Submitted URL: http://url7099.autodesk.com/ls/click?upn=dsN1SENn44qNpQt-2BARvKRLBhX8rJ2nbHo5JQ8dL8buB50kHD1kpAorYmfEqQtvmQabWuXeY-2FzSZ54Zk...
Effective URL: http://remboursem.temp.swtest.ru/cfspart.impots.gouv.fr-portail-remboursementrapide/LoginAccess=true_FranceConnect/aHR0cHM6Ly9jZn...
Submission: On July 21 via manual from FR

Summary

This website contacted 3 IPs in 3 countries across 5 domains to perform 2 HTTP transactions. The main IP is 77.222.40.7, located in Russian Federation and belongs to SWEB-AS, RU. The main domain is remboursem.temp.swtest.ru.
This is the only time remboursem.temp.swtest.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.123.124 11377 (SENDGRID)
1 1 91.134.146.191 16276 (OVH)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 205.144.171.226 7296 (ALCHEMYNET)
1 77.222.40.7 44112 (SWEB-AS)
2 3
Domain Requested by
1 remboursem.temp.swtest.ru
1 khad180521-001-site1.itempurl.com
1 itsssl.com 1 redirects
1 11e8o.trk.elasticemail.com 1 redirects
1 url7099.autodesk.com 1 redirects
2 5

This site contains links to these domains. Also see Links.

Domain
sweb.ru
help.sweb.ru
mcp.sweb.ru
Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://remboursem.temp.swtest.ru/cfspart.impots.gouv.fr-portail-remboursementrapide/LoginAccess=true_FranceConnect/aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/gouv-fr/gouv-fr
Frame ID: 00BA5291B997909CCB79883F754CBFD8
Requests: 7 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://url7099.autodesk.com/ls/click?upn=dsN1SENn44qNpQt-2BARvKRLBhX8rJ2nbHo5JQ8dL8buB50kHD1kpAorYmfEqQt... HTTP 302
    https://11e8o.trk.elasticemail.com/tracking/click?d=buUc2qPSrewQafNjfiJ-Tl9gdFeOLxl3DL2SwbKRg5dmnVF4D_oLrY2gix-... HTTP 302
    https://itsssl.com/impots-gouv-fr-votre-remboursement2021 HTTP 301
    http://khad180521-001-site1.itempurl.com/redlin-imp-fr2105/ Page URL
  2. http://remboursem.temp.swtest.ru/cfspart.impots.gouv.fr-portail-remboursementrapide/LoginAccess=true_FranceCo... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

