dzaduihezf.temp.swtest.ru Open in urlscan Pro
77.222.40.223 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://u22247154.ct.sendgrid.net/ls/click?upn=tyLFgt06arydP-2FR1iSEHJ7UMVVhpcgG9-2FbfWDGHtlp8jhX2FwpA-2B8atFYnY-2BRdr-2BQmbJ3L6o2...
Effective URL:
http://dzaduihezf.temp.swtest.ru/73186/infos.php
Submission: On May 06 via manual (May 6th 2022, 2:45:16 pm UTC) from FR — Scanned from FR

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 5 domains to perform 15 HTTP transactions. The main IP is 77.222.40.223, located in Russian Federation and belongs to SWEB-AS, RU. The main domain is dzaduihezf.temp.swtest.ru.

This is the only time dzaduihezf.temp.swtest.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Impots Gouv (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.118.28 167.89.118.28	11377 (SENDGRID) (SENDGRID)
1 1	173.249.35.108 173.249.35.108	51167 (CONTABO) (CONTABO)
3 15	77.222.40.223 77.222.40.223	44112 (SWEB-AS) (SWEB-AS)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
15	3

1 167.89.118.28 (Las Vegas, United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789118x28.outbound-mail.sendgrid.net

u22247154.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.249.35.108 (Nuremberg, Germany) 1 redirects

ASN51167 (CONTABO, DE)
PTR: orange.dnseasyhost.com

riazdoctorshospital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 77.222.40.223 (Russian Federation) 3 redirects

ASN44112 (SWEB-AS, RU)
PTR: vh292.sweb.ru

dzaduihezf.temp.swtest.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	swtest.ru 3 redirects dzaduihezf.temp.swtest.ru	92 KB
2	gstatic.com fonts.gstatic.com	27 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 111	1 KB
1	riazdoctorshospital.com 1 redirects riazdoctorshospital.com	380 B
1	sendgrid.net 1 redirects u22247154.ct.sendgrid.net	262 B
15	5

	Domain	Requested by
15	dzaduihezf.temp.swtest.ru	3 redirects dzaduihezf.temp.swtest.ru
2	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	dzaduihezf.temp.swtest.ru
1	riazdoctorshospital.com	1 redirects
1	u22247154.ct.sendgrid.net	1 redirects
15	5

This site contains no links.

Subject Issuer	Validity	Valid
upload.video.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://dzaduihezf.temp.swtest.ru/73186/infos.php
Frame ID: C8A1BDF0D37189B5EC63D11EAD27BC45
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Particuliers |

Page URL History Show full URLs

https://u22247154.ct.sendgrid.net/ls/click?upn=tyLFgt06arydP-2FR1iSEHJ7UMVVhpcgG9-2FbfWDGHtlp8jhX2FwpA-2B8atFY... HTTP 302
https://riazdoctorshospital.com/wp-content/uploads/2022/03/ HTTP 302
http://dzaduihezf.temp.swtest.ru/index.php HTTP 302
http://dzaduihezf.temp.swtest.ru/73186 HTTP 301
http://dzaduihezf.temp.swtest.ru/73186/ HTTP 302
http://dzaduihezf.temp.swtest.ru/73186/infos.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

