phpunxbeef.temp.swtest.ru Open in urlscan Pro
77.222.56.111 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bit.ly/3CLfBcZ
Effective URL:
http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/
Submission: On November 24 via api (November 24th 2021, 2:44:56 am UTC) from BE — Scanned from DE

Summary HTTP 13 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 4 domains to perform 13 HTTP transactions. The main IP is 77.222.56.111, located in Russian Federation and belongs to SWEB-AS, RU. The main domain is phpunxbeef.temp.swtest.ru.

This is the only time phpunxbeef.temp.swtest.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Impots Gouv (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.11 67.199.248.11	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
1 1	2606:4700:10:... 2606:4700:10::6816:e8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	206.198.230.97 206.198.230.97	11555 (SHCS) (SHCS)
2 14	77.222.56.111 77.222.56.111	44112 (SWEB-AS) (SWEB-AS)
13	2

1 67.199.248.11 (United States) 1 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:e8 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cutt.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.198.230.97 (United States)

ASN11555 (SHCS, US)
PTR: us-wpl-c8-km194.wpl.host

cloudfront.purewinnews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 77.222.56.111 (Russian Federation) 2 redirects

ASN44112 (SWEB-AS, RU)
PTR: vh291.sweb.ru

phpunxbeef.temp.swtest.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	swtest.ru 2 redirects phpunxbeef.temp.swtest.ru	113 KB
1	purewinnews.com cloudfront.purewinnews.com	312 B
1	cutt.ly 1 redirects cutt.ly	503 B
1	bit.ly 1 redirects bit.ly	249 B
13	4

	Domain	Requested by
14	phpunxbeef.temp.swtest.ru	2 redirects phpunxbeef.temp.swtest.ru
1	cloudfront.purewinnews.com
1	cutt.ly	1 redirects
1	bit.ly	1 redirects
13	4

This site contains links to these domains. Also see Links.

Domain
windows.microsoft.com
browsehappy.com
www.impots.gouv.fr
cfspart.impots.gouv.fr

Subject Issuer	Validity	Valid
cloudfront.purewinnews.com cPanel, Inc. Certification Authority	`2021-09-13` - `2021-12-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/
Frame ID: 9555284D8D2FAEBBC2B4F1412FD285D2
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Professionnel | authentification

Page URL History Show full URLs

https://bit.ly/3CLfBcZ HTTP 301
https://cutt.ly/STD47PK HTTP 301
https://cloudfront.purewinnews.com/wp-admin/a/redirection2.php Page URL
http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte HTTP 301
http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/ HTTP 302
http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ Page URL

Page Statistics

13
Requests

8 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

2
IPs

2
Countries

113 kB
Transfer

392 kB
Size

3
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: http://windows.microsoft.com/fr-fr/internet-explorer/download-ie
Title: une version plus récente d'Internet Explorer

Search URL Search Domain Scan URL

URL: http://browsehappy.com/
Title: autre navigateur

Search URL Search Domain Scan URL

URL: https://www.impots.gouv.fr/portail/professionnel

Search URL Search Domain Scan URL

URL: https://cfspart.impots.gouv.fr/monprofil-webapp/monCompte
Title: Votre espace particulier

Search URL Search Domain Scan URL

URL: https://www.impots.gouv.fr/portail/node/9544
Title: Aide

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bit.ly/3CLfBcZ HTTP 301
https://cutt.ly/STD47PK HTTP 301
https://cloudfront.purewinnews.com/wp-admin/a/redirection2.php Page URL
http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte HTTP 301
http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/ HTTP 302
http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://bit.ly/3CLfBcZ HTTP 301
https://cutt.ly/STD47PK HTTP 301
https://cloudfront.purewinnews.com/wp-admin/a/redirection2.php

