phpunxbeef.temp.swtest.ru
Open in
urlscan Pro
77.222.56.111
Malicious Activity!
Public Scan
Effective URL: http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/
Submission: On November 24 via api from BE — Scanned from DE
Summary
This is the only time phpunxbeef.temp.swtest.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Impots Gouv (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.11 67.199.248.11 | 396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD) | |
1 1 | 2606:4700:10:... 2606:4700:10::6816:e8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 206.198.230.97 206.198.230.97 | 11555 (SHCS) (SHCS) | |
2 14 | 77.222.56.111 77.222.56.111 | 44112 (SWEB-AS) (SWEB-AS) | |
13 | 2 |
ASN11555 (SHCS, US)
PTR: us-wpl-c8-km194.wpl.host
cloudfront.purewinnews.com |
ASN44112 (SWEB-AS, RU)
PTR: vh291.sweb.ru
phpunxbeef.temp.swtest.ru |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
swtest.ru
2 redirects
phpunxbeef.temp.swtest.ru |
113 KB |
1 |
purewinnews.com
cloudfront.purewinnews.com |
312 B |
1 |
cutt.ly
1 redirects
cutt.ly |
503 B |
1 |
bit.ly
1 redirects
bit.ly |
249 B |
13 | 4 |
Domain | Requested by | |
---|---|---|
14 | phpunxbeef.temp.swtest.ru |
2 redirects
phpunxbeef.temp.swtest.ru
|
1 | cloudfront.purewinnews.com | |
1 | cutt.ly | 1 redirects |
1 | bit.ly | 1 redirects |
13 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
windows.microsoft.com |
browsehappy.com |
www.impots.gouv.fr |
cfspart.impots.gouv.fr |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cloudfront.purewinnews.com cPanel, Inc. Certification Authority |
2021-09-13 - 2021-12-12 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/
Frame ID: 9555284D8D2FAEBBC2B4F1412FD285D2
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
Professionnel | authentificationPage URL History Show full URLs
-
https://bit.ly/3CLfBcZ
HTTP 301
https://cutt.ly/STD47PK HTTP 301
https://cloudfront.purewinnews.com/wp-admin/a/redirection2.php Page URL
-
http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte
HTTP 301
http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/ HTTP 302
http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ Page URL
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: une version plus récente d'Internet Explorer
Search URL Search Domain Scan URL
Title: autre navigateur
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Votre espace particulier
Search URL Search Domain Scan URL
Title: Aide
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bit.ly/3CLfBcZ
HTTP 301
https://cutt.ly/STD47PK HTTP 301
https://cloudfront.purewinnews.com/wp-admin/a/redirection2.php Page URL
-
http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte
HTTP 301
http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/ HTTP 302
http://phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://bit.ly/3CLfBcZ HTTP 301
- https://cutt.ly/STD47PK HTTP 301
- https://cloudfront.purewinnews.com/wp-admin/a/redirection2.php
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
redirection2.php
cloudfront.purewinnews.com/wp-admin/a/ Redirect Chain
|
167 B 312 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/ Redirect Chain
|
28 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap-3.3.6.min.css
phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/styles/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
autentification.css
phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/styles/ |
14 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
imp.css
phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/styles/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
info.png
phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
info.png
phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aide.gif
phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/images/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.3.min.js
phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/js/ |
94 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/js/ |
36 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Logo-Marianne%2bimpots-gouv-fr.svg
phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/images/ |
79 KB 22 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cadenas.svg
phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/images/ |
8 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cccc.png
phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace/templates/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Impots Gouv (Government)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler string| urlPayer string| urlActiver string| urlMDPActivation string| urlMDPOubli string| urlpartPriv string| urlproPriv string| urltoPortailPub string| urltoaide string| urlCertifAcces function| type_carte function| maxLengthCheck undefined| frmvalidator function| $ function| jQuery object| jQuery111303825361241605263 function| isIE3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
phpunxbeef.temp.swtest.ru/impots-gouv/moncompte/espace | Name: essai Value: cookie |
|
.bit.ly/ | Name: _bit Value: lao2IP-a3eb00a7796497aceb-00u |
|
cutt.ly/ | Name: PHPSESSID Value: r0le33q0jmq281bpnd1l3as7k8 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bit.ly
cloudfront.purewinnews.com
cutt.ly
phpunxbeef.temp.swtest.ru
206.198.230.97
2606:4700:10::6816:e8
67.199.248.11
77.222.56.111
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
6287b87faa9499dab1b10e123f1032f691202ce7e9eaf2d6ba2d63b8b48b7e39
69d9384af8739a9f9bf63730592b610f7a5069531501cb85a1b98d79adc57f04
703a429a5822c59205b0ee6d52cff168ccdf3cbfbcd0e6b85d2c56dac1fec165
b16fbbc475f7128aa28ed91bc59e48517a580ca486ef5a4836e240e62224cc61
b31e9d9ddfdc36396eada91eb3eeff90f73c3d4b7ab21fdfb964cace1b4af1e6
b8b97e5544aa98b04f13bbb97f44ca648fcea23af0a65a4000eb85889b706c1d
c4a590148ea4d288573c1d0b5169bdb4d22aa0120ccc02f169ff04bffbdf30da
ce6e3d9e792da1fa703cd32717be61f0b9adf057029b80c3b7b60ff237b40708
cf099e2de9f31c9abc455f32f639de4414d51cacda3b73f51a7eb23e8a5eebb7
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
ed00809cbd29ff0c14d032cc1cc51bc6e69b4051ace74e5e6e9742d76360177b