cooreossapin.serv00.net Open in urlscan Pro
85.194.246.69 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://gfyyhjgf24367.hosted.phplist.com/
Effective URL:
https://cooreossapin.serv00.net/mosat/
Submission: On November 13 via api (November 13th 2024, 11:48:52 pm UTC) from BE — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 12 HTTP transactions. The main IP is 85.194.246.69, located in Poland and belongs to ECO-ATMAN-PL ECO-ATMAN-, PL. The main domain is cooreossapin.serv00.net.
TLS certificate: Issued by R10 on September 23rd 2024. Valid for: 3 months.

This is the only time cooreossapin.serv00.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Mooney (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 2	45.33.29.14 45.33.29.14	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1	18.66.137.219 18.66.137.219	() ()
8	85.194.246.69 85.194.246.69	57367 (ECO-ATMAN...) (ECO-ATMAN-PL ECO-ATMAN-)
1 2	2606:4700:10:... 2606:4700:10::ac43:2910	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
12	5

2 45.33.29.14 (Richardson, United States) 1 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: aspen.phplist.com

gfyyhjgf24367.hosted.phplist.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.137.219 (United States)

ASN- ()
PTR: server-18-66-137-219.fra60.r.cloudfront.net

d3u7tsw7cvar0t.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 85.194.246.69 (Poland)

ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL)
PTR: web12.serv00.com

cooreossapin.serv00.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:2910 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.tailwindcss.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	serv00.net cooreossapin.serv00.net	146 KB
2	tailwindcss.com 1 redirects cdn.tailwindcss.com — Cisco Umbrella Rank: 29429	124 KB
2	phplist.com 1 redirects gfyyhjgf24367.hosted.phplist.com	2 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 478	30 KB
1	cloudfront.net d3u7tsw7cvar0t.cloudfront.net	3 KB
12	5

	Domain	Requested by
8	cooreossapin.serv00.net	gfyyhjgf24367.hosted.phplist.com cooreossapin.serv00.net
2	cdn.tailwindcss.com	1 redirects cooreossapin.serv00.net
2	gfyyhjgf24367.hosted.phplist.com	1 redirects
1	ajax.googleapis.com	cooreossapin.serv00.net
1	d3u7tsw7cvar0t.cloudfront.net	gfyyhjgf24367.hosted.phplist.com
12	5

This site contains no links.

Subject Issuer	Validity	Valid
*.hosted.phplist.com R10	`2024-09-05` - `2024-12-04`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh
*.serv00.net R10	`2024-09-23` - `2024-12-22`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://cooreossapin.serv00.net/mosat/
Frame ID: A62A42C2F8E2EC3344A3BE73C01746E0
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Mooney: pagamenti digitali, carte prepagate e ricariche

Page URL History Show full URLs

https://gfyyhjgf24367.hosted.phplist.com/ HTTP 301
https://gfyyhjgf24367.hosted.phplist.com/lists/ Page URL
https://cooreossapin.serv00.net/mosat/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

92 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

304 kB
Transfer

630 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://gfyyhjgf24367.hosted.phplist.com/ HTTP 301
https://gfyyhjgf24367.hosted.phplist.com/lists/ Page URL
https://cooreossapin.serv00.net/mosat/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://gfyyhjgf24367.hosted.phplist.com/ HTTP 301
https://gfyyhjgf24367.hosted.phplist.com/lists/

Request Chain 2

https://cdn.tailwindcss.com/ HTTP 302
https://cdn.tailwindcss.com/3.4.14

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/
gfyyhjgf24367.hosted.phplist.com/lists/
Redirect Chain

https://gfyyhjgf24367.hosted.phplist.com/
https://gfyyhjgf24367.hosted.phplist.com/lists/

2 KB
1 KB

240ms
240ms

Document
text/html

45.33.29.14
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://gfyyhjgf24367.hosted.phplist.com/lists/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 45.33.29.14 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: aspen.phplist.com
Software: Apache/2.4.59 (Debian) /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 944
content-type: text/html; charset=UTF-8
date: Wed, 13 Nov 2024 23:48:37 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache/2.4.59 (Debian)
vary: Accept-Encoding

Redirect headers

content-length: 353
content-type: text/html; charset=iso-8859-1
date: Wed, 13 Nov 2024 23:48:37 GMT
location: https://gfyyhjgf24367.hosted.phplist.com/lists/
server: Apache/2.4.59 (Debian)

