macococosmetics.com Open in urlscan Pro
79.137.5.88 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://macococosmetics.com/webservices/user
Effective URL:
http://macococosmetics.com/webservices/user/i1/News1?cmd=_b1&dispatch=bfed4f9f5bc8039a5ccd0a939&locale=en_FR
Submission: On May 08 via automatic, source openphish (May 8th 2022, 1:09:24 pm UTC) — Scanned from FR

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 79.137.5.88, located in France and belongs to OVH, FR. The main domain is macococosmetics.com.

This is the only time macococosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address		AS Autonomous System
2 9	79.137.5.88 79.137.5.88		16276 (OVH) (OVH)
8	2

9 79.137.5.88 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: c8.zenhosting.info

macococosmetics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	macococosmetics.com 2 redirects macococosmetics.com	69 KB
0	se3curity.com Failed www.se3curity.com Failed
8	2

	Domain	Requested by
9	macococosmetics.com	2 redirects macococosmetics.com
0	www.se3curity.com Failed	macococosmetics.com
8	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://macococosmetics.com/webservices/user/i1/News1?cmd=_b1&dispatch=bfed4f9f5bc8039a5ccd0a939&locale=en_FR
Frame ID: 2994EBE118132C1A322703D039D7E15F
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log in to your account

Page URL History Show full URLs

http://macococosmetics.com/webservices/user HTTP 301
http://macococosmetics.com/webservices/user/ Page URL
http://macococosmetics.com/webservices/user/i1/ HTTP 302
http://macococosmetics.com/webservices/user/i1/News1?cmd=_b1&dispatch=bfed4f9f5bc8039a5ccd0a939&locale=... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

69 kB
Transfer

461 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://macococosmetics.com/webservices/user HTTP 301
http://macococosmetics.com/webservices/user/ Page URL
http://macococosmetics.com/webservices/user/i1/ HTTP 302
http://macococosmetics.com/webservices/user/i1/News1?cmd=_b1&dispatch=bfed4f9f5bc8039a5ccd0a939&locale=en_FR Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://macococosmetics.com/webservices/user HTTP 301
http://macococosmetics.com/webservices/user/

Request Chain 3

http://se3curity.com/js/jquery.js HTTP 302
http://www.se3curity.com/js/jquery.js?from=%40

