flora-praszka.pl - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 5 HTTP transactions. The main IP is 94.23.218.55, located in France and belongs to OVH, FR. The main domain is flora-praszka.pl.
TLS certificate: Issued by nazwaSSL on October 17th 2017. Valid for: a year.

This is the only time flora-praszka.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Credit Mutuel (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	200.73.116.77 200.73.116.77	263237 (POWER HOS...) (POWER HOST E.I.R.L.)
2 6	94.23.218.55 94.23.218.55	16276 (OVH) (OVH)
5	2

1 200.73.116.77 (Santiago, Chile)

ASN263237 (POWER HOST E.I.R.L., CL)
PTR: web.reach-latam.com

mejiasalvarezpropiedades.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 94.23.218.55 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: main.vinao.pl

flora-praszka.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	flora-praszka.pl 2 redirects flora-praszka.pl	143 KB
1	mejiasalvarezpropiedades.com mejiasalvarezpropiedades.com	338 B
5	2

	Domain	Requested by
6	flora-praszka.pl	2 redirects flora-praszka.pl
1	mejiasalvarezpropiedades.com
5	2

This site contains no links.

Subject Issuer	Validity	Valid
mejiasalvarezpropiedades.com Let's Encrypt Authority X3	`2018-06-18` - `2018-09-16`	3 months	crt.sh
flora-praszka.pl nazwaSSL	`2017-10-17` - `2018-10-17`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/
Frame ID: 578E964B4F3E90C7619D795EA3631030
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://mejiasalvarezpropiedades.com/-/cm/ Page URL
https://flora-praszka.pl/urbanus/Nationale/Nationale/ HTTP 302
https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763 HTTP 301
https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

143 kB
Transfer

143 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://mejiasalvarezpropiedades.com/-/cm/ Page URL
https://flora-praszka.pl/urbanus/Nationale/Nationale/ HTTP 302
https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763 HTTP 301
https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response mejiasalvarezpropiedades.com/-/cm/	116 B 338 B	778ms 295ms	Document text/html	200.73.116.77 POWER HOST E.I.R.L.
General Check archive.org Show headers Download Go to Full URL https://mejiasalvarezpropiedades.com/-/cm/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 200.73.116.77 Santiago, Chile, ASN263237 (POWER HOST E.I.R.L., CL), Reverse DNS web.reach-latam.com Software Apache / Resource Hash `106b6bfaa8814d9dcc902585d40c9befca1df8c4c866dea53603617883ed2a71` Request headers Host mejiasalvarezpropiedades.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 578E964B4F3E90C7619D795EA3631030 Response headers Date Tue, 07 Aug 2018 10:05:57 GMT Server Apache Content-Encoding gzip Vary Accept-Encoding Connection close Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	Primary Request / Show response flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/ Redirect Chain https://flora-praszka.pl/urbanus/Nationale/Nationale/ https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763 https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/	1 KB 878 B	36ms 35ms	Document text/html	94.23.218.55 OVH
General Check archive.org Show headers Download Go to Full URL https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 94.23.218.55 , France, ASN16276 (OVH, FR), Reverse DNS main.vinao.pl Software Apache/2.4.10 / Resource Hash `7469300e23b404e6872e2f3ef02ad595499478da2e5f57387ca37701f3024ab3` Request headers Host flora-praszka.pl Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer https://mejiasalvarezpropiedades.com/-/cm/ Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 578E964B4F3E90C7619D795EA3631030 Referer https://mejiasalvarezpropiedades.com/-/cm/ Response headers Date Tue, 07 Aug 2018 10:06:00 GMT Server Apache/2.4.10 Vary Accept-Encoding Content-Encoding gzip Content-Length 636 Keep-Alive timeout=5, max=98 Connection Keep-Alive Content-Type text/html; charset=UTF-8 Redirect headers Date Tue, 07 Aug 2018 10:06:00 GMT Server Apache/2.4.10 Location https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/ Content-Length 294 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	Cookie set 1.css flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/css/	0 0	496ms 496ms	Stylesheet text/html	94.23.218.55 OVH
General Check archive.org Show headers Download Go to Full URL https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/css/1.css Requested by Host: flora-praszka.pl URL: https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 94.23.218.55 , France, ASN16276 (OVH, FR), Reverse DNS main.vinao.pl Software Apache/2.4.10 / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host flora-praszka.pl User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/ Connection keep-alive Cache-Control no-cache Referer https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Tue, 07 Aug 2018 10:06:00 GMT Server Apache/2.4.10 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Set-Cookie cf7msm_check=1; path=/ PHPSESSID=7lvtlmivgvj0cq5jer464hjn00; path=/ Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <https://flora-praszka.pl/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=5, max=97 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	200 OK	face.png flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/image/	140 KB 140 KB	55ms 13ms	Image image/png	94.23.218.55 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/image/face.png Requested by Host: flora-praszka.pl URL: https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 94.23.218.55 , France, ASN16276 (OVH, FR), Reverse DNS main.vinao.pl Software Apache/2.4.10 / Resource Hash `b7c72d9e0853620007079e96db841bab4c21586ec4dcc0b5c3b532297914ee04` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host flora-praszka.pl User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/ Connection keep-alive Cache-Control no-cache Referer https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 07 Aug 2018 10:06:00 GMT Last-Modified Tue, 07 Aug 2018 10:06:00 GMT Server Apache/2.4.10 ETag W/"22f2f-572d58a7cba76" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 143151
GET H/1.1	200 OK	se1.png flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/image/	1 KB 1 KB	14ms 13ms	Image image/png	94.23.218.55 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/image/se1.png Requested by Host: flora-praszka.pl URL: https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 94.23.218.55 , France, ASN16276 (OVH, FR), Reverse DNS main.vinao.pl Software Apache/2.4.10 / Resource Hash `08032cbc0d6757c198f7871022bde539fe81fda9f279888bf4da06789c83bd0d` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host flora-praszka.pl User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/ Connection keep-alive Cache-Control no-cache Referer https://flora-praszka.pl/urbanus/Nationale/Nationale/771537362b29924b267e3caf6d94e763/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 07 Aug 2018 10:06:00 GMT Last-Modified Tue, 07 Aug 2018 10:06:00 GMT Server Apache/2.4.10 ETag W/"499-572d58a7cba76" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1177

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Credit Mutuel (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			flora-praszka.pl/	1969-12-31 23:59:59	Name: PHPSESSID Value: 7lvtlmivgvj0cq5jer464hjn00
			flora-praszka.pl/	1969-12-31 23:59:59	Name: cf7msm_check Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

flora-praszka.pl
mejiasalvarezpropiedades.com
200.73.116.77
94.23.218.55
08032cbc0d6757c198f7871022bde539fe81fda9f279888bf4da06789c83bd0d
106b6bfaa8814d9dcc902585d40c9befca1df8c4c866dea53603617883ed2a71
7469300e23b404e6872e2f3ef02ad595499478da2e5f57387ca37701f3024ab3
b7c72d9e0853620007079e96db841bab4c21586ec4dcc0b5c3b532297914ee04

flora-praszka.pl Open in urlscan Pro 94.23.218.55 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

143 kBTransfer

143 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

2 Cookies

Indicators

flora-praszka.pl Open in urlscan Pro
94.23.218.55 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

143 kB
Transfer

143 kB
Size

2
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!