freveril.ezua.com Open in urlscan Pro
51.210.113.204 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://efith3.nl/
Effective URL:
https://freveril.ezua.com/login/ses/session_index
Submission: On August 22 via manual (August 22nd 2022, 9:41:32 pm UTC) from IN — Scanned from NL

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 18 HTTP transactions. The main IP is 51.210.113.204, located in France and belongs to OVH, FR. The main domain is freveril.ezua.com.
TLS certificate: Issued by R3 on August 22nd 2022. Valid for: 3 months.

This is the only time freveril.ezua.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fifth Third Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	69.162.178.165 69.162.178.165	32748 (STEADFAST) (STEADFAST)
1 16	51.210.113.204 51.210.113.204	16276 (OVH) (OVH)
3	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
18	2

1 69.162.178.165 (United States) 1 redirects

ASN32748 (STEADFAST, US)
PTR: ip165.69-162-178.static.steadfastdns.net

efith3.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 51.210.113.204 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: server83.trusted-mail.in

freveril.ezua.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	ezua.com 1 redirects freveril.ezua.com	157 KB
3	gstatic.com fonts.gstatic.com	107 KB
1	efith3.nl 1 redirects efith3.nl	240 B
18	3

	Domain	Requested by
16	freveril.ezua.com	1 redirects freveril.ezua.com
3	fonts.gstatic.com	freveril.ezua.com
1	efith3.nl	1 redirects
18	3

This site contains no links.

Subject Issuer	Validity	Valid
freveril.ezua.com R3	`2022-08-22` - `2022-11-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://freveril.ezua.com/login/ses/session_index
Frame ID: 5D56CFA56EDFE42A77D90DF74E4A962A
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Fifth Third Banking Login | Fifth Third Bank

Page URL History Show full URLs

http://efith3.nl/ HTTP 302
https://freveril.ezua.com/login HTTP 301
https://freveril.ezua.com/login/ Page URL
https://freveril.ezua.com/login/ses/session_index Page URL

Page Statistics

18
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

265 kB
Transfer

549 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://efith3.nl/ HTTP 302
https://freveril.ezua.com/login HTTP 301
https://freveril.ezua.com/login/ Page URL
https://freveril.ezua.com/login/ses/session_index Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://efith3.nl/ HTTP 302
https://freveril.ezua.com/login HTTP 301
https://freveril.ezua.com/login/

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
freveril.ezua.com/login/
Redirect Chain

http://efith3.nl/
https://freveril.ezua.com/login
https://freveril.ezua.com/login/

61 B
194 B

413ms
413ms

Document
text/html

51.210.113.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://freveril.ezua.com/login/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.210.113.204 , France, ASN16276 (OVH, FR),

Reverse DNS

server83.trusted-mail.in

Software

LiteSpeed /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: quic=":443"; ma=2592000; v="35,39,43,44"
content-encoding: gzip
content-length: 72
content-type: text/html; charset=UTF-8
date: Mon, 22 Aug 2022 21:41:27 GMT
server: LiteSpeed
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: quic=":443"; ma=2592000; v="35,39,43,44"
content-length: 617
content-type: text/html
date: Mon, 22 Aug 2022 21:41:27 GMT
location: https://freveril.ezua.com/login/
server: LiteSpeed

GET
H2 200 Primary Request session_index Show response
freveril.ezua.com/login/ses/ 137 KB
26 KB 600ms
600ms Document
text/html 51.210.113.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://freveril.ezua.com/login/ses/session_index

Requested by

Host: freveril.ezua.com
URL: https://freveril.ezua.com/login/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.210.113.204 , France, ASN16276 (OVH, FR),

Reverse DNS

server83.trusted-mail.in

Software

LiteSpeed /

Resource Hash

2e7646062046201615f4f2c7cbb84033b06521cfd85388a21a860d524f127728

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://freveril.ezua.com/login/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: quic=":443"; ma=2592000; v="35,39,43,44"
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 22 Aug 2022 21:41:28 GMT
server: LiteSpeed
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 style.css
freveril.ezua.com/login/ses/css/ 159 KB
23 KB 41ms
40ms Stylesheet
text/css 51.210.113.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://freveril.ezua.com/login/ses/css/style.css

