reseauev-immobilier.fr Open in urlscan Pro
163.172.255.246 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://reseauev-immobilier.fr/lnhabilitadosAcceso/index.html
Submission: On May 09 via api (May 9th 2023, 7:15:15 pm UTC) from PY — Scanned from FR

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 163.172.255.246, located in France and belongs to Online SAS, FR. The main domain is reseauev-immobilier.fr.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 26th 2023. Valid for: 3 months.

This is the only time reseauev-immobilier.fr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Itau (Banking)

Domain & IP information

	IP Address		AS Autonomous System
9	163.172.255.246 163.172.255.246		12876 (Online SAS) (Online SAS)
10	2

9 163.172.255.246 (France)

ASN12876 (Online SAS, FR)
PTR: 163-172-255-246.rev.poneytelecom.eu

reseauev-immobilier.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	reseauev-immobilier.fr reseauev-immobilier.fr	264 KB
0	Failed function sub() { [native code] }. Failed
10	2

	Domain	Requested by
9	reseauev-immobilier.fr	reseauev-immobilier.fr
0	blgcbajigpdfohpgcmbbfnphcgifjopc Failed	reseauev-immobilier.fr
10	2

This site contains no links.

Subject Issuer	Validity	Valid
reseauev-immobilier.fr cPanel, Inc. Certification Authority	`2023-03-26` - `2023-06-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://reseauev-immobilier.fr/lnhabilitadosAcceso/index.html
Frame ID: 838F2CB04BADE0FBD53C1BE755DE3C96
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Personas