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response macococosmetics.com/webservices/user/ Redirect Chain http://macococosmetics.com/webservices/user http://macococosmetics.com/webservices/user/	225 KB 4 KB	15ms 15ms	Document text/html	79.137.5.88 OVH
General Check archive.org Show headers Download Go to Full URL http://macococosmetics.com/webservices/user/ Protocol HTTP/1.1 Server 79.137.5.88 , France, ASN16276 (OVH, FR), Reverse DNS c8.zenhosting.info Software LiteSpeed / Resource Hash `bf04bc0e22253efdc6d69cc29c50d0b25d2fa9bdc4b89770c76c2eb895f35856` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers Connection Keep-Alive Keep-Alive timeout=5, max=100 accept-ranges bytes cache-control public, max-age=7200 content-encoding gzip content-length 3777 content-type text/html date Sun, 08 May 2022 13:09:20 GMT etag "3833f-5e55b9b8-78966d6e6bf26691;gz" expires Sun, 08 May 2022 15:09:20 GMT last-modified Wed, 26 Feb 2020 00:20:08 GMT server LiteSpeed vary Accept-Encoding,User-Agent,User-Agent,User-Agent Redirect headers Connection Keep-Alive Keep-Alive timeout=5, max=100 content-length 707 content-type text/html date Sun, 08 May 2022 13:09:20 GMT location http://macococosmetics.com/webservices/user/ server LiteSpeed vary User-Agent
GET H/1.1	200 OK	Primary Request News1 Show response macococosmetics.com/webservices/user/i1/ Redirect Chain http://macococosmetics.com/webservices/user/i1/ http://macococosmetics.com/webservices/user/i1/News1?cmd=_b1&dispatch=bfed4f9f5bc8039a5ccd0a939&locale=en_FR	55 KB 3 KB	19ms 19ms	Document text/html	79.137.5.88 OVH
General Check archive.org Show headers Download Go to Full URL http://macococosmetics.com/webservices/user/i1/News1?cmd=_b1&dispatch=bfed4f9f5bc8039a5ccd0a939&locale=en_FR Protocol HTTP/1.1 Server 79.137.5.88 , France, ASN16276 (OVH, FR), Reverse DNS c8.zenhosting.info Software LiteSpeed / PHP/5.6.40 Resource Hash `bb6ec62aebd9a23c6a7d1fb0c1c2eb13890638ffb44e2e02324eaf94d5706029` Request headers Referer http://macococosmetics.com/webservices/user/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers Connection Keep-Alive Keep-Alive timeout=5, max=100 content-encoding gzip content-length 2856 content-type text/html; charset=UTF-8 date Sun, 08 May 2022 13:09:21 GMT expires Sun, 08 May 2022 15:09:21 GMT server LiteSpeed vary Accept-Encoding,User-Agent,User-Agent,User-Agent x-powered-by PHP/5.6.40 Redirect headers Connection Keep-Alive Keep-Alive timeout=5, max=100 content-length 0 content-type text/html; charset=UTF-8 date Sun, 08 May 2022 13:09:21 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location News1?cmd=_b1&dispatch=bfed4f9f5bc8039a5ccd0a939&locale=en_FR pragma no-cache server LiteSpeed vary User-Agent,User-Agent,User-Agent x-powered-by PHP/5.6.40
GET H/1.1	200 OK	main.css macococosmetics.com/webservices/user/i1/css/	28 KB 8 KB	16ms 16ms	Stylesheet text/css	79.137.5.88 OVH
General Check archive.org Show headers Download Go to Full URL http://macococosmetics.com/webservices/user/i1/css/main.css Requested by Host: macococosmetics.com URL: http://macococosmetics.com/webservices/user/ Protocol HTTP/1.1 Server 79.137.5.88 , France, ASN16276 (OVH, FR), Reverse DNS c8.zenhosting.info Software LiteSpeed / Resource Hash `44c98c583d152fb24267444070a9cf252c3109850e010be60f83b92279305ffd` Request headers accept-language fr-FR,fr;q=0.9 Referer http://macococosmetics.com/webservices/user/i1/News1?cmd=_b1&dispatch=bfed4f9f5bc8039a5ccd0a939&locale=en_FR User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Sun, 08 May 2022 13:09:21 GMT content-encoding gzip last-modified Wed, 26 Feb 2020 00:20:11 GMT server LiteSpeed etag "718f-5e55b9bb-eeff894cef744dff;gz" vary Accept-Encoding,User-Agent,User-Agent,User-Agent content-type text/css cache-control public, max-age=2592000 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 7417 expires Tue, 07 Jun 2022 13:09:21 GMT
GET H/1.1	200 OK	jquery.js Show response macococosmetics.com/webservices/user/i1/js/vendor/	94 KB 33 KB	33ms 18ms	Script application/javascript	79.137.5.88 OVH
General Check archive.org Show headers Download Go to Full URL http://macococosmetics.com/webservices/user/i1/js/vendor/jquery.js Requested by Host: macococosmetics.com URL: http://macococosmetics.com/webservices/user/ Protocol HTTP/1.1 Server 79.137.5.88 , France, ASN16276 (OVH, FR), Reverse DNS c8.zenhosting.info Software LiteSpeed / Resource Hash `e8fbccfcac07bb996f74fd19e77f601372a374b3f756a2d8389e931271945c2a` Request headers accept-language fr-FR,fr;q=0.9 Referer http://macococosmetics.com/webservices/user/i1/News1?cmd=_b1&dispatch=bfed4f9f5bc8039a5ccd0a939&locale=en_FR User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Sun, 08 May 2022 13:09:21 GMT content-encoding gzip last-modified Wed, 26 Feb 2020 00:20:14 GMT server LiteSpeed etag "176fc-5e55b9be-5dc9a3dcf65fe2be;gz" vary Accept-Encoding,User-Agent,User-Agent,User-Agent content-type application/javascript cache-control public, max-age=259200 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 33432 expires Wed, 11 May 2022 13:09:21 GMT
GET		jquery.js www.se3curity.com/js/ Redirect Chain http://se3curity.com/js/jquery.js http://www.se3curity.com/js/jquery.js?from=%40	0 0

