www.agdzertb.org Open in urlscan Pro
89.163.237.210  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response www.agdzertb.org/mail.sunrise.ch/sunrise.ch/	21 KB 21 KB	66ms 29ms	Document text/html	89.163.237.210 MYLOC-AS
General Check archive.org Show headers Download Go to Full URL http://www.agdzertb.org/mail.sunrise.ch/sunrise.ch/ Protocol HTTP/1.1 Server 89.163.237.210 , Germany, ASN24961 (MYLOC-AS, DE), Reverse DNS node6.1und1.myloc-managedhosting.de Software nginx/1.16.1 / Resource Hash a8fdf226dcee7fe3cd465153a7fbd6287f1cbd734cc521f339a000386e03401f Request headers Host www.agdzertb.org Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Server nginx/1.16.1 Date Mon, 02 Dec 2019 12:19:12 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	open_sans.min.css webmail.hisaka-me.com//cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/open_sans/	6 KB 859 B	243ms 143ms	Stylesheet text/css	212.76.85.84 SAHARANET-AS Saha...
General Check archive.org Show headers Download Go to Full URL http://webmail.hisaka-me.com//cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/open_sans/open_sans.min.css Requested by Host: www.agdzertb.org URL: http://www.agdzertb.org/mail.sunrise.ch/sunrise.ch/ Protocol HTTP/1.1 Server 212.76.85.84 Yanbu, Saudi Arabia, ASN41176 (SAHARANET-AS Sahara Net Main NOC AS, SA), Reverse DNS sl23.sahara.net.sa Software Apache / Resource Hash 919e3b6b5b80ecdfb3c87b5e3aa55f174c21a79ed75c63de2dab20394ff7a676 Request headers Referer http://www.agdzertb.org/mail.sunrise.ch/sunrise.ch/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 02 Dec 2019 12:19:10 GMT Content-Encoding gzip Last-Modified Wed, 04 Dec 2013 21:20:30 GMT Server Apache Content-Type text/css Cache-Control max-age=5184000, public Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 536 Expires Fri, 31 Jan 2020 12:19:10 GMT
GET H/1.1	200 OK	style_v2_optimized.css webmail.hisaka-me.com//cPanel_magic_revision_1435224206/unprotected/cpanel/	117 KB 27 KB	254ms 154ms	Stylesheet text/css	212.76.85.84 SAHARANET-AS Saha...
General Check archive.org Show headers Download Go to Full URL http://webmail.hisaka-me.com//cPanel_magic_revision_1435224206/unprotected/cpanel/style_v2_optimized.css Requested by Host: www.agdzertb.org URL: http://www.agdzertb.org/mail.sunrise.ch/sunrise.ch/ Protocol HTTP/1.1 Server 212.76.85.84 Yanbu, Saudi Arabia, ASN41176 (SAHARANET-AS Sahara Net Main NOC AS, SA), Reverse DNS sl23.sahara.net.sa Software Apache / Resource Hash 210719437013d2d3e8ec7171ed5280afe57a525b1ac2503254315b236d9d63e9 Request headers Referer http://www.agdzertb.org/mail.sunrise.ch/sunrise.ch/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 02 Dec 2019 12:19:10 GMT Content-Encoding gzip Last-Modified Sun, 03 Nov 2019 23:19:16 GMT Server Apache Content-Type text/css Cache-Control max-age=5184000, public Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 27399 Expires Fri, 31 Jan 2020 12:19:10 GMT
GET H/1.1	200 OK	sunrise-logo.png www.sunrise.ch/content/sunrise/en/residential/_jcr_content/header/logo.1487756076730.transform/original/	9 KB 11 KB	104ms 24ms	Image image/png	212.35.60.35 SUNRISE
General Check archive.org Show headers Download Go to Show image Full URL https://www.sunrise.ch/content/sunrise/en/residential/_jcr_content/header/logo.1487756076730.transform/original/sunrise-logo.png Requested by Host: www.agdzertb.org URL: http://www.agdzertb.org/mail.sunrise.ch/sunrise.ch/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 212.35.60.35 , Switzerland, ASN6730 (SUNRISE, CH), Reverse DNS le-meilleur-reseau.ch Software Entry Server / Resource Hash 765d3288d525e64c140c29b1e756574f2336d8c706f3a6768e83a108c19925ee Security Headers Name Value Strict-Transport-Security max-age=31536000; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer http://www.agdzertb.org/mail.sunrise.ch/sunrise.ch/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 02 Dec 2019 12:19:12 GMT Strict-Transport-Security max-age=31536000; preload X-Content-Type-Options nosniff Content-Security-Policy-Report-Only