eee2024.serv00.net - urlscan.io

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 4 HTTP transactions. The main IP is 128.204.223.98, located in Poland and belongs to ECO-ATMAN-PL ECO-ATMAN-, PL. The main domain is eee2024.serv00.net.
TLS certificate: Issued by R10 on September 23rd 2024. Valid for: 3 months.

This is the only time eee2024.serv00.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Lunar (Financial)

Domain & IP information

	IP Address	AS Autonomous System
3	128.204.223.98 128.204.223.98	57367 (ECO-ATMAN...) (ECO-ATMAN-PL ECO-ATMAN-)
1 1	162.159.128.61 162.159.128.61	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:710... 2a02:26f0:7100::213:c6b1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2

3 128.204.223.98 (Poland)

ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL)
PTR: web5.serv00.com

eee2024.serv00.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.128.61 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

player.vimeo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::213:c6b1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

download-video.akamaized.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	serv00.net eee2024.serv00.net	29 KB
1	akamaized.net download-video.akamaized.net — Cisco Umbrella Rank: 22640	3 MB
1	vimeo.com 1 redirects player.vimeo.com — Cisco Umbrella Rank: 1941	2 KB
4	3

	Domain	Requested by
3	eee2024.serv00.net	eee2024.serv00.net
1	download-video.akamaized.net	eee2024.serv00.net
1	player.vimeo.com	1 redirects
4	3

This site contains no links.

Subject Issuer	Validity	Valid
*.serv00.net R10	`2024-09-23` - `2024-12-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://eee2024.serv00.net/cd/personel/
Frame ID: C1FF559CCAF7CC50B7F0FDD35669B7DD
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Lunar app

Page Statistics

4
Requests

75 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

2779 kB
Transfer

2777 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://player.vimeo.com/progressive_redirect/playback/942303394/rendition/1080p/file.mp4?loc=external&oauth2_token_id=1716451392&signature=f5cc6fd7e81ed53cb50c695fc4eff912caf9f2e8c656f85c1b9ef6cac59c1362 HTTP 302
https://download-video.akamaized.net/v3-1/playback/7cd9df94-a5a5-490c-ac83-4fbfa0a1b92a/eab8d12e?__token__=st=1729668164~exp=1729682564~acl=%2Fv3-1%2Fplayback%2F7cd9df94-a5a5-490c-ac83-4fbfa0a1b92a%2Feab8d12e%2A~hmac=651972aa342da21b5611e2c2fb7f4f94639a31cf1af876bf9af9776dfb515e36&r=dXMtZWFzdDE%3D

