www.espace-client-fr.eu Open in urlscan Pro
89.46.109.12 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://shorten.herokuapp.com/msgmr
Effective URL:
http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/PortailAS/miseajour.php
Submission: On July 30 via manual (July 30th 2019, 2:21:11 pm UTC) from IN

Summary HTTP 23 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 6 domains to perform 23 HTTP transactions. The main IP is 89.46.109.12, located in Arezzo, Italy and belongs to ARUBA-ASN, IT. The main domain is www.espace-client-fr.eu.

This is the only time www.espace-client-fr.eu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Assurance Maladie (Healthcare)

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.209.212.52 54.209.212.52	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 2	62.149.142.158 62.149.142.158	31034 (ARUBA-ASN) (ARUBA-ASN)
3 22	89.46.109.12 89.46.109.12	31034 (ARUBA-ASN) (ARUBA-ASN)
1	2606:4700::68... 2606:4700::6813:c597	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
23	4

1 54.209.212.52 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-209-212-52.compute-1.amazonaws.com

shorten.herokuapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 62.149.142.158 (Arezzo, Italy) 1 redirects

ASN31034 (ARUBA-ASN, IT)
PTR: webx392.aruba.it

dbproject.biz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.dbproject.biz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 89.46.109.12 (Arezzo, Italy) 3 redirects

ASN31034 (ARUBA-ASN, IT)
PTR: webx1341.aruba.it

www.espace-client-fr.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:c597 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	espace-client-fr.eu 3 redirects www.espace-client-fr.eu	127 KB
2	dbproject.biz 1 redirects dbproject.biz www.dbproject.biz	666 B
1	cloudflare.com cdnjs.cloudflare.com	5 KB
1	herokuapp.com 1 redirects shorten.herokuapp.com	509 B
0	fontawesome.com Failed use.fontawesome.com Failed
0	bootstrapcdn.com Failed maxcdn.bootstrapcdn.com Failed
23	6

	Domain	Requested by
22	www.espace-client-fr.eu	3 redirects www.espace-client-fr.eu
1	cdnjs.cloudflare.com	www.espace-client-fr.eu
1	www.dbproject.biz
1	dbproject.biz	1 redirects
1	shorten.herokuapp.com	1 redirects
0	use.fontawesome.com Failed	www.espace-client-fr.eu
0	maxcdn.bootstrapcdn.com Failed	www.espace-client-fr.eu
23	7

This site contains no links.

Subject Issuer	Validity	Valid
	`1970-01-01` - `1970-01-01`	a few seconds	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-03-02` - `2019-09-08`	6 months	crt.sh

This page contains 1 frames:

Primary Page: http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/PortailAS/miseajour.php
Frame ID: BE5D6C375F7B95AC167E047875323AE4
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://shorten.herokuapp.com/msgmr HTTP 301
http://dbproject.biz/bootstrap/img/mail.html HTTP 301
http://www.dbproject.biz/bootstrap/img/mail.html Page URL
http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/ HTTP 302
http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c HTTP 301
http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/ HTTP 302
http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/PortailAS/m... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

23
Requests

4 %
HTTPS

25 %
IPv6

6
Domains

7
Subdomains

4
IPs

2
Countries

132 kB
Transfer

450 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://shorten.herokuapp.com/msgmr HTTP 301
http://dbproject.biz/bootstrap/img/mail.html HTTP 301
http://www.dbproject.biz/bootstrap/img/mail.html Page URL
http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/ HTTP 302
http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c HTTP 301
http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/ HTTP 302
http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/PortailAS/miseajour.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://shorten.herokuapp.com/msgmr HTTP 301
http://dbproject.biz/bootstrap/img/mail.html HTTP 301
http://www.dbproject.biz/bootstrap/img/mail.html

23 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

mail.html Show response
www.dbproject.biz/bootstrap/img/
Redirect Chain

https://shorten.herokuapp.com/msgmr
http://dbproject.biz/bootstrap/img/mail.html
http://www.dbproject.biz/bootstrap/img/mail.html

107 B
397 B

373ms
67ms

Document
text/html

62.149.142.158
ARUBA-ASN

General

www.espace-client-fr.eu Open in urlscan Pro 89.46.109.12 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

4 %HTTPS

25 %IPv6

6 Domains

7 Subdomains

4 IPs

2 Countries

132 kBTransfer

450 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

www.espace-client-fr.eu Open in urlscan Pro
89.46.109.12 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

4 %
HTTPS

25 %
IPv6

6
Domains

7
Subdomains

4
IPs

2
Countries

132 kB
Transfer

450 kB
Size

0
Cookies

23 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!