oooprog.ru Open in urlscan Pro
91.226.92.10 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://oooprog.ru/rusgenerals/plugins/sp_xx/app/phone.php
Submission: On February 11 via automatic, source openphish (February 11th 2022, 1:19:59 am UTC) — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 91.226.92.10, located in Russian Federation and belongs to ROSTELECOM-AS, RU. The main domain is oooprog.ru.

This is the only time oooprog.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Standard Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
14	91.226.92.10 91.226.92.10		12389 (ROSTELECO...) (ROSTELECOM-AS)
14	1

14 91.226.92.10 (Russian Federation)

ASN12389 (ROSTELECOM-AS, RU)
PTR: v1.sibhoster.ru

oooprog.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	oooprog.ru oooprog.ru	244 KB
14	1

	Domain	Requested by
14	oooprog.ru	oooprog.ru
14	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://oooprog.ru/rusgenerals/plugins/sp_xx/app/phone.php
Frame ID: C67447CF4D01D263459B9A750E679255
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Standard Bank Online Banking

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

14
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

244 kB
Transfer

1799 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request phone.php Show response
oooprog.ru/rusgenerals/plugins/sp_xx/app/ 12 KB
4 KB 301ms
210ms Document
text/html 91.226.92.10
ROSTELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://oooprog.ru/rusgenerals/plugins/sp_xx/app/phone.php

Protocol

HTTP/1.1

Server

91.226.92.10 , Russian Federation, ASN12389 (ROSTELECOM-AS, RU),

Reverse DNS

v1.sibhoster.ru

Software

nginx / PHP/5.2.17

Resource Hash

e445ee8ab692bfd69e67fcda0ec88b375aff07fd69a391d33cf985e0c2e7d000

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx
Date: Fri, 11 Feb 2022 01:19:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
Content-Encoding: gzip

GET
H/1.1 200
OK app.min.css
oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/ 67 KB
7 KB 86ms
85ms Stylesheet
text/css 91.226.92.10
ROSTELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min.css

Requested by

Host: oooprog.ru
URL: http://oooprog.ru/rusgenerals/plugins/sp_xx/app/phone.php

Protocol

HTTP/1.1

Server

91.226.92.10 , Russian Federation, ASN12389 (ROSTELECOM-AS, RU),

Reverse DNS

v1.sibhoster.ru

Software

nginx /

Resource Hash

299e172fe1689256371cfa87e838e714e3c5f0ec6b8d87edf3b42db96677dc2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://oooprog.ru/rusgenerals/plugins/sp_xx/app/phone.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 11 Feb 2022 01:19:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sat, 04 Dec 2021 10:03:00 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sun, 13 Mar 2022 01:19:54 GMT
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
X-Server-Powered-By: Engintron
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: HIT

GET
H/1.1 200
OK logo.png
oooprog.ru/rusgenerals/plugins/sp_xx/libraries/img/ 4 KB
5 KB 174ms
88ms Image
image/png 91.226.92.10
ROSTELECOM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/img/logo.png

Requested by

Host: oooprog.ru
URL: http://oooprog.ru/rusgenerals/plugins/sp_xx/app/phone.php

Protocol

HTTP/1.1

Server

91.226.92.10 , Russian Federation, ASN12389 (ROSTELECOM-AS, RU),

Reverse DNS

v1.sibhoster.ru

Software

nginx /

Resource Hash

13b5669dc857866805c2037d38b9700ffc95962336efacaf00fa540ef3aabb0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://oooprog.ru/rusgenerals/plugins/sp_xx/app/phone.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 11 Feb 2022 01:19:54 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 12 Feb 2021 02:17:24 GMT
Server: nginx
Content-Type: image/png
Expires: Tue, 12 Apr 2022 01:19:54 GMT
Cache-Control: max-age=5184000
X-Server-Powered-By: Engintron
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4280
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK logo-black.png
oooprog.ru/rusgenerals/plugins/sp_xx/libraries/img/ 5 KB
5 KB 172ms
86ms Image
image/png 91.226.92.10
ROSTELECOM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/img/logo-black.png

