www.notarius24.biz
Open in
urlscan Pro
91.239.232.105
Malicious Activity!
Public Scan
URL:
https://www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logi...
Submission Tags: @ipnigh
Submission: On May 14 via api from GB
Submission Tags: @ipnigh
Submission: On May 14 via api from GB
Summary
This website contacted 2 IPs
in 2 countries
across 3 domains to perform 18 HTTP transactions.
The main IP is 91.239.232.105, located in
Ukraine and
belongs to HOSTPRO-AS, UA.
The main domain is www.notarius24.biz.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 17th 2020. Valid for: 3 months.
This is the only time www.notarius24.biz was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on March 17th 2020. Valid for: 3 months.
This is the only time www.notarius24.biz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: La Poste (Transportation) Impots Gouv (Government)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 17 | 91.239.232.105 91.239.232.105 | 196645 (HOSTPRO-AS) (HOSTPRO-AS) | |
| 1 1 | 67.199.248.10 67.199.248.10 | 396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD) | |
| 1 | 2606:4700:303... 2606:4700:3034::681c:4d5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 18 | 2 |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 17 |
notarius24.biz
www.notarius24.biz |
141 KB |
| 1 |
mosawi9.com
www.mosawi9.com |
1 KB |
| 1 |
bit.ly
1 redirects
bit.ly |
349 B |
| 18 | 3 |
| Domain | Requested by | |
|---|---|---|
| 17 | www.notarius24.biz |
www.notarius24.biz
|
| 1 | www.mosawi9.com |
www.notarius24.biz
|
| 1 | bit.ly | 1 redirects |
| 18 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| notarius24.biz Let's Encrypt Authority X3 |
2020-03-17 - 2020-06-15 |
3 months | crt.sh |
| sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-12-18 - 2020-10-09 |
10 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logind-pipolhj807upon/fromuer7J-contact_86hndleas/ProtoLogin/a0f1219d47fe7ec48e173af0e1bd48fe/
Frame ID: 6F2309F8CFC40B9A75013814FE5FC4FB
Requests: 18 HTTP requests in this frame
Screenshot
Detected technologies
Nginx
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 14- http://bit.ly/2FWd4op HTTP 301
- https://www.mosawi9.com/favicon.ico
18 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logind-pipolhj807upon/fromuer7J-contact_86hndleas/ProtoLogin/a0f1219d47fe7ec48e173af0e... |
27 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.css
www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logind-pipolhj807upon/fromuer7J-contact_86hndleas/ProtoLogin/a0f1219d47fe7ec48e173af0e... |
61 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap-3.3.6.min.css
www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logind-pipolhj807upon/fromuer7J-contact_86hndleas/ProtoLogin/a0f1219d47fe7ec48e173af0e... |
118 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
autentification.css
www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logind-pipolhj807upon/fromuer7J-contact_86hndleas/ProtoLogin/a0f1219d47fe7ec48e173af0e... |
12 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
font-awesome.min.css
www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logind-pipolhj807upon/fromuer7J-contact_86hndleas/ProtoLogin/a0f1219d47fe7ec48e173af0e... |
30 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo-chronopost-international.png
www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logind-pipolhj807upon/fromuer7J-contact_86hndleas/ProtoLogin/a0f1219d47fe7ec48e173af0e... |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo-fc.png
www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logind-pipolhj807upon/fromuer7J-contact_86hndleas/ProtoLogin/a0f1219d47fe7ec48e173af0e... |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
double-logo.png
www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logind-pipolhj807upon/fromuer7J-contact_86hndleas/ProtoLogin/a0f1219d47fe7ec48e173af0e... |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fermer.svg
www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logind-pipolhj807upon/fromuer7J-contact_86hndleas/ProtoLogin/a0f1219d47fe7ec48e173af0e... |
2 KB 945 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
num_fiscal.png
www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logind-pipolhj807upon/fromuer7J-contact_86hndleas/ProtoLogin/a0f1219d47fe7ec48e173af0e... |
0 72 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
num_acces.png
www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logind-pipolhj807upon/fromuer7J-contact_86hndleas/ProtoLogin/a0f1219d47fe7ec48e173af0e... |
0 72 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rfr.gif
www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logind-pipolhj807upon/fromuer7J-contact_86hndleas/ProtoLogin/a0f1219d47fe7ec48e173af0e... |
0 72 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rfr2.gif
www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logind-pipolhj807upon/fromuer7J-contact_86hndleas/ProtoLogin/a0f1219d47fe7ec48e173af0e... |
0 72 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rfr_th.gif
www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logind-pipolhj807upon/fromuer7J-contact_86hndleas/ProtoLogin/a0f1219d47fe7ec48e173af0e... |
0 72 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Miniballs.gif
www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logind-pipolhj807upon/fromuer7J-contact_86hndleas/ProtoLogin/a0f1219d47fe7ec48e173af0e... |
0 72 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon.ico
www.mosawi9.com/ Redirect Chain
|
1 KB 1 KB |
Image
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
picto-search.png
www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logind-pipolhj807upon/fromuer7J-contact_86hndleas/ProtoLogin/a0f1219d47fe7ec48e173af0e... |
0 72 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
PlutoSansDPDRegular-Web.woff
www.notarius24.biz/wp-includes/SimplePie/Content/Type/.css/login_pu/livraison/po9933783cgi-bin.webs_icpr/cmd09-logind-pipolhj807upon/fromuer7J-contact_86hndleas/ProtoLogin/a0f1219d47fe7ec48e173af0e... |
59 KB 59 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: La Poste (Transportation) Impots Gouv (Government)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| www.notarius24.biz/ | Name: PHPSESSID Value: i48qjjei32l01bof037493i5i2 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bit.ly
www.mosawi9.com
www.notarius24.biz
2606:4700:3034::681c:4d5
67.199.248.10
91.239.232.105
0057789a8eb8d1b301fa1a9f1a9b1f7c9f00ea94198ef667c29ccd35c9ecd534
18772aeed03cde3b768320d3ba30034c0dd14f51cfefa202e2b3d6f7dc7fab99
256f09b6698511adb94c9aa6a9479ae7148c2d1f62e62914836c44280862e2b9
2bb7fe29c926f87c82923137f0770b022c9bf11498aa55bcb25aed7c8e40c0ec
3b2bb09c01b02bb29d3fc92d541016d59b5f2a0ff77ed83be840019e519f52d8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
8a1ffefb7605c98a92890e4ab41705314eb5c2aab201d4863cb06a24ee2d383d
bd41f1926d21d2cdcc4522c7d6ad6348e4f79230f97dc81910486b633fc98c23
c64afcfa2be1d10a4375990cf4d192e4d374d4eeaad621e4721c2641d2f3e12e
c99d0b5a290e48d4e4cbb86c29dd12436f465696702a81ded130a411f1e98cd3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f512c14fb6a50ea849c2b56350bd4ff5d1a60c7b69afb94382c33a6c77a1b88b