lexisnexis.day Open in urlscan Pro
89.105.198.190 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://lexisnexis.day/
Submission: On May 01 via manual (May 1st 2024, 5:37:53 pm UTC) from NL — Scanned from NL

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 18 HTTP transactions. The main IP is 89.105.198.190, located in Enschede, Netherlands and belongs to NOVOSERVE-AS, NL. The main domain is lexisnexis.day.
TLS certificate: Issued by R3 on April 30th 2024. Valid for: 3 months.

This is the only time lexisnexis.day was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
15	89.105.198.190 89.105.198.190	24875 (NOVOSERVE-AS) (NOVOSERVE-AS)
1	104.26.12.205 104.26.12.205	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	138.124.184.247 138.124.184.247	44477 (STARK-IND...) (STARK-INDUSTRIES)
18	3

15 89.105.198.190 (Enschede, Netherlands)

ASN24875 (NOVOSERVE-AS, NL)
PTR: vm76562.vps.client-server.site

lexisnexis.day	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.12.205 (None, )

ASN13335 (CLOUDFLARENET, US)

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 138.124.184.247 (Secaucus, United States)

ASN44477 (STARK-INDUSTRIES, GB)
PTR: vm2419085.stark-industries.solutions

eprst281.boo	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	lexisnexis.day lexisnexis.day	830 KB
2	eprst281.boo eprst281.boo
1	ipify.org api.ipify.org — Cisco Umbrella Rank: 2959	156 B
18	3

	Domain	Requested by
15	lexisnexis.day	lexisnexis.day
2	eprst281.boo	lexisnexis.day
1	api.ipify.org	lexisnexis.day
18	3

This site contains no links.

Subject Issuer	Validity	Valid
lexisnexis.day R3	`2024-04-30` - `2024-07-29`	3 months	crt.sh
ipify.org GTS CA 1P5	`2024-03-21` - `2024-06-19`	3 months	crt.sh
eprst281.boo R3	`2024-04-30` - `2024-07-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://lexisnexis.day/
Frame ID: FE783F9DDD70ABD7A642F1CC99855B5D
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Welcome to LexisNexis - Choose Your Path