Page Statistics

10
Requests

90 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

264 kB
Transfer

262 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.html Show response reseauev-immobilier.fr/lnhabilitadosAcceso/	18 KB 19 KB	94ms 27ms	Document text/html	163.172.255.246 Online SAS
General Check archive.org Show headers Download Go to Full URL https://reseauev-immobilier.fr/lnhabilitadosAcceso/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 163.172.255.246 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-255-246.rev.poneytelecom.eu Software Apache / Resource Hash `c06f0fb42823fd32c8b71915242d549473fbb89950d67dcb6b45625324de7fd6` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Length 18724 Content-Type text/html Date Tue, 09 May 2023 19:15:09 GMT Keep-Alive timeout=100, max=500 Last-Modified Tue, 18 Apr 2023 16:06:46 GMT Server Apache
GET H/1.1	200 OK	Untitled1.css reseauev-immobilier.fr/lnhabilitadosAcceso/index_files/	2 KB 2 KB	46ms 32ms	Stylesheet text/css	163.172.255.246 Online SAS
General Check archive.org Show headers Download Go to Full URL https://reseauev-immobilier.fr/lnhabilitadosAcceso/index_files/Untitled1.css Requested by Host: reseauev-immobilier.fr URL: https://reseauev-immobilier.fr/lnhabilitadosAcceso/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 163.172.255.246 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-255-246.rev.poneytelecom.eu Software Apache / Resource Hash `e7cd49639bec85fb427c65093670014ebe889cf47c4770af3c2f4f450aa7e62c` Request headers accept-language fr-FR,fr;q=0.9 Referer https://reseauev-immobilier.fr/lnhabilitadosAcceso/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36 Response headers Date Tue, 09 May 2023 19:15:09 GMT Last-Modified Tue, 18 Apr 2023 16:07:41 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=100, max=499 Content-Length 1889
GET H/1.1	200 OK	index.css reseauev-immobilier.fr/lnhabilitadosAcceso/index_files/	4 KB 4 KB	68ms 31ms	Stylesheet text/css	163.172.255.246 Online SAS
General Check archive.org Show headers Download Go to Full URL https://reseauev-immobilier.fr/lnhabilitadosAcceso/index_files/index.css Requested by Host: reseauev-immobilier.fr URL: https://reseauev-immobilier.fr/lnhabilitadosAcceso/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 163.172.255.246 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-255-246.rev.poneytelecom.eu Software Apache / Resource Hash `8e62cee482007ce7bceaad4117347520f05ac3a77b9b6ee02667d410743f04ba` Request headers accept-language fr-FR,fr;q=0.9 Referer https://reseauev-immobilier.fr/lnhabilitadosAcceso/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36 Response headers Date Tue, 09 May 2023 19:15:09 GMT Last-Modified Tue, 18 Apr 2023 16:07:36 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=100, max=500 Content-Length 4105
GET H/1.1	200 OK	css2 reseauev-immobilier.fr/lnhabilitadosAcceso/index_files/	3 KB 3 KB	69ms 32ms	Stylesheet text/plain	163.172.255.246 Online SAS
General Check archive.org Show headers Download Go to Full URL https://reseauev-immobilier.fr/lnhabilitadosAcceso/index_files/css2 Requested by Host: reseauev-immobilier.fr URL: https://reseauev-immobilier.fr/lnhabilitadosAcceso/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 163.172.255.246 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-255-246.rev.poneytelecom.eu Software Apache / Resource Hash `ebb7515f067eb54603df3b63b3cdb2f751fdd7a87a412729a91bb5a76418d52f` Request headers accept-language fr-FR,fr;q=0.9 Referer https://reseauev-immobilier.fr/lnhabilitadosAcceso/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36 Response headers Date Tue, 09 May 2023 19:15:09 GMT Last-Modified Tue, 18 Apr 2023 16:07:34 GMT Server Apache Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=100, max=500 Content-Length 2955
GET H/1.1	200 OK	scrp.js.descarga Show response reseauev-immobilier.fr/lnhabilitadosAcceso/index_files/	636 B 893 B	51ms 30ms	Script application/javascript	163.172.255.246 Online SAS
General Check archive.org Show headers Download Go to Full URL https://reseauev-immobilier.fr/lnhabilitadosAcceso/index_files/scrp.js.descarga Requested by Host: reseauev-immobilier.fr URL: https://reseauev-immobilier.fr/lnhabilitadosAcceso/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 163.172.255.246 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-255-246.rev.poneytelecom.eu Software Apache / Resource Hash `06b85b21a73f97a7172e2c374ffc9fa58f1355c98cc2265418a43b3c1dc724ef` Request headers accept-language fr-FR,fr;q=0.9 Referer https://reseauev-immobilier.fr/lnhabilitadosAcceso/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36 Response headers Date Tue, 09 May 2023 19:15:09 GMT Last-Modified Tue, 18 Apr 2023 16:07:39 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=100, max=500 Content-Length 636
GET H/1.1	404 Not Found	cjg.svg reseauev-immobilier.fr/lnhabilitadosAcceso/index_files/	8 KB 8 KB	390ms 353ms	Image text/html	163.172.255.246 Online SAS
General Check archive.org Show headers Download Go to Show image Full URL https://reseauev-immobilier.fr/lnhabilitadosAcceso/index_files/cjg.svg Requested by Host: reseauev-immobilier.fr URL: https://reseauev-immobilier.fr/lnhabilitadosAcceso/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 163.172.255.246 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-255-246.rev.poneytelecom.eu Software Apache / Resource Hash `fb9ea0748da646e5e604659461a723904bb3620275511ecd37d461cb261dbdf3` Request headers accept-language fr-FR,fr;q=0.9 Referer https://reseauev-immobilier.fr/lnhabilitadosAcceso/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36 Response headers Pragma no-cache Date Tue, 09 May 2023 19:15:09 GMT Server Apache Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <https://reseauev-immobilier.fr/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=100, max=500 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	200 OK	messi.js Show response reseauev-immobilier.fr/lnhabilitadosAcceso/	189 B 446 B	54ms 27ms	Script application/javascript	163.172.255.246 Online SAS
General Check archive.org Show headers Download Go to Full URL https://reseauev-immobilier.fr/lnhabilitadosAcceso/messi.js Requested by Host: reseauev-immobilier.fr URL: https://reseauev-immobilier.fr/lnhabilitadosAcceso/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 163.172.255.246 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-255-246.rev.poneytelecom.eu Software Apache / Resource Hash `93862a8793d2c671c2e6c5e3d9f235703e28de8f740f90c6677e313b05292c2c` Request headers accept-language fr-FR,fr;q=0.9 Referer https://reseauev-immobilier.fr/lnhabilitadosAcceso/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36 Response headers Date Tue, 09 May 2023 19:15:09 GMT Last-Modified Tue, 18 Apr 2023 16:06:49 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=100, max=498 Content-Length 189
GET H/1.1	200 OK	bg001.jpg reseauev-immobilier.fr/lnhabilitadosAcceso/images/	186 KB 186 KB	29ms 28ms	Image image/jpeg	163.172.255.246 Online SAS
General Check archive.org Show headers Download Go to Show image Full URL https://reseauev-immobilier.fr/lnhabilitadosAcceso/images/bg001.jpg Requested by Host: reseauev-immobilier.fr URL: https://reseauev-immobilier.fr/lnhabilitadosAcceso/index_files/index.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 163.172.255.246 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-255-246.rev.poneytelecom.eu Software Apache / Resource Hash `bf678139dec383594aea3a09abe91024915555f99077399c47b659f5b0447eca` Request headers accept-language fr-FR,fr;q=0.9 Referer https://reseauev-immobilier.fr/lnhabilitadosAcceso/index_files/index.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36 Response headers Date Tue, 09 May 2023 19:15:09 GMT Last-Modified Tue, 18 Apr 2023 16:07:13 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=100, max=499 Content-Length 190352
GET H/1.1	200 OK	frm02.svg reseauev-immobilier.fr/lnhabilitadosAcceso/images/	41 KB 41 KB	27ms 27ms	Image image/svg+xml	163.172.255.246 Online SAS
General Check archive.org Show headers Download Go to Show image Full URL https://reseauev-immobilier.fr/lnhabilitadosAcceso/images/frm02.svg Requested by Host: reseauev-immobilier.fr URL: https://reseauev-immobilier.fr/lnhabilitadosAcceso/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 163.172.255.246 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-255-246.rev.poneytelecom.eu Software Apache / Resource Hash `f191c76fc43953d1239f11fe259544d5a9300f8e5ac4e668b239d2f356a94098` Request headers accept-language fr-FR,fr;q=0.9 Referer https://reseauev-immobilier.fr/lnhabilitadosAcceso/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36 Response headers Date Tue, 09 May 2023 19:15:09 GMT Last-Modified Tue, 18 Apr 2023 16:07:17 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=100, max=499 Content-Length 41623
GET		logo.svg blgcbajigpdfohpgcmbbfnphcgifjopc/images/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: blgcbajigpdfohpgcmbbfnphcgifjopc
URL: chrome-extension://blgcbajigpdfohpgcmbbfnphcgifjopc/images/logo.svg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Itau (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| loadDoc function| loadDoc2 function| enviarDatos