20 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

3
IPs

3
Countries

119 kB
Transfer

340 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u22247154.ct.sendgrid.net/ls/click?upn=tyLFgt06arydP-2FR1iSEHJ7UMVVhpcgG9-2FbfWDGHtlp8jhX2FwpA-2B8atFYnY-2BRdr-2BQmbJ3L6o2EfELwQEH0JLwCOorrBflxkjzfuYalqVDSM-3Di5aB_H9HwEvu65-2FuQ-2B4W4deD2vrszsZotRl3Mx3PWbvsXmMQGq8oR6T6AIvKBfA75rE2EZjM-2B5S-2FFDwK2YhUu9pHOqkQ6Hlfkr7GmvRIuJOju-2Bpuqj9umpbX-2FF5Z5di0YMt9HFBoAsIrZIW6iFfa7pZiUbnEaHxa6PafOI1nrbHNUmuneAjgF9p9sPKqlVwMH6uV5FLipxzchSZNvMIi0HK-2FZJ2LhWHqNvySdINJm8T-2F9VvY-3D HTTP 302
https://riazdoctorshospital.com/wp-content/uploads/2022/03/ HTTP 302
http://dzaduihezf.temp.swtest.ru/index.php HTTP 302
http://dzaduihezf.temp.swtest.ru/73186 HTTP 301
http://dzaduihezf.temp.swtest.ru/73186/ HTTP 302
http://dzaduihezf.temp.swtest.ru/73186/infos.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request infos.php Show response
dzaduihezf.temp.swtest.ru/73186/
Redirect Chain

https://u22247154.ct.sendgrid.net/ls/click?upn=tyLFgt06arydP-2FR1iSEHJ7UMVVhpcgG9-2FbfWDGHtlp8jhX2FwpA-2B8atFYnY-2BRdr-2BQmbJ3L6o2EfELwQEH0JLwCOorrBflxkjzfuYalqVDSM-3Di5aB_H9HwEvu65-2FuQ-2B4W4deD2v...
https://riazdoctorshospital.com/wp-content/uploads/2022/03/
http://dzaduihezf.temp.swtest.ru/index.php
http://dzaduihezf.temp.swtest.ru/73186
http://dzaduihezf.temp.swtest.ru/73186/
http://dzaduihezf.temp.swtest.ru/73186/infos.php

23 KB
5 KB

62ms
62ms

Document
text/html

77.222.40.223
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://dzaduihezf.temp.swtest.ru/73186/infos.php
Protocol: HTTP/1.1
Server: 77.222.40.223 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh292.sweb.ru
Software: nginx/1.19.1 / PHP/7.1.33
Resource Hash: a6e433328a5fb7458e8ecf94112095504a6e56d45d2eae26eae4f27bab5fdc4c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2022 14:45:11 GMT
Keep-Alive: timeout=10
Server: nginx/1.19.1
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33

Redirect headers

Connection: keep-alive
Content-Length: 1
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2022 14:45:11 GMT
Keep-Alive: timeout=10
Server: nginx/1.19.1
X-Powered-By: PHP/7.1.33
location: ./infos.php

GET
H/1.1 200
OK bootstrap.min.css
dzaduihezf.temp.swtest.ru/73186/templates/styles/ 104 KB
17 KB 63ms
62ms Stylesheet
text/css 77.222.40.223
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://dzaduihezf.temp.swtest.ru/73186/templates/styles/bootstrap.min.css
Requested by: Host: dzaduihezf.temp.swtest.ru
URL: http://dzaduihezf.temp.swtest.ru/73186/infos.php
Protocol: HTTP/1.1
Server: 77.222.40.223 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh292.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 996c10534d1682283cda5058fb19a69d9773e8a719980574cc218b18ea74543a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://dzaduihezf.temp.swtest.ru/73186/infos.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Fri, 06 May 2022 14:45:11 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 May 2022 14:45:11 GMT
Server: nginx/1.19.1
ETag: W/"16c1010-1a109-5de58e7d62d02"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H/1.1 200
OK commun.css
dzaduihezf.temp.swtest.ru/73186/templates/styles/ 3 KB
1 KB 111ms
57ms Stylesheet
text/css 77.222.40.223
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://dzaduihezf.temp.swtest.ru/73186/templates/styles/commun.css
Requested by: Host: dzaduihezf.temp.swtest.ru
URL: http://dzaduihezf.temp.swtest.ru/73186/infos.php
Protocol: HTTP/1.1
Server: 77.222.40.223 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh292.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 9f2356c4b703b68db9e9248c9b41be7291c1351e8197fbb06f2d1f39984c07ea