GET
H/1.1 200
OK power-phplist.png
d3u7tsw7cvar0t.cloudfront.net/images/3.6.12-hosted/ 2 KB
3 KB 247ms
39ms Image
image/png 18.66.137.219

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3u7tsw7cvar0t.cloudfront.net/images/3.6.12-hosted/power-phplist.png
Requested by: Host: gfyyhjgf24367.hosted.phplist.com
URL: https://gfyyhjgf24367.hosted.phplist.com/lists/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.137.219 , United States, ASN (),
Reverse DNS: server-18-66-137-219.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://gfyyhjgf24367.hosted.phplist.com/

Response headers

x-amz-meta-s3cmd-attrs: atime:1675980402/ctime:1675980386/gid:123/gname:docker/md5:5021a64cdd02552a3eb08de5a9254fd6/mode:33188/mtime:1675980256/uid:1001/uname:runner
ETag: "5021a64cdd02552a3eb08de5a9254fd6"
Age: 53444
Connection: keep-alive
Via: 1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Content-Length: 2135
X-Amz-Cf-Id: 68pfHrLksLiQ4CW-xTpZxSzqoxFh8CDDyUx86rlKGDDWsytEx-T0og==
Date: Wed, 13 Nov 2024 08:57:54 GMT
Content-Type: image/png
Last-Modified: Sat, 24 Feb 2024 15:36:05 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P4
x-amz-server-side-encryption: AES256

GET
H2 200 Primary Request / Show response
cooreossapin.serv00.net/mosat/ 14 KB
14 KB 240ms
57ms Document
text/html 85.194.246.69
ECO-ATMAN-PL ECO-...

General

Check archive.org

Show headers Download Go to

Full URL: https://cooreossapin.serv00.net/mosat/
Requested by: Host: gfyyhjgf24367.hosted.phplist.com
URL: https://gfyyhjgf24367.hosted.phplist.com/lists/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.194.246.69 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL),
Reverse DNS: web12.serv00.com
Software: nginx /
Resource Hash: b7f782249809b905d9189076f7ac869090da684bd4d586340ec0d9e1ff880d76

Request headers

Referer: https://gfyyhjgf24367.hosted.phplist.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
content-length: 14282
content-type: text/html
date: Wed, 13 Nov 2024 23:48:37 GMT
etag: "641cd94c-37ca"
last-modified: Thu, 23 Mar 2023 22:57:16 GMT
server: nginx

GET
H2

200

3.4.14 Show response
cdn.tailwindcss.com/
Redirect Chain

https://cdn.tailwindcss.com/
https://cdn.tailwindcss.com/3.4.14

396 KB
124 KB

36ms
36ms

Script
text/javascript

2606:4700:10::ac43:2910
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.tailwindcss.com/3.4.14

Requested by

Host: cooreossapin.serv00.net
URL: https://cooreossapin.serv00.net/mosat/

Protocol

Server

2606:4700:10::ac43:2910 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e13fc042236bf75a9d01bbfdf1c2c2fc71d439637bcbdda1387446b4d2ff33f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cooreossapin.serv00.net/

Response headers

server: cloudflare
strict-transport-security: max-age=63072000
cache-control: max-age=31536000
content-encoding: br
x-vercel-cache: MISS
cf-cache-status: HIT
age: 252420
cf-ray: 8e22a7593a05dbd4-FRA
date: Wed, 13 Nov 2024 23:48:37 GMT
content-type: text/javascript
last-modified: Sun, 10 Nov 2024 13:46:09 GMT
vary: Accept-Encoding
x-vercel-id: cle1::iad1::m956s-1731246368487-9fcdf305a073

Redirect headers

strict-transport-security: max-age=63072000
cache-control: max-age=14400
location: /3.4.14
x-vercel-cache: MISS
cf-cache-status: HIT
age: 258
cf-ray: 8e22a758f98bdbd4-FRA
date: Wed, 13 Nov 2024 23:48:37 GMT
vary: Accept-Encoding
server: cloudflare
x-vercel-id: cle1::iad1::fq6mt-1731541372079-1cfaf5fb89fc

GET
H2 200 style.css
cooreossapin.serv00.net/mosat/ 2 KB
2 KB 64ms
63ms Stylesheet
text/css 85.194.246.69
ECO-ATMAN-PL ECO-...

