900seos.ru.com Open in urlscan Pro
91.209.70.247 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://900seos.ru.com/
Submission: On July 12 via automatic, source phishtank (July 12th 2023, 7:42:32 pm UTC) — Scanned from DE

Summary HTTP 9 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 91.209.70.247, located in Belize and belongs to VEESP-AS, LV. The main domain is 900seos.ru.com.

This is the only time 900seos.ru.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNP Paribas (Banking)

Domain & IP information

	IP Address		AS Autonomous System
9	91.209.70.247 91.209.70.247		43317 (VEESP-AS) (VEESP-AS)
9	1

9 91.209.70.247 (Belize)

ASN43317 (VEESP-AS, LV)

900seos.ru.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	ru.com 900seos.ru.com	633 KB
9	1

	Domain	Requested by
9	900seos.ru.com	900seos.ru.com
9	1

This site contains links to these domains. Also see Links.

Domain
banking.bnl.it
bnl.it

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://900seos.ru.com/
Frame ID: 2AE115CD3DCB69D9484EB594D3D0DC82
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Page Statistics

9
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

633 kB
Transfer

631 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://banking.bnl.it/rsc/SupportingFiles/numero-cliente.gif
Title: Dove trovi il tuo numero Cliente

Search URL Search Domain Scan URL

URL: https://banking.bnl.it/rsc/SupportingFiles/pin.gif
Title: Dove trovi il PIN

Search URL Search Domain Scan URL

URL: https://banking.bnl.it/pubblica/RecuperoNumeroCliente
Title: Recupera Online il Numero Cliente

Search URL Search Domain Scan URL

URL: https://bnl.it/it/Individui-e-Famiglie/Internet-e-Mobile/Navigare-in-sicurezza
Title: Proteggiti dai virus e dalle frodi online

