www.ucblongwy.fr Open in urlscan Pro
195.114.18.152 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.ucblongwy.fr/mmp/webapps/
Effective URL:
http://www.ucblongwy.fr/mmp/webapps/login.php?country.x=en&locale.x=de_DE
Submission: On August 23 via automatic, source openphish (August 23rd 2017, 2:06:10 am UTC)

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 8 HTTP transactions. The main IP is 195.114.18.152, located in France and belongs to NUXIT-AS, FR. The main domain is www.ucblongwy.fr.

This is the only time www.ucblongwy.fr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address		AS Autonomous System
7	195.114.18.152 195.114.18.152		41186 (NUXIT-AS) (NUXIT-AS)
8	2

7 195.114.18.152 (France)

ASN41186 (NUXIT-AS, FR)
PTR: 195-114-18-152.ispfr.net

www.ucblongwy.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	ucblongwy.fr www.ucblongwy.fr	47 KB
0	scdn.cf Failed scdn.cf Failed
8	2

	Domain	Requested by
7	www.ucblongwy.fr	www.ucblongwy.fr
0	scdn.cf Failed	www.ucblongwy.fr
8	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://www.ucblongwy.fr/mmp/webapps/login.php?country.x=en&locale.x=de_DE
Frame ID: 11543.1
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

