urlscan.io logo urlscan.io
SecurityTrails logo

create.applicable.space Open in urlscan Pro
193.34.145.204  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://gg-l.xyz/CoJDD
Effective URL: https://create.applicable.space/.well-known/Europages.it/inquiry.messageCenter/europages.user.MyAccount.login.myEuropages/login/...
Submission: On June 16 via manual from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 4 HTTP transactions. The main IP is 193.34.145.204, located in Munich, Germany and belongs to CONTABO, DE. The main domain is create.applicable.space.
TLS certificate: Issued by R3 on April 29th 2022. Valid for: 3 months.
This is the only time create.applicable.space was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Europages (Online)

Domain & IP information

IP Address AS Autonomous System
2 2 198.199.122.148 14061 (DIGITALOC...)
1 150.109.125.143 132203 (TENCENT-N...)
1 193.34.145.204 51167 (CONTABO)
2 151.101.12.193 54113 (FASTLY)
4 3
Apex Domain
Subdomains		 Transfer
2 imgur.com
i.imgur.com — Cisco Umbrella Rank: 5725
51 KB
2 gg-l.xyz
gg-l.xyz
699 B
1 applicable.space
create.applicable.space
3 KB
1 duobabiji.com
www.duobabiji.com
385 B
4 4
Domain Requested by
2 i.imgur.com create.applicable.space
2 gg-l.xyz 2 redirects
1 create.applicable.space www.duobabiji.com
1 www.duobabiji.com
4 4

This site contains no links.

Subject Issuer Validity Valid
www.create.applicable.space
R3		 2022-04-29 -
2022-07-28		 3 months crt.sh
*.imgur.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-03-16		 a year crt.sh

This page contains 1 frames:

Primary Page: https://create.applicable.space/.well-known/Europages.it/inquiry.messageCenter/europages.user.MyAccount.login.myEuropages/login/index.htm
Frame ID: DD6852D428C8B95055FA1A725798AB71
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Connessione - Europages

Page URL History Show full URLs

  1. http://gg-l.xyz/CoJDD HTTP 302
    https://gg-l.xyz/CoJDD HTTP 301
    http://www.duobabiji.com/wp-content/it.Europages/europages.user.MyAccount.login.myEuropages/ep2sc8MyA... Page URL
  2. https://create.applicable.space/.well-known/Europages.it/inquiry.messageCenter/europages.user.MyAccount.logi... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Page Statistics

4
Requests

75 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

54 kB
Transfer

53 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://gg-l.xyz/CoJDD HTTP 302
    https://gg-l.xyz/CoJDD HTTP 301
    http://www.duobabiji.com/wp-content/it.Europages/europages.user.MyAccount.login.myEuropages/ep2sc8MyAccountDrecting.php Page URL
  2. https://create.applicable.space/.well-known/Europages.it/inquiry.messageCenter/europages.user.MyAccount.login.myEuropages/login/index.htm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://gg-l.xyz/CoJDD HTTP 302
  • https://gg-l.xyz/CoJDD HTTP 301
  • http://www.duobabiji.com/wp-content/it.Europages/europages.user.MyAccount.login.myEuropages/ep2sc8MyAccountDrecting.php

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
ep2sc8MyAccountDrecting.php
www.duobabiji.com/wp-content/it.Europages/europages.user.MyAccount.login.myEuropages/
Redirect Chain
  • http://gg-l.xyz/CoJDD
  • https://gg-l.xyz/CoJDD
  • http://www.duobabiji.com/wp-content/it.Europages/europages.user.MyAccount.login.myEuropages/ep2sc8MyAccountDrecting.php
197 B
385 B 		Document
General
Check archive.org
Download Go to
Full URL
http://www.duobabiji.com/wp-content/it.Europages/europages.user.MyAccount.login.myEuropages/ep2sc8MyAccountDrecting.php
Protocol
HTTP/1.1
Server
150.109.125.143 Central, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Thu, 16 Jun 2022 10:43:53 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control
no-store, no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
date
Thu, 16 Jun 2022 10:43:51 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
http://www.duobabiji.com/wp-content/it.Europages/europages.user.MyAccount.login.myEuropages/ep2sc8MyAccountDrecting.php
pragma
no-cache
server
LiteSpeed
Primary Request index.htm
create.applicable.space/.well-known/Europages.it/inquiry.messageCenter/europages.user.MyAccount.login.myEuropages/login/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://create.applicable.space/.well-known/Europages.it/inquiry.messageCenter/europages.user.MyAccount.login.myEuropages/login/index.htm
Requested by
Host: www.duobabiji.com
URL: http://www.duobabiji.com/wp-content/it.Europages/europages.user.MyAccount.login.myEuropages/ep2sc8MyAccountDrecting.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.34.145.204 Munich, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
m3668.contabo.net
Software
Apache /
Resource Hash
283eefce7a4a4f568b9fc39c8468daea6c6544b9fc89b6a5a097ba28e2927df0

Request headers

Referer
http://www.duobabiji.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

accept-ranges
bytes
content-length
2570
content-type
text/html
date
Thu, 16 Jun 2022 10:43:53 GMT
last-modified
Fri, 10 Jun 2022 01:24:19 GMT
server
Apache
c4skNfE.png
i.imgur.com/ 		48 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/c4skNfE.png
Requested by
Host: create.applicable.space
URL: https://create.applicable.space/.well-known/Europages.it/inquiry.messageCenter/europages.user.MyAccount.login.myEuropages/login/index.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
f2ec2694ef39cfa6b79addbe930026157f80c2d018b70fcbf623b6c161f71f80
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://create.applicable.space/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Thu, 16 Jun 2022 10:43:54 GMT
x-content-type-options
nosniff
age
675345
x-cache
HIT, HIT
content-length
48809
x-served-by
cache-iad-kjyo7100101-IAD, cache-fra19161-FRA
last-modified
Sun, 29 May 2022 10:53:26 GMT
server
cat factory 1.0
x-timer
S1655376234.909520,VS0,VE166
etag
"c0b541f98f652d03dfc46c1063285e25"
strict-transport-security
max-age=300
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
I9dj0qH.png
i.imgur.com/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/I9dj0qH.png
Requested by
Host: create.applicable.space
URL: https://create.applicable.space/.well-known/Europages.it/inquiry.messageCenter/europages.user.MyAccount.login.myEuropages/login/index.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
2fa3d3c0fe15288568fa202c9772f0b8e5c267a73439aa12b987baf84c902a98
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://create.applicable.space/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Thu, 16 Jun 2022 10:43:53 GMT
x-content-type-options
nosniff
age
1338066
x-cache
HIT, HIT
content-length
2830
x-served-by
cache-iad-kiad7000044-IAD, cache-fra19161-FRA
last-modified
Tue, 31 May 2022 07:13:09 GMT
server
cat factory 1.0
x-timer
S1655376234.909655,VS0,VE1
etag
"754b43c53be9562c7174cd66444459af"
strict-transport-security
max-age=300
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Europages (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation

2 Cookies

Domain/Path Name / Value
gg-l.xyz/ Name: PHPSESSID
Value: 67lknqahmj0ls3gvker7vjc514
gg-l.xyz/ Name: short_2778
Value: 1