www.espace-client-fr.eu
Open in
urlscan Pro
89.46.109.12
Malicious Activity!
Public Scan
Effective URL: http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/PortailAS/miseajour.php
Submission: On July 30 via manual from IN
Summary
This is the only time www.espace-client-fr.eu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Assurance Maladie (Healthcare)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.209.212.52 54.209.212.52 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
1 2 | 62.149.142.158 62.149.142.158 | 31034 (ARUBA-ASN) (ARUBA-ASN) | |
3 22 | 89.46.109.12 89.46.109.12 | 31034 (ARUBA-ASN) (ARUBA-ASN) | |
1 | 2606:4700::68... 2606:4700::6813:c597 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
23 | 4 |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-209-212-52.compute-1.amazonaws.com
shorten.herokuapp.com |
ASN31034 (ARUBA-ASN, IT)
PTR: webx392.aruba.it
dbproject.biz | |
www.dbproject.biz |
ASN31034 (ARUBA-ASN, IT)
PTR: webx1341.aruba.it
www.espace-client-fr.eu |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
espace-client-fr.eu
3 redirects
www.espace-client-fr.eu |
127 KB |
2 |
dbproject.biz
1 redirects
dbproject.biz www.dbproject.biz |
666 B |
1 |
cloudflare.com
cdnjs.cloudflare.com |
5 KB |
1 |
herokuapp.com
1 redirects
shorten.herokuapp.com |
509 B |
0 |
fontawesome.com
Failed
use.fontawesome.com Failed |
|
0 |
bootstrapcdn.com
Failed
maxcdn.bootstrapcdn.com Failed |
|
23 | 6 |
Domain | Requested by | |
---|---|---|
22 | www.espace-client-fr.eu |
3 redirects
www.espace-client-fr.eu
|
1 | cdnjs.cloudflare.com |
www.espace-client-fr.eu
|
1 | www.dbproject.biz | |
1 | dbproject.biz | 1 redirects |
1 | shorten.herokuapp.com | 1 redirects |
0 | use.fontawesome.com Failed |
www.espace-client-fr.eu
|
0 | maxcdn.bootstrapcdn.com Failed |
www.espace-client-fr.eu
|
23 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh | |
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-03-02 - 2019-09-08 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/PortailAS/miseajour.php
Frame ID: BE5D6C375F7B95AC167E047875323AE4
Requests: 23 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://shorten.herokuapp.com/msgmr
HTTP 301
http://dbproject.biz/bootstrap/img/mail.html HTTP 301
http://www.dbproject.biz/bootstrap/img/mail.html Page URL
-
http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/
HTTP 302
http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c HTTP 301
http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/ HTTP 302
http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/PortailAS/m... Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://shorten.herokuapp.com/msgmr
HTTP 301
http://dbproject.biz/bootstrap/img/mail.html HTTP 301
http://www.dbproject.biz/bootstrap/img/mail.html Page URL
-
http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/
HTTP 302
http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c HTTP 301
http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/ HTTP 302
http://www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/PortailAS/miseajour.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://shorten.herokuapp.com/msgmr HTTP 301
- http://dbproject.biz/bootstrap/img/mail.html HTTP 301
- http://www.dbproject.biz/bootstrap/img/mail.html
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
mail.html
www.dbproject.biz/bootstrap/img/ Redirect Chain
|
107 B 397 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
miseajour.php
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/PortailAS/ Redirect Chain
|
14 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
layout.css
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/css/ |
1 KB 827 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
biblicnam-structure-sans.min.css
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/css/ |
106 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
reset.css
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/css/ |
414 B 614 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hanan.css
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/css/ |
1 KB 817 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
liens.css
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/css/ |
893 B 781 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
forms.css
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boutons.css
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/css/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
general.css
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/css/ |
40 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nav.css
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
colors.css
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/css/ |
2 KB 997 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
centrer.css
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
window.css
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/css/ |
402 B 543 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loadingam.gif
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/img/ |
30 KB 30 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
all.css
use.fontawesome.com/releases/v5.0.8/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_general.png
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/css/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/js/ |
156 KB 40 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.validate.min.js
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/js/ |
34 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
add.class.js
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/js/ |
1 KB 653 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.card.min.js
www.espace-client-fr.eu/softaculous/backup/ameli.assure/eb4022eb6454bbe0b6c443280808d10c/js/ |
14 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ |
20 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- maxcdn.bootstrapcdn.com
- URL
- https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
- Domain
- use.fontawesome.com
- URL
- https://use.fontawesome.com/releases/v5.0.8/css/all.css
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Assurance Maladie (Healthcare)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
dbproject.biz
maxcdn.bootstrapcdn.com
shorten.herokuapp.com
use.fontawesome.com
www.dbproject.biz
www.espace-client-fr.eu
maxcdn.bootstrapcdn.com
use.fontawesome.com
2606:4700::6813:c597
54.209.212.52
62.149.142.158
89.46.109.12
13c47722ca2ae1e689ffd7083448194db2b15f00b5be8065e9ba57807170cb05
1cf10f935f42da7e67bda25e16e7118226e3e357e78a2efd54468cb73876a194
241b183f93b07aa618a5cef791f3a0475e36ee93eaaada98523740f3b520b5db
329316c18f273cc546a92591e8443d631842d97158f4b98a7633596fa794748c
3498297c12089ddc4341fde707d5e94697bc0a435640a726aed5121914609a10
53c3cbf8a57b3b3ca098e13f2b7b3b0d3fc335c0c8cbe9c9b409e0cf7d7e6614
54fdebb7e8684f4a4249ec5637e95600338444860a0f098ec3e91c78e463992e
564a025175e43b6d916c34cbdc26e9c7ed2b5ecf2fd88cf2f2261def600d90ed
73426ab1424ace928d176abfdc78c3c2085f5746258da4efb7fdd92eccf27450
89db88fadaf63fd4e91d869fed81834918debd6eacbe6e47b5ad54e061996aed
8ace94f1d77dacec95fbdca2f24e1dd5740aa38284bfd74b3473a8d8670f2765
8b67caadd4c2dc9062d42f101c3ee4ecc11aa7049d311026983a1cb8436d8dde
9e16d884ac8f1bbbc50dc0d65834d8463ce146dae6bfb32b561d207a37b292a0
b408de74a5d540646b52cd39557c6bf83c97169cce4dfb6b85db2434f81755ca
bc1564f6a4450b4dfd2dad3a37175d680aa4913d33fea243d0e7457a482ac1bb
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
c3e285de4ffa27370a965adb865756cb95b1c8b9ccb60bc54838cac520b3acd9
ca2bce2c5b0abcccad035b76639deda8f296593c93fb0e6563b87bf21d90a9e2
cf36d0918b2e542e1402aefae8b75b789bf4bb5b0bce612b178ad184d94f1f25
d2d959c7ba13a6db0e8654f4c17638ef57a6aa85d321ed9be2118f752ea2742a
da0364ccdfe2426368b77807325bf80d1b9f7385b59d28f84809456354b8d204