2
Requests

0 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

3
IPs

3
Countries

519 kB
Transfer

538 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://url7099.autodesk.com/ls/click?upn=dsN1SENn44qNpQt-2BARvKRLBhX8rJ2nbHo5JQ8dL8buB50kHD1kpAorYmfEqQtvmQabWuXeY-2FzSZ54ZkO3orTqO46BY-2B0Cw6wRofmX3u864tusKrYFNPNM6mubKgLxrgY12EMfxe3P4D7JHBNOVzrPXsC0LbHnT0156rDTr9MtdBO2E1uDxGDsYXY8XDePjByTR-2FhnMo7X4vpVI5FzUYUSkKmbBthag-2B2Qi5Xykl4AVzil2JCh-2FAPLWhCLbiR-2FNrIltty9VBjtEIoPm8oa5wGp5pLHP-2FGzbNUh5Eh5lMeD-2FE7cKm1LydDeogSiOjz9a9NySytyf6P3hz5gyNyosgr2PTHrOVHqp5OL2TOuHteXP0-3D4SUf_ijyvz-2FeT9gx-2F0tD1bhXgyU0kITCwf-2Fq11N-2BPGkChnel-2BOattCK625kZyUJwsISrSzhVVASoRSeBrcmpFXqiqoyNRQ53Sy4xYX1hxz6kEYC7ME-2FY4FzfD1ZUduFxMzL5T2iCCmJu6F-2B5EZulowfypWRbfRx82IxmE-2FH6VfsBRlQMm8ycIodzj7qxyFBUlsF-2B9De7zozN3tdyGTKMuDlddbA-3D-3D HTTP 302
    https://11e8o.trk.elasticemail.com/tracking/click?d=buUc2qPSrewQafNjfiJ-Tl9gdFeOLxl3DL2SwbKRg5dmnVF4D_oLrY2gix-yjWbN2j1ShaALSgX_FaND2R97yLHCDeohyYQZ98mpAxHy3uR6MejUaCjKuhEUuFPzjeBAB7J9VoGR7ujfOqtT_pMlxSwLNSEdzu8QBPcmaGFCeQuF_MTKeGYS13u0mjyextrCSg2 HTTP 302
    https://itsssl.com/impots-gouv-fr-votre-remboursement2021 HTTP 301
    http://khad180521-001-site1.itempurl.com/redlin-imp-fr2105/ Page URL
  2. http://remboursem.temp.swtest.ru/cfspart.impots.gouv.fr-portail-remboursementrapide/LoginAccess=true_FranceConnect/aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/gouv-fr/gouv-fr Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://url7099.autodesk.com/ls/click?upn=dsN1SENn44qNpQt-2BARvKRLBhX8rJ2nbHo5JQ8dL8buB50kHD1kpAorYmfEqQtvmQabWuXeY-2FzSZ54ZkO3orTqO46BY-2B0Cw6wRofmX3u864tusKrYFNPNM6mubKgLxrgY12EMfxe3P4D7JHBNOVzrPXsC0LbHnT0156rDTr9MtdBO2E1uDxGDsYXY8XDePjByTR-2FhnMo7X4vpVI5FzUYUSkKmbBthag-2B2Qi5Xykl4AVzil2JCh-2FAPLWhCLbiR-2FNrIltty9VBjtEIoPm8oa5wGp5pLHP-2FGzbNUh5Eh5lMeD-2FE7cKm1LydDeogSiOjz9a9NySytyf6P3hz5gyNyosgr2PTHrOVHqp5OL2TOuHteXP0-3D4SUf_ijyvz-2FeT9gx-2F0tD1bhXgyU0kITCwf-2Fq11N-2BPGkChnel-2BOattCK625kZyUJwsISrSzhVVASoRSeBrcmpFXqiqoyNRQ53Sy4xYX1hxz6kEYC7ME-2FY4FzfD1ZUduFxMzL5T2iCCmJu6F-2B5EZulowfypWRbfRx82IxmE-2FH6VfsBRlQMm8ycIodzj7qxyFBUlsF-2B9De7zozN3tdyGTKMuDlddbA-3D-3D HTTP 302
  • https://11e8o.trk.elasticemail.com/tracking/click?d=buUc2qPSrewQafNjfiJ-Tl9gdFeOLxl3DL2SwbKRg5dmnVF4D_oLrY2gix-yjWbN2j1ShaALSgX_FaND2R97yLHCDeohyYQZ98mpAxHy3uR6MejUaCjKuhEUuFPzjeBAB7J9VoGR7ujfOqtT_pMlxSwLNSEdzu8QBPcmaGFCeQuF_MTKeGYS13u0mjyextrCSg2 HTTP 302
  • https://itsssl.com/impots-gouv-fr-votre-remboursement2021 HTTP 301
  • http://khad180521-001-site1.itempurl.com/redlin-imp-fr2105/

2 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
khad180521-001-site1.itempurl.com/redlin-imp-fr2105/
Redirect Chain
  • http://url7099.autodesk.com/ls/click?upn=dsN1SENn44qNpQt-2BARvKRLBhX8rJ2nbHo5JQ8dL8buB50kHD1kpAorYmfEqQtvmQabWuXeY-2FzSZ54ZkO3orTqO46BY-2B0Cw6wRofmX3u864tusKrYFNPNM6mubKgLxrgY12EMfxe3P4D7JHBNOVzrPX...
  • https://11e8o.trk.elasticemail.com/tracking/click?d=buUc2qPSrewQafNjfiJ-Tl9gdFeOLxl3DL2SwbKRg5dmnVF4D_oLrY2gix-yjWbN2j1ShaALSgX_FaND2R97yLHCDeohyYQZ98mpAxHy3uR6MejUaCjKuhEUuFPzjeBAB7J9VoGR7ujfOqtT_...
  • https://itsssl.com/impots-gouv-fr-votre-remboursement2021
  • http://khad180521-001-site1.itempurl.com/redlin-imp-fr2105/
312 B
696 B
Document
General
Full URL
http://khad180521-001-site1.itempurl.com/redlin-imp-fr2105/
Protocol
HTTP/1.1
Server
205.144.171.226 , United States, ASN7296 (ALCHEMYNET, US),
Reverse DNS
205-144-171-226.alchemy.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
ead5a1d742b49efc58c171801d130b1da8dd2c7a2c3e4dc9c008dfbeed7c34b7

