urlscan.io logo urlscan.io
SecurityTrails logo

itsender.eu Open in urlscan Pro
185.184.58.213  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://itsender.eu:49301/?rid=GXVd93M
Submission: On December 18 via manual from LU — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 4 HTTP transactions. The main IP is 185.184.58.213, located in Luxembourg, Luxembourg and belongs to RCARRE RCARRE S.A., LU. The main domain is itsender.eu.
This is the only time itsender.eu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 185.184.58.213 206504 (RCARRE RC...)
2 2620:1ec:29:1... 8075 (MICROSOFT...)
1 2001:1600:4:1... 29222 (Infomania...)
4 3
Apex Domain
Subdomains		 Transfer
2 msauth.net
aadcdn.msauth.net — Cisco Umbrella Rank: 871
19 KB
1 afc.lu
afc.lu
18 KB
1 itsender.eu
itsender.eu
6 KB
4 3
Domain Requested by
2 aadcdn.msauth.net itsender.eu
1 afc.lu itsender.eu
1 itsender.eu
4 3

This site contains no links.

Subject Issuer Validity Valid
aadcdn.msauth.net
DigiCert SHA2 Secure Server CA		 2024-10-29 -
2025-10-29		 a year crt.sh
afcbenelux.eu
R10		 2024-11-24 -
2025-02-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://itsender.eu:49301/?rid=GXVd93M
Frame ID: 9E8B6DF47D6B30C6166F7ED02CEDFFC8
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to your account

Page URL History Show full URLs

  1. http://itsender.eu:49301/?rid=GXVd93M HTTP 307
    https://itsender.eu:49301/?rid=GXVd93M HTTP 307
    http://itsender.eu:49301/?rid=GXVd93M Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Page Statistics

4
Requests

75 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

43 kB
Transfer

66 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://itsender.eu:49301/?rid=GXVd93M HTTP 307
    https://itsender.eu:49301/?rid=GXVd93M HTTP 307
    http://itsender.eu:49301/?rid=GXVd93M Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
itsender.eu/
Redirect Chain
  • http://itsender.eu:49301/?rid=GXVd93M
  • https://itsender.eu:49301/?rid=GXVd93M
  • http://itsender.eu:49301/?rid=GXVd93M
27 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://itsender.eu:49301/?rid=GXVd93M
Protocol
HTTP/1.1
Server
185.184.58.213 Luxembourg, Luxembourg, ASN206504 (RCARRE RCARRE S.A., LU),
Reverse DNS
185-184-58-213.ip.rcloud.eu
Software
/
Resource Hash
0dedea87d52dc463e70d0ead9a65e8a10b8be2c303cc37de4f1af6cafe494411

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Wed, 18 Dec 2024 16:01:28 GMT
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Server
gophish

Redirect headers

Location
http://itsender.eu:49301/?rid=GXVd93M
Non-Authoritative-Reason
HttpsUpgrades
microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
aadcdn.msauth.net/shared/1.0/content/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
Requested by
Host: itsender.eu
URL: http://itsender.eu:49301/?rid=GXVd93M
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
http://itsender.eu:49301/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DB5C3F4911527F
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
0
x-cache
TCP_HIT
date
Wed, 18 Dec 2024 16:01:28 GMT
content-type
image/svg+xml
last-modified
Wed, 24 May 2023 10:11:48 GMT
cache-control
public, max-age=31536000
x-ms-request-id
04518934-a01e-0010-7a11-4e063e000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
1435
x-azure-ref
20241218T160128Z-r1fc5bf4d66whxvbhC1MNZd3tw0000000d0000000000r6w5
x-ms-blob-type
BlockBlob
logo-afc_fiduciaire_vertical.svg
afc.lu/wp-content/themes/afc/static/img/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://afc.lu/wp-content/themes/afc/static/img/logo-afc_fiduciaire_vertical.svg
Requested by
Host: itsender.eu
URL: http://itsender.eu:49301/?rid=GXVd93M
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:1600:4:13:d294:66ff:fe11:629b , Switzerland, ASN29222 (Infomaniak-AS Infomaniak Network SA, CH),
Reverse DNS
Software
Apache /
Resource Hash
2f69a90d3d43e646938c295525ad5117430d213bbebc5c830b3d4c9285169eed
Security Headers
Name Value
Strict-Transport-Security max-age=16000000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
http://itsender.eu:49301/

Response headers

strict-transport-security
max-age=16000000
etag
"48c4-5f8e400c7e2ac"
accept-ranges
bytes
content-length
18628
date
Wed, 18 Dec 2024 16:01:28 GMT
last-modified
Sun, 09 Apr 2023 09:37:12 GMT
content-type
image/svg+xml
server
Apache
favicon_a_eupayfgghqiai7k9sol6lg2.ico
aadcdn.msauth.net/shared/1.0/content/images/ 		17 KB
17 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
http://itsender.eu:49301/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8D8731230C851A6
x-fd-int-roxy-purgeid
0
x-cache
TCP_HIT
date
Wed, 18 Dec 2024 16:01:29 GMT
content-type
image/x-icon
last-modified
Sun, 18 Oct 2020 03:02:03 GMT
cache-control
public, max-age=31536000
x-ms-request-id
34ba0e11-401e-0055-6d83-4dd3dd000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
17174
x-azure-ref
20241218T160129Z-r1fc5bf4d66whxvbhC1MNZd3tw0000000d0000000000r6y9
x-ms-blob-type
BlockBlob

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

1 Console Messages

Source Level URL
Text
recommendation verbose URL: http://itsender.eu:49301/?rid=GXVd93M
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o