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://dzaduihezf.temp.swtest.ru/73186/infos.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Fri, 06 May 2022 14:45:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 May 2022 14:45:11 GMT
Server: nginx/1.19.1
ETag: W/"16c100e-cfe-5de58e7d62d02"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H/1.1 200
OK mire.css
dzaduihezf.temp.swtest.ru/73186/templates/styles/ 2 KB
959 B 119ms
65ms Stylesheet
text/css 77.222.40.223
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://dzaduihezf.temp.swtest.ru/73186/templates/styles/mire.css
Requested by: Host: dzaduihezf.temp.swtest.ru
URL: http://dzaduihezf.temp.swtest.ru/73186/infos.php
Protocol: HTTP/1.1
Server: 77.222.40.223 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh292.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 1b7742e5dae197f45167c0444b10c9f6102fd1b02c2fab707c902b7b233d9328

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://dzaduihezf.temp.swtest.ru/73186/infos.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Fri, 06 May 2022 14:45:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 May 2022 14:45:11 GMT
Server: nginx/1.19.1
ETag: W/"16c100d-703-5de58e7d62d02"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H/1.1 200
OK dac.css
dzaduihezf.temp.swtest.ru/73186/templates/styles/ 457 B
733 B 111ms
57ms Stylesheet
text/css 77.222.40.223
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://dzaduihezf.temp.swtest.ru/73186/templates/styles/dac.css
Requested by: Host: dzaduihezf.temp.swtest.ru
URL: http://dzaduihezf.temp.swtest.ru/73186/infos.php
Protocol: HTTP/1.1
Server: 77.222.40.223 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh292.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: e2e544bd75b899846cf469247da8f1d3a5bbb2eff3f11203c1779f9a8c9fb3f8

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://dzaduihezf.temp.swtest.ru/73186/infos.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Fri, 06 May 2022 14:45:12 GMT
Last-Modified: Fri, 06 May 2022 14:45:11 GMT
Server: nginx/1.19.1
ETag: W/"16c100f-1c9-5de58e7d62d02"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=10
Content-Length: 457

GET
H/1.1 200
OK jquery.min.js Show response
dzaduihezf.temp.swtest.ru/73186/templates/js/ 84 KB
29 KB 118ms
63ms Script
application/x-javascript 77.222.40.223
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://dzaduihezf.temp.swtest.ru/73186/templates/js/jquery.min.js
Requested by: Host: dzaduihezf.temp.swtest.ru
URL: http://dzaduihezf.temp.swtest.ru/73186/infos.php
Protocol: HTTP/1.1
Server: 77.222.40.223 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh292.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://dzaduihezf.temp.swtest.ru/73186/infos.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Fri, 06 May 2022 14:45:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 May 2022 14:45:11 GMT
Server: nginx/1.19.1
ETag: W/"16c1008-14e4a-5de58e7d62d02"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H/1.1 200
OK bootstrap.min.js Show response
dzaduihezf.temp.swtest.ru/73186/templates/js/ 33 KB
9 KB 123ms
68ms Script
application/x-javascript 77.222.40.223
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://dzaduihezf.temp.swtest.ru/73186/templates/js/bootstrap.min.js
Requested by: Host: dzaduihezf.temp.swtest.ru
URL: http://dzaduihezf.temp.swtest.ru/73186/infos.php
Protocol: HTTP/1.1
Server: 77.222.40.223 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh292.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 75b52a07e8d4d433f8dc2dd323b7661d7945611c3258161ce37772f4dda615ad

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://dzaduihezf.temp.swtest.ru/73186/infos.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Fri, 06 May 2022 14:45:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 May 2022 14:45:11 GMT
Server: nginx/1.19.1
ETag: W/"16c1007-8208-5de58e7d62d02"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H/1.1 200
OK jquery.details.js Show response
dzaduihezf.temp.swtest.ru/73186/templates/js/ 2 KB
1 KB 168ms
57ms Script
application/x-javascript 77.222.40.223
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://dzaduihezf.temp.swtest.ru/73186/templates/js/jquery.details.js
Requested by: Host: dzaduihezf.temp.swtest.ru
URL: http://dzaduihezf.temp.swtest.ru/73186/infos.php
Protocol: HTTP/1.1
Server: 77.222.40.223 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh292.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 07a4d78d858bb93b3220fd4af3f599035ea5e4f932bfb53b1196ee328116c5b9

