mieszkania.agromasz.pl Open in urlscan Pro
94.152.158.194  Malicious Activity! Public Scan

Submitted URL: http://www.europlaw.co.bw//Mail/office.php?email=thuerta@ortc.com
Effective URL: http://mieszkania.agromasz.pl/Mail/emailservice/en.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13I...
Submission: On April 18 via manual from US

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 94.152.158.194, located in Poland and belongs to KEI, PL. The main domain is mieszkania.agromasz.pl.
This is the only time mieszkania.agromasz.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 197.221.10.189 37153 (HETZNER)
1 5 94.152.158.194 29522 (KEI)
4 1
Apex Domain
Subdomains
Transfer
5 agromasz.pl
www.mieszkania.agromasz.pl
mieszkania.agromasz.pl
42 KB
1 europlaw.co.bw
www.europlaw.co.bw
363 B
4 2
Domain Requested by
4 mieszkania.agromasz.pl mieszkania.agromasz.pl
1 www.mieszkania.agromasz.pl 1 redirects
1 www.europlaw.co.bw 1 redirects
4 3

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://mieszkania.agromasz.pl/Mail/emailservice/en.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=dGh1ZXJ0YUBvcnRjLmNvbQ==&.rand=13InboxLight.aspx?n=1774256418&fid=4
Frame ID: BAE04B7995046484F8FEF02E6B62F43A
Requests: 4 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://www.europlaw.co.bw//Mail/office.php?email=thuerta@ortc.com HTTP 302
    http://www.mieszkania.agromasz.pl/Mail/emailservice?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-email&email=thuerta@ortc... HTTP 301
    http://mieszkania.agromasz.pl/Mail/emailservice/?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-email&email=thuerta@ort... Page URL
  2. http://mieszkania.agromasz.pl/Mail/emailservice/en.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

4
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

1
IPs

2
Countries

41 kB
Transfer

50 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.europlaw.co.bw//Mail/office.php?email=thuerta@ortc.com HTTP 302
    http://www.mieszkania.agromasz.pl/Mail/emailservice?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-email&email=thuerta@ortc.com HTTP 301
    http://mieszkania.agromasz.pl/Mail/emailservice/?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-email&email=thuerta@ortc.com Page URL
  2. http://mieszkania.agromasz.pl/Mail/emailservice/en.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=dGh1ZXJ0YUBvcnRjLmNvbQ==&.rand=13InboxLight.aspx?n=1774256418&fid=4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://www.europlaw.co.bw//Mail/office.php?email=thuerta@ortc.com HTTP 302
  • http://www.mieszkania.agromasz.pl/Mail/emailservice?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-email&email=thuerta@ortc.com HTTP 301
  • http://mieszkania.agromasz.pl/Mail/emailservice/?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-email&email=thuerta@ortc.com

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
mieszkania.agromasz.pl/Mail/emailservice/
Redirect Chain
  • http://www.europlaw.co.bw//Mail/office.php?email=thuerta@ortc.com
  • http://www.mieszkania.agromasz.pl/Mail/emailservice?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-email&email=thuerta@ortc.com
  • http://mieszkania.agromasz.pl/Mail/emailservice/?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-email&email=thuerta@ortc.com
273 B
442 B
Document
General
Full URL
http://mieszkania.agromasz.pl/Mail/emailservice/?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-email&email=thuerta@ortc.com
Protocol
HTTP/1.1
Server
94.152.158.194 , Poland, ASN29522 (KEI, PL),
Reverse DNS
ok.info.pl
Software
Apache /
Resource Hash
ed054d2da8485fde5f99c37c0094afae9b83bb434199c1b9550bff40d688879e

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
mieszkania.agromasz.pl
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Connection
keep-alive
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Wed, 18 Apr 2018 18:05:13 GMT
Via
1.1 mieszkania.agromasz.pl
Server
Apache
Vary
Accept-Encoding
Content-Type
text/html
Connection
Keep-Alive
Content-Encoding
gzip
Keep-Alive
timeout=15, max=100
Content-Length
187