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response eee2024.serv00.net/cd/personel/	3 KB 3 KB	360ms 234ms	Document text/html	128.204.223.98 ECO-ATMAN-PL ECO-...
General Check archive.org Show headers Download Go to Full URL https://eee2024.serv00.net/cd/personel/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 128.204.223.98 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL), Reverse DNS web5.serv00.com Software nginx / PHP/8.1.30 Resource Hash `4b0394dae55f5d6430b00ffbb00fe4eb2c623f0368eb10d58e91a99fa340d032` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers content-type text/html; charset=UTF-8 date Wed, 23 Oct 2024 07:22:44 GMT server nginx x-powered-by PHP/8.1.30
GET H2	200	f9e157cc3ad0f403f20929722038a41d.png eee2024.serv00.net/cd/personel/tools/	26 KB 26 KB	41ms 40ms	Image image/png	128.204.223.98 ECO-ATMAN-PL ECO-...
General Check archive.org Show headers Download Go to Show image Full URL https://eee2024.serv00.net/cd/personel/tools/f9e157cc3ad0f403f20929722038a41d.png Requested by Host: eee2024.serv00.net URL: https://eee2024.serv00.net/cd/personel/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 128.204.223.98 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL), Reverse DNS web5.serv00.com Software nginx / Resource Hash `36e827806cf6cb9e2354c78739fff97d3f68e061e9e3a328885734f312059c31` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://eee2024.serv00.net/cd/personel/ Response headers accept-ranges bytes content-length 26167 date Wed, 23 Oct 2024 07:22:44 GMT etag "66eccdd0-6637" content-type image/png last-modified Fri, 20 Sep 2024 01:20:16 GMT server nginx
GET H2	206	eab8d12e download-video.akamaized.net/v3-1/playback/7cd9df94-a5a5-490c-ac83-4fbfa0a1b92a/ Redirect Chain https://player.vimeo.com/progressive_redirect/playback/942303394/rendition/1080p/file.mp4?loc=external&oauth2_token_id=1716451392&signature=f5cc6fd7e81ed53cb50c695fc4eff912caf9f2e8c656f85c1b9ef6cac... https://download-video.akamaized.net/v3-1/playback/7cd9df94-a5a5-490c-ac83-4fbfa0a1b92a/eab8d12e?__token__=st=1729668164~exp=1729682564~acl=%2Fv3-1%2Fplayback%2F7cd9df94-a5a5-490c-ac83-4fbfa0a1b92a...	3 MB 3 MB	118ms 33ms	Media video/mp4	2a02:26f0:7100::213:c6b1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://download-video.akamaized.net/v3-1/playback/7cd9df94-a5a5-490c-ac83-4fbfa0a1b92a/eab8d12e?__token__=st=1729668164~exp=1729682564~acl=%2Fv3-1%2Fplayback%2F7cd9df94-a5a5-490c-ac83-4fbfa0a1b92a%2Feab8d12e%2A~hmac=651972aa342da21b5611e2c2fb7f4f94639a31cf1af876bf9af9776dfb515e36&r=dXMtZWFzdDE%3D Requested by Host: eee2024.serv00.net URL: https://eee2024.serv00.net/cd/personel/ Protocol H2 Server 2a02:26f0:7100::213:c6b1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash `4e0c850e1f5837811be0a0321397545cde0eac8dc68604d0bcc9aba5c22d44d4` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://eee2024.serv00.net/ Response headers x-request-id uEMkNWIP8k17vBNK9ote9F5Gmvo9XijB access-control-max-age 86400 access-control-expose-headers Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,Akamai-Request-BC,Akamai-Grn access-control-allow-methods GET,POST,OPTIONS alt-svc h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43" date Wed, 23 Oct 2024 07:22:44 GMT content-type video/mp4 access-control-allow-headers origin,range,hdntl,hdnts,CMCD-Request,CMCD-Object,CMCD-Status,CMCD-Session cache-control max-age=29486352 access-control-allow-credentials true akamai-request-bc [a=2.19.198.173,b=218503883,c=g,n=DE_HE_FRANKFURT,o=20940] Content-Range bytes 0-2813763/2813764 accept-ranges bytes access-control-allow-origin * Content-Length 2813764 akamai-grn 0.adc61302.1729668164.d061acb akamai-mon-iucid-del 1190815 Redirect headers x-host player-backend-ccf669b8f-g5vtg CF-Cache-Status DYNAMIC x-content-type-options nosniff x-backend-server player-backend-edge-entry expires Fri, 15 Dec 1985 19:30:00 GMT x-player-backend g x-cache MISS Date Wed, 23 Oct 2024 07:22:44 GMT x-bapp-server player-backend-ccf669b8f-g5vtg x-served-by cache-ams2100106-AMS x-cache-hits 0 strict-transport-security max-age=31536000; includeSubDomains; preload content-security-policy default-src 'self'; script-src 'self' https://f.vimeocdn.com; style-src 'self' https://f.vimeocdn.com; img-src 'self' https://f.vimeocdn.com https://i.vimeocdn.com Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 location https://download-video.akamaized.net/v3-1/playback/7cd9df94-a5a5-490c-ac83-4fbfa0a1b92a/eab8d12e?__token__=st=1729668164~exp=1729682564~acl=%2Fv3-1%2Fplayback%2F7cd9df94-a5a5-490c-ac83-4fbfa0a1b92a%2Feab8d12e%2A~hmac=651972aa342da21b5611e2c2fb7f4f94639a31cf1af876bf9af9776dfb515e36&r=dXMtZWFzdDE%3D x-timer S1729668164.366989,VS0,VE177 Connection keep-alive via 1.1 varnish CF-RAY 8d6ffa4b2c338f55-CPH accept-ranges bytes access-control-allow-origin * Content-Length 0 x-xss-protection 1; mode=block Server cloudflare
GET H2	200	favicon.ico eee2024.serv00.net/	0 110 B	40ms 39ms	Other image/x-icon	128.204.223.98 ECO-ATMAN-PL ECO-...
General Check archive.org Show headers Download Go to Full URL https://eee2024.serv00.net/favicon.ico Protocol H2 Security TLS 1.3, , AES_256_GCM Server 128.204.223.98 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL), Reverse DNS web5.serv00.com Software nginx / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://eee2024.serv00.net/cd/personel/ Response headers accept-ranges bytes content-length 0 date Wed, 23 Oct 2024 07:22:44 GMT etag "67124cab-0" content-type image/x-icon last-modified Fri, 18 Oct 2024 11:55:23 GMT server nginx

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Lunar (Financial)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.vimeo.com/	1970-01-21 00:27:49	Name: __cf_bm Value: lV.D_L0BMBr_RDN1_0dy6TRUfQyVlGN06azQoj5zly8-1729668164-1.0.1.1-Q7ESiNHCynKxTj4OT4HWn0l24QWCfnXS6FrxDResmaIoxnrB4Yymdffi4daxN7Vb
			.vimeo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: r4NXEpW_QkkcWRlrMwe7vQCG1Y1gZ458kKLSCNoZkdk-1729668164555-0.0.1.1-604800000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

download-video.akamaized.net
eee2024.serv00.net
player.vimeo.com
128.204.223.98
162.159.128.61
2a02:26f0:7100::213:c6b1
36e827806cf6cb9e2354c78739fff97d3f68e061e9e3a328885734f312059c31
4b0394dae55f5d6430b00ffbb00fe4eb2c623f0368eb10d58e91a99fa340d032
4e0c850e1f5837811be0a0321397545cde0eac8dc68604d0bcc9aba5c22d44d4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

eee2024.serv00.net Open in urlscan Pro 128.204.223.98 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

4 Requests

75 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

2 IPs

3 Countries

2779 kBTransfer

2777 kBSize

2 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

2 Cookies

Indicators

eee2024.serv00.net Open in urlscan Pro
128.204.223.98 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

75 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

2779 kB
Transfer

2777 kB
Size

2
Cookies

4 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!