![](/screenshots/de044a2e-bc6f-4294-931d-7b8ef7f63a9b.png)
u35670p30940.web0106.zxcs.nl
Open in
urlscan Pro
185.104.29.58
Malicious Activity!
Public Scan
Effective URL: http://u35670p30940.web0106.zxcs.nl/batwist/index.php
Submission: On July 16 via manual from NL
Summary
This is the only time u35670p30940.web0106.zxcs.nl was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: International Card Services (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
15 | 185.104.29.58 185.104.29.58 | 206281 (AS-ZXCS) (AS-ZXCS) | |
1 | 205.185.208.52 205.185.208.52 | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
16 | 2 |
ASN206281 (AS-ZXCS, NL)
PTR: web0106.zxcs.nl
u35472p30735.web0106.zxcs.nl | |
u35670p30940.web0106.zxcs.nl |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net
code.jquery.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
zxcs.nl
u35472p30735.web0106.zxcs.nl u35670p30940.web0106.zxcs.nl |
129 KB |
1 |
jquery.com
code.jquery.com |
96 KB |
16 | 2 |
Domain | Requested by | |
---|---|---|
14 | u35670p30940.web0106.zxcs.nl |
u35472p30735.web0106.zxcs.nl
u35670p30940.web0106.zxcs.nl |
1 | code.jquery.com |
u35670p30940.web0106.zxcs.nl
|
1 | u35472p30735.web0106.zxcs.nl | |
16 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://u35670p30940.web0106.zxcs.nl/batwist/index.php
Frame ID: 1F0F5B7C62B29B0632B7B999B738D3F1
Requests: 16 HTTP requests in this frame
Screenshot
![](/screenshots/de044a2e-bc6f-4294-931d-7b8ef7f63a9b.png)
Page URL History Show full URLs
- http://u35472p30735.web0106.zxcs.nl/owee.php Page URL
- http://u35670p30940.web0106.zxcs.nl/batwist/index.php Page URL
Detected technologies
Detected patterns
- url /\.php(?:$|\?)/i
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://u35472p30735.web0106.zxcs.nl/owee.php Page URL
- http://u35670p30940.web0106.zxcs.nl/batwist/index.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
owee.php
u35472p30735.web0106.zxcs.nl/ |
7 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
Primary Request
index.php
u35670p30940.web0106.zxcs.nl/batwist/ |
33 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-ics.css
u35670p30940.web0106.zxcs.nl/batwist/css/ |
185 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-style.css
u35670p30940.web0106.zxcs.nl/batwist/css/ |
211 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.3.1.js
code.jquery.com/ |
265 KB 96 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
5d4aa15f47dbbc8848e141699172fc7f.woff2
u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/sunot-regular-webfont/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d41e1eae596e167f975877da5b8658cc.woff2
u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/sunot-light-webfont/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
563323f220bd5d70a04d6a182b7011ce.woff
u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/icons/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d7cfa0e76cf13c91a985a876d5214044.woff
u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/sunot-regular-webfont/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
8ba5c54d292507036373ed4ee0bb8c04.woff
u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/sunot-light-webfont/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dbbcb35279f322bf1497666016d4ab74.ttf
u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/icons/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d9c89afb33c578f113762ea7872fb4e1.ttf
u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/sunot-regular-webfont/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0c62ecea9fbe2abf19c8fc1d8d3adc52.ttf
u35670p30940.web0106.zxcs.nl/batwist/css/login/assets/fonts/sunot-light-webfont/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sunot-regular-webfont.woff2
u35670p30940.web0106.zxcs.nl/batwist/css/fonts/ |
24 KB 24 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sunot-light-webfont.woff2
u35670p30940.web0106.zxcs.nl/batwist/css/fonts/ |
24 KB 24 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icons.woff
u35670p30940.web0106.zxcs.nl/batwist/css/fonts/ |
11 KB 11 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: International Card Services (Financial)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
u35472p30735.web0106.zxcs.nl
u35670p30940.web0106.zxcs.nl
185.104.29.58
205.185.208.52
017963c4f0752f994e9ba98bcdc7512a5ecc903dd90b4d607ad8b905a5009a1b
07c41addd284d9a1736744b41924de61347f6fbfdff49933188d7e56dcb533f4
590176d984fd023391a7166ee01308b58b07470fa332db5bfa6f3a82c29e10b0
5c3d960d9ce4ea474f8dcf64ef769c301630e16e983dde081b431c07a5ce1dde
c1f3874cc3f5467a309962d1f127dc7c0f5bfdba58e6084a779d4dacefcefb8d
d8231f32420dc458b2a7285736be68b26788704f46b652c44c7297cce29acb93
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
d91f25688cdae541c16ba2ea41c25a64cc0f974fd94b698882f2df549695c34c