zurearia.ru.com - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 3 HTTP transactions. The main IP is 185.221.216.111, located in London, United Kingdom and belongs to HOST4GEEKS-LLC, US. The main domain is zurearia.ru.com.
TLS certificate: Issued by R3 on December 4th 2023. Valid for: 3 months.

This is the only time zurearia.ru.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: OneDrive (Online) Sharepoint (Online) Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	185.221.216.115 185.221.216.115	393960 (HOST4GEEK...) (HOST4GEEKS-LLC)
1 4	185.221.216.111 185.221.216.111	393960 (HOST4GEEK...) (HOST4GEEKS-LLC)
3	1

1 185.221.216.115 (London, United Kingdom) 1 redirects

ASN393960 (HOST4GEEKS-LLC, US)
PTR: sokhanedoost.com

8galguesca.ru.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.221.216.111 (London, United Kingdom) 1 redirects

ASN393960 (HOST4GEEKS-LLC, US)
PTR: ironprize.net

zurearia.ru.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	ru.com 2 redirects 8galguesca.ru.com zurearia.ru.com	51 KB
3	1

	Domain	Requested by
4	zurearia.ru.com	1 redirects zurearia.ru.com
1	8galguesca.ru.com	1 redirects
3	2

This site contains no links.

Subject Issuer	Validity	Valid
zurearia.ru.com R3	`2023-12-04` - `2024-03-03`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://zurearia.ru.com/officedrive/locked.php?G_ENABLED_IDPS=6512bd43d9caa6e02c990b0a82652dca==&_ID_autocomplete_=sewamazuzuva&APISID=huceyodojozozifuve&_jxs=pigujuhetuwaze&dt_intl=temadexukihejebejuye&share=
Frame ID: AAA4CCAB5B4EF411B134BC42730A6602
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sharing Link Validation

Page URL History Show full URLs

https://8galguesca.ru.com/index1.php HTTP 302
https://zurearia.ru.com/officedrive/ HTTP 302
https://zurearia.ru.com/officedrive/locked.php?G_ENABLED_IDPS=6512bd43d9caa6e02c990b0a82652dca==&_ID... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

