appmail-stock-epos-lgazo1212826929.codeanyapp.com
Open in
urlscan Pro
198.199.109.95
Malicious Activity!
Public Scan
Submitted URL: https://fiber9.iaasdns.com/~aw3443/PAMR
Effective URL: https://appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/
Submission: On January 25 via manual from FR — Scanned from FR
Effective URL: https://appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/
Submission: On January 25 via manual from FR — Scanned from FR
Summary
This website contacted 3 IPs
in 1 countries
across 4 domains to perform 20 HTTP transactions.
The main IP is 198.199.109.95, located in
San Francisco, United States and
belongs to DIGITALOCEAN-ASN, US.
The main domain is appmail-stock-epos-lgazo1212826929.codeanyapp.com.
TLS certificate: Issued by R3 on November 18th 2022. Valid for: 3 months.
This is the only time appmail-stock-epos-lgazo1212826929.codeanyapp.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on November 18th 2022. Valid for: 3 months.
This is the only time appmail-stock-epos-lgazo1212826929.codeanyapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BNP Paribas (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 2 | 173.82.65.242 173.82.65.242 | 35916 (MULTA-ASN1) (MULTA-ASN1) | |
| 1 19 | 198.199.109.95 198.199.109.95 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
| 1 | 2606:4700::68... 2606:4700::6810:5514 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 20 | 3 |
2
173.82.65.242
(Portland, United States)
ASN35916 (MULTA-ASN1, US)
PTR: fiber9.iaasdns.com
ASN35916 (MULTA-ASN1, US)
PTR: fiber9.iaasdns.com
| fiber9.iaasdns.com |
19
198.199.109.95
(San Francisco, United States)
ASN14061 (DIGITALOCEAN-ASN, US)
PTR: codeanyproxy.com
ASN14061 (DIGITALOCEAN-ASN, US)
PTR: codeanyproxy.com
| appmail-stock-epos-lgazo1212826929.codeanyapp.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 19 |
codeanyapp.com
1 redirects
appmail-stock-epos-lgazo1212826929.codeanyapp.com |
617 KB |
| 2 |
iaasdns.com
2 redirects
fiber9.iaasdns.com |
355 B |
| 1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 199 |
11 KB |
| 1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 357 |
16 KB |
| 20 | 4 |
| Domain | Requested by | |
|---|---|---|
| 19 | appmail-stock-epos-lgazo1212826929.codeanyapp.com |
1 redirects
appmail-stock-epos-lgazo1212826929.codeanyapp.com
|
| 2 | fiber9.iaasdns.com | 2 redirects |
| 1 | cdnjs.cloudflare.com |
appmail-stock-epos-lgazo1212826929.codeanyapp.com
|
| 1 | cdn.jsdelivr.net |
appmail-stock-epos-lgazo1212826929.codeanyapp.com
|
| 20 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| codeanyapp.com R3 |
2022-11-18 - 2023-02-16 |
3 months | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-02 - 2023-06-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/
Frame ID: 74D797BE7D5A78CB456C9195E54F52AC
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
Accéder à mes comptes en ligne | BNP ParibasPage URL History Show full URLs
-
https://fiber9.iaasdns.com/~aw3443/PAMR
HTTP 301
https://fiber9.iaasdns.com/~aw3443/PAMR/ HTTP 302
https://appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web HTTP 301
https://appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/ Page URL
Detected technologies
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
SweetAlert
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- sweet(?:-)?alert(?:\.min)?\.js
SweetAlert2
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- sweetalert2(?:\.all)?(?:\.min)?\.js
- /npm/sweetalert2@([\d.]+)
- sweetalert2@([\d.]+)/dist/sweetalert2(?:\.all)(?:\.min)\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://fiber9.iaasdns.com/~aw3443/PAMR
HTTP 301
https://fiber9.iaasdns.com/~aw3443/PAMR/ HTTP 302
https://appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web HTTP 301
https://appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/ Redirect Chain
|
13 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.css
appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/assets/css/ |
152 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
helpers.css
appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/assets/css/ |
41 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fonts.css
appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/assets/css/ |
4 KB 616 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.css
appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/assets/css/ |
10 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
spinner.css
appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/assets/css/ |
791 B 552 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.png
appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/assets/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
idea.png
appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/assets/images/ |
828 B 974 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
service.jpg
appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/assets/images/ |
4 KB 4 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/assets/js/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
popper.min.js
appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/assets/js/ |
20 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.js
appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/assets/js/ |
57 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fontawesome.min.js
appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/assets/js/ |
1 MB 379 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.js
appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/assets/js/ |
3 KB 945 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sweetalert2.all.min.js
cdn.jsdelivr.net/npm/sweetalert2@7.26.11/dist/ |
60 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sweetalert.min.js
cdnjs.cloudflare.com/ajax/libs/sweetalert/2.1.2/ |
40 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
log.js
appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/common/ |
1001 B 663 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Dosis-Regular.woff
appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/assets/fonts/ |
46 KB 46 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Dosis-SemiBold.woff
appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/assets/fonts/ |
46 KB 46 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Dosis-Bold.woff
appmail-stock-epos-lgazo1212826929.codeanyapp.com/PPM/web/assets/fonts/ |
46 KB 46 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BNP Paribas (Banking)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery function| Popper object| bootstrap object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome boolean| isShift string| seperator string| dash function| cc_date function| date_of_birth function| Sweetalert2 function| SweetAlert function| Swal function| sweetAlert function| swal function| setImmediate function| clearImmediate function| login0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
appmail-stock-epos-lgazo1212826929.codeanyapp.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
fiber9.iaasdns.com
173.82.65.242
198.199.109.95
2606:4700::6810:5514
2606:4700::6811:190e
06013cb735fdfe4d3deb97fda3710bd89d8b5e9570a5d9ca5d9a6ed8b61c7d55
213e1c07e15eea7f20b56e8dab08ce45429188b20c55cd91d45c84cdda5c0635
21bd54c766f0a1385f24f0b9a074e83881d82288d9d31bab0e3076721121f52e
2ac46ebee46d515be86deeba385b4e41f8cff160364b362c9a6e153df327c66b
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
310be02c30e9bdb846328d10d61d43013ccc26304439883f96544fc576c76a6c
315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58
377ed808aa05dd000d5832ef5a72f62d4bf9d504b5c36c588b173c45be928d66
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
60dedc0841804b770cc2b57e22494b9455854869bf1af7fa1a73fc1f47f5fb02
6965c967fe2474e34f024a08618c84e9f995c3482a3c46e793b9eca4b00d82e2
78ca393b1207c4fe4a3faef9d127de88b0d6167364497ca2bef87f9b0714102b
81a502dbbe28e9768537bee7f2320fe8b240954588724ce5b358f3e96fc1baa7
895124676e79720d4e3286e86e82b1a703dd8cc27d38f9dfd26acc01a16cf09d
8dd780947b9ca87bf800347c934ae4f2726b6a6e73339e1290e9a3a6e92b0f03
a8e1d658a276a4706ed13d04de6e9bf673e872dffdff4e30ad0ffdb69e12621b
ee9063aa98aea7bfe23cffb64e84032c56a39e23821677f2ef5fd37ce2b2a25d
f839760d1621714efedeb3eb08b25e619812dcc33d77aceb0daf405ac727a765
f8a0fe1123bb5d8a3f465045e852077b3e0560989e86e66f3640a9d85f5078ff
fa27fa64d5e26fa9fbb7ff7650713c5caa6c84e5ee5829f74faf9b42f9eac1d9