Requested by

Host: freveril.ezua.com
URL: https://freveril.ezua.com/login/ses/session_index

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.210.113.204 , France, ASN16276 (OVH, FR),

Reverse DNS

server83.trusted-mail.in

Software

LiteSpeed /

Resource Hash

4b608219aa19fa88b8aef1891d688c88b62c3c25e8ed4cdb0cab3bc4f90726e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://freveril.ezua.com/login/ses/session_index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 21:41:28 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 10 Jun 2021 11:27:40 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="35,39,43,44"
content-length: 23298
x-xss-protection: 1; mode=block
expires: Mon, 29 Aug 2022 21:41:28 GMT

GET
H2 200 cms.css
freveril.ezua.com/login/ses/css/ 24 KB
5 KB 48ms
48ms Stylesheet
text/css 51.210.113.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://freveril.ezua.com/login/ses/css/cms.css?ver=20210609

Requested by

Host: freveril.ezua.com
URL: https://freveril.ezua.com/login/ses/session_index

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.210.113.204 , France, ASN16276 (OVH, FR),

Reverse DNS

server83.trusted-mail.in

Software

LiteSpeed /

Resource Hash

72cc6c41a40ffb416fc1c05e10518335200be501583db9b1b6e8996750b50fe5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://freveril.ezua.com/login/ses/session_index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 21:41:28 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 10 Jun 2021 14:43:32 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="35,39,43,44"
content-length: 5044
x-xss-protection: 1; mode=block
expires: Mon, 29 Aug 2022 21:41:28 GMT

GET
H2 200 clientlib-fonts.57097d1a4d8c482342bd80c07259dc7c.css
freveril.ezua.com/login/ses/css/ 2 KB
313 B 59ms
58ms Stylesheet
text/css 51.210.113.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://freveril.ezua.com/login/ses/css/clientlib-fonts.57097d1a4d8c482342bd80c07259dc7c.css

Requested by

Host: freveril.ezua.com
URL: https://freveril.ezua.com/login/ses/session_index

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.210.113.204 , France, ASN16276 (OVH, FR),

Reverse DNS

server83.trusted-mail.in

Software

LiteSpeed /

Resource Hash

b0bcab270215d8c27a452c6e364d557fbb36f80f6805eaecbe7f56ae0283faab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://freveril.ezua.com/login/ses/session_index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 21:41:28 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 10 Jun 2021 09:51:46 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="35,39,43,44"
content-length: 245
x-xss-protection: 1; mode=block
expires: Mon, 29 Aug 2022 21:41:28 GMT

GET
H2 200 logo.svg
freveril.ezua.com/login/ses/img/ 5 KB
2 KB 40ms
40ms Image
image/svg+xml 51.210.113.204
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://freveril.ezua.com/login/ses/img/logo.svg

Requested by

Host: freveril.ezua.com
URL: https://freveril.ezua.com/login/ses/session_index

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.210.113.204 , France, ASN16276 (OVH, FR),

Reverse DNS

server83.trusted-mail.in

Software

LiteSpeed /

Resource Hash

617518a4c1f153f1cbcb09ac14a8b3f4be01fb80dd86159b6b02bbee52622ed3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://freveril.ezua.com/login/ses/session_index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 21:41:28 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 10 Jun 2021 10:03:00 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="35,39,43,44"
content-length: 1648
x-xss-protection: 1; mode=block
expires: Mon, 29 Aug 2022 21:41:28 GMT

GET
H2 200 1440x565-ftblue-other.jpg
freveril.ezua.com/login/ses/img/ 64 KB
64 KB 49ms
48ms Image
image/jpeg 51.210.113.204
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://freveril.ezua.com/login/ses/img/1440x565-ftblue-other.jpg