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

830 kB
Transfer

2460 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response lexisnexis.day/	7 KB 3 KB	88ms 31ms	Document text/html	89.105.198.190 NOVOSERVE-AS
General Check archive.org Show headers Download Go to Full URL https://lexisnexis.day/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 89.105.198.190 Enschede, Netherlands, ASN24875 (NOVOSERVE-AS, NL), Reverse DNS vm76562.vps.client-server.site Software nginx/1.24.0 / Resource Hash `d344cdb9e6cc4783bd8da740b800d6753c4b1c0734a90c6309df27d481e885ab` Request headers Accept-Language nl-NL,nl;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Accept-Ranges bytes Connection keep-alive Content-Encoding gzip Content-Length 2668 Content-Type text/html; charset=UTF-8 Date Wed, 01 May 2024 17:37:48 GMT ETag "1a49-61751db122121-gzip" Last-Modified Tue, 30 Apr 2024 15:16:35 GMT Server nginx/1.24.0 Vary Accept-Encoding
GET H/1.1	200 OK	solr-search.css lexisnexis.day/css/	60 KB 16 KB	34ms 33ms	Stylesheet text/css	89.105.198.190 NOVOSERVE-AS
General Check archive.org Show headers Download Go to Full URL https://lexisnexis.day/css/solr-search.css Requested by Host: lexisnexis.day URL: https://lexisnexis.day/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 89.105.198.190 Enschede, Netherlands, ASN24875 (NOVOSERVE-AS, NL), Reverse DNS vm76562.vps.client-server.site Software nginx/1.24.0 / Resource Hash `714bfd43ddeb05d3d1f887a28a59b87a0e91b28d06232059a19b0991d5725f2b` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://lexisnexis.day/ Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 01 May 2024 17:37:49 GMT Content-Encoding gzip Last-Modified Mon, 29 Apr 2024 11:04:14 GMT Server nginx/1.24.0 ETag W/"662f7eae-eea7" Transfer-Encoding chunked Content-Type text/css Connection keep-alive
GET H/1.1	200 OK	gateway-new.css lexisnexis.day/css/	19 KB 5 KB	50ms 16ms	Stylesheet text/css	89.105.198.190 NOVOSERVE-AS
General Check archive.org Show headers Download Go to Full URL https://lexisnexis.day/css/gateway-new.css Requested by Host: lexisnexis.day URL: https://lexisnexis.day/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 89.105.198.190 Enschede, Netherlands, ASN24875 (NOVOSERVE-AS, NL), Reverse DNS vm76562.vps.client-server.site Software nginx/1.24.0 / Resource Hash `fe71dd10f99a209a8d3fd825ccddc24a4f63a5dbc0e68882b1c7189aa8d7d902` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://lexisnexis.day/ Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 01 May 2024 17:37:49 GMT Content-Encoding gzip Last-Modified Mon, 29 Apr 2024 11:02:56 GMT Server nginx/1.24.0 ETag W/"662f7e60-4c6b" Transfer-Encoding chunked Content-Type text/css Connection keep-alive
GET H/1.1	200 OK	lndc-styles.css@v=481713547587000.css lexisnexis.day/css/	2 MB 320 KB	71ms 37ms	Stylesheet text/css	89.105.198.190 NOVOSERVE-AS
General Check archive.org Show headers Download Go to Full URL https://lexisnexis.day/css/lndc-styles.css@v=481713547587000.css Requested by Host: lexisnexis.day URL: https://lexisnexis.day/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 89.105.198.190 Enschede, Netherlands, ASN24875 (NOVOSERVE-AS, NL), Reverse DNS vm76562.vps.client-server.site Software nginx/1.24.0 / Resource Hash `d3e7a42ac0ff98ee7dffdedcc5ae774ab7aaa5f54c17d0432c5739165cdf9cdb` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://lexisnexis.day/ Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 01 May 2024 17:37:49 GMT Content-Encoding gzip Last-Modified Mon, 29 Apr 2024 11:01:50 GMT Server nginx/1.24.0 ETag W/"662f7e1e-1d6485" Transfer-Encoding chunked Content-Type text/css Connection keep-alive
GET H/1.1	200 OK	style.css lexisnexis.day/	2 KB 887 B	64ms 30ms	Stylesheet text/css	89.105.198.190 NOVOSERVE-AS
General Check archive.org Show headers Download Go to Full URL https://lexisnexis.day/style.css Requested by Host: lexisnexis.day URL: https://lexisnexis.day/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 89.105.198.190 Enschede, Netherlands, ASN24875 (NOVOSERVE-AS, NL), Reverse DNS vm76562.vps.client-server.site Software nginx/1.24.0 / Resource Hash `de13cf25300c46343d9e4523acc5a4ee09feb3e3b6310af89647b00f3d0ad7c5` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://lexisnexis.day/ Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 01 May 2024 17:37:49 GMT Content-Encoding gzip Last-Modified Mon, 29 Apr 2024 11:09:50 GMT Server nginx/1.24.0 ETag W/"662f7ffe-67a" Transfer-Encoding chunked Content-Type text/css Connection keep-alive