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	redirection2.php Show response cloudfront.purewinnews.com/wp-admin/a/ Redirect Chain https://bit.ly/3CLfBcZ https://cutt.ly/STD47PK https://cloudfront.purewinnews.com/wp-admin/a/redirection2.php	167 B 312 B	551ms 122ms	Document text/html	206.198.230.97 SHCS
General Check archive.org Show headers Download Go to Full URL https://cloudfront.purewinnews.com/wp-admin/a/redirection2.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 206.198.230.97 , United States, ASN11555 (SHCS, US), Reverse DNS us-wpl-c8-km194.wpl.host Software Apache / Resource Hash `ce6e3d9e792da1fa703cd32717be61f0b9adf057029b80c3b7b60ff237b40708` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers cache-control max-age=600, private, must-revalidate expires Wed, 24 Nov 2021 03:44:51 GMT vary Accept-Encoding,User-Agent content-encoding gzip access-control-allow-origin * content-length 152 content-type text/html; charset=UTF-8 date Wed, 24 Nov 2021 02:44:51 GMT server Apache Redirect headers date Wed, 24 Nov 2021 02:44:51 GMT content-type text/html; charset=UTF-8 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-cache, no-store, must-revalidate pragma no-cache location https://cloudfront.purewinnews.com/wp-admin/a/redirection2.php vary Accept-Encoding x-xss-protection 1; mode=block x-frame-options SAMEORIGIN x-content-type-options nosniff alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 6b2f4c3b4ccf6919-FRA
GET H/1.1	200 OK	Primary Request / Show response phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ Redirect Chain http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/ http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/	28 KB 6 KB	61ms 61ms	Document text/html	77.222.56.111 SWEB-AS
General Check archive.org Show headers Download Go to Full URL http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ Protocol HTTP/1.1 Server 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh291.sweb.ru Software nginx/1.19.1 / PHP/7.1.33 Resource Hash `69d9384af8739a9f9bf63730592b610f7a5069531501cb85a1b98d79adc57f04` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://cloudfront.purewinnews.com/wp-admin/a/redirection2.php Response headers Server nginx/1.19.1 Date Wed, 24 Nov 2021 02:44:52 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=10 Vary Accept-Encoding X-Powered-By PHP/7.1.33 Content-Encoding gzip Redirect headers Server nginx/1.19.1 Date Wed, 24 Nov 2021 02:44:52 GMT Content-Type text/html; charset=UTF-8 Content-Length 0 Connection keep-alive Keep-Alive timeout=10 X-Powered-By PHP/7.1.33 Location espace/
GET H/1.1	200 OK	bootstrap-3.3.6.min.css phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/styles/	118 KB 20 KB	48ms 47ms	Stylesheet text/css	77.222.56.111 SWEB-AS
General Check archive.org Show headers Download Go to Full URL http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/styles/bootstrap-3.3.6.min.css Requested by Host: phpunxbeef.temp.swtest.ru URL: http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ Protocol HTTP/1.1 Server 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh291.sweb.ru Software nginx/1.19.1 / Resource Hash `c4a590148ea4d288573c1d0b5169bdb4d22aa0120ccc02f169ff04bffbdf30da` Request headers Accept-Language de-DE,de;q=0.9 Referer http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Wed, 24 Nov 2021 02:44:52 GMT Content-Encoding gzip Last-Modified Thu, 09 Jan 2020 18:28:58 GMT Server nginx/1.19.1 ETag W/"270560d-1d9bb-59bb92eae8e80" Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=10
GET H/1.1	200 OK	autentification.css phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/styles/	14 KB 4 KB	80ms 41ms	Stylesheet text/css	77.222.56.111 SWEB-AS
General Check archive.org Show headers Download Go to Full URL http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/styles/autentification.css Requested by Host: phpunxbeef.temp.swtest.ru URL: http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ Protocol HTTP/1.1 Server 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh291.sweb.ru Software nginx/1.19.1 / Resource Hash `ed00809cbd29ff0c14d032cc1cc51bc6e69b4051ace74e5e6e9742d76360177b` Request headers Accept-Language de-DE,de;q=0.9 Referer http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Wed, 24 Nov 2021 02:44:52 GMT Content-Encoding gzip Last-Modified Thu, 09 Jan 2020 18:28:58 GMT Server nginx/1.19.1 ETag W/"270560c-39cd-59bb92eae8e80" Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=10
GET H/1.1	404 Not Found	imp.css phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/styles/	0 0	87ms 47ms	Stylesheet text/html	77.222.56.111 SWEB-AS
General Check archive.org Show headers Download Go to Full URL http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/styles/imp.css Requested by Host: phpunxbeef.temp.swtest.ru URL: http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ Protocol HTTP/1.1 Server 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh291.sweb.ru Software nginx/1.19.1 / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Wed, 24 Nov 2021 02:44:52 GMT Content-Encoding gzip Server nginx/1.19.1 Vary Accept-Encoding, accept-language,accept-charset Content-Language de Transfer-Encoding chunked Connection keep-alive Content-Type text/html; charset=iso-8859-1 Keep-Alive timeout=10
GET H/1.1	200 OK	info.png phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/images/	2 KB 2 KB	43ms 42ms	Image image/png	77.222.56.111 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/images/info.png Requested by Host: phpunxbeef.temp.swtest.ru URL: http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ Protocol HTTP/1.1 Server 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh291.sweb.ru Software nginx/1.19.1 / Resource Hash `b8b97e5544aa98b04f13bbb97f44ca648fcea23af0a65a4000eb85889b706c1d` Request headers Accept-Language de-DE,de;q=0.9 Referer http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Wed, 24 Nov 2021 02:44:52 GMT Last-Modified Thu, 09 Jan 2020 18:28:58 GMT Server nginx/1.19.1 ETag "27055ff-7cb-59bb92eae8e80" Content-Type image/png Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 1995