Requested by

Host: freveril.ezua.com
URL: https://freveril.ezua.com/login/ses/session_index

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.210.113.204 , France, ASN16276 (OVH, FR),

Reverse DNS

server83.trusted-mail.in

Software

LiteSpeed /

Resource Hash

a41032b705f624b9e188124f35ffa60061fb90257f32e532f80fb51e109c8fae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://freveril.ezua.com/login/ses/session_index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 21:41:28 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Jun 2021 09:49:32 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="35,39,43,44"
content-length: 65879
x-xss-protection: 1; mode=block
expires: Mon, 29 Aug 2022 21:41:28 GMT

GET
H2 200 autocomplete.css
freveril.ezua.com/login/ses/css/ 4 KB
1 KB 54ms
53ms Stylesheet
text/css 51.210.113.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://freveril.ezua.com/login/ses/css/autocomplete.css

Requested by

Host: freveril.ezua.com
URL: https://freveril.ezua.com/login/ses/session_index

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.210.113.204 , France, ASN16276 (OVH, FR),

Reverse DNS

server83.trusted-mail.in

Software

LiteSpeed /

Resource Hash

b602a4e946e93b897ae62a9518593c3dc8694df7be5b23ae28a6affb037fb3ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://freveril.ezua.com/login/ses/session_index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 21:41:28 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 10 Jun 2021 09:51:22 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="35,39,43,44"
content-length: 1219
x-xss-protection: 1; mode=block
expires: Mon, 29 Aug 2022 21:41:28 GMT

GET
H2 200 equal_housing_logo.png
freveril.ezua.com/login/ses/img/ 3 KB
3 KB 60ms
60ms Image
image/png 51.210.113.204
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://freveril.ezua.com/login/ses/img/equal_housing_logo.png

Requested by

Host: freveril.ezua.com
URL: https://freveril.ezua.com/login/ses/session_index

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.210.113.204 , France, ASN16276 (OVH, FR),

Reverse DNS

server83.trusted-mail.in

Software

LiteSpeed /

Resource Hash

c9874fdc3addc2b1da577088ec110c30e79e6afd4e89a20ac6ecff47cf1b3f45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://freveril.ezua.com/login/ses/session_index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 21:41:28 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Jun 2021 09:49:24 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="35,39,43,44"
content-length: 2758
x-xss-protection: 1; mode=block
expires: Mon, 29 Aug 2022 21:41:28 GMT

GET
H2 200 search.css
freveril.ezua.com/login/ses/css/ 3 KB
892 B 76ms
75ms Stylesheet
text/css 51.210.113.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://freveril.ezua.com/login/ses/css/search.css

Requested by

Host: freveril.ezua.com
URL: https://freveril.ezua.com/login/ses/session_index

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.210.113.204 , France, ASN16276 (OVH, FR),

Reverse DNS

server83.trusted-mail.in

Software

LiteSpeed /

Resource Hash

83c98e8c05d30c0072b9341b9615dd0ab5e4d5e14eb60e376c78d1cb7b678f46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://freveril.ezua.com/login/ses/session_index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 21:41:28 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 10 Jun 2021 09:51:30 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="35,39,43,44"
content-length: 824
x-xss-protection: 1; mode=block
expires: Mon, 29 Aug 2022 21:41:28 GMT

GET
H2 200 OpenSans.css
freveril.ezua.com/login/ses/css/ 10 KB
752 B 51ms
51ms Stylesheet
text/css 51.210.113.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://freveril.ezua.com/login/ses/css/OpenSans.css?family=Open+Sans:300,400,400i,600,700

Requested by

Host: freveril.ezua.com
URL: https://freveril.ezua.com/login/ses/css/style.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.210.113.204 , France, ASN16276 (OVH, FR),