Requested by

Host: oooprog.ru
URL: http://oooprog.ru/rusgenerals/plugins/sp_xx/app/phone.php

Protocol

HTTP/1.1

Server

91.226.92.10 , Russian Federation, ASN12389 (ROSTELECOM-AS, RU),

Reverse DNS

v1.sibhoster.ru

Software

nginx /

Resource Hash

e2a8bacece2281468315125ce7ffe5b2ffabd9e04348b6f5b3ebe73025fec613

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://oooprog.ru/rusgenerals/plugins/sp_xx/app/phone.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 11 Feb 2022 01:19:54 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 12 Feb 2021 02:18:44 GMT
Server: nginx
Content-Type: image/png
Expires: Tue, 12 Apr 2022 01:19:54 GMT
Cache-Control: max-age=5184000
X-Server-Powered-By: Engintron
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5017
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK logo-blue.png
oooprog.ru/rusgenerals/plugins/sp_xx/libraries/img/ 943 B
1 KB 348ms
86ms Image
image/png 91.226.92.10
ROSTELECOM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/img/logo-blue.png

Requested by

Host: oooprog.ru
URL: http://oooprog.ru/rusgenerals/plugins/sp_xx/app/phone.php

Protocol

HTTP/1.1

Server

91.226.92.10 , Russian Federation, ASN12389 (ROSTELECOM-AS, RU),

Reverse DNS

v1.sibhoster.ru

Software

nginx /

Resource Hash

525039e52d78179e9652f13d6dfa0d68b3d3fd3656297d520f63ea2c09aa8fa8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://oooprog.ru/rusgenerals/plugins/sp_xx/app/phone.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 11 Feb 2022 01:19:54 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 11 Feb 2021 18:51:00 GMT
Server: nginx
Content-Type: image/png
Expires: Tue, 12 Apr 2022 01:19:54 GMT
Cache-Control: max-age=5184000
X-Server-Powered-By: Engintron
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 943
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK app.min-blessed49.css
oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/ 303 KB
33 KB 96ms
94ms Stylesheet
text/css 91.226.92.10
ROSTELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min-blessed49.css?z=1612885494473

Requested by

Host: oooprog.ru
URL: http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min.css

Protocol

HTTP/1.1

Server

91.226.92.10 , Russian Federation, ASN12389 (ROSTELECOM-AS, RU),

Reverse DNS

v1.sibhoster.ru

Software

nginx /

Resource Hash

d17e6f2d39ee771eb41fb6a167661ce69fc228af8daf99bcb2f5a5058f5e20da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 11 Feb 2022 01:19:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 10 Dec 2021 06:52:24 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sun, 13 Mar 2022 01:19:54 GMT
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
X-Server-Powered-By: Engintron
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: HIT

GET
H/1.1 200
OK app.min-blessed45.css
oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/ 425 KB
21 KB 106ms
99ms Stylesheet
text/css 91.226.92.10
ROSTELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min-blessed45.css?z=1612885494473

Requested by

Host: oooprog.ru
URL: http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min.css

Protocol

HTTP/1.1

Server

91.226.92.10 , Russian Federation, ASN12389 (ROSTELECOM-AS, RU),

Reverse DNS

v1.sibhoster.ru

Software

nginx /

Resource Hash

c415bbd5aeeaa215da204eeacdad5471ee670c054e295a2df1232a575166a2cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 11 Feb 2022 01:19:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 12 Feb 2021 02:51:08 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sun, 13 Mar 2022 01:19:54 GMT
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
X-Server-Powered-By: Engintron
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: HIT

GET
H/1.1 200
OK app.min-blessed44.css
oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/ 104 KB
13 KB 174ms
88ms Stylesheet
text/css 91.226.92.10
ROSTELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min-blessed44.css?z=1612885494473

Requested by

Host: oooprog.ru
URL: http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min.css

