d7a73efee2a74f.lhr.life

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 52.2.74.74, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is d7a73efee2a74f.lhr.life.

This is the only time d7a73efee2a74f.lhr.life was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: State Bank of India (Banking)

Domain & IP information

	IP Address		AS Autonomous System
7	52.2.74.74 52.2.74.74		14618 (AMAZON-AES) (AMAZON-AES)
7	1

7 52.2.74.74 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-2-74-74.compute-1.amazonaws.com

d7a73efee2a74f.lhr.life	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	lhr.life d7a73efee2a74f.lhr.life	392 KB
7	1

	Domain	Requested by
7	d7a73efee2a74f.lhr.life	d7a73efee2a74f.lhr.life
7	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://d7a73efee2a74f.lhr.life/main.php
Frame ID: BDAF686D6AE1CF48B9E96332F01C8D24
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

7
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

392 kB
Transfer

390 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request main.php Show response d7a73efee2a74f.lhr.life/	2 KB 3 KB	1340ms 1241ms	Document text/html	52.2.74.74 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://d7a73efee2a74f.lhr.life/main.php Protocol HTTP/1.1 Server 52.2.74.74 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-2-74-74.compute-1.amazonaws.com Software Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27 / PHP/7.4.27 Resource Hash `df8beda9def2f536645a1ca031f624a95704ca27f3aae988e61dd90a16f72b6e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Thu, 06 Jan 2022 15:26:40 GMT Server Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27 X-Powered-By PHP/7.4.27 Content-Length 2355 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	img1.jpg d7a73efee2a74f.lhr.life/img/	88 KB 88 KB	1044ms 1044ms	Image image/jpeg	52.2.74.74 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL http://d7a73efee2a74f.lhr.life/img/img1.jpg Requested by Host: d7a73efee2a74f.lhr.life URL: http://d7a73efee2a74f.lhr.life/main.php Protocol HTTP/1.1 Server 52.2.74.74 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-2-74-74.compute-1.amazonaws.com Software Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27 / Resource Hash `0932703447eb6025f88bbaa01f1fbd00de0adbbf0df851136d07d2bf76d201c7` Request headers Accept-Language de-DE,de;q=0.9 Referer http://d7a73efee2a74f.lhr.life/main.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Thu, 06 Jan 2022 15:26:41 GMT Last-Modified Tue, 09 Nov 2021 12:16:14 GMT Server Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27 ETag "15ed0-5d05a13603812" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 89808
GET H/1.1	200 OK	img3.jpg d7a73efee2a74f.lhr.life/img/	98 KB 98 KB	1540ms 1442ms	Image image/jpeg	52.2.74.74 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL http://d7a73efee2a74f.lhr.life/img/img3.jpg Requested by Host: d7a73efee2a74f.lhr.life URL: http://d7a73efee2a74f.lhr.life/main.php Protocol HTTP/1.1 Server 52.2.74.74 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-2-74-74.compute-1.amazonaws.com Software Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27 / Resource Hash `d48845e7edc65cce6bc4d6b0439e28f61e3cb73a70400e8f66988053583585f6` Request headers Accept-Language de-DE,de;q=0.9 Referer http://d7a73efee2a74f.lhr.life/main.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Thu, 06 Jan 2022 15:26:41 GMT Last-Modified Sat, 06 Nov 2021 07:46:51 GMT Server Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27 ETag "188c3-5d019f677ba99" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 100547
GET H/1.1	200 OK	pk.jpg d7a73efee2a74f.lhr.life/img/	101 KB 101 KB	1785ms 1687ms	Image image/jpeg	52.2.74.74 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL http://d7a73efee2a74f.lhr.life/img/pk.jpg Requested by Host: d7a73efee2a74f.lhr.life URL: http://d7a73efee2a74f.lhr.life/main.php Protocol HTTP/1.1 Server 52.2.74.74 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-2-74-74.compute-1.amazonaws.com Software Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27 / Resource Hash `d4692614f6388d481d6cc5b3b71791f748f831b6f48178fd91b5a3372903dcc6` Request headers Accept-Language de-DE,de;q=0.9 Referer http://d7a73efee2a74f.lhr.life/main.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Thu, 06 Jan 2022 15:26:41 GMT Last-Modified Sat, 06 Nov 2021 07:55:24 GMT Server Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27 ETag "19424-5d01a150b5628" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 103460