GET H/1.1	200 OK	lexisnexis-ar21.svg lexisnexis.day/	4 KB 2 KB	64ms 30ms	Image image/svg+xml	89.105.198.190 NOVOSERVE-AS
General Check archive.org Show headers Download Go to Show image Full URL https://lexisnexis.day/lexisnexis-ar21.svg Requested by Host: lexisnexis.day URL: https://lexisnexis.day/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 89.105.198.190 Enschede, Netherlands, ASN24875 (NOVOSERVE-AS, NL), Reverse DNS vm76562.vps.client-server.site Software nginx/1.24.0 / Resource Hash `b2713967cb5911346812a6e827dd6f216264b1a05ecfc3d279e38b03fb44d6d2` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://lexisnexis.day/ Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 01 May 2024 17:37:49 GMT Content-Encoding gzip Last-Modified Mon, 29 Apr 2024 11:12:02 GMT Server nginx/1.24.0 ETag W/"662f8082-1088" Transfer-Encoding chunked Content-Type image/svg+xml Connection keep-alive
GET H/1.1	200 OK	ln-logo.png lexisnexis.day/images/gateway/	4 KB 5 KB	65ms 27ms	Image image/png	89.105.198.190 NOVOSERVE-AS
General Check archive.org Show headers Download Go to Show image Full URL https://lexisnexis.day/images/gateway/ln-logo.png Requested by Host: lexisnexis.day URL: https://lexisnexis.day/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 89.105.198.190 Enschede, Netherlands, ASN24875 (NOVOSERVE-AS, NL), Reverse DNS vm76562.vps.client-server.site Software nginx/1.24.0 / Resource Hash `174c8e7182718dfd9d77716cf8237d75be35280bd261918fea3bdb39c3ceb738` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://lexisnexis.day/ Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 01 May 2024 17:37:49 GMT Last-Modified Wed, 13 Mar 2019 13:08:00 GMT Server nginx/1.24.0 ETag "5c8900b0-118e" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 4494
GET H/1.1	200 OK	year.js Show response lexisnexis.day/js/	199 B 456 B	33ms 20ms	Script application/javascript	89.105.198.190 NOVOSERVE-AS
General Check archive.org Show headers Download Go to Full URL https://lexisnexis.day/js/year.js Requested by Host: lexisnexis.day URL: https://lexisnexis.day/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 89.105.198.190 Enschede, Netherlands, ASN24875 (NOVOSERVE-AS, NL), Reverse DNS vm76562.vps.client-server.site Software nginx/1.24.0 / Resource Hash `24feaaa3cdb40ea810ff49bb6d538ebfcab68a1a700945a818a3ef0dc3612a27` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://lexisnexis.day/ Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 01 May 2024 17:37:49 GMT Content-Encoding gzip Last-Modified Wed, 02 May 2018 01:03:26 GMT Server nginx/1.24.0 ETag W/"5ae90e5e-c7" Transfer-Encoding chunked Content-Type application/javascript; charset=utf-8 Connection keep-alive
GET H/1.1	200 OK	gateway-bg.jpg lexisnexis.day/images/gateway/	201 KB 201 KB	22ms 22ms	Image image/jpeg	89.105.198.190 NOVOSERVE-AS
General Check archive.org Show headers Download Go to Show image Full URL https://lexisnexis.day/images/gateway/gateway-bg.jpg Requested by Host: lexisnexis.day URL: https://lexisnexis.day/css/gateway-new.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 89.105.198.190 Enschede, Netherlands, ASN24875 (NOVOSERVE-AS, NL), Reverse DNS vm76562.vps.client-server.site Software nginx/1.24.0 / Resource Hash `be73025b9ffed2c1e5792061fce98ec7dbb95d8e02d5b52c6fd8813e53b69c83` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://lexisnexis.day/css/gateway-new.css Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 01 May 2024 17:37:49 GMT Last-Modified Thu, 12 Dec 2013 16:25:26 GMT Server nginx/1.24.0 ETag "52a9e376-32283" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 205443
