www.apremtg.fr - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 3 HTTP transactions. The main IP is 213.186.33.17, located in France and belongs to OVH, FR. The main domain is www.apremtg.fr.
TLS certificate: Issued by R3 on February 17th 2023. Valid for: 3 months.

This is the only time www.apremtg.fr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 3	213.186.33.17 213.186.33.17	16276 (OVH) (OVH)
2	193.200.171.14 193.200.171.14	35393 (EURO-WEB-AS) (EURO-WEB-AS)
3	2

3 213.186.33.17 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: cluster006.ovh.net

www.apremtg.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.200.171.14 (France)

ASN35393 (EURO-WEB-AS, FR)
PTR: php142.eml-srv.com

mdworks.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.emlsrv.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	apremtg.fr 2 redirects www.apremtg.fr	3 KB
1	emlsrv.fr www.emlsrv.fr	5 KB
1	mdworks.info mdworks.info	4 KB
3	3

	Domain	Requested by
3	www.apremtg.fr	2 redirects
1	www.emlsrv.fr	www.apremtg.fr
1	mdworks.info	www.apremtg.fr
3	3

This site contains no links.

Subject Issuer	Validity	Valid
www.aprem-ef.com R3	`2023-02-17` - `2023-05-18`	3 months	crt.sh
eml-srv.com R3	`2023-02-09` - `2023-05-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.apremtg.fr/_v4/formulaires/affich_form.php?serial=pPaR6qXE&ope=737279&ope=760040
Frame ID: 64B14EF33408AE62EE269F47B68477E9
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.apremtg.fr/snp/32979766/Jxw2v HTTP 302
https://www.apremtg.fr/_v4/formulaires/affich_form.php?serial=pPaR6qXE&ope=737279&ope=760040 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

3
Requests

67 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

11 kB
Transfer

28 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.apremtg.fr/snp/32979766/Jxw2v HTTP 302
https://www.apremtg.fr/_v4/formulaires/affich_form.php?serial=pPaR6qXE&ope=737279&ope=760040 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://www.apremtg.fr/forms-embed/js/iframeResizer.contentWindow.min.js HTTP 302
https://www.emlsrv.fr/forms-embed/js/iframeResizer.contentWindow.min.js

