www.b2b-location-brais.fr Open in urlscan Pro
31.222.195.29 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.b2b-location-brais.fr/wp-content/plugins/elementor/EDF/vbv/index2.php
Submission: On December 19 via automatic, source openphish (December 19th 2018, 9:07:23 am UTC)

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 31.222.195.29, located in France and belongs to NEO-ASN legacy Neotelecoms, FR. The main domain is www.b2b-location-brais.fr.
TLS certificate: Issued by Gandi Standard SSL CA 2 on October 22nd 2018. Valid for: a year.

This is the only time www.b2b-location-brais.fr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Électricité de France (Utility)

Domain & IP information

	IP Address	AS Autonomous System
2	31.222.195.29 31.222.195.29	8218 (NEO-ASN l...) (NEO-ASN legacy Neotelecoms)
5	160.92.186.71 160.92.186.71	8677 (WORLDLINE) (WORLDLINE)
1	103.254.137.2 103.254.137.2	38719 (DREAMSCAP...) (DREAMSCAPE-AS-AP Dreamscape Networks Limited)
8	3

2 31.222.195.29 (France)

ASN8218 (NEO-ASN legacy Neotelecoms, FR)
PTR: bv-lamp-01-prod.bellvision.fr

www.b2b-location-brais.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 160.92.186.71 (France)

ASN8677 (WORLDLINE, FR)
PTR: lbp.wlp-acs.com

lbp.wlp-acs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.254.137.2 (Australia)

ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)
PTR: sknet.ht.dstier2.com

www.townsvilleelectrical.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	wlp-acs.com lbp.wlp-acs.com	8 KB
2	b2b-location-brais.fr www.b2b-location-brais.fr	5 KB
1	townsvilleelectrical.com.au www.townsvilleelectrical.com.au	14 KB
8	3

	Domain	Requested by
5	lbp.wlp-acs.com	www.b2b-location-brais.fr
2	www.b2b-location-brais.fr	www.b2b-location-brais.fr
1	www.townsvilleelectrical.com.au	www.b2b-location-brais.fr
8	3

This site contains no links.

Subject Issuer	Validity	Valid
www.b2b-location-brais.fr Gandi Standard SSL CA 2	`2018-10-22` - `2019-10-22`	a year	crt.sh
lbp.wlp-acs.com Entrust Certification Authority - L1K	`2017-05-26` - `2019-06-22`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.b2b-location-brais.fr/wp-content/plugins/elementor/EDF/vbv/index2.php
Frame ID: 6E5AE4A72D4B1ED0C65F3FE3552FD068
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