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://dzaduihezf.temp.swtest.ru/73186/infos.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Fri, 06 May 2022 14:45:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 May 2022 14:45:11 GMT
Server: nginx/1.19.1
ETag: W/"16c1006-7d0-5de58e7d6291a"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H/1.1 404
Not Found ebpe-druckheader-image
dzaduihezf.temp.swtest.ru/73186/style/ 1 KB
1 KB 68ms
68ms Image
text/html 77.222.40.223
SWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dzaduihezf.temp.swtest.ru/73186/style/ebpe-druckheader-image
Requested by: Host: dzaduihezf.temp.swtest.ru
URL: http://dzaduihezf.temp.swtest.ru/73186/infos.php
Protocol: HTTP/1.1
Server: 77.222.40.223 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh292.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 11ac42ac1f87a2758a3b75f04ded732e3c723ff7a0559659ab86d01bd4898f88

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://dzaduihezf.temp.swtest.ru/73186/infos.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Fri, 06 May 2022 14:45:12 GMT
Content-Encoding: gzip
Server: nginx/1.19.1
Vary: Accept-Encoding, accept-language,accept-charset
Content-Language: fr
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Keep-Alive: timeout=10

GET
H/1.1 404
Not Found 1111.css
dzaduihezf.temp.swtest.ru/73186/style/ 0
0 62ms
62ms Stylesheet
text/html 77.222.40.223
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://dzaduihezf.temp.swtest.ru/73186/style/1111.css
Requested by: Host: dzaduihezf.temp.swtest.ru
URL: http://dzaduihezf.temp.swtest.ru/73186/infos.php
Protocol: HTTP/1.1
Server: 77.222.40.223 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh292.sweb.ru
Software: nginx/1.19.1 /
Resource Hash

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://dzaduihezf.temp.swtest.ru/73186/infos.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Fri, 06 May 2022 14:45:12 GMT
Content-Encoding: gzip
Server: nginx/1.19.1
Vary: Accept-Encoding, accept-language,accept-charset
Content-Language: fr
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Keep-Alive: timeout=10

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 103ms
39ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans&subset=latin-ext

Requested by

Host: dzaduihezf.temp.swtest.ru
URL: http://dzaduihezf.temp.swtest.ru/73186/templates/styles/commun.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d402b35e6e0d996cc57dfb1f40a87b672f1eb4dfe0744da6d9c40b0d26592815

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://dzaduihezf.temp.swtest.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 06 May 2022 13:24:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 06 May 2022 14:45:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 06 May 2022 14:45:12 GMT

GET
H/1.1 200
OK logo.svg
dzaduihezf.temp.swtest.ru/73186/templates/images/ 53 KB
18 KB 64ms
64ms Image
image/svg+xml 77.222.40.223
SWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dzaduihezf.temp.swtest.ru/73186/templates/images/logo.svg
Requested by: Host: dzaduihezf.temp.swtest.ru
URL: http://dzaduihezf.temp.swtest.ru/73186/templates/styles/commun.css
Protocol: HTTP/1.1
Server: 77.222.40.223 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh292.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: eb00a60062dad3584d01aac5b8797e80dc3b53440e7c9922d302a31a0dc4a14c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://dzaduihezf.temp.swtest.ru/73186/templates/styles/commun.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Fri, 06 May 2022 14:45:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 May 2022 14:45:11 GMT
Server: nginx/1.19.1
ETag: W/"16c1000-d43f-5de58e7d6291a"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v28/ 16 KB
17 KB 93ms
30ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v28/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://dzaduihezf.temp.swtest.ru
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 22:45:44 GMT
x-content-type-options: nosniff
age: 230368
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16692
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 22:06:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 May 2023 22:45:44 GMT