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response 900seos.ru.com/	12 KB 12 KB	242ms 143ms	Document text/html	91.209.70.247 VEESP-AS
General Check archive.org Show headers Download Go to Full URL http://900seos.ru.com/ Protocol HTTP/1.1 Server 91.209.70.247 , Belize, ASN43317 (VEESP-AS, LV), Reverse DNS Software Apache / Resource Hash `161287fcdd46249457a9bf76572fb763527cbcd81df89ab0bafeac3786467ecb` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Wed, 12 Jul 2023 19:42:26 GMT Keep-Alive timeout=5, max=100 Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	hb-login.css 900seos.ru.com/Login_files/	7 KB 8 KB	84ms 47ms	Stylesheet text/css	91.209.70.247 VEESP-AS
General Check archive.org Show headers Download Go to Full URL http://900seos.ru.com/Login_files/hb-login.css Requested by Host: 900seos.ru.com URL: http://900seos.ru.com/ Protocol HTTP/1.1 Server 91.209.70.247 , Belize, ASN43317 (VEESP-AS, LV), Reverse DNS Software Apache / Resource Hash `af24ef4420217bda0c18c7e44c0037cc8bad16c8148ae77689974502d6cfff7d` Request headers accept-language de-DE,de;q=0.9 Referer http://900seos.ru.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Wed, 12 Jul 2023 19:42:26 GMT Last-Modified Tue, 12 Apr 2022 21:46:20 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 7655
GET H/1.1	200 OK	clientlib-redational-page-login.min.css 900seos.ru.com/Login_files/	423 KB 423 KB	90ms 46ms	Stylesheet text/css	91.209.70.247 VEESP-AS
General Check archive.org Show headers Download Go to Full URL http://900seos.ru.com/Login_files/clientlib-redational-page-login.min.css Requested by Host: 900seos.ru.com URL: http://900seos.ru.com/ Protocol HTTP/1.1 Server 91.209.70.247 , Belize, ASN43317 (VEESP-AS, LV), Reverse DNS Software Apache / Resource Hash `9bbcce28a99d5b02e2eb077eb0d7db919f3f4f8b7b8aa96f665fff4181ad6903` Request headers accept-language de-DE,de;q=0.9 Referer http://900seos.ru.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Wed, 12 Jul 2023 19:42:26 GMT Last-Modified Tue, 01 Mar 2022 13:40:34 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 433378
GET H/1.1	200 OK	logo.png 900seos.ru.com/	7 KB 7 KB	97ms 50ms	Image image/png	91.209.70.247 VEESP-AS
General Check archive.org Show headers Download Go to Show image Full URL http://900seos.ru.com/logo.png Requested by Host: 900seos.ru.com URL: http://900seos.ru.com/ Protocol HTTP/1.1 Server 91.209.70.247 , Belize, ASN43317 (VEESP-AS, LV), Reverse DNS Software Apache / Resource Hash `99543d933ae6c6b53aa79a42deb665f785cba48b798e0420ae34e835a588f018` Request headers accept-language de-DE,de;q=0.9 Referer http://900seos.ru.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Wed, 12 Jul 2023 19:42:26 GMT Last-Modified Tue, 01 Mar 2022 12:52:02 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 7254
GET H/1.1	200 OK	alert2.png 900seos.ru.com/Login_files/	20 KB 20 KB	100ms 53ms	Image image/png	91.209.70.247 VEESP-AS
General Check archive.org Show headers Download Go to Show image Full URL http://900seos.ru.com/Login_files/alert2.png Requested by Host: 900seos.ru.com URL: http://900seos.ru.com/ Protocol HTTP/1.1 Server 91.209.70.247 , Belize, ASN43317 (VEESP-AS, LV), Reverse DNS Software Apache / Resource Hash `e4d615de09a41c8c2d8d395a3ab156ce9520a9fc96c23b1780bb2adab4292b67` Request headers accept-language de-DE,de;q=0.9 Referer http://900seos.ru.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Wed, 12 Jul 2023 19:42:26 GMT Last-Modified Thu, 15 Apr 2021 01:13:34 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 20545
GET H/1.1	200 OK	login-button.png 900seos.ru.com/css/gfx/	975 B 1 KB	45ms 45ms	Image image/png	91.209.70.247 VEESP-AS
General Check archive.org Show headers Download Go to Show image Full URL http://900seos.ru.com/css/gfx/login-button.png Requested by Host: 900seos.ru.com URL: http://900seos.ru.com/Login_files/hb-login.css Protocol HTTP/1.1 Server 91.209.70.247 , Belize, ASN43317 (VEESP-AS, LV), Reverse DNS Software Apache / Resource Hash `8cab5b8e34941f772d77479763c39a00082334338f96287b63c0ec33cc343696` Request headers accept-language de-DE,de;q=0.9 Referer http://900seos.ru.com/Login_files/hb-login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Wed, 12 Jul 2023 19:42:27 GMT Last-Modified Tue, 12 Apr 2022 21:44:04 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 975
GET H/1.1	200 OK	bnpp-sans.woff 900seos.ru.com/fonts/bnpp-sans/	54 KB 54 KB	50ms 49ms	Font font/woff	91.209.70.247 VEESP-AS
General Check archive.org Show headers Download Go to Full URL http://900seos.ru.com/fonts/bnpp-sans/bnpp-sans.woff Requested by Host: 900seos.ru.com URL: http://900seos.ru.com/Login_files/clientlib-redational-page-login.min.css Protocol HTTP/1.1 Server 91.209.70.247 , Belize, ASN43317 (VEESP-AS, LV), Reverse DNS Software Apache / Resource Hash `3ad317867dbc668f3e6dacfa4c17870a9affaa520346201b394810564e214e7c` Request headers Referer http://900seos.ru.com/Login_files/clientlib-redational-page-login.min.css Origin http://900seos.ru.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Wed, 12 Jul 2023 19:42:27 GMT Last-Modified Tue, 01 Mar 2022 13:39:16 GMT Server Apache Content-Type font/woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 54856
GET H/1.1	200 OK	bnpp-sans-light.woff 900seos.ru.com/fonts/bnpp-sans/	53 KB 53 KB	47ms 47ms	Font font/woff	91.209.70.247 VEESP-AS
General Check archive.org Show headers Download Go to Full URL http://900seos.ru.com/fonts/bnpp-sans/bnpp-sans-light.woff Requested by Host: 900seos.ru.com URL: http://900seos.ru.com/Login_files/clientlib-redational-page-login.min.css Protocol HTTP/1.1 Server 91.209.70.247 , Belize, ASN43317 (VEESP-AS, LV), Reverse DNS Software Apache / Resource Hash `d9356a502a3e4c129bfddb49268c0531dc91c92a868f600cbe322cfa11e68cba` Request headers Referer http://900seos.ru.com/Login_files/clientlib-redational-page-login.min.css Origin http://900seos.ru.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Wed, 12 Jul 2023 19:42:27 GMT Last-Modified Tue, 01 Mar 2022 13:39:18 GMT Server Apache Content-Type font/woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 54136
GET H/1.1	200 OK	bnpp-sans-bold.woff 900seos.ru.com/fonts/bnpp-sans/	54 KB 54 KB	46ms 45ms	Font font/woff	91.209.70.247 VEESP-AS
General Check archive.org Show headers Download Go to Full URL http://900seos.ru.com/fonts/bnpp-sans/bnpp-sans-bold.woff Requested by Host: 900seos.ru.com URL: http://900seos.ru.com/Login_files/clientlib-redational-page-login.min.css Protocol HTTP/1.1 Server 91.209.70.247 , Belize, ASN43317 (VEESP-AS, LV), Reverse DNS Software Apache / Resource Hash `80bf8cdea9bc8b01b1b12f18210a7eb3b5f30fefa0d9f9209813d9f9cfe6e39e` Request headers Referer http://900seos.ru.com/Login_files/clientlib-redational-page-login.min.css Origin http://900seos.ru.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Wed, 12 Jul 2023 19:42:27 GMT Last-Modified Tue, 01 Mar 2022 13:39:18 GMT Server Apache Content-Type font/woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 54984

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNP Paribas (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			900seos.ru.com/	1970-01-20 22:49:10	Name: COOKIE_KEY Value: 168919094649

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

900seos.ru.com
91.209.70.247
161287fcdd46249457a9bf76572fb763527cbcd81df89ab0bafeac3786467ecb
3ad317867dbc668f3e6dacfa4c17870a9affaa520346201b394810564e214e7c
80bf8cdea9bc8b01b1b12f18210a7eb3b5f30fefa0d9f9209813d9f9cfe6e39e
8cab5b8e34941f772d77479763c39a00082334338f96287b63c0ec33cc343696
99543d933ae6c6b53aa79a42deb665f785cba48b798e0420ae34e835a588f018
9bbcce28a99d5b02e2eb077eb0d7db919f3f4f8b7b8aa96f665fff4181ad6903
af24ef4420217bda0c18c7e44c0037cc8bad16c8148ae77689974502d6cfff7d
d9356a502a3e4c129bfddb49268c0531dc91c92a868f600cbe322cfa11e68cba
e4d615de09a41c8c2d8d395a3ab156ce9520a9fc96c23b1780bb2adab4292b67

900seos.ru.com Open in urlscan Pro 91.209.70.247 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

9 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

633 kBTransfer

631 kBSize

1 Cookies

4 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

900seos.ru.com Open in urlscan Pro
91.209.70.247 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

633 kB
Transfer

631 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!