8
Requests

88 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

27 kB
Transfer

27 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set index2.php Show response www.b2b-location-brais.fr/wp-content/plugins/elementor/EDF/vbv/	4 KB 2 KB	38ms 38ms	Document text/html	31.222.195.29 NEO-ASN legacy Ne...
General Check archive.org Show headers Download Go to Full URL https://www.b2b-location-brais.fr/wp-content/plugins/elementor/EDF/vbv/index2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 31.222.195.29 , France, ASN8218 (NEO-ASN legacy Neotelecoms, FR), Reverse DNS bv-lamp-01-prod.bellvision.fr Software nginx/1.10.3 / Resource Hash `968b8cc44e7976e47a1333fe5c899acf18dded7112b74c5c42f8193420fc0d64` Request headers Host www.b2b-location-brais.fr Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Server nginx/1.10.3 Date Wed, 19 Dec 2018 09:07:05 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie PHPSESSID=fagidcucuk9tss821s8brmap6t; path=/ Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Content-Encoding gzip
GET H/1.1	200 OK	styles-banque.css lbp.wlp-acs.com/css/	5 KB 3 KB	189ms 29ms	Stylesheet text/css	160.92.186.71 WORLDLINE
General Check archive.org Show headers Download Go to Full URL https://lbp.wlp-acs.com/css/styles-banque.css Requested by Host: www.b2b-location-brais.fr URL: https://www.b2b-location-brais.fr/wp-content/plugins/elementor/EDF/vbv/index2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.92.186.71 , France, ASN8677 (WORLDLINE, FR), Reverse DNS lbp.wlp-acs.com Software / Resource Hash `359e44e3a0bf3d3d58302f1e5c521fcb18eb3a7b92d3fe158b50be2a656dd018` Request headers Referer https://www.b2b-location-brais.fr/wp-content/plugins/elementor/EDF/vbv/index2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Wed, 19 Dec 2018 09:07:05 GMT Content-Encoding gzip Last-Modified Thu, 12 May 2016 09:06:33 GMT ETag W/"5364-1463043993000-gzip" Vary Accept-Encoding P3P CP='NON CUR OUR NOR UNI' Cache-Control no-store, no-cache, must-revalidate Cache no-store Connection Keep-Alive Accept-Ranges bytes Content-Type text/css Keep-Alive timeout=10, max=200 Content-Length 1389 Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H/1.1	200 OK	logo.png www.b2b-location-brais.fr/wp-content/plugins/elementor/EDF/vbv/	3 KB 3 KB	26ms 25ms	Image image/png	31.222.195.29 NEO-ASN legacy Ne...
General Check archive.org Show headers Download Go to Show image Full URL https://www.b2b-location-brais.fr/wp-content/plugins/elementor/EDF/vbv/logo.png Requested by Host: www.b2b-location-brais.fr URL: https://www.b2b-location-brais.fr/wp-content/plugins/elementor/EDF/vbv/index2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 31.222.195.29 , France, ASN8218 (NEO-ASN legacy Neotelecoms, FR), Reverse DNS bv-lamp-01-prod.bellvision.fr Software nginx/1.10.3 / Resource Hash `c10fde7e3c485806892c2df9609c164fd5e83825b697c30946034e2778f612b4` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host www.b2b-location-brais.fr User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.b2b-location-brais.fr/wp-content/plugins/elementor/EDF/vbv/index2.php Cookie PHPSESSID=fagidcucuk9tss821s8brmap6t Connection keep-alive Cache-Control no-cache Referer https://www.b2b-location-brais.fr/wp-content/plugins/elementor/EDF/vbv/index2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 19 Dec 2018 09:07:05 GMT Last-Modified Tue, 18 Dec 2018 17:04:13 GMT Server nginx/1.10.3 ETag "5c19288d-a97" Content-Type image/png Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Content-Length 2711 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	haki.jpg www.townsvilleelectrical.com.au/wp-content/plugins/	13 KB 14 KB	1986ms 342ms	Image image/jpeg	103.254.137.2 DREAMSCAPE-AS-AP ...
General Check archive.org Show headers Download Go to Show image Full URL http://www.townsvilleelectrical.com.au/wp-content/plugins/haki.jpg Requested by Host: www.b2b-location-brais.fr URL: https://www.b2b-location-brais.fr/wp-content/plugins/elementor/EDF/vbv/index2.php Protocol HTTP/1.1 Server 103.254.137.2 , Australia, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU), Reverse DNS sknet.ht.dstier2.com Software nginx / Resource Hash `957afaaad6d66027743e75bf38097a873f6d6624f1c82bf8885a73c493ff57bb` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 19 Dec 2018 09:07:07 GMT Referrer-Policy Last-Modified Fri, 14 Dec 2018 16:34:51 GMT Server nginx ETag "34b9-57cfe02ac49dc" Content-Type image/jpeg Cache-Control max-age=31536000 Connection keep-alive Accept-Ranges bytes Content-Length 13497 Expires Thu, 19 Dec 2019 05:56:48 GMT
GET H/1.1	200 OK	btn_ok_onn.png lbp.wlp-acs.com/imgs/imagesTemplates/	997 B 2 KB	187ms 25ms	Image image/png	160.92.186.71 WORLDLINE
General Check archive.org Show headers Download Go to Show image Full URL https://lbp.wlp-acs.com/imgs/imagesTemplates/btn_ok_onn.png Requested by Host: www.b2b-location-brais.fr URL: https://www.b2b-location-brais.fr/wp-content/plugins/elementor/EDF/vbv/index2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.92.186.71 , France, ASN8677 (WORLDLINE, FR), Reverse DNS lbp.wlp-acs.com Software / Resource Hash `f3cd338409ccbbe4b7b74ce89ffc4c48f1615ded2eebaa67220e1430dc872519` Request headers Referer https://www.b2b-location-brais.fr/wp-content/plugins/elementor/EDF/vbv/index2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Wed, 19 Dec 2018 09:07:05 GMT Content-Encoding gzip Last-Modified Tue, 18 Nov 2014 06:17:44 GMT ETag W/"997-1416291464000-gzip" Vary Accept-Encoding P3P CP='NON CUR OUR NOR UNI' Cache-Control no-store, no-cache, must-revalidate Cache no-store Connection Keep-Alive Accept-Ranges bytes Content-Type image/png Keep-Alive timeout=10, max=199 Content-Length 1020 Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H/1.1	200 OK	ar_h.gif lbp.wlp-acs.com/imgs/imagesTemplates/	180 B 1 KB	47ms 25ms	Image image/gif	160.92.186.71 WORLDLINE
General Check archive.org Show headers Download Go to Show image Full URL https://lbp.wlp-acs.com/imgs/imagesTemplates/ar_h.gif Requested by Host: www.b2b-location-brais.fr URL: https://www.b2b-location-brais.fr/wp-content/plugins/elementor/EDF/vbv/index2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.92.186.71 , France, ASN8677 (WORLDLINE, FR), Reverse DNS lbp.wlp-acs.com Software / Resource Hash `f337f4f2e442c8cad8c7b63bdd34283b5823e0fb92b84d563ef0b371dba2424a` Request headers Referer https://lbp.wlp-acs.com/css/styles-banque.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Wed, 19 Dec 2018 09:07:05 GMT Content-Encoding gzip Last-Modified Tue, 18 Nov 2014 06:17:44 GMT ETag W/"180-1416291464000-gzip" Vary Accept-Encoding P3P CP='NON CUR OUR NOR UNI' Cache-Control no-store, no-cache, must-revalidate Cache no-store Connection Keep-Alive Accept-Ranges bytes Content-Type image/gif Keep-Alive timeout=10, max=198 Content-Length 200 Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H/1.1	200 OK	ar_b.gif lbp.wlp-acs.com/imgs/imagesTemplates/	180 B 1 KB	70ms 23ms	Image image/gif	160.92.186.71 WORLDLINE
General Check archive.org Show headers Download Go to Show image Full URL https://lbp.wlp-acs.com/imgs/imagesTemplates/ar_b.gif Requested by Host: www.b2b-location-brais.fr URL: https://www.b2b-location-brais.fr/wp-content/plugins/elementor/EDF/vbv/index2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.92.186.71 , France, ASN8677 (WORLDLINE, FR), Reverse DNS lbp.wlp-acs.com Software / Resource Hash `937bd0bf0b0ce1431c3cb4efe9195f646b6db558adf972108dab44216ddb36eb` Request headers Referer https://lbp.wlp-acs.com/css/styles-banque.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Wed, 19 Dec 2018 09:07:05 GMT Content-Encoding gzip Last-Modified Tue, 18 Nov 2014 06:17:44 GMT ETag W/"180-1416291464000-gzip" Vary Accept-Encoding P3P CP='NON CUR OUR NOR UNI' Cache-Control no-store, no-cache, must-revalidate Cache no-store Connection Keep-Alive Accept-Ranges bytes Content-Type image/gif Keep-Alive timeout=10, max=197 Content-Length 200 Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H/1.1	200 OK	fl_b.png lbp.wlp-acs.com/imgs/imagesTemplates/	135 B 1 KB	93ms 24ms	Image image/png	160.92.186.71 WORLDLINE
General Check archive.org Show headers Download Go to Show image Full URL https://lbp.wlp-acs.com/imgs/imagesTemplates/fl_b.png Requested by Host: www.b2b-location-brais.fr URL: https://www.b2b-location-brais.fr/wp-content/plugins/elementor/EDF/vbv/index2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.92.186.71 , France, ASN8677 (WORLDLINE, FR), Reverse DNS lbp.wlp-acs.com Software / Resource Hash `ca1347c5670aca8060b3bb0461e4a38ae8881e68547c35d165e214fb7524e9da` Request headers Referer https://lbp.wlp-acs.com/css/styles-banque.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Wed, 19 Dec 2018 09:07:05 GMT Content-Encoding gzip Last-Modified Tue, 18 Nov 2014 06:17:44 GMT ETag W/"135-1416291464000-gzip" Vary Accept-Encoding P3P CP='NON CUR OUR NOR UNI' Cache-Control no-store, no-cache, must-revalidate Cache no-store Connection Keep-Alive Accept-Ranges bytes Content-Type image/png Keep-Alive timeout=10, max=196 Content-Length 147 Expires Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Électricité de France (Utility)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.b2b-location-brais.fr/	1969-12-31 23:59:59	Name: PHPSESSID Value: fagidcucuk9tss821s8brmap6t

