cd97915.tmweb.ru
Open in
urlscan Pro
2a03:6f00:6:1::517:3284
Malicious Activity!
Public Scan
Effective URL: http://cd97915.tmweb.ru/secureconfirm.html
Submission Tags: 7481416
Submission: On April 06 via api from US — Scanned from DE
Summary
This is the only time cd97915.tmweb.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco de la República Oriental del Uruguay (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 141.8.193.236 141.8.193.236 | 35278 (SPRINTHOST) (SPRINTHOST) | |
13 | 2a03:6f00:6:1... 2a03:6f00:6:1::517:3284 | 9123 (TIMEWEB-AS) (TIMEWEB-AS) | |
17 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
tmweb.ru
cd97915.tmweb.ru |
234 KB |
4 |
xsph.ru
f0657061.xsph.ru |
49 KB |
17 | 2 |
Domain | Requested by | |
---|---|---|
13 | cd97915.tmweb.ru |
cd97915.tmweb.ru
|
4 | f0657061.xsph.ru |
f0657061.xsph.ru
|
17 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.portal.brou.com.uy |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://cd97915.tmweb.ru/secureconfirm.html
Frame ID: A0EF9554BB651EC468B0395D10E58604
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
eBROU - BROUPage URL History Show full URLs
- http://f0657061.xsph.ru/ Page URL
- http://cd97915.tmweb.ru/secureconfirm.html Page URL
Detected technologies
Ionicons (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+ionicons(?:\.min)?\.css
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Portal BROU
Search URL Search Domain Scan URL
Title: Seguridad
Search URL Search Domain Scan URL
Title: Gestión de Reclamos
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://f0657061.xsph.ru/ Page URL
- http://cd97915.tmweb.ru/secureconfirm.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
f0657061.xsph.ru/ |
806 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
f0657061.xsph.ru/css/ |
533 B 838 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
function.js
f0657061.xsph.ru/js/ |
4 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.6.0.min.js
f0657061.xsph.ru/js/ |
164 KB 46 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
secureconfirm.html
cd97915.tmweb.ru/ |
194 KB 137 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fonts.css
cd97915.tmweb.ru/secureconfirm_files/ |
2 KB 641 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ionicons.css
cd97915.tmweb.ru/secureconfirm_files/ |
59 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.3cc10fbd.chunk.css
cd97915.tmweb.ru/secureconfirm_files/ |
28 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.9d27c490.chunk.css
cd97915.tmweb.ru/secureconfirm_files/ |
527 KB 77 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css
cd97915.tmweb.ru/secureconfirm_files/ |
5 KB 5 KB |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
127 KB 0 |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
selectArrowDown.b3a49a7d.svg
cd97915.tmweb.ru/frontend/static/media/ |
196 B 196 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
GothamBook.woff2
cd97915.tmweb.ru/secureconfirm_files/gotham/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Gotham-Medium.woff2
cd97915.tmweb.ru/secureconfirm_files/gotham/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
GothamBook.woff
cd97915.tmweb.ru/secureconfirm_files/gotham/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Gotham-Medium.woff
cd97915.tmweb.ru/secureconfirm_files/gotham/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
GothamBook.ttf
cd97915.tmweb.ru/secureconfirm_files/gotham/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Gotham-Medium.ttf
cd97915.tmweb.ru/secureconfirm_files/gotham/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco de la República Oriental del Uruguay (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cd97915.tmweb.ru
f0657061.xsph.ru
141.8.193.236
2a03:6f00:6:1::517:3284
073426a4337ab29d7c7b7b7e31f593959740ec5cb7a51c1a409a758182323fcf
08588a48dc554716172416f033d98ad07f92315987fafbd81c17569e352f402f
367cba5c66dcb77e9efdefae321a5fa51b4ed0773b15ebbd7a8ee35b913e75fe
4f5e10f41a06a7caeea83a23bd8596d651f3096e9895f6524a921121cf86e45d
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
92e56b81fed31737958484ada927138d6ae05903737eb05d2e0959bdd42cc223
947e9613bdbb7de0852b7aa5334cd83d6b9274b5d09ce19187c01eb283b3407e
a62245b5e17635833ebc3859e437b225d6df72ab366c9a0971137ea5770d948a
b0dd6eab7eadb378b3d7eab315d95e0dfa4a045c8f08efc1de2a037510e564b7
bc9ea97a30db0b4db9e757c53a9f13b8d7b0e3f3929a208fae8bdaa31e19a5a9
d4d41483cf38b6182b0a495196cfc55821cfd2e3d310861f32bcd2240806f187
f3221be7605ba84f6e973c46c56b0c45ffef7b64caf4c74e43386139230b4778