8
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

47 kB
Transfer

142 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.php Show response www.ucblongwy.fr/mmp/webapps/ Redirect Chain http://www.ucblongwy.fr/mmp/index.php http://www.ucblongwy.fr/mmp/webapps/login.php?country.x=en&locale.x=de_DE	4 KB 2 KB	82ms 82ms	Document text/html	195.114.18.152 NUXIT-AS
General Check archive.org Show headers Download Go to Full URL http://www.ucblongwy.fr/mmp/webapps/login.php?country.x=en&locale.x=de_DE Protocol HTTP/1.1 Server 195.114.18.152 , France, ASN41186 (NUXIT-AS, FR), Reverse DNS 195-114-18-152.ispfr.net Software Apache / PHP/5.3.27 Resource Hash `21a9e07fd631922730088bcac62b4b46db6a1314879441ee94c31bd12b670eda` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36 Response headers Pragma no-cache Date Wed, 23 Aug 2017 02:05:59 GMT Content-Encoding gzip Server Apache X-Powered-By PHP/5.3.27 Vary Accept-Encoding Content-Type text/html Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Content-Length 1669 Expires Thu, 19 Nov 1981 08:52:00 GMT Redirect headers Pragma no-cache Date Wed, 23 Aug 2017 02:05:59 GMT Content-Encoding gzip Server Apache X-Powered-By PHP/5.3.27 Vary Accept-Encoding Content-Type text/html Location ./webapps/login.php?country.x=en&locale.x=de_DE Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Content-Length 23 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	jquery.min.js Show response www.ucblongwy.fr/mmp/webapps/auth/js/	94 KB 32 KB	38ms 38ms	Script application/javascript	195.114.18.152 NUXIT-AS
General Check archive.org Show headers Download Go to Full URL http://www.ucblongwy.fr/mmp/webapps/auth/js/jquery.min.js Requested by Host: www.ucblongwy.fr URL: http://www.ucblongwy.fr/mmp/webapps/login.php?country.x=en&locale.x=de_DE Protocol HTTP/1.1 Server 195.114.18.152 , France, ASN41186 (NUXIT-AS, FR), Reverse DNS 195-114-18-152.ispfr.net Software Apache / Resource Hash `4b940065e2a67c37e3bd02b23c651f4744a3c219aba2d4fb99a631113494d376` Request headers Referer http://www.ucblongwy.fr/mmp/webapps/login.php?country.x=en&locale.x=de_DE User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36 Response headers Date Wed, 23 Aug 2017 02:05:59 GMT Content-Encoding gzip Last-Modified Wed, 01 Feb 2017 01:19:12 GMT Server Apache ETag "f17252f-1764d-5476dd6110400" Vary Accept-Encoding Content-Type application/javascript Accept-Ranges bytes Content-Length 33250
GET H/1.1	200 OK	error.css www.ucblongwy.fr/mmp/webapps/auth/css/	7 KB 872 B	82ms 53ms	Stylesheet text/css	195.114.18.152 NUXIT-AS
General Check archive.org Show headers Download Go to Full URL http://www.ucblongwy.fr/mmp/webapps/auth/css/error.css Requested by Host: www.ucblongwy.fr URL: http://www.ucblongwy.fr/mmp/webapps/login.php?country.x=en&locale.x=de_DE Protocol HTTP/1.1 Server 195.114.18.152 , France, ASN41186 (NUXIT-AS, FR), Reverse DNS 195-114-18-152.ispfr.net Software Apache / Resource Hash `bf185d57a19dd41cf8986688296b7acbab6a9d39c5116082e3ccc40a35124a27` Request headers Referer http://www.ucblongwy.fr/mmp/webapps/login.php?country.x=en&locale.x=de_DE User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36 Response headers Date Wed, 23 Aug 2017 02:05:59 GMT Content-Encoding gzip Last-Modified Wed, 01 Feb 2017 01:19:12 GMT Server Apache ETag "f170349-1dd2-5476dd6110400" Vary Accept-Encoding Content-Type text/css Accept-Ranges bytes Content-Length 872
GET H/1.1	200 OK	css.css www.ucblongwy.fr/mmp/webapps/auth/css/login/	28 KB 6 KB	70ms 41ms	Stylesheet text/css	195.114.18.152 NUXIT-AS
General Check archive.org Show headers Download Go to Full URL http://www.ucblongwy.fr/mmp/webapps/auth/css/login/css.css Requested by Host: www.ucblongwy.fr URL: http://www.ucblongwy.fr/mmp/webapps/login.php?country.x=en&locale.x=de_DE Protocol HTTP/1.1 Server 195.114.18.152 , France, ASN41186 (NUXIT-AS, FR), Reverse DNS 195-114-18-152.ispfr.net Software Apache / Resource Hash `3dede67b116e1bfb5bb76a897f6ae4dee0c54d69bed551648b3494ab1a65de57` Request headers Referer http://www.ucblongwy.fr/mmp/webapps/login.php?country.x=en&locale.x=de_DE User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36 Response headers Date Wed, 23 Aug 2017 02:05:59 GMT Content-Encoding gzip Last-Modified Wed, 01 Feb 2017 01:19:12 GMT Server Apache ETag "f170346-71e4-5476dd6110400" Vary Accept-Encoding Content-Type text/css Accept-Ranges bytes Content-Length 5988
