confirmation-clients.net Open in urlscan Pro
179.43.187.65  Malicious Activity! Public Scan

URL: https://confirmation-clients.net/
Submission: On May 02 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 179.43.187.65, located in Zurich, Switzerland and belongs to PLI-AS, PA. The main domain is confirmation-clients.net.
TLS certificate: Issued by R3 on May 2nd 2022. Valid for: 3 months.
This is the only time confirmation-clients.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Airbnb (Hospitality)

Domain & IP information

IP Address AS Autonomous System
9 179.43.187.65 51852 (PLI-AS)
9 1
Apex Domain
Subdomains
Transfer
9 confirmation-clients.net
confirmation-clients.net
128 KB
9 1
Domain Requested by
9 confirmation-clients.net confirmation-clients.net
9 1
Subject Issuer Validity Valid
confirmation-clients.net
R3
2022-05-02 -
2022-07-31
3 months crt.sh

This page contains 1 frames:

Primary Page: https://confirmation-clients.net/
Frame ID: 3EAA9C9F22B9B1C2DA729C495174BCAA
Requests: 9 HTTP requests in this frame

Screenshot

Page Title

Information Facturation

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

128 kB
Transfer

389 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
confirmation-clients.net/
53 KB
8 KB
Document
General
Full URL
https://confirmation-clients.net/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.43.187.65 Zurich, Switzerland, ASN51852 (PLI-AS, PA),
Reverse DNS
Software
nginx / PHP/8.0.18 PleskLin
Resource Hash
bbc096614bbd8fe6e2d344a06b04b9bbf90b38130ec27c595e285a37194d27de

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 02 May 2022 17:08:43 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
x-powered-by
PHP/8.0.18 PleskLin
jquery-1.11.3.min.js
confirmation-clients.net/js/
85 KB
29 KB
Script
General
Full URL
https://confirmation-clients.net/js/jquery-1.11.3.min.js
Requested by
Host: confirmation-clients.net
URL: https://confirmation-clients.net/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.43.187.65 Zurich, Switzerland, ASN51852 (PLI-AS, PA),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://confirmation-clients.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 17:08:43 GMT
content-encoding
br
etag
W/"621f720d-15392"
last-modified
Wed, 02 Mar 2022 13:33:01 GMT
server
nginx
x-powered-by
PleskLin
content-type
application/javascript
fontair.css
confirmation-clients.net/css/
8 KB
2 KB
Stylesheet
General
Full URL
https://confirmation-clients.net/css/fontair.css
Requested by
Host: confirmation-clients.net
URL: https://confirmation-clients.net/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.43.187.65 Zurich, Switzerland, ASN51852 (PLI-AS, PA),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
44440dd4c0ad4aafccfc023e4c5336177c27db0f556f1e7f4a816fe8fffcfdba

Request headers

Referer
https://confirmation-clients.net/
Origin
https://confirmation-clients.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 17:08:43 GMT
content-encoding
br
etag
W/"624e32de-21e9"
last-modified
Thu, 07 Apr 2022 00:39:58 GMT
server
nginx
x-powered-by
PleskLin
content-type
text/css
1.css
confirmation-clients.net/css/
92 KB
10 KB
Stylesheet
General
Full URL
https://confirmation-clients.net/css/1.css
Requested by
Host: confirmation-clients.net
URL: https://confirmation-clients.net/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.43.187.65 Zurich, Switzerland, ASN51852 (PLI-AS, PA),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
8762cffec2504703067e6a7077ecdfe9c9429866a83419fc5ed051fa8cf915cc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://confirmation-clients.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 17:08:43 GMT
content-encoding
br
etag
W/"624e144b-16fc0"
last-modified
Wed, 06 Apr 2022 22:29:31 GMT
server
nginx
x-powered-by
PleskLin
content-type
text/css
2.css
confirmation-clients.net/css/
80 KB
9 KB
Stylesheet
General
Full URL
https://confirmation-clients.net/css/2.css
Requested by
Host: confirmation-clients.net
URL: https://confirmation-clients.net/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.43.187.65 Zurich, Switzerland, ASN51852 (PLI-AS, PA),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
e17256bd1b2520dfc436ab42b0e24e7091165919ab9b095f00ec9e7f2451b869