GET H/1.1	200 OK	plugins.js Show response macococosmetics.com/webservices/user/i1/js/	55 KB 15 KB	32ms 18ms	Script application/javascript	79.137.5.88 OVH
General Check archive.org Show headers Download Go to Full URL http://macococosmetics.com/webservices/user/i1/js/plugins.js Requested by Host: macococosmetics.com URL: http://macococosmetics.com/webservices/user/ Protocol HTTP/1.1 Server 79.137.5.88 , France, ASN16276 (OVH, FR), Reverse DNS c8.zenhosting.info Software LiteSpeed / Resource Hash `607530a98b7c468dd0734a70b6e1d3d1decf1d2e5f949cae492b98f43ee74949` Request headers accept-language fr-FR,fr;q=0.9 Referer http://macococosmetics.com/webservices/user/i1/News1?cmd=_b1&dispatch=bfed4f9f5bc8039a5ccd0a939&locale=en_FR User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Sun, 08 May 2022 13:09:21 GMT content-encoding gzip last-modified Wed, 26 Feb 2020 00:20:13 GMT server LiteSpeed etag "da05-5e55b9bd-3197bb85c873005f;gz" vary Accept-Encoding,User-Agent,User-Agent,User-Agent content-type application/javascript cache-control public, max-age=259200 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 15260 expires Wed, 11 May 2022 13:09:21 GMT
GET H/1.1	404 Not Found	normalize.css macococosmetics.com/webservices/user/i1/css/	0 0	15ms 15ms	Stylesheet text/html	79.137.5.88 OVH
General Check archive.org Show headers Download Go to Full URL http://macococosmetics.com/webservices/user/i1/css/normalize.css Requested by Host: macococosmetics.com URL: http://macococosmetics.com/webservices/user/i1/css/main.css Protocol HTTP/1.1 Server 79.137.5.88 , France, ASN16276 (OVH, FR), Reverse DNS c8.zenhosting.info Software LiteSpeed / Resource Hash Request headers accept-language fr-FR,fr;q=0.9 Referer http://macococosmetics.com/webservices/user/i1/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers pragma no-cache date Sun, 08 May 2022 13:09:21 GMT server LiteSpeed vary User-Agent,User-Agent,User-Agent content-type text/html cache-control private, no-cache, no-store, must-revalidate, max-age=0 Connection Keep-Alive Keep-Alive timeout=5, max=100 content-length 1238
GET H/1.1	200 OK	logo.png macococosmetics.com/webservices/user/i1/images/	5 KB 5 KB	16ms 16ms	Image image/png	79.137.5.88 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://macococosmetics.com/webservices/user/i1/images/logo.png Requested by Host: macococosmetics.com URL: http://macococosmetics.com/webservices/user/i1/css/main.css Protocol HTTP/1.1 Server 79.137.5.88 , France, ASN16276 (OVH, FR), Reverse DNS c8.zenhosting.info Software LiteSpeed / Resource Hash `3d6fd1d01b7b8800c81c9557eab05a0ca5858483c426e0ba9bdca515dd7b2521` Request headers accept-language fr-FR,fr;q=0.9 Referer http://macococosmetics.com/webservices/user/i1/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Sun, 08 May 2022 13:09:21 GMT last-modified Wed, 26 Feb 2020 00:20:11 GMT server LiteSpeed etag "1363-5e55b9bb-9231b4570a4a2d2;;;" vary User-Agent,User-Agent,User-Agent content-type image/png cache-control public, max-age=2592000 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 4963 expires Tue, 07 Jun 2022 13:09:21 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.se3curity.com
URL: http://www.se3curity.com/js/jquery.js?from=%40

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			macococosmetics.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: luljima9vq8j6vct808n1j2t15

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	(Line 3) Message: The value "" for key "initial-scale" is invalid, and has been ignored.
javascript	warning	(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://se3curity.com/js/jquery.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: http://macococosmetics.com/webservices/user/i1/css/normalize.css Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://www.se3curity.com/js/jquery.js?from=%40 Message: Failed to load resource: net::ERR_CONNECTION_RESET

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

macococosmetics.com
www.se3curity.com
www.se3curity.com
79.137.5.88
3d6fd1d01b7b8800c81c9557eab05a0ca5858483c426e0ba9bdca515dd7b2521
44c98c583d152fb24267444070a9cf252c3109850e010be60f83b92279305ffd
607530a98b7c468dd0734a70b6e1d3d1decf1d2e5f949cae492b98f43ee74949
bb6ec62aebd9a23c6a7d1fb0c1c2eb13890638ffb44e2e02324eaf94d5706029
bf04bc0e22253efdc6d69cc29c50d0b25d2fa9bdc4b89770c76c2eb895f35856
e8fbccfcac07bb996f74fd19e77f601372a374b3f756a2d8389e931271945c2a

macococosmetics.com Open in urlscan Pro 79.137.5.88 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

69 kBTransfer

461 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

1 Cookies

4 Console Messages

Indicators

macococosmetics.com Open in urlscan Pro
79.137.5.88 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

69 kB
Transfer

461 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!