.nl
185.104.29.58
205.185.208.52
017963c4f0752f994e9ba98bcdc7512a5ecc903dd90b4d607ad8b905a5009a1b
07c41addd284d9a1736744b41924de61347f6fbfdff49933188d7e56dcb533f4
590176d984fd023391a7166ee01308b58b07470fa332db5bfa6f3a82c29e10b0
5c3d960d9ce4ea474f8dcf64ef769c301630e16e983dde081b431c07a5ce1dde
c1f3874cc3f5467a309962d1f127dc7c0f5bfdba58e6084a779d4dacefcefb8d
d8231f32420dc458b2a7285736be68b26788704f46b652c44c7297cce29acb93
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
d91f25688cdae541c16ba2ea41c25a64cc0f974fd94b698882f2df549695c34c

u35670p30940.web0106.zxcs.nl Open in urlscan Pro 185.104.29.58 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

0 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

2 IPs

2 Countries

226 kBTransfer

759 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

u35670p30940.web0106.zxcs.nl Open in urlscan Pro
185.104.29.58 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

226 kB
Transfer

759 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!