www.blog.agirpourguerir.net Open in urlscan Pro
213.186.33.87  Malicious Activity! Public Scan

URL: https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/index.html
Submission: On September 05 via automatic, source openphish — Scanned from FR

Summary

This website contacted 7 IPs in 5 countries across 6 domains to perform 15 HTTP transactions. The main IP is 213.186.33.87, located in Saran, France and belongs to OVH, FR. The main domain is www.blog.agirpourguerir.net.
TLS certificate: Issued by R3 on August 23rd 2022. Valid for: 3 months.
This is the only time www.blog.agirpourguerir.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: bank99 (Banking)

Domain & IP information

IP Address AS Autonomous System
5 213.186.33.87 16276 (OVH)
1 2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:6ea0:cb0... 60068 (CDN77 ^_^)
2 193.110.183.243 24656 (ARZ)
4 2606:4700:303... 13335 (CLOUDFLAR...)
15 7
Apex Domain
Subdomains
Transfer
5 fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 3325
ka-f.fontawesome.com — Cisco Umbrella Rank: 6377
34 KB
5 agirpourguerir.net
www.blog.agirpourguerir.net
381 KB
2 bank99.at
meine.bank99.at
130 KB
2 tailwindcss.com
cdn.tailwindcss.com — Cisco Umbrella Rank: 162345
97 KB
1 icons8.com
img.icons8.com — Cisco Umbrella Rank: 48763
1023 B
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 480
34 KB
15 6
Domain Requested by
5 www.blog.agirpourguerir.net www.blog.agirpourguerir.net
4 ka-f.fontawesome.com kit.fontawesome.com
2 meine.bank99.at www.blog.agirpourguerir.net
2 cdn.tailwindcss.com 1 redirects www.blog.agirpourguerir.net
1 img.icons8.com www.blog.agirpourguerir.net
1 kit.fontawesome.com www.blog.agirpourguerir.net
1 ajax.googleapis.com www.blog.agirpourguerir.net
15 7

This site contains no links.

Subject Issuer Validity Valid
agirpourguerir.net
R3
2022-08-23 -
2022-11-21
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-08-15 -
2022-11-07
3 months crt.sh
*.fontawesome.com
DigiCert TLS RSA SHA256 2020 CA1
2021-12-01 -
2023-01-01
a year crt.sh
1004834818.rsc.cdn77.org
R3
2022-07-23 -
2022-10-21
3 months crt.sh
meine.bank99.at
EuropeanSSL Server CA 2
2022-01-12 -
2023-02-12
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-08-12 -
2023-08-12
a year crt.sh

This page contains 1 frames:

Primary Page: https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/index.html
Frame ID: 54E80A9AB4EDE7F806C94683F1649438
Requests: 15 HTTP requests in this frame

Screenshot

Page Title

Login

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • kit\.fontawesome\.com/([0-9a-z]+).js

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

93 %
HTTPS

71 %
IPv6

6
Domains

7
Subdomains

7
IPs

5
Countries

676 kB
Transfer

1074 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://cdn.tailwindcss.com/ HTTP 302
  • https://cdn.tailwindcss.com/3.1.8

15 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index.html
www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/
11 KB
3 KB
Document
General
Full URL
https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.186.33.87 Saran, France, ASN16276 (OVH, FR),
Reverse DNS
cluster014.ovh.net
Software
Apache /
Resource Hash
60e884b9053786e87be15d58218537f58acf9388f7ba9e11e95d5b561f3a163c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
2510
content-type
text/html
date
Mon, 05 Sep 2022 13:20:05 GMT
server
Apache
vary
Accept-Encoding
3.1.8
cdn.tailwindcss.com/
Redirect Chain
  • https://cdn.tailwindcss.com/
  • https://cdn.tailwindcss.com/3.1.8
319 KB
97 KB
Script
General
Full URL
https://cdn.tailwindcss.com/3.1.8
Requested by
Host: www.blog.agirpourguerir.net
URL: https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/index.html
Protocol
H2
Server
2606:4700:20::681a:85b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d6e7e5263fa38ed2725e4be49d49fdca61aa60f92ffc1edbd0c3b47dc8c9e2b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.blog.agirpourguerir.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 13:20:05 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 05 Aug 2022 17:01:21 GMT
x-vercel-id
syd1::iad1::5cswb-1659718880314-e36b19295c12
age
1742724
x-vercel-cache
MISS
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=POwWtqeAWA6k1XeuQ6lV7U9RvZctboDHa5EadM1YAbryhd1uVbE9Jfoz26%2BVU3Md62dLiWmTTMnLzG%2FBqmxk7eph19xYjttDMoVqe4bzb7O9katPCCce6hGPHWvp4EG4538PFkJrWB4TkY8QzvUlKqU%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=63072000
cf-ray
745f42a4fc41cdcf-CDG
server
cloudflare

