ibercaja-sa.serv00.net
Open in
urlscan Pro
128.204.223.42
Malicious Activity!
Public Scan
URL:
https://ibercaja-sa.serv00.net/factures/
Submission Tags: falconsandbox
Submission: On November 25 via api from US — Scanned from PL
Submission Tags: falconsandbox
Submission: On November 25 via api from US — Scanned from PL
Summary
This website contacted 3 IPs
in 2 countries
across 2 domains to perform 12 HTTP transactions.
The main IP is 128.204.223.42, located in
Poland and
belongs to ECO-ATMAN-PL Atman Sp. z o.o., PL.
The main domain is ibercaja-sa.serv00.net.
TLS certificate: Issued by R10 on September 23rd 2024. Valid for: 3 months.
This is the only time ibercaja-sa.serv00.net was scanned on urlscan.io!
TLS certificate: Issued by R10 on September 23rd 2024. Valid for: 3 months.
This is the only time ibercaja-sa.serv00.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Post Luxembourg (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 10 | 128.204.223.42 128.204.223.42 | 57367 (ECO-ATMAN...) (ECO-ATMAN-PL Atman Sp. z o.o.) | |
| 1 | 78.141.185.155 78.141.185.155 | 6661 (EPT-LU PO...) (EPT-LU POST Luxembourg) | |
| 1 | 78.141.185.153 78.141.185.153 | 6661 (EPT-LU PO...) (EPT-LU POST Luxembourg) | |
| 12 | 3 |
10
128.204.223.42
(Poland)
ASN57367 (ECO-ATMAN-PL Atman Sp. z o.o., PL)
PTR: web13.serv00.com
ASN57367 (ECO-ATMAN-PL Atman Sp. z o.o., PL)
PTR: web13.serv00.com
| ibercaja-sa.serv00.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 10 |
serv00.net
ibercaja-sa.serv00.net |
207 KB |
| 2 |
post.lu
cdn.post.lu — Cisco Umbrella Rank: 960927 www.post.lu |
5 KB |
| 12 | 2 |
| Domain | Requested by | |
|---|---|---|
| 10 | ibercaja-sa.serv00.net |
ibercaja-sa.serv00.net
|
| 1 | www.post.lu | |
| 1 | cdn.post.lu |
ibercaja-sa.serv00.net
|
| 12 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.serv00.net R10 |
2024-09-23 - 2024-12-22 |
3 months | crt.sh |
| *.post.lu RapidSSL TLS RSA CA G1 |
2024-02-19 - 2025-03-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ibercaja-sa.serv00.net/factures/
Frame ID: 9A780410CFCD3017DF8D1BD2E348BFA7
Requests: 12 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
ibercaja-sa.serv00.net/factures/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
zwa9.css
ibercaja-sa.serv00.net/factures/files/css/ |
10 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
loading.gif
ibercaja-sa.serv00.net/factures/files/media/ |
771 B 892 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo-post.svg
cdn.post.lu/newpostlu/babel-theme/assets/images/ |
9 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
done.png
ibercaja-sa.serv00.net/factures/files/media/ |
485 B 606 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cc-image.png
ibercaja-sa.serv00.net/factures/files/media/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cvv-image.png
ibercaja-sa.serv00.net/factures/files/media/ |
51 KB 51 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
haraka.js
ibercaja-sa.serv00.net/factures/files/js/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
vistasansbook.ttf
ibercaja-sa.serv00.net/factures/files/fonts/ |
41 KB 41 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
vistasansreg.ttf
ibercaja-sa.serv00.net/factures/files/fonts/ |
41 KB 41 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
vistasansmed.ttf
ibercaja-sa.serv00.net/factures/files/fonts/ |
41 KB 41 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
favicon.ico
www.post.lu/o/babel-theme/images/ |
1 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Post Luxembourg (Transportation)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| maxLengthCheck function| addSlashes function| cardspace0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.post.lu
ibercaja-sa.serv00.net
www.post.lu
128.204.223.42
78.141.185.153
78.141.185.155
059e957c96913b91a3754a1bb1f91777033ae05ad35966dae11f1390a1db5350
2cdf7b714b400e42976e625112e79c0b280551dcb7317859ece57f30608f3209
3dd389ea5a9ccdfc0d220585e262114c3ff8c60c495adedb31d4094e97be4bfe
514dc3c75b18a91f2217fc28e15ab5a19748c9aa51c7efbbc2dda0fd1eaaf061
59d18565c29f8c4c26ff1b862f5d0b9b69b74089b39efdab0ab88146ec57aecc
5d38682d9ecadb19e679b5f3149be45d2e69d4e860376b3dff3b4ecbf9d41b9a
81a161d5793ac2a33f02ddcd64fb0dc2d028616dac084e4f64e77f4898b0c4e4
906f39bd7d9a664f71de950adcc666ff37ae3461a30e2de30abb9d5aad0295a2
c2dc27b286bc579aa847b15247e922a7b750b687e9ad4f6ee194d56acaec4a24
c639fcffe9ef5754ed9485ac2fbaff8c046ca49ddf8406db5f615afa5b33695d
ce6e64c8fcf04bf3bc73c8b1d15e56d3a210f9e8327cdefbe0f2aa2a7e4f2c86
e6f817cf29a8944353918f33a69cf1c0cb1ea5d19b885035e0c53b23244ab95d