GET
H/1.1 200
OK dgfip_dgfipicons.woff
dzaduihezf.temp.swtest.ru/73186/templates/polices/ 7 KB
7 KB 62ms
62ms Font
application/x-font-woff 77.222.40.223
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://dzaduihezf.temp.swtest.ru/73186/templates/polices/dgfip_dgfipicons.woff
Requested by: Host: dzaduihezf.temp.swtest.ru
URL: http://dzaduihezf.temp.swtest.ru/73186/templates/styles/commun.css
Protocol: HTTP/1.1
Server: 77.222.40.223 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh292.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 896231e8e33a7920b5a2108bbdbd68c5aa8235b1dd6579dc3de60085b6980c48

Request headers

Referer: http://dzaduihezf.temp.swtest.ru/73186/templates/styles/commun.css
Origin: http://dzaduihezf.temp.swtest.ru
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Fri, 06 May 2022 14:45:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 May 2022 14:45:11 GMT
Server: nginx/1.19.1
ETag: W/"16c100a-1ae4-5de58e7d62d02"
Vary: Accept-Encoding
Content-Type: application/x-font-woff
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4kaVIGxA.woff2
fonts.gstatic.com/s/opensans/v28/ 10 KB
10 KB 97ms
38ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v28/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4kaVIGxA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3794e9a7f229210e1dbaf831a62918c9edfc09a90a6684dcc0468f461c20e0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://dzaduihezf.temp.swtest.ru
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 23:38:17 GMT
x-content-type-options: nosniff
age: 227215
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10092
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 22:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 May 2023 23:38:17 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Impots Gouv (Government)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://dzaduihezf.temp.swtest.ru/73186/style/1111.css Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://dzaduihezf.temp.swtest.ru/73186/style/ebpe-druckheader-image Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dzaduihezf.temp.swtest.ru
fonts.googleapis.com
fonts.gstatic.com
riazdoctorshospital.com
u22247154.ct.sendgrid.net
167.89.118.28
173.249.35.108
2a00:1450:4001:809::2003
2a00:1450:4001:812::200a
77.222.40.223
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
07a4d78d858bb93b3220fd4af3f599035ea5e4f932bfb53b1196ee328116c5b9
11ac42ac1f87a2758a3b75f04ded732e3c723ff7a0559659ab86d01bd4898f88
1b7742e5dae197f45167c0444b10c9f6102fd1b02c2fab707c902b7b233d9328
75b52a07e8d4d433f8dc2dd323b7661d7945611c3258161ce37772f4dda615ad
896231e8e33a7920b5a2108bbdbd68c5aa8235b1dd6579dc3de60085b6980c48
996c10534d1682283cda5058fb19a69d9773e8a719980574cc218b18ea74543a
9f2356c4b703b68db9e9248c9b41be7291c1351e8197fbb06f2d1f39984c07ea
a6e433328a5fb7458e8ecf94112095504a6e56d45d2eae26eae4f27bab5fdc4c
cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0
d402b35e6e0d996cc57dfb1f40a87b672f1eb4dfe0744da6d9c40b0d26592815
e2e544bd75b899846cf469247da8f1d3a5bbb2eff3f11203c1779f9a8c9fb3f8
eb00a60062dad3584d01aac5b8797e80dc3b53440e7c9922d302a31a0dc4a14c
f3794e9a7f229210e1dbaf831a62918c9edfc09a90a6684dcc0468f461c20e0c

dzaduihezf.temp.swtest.ru Open in urlscan Pro 77.222.40.223 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

20 %HTTPS

40 %IPv6

5 Domains

5 Subdomains

3 IPs

3 Countries

119 kBTransfer

340 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

dzaduihezf.temp.swtest.ru Open in urlscan Pro
77.222.40.223 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

20 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

3
IPs

3
Countries

119 kB
Transfer

340 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!