GET H/1.1	200 OK	loading.css www.ucblongwy.fr/mmp/webapps/auth/css/	4 KB 979 B	82ms 52ms	Stylesheet text/css	195.114.18.152 NUXIT-AS
General Check archive.org Show headers Download Go to Full URL http://www.ucblongwy.fr/mmp/webapps/auth/css/loading.css Requested by Host: www.ucblongwy.fr URL: http://www.ucblongwy.fr/mmp/webapps/login.php?country.x=en&locale.x=de_DE Protocol HTTP/1.1 Server 195.114.18.152 , France, ASN41186 (NUXIT-AS, FR), Reverse DNS 195-114-18-152.ispfr.net Software Apache / Resource Hash `e335fbb341e0a9ef90b79fcd83f5466b8aa6df5a61b8a88fbac79653d32fb81e` Request headers Referer http://www.ucblongwy.fr/mmp/webapps/login.php?country.x=en&locale.x=de_DE User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36 Response headers Date Wed, 23 Aug 2017 02:05:59 GMT Content-Encoding gzip Last-Modified Wed, 01 Feb 2017 01:19:12 GMT Server Apache ETag "f17034b-f77-5476dd6110400" Vary Accept-Encoding Content-Type text/css Accept-Ranges bytes Content-Length 979
GET H/1.1	200 OK	js1.js Show response www.ucblongwy.fr/mmp/webapps/auth/js/	609 B 246 B	82ms 52ms	Script application/javascript	195.114.18.152 NUXIT-AS
General Check archive.org Show headers Download Go to Full URL http://www.ucblongwy.fr/mmp/webapps/auth/js/js1.js Requested by Host: www.ucblongwy.fr URL: http://www.ucblongwy.fr/mmp/webapps/login.php?country.x=en&locale.x=de_DE Protocol HTTP/1.1 Server 195.114.18.152 , France, ASN41186 (NUXIT-AS, FR), Reverse DNS 195-114-18-152.ispfr.net Software Apache / Resource Hash `a34e277b7db76c30a654ecc4c41d62d8f4ac85b09ac8c11ac5b5c0ca74e17e4b` Request headers Referer http://www.ucblongwy.fr/mmp/webapps/login.php?country.x=en&locale.x=de_DE User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36 Response headers Date Wed, 23 Aug 2017 02:05:59 GMT Content-Encoding gzip Last-Modified Wed, 01 Feb 2017 01:19:12 GMT Server Apache ETag "f172530-261-5476dd6110400" Vary Accept-Encoding Content-Type application/javascript Accept-Ranges bytes Content-Length 246
GET H/1.1	200 OK	logo-logo-129x32.svg www.ucblongwy.fr/mmp/webapps/auth/images/	5 KB 5 KB	43ms 42ms	Image image/svg+xml	195.114.18.152 NUXIT-AS
General Check archive.org Show headers Download Go to Show image Full URL http://www.ucblongwy.fr/mmp/webapps/auth/images/logo-logo-129x32.svg Requested by Host: www.ucblongwy.fr URL: http://www.ucblongwy.fr/mmp/webapps/auth/js/jquery.min.js Protocol HTTP/1.1 Server 195.114.18.152 , France, ASN41186 (NUXIT-AS, FR), Reverse DNS 195-114-18-152.ispfr.net Software Apache / Resource Hash `b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5` Request headers Referer http://www.ucblongwy.fr/mmp/webapps/auth/css/login/css.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36 Response headers Date Wed, 23 Aug 2017 02:05:59 GMT Last-Modified Wed, 01 Feb 2017 01:19:12 GMT Server Apache Accept-Ranges bytes ETag "f172514-1351-5476dd6110400" Content-Length 4945 Content-Type image/svg+xml
GET		logo.png scdn.cf/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: scdn.cf
URL: http://scdn.cf/logo.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.ucblongwy.fr/	1970-01-01 00:00:00	Name: PHPSESSID Value: 47a7a74484222f5bb658c09f11da8192

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

scdn.cf
www.ucblongwy.fr
scdn.cf
195.114.18.152
21a9e07fd631922730088bcac62b4b46db6a1314879441ee94c31bd12b670eda
3dede67b116e1bfb5bb76a897f6ae4dee0c54d69bed551648b3494ab1a65de57
4b940065e2a67c37e3bd02b23c651f4744a3c219aba2d4fb99a631113494d376
a34e277b7db76c30a654ecc4c41d62d8f4ac85b09ac8c11ac5b5c0ca74e17e4b
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
bf185d57a19dd41cf8986688296b7acbab6a9d39c5116082e3ccc40a35124a27
e335fbb341e0a9ef90b79fcd83f5466b8aa6df5a61b8a88fbac79653d32fb81e

www.ucblongwy.fr Open in urlscan Pro 195.114.18.152 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

8 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

47 kBTransfer

142 kBSize

1 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

www.ucblongwy.fr Open in urlscan Pro
195.114.18.152 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

47 kB
Transfer

142 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!