mail.mizies.demand-eu.ro

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 3 HTTP transactions. The main IP is 89.35.77.20, located in Romania and belongs to ACTIVENET-AS Str. Rusu Sirianu nr 8, RO. The main domain is mail.mizies.demand-eu.ro.
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 3rd 2020. Valid for: 3 months.

This is the only time mail.mizies.demand-eu.ro was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: 16Shop (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	188.241.247.3 188.241.247.3	39758 (SIMPLIQ-AS) (SIMPLIQ-AS)
1 2	89.35.77.20 89.35.77.20	49302 (ACTIVENET...) (ACTIVENET-AS Str. Rusu Sirianu nr 8)
1	2a01:4f9:2a:f... 2a01:4f9:2a:f67::2	24940 (HETZNER-AS) (HETZNER-AS)
3	3

1 188.241.247.3 (Romania)

ASN39758 (SIMPLIQ-AS, RO)
PTR: epsilon.xenonhost.ro

mobile.florileandreei.ro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 89.35.77.20 (Romania) 1 redirects

ASN49302 (ACTIVENET-AS Str. Rusu Sirianu nr 8, RO)
PTR: cpanel.intelx.ro

mail.mizies.demand-eu.ro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:4f9:2a:f67::2 (Germany)

ASN24940 (HETZNER-AS, DE)

www.freeiconspng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	demand-eu.ro 1 redirects mail.mizies.demand-eu.ro	1 KB
1	freeiconspng.com www.freeiconspng.com	9 KB
1	florileandreei.ro mobile.florileandreei.ro	306 B
3	3

	Domain	Requested by
2	mail.mizies.demand-eu.ro	1 redirects
1	www.freeiconspng.com	mail.mizies.demand-eu.ro
1	mobile.florileandreei.ro
3	3

This site contains no links.

Subject Issuer	Validity	Valid
florileandreei.ro Let's Encrypt Authority X3	`2019-11-07` - `2020-02-05`	3 months	crt.sh
mizies.demand-eu.ro cPanel, Inc. Certification Authority	`2020-01-03` - `2020-04-02`	3 months	crt.sh
www.freeiconspng.com Sectigo RSA Domain Validation Secure Server CA	`2019-12-24` - `2021-12-23`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://mail.mizies.demand-eu.ro/assest/index-5T228958NC182944T8BW94754NC407464P-1Y585416B8464482A1/?aploginnow
Frame ID: A755F936B11CD08C1B361C51ACB95C38
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://mobile.florileandreei.ro/htaccess/index-page-ecurepay-account-dashboard/Api/ Page URL
https://mail.mizies.demand-eu.ro/assest/index-5T228958NC182944T8BW94754NC407464P-1Y585416B8464482A1?aploginnow HTTP 301
https://mail.mizies.demand-eu.ro/assest/index-5T228958NC182944T8BW94754NC407464P-1Y585416B8464482A1/?aploginnow Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