default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: data: image/*; frame-ancestors 'self' *.sunrise.ch; frame-src https:; connect-src https: wss:; font-src https:; media-src 'self' https://media-eu2.digital.nuance.com; report-uri https://www.sunrise.ch/csp-collector; upgrade-insecure-requests Connection Keep-Alive Content-Length 9563 X-XSS-Protection 1; mode=block Referrer-Policy strict-origin-when-cross-origin Last-Modified Thu, 28 Nov 2019 21:35:00 GMT Server Entry Server ETag "255b-5986ee2ad49af" X-Frame-Options SAMEORIGIN Content-Type image/png Cache-Control max-age=2592000 Accept-Ranges bytes Keep-Alive timeout=5, max=57 Expires Wed, 01 Jan 2020 12:19:12 GMT
GET H/1.1	200 OK	notice-error.png webmail.hisaka-me.com/cPanel_magic_revision_1435190406/unprotected/cpanel/images/	1 KB 1 KB	104ms 103ms	Image image/png	212.76.85.84 SAHARANET-AS Saha...
General Check archive.org Show headers Download Go to Show image Full URL http://webmail.hisaka-me.com/cPanel_magic_revision_1435190406/unprotected/cpanel/images/notice-error.png Requested by Host: www.agdzertb.org URL: http://www.agdzertb.org/mail.sunrise.ch/sunrise.ch/ Protocol HTTP/1.1 Server 212.76.85.84 Yanbu, Saudi Arabia, ASN41176 (SAHARANET-AS Sahara Net Main NOC AS, SA), Reverse DNS sl23.sahara.net.sa Software Apache / Resource Hash bcaf01928e5c7246ab0bb7e83f609b485a67a5e442d3dd94539a883c11fb70cd Request headers Referer http://webmail.hisaka-me.com//cPanel_magic_revision_1435224206/unprotected/cpanel/style_v2_optimized.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 02 Dec 2019 12:19:11 GMT Last-Modified Thu, 25 Jun 2015 00:00:06 GMT Server Apache Content-Type image/png Cache-Control max-age=5184000, public Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 1026 Expires Fri, 31 Jan 2020 12:19:11 GMT
GET H/1.1	200 OK	icon-username.png webmail.hisaka-me.com/cPanel_magic_revision_1435191158/unprotected/cpanel/images/	320 B 619 B	103ms 103ms	Image image/png	212.76.85.84 SAHARANET-AS Saha...
General Check archive.org Show headers Download Go to Show image Full URL http://webmail.hisaka-me.com/cPanel_magic_revision_1435191158/unprotected/cpanel/images/icon-username.png Requested by Host: www.agdzertb.org URL: http://www.agdzertb.org/mail.sunrise.ch/sunrise.ch/ Protocol HTTP/1.1 Server 212.76.85.84 Yanbu, Saudi Arabia, ASN41176 (SAHARANET-AS Sahara Net Main NOC AS, SA), Reverse DNS sl23.sahara.net.sa Software Apache / Resource Hash 05ce0f813e6236158fa1d115faba62cd2041aab1878cac0960a0f45575cece1e Request headers Referer http://webmail.hisaka-me.com//cPanel_magic_revision_1435224206/unprotected/cpanel/style_v2_optimized.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 02 Dec 2019 12:19:11 GMT Last-Modified Thu, 25 Jun 2015 00:12:38 GMT Server Apache Content-Type image/png Cache-Control max-age=5184000, public Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 320 Expires Fri, 31 Jan 2020 12:19:11 GMT
GET		OpenSans-Regular-webfont.woff webmail.hisaka-me.com/cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/	0 0
GET H/1.1	200 OK	icon-password.png webmail.hisaka-me.com/cPanel_magic_revision_1435194248/unprotected/cpanel/images/	450 B 750 B	226ms 129ms	Image image/png	212.76.85.84 SAHARANET-AS Saha...
General Check archive.org Show headers Download Go to Show image Full URL http://webmail.hisaka-me.com/cPanel_magic_revision_1435194248/unprotected/cpanel/images/icon-password.png Requested by Host: www.agdzertb.org URL: http://www.agdzertb.org/mail.sunrise.ch/sunrise.ch/ Protocol HTTP/1.1 Server 212.76.85.84 Yanbu, Saudi Arabia, ASN41176 (SAHARANET-AS Sahara Net Main NOC AS, SA), Reverse DNS sl23.sahara.net.sa Software Apache / Resource Hash a02998df88a6efb0baa526796b2b682ce9fdd6471ceb19170b326320f22f7053 Request headers Referer http://webmail.hisaka-me.com//cPanel_magic_revision_1435224206/unprotected/cpanel/style_v2_optimized.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 02 Dec 2019 12:19:11 GMT Last-Modified Thu, 25 Jun 2015 01:04:08 GMT Server Apache Content-Type image/png Cache-Control max-age=5184000, public Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 450 Expires Fri, 31 Jan 2020 12:19:11 GMT