GET H/1.1	200 OK	info.png phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/	3 KB 3 KB	93ms 50ms	Image image/png	77.222.56.111 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/info.png Requested by Host: phpunxbeef.temp.swtest.ru URL: http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ Protocol HTTP/1.1 Server 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh291.sweb.ru Software nginx/1.19.1 / Resource Hash `b16fbbc475f7128aa28ed91bc59e48517a580ca486ef5a4836e240e62224cc61` Request headers Accept-Language de-DE,de;q=0.9 Referer http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Wed, 24 Nov 2021 02:44:52 GMT Last-Modified Thu, 09 Jan 2020 18:28:58 GMT Server nginx/1.19.1 ETag "2705602-c56-59bb92eae8e80" Content-Type image/png Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 3158
GET H/1.1	404 Not Found	aide.gif phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/images/	1 KB 1 KB	92ms 49ms	Image text/html	77.222.56.111 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/images/aide.gif Requested by Host: phpunxbeef.temp.swtest.ru URL: http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ Protocol HTTP/1.1 Server 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh291.sweb.ru Software nginx/1.19.1 / Resource Hash `703a429a5822c59205b0ee6d52cff168ccdf3cbfbcd0e6b85d2c56dac1fec165` Request headers Accept-Language de-DE,de;q=0.9 Referer http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Wed, 24 Nov 2021 02:44:52 GMT Content-Encoding gzip Server nginx/1.19.1 Vary Accept-Encoding, accept-language,accept-charset Content-Language de Transfer-Encoding chunked Connection keep-alive Content-Type text/html; charset=iso-8859-1 Keep-Alive timeout=10
GET H/1.1	200 OK	jquery-1.11.3.min.js Show response phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/js/	94 KB 33 KB	48ms 47ms	Script application/x-javascript	77.222.56.111 SWEB-AS
General Check archive.org Show headers Download Go to Full URL http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/js/jquery-1.11.3.min.js Requested by Host: phpunxbeef.temp.swtest.ru URL: http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ Protocol HTTP/1.1 Server 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh291.sweb.ru Software nginx/1.19.1 / Resource Hash `ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8` Request headers Accept-Language de-DE,de;q=0.9 Referer http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Wed, 24 Nov 2021 02:44:52 GMT Content-Encoding gzip Last-Modified Thu, 09 Jan 2020 18:28:58 GMT Server nginx/1.19.1 ETag W/"2705606-176d5-59bb92eae8e80" Vary Accept-Encoding Content-Type application/x-javascript Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=10
GET H/1.1	200 OK	bootstrap.min.js Show response phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/js/	36 KB 10 KB	50ms 50ms	Script application/x-javascript	77.222.56.111 SWEB-AS
General Check archive.org Show headers Download Go to Full URL http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/js/bootstrap.min.js Requested by Host: phpunxbeef.temp.swtest.ru URL: http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ Protocol HTTP/1.1 Server 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh291.sweb.ru Software nginx/1.19.1 / Resource Hash `2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a` Request headers Accept-Language de-DE,de;q=0.9 Referer http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Wed, 24 Nov 2021 02:44:52 GMT Content-Encoding gzip Last-Modified Thu, 09 Jan 2020 18:28:58 GMT Server nginx/1.19.1 ETag W/"2705605-9004-59bb92eae8e80" Vary Accept-Encoding Content-Type application/x-javascript Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=10
GET H/1.1	200 OK	Logo-Marianne%2bimpots-gouv-fr.svg phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/images/	79 KB 22 KB	91ms 50ms	Image image/svg+xml	77.222.56.111 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/images/Logo-Marianne%2bimpots-gouv-fr.svg Requested by Host: phpunxbeef.temp.swtest.ru URL: http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/styles/autentification.css Protocol HTTP/1.1 Server 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh291.sweb.ru Software nginx/1.19.1 / Resource Hash `cf099e2de9f31c9abc455f32f639de4414d51cacda3b73f51a7eb23e8a5eebb7` Request headers Accept-Language de-DE,de;q=0.9 Referer http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/styles/autentification.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Wed, 24 Nov 2021 02:44:52 GMT Content-Encoding gzip Last-Modified Thu, 09 Jan 2020 18:28:58 GMT Server nginx/1.19.1 ETag W/"2705600-13d97-59bb92eae8e80" Vary Accept-Encoding Content-Type image/svg+xml Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=10
GET H/1.1	200 OK	Cadenas.svg phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/images/	8 KB 3 KB	74ms 44ms	Image image/svg+xml	77.222.56.111 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/images/Cadenas.svg Requested by Host: phpunxbeef.temp.swtest.ru URL: http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/styles/autentification.css Protocol HTTP/1.1 Server 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh291.sweb.ru Software nginx/1.19.1 / Resource Hash `6287b87faa9499dab1b10e123f1032f691202ce7e9eaf2d6ba2d63b8b48b7e39` Request headers Accept-Language de-DE,de;q=0.9 Referer http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/styles/autentification.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Wed, 24 Nov 2021 02:44:52 GMT Content-Encoding gzip Last-Modified Thu, 09 Jan 2020 18:28:58 GMT Server nginx/1.19.1 ETag W/"27055fd-2098-59bb92eae8e80" Vary Accept-Encoding Content-Type image/svg+xml Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=10
GET H/1.1	200 OK	cccc.png phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/	8 KB 8 KB	74ms 44ms	Image image/png	77.222.56.111 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/cccc.png Requested by Host: phpunxbeef.temp.swtest.ru URL: http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ Protocol HTTP/1.1 Server 77.222.56.111 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh291.sweb.ru Software nginx/1.19.1 / Resource Hash `b31e9d9ddfdc36396eada91eb3eeff90f73c3d4b7ab21fdfb964cace1b4af1e6` Request headers Accept-Language de-DE,de;q=0.9 Referer http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Wed, 24 Nov 2021 02:44:52 GMT Last-Modified Thu, 09 Jan 2020 18:28:58 GMT Server nginx/1.19.1 ETag "27055ed-1e50-59bb92eae8e80" Content-Type image/png Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 7760