General

Check archive.org

Show headers Download Go to

Full URL: https://cooreossapin.serv00.net/mosat/style.css
Requested by: Host: cooreossapin.serv00.net
URL: https://cooreossapin.serv00.net/mosat/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.194.246.69 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL),
Reverse DNS: web12.serv00.com
Software: nginx /
Resource Hash: 8c037974a6a522818c33b1de8f55b6ae38d6dbca682bd9fbac5ca30b0aa06ebf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cooreossapin.serv00.net/mosat/

Response headers

accept-ranges: bytes
content-length: 1961
date: Wed, 13 Nov 2024 23:48:37 GMT
etag: "641b7f88-7a9"
content-type: text/css
last-modified: Wed, 22 Mar 2023 22:22:00 GMT
server: nginx

GET
H2 200 logo.svg
cooreossapin.serv00.net/mosat/assets/ 5 KB
5 KB 64ms
63ms Image
image/svg+xml 85.194.246.69
ECO-ATMAN-PL ECO-...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cooreossapin.serv00.net/mosat/assets/logo.svg
Requested by: Host: cooreossapin.serv00.net
URL: https://cooreossapin.serv00.net/mosat/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.194.246.69 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL),
Reverse DNS: web12.serv00.com
Software: nginx /
Resource Hash: 49616c860ff4ad5bed99b66a2b1295e7ef5213d5d5cf76ad2560d2f1daa06635

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cooreossapin.serv00.net/mosat/

Response headers

accept-ranges: bytes
content-length: 4719
date: Wed, 13 Nov 2024 23:48:37 GMT
etag: "641b4ae8-126f"
content-type: image/svg+xml
last-modified: Wed, 22 Mar 2023 18:37:28 GMT
server: nginx

GET
H2 200 close.svg
cooreossapin.serv00.net/mosat/assets/ 704 B
829 B 64ms
63ms Image
image/svg+xml 85.194.246.69
ECO-ATMAN-PL ECO-...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cooreossapin.serv00.net/mosat/assets/close.svg
Requested by: Host: cooreossapin.serv00.net
URL: https://cooreossapin.serv00.net/mosat/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.194.246.69 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL),
Reverse DNS: web12.serv00.com
Software: nginx /
Resource Hash: bf661481c77d9464950c5b6368d2c125607456044ef943fc5d057f2eb5a7cb9f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cooreossapin.serv00.net/mosat/

Response headers

accept-ranges: bytes
content-length: 704
date: Wed, 13 Nov 2024 23:48:37 GMT
etag: "641bd208-2c0"
content-type: image/svg+xml
last-modified: Thu, 23 Mar 2023 04:14:00 GMT
server: nginx

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ 85 KB
30 KB 108ms
33ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js

Requested by

Host: cooreossapin.serv00.net
URL: https://cooreossapin.serv00.net/mosat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cooreossapin.serv00.net/

Response headers

content-encoding: gzip
age: 40099
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options: nosniff
expires: Thu, 13 Nov 2025 12:40:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 13 Nov 2024 12:40:18 GMT
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30306
x-xss-protection: 0
server: sffe

GET
H2 200 bg.svg
cooreossapin.serv00.net/mosat/assets/ 41 KB
41 KB 143ms
141ms Image
image/svg+xml 85.194.246.69
ECO-ATMAN-PL ECO-...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cooreossapin.serv00.net/mosat/assets/bg.svg
Requested by: Host: cooreossapin.serv00.net
URL: https://cooreossapin.serv00.net/mosat/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.194.246.69 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL),
Reverse DNS: web12.serv00.com
Software: nginx /
Resource Hash: a332ca3d23059d37a26c3957b44670cada5a32ecaf94987b3ebe127a8dc0ce4d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cooreossapin.serv00.net/mosat/style.css

Response headers

accept-ranges: bytes
content-length: 42288
date: Wed, 13 Nov 2024 23:48:38 GMT
etag: "641b4a10-a530"
content-type: image/svg+xml
last-modified: Wed, 22 Mar 2023 18:33:52 GMT
server: nginx

GET
H2 200 Gotham-Book_Web.woff2
cooreossapin.serv00.net/mosat/assets/ 41 KB
41 KB 143ms
142ms Font
font/woff2 85.194.246.69
ECO-ATMAN-PL ECO-...