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://confirmation-clients.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 17:08:43 GMT
content-encoding
br
etag
W/"624e144b-140ba"
last-modified
Wed, 06 Apr 2022 22:29:31 GMT
server
nginx
x-powered-by
PleskLin
content-type
text/css
IXEOMQ8
confirmation-clients.net/s0Aa/egFn/nJ/FIo6/QW9A/5uEXSpQNp9ri/dyIVCmg/dmMl/
0
0
Script
General
Full URL
https://confirmation-clients.net/s0Aa/egFn/nJ/FIo6/QW9A/5uEXSpQNp9ri/dyIVCmg/dmMl/IXEOMQ8
Requested by
Host: confirmation-clients.net
URL: https://confirmation-clients.net/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.43.187.65 Zurich, Switzerland, ASN51852 (PLI-AS, PA),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://confirmation-clients.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 17:08:43 GMT
content-encoding
br
last-modified
Mon, 02 May 2022 17:04:38 GMT
server
nginx
etag
W/"328-5de0a63298191"
content-type
text/html
Airbnb_Cereal-Medium-50fc004b3082375f12ff0cfb67bf8e56.woff2
confirmation-clients.net/css/
24 KB
24 KB
Font
General
Full URL
https://confirmation-clients.net/css/Airbnb_Cereal-Medium-50fc004b3082375f12ff0cfb67bf8e56.woff2
Requested by
Host: confirmation-clients.net
URL: https://confirmation-clients.net/css/fontair.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.43.187.65 Zurich, Switzerland, ASN51852 (PLI-AS, PA),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
b06428a4009f63f0edb5c8cf89ffb84ea978a2b559cc4c14c8e7a0e130ceefc4

Request headers

Referer
https://confirmation-clients.net/css/fontair.css
Origin
https://confirmation-clients.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 17:08:44 GMT
last-modified
Thu, 07 Apr 2022 00:39:56 GMT
server
nginx
x-powered-by
PleskLin
etag
"624e32dc-5e08"
content-type
font/woff2
accept-ranges
bytes
content-length
24072
Airbnb_Cereal-Book-9a1c9cca9bb3d65fefa2aa487617805e.woff2
confirmation-clients.net/css/
24 KB
24 KB
Font
General
Full URL
https://confirmation-clients.net/css/Airbnb_Cereal-Book-9a1c9cca9bb3d65fefa2aa487617805e.woff2
Requested by
Host: confirmation-clients.net
URL: https://confirmation-clients.net/css/fontair.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.43.187.65 Zurich, Switzerland, ASN51852 (PLI-AS, PA),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
b11f01105c8b416bc49025877708638fc1955dc31d2a3fa7904d4e0b0f4ac4b4

Request headers

Referer
https://confirmation-clients.net/css/fontair.css
Origin
https://confirmation-clients.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 17:08:44 GMT
last-modified
Thu, 07 Apr 2022 00:40:00 GMT
server
nginx
x-powered-by
PleskLin
etag
"624e32e0-5ef0"
content-type
font/woff2
accept-ranges
bytes
content-length
24304
Airbnb_Cereal-Bold-bdfb98485e7836ba31b456f65cded088.woff2
confirmation-clients.net/css/
23 KB
23 KB
Font
General
Full URL
https://confirmation-clients.net/css/Airbnb_Cereal-Bold-bdfb98485e7836ba31b456f65cded088.woff2
Requested by
Host: confirmation-clients.net
URL: https://confirmation-clients.net/css/fontair.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.43.187.65 Zurich, Switzerland, ASN51852 (PLI-AS, PA),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
b848d7113c5d21f463bd7b248115b78ae386d1628459bfcdb154f82f083bfc97

Request headers

Referer
https://confirmation-clients.net/css/fontair.css
Origin
https://confirmation-clients.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 17:08:44 GMT
last-modified
Thu, 07 Apr 2022 00:39:59 GMT
server
nginx
x-powered-by
PleskLin
etag
"624e32df-5d48"
content-type
font/woff2
accept-ranges
bytes
content-length
23880

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Airbnb (Hospitality)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| $ function| jQuery

1 Cookies

Domain/Path Name / Value
confirmation-clients.net/ Name: PHPSESSID
Value: epgdj8jve9j1m1mr2bcj7a8qfj

1 Console Messages

Source Level URL
Text
network error URL: https://confirmation-clients.net/s0Aa/egFn/nJ/FIo6/QW9A/5uEXSpQNp9ri/dyIVCmg/dmMl/IXEOMQ8
Message:
Failed to load resource: the server responded with a status of 404 ()