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request affich_form.php Show response www.apremtg.fr/_v4/formulaires/ Redirect Chain https://www.apremtg.fr/snp/32979766/Jxw2v https://www.apremtg.fr/_v4/formulaires/affich_form.php?serial=pPaR6qXE&ope=737279&ope=760040	11 KB 2 KB	45ms 44ms	Document text/html	213.186.33.17 OVH
General Check archive.org Show headers Download Go to Full URL https://www.apremtg.fr/_v4/formulaires/affich_form.php?serial=pPaR6qXE&ope=737279&ope=760040 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 213.186.33.17 , France, ASN16276 (OVH, FR), Reverse DNS cluster006.ovh.net Software Apache / PHP/5.6 Resource Hash `f21269eef6bf95a5d8b30e7539ccd1b71e3f7a516eee0234700a11b7e4aa54d5` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers content-encoding gzip content-type text/html; charset=ISO-8859-1 date Tue, 21 Feb 2023 09:43:51 GMT server Apache vary Accept-Encoding x-powered-by PHP/5.6 Redirect headers content-type text/html; charset=ISO-8859-1 date Tue, 21 Feb 2023 09:43:51 GMT location https://www.apremtg.fr/_v4/formulaires/affich_form.php?serial=pPaR6qXE&ope=737279&ope=760040 server Apache x-powered-by PHP/5.6
GET H2	200	logoxbte2.png mdworks.info/hebergement_formulaires/3780/	4 KB 4 KB	2779ms 21ms	Image image/png	193.200.171.14 EURO-WEB-AS
General Check archive.org Show headers Download Go to Show image Full URL https://mdworks.info/hebergement_formulaires/3780/logoxbte2.png Requested by Host: www.apremtg.fr URL: https://www.apremtg.fr/_v4/formulaires/affich_form.php?serial=pPaR6qXE&ope=737279&ope=760040 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.200.171.14 , France, ASN35393 (EURO-WEB-AS, FR), Reverse DNS php142.eml-srv.com Software nginx / Resource Hash `0cf9080e09904c7370f479cd64ee8cc0472cb3f08c98858c0a5ddcbed539e5b5` Request headers accept-language fr-FR,fr;q=0.9 Referer https://www.apremtg.fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 09:43:54 GMT last-modified Fri, 08 Jul 2022 13:07:11 GMT server nginx accept-ranges bytes etag "62c82bff-fc8" content-length 4040 content-type image/png
GET H2	200	iframeResizer.contentWindow.min.js Show response www.emlsrv.fr/forms-embed/js/ Redirect Chain https://www.apremtg.fr/forms-embed/js/iframeResizer.contentWindow.min.js https://www.emlsrv.fr/forms-embed/js/iframeResizer.contentWindow.min.js	14 KB 5 KB	79ms 21ms	Script application/javascript	193.200.171.14 EURO-WEB-AS
General Check archive.org Show headers Download Go to Full URL https://www.emlsrv.fr/forms-embed/js/iframeResizer.contentWindow.min.js Requested by Host: www.apremtg.fr URL: https://www.apremtg.fr/_v4/formulaires/affich_form.php?serial=pPaR6qXE&ope=737279&ope=760040 Protocol H2 Server 193.200.171.14 , France, ASN35393 (EURO-WEB-AS, FR), Reverse DNS php142.eml-srv.com Software nginx / Resource Hash `63b5085014a66af8d0d56afb98bb13f69a4c4f21c3c0e2cc63b30fe8c75a49d9` Request headers accept-language fr-FR,fr;q=0.9 Referer https://www.apremtg.fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 09:43:51 GMT content-encoding br last-modified Sun, 25 Sep 2016 11:28:39 GMT server nginx etag W/"57e7b4e7-3654" content-type application/javascript Redirect headers location https://www.emlsrv.fr/forms-embed/js/iframeResizer.contentWindow.min.js date Tue, 21 Feb 2023 09:43:51 GMT server Apache x-powered-by PHP/5.6 content-type text/html; charset=ISO-8859-1

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://www.apremtg.fr/_v4/formulaires/affich_form.php?serial=pPaR6qXE&ope=737279&ope=760040 Message: Mixed Content: The page at 'https://www.apremtg.fr/_v4/formulaires/affich_form.php?serial=pPaR6qXE&ope=737279&ope=760040' was loaded over HTTPS, but requested an insecure element 'http://mdworks.info/hebergement_formulaires/3780/logoxbte2.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://www.apremtg.fr/_v4/formulaires/affich_form.php?serial=pPaR6qXE&ope=737279&ope=760040(Line 254) Message: Mixed Content: The page at 'https://www.apremtg.fr/_v4/formulaires/affich_form.php?serial=pPaR6qXE&ope=737279&ope=760040' was loaded over HTTPS, but requested an insecure element 'http://mdworks.info/hebergement_formulaires/3780/logoxbte2.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mdworks.info
www.apremtg.fr
www.emlsrv.fr
193.200.171.14
213.186.33.17
0cf9080e09904c7370f479cd64ee8cc0472cb3f08c98858c0a5ddcbed539e5b5
63b5085014a66af8d0d56afb98bb13f69a4c4f21c3c0e2cc63b30fe8c75a49d9
f21269eef6bf95a5d8b30e7539ccd1b71e3f7a516eee0234700a11b7e4aa54d5

www.apremtg.fr Open in urlscan Pro 213.186.33.17 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

3 Requests

67 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

1 Countries

11 kBTransfer

28 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

www.apremtg.fr Open in urlscan Pro
213.186.33.17 Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

67 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

11 kB
Transfer

28 kB
Size

0
Cookies

3 HTTP transactions
0 data transactions