www.studionesti.net Open in urlscan Pro
89.46.104.11 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.studionesti.net/users/facture/vbv/index3.php
Submission: On December 06 via automatic, source openphish (December 6th 2018, 10:44:50 am UTC)

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 8 HTTP transactions. The main IP is 89.46.104.11, located in Arezzo, Italy and belongs to ARUBA-ASN, IT. The main domain is www.studionesti.net.
TLS certificate: Issued by Actalis Domain Validation Server CA G1 on January 24th 2018. Valid for: a year.

This is the only time www.studionesti.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Électricité de France (Utility)

Domain & IP information

	IP Address	AS Autonomous System
2	89.46.104.11 89.46.104.11	31034 (ARUBA-ASN) (ARUBA-ASN)
5	160.92.186.71 160.92.186.71	8677 (WORLDLINE) (WORLDLINE)
1 2	195.246.8.174 195.246.8.174	6764 (PERFTECH-...) (PERFTECH-SLOVENIA-AS PERFTECHSI-AS)
8	3

2 89.46.104.11 (Arezzo, Italy)

ASN31034 (ARUBA-ASN, IT)
PTR: webx1001.aruba.it

www.studionesti.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 160.92.186.71 (France)

ASN8677 (WORLDLINE, FR)
PTR: lbp.wlp-acs.com

lbp.wlp-acs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.246.8.174 (Slovenia) 1 redirects

ASN6764 (PERFTECH-SLOVENIA-AS PERFTECHSI-AS, SI)
PTR: ha-skb-1.servers.creatim.net

www.skb.si	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	wlp-acs.com lbp.wlp-acs.com	8 KB
2	skb.si 1 redirects www.skb.si	10 KB
2	studionesti.net www.studionesti.net	5 KB
8	3

	Domain	Requested by
5	lbp.wlp-acs.com	www.studionesti.net
2	www.skb.si	1 redirects www.studionesti.net
2	www.studionesti.net	www.studionesti.net
8	3

This site contains no links.

Subject Issuer	Validity	Valid
*.studionesti.net Actalis Domain Validation Server CA G1	`2018-01-24` - `2019-01-30`	a year	crt.sh
lbp.wlp-acs.com Entrust Certification Authority - L1K	`2017-05-26` - `2019-06-22`	2 years	crt.sh
www.skb.si Thawte EV RSA CA 2018	`2018-10-19` - `2020-02-08`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.studionesti.net/users/facture/vbv/index3.php
Frame ID: BB8C1F26D8C9F156D5E2C9BC98F3111F
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

23 kB
Transfer

14 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

http://www.skb.si/mediaObject/www-skb-si/Osebne-finance/kartice/3d_500x200/original/3d_500x200.jpg HTTP 301
https://www.skb.si/mediaObject/www-skb-si/Osebne-finance/kartice/3d_500x200/original/3d_500x200.jpg