50 kB
Transfer

49 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://8galguesca.ru.com/index1.php HTTP 302
https://zurearia.ru.com/officedrive/ HTTP 302
https://zurearia.ru.com/officedrive/locked.php?G_ENABLED_IDPS=6512bd43d9caa6e02c990b0a82652dca==&_ID_autocomplete_=sewamazuzuva&APISID=huceyodojozozifuve&_jxs=pigujuhetuwaze&dt_intl=temadexukihejebejuye&share= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request locked.php Show response zurearia.ru.com/officedrive/ Redirect Chain https://8galguesca.ru.com/index1.php https://zurearia.ru.com/officedrive/ https://zurearia.ru.com/officedrive/locked.php?G_ENABLED_IDPS=6512bd43d9caa6e02c990b0a82652dca==&_ID_autocomplete_=sewamazuzuva&APISID=huceyodojozozifuve&_jxs=pigujuhetuwaze&dt_intl=temadexukihejeb...	45 KB 45 KB	137ms 122ms	Document text/html	185.221.216.111 HOST4GEEKS-LLC
General Check archive.org Show headers Download Go to Full URL https://zurearia.ru.com/officedrive/locked.php?G_ENABLED_IDPS=6512bd43d9caa6e02c990b0a82652dca==&_ID_autocomplete_=sewamazuzuva&APISID=huceyodojozozifuve&_jxs=pigujuhetuwaze&dt_intl=temadexukihejebejuye&share= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.221.216.111 London, United Kingdom, ASN393960 (HOST4GEEKS-LLC, US), Reverse DNS ironprize.net Software Apache / Resource Hash `de0b9291468b9f6b9f4216b58e131bdb1e2d9f906e021500fd82f94b29056602` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Tue, 05 Dec 2023 13:20:36 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=99 Pragma no-cache Server Apache Transfer-Encoding chunked Redirect headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Tue, 05 Dec 2023 13:20:36 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Location locked.php?G_ENABLED_IDPS=6512bd43d9caa6e02c990b0a82652dca==&_ID_autocomplete_=sewamazuzuva&APISID=huceyodojozozifuve&_jxs=pigujuhetuwaze&dt_intl=temadexukihejebejuye&share= Pragma no-cache Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	microsoft-logo.png zurearia.ru.com/officedrive/assets/images/	3 KB 3 KB	62ms 62ms	Image image/png	185.221.216.111 HOST4GEEKS-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://zurearia.ru.com/officedrive/assets/images/microsoft-logo.png Requested by Host: zurearia.ru.com URL: https://zurearia.ru.com/officedrive/locked.php?G_ENABLED_IDPS=6512bd43d9caa6e02c990b0a82652dca==&_ID_autocomplete_=sewamazuzuva&APISID=huceyodojozozifuve&_jxs=pigujuhetuwaze&dt_intl=temadexukihejebejuye&share= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.221.216.111 London, United Kingdom, ASN393960 (HOST4GEEKS-LLC, US), Reverse DNS ironprize.net Software Apache / Resource Hash `825de044d5ac6442a094ff95099f9f67e9249a8110a2fbd57128285776632adb` Request headers accept-language fr-FR,fr;q=0.9 Referer https://zurearia.ru.com/officedrive/locked.php?G_ENABLED_IDPS=6512bd43d9caa6e02c990b0a82652dca==&_ID_autocomplete_=sewamazuzuva&APISID=huceyodojozozifuve&_jxs=pigujuhetuwaze&dt_intl=temadexukihejebejuye&share= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Tue, 05 Dec 2023 13:20:37 GMT Last-Modified Mon, 06 Jan 2020 10:26:04 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 3331
GET H/1.1	200 OK	xls.png zurearia.ru.com/officedrive/assets/images/	610 B 852 B	48ms 48ms	Image image/png	185.221.216.111 HOST4GEEKS-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://zurearia.ru.com/officedrive/assets/images/xls.png Requested by Host: zurearia.ru.com URL: https://zurearia.ru.com/officedrive/locked.php?G_ENABLED_IDPS=6512bd43d9caa6e02c990b0a82652dca==&_ID_autocomplete_=sewamazuzuva&APISID=huceyodojozozifuve&_jxs=pigujuhetuwaze&dt_intl=temadexukihejebejuye&share= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.221.216.111 London, United Kingdom, ASN393960 (HOST4GEEKS-LLC, US), Reverse DNS ironprize.net Software Apache / Resource Hash `687e84b08da5544f8b05cb4c4cc9941d9b36461c594f9805382d18030710c371` Request headers accept-language fr-FR,fr;q=0.9 Referer https://zurearia.ru.com/officedrive/locked.php?G_ENABLED_IDPS=6512bd43d9caa6e02c990b0a82652dca==&_ID_autocomplete_=sewamazuzuva&APISID=huceyodojozozifuve&_jxs=pigujuhetuwaze&dt_intl=temadexukihejebejuye&share= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Tue, 05 Dec 2023 13:20:37 GMT Last-Modified Mon, 06 Jan 2020 10:26:04 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 610

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OneDrive (Online) Sharepoint (Online) Microsoft (Consumer)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| ed52272 string| k

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			zurearia.ru.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 086087116206aa201068c2a540b3379a
			zurearia.ru.com/	1970-01-20 17:26:14	Name: loop Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8galguesca.ru.com
zurearia.ru.com
185.221.216.111
185.221.216.115
687e84b08da5544f8b05cb4c4cc9941d9b36461c594f9805382d18030710c371
825de044d5ac6442a094ff95099f9f67e9249a8110a2fbd57128285776632adb
de0b9291468b9f6b9f4216b58e131bdb1e2d9f906e021500fd82f94b29056602

zurearia.ru.com Open in urlscan Pro 185.221.216.111 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

3 Requests

100 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

1 IPs

1 Countries

50 kBTransfer

49 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

2 Cookies

Indicators

zurearia.ru.com Open in urlscan Pro
185.221.216.111 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

50 kB
Transfer

49 kB
Size

2
Cookies

3 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!