Protocol

HTTP/1.1

Server

91.226.92.10 , Russian Federation, ASN12389 (ROSTELECOM-AS, RU),

Reverse DNS

v1.sibhoster.ru

Software

nginx /

Resource Hash

1d37a24706a9b7ef61dfef37effcf7e9668080b854e2ecba5db74f89c208230d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 11 Feb 2022 01:19:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 12 Feb 2021 02:51:08 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sun, 13 Mar 2022 01:19:54 GMT
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
X-Server-Powered-By: Engintron
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: HIT

GET
H/1.1 200
OK app.min-blessed41.css
oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/ 240 KB
32 KB 176ms
88ms Stylesheet
text/css 91.226.92.10
ROSTELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min-blessed41.css?z=1612885494473

Requested by

Host: oooprog.ru
URL: http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min.css

Protocol

HTTP/1.1

Server

91.226.92.10 , Russian Federation, ASN12389 (ROSTELECOM-AS, RU),

Reverse DNS

v1.sibhoster.ru

Software

nginx /

Resource Hash

a932a73280a10e52e2b30a07d2e6b5839885712421129781d7b985cb53292600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 11 Feb 2022 01:19:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sat, 04 Dec 2021 10:02:58 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sun, 13 Mar 2022 01:19:54 GMT
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
X-Server-Powered-By: Engintron
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: HIT

GET
H/1.1 200
OK app.min-blessed40.css
oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/ 324 KB
29 KB 179ms
92ms Stylesheet
text/css 91.226.92.10
ROSTELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min-blessed40.css?z=1612885494473

Requested by

Host: oooprog.ru
URL: http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min.css

Protocol

HTTP/1.1

Server

91.226.92.10 , Russian Federation, ASN12389 (ROSTELECOM-AS, RU),

Reverse DNS

v1.sibhoster.ru

Software

nginx /

Resource Hash

c47b3a698d8e57d6edd9932c60661a5556e651c1ad5553851503f8f912640c5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 11 Feb 2022 01:19:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sat, 04 Dec 2021 10:02:56 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sun, 13 Mar 2022 01:19:54 GMT
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
X-Server-Powered-By: Engintron
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: HIT

GET
H/1.1 200
OK app.min-blessed39.css
oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/ 247 KB
26 KB 193ms
103ms Stylesheet
text/css 91.226.92.10
ROSTELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min-blessed39.css?z=1612885494473

Requested by

Host: oooprog.ru
URL: http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min.css

Protocol

HTTP/1.1

Server

91.226.92.10 , Russian Federation, ASN12389 (ROSTELECOM-AS, RU),

Reverse DNS

v1.sibhoster.ru

Software

nginx /

Resource Hash

e2746c264f16133ab654e9183c737eaf312c358a80f8b56c03c3b71f54e13473

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 11 Feb 2022 01:19:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sat, 04 Dec 2021 10:02:58 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sun, 13 Mar 2022 01:19:54 GMT
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
X-Server-Powered-By: Engintron
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: HIT

GET
H/1.1 200
OK bentonsans-regular-webfont.woff
oooprog.ru/rusgenerals/plugins/sp_xx/libraries/fonts/bentonsans/regular/ 12 KB
12 KB 95ms
95ms Font
font/woff 91.226.92.10
ROSTELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/fonts/bentonsans/regular/bentonsans-regular-webfont.woff

Requested by

Host: oooprog.ru
URL: http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min-blessed41.css?z=1612885494473

Protocol

HTTP/1.1

Server

91.226.92.10 , Russian Federation, ASN12389 (ROSTELECOM-AS, RU),

Reverse DNS

v1.sibhoster.ru

Software

nginx /

Resource Hash

0402b8e6e3b789ffec9618f6baea5b80a5c7d20a44394327a4d5a8e5ee369acf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min-blessed41.css?z=1612885494473
Origin: http://oooprog.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 11 Feb 2022 01:19:54 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 08 Feb 2021 22:52:48 GMT
Server: nginx
Content-Type: font/woff
Expires: Tue, 12 Apr 2022 01:19:54 GMT
Cache-Control: max-age=5184000
X-Server-Powered-By: Engintron
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11864
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: HIT

