www.blog.agirpourguerir.net
Open in
urlscan Pro
213.186.33.87
Malicious Activity!
Public Scan
Submission: On September 05 via automatic, source openphish — Scanned from FR
Summary
TLS certificate: Issued by R3 on August 23rd 2022. Valid for: 3 months.
This is the only time www.blog.agirpourguerir.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: bank99 (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 213.186.33.87 213.186.33.87 | 16276 (OVH) (OVH) | |
1 2 | 2606:4700:20:... 2606:4700:20::681a:85b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:831::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700::68... 2606:4700::6812:1734 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a02:6ea0:cb0... 2a02:6ea0:cb00::2 | 60068 (CDN77 ^_^) (CDN77 ^_^) | |
2 | 193.110.183.243 193.110.183.243 | 24656 (ARZ) (ARZ) | |
4 | 2606:4700:303... 2606:4700:3032::6815:1e29 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
15 | 7 |
ASN16276 (OVH, FR)
PTR: cluster014.ovh.net
www.blog.agirpourguerir.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 3325 ka-f.fontawesome.com — Cisco Umbrella Rank: 6377 |
34 KB |
5 |
agirpourguerir.net
www.blog.agirpourguerir.net |
381 KB |
2 |
bank99.at
meine.bank99.at |
130 KB |
2 |
tailwindcss.com
1 redirects
cdn.tailwindcss.com — Cisco Umbrella Rank: 162345 |
97 KB |
1 |
icons8.com
img.icons8.com — Cisco Umbrella Rank: 48763 |
1023 B |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 480 |
34 KB |
15 | 6 |
Domain | Requested by | |
---|---|---|
5 | www.blog.agirpourguerir.net |
www.blog.agirpourguerir.net
|
4 | ka-f.fontawesome.com |
kit.fontawesome.com
|
2 | meine.bank99.at |
www.blog.agirpourguerir.net
|
2 | cdn.tailwindcss.com |
1 redirects
www.blog.agirpourguerir.net
|
1 | img.icons8.com |
www.blog.agirpourguerir.net
|
1 | kit.fontawesome.com |
www.blog.agirpourguerir.net
|
1 | ajax.googleapis.com |
www.blog.agirpourguerir.net
|
15 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
agirpourguerir.net R3 |
2022-08-23 - 2022-11-21 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-08-15 - 2022-11-07 |
3 months | crt.sh |
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-12-01 - 2023-01-01 |
a year | crt.sh |
1004834818.rsc.cdn77.org R3 |
2022-07-23 - 2022-10-21 |
3 months | crt.sh |
meine.bank99.at EuropeanSSL Server CA 2 |
2022-01-12 - 2023-02-12 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-12 - 2023-08-12 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/index.html
Frame ID: 54E80A9AB4EDE7F806C94683F1649438
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
LoginDetected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://cdn.tailwindcss.com/ HTTP 302
- https://cdn.tailwindcss.com/3.1.8
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.html
www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/ |
11 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.1.8
cdn.tailwindcss.com/ Redirect Chain
|
319 KB 97 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ |
95 KB 34 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
887a93ffa3.js
kit.fontawesome.com/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/assets/ |
30 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chevron.svg
www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/assets/ |
141 B 324 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
multiply.png
img.icons8.com/ios-filled/50/000000/ |
398 B 1023 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading-animation.gif
meine.bank99.at/banking/resource/18c355e592860e98ced912b321b615408d8e1a63/m122/images/ |
108 KB 108 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/ |
100 KB 23 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/ |
27 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v5-font-face.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/ |
823 B 717 B |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/ |
2 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-background.jpg
www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/assets/ |
346 KB 347 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
PostSans-Regular.woff2
meine.bank99.at/banking/resource/18c355e592860e98ced912b321b615408d8e1a63/m122/fonts/ |
21 KB 21 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: bank99 (Banking)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| tailwind function| $ function| jQuery object| FontAwesomeKitConfig string| /template.html function| handleSubmit0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdn.tailwindcss.com
img.icons8.com
ka-f.fontawesome.com
kit.fontawesome.com
meine.bank99.at
www.blog.agirpourguerir.net
193.110.183.243
213.186.33.87
2606:4700:20::681a:85b
2606:4700:3032::6815:1e29
2606:4700::6812:1734
2a00:1450:4001:831::200a
2a02:6ea0:cb00::2
0d14ef4e270ba8b5419f93c97f8abf14b27199528509416524877164fe264793
0de36e547f6703f8416190d4d94fee1f1c149e42f850150dfc787aca3f071095
17e97452418b8595f162bfbd40f3fb96d1153cda5d2b0a49b0d0a05b01fce385
2d6e7e5263fa38ed2725e4be49d49fdca61aa60f92ffc1edbd0c3b47dc8c9e2b
5ee384f718fabd25f5c632e57a1c2a44a5ff17b14393eaa50f39a6a32410fd99
60e884b9053786e87be15d58218537f58acf9388f7ba9e11e95d5b561f3a163c
657b38d408d6552df456c765be754c08e6dee14da828fcfc3a05d25567d01521
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
7e2e5b98761af2ad33e704867bd4ffca9206c60144e68b6d05ce8eab6298dfbd
872c0950b5f14cd738ca5aae47b3e5105d551735c9e82d828d783ad07df1d687
9a48abc1c0966ae27ea445a3af3f6602ffc5de898fcf007c1b32800cda33f787
a3b9b469d31790096180616fae0155d3af8088924ef1d724bfd085ff3d12f075
a6042095c8394001a87eae5196a219e0b53c3596cef31784e6d033a710039639
c1081c5c02309927ef4aa2929fc0e14122fb47302d81ea4118acb9d643a1c65e
c6c1651291bdbeeaf76023bf75ea9e024acecc85244905df86a5bd98e294e3c0