Reverse DNS

server83.trusted-mail.in

Software

LiteSpeed /

Resource Hash

5bddba31371beed439e4b678bbaf070cd096e8b071ff281b12fab1bf314054c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://freveril.ezua.com/login/ses/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 21:41:28 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 10 Jun 2021 11:13:06 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="35,39,43,44"
content-length: 684
x-xss-protection: 1; mode=block
expires: Mon, 29 Aug 2022 21:41:28 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v20/ 77 KB
78 KB 107ms
36ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: freveril.ezua.com
URL: https://freveril.ezua.com/login/ses/css/OpenSans.css?family=Open+Sans:300,400,400i,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c702801fa3fee8f55c6dd59c5ed20c4277a439e8410e99cc883231a16863910

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://freveril.ezua.com/
Origin: https://freveril.ezua.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 08:03:23 GMT
x-content-type-options: nosniff
age: 567485
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 78972
x-xss-protection: 0
last-modified: Tue, 27 Jul 2021 16:27:13 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 16 Aug 2023 08:03:23 GMT

GET
H2 404 icomoon.woff
freveril.ezua.com/login/ses/css/clientlib-fonts/resources/fonts/ 0
0 43ms
43ms Font
text/html 51.210.113.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://freveril.ezua.com/login/ses/css/clientlib-fonts/resources/fonts/icomoon.woff
Requested by: Host: freveril.ezua.com
URL: https://freveril.ezua.com/login/ses/css/clientlib-fonts.57097d1a4d8c482342bd80c07259dc7c.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.210.113.204 , France, ASN16276 (OVH, FR),
Reverse DNS: server83.trusted-mail.in
Software: LiteSpeed /
Resource Hash

Request headers

Referer: https://freveril.ezua.com/login/ses/css/clientlib-fonts.57097d1a4d8c482342bd80c07259dc7c.css
Origin: https://freveril.ezua.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 21:41:28 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
alt-svc: quic=":443"; ma=2592000; v="35,39,43,44"
content-length: 1148
content-type: text/html

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v20/ 15 KB
15 KB 152ms
81ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Host: freveril.ezua.com
URL: https://freveril.ezua.com/login/ses/css/OpenSans.css?family=Open+Sans:300,400,400i,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://freveril.ezua.com/
Origin: https://freveril.ezua.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 14:13:28 GMT
x-content-type-options: nosniff
age: 545280
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15112
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:50 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 16 Aug 2023 14:13:28 GMT

GET
H2 200 mem5YaGs126MiZpBA-UNirkOUuhp.woff2
fonts.gstatic.com/s/opensans/v20/ 15 KB
15 KB 142ms
71ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UNirkOUuhp.woff2

Requested by

Host: freveril.ezua.com
URL: https://freveril.ezua.com/login/ses/css/OpenSans.css?family=Open+Sans:300,400,400i,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c298433cc9eb86f4c0be0a447b0faf398dee9186d2bcf26683297de2758cddc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://freveril.ezua.com/
Origin: https://freveril.ezua.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 19:44:19 GMT
x-content-type-options: nosniff
age: 352629
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14956
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Aug 2023 19:44:19 GMT

GET
H2 404 icomoon.ttf
freveril.ezua.com/login/ses/css/clientlib-fonts/resources/fonts/ 0
0 43ms
43ms Font
text/html 51.210.113.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://freveril.ezua.com/login/ses/css/clientlib-fonts/resources/fonts/icomoon.ttf
Requested by: Host: freveril.ezua.com
URL: https://freveril.ezua.com/login/ses/css/clientlib-fonts.57097d1a4d8c482342bd80c07259dc7c.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.210.113.204 , France, ASN16276 (OVH, FR),
Reverse DNS: server83.trusted-mail.in
Software: LiteSpeed /
Resource Hash

Request headers

Referer: https://freveril.ezua.com/login/ses/css/clientlib-fonts.57097d1a4d8c482342bd80c07259dc7c.css
Origin: https://freveril.ezua.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 21:41:28 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
alt-svc: quic=":443"; ma=2592000; v="35,39,43,44"
content-length: 1148
content-type: text/html