GET
H/1.1 200
OK fontawesome-webfont.woff
oooprog.ru/rusgenerals/plugins/sp_xx/libraries/fonts/ 43 KB
44 KB 88ms
87ms Font
font/woff 91.226.92.10
ROSTELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/fonts/fontawesome-webfont.woff

Requested by

Host: oooprog.ru
URL: http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min-blessed49.css?z=1612885494473

Protocol

HTTP/1.1

Server

91.226.92.10 , Russian Federation, ASN12389 (ROSTELECOM-AS, RU),

Reverse DNS

v1.sibhoster.ru

Software

nginx /

Resource Hash

0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min-blessed49.css?z=1612885494473
Origin: http://oooprog.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 11 Feb 2022 01:19:54 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 08 Feb 2021 14:52:48 GMT
Server: nginx
Content-Type: font/woff
Expires: Tue, 12 Apr 2022 01:19:54 GMT
Cache-Control: max-age=5184000
X-Server-Powered-By: Engintron
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 44432
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK bentonsans-medium-webfont.woff
oooprog.ru/rusgenerals/plugins/sp_xx/libraries/fonts/bentonsans/medium/ 12 KB
12 KB 87ms
86ms Font
font/woff 91.226.92.10
ROSTELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/fonts/bentonsans/medium/bentonsans-medium-webfont.woff

Requested by

Host: oooprog.ru
URL: http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min-blessed41.css?z=1612885494473

Protocol

HTTP/1.1

Server

91.226.92.10 , Russian Federation, ASN12389 (ROSTELECOM-AS, RU),

Reverse DNS

v1.sibhoster.ru

Software

nginx /

Resource Hash

e22403a94b6dafdf14e615863c37f711615cd794d3cd09812a947c974bf99cca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://oooprog.ru/rusgenerals/plugins/sp_xx/libraries/css/app.min-blessed41.css?z=1612885494473
Origin: http://oooprog.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 11 Feb 2022 01:19:54 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 08 Feb 2021 22:52:48 GMT
Server: nginx
Content-Type: font/woff
Expires: Tue, 12 Apr 2022 01:19:54 GMT
Cache-Control: max-age=5184000
X-Server-Powered-By: Engintron
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11876
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: HIT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Standard Bank (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone function| isInputNumber

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			oooprog.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: qupbvsm8jqhn6cn019mlflpre5

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

oooprog.ru
91.226.92.10
0402b8e6e3b789ffec9618f6baea5b80a5c7d20a44394327a4d5a8e5ee369acf
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
13b5669dc857866805c2037d38b9700ffc95962336efacaf00fa540ef3aabb0c
1d37a24706a9b7ef61dfef37effcf7e9668080b854e2ecba5db74f89c208230d
299e172fe1689256371cfa87e838e714e3c5f0ec6b8d87edf3b42db96677dc2e
525039e52d78179e9652f13d6dfa0d68b3d3fd3656297d520f63ea2c09aa8fa8
a932a73280a10e52e2b30a07d2e6b5839885712421129781d7b985cb53292600
c415bbd5aeeaa215da204eeacdad5471ee670c054e295a2df1232a575166a2cf
c47b3a698d8e57d6edd9932c60661a5556e651c1ad5553851503f8f912640c5e
d17e6f2d39ee771eb41fb6a167661ce69fc228af8daf99bcb2f5a5058f5e20da
e22403a94b6dafdf14e615863c37f711615cd794d3cd09812a947c974bf99cca
e2746c264f16133ab654e9183c737eaf312c358a80f8b56c03c3b71f54e13473
e2a8bacece2281468315125ce7ffe5b2ffabd9e04348b6f5b3ebe73025fec613
e445ee8ab692bfd69e67fcda0ec88b375aff07fd69a391d33cf985e0c2e7d000

oooprog.ru Open in urlscan Pro 91.226.92.10 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

14 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

244 kBTransfer

1799 kBSize

1 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

oooprog.ru Open in urlscan Pro
91.226.92.10 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

244 kB
Transfer

1799 kB
Size

1
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!