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index3.php Show response www.studionesti.net/users/facture/vbv/	4 KB 2 KB	184ms 83ms	Document text/html	89.46.104.11 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.studionesti.net/users/facture/vbv/index3.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.46.104.11 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1001.aruba.it Software aruba-proxy / PHP/5.5.38 Resource Hash `fd44bb8064fffabcbd88419ab97d4723d0ee7b7bf5d3d4cb9407b1430c390807` Request headers :method GET :authority www.studionesti.net :scheme https :path /users/facture/vbv/index3.php pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 accept-encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 200 server aruba-proxy date Thu, 06 Dec 2018 10:44:34 GMT content-type text/html vary Accept-Encoding x-powered-by PHP/5.5.38 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache set-cookie PHPSESSID=39mdbh5ifq0nidp21fa2qmer36; path=/ x-servername ipvsproxy02.ad.aruba.it content-encoding gzip
GET H/1.1	200 OK	styles-banque.css lbp.wlp-acs.com/css/	5 KB 3 KB	185ms 25ms	Stylesheet text/css	160.92.186.71 WORLDLINE
General Check archive.org Show headers Download Go to Full URL https://lbp.wlp-acs.com/css/styles-banque.css Requested by Host: www.studionesti.net URL: https://www.studionesti.net/users/facture/vbv/index3.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.92.186.71 , France, ASN8677 (WORLDLINE, FR), Reverse DNS lbp.wlp-acs.com Software / Resource Hash `359e44e3a0bf3d3d58302f1e5c521fcb18eb3a7b92d3fe158b50be2a656dd018` Request headers Referer https://www.studionesti.net/users/facture/vbv/index3.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Thu, 06 Dec 2018 10:44:34 GMT Content-Encoding gzip Last-Modified Thu, 12 May 2016 07:23:12 GMT ETag W/"5364-1463037792000-gzip" Vary Accept-Encoding P3P CP='NON CUR OUR NOR UNI' Cache-Control no-store, no-cache, must-revalidate Cache no-store Connection Keep-Alive Accept-Ranges bytes Content-Type text/css Keep-Alive timeout=10, max=200 Content-Length 1389 Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H2	200	logo.png www.studionesti.net/users/facture/vbv/	3 KB 3 KB	32ms 29ms	Image image/png	89.46.104.11 ARUBA-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.studionesti.net/users/facture/vbv/logo.png Requested by Host: www.studionesti.net URL: https://www.studionesti.net/users/facture/vbv/index3.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.46.104.11 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1001.aruba.it Software aruba-proxy / Resource Hash `c10fde7e3c485806892c2df9609c164fd5e83825b697c30946034e2778f612b4` Request headers :path /users/facture/vbv/logo.png pragma no-cache cookie PHPSESSID=39mdbh5ifq0nidp21fa2qmer36 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority www.studionesti.net referer https://www.studionesti.net/users/facture/vbv/index3.php :scheme https :method GET Referer https://www.studionesti.net/users/facture/vbv/index3.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers x-servername ipvsproxy02.ad.aruba.it date Thu, 06 Dec 2018 10:44:34 GMT last-modified Thu, 06 Dec 2018 00:04:15 GMT server aruba-proxy etag "a97-57c4f3d47e7ff" content-type image/png status 200 accept-ranges bytes content-length 2711
GET H/1.1	404 Not Found	3d_500x200.jpg www.skb.si/mediaObject/www-skb-si/Osebne-finance/kartice/3d_500x200/original/ Redirect Chain http://www.skb.si/mediaObject/www-skb-si/Osebne-finance/kartice/3d_500x200/original/3d_500x200.jpg https://www.skb.si/mediaObject/www-skb-si/Osebne-finance/kartice/3d_500x200/original/3d_500x200.jpg	0 10 KB	183ms 92ms	Image text/html	195.246.8.174 PERFTECH-SLOVENIA...
General Check archive.org Show headers Download Go to Show image Full URL https://www.skb.si/mediaObject/www-skb-si/Osebne-finance/kartice/3d_500x200/original/3d_500x200.jpg Requested by Host: www.studionesti.net URL: https://www.studionesti.net/users/facture/vbv/index3.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 195.246.8.174 , Slovenia, ASN6764 (PERFTECH-SLOVENIA-AS PERFTECHSI-AS, SI), Reverse DNS ha-skb-1.servers.creatim.net Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Redirect headers Location https://www.skb.si/mediaObject/www-skb-si/Osebne-finance/kartice/3d_500x200/original/3d_500x200.jpg Date Thu, 06 Dec 2018 10:44:34 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=1, max=100 Content-Length 307 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	btn_ok_onn.png lbp.wlp-acs.com/imgs/imagesTemplates/	997 B 2 KB	173ms 24ms	Image image/png	160.92.186.71 WORLDLINE
