mylegacytrace.com - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 178.17.170.136, located in Chisinau, Moldova and belongs to TRABIA, MD. The main domain is mylegacytrace.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 24th 2020. Valid for: 3 months.

This is the only time mylegacytrace.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

	IP Address		AS Autonomous System
5	178.17.170.136 178.17.170.136		43289 (TRABIA) (TRABIA)
5	1

5 178.17.170.136 (Chisinau, Moldova)

ASN43289 (TRABIA, MD)
PTR: mos.code2.prayingandrunning.com

mylegacytrace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	mylegacytrace.com mylegacytrace.com	37 KB
5	1

	Domain	Requested by
5	mylegacytrace.com	mylegacytrace.com
5	1

This site contains links to these domains. Also see Links.

Domain
www.sparebank1.no

Subject Issuer	Validity	Valid
www.mylegacytrace.com Let's Encrypt Authority X3	`2020-08-24` - `2020-11-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/Nets.html
Frame ID: 36B05AEB39EEF897D5A1DCBE88BF4A8F
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

37 kB
Transfer

35 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.sparebank1.no/nb/bank/privat/innlogging.html
Title: Hjelp

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Nets.html Show response mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/	4 KB 4 KB	199ms 59ms	Document text/html	178.17.170.136 TRABIA
General Check archive.org Show headers Download Go to Full URL https://mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/Nets.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.17.170.136 Chisinau, Moldova, ASN43289 (TRABIA, MD), Reverse DNS mos.code2.prayingandrunning.com Software Apache / Resource Hash `16661d6259ebe8148e1a65426a10ac4c57f5e31406a4c93183e0c98c8681f95f` Request headers Host mylegacytrace.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 26 Aug 2020 03:38:02 GMT Server Apache Last-Modified Tue, 25 Aug 2020 15:12:04 GMT Accept-Ranges bytes Content-Length 4273 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	screen.css mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/Nfiles/	3 KB 3 KB	60ms 59ms	Stylesheet text/css	178.17.170.136 TRABIA
General Check archive.org Show headers Download Go to Full URL https://mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/Nfiles/screen.css Requested by Host: mylegacytrace.com URL: https://mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/Nets.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.17.170.136 Chisinau, Moldova, ASN43289 (TRABIA, MD), Reverse DNS mos.code2.prayingandrunning.com Software Apache / Resource Hash `4240658116347f70eea6163be279c9c3680dd81cb5f06275bd6a733dab1a91fc` Request headers Referer https://mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/Nets.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 26 Aug 2020 03:38:02 GMT Last-Modified Tue, 25 Aug 2020 15:12:04 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 3092
GET H/1.1	200 OK	commons.js.download Show response mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/Nfiles/	1 KB 1 KB	119ms 59ms	Script application/javascript	178.17.170.136 TRABIA
General Check archive.org Show headers Download Go to Full URL https://mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/Nfiles/commons.js.download Requested by Host: mylegacytrace.com URL: https://mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/Nets.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.17.170.136 Chisinau, Moldova, ASN43289 (TRABIA, MD), Reverse DNS mos.code2.prayingandrunning.com Software Apache / Resource Hash `2da2729846948ccfd97ed924936cdc406a1037b4af9bf77d98027c1576d8f8cd` Request headers Referer https://mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/Nets.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 26 Aug 2020 03:38:03 GMT Last-Modified Tue, 25 Aug 2020 15:12:04 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1202
GET H/1.1	200 OK	visa-mastercard.gif mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/Nfiles/	16 KB 16 KB	116ms 59ms	Image image/gif	178.17.170.136 TRABIA
General Check archive.org Show headers Download Go to Show image Full URL https://mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/Nfiles/visa-mastercard.gif Requested by Host: mylegacytrace.com URL: https://mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/Nets.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.17.170.136 Chisinau, Moldova, ASN43289 (TRABIA, MD), Reverse DNS mos.code2.prayingandrunning.com Software Apache / Resource Hash `03b60bdf8d51111dd68222fda3d4b0debbaa0b05d5735a9d7c6b577fbea5d8ca` Request headers Referer https://mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/Nets.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 26 Aug 2020 03:38:03 GMT Last-Modified Tue, 25 Aug 2020 15:12:04 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 16108
GET H/1.1	200 OK	Spare8ank_1_logo.svg mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/Nfiles/	11 KB 12 KB	59ms 59ms	Image image/svg+xml	178.17.170.136 TRABIA
General Check archive.org Show headers Download Go to Show image Full URL https://mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/Nfiles/Spare8ank_1_logo.svg Requested by Host: mylegacytrace.com URL: https://mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/Nets.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.17.170.136 Chisinau, Moldova, ASN43289 (TRABIA, MD), Reverse DNS mos.code2.prayingandrunning.com Software Apache / Resource Hash `80e731fa1dcd9c77006521a1759e514277a9a5a880a85c74fabb1611c232c14e` Request headers Referer https://mylegacytrace.com/Spare1-norge/Sms/IDLog-on/e0b0281ff9d0de7c1e8df97801b2b431/engangskode/Nets.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 26 Aug 2020 03:38:03 GMT Last-Modified Tue, 25 Aug 2020 15:12:04 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 11654

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mylegacytrace.com
178.17.170.136
03b60bdf8d51111dd68222fda3d4b0debbaa0b05d5735a9d7c6b577fbea5d8ca
16661d6259ebe8148e1a65426a10ac4c57f5e31406a4c93183e0c98c8681f95f
2da2729846948ccfd97ed924936cdc406a1037b4af9bf77d98027c1576d8f8cd
4240658116347f70eea6163be279c9c3680dd81cb5f06275bd6a733dab1a91fc
80e731fa1dcd9c77006521a1759e514277a9a5a880a85c74fabb1611c232c14e

mylegacytrace.com Open in urlscan Pro 178.17.170.136 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

37 kBTransfer

35 kBSize

0 Cookies

1 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

mylegacytrace.com Open in urlscan Pro
178.17.170.136 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

37 kB
Transfer

35 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!