www.red-express-04.com

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 3 HTTP transactions. The main IP is 109.238.10.158, located in France and belongs to IKOULA, FR. The main domain is www.red-express-04.com.

This is the only time www.red-express-04.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

HS2_calendrier_formations_second_semestre2018.pdf 571 KB application/pdf

SHA256: 65a6254be2dbf4ebefb762774ea285c72f1ad9db82d091a47f98b95ea45e005d

MIME: PDF document, version 1.7

Domain & IP information

	IP Address	AS Autonomous System
2	109.238.10.158 109.238.10.158	21409 (IKOULA) (IKOULA)
1	2001:41d0:98:... 2001:41d0:98:bb01::4	16276 (OVH) (OVH)
3	2

2 109.238.10.158 (France)

ASN21409 (IKOULA, FR)
PTR: ik010158.ikexpress.com

www.red-express-04.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:41d0:98:bb01::4 (France)

ASN16276 (OVH, FR)

www.hs2.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	red-express-04.com www.red-express-04.com	3 KB
1	hs2.fr www.hs2.fr
3	2

	Domain	Requested by
2	www.red-express-04.com	www.red-express-04.com
1	www.hs2.fr	www.red-express-04.com
3	2

This site contains no links.

Subject Issuer	Validity	Valid
www.hs2.fr Let's Encrypt Authority X3	`2018-08-07` - `2018-11-05`	3 months	crt.sh

This page contains 1 frames:

Frame: https://www.hs2.fr/pdf/HS2_calendrier_formations_second_semestre2018.pdf
Frame ID: 919CE6CFDACCA26C3391AF1A6A67B5D9
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

3
Requests

33 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

3 kB
Transfer

3 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request inf.php Show response www.red-express-04.com/out/	1 KB 856 B	112ms 94ms	Document text/html	109.238.10.158 IKOULA
General Check archive.org Show headers Download Go to Full URL http://www.red-express-04.com/out/inf.php?p=050c0E00093690012655400469985115107097105115101114064101120099101108108105117109045115101114118105099101115046099111109 Protocol HTTP/1.1 Server 109.238.10.158 , France, ASN21409 (IKOULA, FR), Reverse DNS ik010158.ikexpress.com Software nginx / PleskLin Resource Hash `1f79f1860996a1e79da8e977a3e7b57c3dc55859423b4073036ef70cab5c456a` Request headers Host www.red-express-04.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 919CE6CFDACCA26C3391AF1A6A67B5D9 Response headers Server nginx Date Tue, 11 Sep 2018 20:08:47 GMT Content-Type text/html; charset=UTF-8 Content-Length 629 Connection keep-alive Vary Accept-Encoding Content-Encoding gzip X-Powered-By PleskLin
GET H/1.1	200 OK	style.css www.red-express-04.com/out/	2 KB 2 KB	19ms 19ms	Stylesheet text/css	109.238.10.158 IKOULA
General Check archive.org Show headers Download Go to Full URL http://www.red-express-04.com/out/style.css Requested by Host: www.red-express-04.com URL: http://www.red-express-04.com/out/inf.php?p=050c0E00093690012655400469985115107097105115101114064101120099101108108105117109045115101114118105099101115046099111109 Protocol HTTP/1.1 Server 109.238.10.158 , France, ASN21409 (IKOULA, FR), Reverse DNS ik010158.ikexpress.com Software nginx / PleskLin Resource Hash `8072ce8e6e95f148d892f9a23771147323cd78bc97eaef6d2369f2c82cc6f691` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.red-express-04.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://www.red-express-04.com/out/inf.php?p=050c0E00093690012655400469985115107097105115101114064101120099101108108105117109045115101114118105099101115046099111109 Connection keep-alive Cache-Control no-cache Referer http://www.red-express-04.com/out/inf.php?p=050c0E00093690012655400469985115107097105115101114064101120099101108108105117109045115101114118105099101115046099111109 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 11 Sep 2018 20:08:47 GMT Last-Modified Mon, 01 Feb 2010 09:26:06 GMT Server nginx X-Powered-By PleskLin ETag "4b669e2e-719" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 1817
GET H/1.1	200 OK	HS2_calendrier_formations_second_semestre2018.pdf www.hs2.fr/pdf/	0 0	118ms 13ms	Document application/pdf	2001:41d0:98:bb01::4 OVH
General Check archive.org Show headers Download Go to Full URL https://www.hs2.fr/pdf/HS2_calendrier_formations_second_semestre2018.pdf Requested by Host: www.red-express-04.com URL: http://www.red-express-04.com/out/inf.php?p=050c0E00093690012655400469985115107097105115101114064101120099101108108105117109045115101114118105099101115046099111109 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2001:41d0:98:bb01::4 , France, ASN16276 (OVH, FR), Reverse DNS Software nginx / Resource Hash Request headers Host www.hs2.fr Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://www.red-express-04.com/out/inf.php?p=050c0E00093690012655400469985115107097105115101114064101120099101108108105117109045115101114118105099101115046099111109 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 919CE6CFDACCA26C3391AF1A6A67B5D9 Referer http://www.red-express-04.com/out/inf.php?p=050c0E00093690012655400469985115107097105115101114064101120099101108108105117109045115101114118105099101115046099111109 Response headers Server nginx Date Tue, 11 Sep 2018 20:08:47 GMT Content-Type application/pdf Content-Length 584714 Last-Modified Thu, 30 Aug 2018 18:30:41 GMT Connection keep-alive ETag "5b8837d1-8ec0a" Expires Thu, 31 Dec 2037 23:55:55 GMT Cache-Control max-age=315360000 public, must-revalidate, proxy-revalidate Pragma public Accept-Ranges bytes

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| unsubNow function| redirigeVersMiroir

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.hs2.fr
www.red-express-04.com
109.238.10.158
2001:41d0:98:bb01::4
1f79f1860996a1e79da8e977a3e7b57c3dc55859423b4073036ef70cab5c456a
8072ce8e6e95f148d892f9a23771147323cd78bc97eaef6d2369f2c82cc6f691

www.red-express-04.com Open in urlscan Pro 109.238.10.158 Public Scan

Summary

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

3 Requests

33 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

3 kBTransfer

3 kBSize

0 Cookies

0 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

0 Cookies

Indicators

www.red-express-04.com Open in urlscan Pro
109.238.10.158 Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

33 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

3 kB
Transfer

3 kB
Size

0
Cookies

3 HTTP transactions
0 data transactions