skatk.ru
Open in
urlscan Pro
87.236.19.205
Malicious Activity!
Public Scan
Effective URL: http://skatk.ru/media/advancedmodules/images/con/xrp/user-254643/zydnu3tysss1a4z64kqkuvwara.php?pg=b&rem=aGZka2Z...
Submission: On February 13 via manual from IN
Summary
This is the only time skatk.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 9 | 87.236.19.205 87.236.19.205 | 198610 (BEGET-AS) (BEGET-AS) | |
1 | 2a00:1450:400... 2a00:1450:4001:809::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:819::2003 | 15169 (GOOGLE) (GOOGLE) | |
8 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
skatk.ru
3 redirects
skatk.ru |
503 KB |
1 |
gstatic.com
fonts.gstatic.com |
13 KB |
1 |
googleapis.com
fonts.googleapis.com |
485 B |
8 | 3 |
Domain | Requested by | |
---|---|---|
9 | skatk.ru |
3 redirects
skatk.ru
|
1 | fonts.gstatic.com |
skatk.ru
|
1 | fonts.googleapis.com |
skatk.ru
|
8 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.storage.googleapis.com GTS CA 1O1 |
2020-01-21 - 2020-04-14 |
3 months | crt.sh |
*.google.com GTS CA 1O1 |
2020-01-21 - 2020-04-14 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://skatk.ru/media/advancedmodules/images/con/xrp/user-254643/zydnu3tysss1a4z64kqkuvwara.php?pg=b&rem=aGZka2ZAZ21haWwuY29t&guce_referrer=aHR0cHM6Ly&m=&9sb2dpbi55YWhvby5jb20v&guce_referrer_sig=AQAAABA99NmGR9iNQOyU5mI3ASjQfYjcPATD_A8modgjxpNXYNmo8n5zxdi8EZV7GFYPzoSc_RpMz0hYfdCk0OLmxnMB6tpfZnd5ENc
Frame ID: F2F53893766195519376031A86C40269
Requests: 12 HTTP requests in this frame
Frame:
http://skatk.ru/media/advancedmodules/images/con/xrp/user-254643/zydnu3tysss1a4z64kqkuvwara.php?pg=c&rem=aGZka2ZAZ21haWwuY29t&a=0&m=
Frame ID: 57A9B01B0CE6E105FA877475D7717CD1
Requests: 4 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://skatk.ru/media/advancedmodules/images/con/cloud.php?rem=hfdkf@gmail.com Page URL
-
http://skatk.ru/media/advancedmodules/images/con/rc.php?rem=hfdkf@gmail.com&xfhyzv40ugola8sd...
HTTP 302
http://skatk.ru/media/advancedmodules/images/con/xrp/user-254643?pg=a&rem=hfdkf@gmail.com&se... HTTP 301
http://skatk.ru/media/advancedmodules/images/con/xrp/user-254643/?pg=a&rem=hfdkf@gmail.com&s... HTTP 302
http://skatk.ru/media/advancedmodules/images/con/xrp/user-254643/zydnu3tysss1a4z64kqkuvwara.... Page URL
- http://skatk.ru/media/advancedmodules/images/con/xrp/user-254643/zydnu3tysss1a4z64kqkuvwara.... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://skatk.ru/media/advancedmodules/images/con/cloud.php?rem=hfdkf@gmail.com Page URL
-
http://skatk.ru/media/advancedmodules/images/con/rc.php?rem=hfdkf@gmail.com&xfhyzv40ugola8sdj397iqpkcb56nwmte2r1
HTTP 302
http://skatk.ru/media/advancedmodules/images/con/xrp/user-254643?pg=a&rem=hfdkf@gmail.com&sessionid=r3INP2GcEfLV1keadUMF6n=H87irnOme3bBuSAGp06jfVwqcdQYRJNIaDXkogPhKx45ZUWs=&r= HTTP 301
http://skatk.ru/media/advancedmodules/images/con/xrp/user-254643/?pg=a&rem=hfdkf@gmail.com&sessionid=r3INP2GcEfLV1keadUMF6n=H87irnOme3bBuSAGp06jfVwqcdQYRJNIaDXkogPhKx45ZUWs=&r= HTTP 302
http://skatk.ru/media/advancedmodules/images/con/xrp/user-254643/zydnu3tysss1a4z64kqkuvwara.php?pg=a&rem=aGZka2ZAZ21haWwuY29t&sessionid=zajGh4onO1BSIEFDl8Vb0u=&Country=_uIUiP6NlMW2JfVm03eQd5TKEgbnjzSc8RvorF1yqHLX4xAYs=&r=&b= Page URL