Redirect headers

date
Mon, 05 Sep 2022 13:20:05 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-id
syd1::iad1::kl9tk-1662383444194-2f9aa02adde6
age
443
x-vercel-cache
MISS
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kNLLIVc3yqlMxBlewVnJlj%2Fm6cILiwtDl8UvKRg5KRo%2Fi8b1dVlCO2Mx4E2sgFEI%2BmJ6ZhRcwN29TvTKBCA5RcO40CQodvVbhwz%2Fm7Npf9npP1WhjZwed%2Fz98TcKgZLRUxjiV6UczH3NZ6jx%2BqHuWQY%3D"}],"group":"cf-nel","max_age":604800}
location
/3.1.8
cache-control
max-age=14400
strict-transport-security
max-age=63072000
cf-ray
745f42a4cbd8cdcf-CDG
content-length
0
server
cloudflare
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/
95 KB
34 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Requested by
Host: www.blog.agirpourguerir.net
URL: https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.blog.agirpourguerir.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 08:36:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
16997
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33951
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 05 Sep 2023 08:36:48 GMT
887a93ffa3.js
kit.fontawesome.com/
11 KB
4 KB
Script
General
Full URL
https://kit.fontawesome.com/887a93ffa3.js
Requested by
Host: www.blog.agirpourguerir.net
URL: https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ee384f718fabd25f5c632e57a1c2a44a5ff17b14393eaa50f39a6a32410fd99
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://www.blog.agirpourguerir.net/
Origin
https://www.blog.agirpourguerir.net
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 13:20:05 GMT
content-encoding
gzip
cf-cache-status
MISS
server
cloudflare
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-allow-methods
GET, OPTIONS
content-type
text/javascript
access-control-allow-origin
*
access-control-max-age
3000
cache-control
max-age=60, public, must-revalidate
strict-transport-security
max-age=31536000; preload
cf-ray
745f42a4cd6c99b1-CDG
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id
FxH5chp_SXwUwGMYbTgk
style.css
www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/
4 KB
1 KB
Stylesheet
General
Full URL
https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/style.css
Requested by
Host: www.blog.agirpourguerir.net
URL: https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.186.33.87 Saran, France, ASN16276 (OVH, FR),
Reverse DNS
cluster014.ovh.net
Software
Apache /
Resource Hash
872c0950b5f14cd738ca5aae47b3e5105d551735c9e82d828d783ad07df1d687

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 13:20:05 GMT
content-encoding
gzip
last-modified
Tue, 21 Jun 2022 01:06:36 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=900
accept-ranges
bytes
content-length
897
expires
Mon, 05 Sep 2022 13:35:05 GMT
logo.png
www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/assets/
30 KB
30 KB
Image
General
Full URL
https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/assets/logo.png
Requested by
Host: www.blog.agirpourguerir.net
URL: https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.186.33.87 Saran, France, ASN16276 (OVH, FR),
Reverse DNS
cluster014.ovh.net
Software
Apache /
Resource Hash
9a48abc1c0966ae27ea445a3af3f6602ffc5de898fcf007c1b32800cda33f787

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 13:20:06 GMT
last-modified
Tue, 21 Jun 2022 01:06:38 GMT
server
Apache
content-type
image/png
cache-control
max-age=900
accept-ranges
bytes
content-length
30463
expires
Mon, 05 Sep 2022 13:35:05 GMT
chevron.svg
www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/assets/
141 B
324 B
Image
General
Full URL
https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/assets/chevron.svg
Requested by
Host: www.blog.agirpourguerir.net
URL: https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.186.33.87 Saran, France, ASN16276 (OVH, FR),
Reverse DNS
cluster014.ovh.net
Software
Apache /
Resource Hash
0de36e547f6703f8416190d4d94fee1f1c149e42f850150dfc787aca3f071095

