sudetyrus.surf
Open in
urlscan Pro
162.241.87.185
Malicious Activity!
Public Scan
Submission: On November 02 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 27th 2021. Valid for: 3 months.
This is the only time sudetyrus.surf was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Paxful (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 162.241.87.185 162.241.87.185 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
2 | 2a00:1450:400... 2a00:1450:4001:827::2003 | 15169 (GOOGLE) (GOOGLE) | |
13 | 2 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-87-185.unifiedlayer.com
sudetyrus.surf |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
sudetyrus.surf
sudetyrus.surf |
4 MB |
2 |
gstatic.com
fonts.gstatic.com |
64 KB |
13 | 2 |
Domain | Requested by | |
---|---|---|
11 | sudetyrus.surf |
sudetyrus.surf
|
2 | fonts.gstatic.com |
sudetyrus.surf
|
13 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sudetyrus.surf cPanel, Inc. Certification Authority |
2021-10-27 - 2022-01-25 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-10-04 - 2021-12-27 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://sudetyrus.surf/main/mega/login.php?l=secure
Frame ID: 16D686718992800D9FC110154511B7C3
Requests: 13 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
sudetyrus.surf/main/mega/ |
20 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendors.chunk.css
sudetyrus.surf/main/mega/fege/ |
38 KB 38 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.af63dc631e61fb87f6de.css
sudetyrus.surf/main/mega/fege/ |
4 MB 4 MB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css
sudetyrus.surf/main/mega/fege/ |
13 KB 13 KB |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.js.download
sudetyrus.surf/main/mega/fege/ |
157 KB 157 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gettype.php
sudetyrus.surf/main/mega/fege/ |
515 B 722 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fullpage.9.0.7.js.download
sudetyrus.surf/main/mega/fege/ |
313 KB 313 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
get.php
sudetyrus.surf/main/mega/fege/ |
117 B 323 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style_https.1.5.8.css
sudetyrus.surf/main/mega/fege/ |
40 KB 40 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
https-label-91194ad43fc85d71e34a467282e95f23.webp
sudetyrus.surf/main/mega/fege/ |
1 KB 1 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v26/ |
44 KB 44 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ |
20 KB 20 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
file.png
sudetyrus.surf/main/mega/fege/ |
25 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Paxful (Crypto Exchange)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| SENTRY_RELEASE object| __SENTRY__ function| __AdaEmbedConstructor undefined| pure function| Geetest0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.gstatic.com
sudetyrus.surf
162.241.87.185
2a00:1450:4001:827::2003
134f21ebaee6bd53399c56a6db3b8e30b767e8d6e0f4af10a18c71b48a395526
1550ad0c9eccbed709f8652cda3509af300e42e93bf1dd0fd6f09433e392db22
1c68d6e7f449ced5d6b14207b0ed8c3bb0c55c5350e99dc72185304a46aae371
3d75f07572545f82ad2d9d0aa21d427d97d26a79453a2a28209b03250a2736da
48e271f720233e74b9f16f1a6aa46730aeb6884df8d15fcb0abcd2b472d7e4b6
538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd
65b3a46be7aa4a03027d2c5cb109a5316bb1d149d2c850b90d68d993a93d7a75
7d060e3c8a16ee2f9262fe1e8a436d464d550e4e8b2caf95719f271f3e9610f9
8ba195fffe0097e44a5dd29c35c092f10039e126cc9c4113330e8bf690c2461e
9f85870dd352c77d79b65b00827f4876cb1d5c8b5227376a56f474f409057396
c370c516ab3d4461094bbcbd3734a8e70dc8e2c6e3390a5515955796a9319a9b
dc4c16d1855a221cee1dba0a0e13ca39177e61a4446a3ba4ebfb0965094f5830
ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60