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lbp.wlp-acs.com
www.b2b-location-brais.fr
www.townsvilleelectrical.com.au
103.254.137.2
160.92.186.71
31.222.195.29
359e44e3a0bf3d3d58302f1e5c521fcb18eb3a7b92d3fe158b50be2a656dd018
937bd0bf0b0ce1431c3cb4efe9195f646b6db558adf972108dab44216ddb36eb
957afaaad6d66027743e75bf38097a873f6d6624f1c82bf8885a73c493ff57bb
968b8cc44e7976e47a1333fe5c899acf18dded7112b74c5c42f8193420fc0d64
c10fde7e3c485806892c2df9609c164fd5e83825b697c30946034e2778f612b4
ca1347c5670aca8060b3bb0461e4a38ae8881e68547c35d165e214fb7524e9da
f337f4f2e442c8cad8c7b63bdd34283b5823e0fb92b84d563ef0b371dba2424a
f3cd338409ccbbe4b7b74ce89ffc4c48f1615ded2eebaa67220e1430dc872519

www.b2b-location-brais.fr Open in urlscan Pro 31.222.195.29 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

8 Requests

88 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

27 kBTransfer

27 kBSize

1 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

www.b2b-location-brais.fr Open in urlscan Pro
31.222.195.29 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

88 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

27 kB
Transfer

27 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!