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Impots Gouv (Government)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace	1969-12-31 23:59:59	Name: essai Value: cookie
.bit.ly/	1970-01-20 03:14:33	Name: _bit Value: lao2IP-a3eb00a7796497aceb-00u
cutt.ly/	1969-12-31 23:59:59	Name: PHPSESSID Value: r0le33q0jmq281bpnd1l3as7k8

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/styles/imp.css Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/images/aide.gif Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bit.ly
cloudfront.purewinnews.com
cutt.ly
phpunxbeef.temp.swtest.ru
206.198.230.97
2606:4700:10::6816:e8
67.199.248.11
77.222.56.111
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
6287b87faa9499dab1b10e123f1032f691202ce7e9eaf2d6ba2d63b8b48b7e39
69d9384af8739a9f9bf63730592b610f7a5069531501cb85a1b98d79adc57f04
703a429a5822c59205b0ee6d52cff168ccdf3cbfbcd0e6b85d2c56dac1fec165
b16fbbc475f7128aa28ed91bc59e48517a580ca486ef5a4836e240e62224cc61
b31e9d9ddfdc36396eada91eb3eeff90f73c3d4b7ab21fdfb964cace1b4af1e6
b8b97e5544aa98b04f13bbb97f44ca648fcea23af0a65a4000eb85889b706c1d
c4a590148ea4d288573c1d0b5169bdb4d22aa0120ccc02f169ff04bffbdf30da
ce6e3d9e792da1fa703cd32717be61f0b9adf057029b80c3b7b60ff237b40708
cf099e2de9f31c9abc455f32f639de4414d51cacda3b73f51a7eb23e8a5eebb7
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
ed00809cbd29ff0c14d032cc1cc51bc6e69b4051ace74e5e6e9742d76360177b

phpunxbeef.temp.swtest.ru Open in urlscan Pro 77.222.56.111 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

13 Requests

8 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

2 IPs

2 Countries

113 kBTransfer

392 kBSize

3 Cookies

5 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

20 JavaScript Global Variables

3 Cookies

2 Console Messages

Indicators

phpunxbeef.temp.swtest.ru Open in urlscan Pro
77.222.56.111 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

8 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

2
IPs

2
Countries

113 kB
Transfer

392 kB
Size

3
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!