GET H2	200	/ Show response api.ipify.org/	23 B 156 B	307ms 226ms	Fetch application/json	104.26.12.205 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/?format=json Requested by Host: lexisnexis.day URL: https://lexisnexis.day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.12.205 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `08f3f94987a4b849c6fc5dd47d34f7916d2d1b7a23fc74f9cdf14212dcaf0f39` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://lexisnexis.day/ Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 01 May 2024 17:37:49 GMT cf-cache-status DYNAMIC server cloudflare vary Origin content-type application/json access-control-allow-origin * cf-ray 87d18aab9ef91c8a-AMS content-length 23
GET H/1.1	200 OK	sign-in.png lexisnexis.day/images/gateway/	1 KB 1 KB	139ms 139ms	Image image/png	89.105.198.190 NOVOSERVE-AS
General Check archive.org Show headers Download Go to Show image Full URL https://lexisnexis.day/images/gateway/sign-in.png Requested by Host: lexisnexis.day URL: https://lexisnexis.day/css/gateway-new.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 89.105.198.190 Enschede, Netherlands, ASN24875 (NOVOSERVE-AS, NL), Reverse DNS vm76562.vps.client-server.site Software nginx/1.24.0 / Resource Hash `61a4c9f937abcb8036823e69388105f77e03ca9985b696846db89751e99006fd` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://lexisnexis.day/css/gateway-new.css Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 01 May 2024 17:37:49 GMT Last-Modified Thu, 12 Dec 2013 16:25:28 GMT Server nginx/1.24.0 ETag "52a9e378-509" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 1289
GET H/1.1	200 OK	lato-regular-400.woff2 lexisnexis.day/fonts/	26 KB 26 KB	36ms 36ms	Font font/woff2	89.105.198.190 NOVOSERVE-AS
General Check archive.org Show headers Download Go to Full URL https://lexisnexis.day/fonts/lato-regular-400.woff2 Requested by Host: lexisnexis.day URL: https://lexisnexis.day/css/lndc-styles.css@v=481713547587000.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 89.105.198.190 Enschede, Netherlands, ASN24875 (NOVOSERVE-AS, NL), Reverse DNS vm76562.vps.client-server.site Software nginx/1.24.0 / Resource Hash `47a3e3b64cffe3ff820ebe554ac4df940da5ed469eaddbbc13bdd3b0b1eb4479` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://lexisnexis.day/css/lndc-styles.css@v=481713547587000.css Origin https://lexisnexis.day Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 01 May 2024 17:37:49 GMT Last-Modified Thu, 02 May 2019 17:07:42 GMT Server nginx/1.24.0 ETag "5ccb23de-6620" Content-Type font/woff2 Connection keep-alive Accept-Ranges bytes Content-Length 26144
GET H/1.1	200 OK	lato-regular-300.woff2 lexisnexis.day/fonts/	25 KB 25 KB	22ms 22ms	Font font/woff2	89.105.198.190 NOVOSERVE-AS
General Check archive.org Show headers Download Go to Full URL https://lexisnexis.day/fonts/lato-regular-300.woff2 Requested by Host: lexisnexis.day URL: https://lexisnexis.day/css/lndc-styles.css@v=481713547587000.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 89.105.198.190 Enschede, Netherlands, ASN24875 (NOVOSERVE-AS, NL), Reverse DNS vm76562.vps.client-server.site Software nginx/1.24.0 / Resource Hash `49cdbdefa15fa3f220eaf225d2e769adbb8ae81800204b39959c79239f4f4fb3` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://lexisnexis.day/css/lndc-styles.css@v=481713547587000.css Origin https://lexisnexis.day Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 01 May 2024 17:37:49 GMT Last-Modified Thu, 02 May 2019 17:07:46 GMT Server nginx/1.24.0 ETag "5ccb23e2-6340" Content-Type font/woff2 Connection keep-alive Accept-Ranges bytes Content-Length 25408
GET H/1.1	200 OK	Lato-Italic.woff2 lexisnexis.day/fonts/	191 KB 191 KB	41ms 41ms	Font font/woff2	89.105.198.190 NOVOSERVE-AS
General Check archive.org Show headers Download Go to Full URL https://lexisnexis.day/fonts/Lato-Italic.woff2 Requested by Host: lexisnexis.day URL: https://lexisnexis.day/css/lndc-styles.css@v=481713547587000.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 89.105.198.190 Enschede, Netherlands, ASN24875 (NOVOSERVE-AS, NL), Reverse DNS vm76562.vps.client-server.site Software nginx/1.24.0 / Resource Hash `4465765f2f6eddcdad34ffd7cab559e56bc0e75e45e192f85e9562b0771481dc` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://lexisnexis.day/css/lndc-styles.css@v=481713547587000.css Origin https://lexisnexis.day Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 01 May 2024 17:37:49 GMT Last-Modified Thu, 02 May 2019 17:07:50 GMT Server nginx/1.24.0 ETag "5ccb23e6-2fc78" Content-Type font/woff2 Connection keep-alive Accept-Ranges bytes Content-Length 195704