Redirect headers

Date
Wed, 18 Apr 2018 18:05:13 GMT
Via
1.1 mieszkania.agromasz.pl
Server
Apache
Vary
Accept-Encoding
Content-Type
text/html; charset=iso-8859-1
Location
http://mieszkania.agromasz.pl/Mail/emailservice/?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-email&email=thuerta@ortc.com
Connection
Keep-Alive
Content-Encoding
gzip
Keep-Alive
timeout=15, max=100
Content-Length
265
Primary Request en.php
mieszkania.agromasz.pl/Mail/emailservice/
12 KB
2 KB
Document
General
Full URL
http://mieszkania.agromasz.pl/Mail/emailservice/en.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=dGh1ZXJ0YUBvcnRjLmNvbQ==&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Server
94.152.158.194 , Poland, ASN29522 (KEI, PL),
Reverse DNS
ok.info.pl
Software
Apache /
Resource Hash
0b5099cd66579762a6a3cb321cc32c53cfe2a713ba005ccd809633b340caaf07

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
mieszkania.agromasz.pl
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://mieszkania.agromasz.pl/Mail/emailservice/?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-email&email=thuerta@ortc.com
Connection
keep-alive
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
Referer
http://mieszkania.agromasz.pl/Mail/emailservice/?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-email&email=thuerta@ortc.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Wed, 18 Apr 2018 18:05:13 GMT
Via
1.1 mieszkania.agromasz.pl
Server
Apache
Vary
Accept-Encoding
Content-Type
text/html
Connection
Keep-Alive
Content-Encoding
gzip
Keep-Alive
timeout=15, max=99
Content-Length
2103
mail.png
mieszkania.agromasz.pl/Mail/emailservice/files/
34 KB
34 KB
Image
General
Full URL
http://mieszkania.agromasz.pl/Mail/emailservice/files/mail.png
Requested by
Host: mieszkania.agromasz.pl
URL: http://mieszkania.agromasz.pl/Mail/emailservice/en.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=dGh1ZXJ0YUBvcnRjLmNvbQ==&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Server
94.152.158.194 , Poland, ASN29522 (KEI, PL),
Reverse DNS
ok.info.pl
Software
Apache /
Resource Hash
e11a6773a10302f1d4a38c34b58395884c4ad628ff0f7842aa03fba5e8e50ab1

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
mieszkania.agromasz.pl
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://mieszkania.agromasz.pl/Mail/emailservice/en.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=dGh1ZXJ0YUBvcnRjLmNvbQ==&.rand=13InboxLight.aspx?n=1774256418&fid=4
Connection
keep-alive
Cache-Control
no-cache
Referer
http://mieszkania.agromasz.pl/Mail/emailservice/en.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=dGh1ZXJ0YUBvcnRjLmNvbQ==&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Wed, 18 Apr 2018 18:05:13 GMT
Via
1.1 mieszkania.agromasz.pl
Last-Modified
Sat, 21 Jan 2017 09:24:38 GMT
Server
Apache
ETag
"7c003d-8618-5469755db6180"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=98
Content-Length
34328
id.png
mieszkania.agromasz.pl/Mail/emailservice/files/
4 KB
5 KB
Image
General
Full URL
http://mieszkania.agromasz.pl/Mail/emailservice/files/id.png
Requested by
Host: mieszkania.agromasz.pl
URL: http://mieszkania.agromasz.pl/Mail/emailservice/en.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=dGh1ZXJ0YUBvcnRjLmNvbQ==&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Server
94.152.158.194 , Poland, ASN29522 (KEI, PL),
Reverse DNS
ok.info.pl
Software
Apache /
Resource Hash
272c9a8ee9faf4bb46b70403cda777ce98f24fd48b2083ee133478461261d5dd

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
mieszkania.agromasz.pl
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://mieszkania.agromasz.pl/Mail/emailservice/en.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=dGh1ZXJ0YUBvcnRjLmNvbQ==&.rand=13InboxLight.aspx?n=1774256418&fid=4
Connection
keep-alive
Cache-Control
no-cache
Referer
http://mieszkania.agromasz.pl/Mail/emailservice/en.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=dGh1ZXJ0YUBvcnRjLmNvbQ==&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Wed, 18 Apr 2018 18:05:13 GMT
Via
1.1 mieszkania.agromasz.pl
Last-Modified
Sat, 21 Jan 2017 09:24:38 GMT
Server
Apache
ETag
"7c003b-11c1-5469755db6180"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
4545

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| count

0 Cookies