Request headers

Host
khad180521-001-site1.itempurl.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Cache-Control
max-age=31536000
Content-Type
text/html
Content-Encoding
gzip
Last-Modified
Sun, 18 Jul 2021 13:02:03 GMT
Accept-Ranges
bytes
ETag
"d714b31ad57bd71:0"
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Date
Wed, 21 Jul 2021 17:06:43 GMT
Content-Length
368

Redirect headers

date
Wed, 21 Jul 2021 17:06:43 GMT
content-type
text/html; charset=UTF-8
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
vary
Accept-Encoding
set-cookie
PHPSESSID=8jr9gh21vsaenuicv0nutbqvm1; path=/ short_impots-gouv-fr-votre-remboursement2021=1; expires=Wed, 21-Jul-2021 17:36:43 GMT; Max-Age=1800; path=/; httponly
location
http://khad180521-001-site1.itempurl.com/redlin-imp-fr2105/
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6eDIHvSHuBaWLdbaIuglFEfH%2BxtFNQKbtPK%2BTN6rLT9KPg4SxWVZX2FJ%2B%2FyV4lAz6oQt7Zk6PVP4jx5v0Q5BUCDo46LwFRbrxcpfI9lE%2BA%2FXZqpnkWz6ICRgfboUE2zXSMmPdj%2Fbwt6s"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6726057b7c0d0ebb-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Primary Request gouv-fr
remboursem.temp.swtest.ru/cfspart.impots.gouv.fr-portail-remboursementrapide/LoginAccess=true_FranceConnect/aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/gouv-fr/
310 KB
310 KB
Document
General
Full URL
http://remboursem.temp.swtest.ru/cfspart.impots.gouv.fr-portail-remboursementrapide/LoginAccess=true_FranceConnect/aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/gouv-fr/gouv-fr
Protocol
HTTP/1.1
Server
77.222.40.7 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh290.sweb.ru
Software
nginx/1.19.1 /
Resource Hash
df3abd8e747ed562685d6c6152e282bcdbc0664213f3e27a11a2069b966250d9

Request headers

Host
remboursem.temp.swtest.ru
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://khad180521-001-site1.itempurl.com/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://khad180521-001-site1.itempurl.com/

Response headers

Server
nginx/1.19.1
Date
Wed, 21 Jul 2021 17:06:43 GMT
Content-Type
text/html
Content-Length
316979
Connection
keep-alive
Keep-Alive
timeout=10
ETag
"60e3358b-4d633"
truncated
/
7 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5f4265fb32c28165168917b95dabf5137ae131e091b837fcd7e228ea24335551

Request headers

Referer
http://remboursem.temp.swtest.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
925 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c2b1edf78bc6c35875b636390844169f50997415db01b9e540938a8d2e449d1b

Request headers

Referer
http://remboursem.temp.swtest.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
11 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
abc2d33db7f22b7b9225dda58067692eeb4007acf2bac50efeaaaf9c43a09395

Request headers

Referer
http://remboursem.temp.swtest.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/
103 KB
103 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
51fb34c87ea4df9c2ea3b94ac4afe5f4a13b956578e9c53ffaed60fae5a79054

Request headers

Origin
http://remboursem.temp.swtest.ru
Referer
http://remboursem.temp.swtest.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
application/font-ttf;charset=utf-8
truncated
/
105 KB
105 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
086c09c36f313834444c3227a54ae7191b525a596f74694c387f48eb985c6df0

Request headers

Origin
http://remboursem.temp.swtest.ru
Referer
http://remboursem.temp.swtest.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
application/font-ttf;charset=utf-8

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated

0 Cookies