3
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

10 kB
Transfer

9 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://mobile.florileandreei.ro/htaccess/index-page-ecurepay-account-dashboard/Api/ Page URL
https://mail.mizies.demand-eu.ro/assest/index-5T228958NC182944T8BW94754NC407464P-1Y585416B8464482A1?aploginnow HTTP 301
https://mail.mizies.demand-eu.ro/assest/index-5T228958NC182944T8BW94754NC407464P-1Y585416B8464482A1/?aploginnow Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response mobile.florileandreei.ro/htaccess/index-page-ecurepay-account-dashboard/Api/	154 B 306 B	243ms 50ms	Document text/html	188.241.247.3 SIMPLIQ-AS
General Check archive.org Show headers Download Go to Full URL https://mobile.florileandreei.ro/htaccess/index-page-ecurepay-account-dashboard/Api/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 188.241.247.3 , Romania, ASN39758 (SIMPLIQ-AS, RO), Reverse DNS epsilon.xenonhost.ro Software Apache/2 / Resource Hash `bbf4a7d71330ed7948252535794bd266a07e53789f60b810d12728b7898716bb` Request headers :method GET :authority mobile.florileandreei.ro :scheme https :path /htaccess/index-page-ecurepay-account-dashboard/Api/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 sec-fetch-user ?1 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 sec-fetch-site none sec-fetch-mode navigate accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Sec-Fetch-User ?1 Response headers status 200 date Mon, 06 Jan 2020 08:27:56 GMT server Apache/2 last-modified Fri, 03 Jan 2020 14:58:14 GMT etag "9a-59b3d89fe2d80-gzip" accept-ranges bytes vary Accept-Encoding,User-Agent content-encoding gzip content-length 161 content-type text/html
GET H/1.1	200 OK	Primary Request Cookie set / Show response mail.mizies.demand-eu.ro/assest/index-5T228958NC182944T8BW94754NC407464P-1Y585416B8464482A1/ Redirect Chain https://mail.mizies.demand-eu.ro/assest/index-5T228958NC182944T8BW94754NC407464P-1Y585416B8464482A1?aploginnow https://mail.mizies.demand-eu.ro/assest/index-5T228958NC182944T8BW94754NC407464P-1Y585416B8464482A1/?aploginnow	375 B 807 B	846ms 754ms	Document text/html	89.35.77.20 ACTIVENET-AS Str....
General Check archive.org Show headers Download Go to Full URL https://mail.mizies.demand-eu.ro/assest/index-5T228958NC182944T8BW94754NC407464P-1Y585416B8464482A1/?aploginnow Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.35.77.20 , Romania, ASN49302 (ACTIVENET-AS Str. Rusu Sirianu nr 8, RO), Reverse DNS cpanel.intelx.ro Software Apache/2.4.41 (cPanel) OpenSSL/1.0.2t mod_bwlimited/1.4 / PHP/5.4.45 Resource Hash `b7852a72787dea90410e8d7ec37f8b3937d5a9fd053315dda38956ca39d83106` Request headers Host mail.mizies.demand-eu.ro Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Referer https://mobile.florileandreei.ro/htaccess/index-page-ecurepay-account-dashboard/Api/ Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Referer https://mobile.florileandreei.ro/htaccess/index-page-ecurepay-account-dashboard/Api/ Response headers Date Mon, 06 Jan 2020 08:29:10 GMT Server Apache/2.4.41 (cPanel) OpenSSL/1.0.2t mod_bwlimited/1.4 X-Powered-By PHP/5.4.45 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Set-Cookie PHPSESSID=4f6f238b2e73b27d50df1efffc97ac7c; path=/ Connection close Transfer-Encoding chunked Content-Type text/html Redirect headers Date Mon, 06 Jan 2020 08:29:10 GMT Server Apache/2.4.41 (cPanel) OpenSSL/1.0.2t mod_bwlimited/1.4 Location https://mail.mizies.demand-eu.ro/assest/index-5T228958NC182944T8BW94754NC407464P-1Y585416B8464482A1/?aploginnow Content-Length 319 Connection close Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	error-icon-4.png www.freeiconspng.com/uploads/	9 KB 9 KB	111ms 27ms	Image image/png	2a01:4f9:2a:f67::2 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.freeiconspng.com/uploads/error-icon-4.png Requested by Host: mail.mizies.demand-eu.ro URL: https://mail.mizies.demand-eu.ro/assest/index-5T228958NC182944T8BW94754NC407464P-1Y585416B8464482A1/?aploginnow Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a01:4f9:2a:f67::2 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash `63ae0113d05677d47e0c6cdd274b8667c5ce233fac4dcac0d4b8ea964207ac3f` Request headers Referer https://mail.mizies.demand-eu.ro/assest/index-5T228958NC182944T8BW94754NC407464P-1Y585416B8464482A1/?aploginnow User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Mon, 06 Jan 2020 08:29:11 GMT MS-Author-Via DAV Last-Modified Tue, 14 Mar 2017 23:16:01 GMT Server nginx ETag "120a4a-228b-54ab902dd0e40" Content-Type image/png Cache-Control max-age=2592000, public, no-cache, must-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 8843

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: 16Shop (Consumer)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			mail.mizies.demand-eu.ro/	1969-12-31 23:59:59	Name: PHPSESSID Value: 4f6f238b2e73b27d50df1efffc97ac7c

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mail.mizies.demand-eu.ro
mobile.florileandreei.ro
www.freeiconspng.com
188.241.247.3
2a01:4f9:2a:f67::2
89.35.77.20
63ae0113d05677d47e0c6cdd274b8667c5ce233fac4dcac0d4b8ea964207ac3f
b7852a72787dea90410e8d7ec37f8b3937d5a9fd053315dda38956ca39d83106
bbf4a7d71330ed7948252535794bd266a07e53789f60b810d12728b7898716bb

mail.mizies.demand-eu.ro Open in urlscan Pro 89.35.77.20 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

3 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

10 kBTransfer

9 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

Indicators

mail.mizies.demand-eu.ro Open in urlscan Pro
89.35.77.20 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

10 kB
Transfer

9 kB
Size

1
Cookies

3 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!