GET		OpenSans-Semibold-webfont.woff webmail.hisaka-me.com/cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/	0 0
GET		OpenSans-Bold-webfont.woff webmail.hisaka-me.com/cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/	0 0
GET H/1.1	200 OK	notice-info.png webmail.hisaka-me.com/cPanel_magic_revision_1435193549/unprotected/cpanel/images/	976 B 1 KB	103ms 103ms	Image image/png	212.76.85.84 SAHARANET-AS Saha...
General Check archive.org Show headers Download Go to Show image Full URL http://webmail.hisaka-me.com/cPanel_magic_revision_1435193549/unprotected/cpanel/images/notice-info.png Requested by Host: www.agdzertb.org URL: http://www.agdzertb.org/mail.sunrise.ch/sunrise.ch/ Protocol HTTP/1.1 Server 212.76.85.84 Yanbu, Saudi Arabia, ASN41176 (SAHARANET-AS Sahara Net Main NOC AS, SA), Reverse DNS sl23.sahara.net.sa Software Apache / Resource Hash 95f8a142dd96c310afeb75329ef504f162ab3102a81fc07f20b268361990f526 Request headers Referer http://webmail.hisaka-me.com//cPanel_magic_revision_1435224206/unprotected/cpanel/style_v2_optimized.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 02 Dec 2019 12:19:11 GMT Last-Modified Thu, 25 Jun 2015 00:52:29 GMT Server Apache Content-Type image/png Cache-Control max-age=5184000, public Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 976 Expires Fri, 31 Jan 2020 12:19:11 GMT
GET H/1.1	200 OK	notice-success.png webmail.hisaka-me.com/cPanel_magic_revision_1435190773/unprotected/cpanel/images/	962 B 1 KB	103ms 103ms	Image image/png	212.76.85.84 SAHARANET-AS Saha...
General Check archive.org Show headers Download Go to Show image Full URL http://webmail.hisaka-me.com/cPanel_magic_revision_1435190773/unprotected/cpanel/images/notice-success.png Requested by Host: www.agdzertb.org URL: http://www.agdzertb.org/mail.sunrise.ch/sunrise.ch/ Protocol HTTP/1.1 Server 212.76.85.84 Yanbu, Saudi Arabia, ASN41176 (SAHARANET-AS Sahara Net Main NOC AS, SA), Reverse DNS sl23.sahara.net.sa Software Apache / Resource Hash cafbe3036533fe094931f5745f8cb9962a34409522e93d63ac8427acb9a02c79 Request headers Referer http://webmail.hisaka-me.com//cPanel_magic_revision_1435224206/unprotected/cpanel/style_v2_optimized.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 02 Dec 2019 12:19:11 GMT Last-Modified Thu, 25 Jun 2015 00:06:13 GMT Server Apache Content-Type image/png Cache-Control max-age=5184000, public Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 962 Expires Fri, 31 Jan 2020 12:19:11 GMT
GET H/1.1	200 OK	warning.png webmail.hisaka-me.com/cPanel_magic_revision_1435191491/unprotected/cpanel/images/	1 KB 1 KB	104ms 104ms	Image image/png	212.76.85.84 SAHARANET-AS Saha...
General Check archive.org Show headers Download Go to Show image Full URL http://webmail.hisaka-me.com/cPanel_magic_revision_1435191491/unprotected/cpanel/images/warning.png Requested by Host: www.agdzertb.org URL: http://www.agdzertb.org/mail.sunrise.ch/sunrise.ch/ Protocol HTTP/1.1 Server 212.76.85.84 Yanbu, Saudi Arabia, ASN41176 (SAHARANET-AS Sahara Net Main NOC AS, SA), Reverse DNS sl23.sahara.net.sa Software Apache / Resource Hash 7ecb82019606d891c5197d2f8ba24ec323d9b10a089facc82d089ff1ec3d399b Request headers Referer http://webmail.hisaka-me.com//cPanel_magic_revision_1435224206/unprotected/cpanel/style_v2_optimized.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 02 Dec 2019 12:19:11 GMT Last-Modified Thu, 25 Jun 2015 00:18:11 GMT Server Apache Content-Type image/png Cache-Control max-age=5184000, public Connection Keep-Alive Keep-Alive timeout=5, max=97 Content-Length 1060 Expires Fri, 31 Jan 2020 12:19:11 GMT
GET		OpenSans-Semibold-webfont.ttf webmail.hisaka-me.com/cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/	0 0
GET		OpenSans-Regular-webfont.ttf webmail.hisaka-me.com/cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/	0 0
GET		OpenSans-Bold-webfont.ttf webmail.hisaka-me.com/cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