General Check archive.org Show headers Download Go to Show image Full URL https://lbp.wlp-acs.com/imgs/imagesTemplates/btn_ok_onn.png Requested by Host: www.studionesti.net URL: https://www.studionesti.net/users/facture/vbv/index3.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.92.186.71 , France, ASN8677 (WORLDLINE, FR), Reverse DNS lbp.wlp-acs.com Software / Resource Hash `f3cd338409ccbbe4b7b74ce89ffc4c48f1615ded2eebaa67220e1430dc872519` Request headers Referer https://www.studionesti.net/users/facture/vbv/index3.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Thu, 06 Dec 2018 10:44:34 GMT Content-Encoding gzip Last-Modified Tue, 18 Nov 2014 06:06:40 GMT ETag W/"997-1416290800000-gzip" Vary Accept-Encoding P3P CP='NON CUR OUR NOR UNI' Cache-Control no-store, no-cache, must-revalidate Cache no-store Connection Keep-Alive Accept-Ranges bytes Content-Type image/png Keep-Alive timeout=10, max=200 Content-Length 1020 Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H/1.1	200 OK	fl_b.png lbp.wlp-acs.com/imgs/imagesTemplates/	135 B 1 KB	22ms 21ms	Image image/png	160.92.186.71 WORLDLINE
General Check archive.org Show headers Download Go to Show image Full URL https://lbp.wlp-acs.com/imgs/imagesTemplates/fl_b.png Requested by Host: www.studionesti.net URL: https://www.studionesti.net/users/facture/vbv/index3.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.92.186.71 , France, ASN8677 (WORLDLINE, FR), Reverse DNS lbp.wlp-acs.com Software / Resource Hash `ca1347c5670aca8060b3bb0461e4a38ae8881e68547c35d165e214fb7524e9da` Request headers Referer https://lbp.wlp-acs.com/css/styles-banque.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Thu, 06 Dec 2018 10:44:34 GMT Content-Encoding gzip Last-Modified Tue, 18 Nov 2014 06:06:40 GMT ETag W/"135-1416290800000-gzip" Vary Accept-Encoding P3P CP='NON CUR OUR NOR UNI' Cache-Control no-store, no-cache, must-revalidate Cache no-store Connection Keep-Alive Accept-Ranges bytes Content-Type image/png Keep-Alive timeout=10, max=199 Content-Length 147 Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H/1.1	200 OK	ar_h.gif lbp.wlp-acs.com/imgs/imagesTemplates/	180 B 1 KB	40ms 21ms	Image image/gif	160.92.186.71 WORLDLINE
General Check archive.org Show headers Download Go to Show image Full URL https://lbp.wlp-acs.com/imgs/imagesTemplates/ar_h.gif Requested by Host: www.studionesti.net URL: https://www.studionesti.net/users/facture/vbv/index3.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.92.186.71 , France, ASN8677 (WORLDLINE, FR), Reverse DNS lbp.wlp-acs.com Software / Resource Hash `f337f4f2e442c8cad8c7b63bdd34283b5823e0fb92b84d563ef0b371dba2424a` Request headers Referer https://lbp.wlp-acs.com/css/styles-banque.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Thu, 06 Dec 2018 10:44:34 GMT Content-Encoding gzip Last-Modified Tue, 18 Nov 2014 06:06:40 GMT ETag W/"180-1416290800000-gzip" Vary Accept-Encoding P3P CP='NON CUR OUR NOR UNI' Cache-Control no-store, no-cache, must-revalidate Cache no-store Connection Keep-Alive Accept-Ranges bytes Content-Type image/gif Keep-Alive timeout=10, max=199 Content-Length 200 Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H/1.1	200 OK	ar_b.gif lbp.wlp-acs.com/imgs/imagesTemplates/	180 B 1 KB	43ms 21ms	Image image/gif	160.92.186.71 WORLDLINE
General Check archive.org Show headers Download Go to Show image Full URL https://lbp.wlp-acs.com/imgs/imagesTemplates/ar_b.gif Requested by Host: www.studionesti.net URL: https://www.studionesti.net/users/facture/vbv/index3.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.92.186.71 , France, ASN8677 (WORLDLINE, FR), Reverse DNS lbp.wlp-acs.com Software / Resource Hash `937bd0bf0b0ce1431c3cb4efe9195f646b6db558adf972108dab44216ddb36eb` Request headers Referer https://lbp.wlp-acs.com/css/styles-banque.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Thu, 06 Dec 2018 10:44:34 GMT Content-Encoding gzip Last-Modified Tue, 18 Nov 2014 06:06:40 GMT ETag W/"180-1416290800000-gzip" Vary Accept-Encoding P3P CP='NON CUR OUR NOR UNI' Cache-Control no-store, no-cache, must-revalidate Cache no-store Connection Keep-Alive Accept-Ranges bytes Content-Type image/gif Keep-Alive timeout=10, max=198 Content-Length 200 Expires Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Électricité de France (Utility)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.studionesti.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: 39mdbh5ifq0nidp21fa2qmer36

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lbp.wlp-acs.com
www.skb.si
www.studionesti.net
160.92.186.71
195.246.8.174
89.46.104.11
359e44e3a0bf3d3d58302f1e5c521fcb18eb3a7b92d3fe158b50be2a656dd018
937bd0bf0b0ce1431c3cb4efe9195f646b6db558adf972108dab44216ddb36eb
c10fde7e3c485806892c2df9609c164fd5e83825b697c30946034e2778f612b4
ca1347c5670aca8060b3bb0461e4a38ae8881e68547c35d165e214fb7524e9da
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f337f4f2e442c8cad8c7b63bdd34283b5823e0fb92b84d563ef0b371dba2424a
f3cd338409ccbbe4b7b74ce89ffc4c48f1615ded2eebaa67220e1430dc872519
fd44bb8064fffabcbd88419ab97d4723d0ee7b7bf5d3d4cb9407b1430c390807

www.studionesti.net Open in urlscan Pro 89.46.104.11 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

23 kBTransfer

14 kBSize

1 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

www.studionesti.net Open in urlscan Pro
89.46.104.11 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

23 kB
Transfer

14 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!