GET H/1.1	200 OK	lato-black-800.woff2 lexisnexis.day/fonts/	25 KB 25 KB	45ms 44ms	Font font/woff2	89.105.198.190 NOVOSERVE-AS
General Check archive.org Show headers Download Go to Full URL https://lexisnexis.day/fonts/lato-black-800.woff2 Requested by Host: lexisnexis.day URL: https://lexisnexis.day/css/lndc-styles.css@v=481713547587000.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 89.105.198.190 Enschede, Netherlands, ASN24875 (NOVOSERVE-AS, NL), Reverse DNS vm76562.vps.client-server.site Software nginx/1.24.0 / Resource Hash `e2906c138820931a53a6306901a6094ce489e9355e25351750fb7760d9a0f339` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://lexisnexis.day/css/lndc-styles.css@v=481713547587000.css Origin https://lexisnexis.day Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 01 May 2024 17:37:49 GMT Last-Modified Thu, 02 May 2019 17:07:42 GMT Server nginx/1.24.0 ETag "5ccb23de-6330" Content-Type font/woff2 Connection keep-alive Accept-Ranges bytes Content-Length 25392
GET H/1.1	200 OK	LN_favicon.ico lexisnexis.day/images/	15 KB 8 KB	28ms 28ms	Other image/x-icon	89.105.198.190 NOVOSERVE-AS
General Check archive.org Show headers Download Go to Full URL https://lexisnexis.day/images/LN_favicon.ico Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 89.105.198.190 Enschede, Netherlands, ASN24875 (NOVOSERVE-AS, NL), Reverse DNS vm76562.vps.client-server.site Software nginx/1.24.0 / Resource Hash `d3d9ce2e59072794ba95ba6b3002dd3be03af42bc96806fdb16b7b86a0ddead1` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://lexisnexis.day/ Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 01 May 2024 17:37:49 GMT Content-Encoding gzip Last-Modified Wed, 21 Sep 2022 00:47:32 GMT Server nginx/1.24.0 ETag W/"632a5f24-3aee" Transfer-Encoding chunked Content-Type image/x-icon Connection keep-alive
POST H/1.1	201 Created	9e4e27b7-bcfb-4298-bf8f-2cf4a6bdb3bf-9b6b40d6-3f8e-4755-9063-562658ebdb95 eprst281.boo/	0 0	291ms 291ms	Fetch text/html	138.124.184.247 STARK-INDUSTRIES
General Check archive.org Show headers Download Go to Full URL https://eprst281.boo/9e4e27b7-bcfb-4298-bf8f-2cf4a6bdb3bf-9b6b40d6-3f8e-4755-9063-562658ebdb95 Requested by Host: lexisnexis.day URL: https://lexisnexis.day/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 138.124.184.247 Secaucus, United States, ASN44477 (STARK-INDUSTRIES, GB), Reverse DNS vm2419085.stark-industries.solutions Software nginx/1.18.0 / Express Resource Hash Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-platform "Win32" Referer https://lexisnexis.day/ Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Content-Type application/json Response headers Date Wed, 01 May 2024 17:37:50 GMT Server nginx/1.18.0 X-Powered-By Express ETag W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk" vary Origin Content-Type text/html; charset=utf-8 access-control-allow-origin https://lexisnexis.day Connection keep-alive Content-Length 0
OPTIONS H/1.1	200 OK	9e4e27b7-bcfb-4298-bf8f-2cf4a6bdb3bf-9b6b40d6-3f8e-4755-9063-562658ebdb95 eprst281.boo/	0 0	881ms 619ms	Preflight text/html	138.124.184.247 STARK-INDUSTRIES
General Check archive.org Show headers Download Go to Full URL https://eprst281.boo/9e4e27b7-bcfb-4298-bf8f-2cf4a6bdb3bf-9b6b40d6-3f8e-4755-9063-562658ebdb95 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 138.124.184.247 Secaucus, United States, ASN44477 (STARK-INDUSTRIES, GB), Reverse DNS vm2419085.stark-industries.solutions Software nginx/1.18.0 / Express Resource Hash Request headers Accept / Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://lexisnexis.day Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Connection keep-alive Content-Length 0 Content-Type text/html; charset=utf-8 Date Wed, 01 May 2024 17:37:50 GMT ETag W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk" Server nginx/1.18.0 X-Powered-By Express access-control-allow-headers content-type access-control-allow-methods DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT access-control-allow-origin https://lexisnexis.day allow OPTIONS, POST vary Origin