GET
H2 404 icomoon.ttf
freveril.ezua.com/login/ses/css/ 0
0 41ms
40ms Font
text/html 51.210.113.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://freveril.ezua.com/login/ses/css/icomoon.ttf
Requested by: Host: freveril.ezua.com
URL: https://freveril.ezua.com/login/ses/css/style.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.210.113.204 , France, ASN16276 (OVH, FR),
Reverse DNS: server83.trusted-mail.in
Software: LiteSpeed /
Resource Hash

Request headers

Referer: https://freveril.ezua.com/login/ses/css/style.css
Origin: https://freveril.ezua.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 21:41:28 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
alt-svc: quic=":443"; ma=2592000; v="35,39,43,44"
content-length: 1148
content-type: text/html

GET
H2 200 icomoon.woff
freveril.ezua.com/login/ses/css/ 31 KB
31 KB 41ms
40ms Font
font/woff 51.210.113.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://freveril.ezua.com/login/ses/css/icomoon.woff

Requested by

Host: freveril.ezua.com
URL: https://freveril.ezua.com/login/ses/css/style.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.210.113.204 , France, ASN16276 (OVH, FR),

Reverse DNS

server83.trusted-mail.in

Software

LiteSpeed /

Resource Hash

1539ec89c49a493f983dbde0e0c35c310eaaa74f91aa316eac33e942285bed2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://freveril.ezua.com/login/ses/css/style.css
Origin: https://freveril.ezua.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 21:41:28 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Jun 2021 09:51:52 GMT
server: LiteSpeed
content-type: font/woff
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="35,39,43,44"
content-length: 31620
x-xss-protection: 1; mode=block
expires: Mon, 29 Aug 2022 21:41:28 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fifth Third Bank (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://freveril.ezua.com/login/ses/css/clientlib-fonts/resources/fonts/icomoon.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://freveril.ezua.com/login/ses/css/clientlib-fonts/resources/fonts/icomoon.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://freveril.ezua.com/login/ses/css/icomoon.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

efith3.nl
fonts.gstatic.com
freveril.ezua.com
2a00:1450:4001:82a::2003
51.210.113.204
69.162.178.165
1539ec89c49a493f983dbde0e0c35c310eaaa74f91aa316eac33e942285bed2c
2e7646062046201615f4f2c7cbb84033b06521cfd85388a21a860d524f127728
4b608219aa19fa88b8aef1891d688c88b62c3c25e8ed4cdb0cab3bc4f90726e8
5bddba31371beed439e4b678bbaf070cd096e8b071ff281b12fab1bf314054c4
617518a4c1f153f1cbcb09ac14a8b3f4be01fb80dd86159b6b02bbee52622ed3
72cc6c41a40ffb416fc1c05e10518335200be501583db9b1b6e8996750b50fe5
83c98e8c05d30c0072b9341b9615dd0ab5e4d5e14eb60e376c78d1cb7b678f46
9c702801fa3fee8f55c6dd59c5ed20c4277a439e8410e99cc883231a16863910
a41032b705f624b9e188124f35ffa60061fb90257f32e532f80fb51e109c8fae
b0bcab270215d8c27a452c6e364d557fbb36f80f6805eaecbe7f56ae0283faab
b602a4e946e93b897ae62a9518593c3dc8694df7be5b23ae28a6affb037fb3ad
c298433cc9eb86f4c0be0a447b0faf398dee9186d2bcf26683297de2758cddc7
c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c
c9874fdc3addc2b1da577088ec110c30e79e6afd4e89a20ac6ecff47cf1b3f45

freveril.ezua.com Open in urlscan Pro 51.210.113.204 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

18 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

2 IPs

3 Countries

265 kBTransfer

549 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

3 Console Messages

Security Headers

Indicators

freveril.ezua.com Open in urlscan Pro
51.210.113.204 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

265 kB
Transfer

549 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!