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 13:20:06 GMT
last-modified
Tue, 21 Jun 2022 01:06:38 GMT
server
Apache
content-type
image/svg+xml
cache-control
max-age=900
accept-ranges
bytes
content-length
141
expires
Mon, 05 Sep 2022 13:35:06 GMT
multiply.png
img.icons8.com/ios-filled/50/000000/
398 B
1023 B
Image
General
Full URL
https://img.icons8.com/ios-filled/50/000000/multiply.png
Requested by
Host: www.blog.agirpourguerir.net
URL: https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:cb00::2 , United Kingdom, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
0d14ef4e270ba8b5419f93c97f8abf14b27199528509416524877164fe264793
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.blog.agirpourguerir.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-77-pop
viennaAT
date
Mon, 05 Sep 2022 13:20:06 GMT
icon-size
50
x-content-type-options
nosniff
memory-svg-cache
false
access-control-allow-origin
*
from-cache
false
from-svg-cache
true
icon-format
png
x-cache
HIT
x-age
254125
x-dns-prefetch-control
off
content-length
398
x-xss-protection
1; mode=block
x-77-nzt
Abm0DAZ7l57/reADAA
x-accel-expires
@1662432281
not-found-platform
false
last-modified
Thu, 01 Sep 2022 16:23:54 GMT
server
CDN77-Turbo
x-77-nzt-ray
qhxHqNOBLgk
x-download-options
noopen
x-77-cache
HIT
strict-transport-security
max-age=15724800; includeSubDomains
content-type
image/png
memory-cache
false
access-control-expose-headers
Content-Disposition
cache-control
public, max-age=302400
icon-id
9433
accept-ranges
bytes
version
0.1.0-SNAPSHOT.20220801222318082
loading-animation.gif
meine.bank99.at/banking/resource/18c355e592860e98ced912b321b615408d8e1a63/m122/images/
108 KB
108 KB
Image
General
Full URL
https://meine.bank99.at/banking/resource/18c355e592860e98ced912b321b615408d8e1a63/m122/images/loading-animation.gif
Requested by
Host: www.blog.agirpourguerir.net
URL: https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/index.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.110.183.243 , Austria, ASN24656 (ARZ, AT),
Reverse DNS
arz-193-110-183-243.arz.at
Software
nginx /
Resource Hash
a6042095c8394001a87eae5196a219e0b53c3596cef31784e6d033a710039639
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.blog.agirpourguerir.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma
Date
Mon, 05 Sep 2022 13:20:06 GMT
Strict-Transport-Security
max-age=31536000
Server
nginx
X-Frame-Options
DENY
Content-Language
en-US
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=2419200,must-revalidate
Connection
Keep-Alive
Content-Type
image/gif
Keep-Alive
timeout=15, max=100
content-length
110541
Expires
Mon, 03 Oct 2022 13:20:06 GMT
free.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/
100 KB
23 KB
Fetch
General
Full URL
https://ka-f.fontawesome.com/releases/v6.2.0/css/free.min.css?token=887a93ffa3
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/887a93ffa3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1e29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1081c5c02309927ef4aa2929fc0e14122fb47302d81ea4118acb9d643a1c65e

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.blog.agirpourguerir.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 13:20:06 GMT
via
1.1 c5f2c8f2b8922a39129e7a665358cf9e.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
19706
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 30 Aug 2022 16:04:58 GMT
server
cloudflare
etag
W/"0fb4e5b70c498af98f246511192b899d"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q2bssw7k7EEAR5CqBYp7O40kveb8fP6WrALNxSlFvmV%2FLK%2BZALxG0FZYPPcymualYuhljsT%2FFrLkds6kVzVDnZzRfMgqIPbGBdoosLbGJSbJF29x%2BD74wMuRukCV%2FT5v54t4iF9ovV3kFpf0pkA2SNmDfg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
x-amz-cf-pop
BRU50-C1
cf-ray
745f42a64a34d5d5-CDG
access-control-allow-headers
fa-kit-token
x-amz-cf-id
6wVeaf2pXuKnDUYgBLiZlFsJSqkU1RCvHth-FyUxR0iPTdDdcIOqog==
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/
27 KB
5 KB
Fetch
General
Full URL
https://ka-f.fontawesome.com/releases/v6.2.0/css/free-v4-shims.min.css?token=887a93ffa3
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/887a93ffa3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1e29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c6c1651291bdbeeaf76023bf75ea9e024acecc85244905df86a5bd98e294e3c0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.blog.agirpourguerir.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 13:20:06 GMT
via
1.1 2b6f385212d54f32d2c4991db852b20e.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
19706
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 30 Aug 2022 16:04:58 GMT
server
cloudflare
etag
W/"58dea8f45bf2685132179a837507637a"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y6bXSV6drQY4wrAD3CdVYtBk%2F4zyyGsVkjbJXvgNGhh4QVMThgilFRkCE3ldY6XcxFJgXLnNmdccv%2B0nbVW2XQP9iDTyYGzV3MGRmN0qlDdt%2FTLUmJn5zxRMAk4fzWCsn1eeMnoLx%2B%2B59Tqy0lbrMTQYeA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
x-amz-cf-pop
BRU50-C1
cf-ray
745f42a64a36d5d5-CDG
access-control-allow-headers
fa-kit-token
x-amz-cf-id
YdItTbrmSy5YYIAMgtxIz4fF3lE5PhylYFeYKT9uIbMEIk5UVzo_Jg==
free-v5-font-face.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/
823 B
717 B
Fetch
General
Full URL
https://ka-f.fontawesome.com/releases/v6.2.0/css/free-v5-font-face.min.css?token=887a93ffa3
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/887a93ffa3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1e29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
17e97452418b8595f162bfbd40f3fb96d1153cda5d2b0a49b0d0a05b01fce385

