rdnp.suhuertoencasa.net Open in urlscan Pro
91.199.123.227 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://rdnp.suhuertoencasa.net/s/
Submission: On December 01 via manual (December 1st 2021, 10:36:57 pm UTC) from DK — Scanned from DE

Summary HTTP 2 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 2 HTTP transactions. The main IP is 91.199.123.227, located in Spain and belongs to ASN-XTUDIONET, ES. The main domain is rdnp.suhuertoencasa.net.
TLS certificate: Issued by R3 on November 30th 2021. Valid for: 3 months.

This is the only time rdnp.suhuertoencasa.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Simply.com (Online)

Domain & IP information

	IP Address		AS Autonomous System
2	91.199.123.227 91.199.123.227		60458 (ASN-XTUDI...) (ASN-XTUDIONET)
2	2

2 91.199.123.227 (Spain)

ASN60458 (ASN-XTUDIONET, ES)

rdnp.suhuertoencasa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cffj.suhuertoencasa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	suhuertoencasa.net rdnp.suhuertoencasa.net cffj.suhuertoencasa.net	358 KB
2	1

	Domain	Requested by
1	cffj.suhuertoencasa.net	rdnp.suhuertoencasa.net
1	rdnp.suhuertoencasa.net
2	2

This site contains no links.

Subject Issuer	Validity	Valid
*.suhuertoencasa.net R3	`2021-11-30` - `2022-02-28`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://rdnp.suhuertoencasa.net/s/
Frame ID: 92E8E77969677DF6B09075BE5B20E7B8
Requests: 1 HTTP requests in this frame

Frame: https://cffj.suhuertoencasa.net/s/a/pg-au/index.php
Frame ID: 9C5C751C161BEDA32E776DDEE769590D
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Simply

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

690 kB
Transfer

884 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
7 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	404	Primary Request / Show response rdnp.suhuertoencasa.net/s/	2 KB 2 KB	196ms 51ms	Document text/html	91.199.123.227 ASN-XTUDIONET
General Check archive.org Show headers Download Go to Full URL https://rdnp.suhuertoencasa.net/s/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.199.123.227 , Spain, ASN60458 (ASN-XTUDIONET, ES), Reverse DNS Software LiteSpeed / Resource Hash `747ac6979f703221d6d459f99f6cbef7b56b6ef0952733d4277ebafe7878128d` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers content-type text/html; charset=UTF-8 content-length 1658 content-encoding br vary Accept-Encoding date Wed, 01 Dec 2021 22:36:52 GMT server LiteSpeed alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
GET H2	200	index.php Show response cffj.suhuertoencasa.net/s/a/pg-au/ Frame 9C5C	537 KB 356 KB	162ms 102ms	Document text/html	91.199.123.227 ASN-XTUDIONET
General Check archive.org Show headers Download Go to Full URL https://cffj.suhuertoencasa.net/s/a/pg-au/index.php Requested by Host: rdnp.suhuertoencasa.net URL: https://rdnp.suhuertoencasa.net/s/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.199.123.227 , Spain, ASN60458 (ASN-XTUDIONET, ES), Reverse DNS Software LiteSpeed / Resource Hash `1caf6f18f8d2ee25b3c3cbc64c81b3046da180f1b9529ed62a80a655de3a7bc5` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://rdnp.suhuertoencasa.net/ Response headers content-type text/html; charset=UTF-8 content-encoding br vary Accept-Encoding date Wed, 01 Dec 2021 22:36:52 GMT server LiteSpeed
GET DATA	200 OK	truncated / Frame 9C5C	16 KB 16 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0b125629b135235aea4609c07048a5a7671a9058910b632db5d69a0d09339ed4` Request headers Referer Origin https://cffj.suhuertoencasa.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated / Frame 9C5C	165 KB 165 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `3bbb0df89b8dbe8001e8c24de4e2d1693f94997b29f007a7bda22a9802832768` Request headers Referer Origin https://cffj.suhuertoencasa.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated / Frame 9C5C	134 KB 134 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8d4d29042c23b5fcbed3af690421776de0f8ad3d308d66e24a9d80bcc8ccb522` Request headers Referer Origin https://cffj.suhuertoencasa.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated / Frame 9C5C	11 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d17bfd983375409ba1fe8d48a66bfe91f70dfef9362bb89e83ea0df27ada4af7` Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 9C5C	37 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96` Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated / Frame 9C5C	744 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9cc8368f8ee23383cd9923b45d46c2bdc61b4842360a8ff2b0c030b3833bdda0` Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame 9C5C	17 KB 17 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `abf55d853f3bbe3a244ea8f3b8ed9b4127f028a096fefc942020a3605433d99a` Request headers Referer Origin https://cffj.suhuertoencasa.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Simply.com (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://rdnp.suhuertoencasa.net/s/ Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://cffj.suhuertoencasa.net/s/a/pg-au/index.php(Line 87) Message: Blocked autofocusing on a <input> element in a cross-origin subframe.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cffj.suhuertoencasa.net
rdnp.suhuertoencasa.net
91.199.123.227
0b125629b135235aea4609c07048a5a7671a9058910b632db5d69a0d09339ed4
1caf6f18f8d2ee25b3c3cbc64c81b3046da180f1b9529ed62a80a655de3a7bc5
3bbb0df89b8dbe8001e8c24de4e2d1693f94997b29f007a7bda22a9802832768
747ac6979f703221d6d459f99f6cbef7b56b6ef0952733d4277ebafe7878128d
8d4d29042c23b5fcbed3af690421776de0f8ad3d308d66e24a9d80bcc8ccb522
9cc8368f8ee23383cd9923b45d46c2bdc61b4842360a8ff2b0c030b3833bdda0
abf55d853f3bbe3a244ea8f3b8ed9b4127f028a096fefc942020a3605433d99a
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
d17bfd983375409ba1fe8d48a66bfe91f70dfef9362bb89e83ea0df27ada4af7

rdnp.suhuertoencasa.net Open in urlscan Pro 91.199.123.227 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

2 Requests

100 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

2 IPs

1 Countries

690 kBTransfer

884 kBSize

0 Cookies

0 Outgoing links

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

rdnp.suhuertoencasa.net Open in urlscan Pro
91.199.123.227 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

690 kB
Transfer

884 kB
Size

0
Cookies

2 HTTP transactions
7 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!