GET H/1.1	200 OK	ml.jpg d7a73efee2a74f.lhr.life/img/	46 KB 46 KB	2274ms 2177ms	Image image/jpeg	52.2.74.74 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL http://d7a73efee2a74f.lhr.life/img/ml.jpg Requested by Host: d7a73efee2a74f.lhr.life URL: http://d7a73efee2a74f.lhr.life/main.php Protocol HTTP/1.1 Server 52.2.74.74 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-2-74-74.compute-1.amazonaws.com Software Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27 / Resource Hash `9a68b0f1c4978a4bc3b243f5e3b7ed0d5dc3dc7c4ac82d92d57772149fdc608c` Request headers Accept-Language de-DE,de;q=0.9 Referer http://d7a73efee2a74f.lhr.life/main.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Thu, 06 Jan 2022 15:26:41 GMT Last-Modified Sat, 06 Nov 2021 07:57:06 GMT Server Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27 ETag "b7d9-5d01a1b1b2b0f" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 47065
GET H/1.1	200 OK	cl.jpg d7a73efee2a74f.lhr.life/img/	32 KB 33 KB	2033ms 1935ms	Image image/jpeg	52.2.74.74 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL http://d7a73efee2a74f.lhr.life/img/cl.jpg Requested by Host: d7a73efee2a74f.lhr.life URL: http://d7a73efee2a74f.lhr.life/main.php Protocol HTTP/1.1 Server 52.2.74.74 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-2-74-74.compute-1.amazonaws.com Software Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27 / Resource Hash `f6eca53848ef28eaa281e14419e79fef9afd1f14f44e9f593605e26657326732` Request headers Accept-Language de-DE,de;q=0.9 Referer http://d7a73efee2a74f.lhr.life/main.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Thu, 06 Jan 2022 15:26:41 GMT Last-Modified Sat, 06 Nov 2021 07:58:41 GMT Server Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27 ETag "80ef-5d01a20d2381d" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 33007
GET H/1.1	200 OK	fot.jpg d7a73efee2a74f.lhr.life/img/	22 KB 22 KB	2521ms 2423ms	Image image/jpeg	52.2.74.74 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL http://d7a73efee2a74f.lhr.life/img/fot.jpg Requested by Host: d7a73efee2a74f.lhr.life URL: http://d7a73efee2a74f.lhr.life/main.php Protocol HTTP/1.1 Server 52.2.74.74 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-2-74-74.compute-1.amazonaws.com Software Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27 / Resource Hash `603103917c3ba5e65cec37110b9232932130603fbee9388e489de7ffe351cf21` Request headers Accept-Language de-DE,de;q=0.9 Referer http://d7a73efee2a74f.lhr.life/main.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Thu, 06 Jan 2022 15:26:41 GMT Last-Modified Fri, 16 Apr 2021 16:12:22 GMT Server Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27 ETag "586f-5c0193eb02580" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 22639

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: State Bank of India (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onsecuritypolicyviolation object| onslotchange

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d7a73efee2a74f.lhr.life
52.2.74.74
0932703447eb6025f88bbaa01f1fbd00de0adbbf0df851136d07d2bf76d201c7
603103917c3ba5e65cec37110b9232932130603fbee9388e489de7ffe351cf21
9a68b0f1c4978a4bc3b243f5e3b7ed0d5dc3dc7c4ac82d92d57772149fdc608c
d4692614f6388d481d6cc5b3b71791f748f831b6f48178fd91b5a3372903dcc6
d48845e7edc65cce6bc4d6b0439e28f61e3cb73a70400e8f66988053583585f6
df8beda9def2f536645a1ca031f624a95704ca27f3aae988e61dd90a16f72b6e
f6eca53848ef28eaa281e14419e79fef9afd1f14f44e9f593605e26657326732

d7a73efee2a74f.lhr.life Open in urlscan Pro 52.2.74.74 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

7 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

392 kBTransfer

390 kBSize

0 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

d7a73efee2a74f.lhr.life Open in urlscan Pro
52.2.74.74 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

392 kB
Transfer

390 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!