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.blog.agirpourguerir.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 13:20:06 GMT
via
1.1 8774389ba30eacd908b7572400bf30e6.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
19706
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 30 Aug 2022 16:04:58 GMT
server
cloudflare
etag
W/"e2e288c32f411dc30c0c399302a30654"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z20KiVPp4pjonBTdYsQM9XbEvUJMFGIGGq7lpe0VFMoa8l%2FFI0B0Z3POmEwZmGa%2FsOfEWcKCURjSkbqEgwGeClEZcM2ylOQnVci0yKIzNe4X3tv4VIjADw%2B275C2J%2FpmynibRTcL7iMVq08Lag46vBsMoA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
x-amz-cf-pop
BRU50-C1
cf-ray
745f42a64a35d5d5-CDG
access-control-allow-headers
fa-kit-token
x-amz-cf-id
xwQRE4J570hQZ6-E1yLguHBdFxXqFW_pXANnfe6TbRa_ZmI3mmsEfg==
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/
2 KB
1 KB
Fetch
General
Full URL
https://ka-f.fontawesome.com/releases/v6.2.0/css/free-v4-font-face.min.css?token=887a93ffa3
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/887a93ffa3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1e29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
657b38d408d6552df456c765be754c08e6dee14da828fcfc3a05d25567d01521

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.blog.agirpourguerir.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 13:20:06 GMT
via
1.1 b008895ea3b659b7dfd773d182993c34.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
19706
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 30 Aug 2022 16:04:58 GMT
server
cloudflare
etag
W/"a0adfe3c7bd1fa905b7f3b5ecea27889"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n3yQ3Cpi8ONTYBjVW%2FtV1QBGqgAZL%2Fsv3Nk37M5ob%2FV6ZH2L0ZOVNV7UYGUMRPtBGchb4VQmcpRGUmoEQ6cXY0RKr4ccpYQXC21ftsi%2FOHP70rLXvlvYWW40xer46OpET1QRI8DcbN2cTTF5VDDZsNQX6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
x-amz-cf-pop
BRU50-C1
cf-ray
745f42a64a38d5d5-CDG
access-control-allow-headers
fa-kit-token
x-amz-cf-id
N8yR_tpQVwowoMwjVoqNBqEFF_vYaxoMRv1o_EqdfHD6ZT8UKOQz9w==
login-background.jpg
www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/assets/
346 KB
347 KB
Image
General
Full URL
https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/assets/login-background.jpg
Requested by
Host: www.blog.agirpourguerir.net
URL: https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/style.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.186.33.87 Saran, France, ASN16276 (OVH, FR),
Reverse DNS
cluster014.ovh.net
Software
Apache /
Resource Hash
7e2e5b98761af2ad33e704867bd4ffca9206c60144e68b6d05ce8eab6298dfbd

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 13:20:06 GMT
last-modified
Tue, 21 Jun 2022 01:06:40 GMT
server
Apache
content-type
image/jpeg
cache-control
max-age=900
accept-ranges
bytes
content-length
353863
expires
Mon, 05 Sep 2022 13:35:06 GMT
PostSans-Regular.woff2
meine.bank99.at/banking/resource/18c355e592860e98ced912b321b615408d8e1a63/m122/fonts/
21 KB
21 KB
Font
General
Full URL
https://meine.bank99.at/banking/resource/18c355e592860e98ced912b321b615408d8e1a63/m122/fonts/PostSans-Regular.woff2
Requested by
Host: www.blog.agirpourguerir.net
URL: https://www.blog.agirpourguerir.net/wp-admin/MM/b999/b99/front/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.110.183.243 , Austria, ASN24656 (ARZ, AT),
Reverse DNS
arz-193-110-183-243.arz.at
Software
nginx /
Resource Hash
a3b9b469d31790096180616fae0155d3af8088924ef1d724bfd085ff3d12f075
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY

Request headers

Referer
https://www.blog.agirpourguerir.net/
Origin
https://www.blog.agirpourguerir.net
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma
Date
Mon, 05 Sep 2022 13:20:06 GMT
Strict-Transport-Security
max-age=31536000
Server
nginx
X-Frame-Options
DENY
Content-Language
en-US
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=2419200,must-revalidate
Connection
Keep-Alive
Content-Type
text/plain
Keep-Alive
timeout=15, max=100
Content-Length
21296
Expires
Mon, 03 Oct 2022 13:20:06 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: bank99 (Banking)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| tailwind function| $ function| jQuery object| FontAwesomeKitConfig string| /template.html function| handleSubmit

0 Cookies