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on May 1st 2024, 8:05:11 pm UTC — From United States

Threats: Malware
Comment: Site is distributing malicious MSIX installer files.

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| getIPAddress function| trackPageOpen object| time number| year

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
eprst281.boo
lexisnexis.day
104.26.12.205
138.124.184.247
89.105.198.190
08f3f94987a4b849c6fc5dd47d34f7916d2d1b7a23fc74f9cdf14212dcaf0f39
174c8e7182718dfd9d77716cf8237d75be35280bd261918fea3bdb39c3ceb738
24feaaa3cdb40ea810ff49bb6d538ebfcab68a1a700945a818a3ef0dc3612a27
4465765f2f6eddcdad34ffd7cab559e56bc0e75e45e192f85e9562b0771481dc
47a3e3b64cffe3ff820ebe554ac4df940da5ed469eaddbbc13bdd3b0b1eb4479
49cdbdefa15fa3f220eaf225d2e769adbb8ae81800204b39959c79239f4f4fb3
61a4c9f937abcb8036823e69388105f77e03ca9985b696846db89751e99006fd
714bfd43ddeb05d3d1f887a28a59b87a0e91b28d06232059a19b0991d5725f2b
b2713967cb5911346812a6e827dd6f216264b1a05ecfc3d279e38b03fb44d6d2
be73025b9ffed2c1e5792061fce98ec7dbb95d8e02d5b52c6fd8813e53b69c83
d344cdb9e6cc4783bd8da740b800d6753c4b1c0734a90c6309df27d481e885ab
d3d9ce2e59072794ba95ba6b3002dd3be03af42bc96806fdb16b7b86a0ddead1
d3e7a42ac0ff98ee7dffdedcc5ae774ab7aaa5f54c17d0432c5739165cdf9cdb
de13cf25300c46343d9e4523acc5a4ee09feb3e3b6310af89647b00f3d0ad7c5
e2906c138820931a53a6306901a6094ce489e9355e25351750fb7760d9a0f339
fe71dd10f99a209a8d3fd825ccddc24a4f63a5dbc0e68882b1c7189aa8d7d902

lexisnexis.day Open in urlscan Pro 89.105.198.190 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

18 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

830 kBTransfer

2460 kBSize

0 Cookies

0 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Malicious page.url Submitted on May 1st 2024, 8:05:11 pm UTC — From United States

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

4 JavaScript Global Variables

0 Cookies

Indicators

lexisnexis.day Open in urlscan Pro
89.105.198.190 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

830 kB
Transfer

2460 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Malicious page.url
Submitted on May 1st 2024, 8:05:11 pm UTC — From United States

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!