General

Check archive.org

Show headers Download Go to

Full URL: https://cooreossapin.serv00.net/mosat/assets/Gotham-Book_Web.woff2
Requested by: Host: cooreossapin.serv00.net
URL: https://cooreossapin.serv00.net/mosat/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.194.246.69 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL),
Reverse DNS: web12.serv00.com
Software: nginx /
Resource Hash: 3f51250e2d3ef478f59bc89cb67681b5ed423f8f8dc22062fb49e101e5032a2e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cooreossapin.serv00.net
Referer: https://cooreossapin.serv00.net/mosat/style.css

Response headers

accept-ranges: bytes
content-length: 41728
date: Wed, 13 Nov 2024 23:48:38 GMT
etag: "641b5696-a300"
content-type: font/woff2
last-modified: Wed, 22 Mar 2023 19:27:18 GMT
server: nginx

GET
H2 200 Gotham-Medium_Web.woff2
cooreossapin.serv00.net/mosat/assets/ 41 KB
41 KB 142ms
141ms Font
font/woff2 85.194.246.69
ECO-ATMAN-PL ECO-...

General

Check archive.org

Show headers Download Go to

Full URL: https://cooreossapin.serv00.net/mosat/assets/Gotham-Medium_Web.woff2
Requested by: Host: cooreossapin.serv00.net
URL: https://cooreossapin.serv00.net/mosat/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.194.246.69 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL),
Reverse DNS: web12.serv00.com
Software: nginx /
Resource Hash: ba17f8257b1f710aa0e7136f4bd4b91a9a7db4f9cac2c409caf8708a64787303

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cooreossapin.serv00.net
Referer: https://cooreossapin.serv00.net/mosat/style.css

Response headers

accept-ranges: bytes
content-length: 41488
date: Wed, 13 Nov 2024 23:48:38 GMT
etag: "641b56a8-a210"
content-type: font/woff2
last-modified: Wed, 22 Mar 2023 19:27:36 GMT
server: nginx

GET
H2 200 favicon.ico
cooreossapin.serv00.net/mosat/assets/ 840 B
963 B 55ms
54ms Other
image/x-icon 85.194.246.69
ECO-ATMAN-PL ECO-...

General

Check archive.org

Show headers Download Go to

Full URL: https://cooreossapin.serv00.net/mosat/assets/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.194.246.69 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL),
Reverse DNS: web12.serv00.com
Software: nginx /
Resource Hash: a163687f7cb06127a87ba0ce1aef7e6f1dd68f8cdf06ae1773889b30d551c33d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cooreossapin.serv00.net/mosat/

Response headers

accept-ranges: bytes
content-length: 840
date: Wed, 13 Nov 2024 23:48:38 GMT
etag: "641cd920-348"
content-type: image/x-icon
last-modified: Thu, 23 Mar 2023 22:56:32 GMT
server: nginx

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Mooney (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| tailwind string| /template.html function| $ function| jQuery

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			gfyyhjgf24367.hosted.phplist.com/	1969-12-31 23:59:59	Name: SERVERID Value: pqserver4\|ZzU62\|ZzU62
			.phplist.com/	1969-12-31 23:59:59	Name: WebblerSession Value: 1geror4h3h1kar1k1u61sg1hqf

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://cooreossapin.serv00.net/mosat/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.tailwindcss.com
cooreossapin.serv00.net
d3u7tsw7cvar0t.cloudfront.net
gfyyhjgf24367.hosted.phplist.com
18.66.137.219
2606:4700:10::ac43:2910
2a00:1450:4001:80e::200a
45.33.29.14
85.194.246.69
3f51250e2d3ef478f59bc89cb67681b5ed423f8f8dc22062fb49e101e5032a2e
49616c860ff4ad5bed99b66a2b1295e7ef5213d5d5cf76ad2560d2f1daa06635
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8c037974a6a522818c33b1de8f55b6ae38d6dbca682bd9fbac5ca30b0aa06ebf
a163687f7cb06127a87ba0ce1aef7e6f1dd68f8cdf06ae1773889b30d551c33d
a332ca3d23059d37a26c3957b44670cada5a32ecaf94987b3ebe127a8dc0ce4d
b7f782249809b905d9189076f7ac869090da684bd4d586340ec0d9e1ff880d76
ba17f8257b1f710aa0e7136f4bd4b91a9a7db4f9cac2c409caf8708a64787303
bf661481c77d9464950c5b6368d2c125607456044ef943fc5d057f2eb5a7cb9f
e13fc042236bf75a9d01bbfdf1c2c2fc71d439637bcbdda1387446b4d2ff33f8

cooreossapin.serv00.net Open in urlscan Pro 85.194.246.69 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

92 %HTTPS

40 %IPv6

5 Domains

5 Subdomains

5 IPs

3 Countries

304 kBTransfer

630 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

cooreossapin.serv00.net Open in urlscan Pro
85.194.246.69 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

92 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

304 kB
Transfer

630 kB
Size

2
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!