webmail.hisaka-me.com

URL

http://webmail.hisaka-me.com/cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff

Domain

webmail.hisaka-me.com

URL

http://webmail.hisaka-me.com/cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff

Domain

webmail.hisaka-me.com

URL

http://webmail.hisaka-me.com/cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.woff

Domain

webmail.hisaka-me.com

URL

http://webmail.hisaka-me.com/cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.ttf

Domain

webmail.hisaka-me.com

URL

http://webmail.hisaka-me.com/cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.ttf

Domain

webmail.hisaka-me.com

URL

http://webmail.hisaka-me.com/cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.ttf

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sunrise (Telecommunication)

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| DOM object| MESSAGES function| toggle_locales function| fade_in function| fade_out function| ajaxObject function| login_results function| show_status function| reset_status_timeout function| set_status_timeout function| do_login function| _set_links_style function| hide_links function| show_links number| FADE_DURATION number| FADE_DELAY number| AJAX_TIMEOUT object| LOCALE_FADES boolean| HAS_CSS_OPACITY object| login_form object| login_username_el object| login_password_el object| login_submit_el object| div_cache object| content_cell object| reset_form object| reset_username_el object| RESET_FADES function| show_reset function| hide_reset function| set_opacity undefined| filter_regex string| _text_content object| level_classes object| levels_regex string| lv object| STATUS_TIMEOUT boolean| LOGIN_SUBMIT_OK object| login_button undefined| new_script object| preload boolean| IS_LOGOUT

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

webmail.hisaka-me.com
www.agdzertb.org
www.sunrise.ch
webmail.hisaka-me.com
212.35.60.35
212.76.85.84
89.163.237.210
05ce0f813e6236158fa1d115faba62cd2041aab1878cac0960a0f45575cece1e
210719437013d2d3e8ec7171ed5280afe57a525b1ac2503254315b236d9d63e9
765d3288d525e64c140c29b1e756574f2336d8c706f3a6768e83a108c19925ee
7ecb82019606d891c5197d2f8ba24ec323d9b10a089facc82d089ff1ec3d399b
919e3b6b5b80ecdfb3c87b5e3aa55f174c21a79ed75c63de2dab20394ff7a676
95f8a142dd96c310afeb75329ef504f162ab3102a81fc07f20b268361990f526
a02998df88a6efb0baa526796b2b682ce9fdd6471ceb19170b326320f22f7053
a8fdf226dcee7fe3cd465153a7fbd6287f1cbd734cc521f339a000386e03401f
bcaf01928e5c7246ab0bb7e83f609b485a67a5e442d3dd94539a883c11fb70cd
cafbe3036533fe094931f5745f8cb9962a34409522e93d63ac8427acb9a02c79