- http://skatk.ru/media/advancedmodules/images/con/xrp/user-254643/zydnu3tysss1a4z64kqkuvwara.php?pg=b&rem=aGZka2ZAZ21haWwuY29t&guce_referrer=aHR0cHM6Ly&m=&9sb2dpbi55YWhvby5jb20v&guce_referrer_sig=AQAAABA99NmGR9iNQOyU5mI3ASjQfYjcPATD_A8modgjxpNXYNmo8n5zxdi8EZV7GFYPzoSc_RpMz0hYfdCk0OLmxnMB6tpfZnd5ENc Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- http://skatk.ru/media/advancedmodules/images/con/rc.php?rem=hfdkf@gmail.com&xfhyzv40ugola8sdj397iqpkcb56nwmte2r1 HTTP 302
- http://skatk.ru/media/advancedmodules/images/con/xrp/user-254643?pg=a&rem=hfdkf@gmail.com&sessionid=r3INP2GcEfLV1keadUMF6n=H87irnOme3bBuSAGp06jfVwqcdQYRJNIaDXkogPhKx45ZUWs=&r= HTTP 301
- http://skatk.ru/media/advancedmodules/images/con/xrp/user-254643/?pg=a&rem=hfdkf@gmail.com&sessionid=r3INP2GcEfLV1keadUMF6n=H87irnOme3bBuSAGp06jfVwqcdQYRJNIaDXkogPhKx45ZUWs=&r= HTTP 302
- http://skatk.ru/media/advancedmodules/images/con/xrp/user-254643/zydnu3tysss1a4z64kqkuvwara.php?pg=a&rem=aGZka2ZAZ21haWwuY29t&sessionid=zajGh4onO1BSIEFDl8Vb0u=&Country=_uIUiP6NlMW2JfVm03eQd5TKEgbnjzSc8RvorF1yqHLX4xAYs=&r=&b=
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
cloud.php
skatk.ru/media/advancedmodules/images/con/ |
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
zydnu3tysss1a4z64kqkuvwara.php
skatk.ru/media/advancedmodules/images/con/xrp/user-254643/ Redirect Chain
|
509 KB 340 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
783 B 485 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
380 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
474 B 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
280 B 0 |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
244 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
40 KB 40 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2
fonts.gstatic.com/s/raleway/v14/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
zydnu3tysss1a4z64kqkuvwara.php
skatk.ru/media/advancedmodules/images/con/xrp/user-254643/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
zydnu3tysss1a4z64kqkuvwara.php
skatk.ru/media/advancedmodules/images/con/xrp/user-254643/ Frame 57A9 |
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gm.jpg
skatk.ru/media/advancedmodules/images/con/xrp/user-254643/serv/mode/ |
147 KB 148 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gm.ico
skatk.ru/media/advancedmodules/images/con/xrp/user-254643/serv/ Frame 57A9 |
5 KB 6 KB |
Image
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 57A9 |
6 KB 0 |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 57A9 |
2 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
skatk.ru
2a00:1450:4001:809::200a
2a00:1450:4001:819::2003
87.236.19.205
1a4da897bf9eb089de1a490c83420ba587d70310117dfa938559d271d6a46b45
1bcbd711541fce74fc4c58fce450956c507db9e1e9d83af8f13ed448e114f9a0
2601ff80e321fa9d1685cdc9ac5e85229eb4259cba6098463a019e6610687f19
3147026ff99804131affcb3cadbdfd49c0a07583682aefcc1198f57e2614d5b0
605e151e69e20fdbf3fb5e39c6c645c32b1eb739ce68aacbe47cecb1a26173e4
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
7d9525d0ec611e2c33d6ed2b6d7b9f3dcd389f5b6b14b500194a9f141ae259d7
7e347b66fb1145f780600551e06778b33ecaca5c45897ac90eb96eb4b6afd082
92fd40762d767ac7711c39b19506d470d901d31c8ac193499b3b673ec1261396
93480ff073d2be70226222836850f5e26b10e30d203b5a7f2be249a2b89a7de4
9ed1e994bade292287d68f312066b6e6369244e751aa07d2d61ea9fc2ecffe06
ad031cb42039e93e675e91cbf0629ee040b29c47a6c6c463186fd33755c4013f
ae3ca3cd183c8dfe9acdf92751d544555cb50b5e2f3adfdd57edb1ba9a6250a4
d6fc3d1520a00be1c8c8cb060a85bdb76f8daa6596e58d2b2a977ea67bb0a886
e0820a01e8be18589121c87e194a0f23f631ad9da45637c4719d218f5d124bf5
edecc97d12f824eeb7bd13ef2e4cf551c3139f79a63504a7cd0dfc3e5333badc