tor.shalka.pw
Open in
urlscan Pro
45.80.68.211
Malicious Activity!
Public Scan
Submission: On April 08 via automatic, source openphish
Summary
This is the only time tor.shalka.pw was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online) Amazon (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 45.80.68.211 45.80.68.211 | 198610 (BEGET-AS) (BEGET-AS) | |
14 | 5.101.152.232 5.101.152.232 | 198610 (BEGET-AS) (BEGET-AS) | |
1 | 2a00:1450:400... 2a00:1450:4001:821::200a | 15169 (GOOGLE) (GOOGLE) | |
5 | 2606:4700:303... 2606:4700:3035::6818:7efb | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
21 | 4 |
ASN198610 (BEGET-AS, RU)
PTR: m2.leela.beget.com
canon.lasell.pw |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
lasell.pw
canon.lasell.pw |
541 KB |
5 |
play4winprize.site
www.play4winprize.site |
|
1 |
googleapis.com
ajax.googleapis.com |
33 KB |
1 |
shalka.pw
tor.shalka.pw |
8 KB |
21 | 4 |
Domain | Requested by | |
---|---|---|
14 | canon.lasell.pw |
tor.shalka.pw
|
5 | www.play4winprize.site |
tor.shalka.pw
|
1 | ajax.googleapis.com |
tor.shalka.pw
|
1 | tor.shalka.pw | |
21 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
canon.lasell.pw |
cdcracker.info |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.storage.googleapis.com GTS CA 1O1 |
2020-03-03 - 2020-05-26 |
3 months | crt.sh |
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-11-06 - 2020-10-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://tor.shalka.pw/W1kywT/
Frame ID: 9F16C0D7B2A435F7DE092F4E3B94BEBC
Requests: 21 HTTP requests in this frame
Screenshot
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: OK
Search URL Search Domain Scan URL
Title: האבתי תגובה
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
tor.shalka.pw/W1kywT/ |
29 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.css
canon.lasell.pw/ |
169 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.1/ |
94 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
custom.css
canon.lasell.pw/ |
216 KB 36 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo1.png
canon.lasell.pw/ |
56 KB 56 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo1(1).png
www.play4winprize.site/amazonboxv4ipes/index_files/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
canon.lasell.pw/ |
39 KB 39 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_mark1.png
canon.lasell.pw/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading.gif
canon.lasell.pw/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fb-check.jpg
canon.lasell.pw/ |
681 B 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
samsung-logo1.png
www.play4winprize.site/amazonboxv4ipes/index_files/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iphoneprize.png
canon.lasell.pw/ |
196 KB 197 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FB-like.png
canon.lasell.pw/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js.download
canon.lasell.pw/ |
94 KB 94 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gift.gif
www.play4winprize.site/amazonboxv4ipes/index_files/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
canon.lasell.pw/ |
127 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.js.download
canon.lasell.pw/ |
46 KB 46 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
amazon_sprite.png
canon.lasell.pw/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
InternationalCustomerPreferencesNavAssets-icp_sprite-0b528ccc99b2eed18447291de6df851bc2c6fe68._V2_.png
canon.lasell.pw/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
avatar2-sprites.jpg
www.play4winprize.site/amazonboxv4ipes/img/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg-new.png
www.play4winprize.site/amazonboxv4ipes/index_files/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online) Amazon (Online)27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| fdate object| monthNames object| now string| nowStringTommorow object| mydate number| year number| day number| month string| daym object| dayarray object| montharray function| startTimer number| count function| drawszlider number| slidewhere number| holvanszlider number| counter function| ok_btn function| ok_btn2 function| hidemodal01 function| hidemodal02 number| pz object| jQuery1110031413430619539433 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
tor.shalka.pw/ | Name: 04ea2 Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjQ1XCI6MTU4NjMwNzA3MX0sXCJjYW1wYWlnbnNcIjp7XCIxOVwiOjE1ODYzMDcwNzF9LFwidGltZVwiOjE1ODYzMDcwNzF9In0.cVZYmmKuwBhEIjOAScw6bVbOess3FljSGaP7vd9h8p0 |
|
tor.shalka.pw/ | Name: _token Value: uuid_2r6d5g4beb78q_2r6d5g4beb78q5e8d1fff2eef74.99818191 |
|
tor.shalka.pw/ | Name: _subid Value: 2r6d5g4beb78q |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
canon.lasell.pw
tor.shalka.pw
www.play4winprize.site
2606:4700:3035::6818:7efb
2a00:1450:4001:821::200a
45.80.68.211
5.101.152.232
0c1c190cebee4827af2b9510cc4ea12d386d9455edc53c6628daae94e7523400
0d69c7364013b145a9c3d07d8df97d44b4bcf0fedb63b576f16658c02fbcb60d
11740e5a67328f0da2d2dc81fd76dbdfdfdc8d26a124ecd1f5fe6b07fa661ad4
16075884dded8f6e8869ca40c8659379223d76b1d427d98945386fcb68e7fe41
2e0611ddecedd03cb47ceb265d8b58eb7a662ea65d889b87867a9ecdb4c252d2
4291f24cfd31872276064368ee11e6787ab0debe8e014a4f78cbe00f71885d82
44a00376f991babaaed24cce51fee1b041d270410788176fe3a8bcb0108a626c
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
60dc662df463ede4ecd32c9f99f6adc59713ffc9dc5bb7cf35733557825bf32d
857868e002ffafdb9f2f50c228103b90f9749ec4294ac54bdb37808b96a76c71
97d2ed32446bb57b7504e813d7a7f96d13171dedd66e4502eccadf3159ec585f
c3cd6fd03aa1e90297aa71e94f2c53f8e6e8d85db2cd06ced92d05915fc53375
ccfa7aef633f7ef3fc2e1ff11d4698f85f08201e524f40894e6304ea58e9a174
d44b5fe2a942827e8f72ed857a5f31da3ae30bc11fa13e60c920058b9b566573
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fb688bd3a4c6531f4fa7a72dc0321c8f3bb1f7f3fdc5b03b7c2a8c485ef07d0e
fbf6a89c2c9b53977309305e2e5e3cd9b4832671a5c6fb4e0cb38bf576d4bb3b