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			reseauev-immobilier.fr/	1969-12-31 23:59:59	Name: PHPSESSID Value: p3l39634s70b6l6livinq2toe2

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://reseauev-immobilier.fr/lnhabilitadosAcceso/index.html(Line 2) Message: The value "none" for key "user-scalable" is invalid, and has been ignored.
network	error	URL: chrome-extension://blgcbajigpdfohpgcmbbfnphcgifjopc/images/logo.svg Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: https://reseauev-immobilier.fr/lnhabilitadosAcceso/index_files/cjg.svg Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blgcbajigpdfohpgcmbbfnphcgifjopc
reseauev-immobilier.fr
blgcbajigpdfohpgcmbbfnphcgifjopc
163.172.255.246
06b85b21a73f97a7172e2c374ffc9fa58f1355c98cc2265418a43b3c1dc724ef
8e62cee482007ce7bceaad4117347520f05ac3a77b9b6ee02667d410743f04ba
93862a8793d2c671c2e6c5e3d9f235703e28de8f740f90c6677e313b05292c2c
bf678139dec383594aea3a09abe91024915555f99077399c47b659f5b0447eca
c06f0fb42823fd32c8b71915242d549473fbb89950d67dcb6b45625324de7fd6
e7cd49639bec85fb427c65093670014ebe889cf47c4770af3c2f4f450aa7e62c
ebb7515f067eb54603df3b63b3cdb2f751fdd7a87a412729a91bb5a76418d52f
f191c76fc43953d1239f11fe259544d5a9300f8e5ac4e668b239d2f356a94098
fb9ea0748da646e5e604659461a723904bb3620275511ecd37d461cb261dbdf3

reseauev-immobilier.fr Open in urlscan Pro 163.172.255.246 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

10 Requests

90 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

264 kBTransfer

262 kBSize

1 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

3 Console Messages

Indicators

reseauev-immobilier.fr Open in urlscan Pro
163.172.255.246 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

90 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

264 kB
Transfer

262 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!