urlscan.io logo urlscan.io
SecurityTrails logo

antipolis.fr Open in urlscan Pro
62.4.10.255  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://antipolis.fr/mend/
Submission: On September 05 via automatic, source openphish — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 3 HTTP transactions. The main IP is 62.4.10.255, located in France and belongs to Online SAS, FR. The main domain is antipolis.fr.
This is the only time antipolis.fr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Naver (Online)

Domain & IP information

IP Address AS Autonomous System
1 2 62.4.10.255 12876 (Online SAS)
1 2620:0:862:ed... 14907 (WIKIMEDIA)
1 199.232.16.193 54113 (FASTLY)
3 3
Apex Domain
Subdomains		 Transfer
2 antipolis.fr
antipolis.fr
2 KB
1 imgur.com
i.imgur.com — Cisco Umbrella Rank: 5927
14 KB
1 wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 2263
33 KB
3 3
Domain Requested by
2 antipolis.fr 1 redirects
1 i.imgur.com antipolis.fr
1 upload.wikimedia.org antipolis.fr
3 3

This site contains no links.

Subject Issuer Validity Valid
*.wikipedia.org
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-10-19 -
2022-11-17		 a year crt.sh
*.imgur.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-03-16		 a year crt.sh

This page contains 1 frames:

Primary Page: http://antipolis.fr/mend/
Frame ID: 4CA81AEE04E8DE29560A308A722E5132
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign In

Page URL History Show full URLs

  1. http://antipolis.fr/mend HTTP 301
    http://antipolis.fr/mend/ Page URL

Page Statistics

3
Requests

67 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

49 kB
Transfer

47 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://antipolis.fr/mend HTTP 301
    http://antipolis.fr/mend/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
antipolis.fr/mend/
Redirect Chain
  • http://antipolis.fr/mend
  • http://antipolis.fr/mend/
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://antipolis.fr/mend/
Protocol
HTTP/1.1
Server
62.4.10.255 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software
Apache /
Resource Hash
ef3e2074313f498edb05cf57c94f0475cc1f5c1aa9eea3b8f58201bb3612f86a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Length
1189
Content-Type
text/html
Date
Mon, 05 Sep 2022 01:29:00 GMT
Keep-Alive
timeout=5, max=99
Last-Modified
Mon, 21 Jan 2019 22:01:50 GMT
Server
Apache
Vary
Accept-Encoding

Redirect headers

Connection
Keep-Alive
Content-Length
233
Content-Type
text/html; charset=iso-8859-1
Date
Mon, 05 Sep 2022 01:29:00 GMT
Keep-Alive
timeout=5, max=100
Location
http://antipolis.fr/mend/
Server
Apache
2000px-Naver_Logotype.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/2/23/Naver_Logotype.svg/ 		32 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.wikimedia.org/wikipedia/commons/thumb/2/23/Naver_Logotype.svg/2000px-Naver_Logotype.svg.png
Requested by
Host: antipolis.fr
URL: http://antipolis.fr/mend/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:0:862:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),
Reverse DNS
Software
ATS/8.0.8 /
Resource Hash
cf0e8e4d417786b102b3b08173c1a5b60d465abace7190cff86cfe4983b17960
Security Headers
Name Value
Strict-Transport-Security max-age=106384710; includeSubDomains; preload

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://antipolis.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Sun, 04 Sep 2022 20:47:21 GMT
nel
{ "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
age
16899
x-cache-status
hit-front
x-cache
cp3063 miss, cp3055 hit/6
content-disposition
inline;filename*=UTF-8''Naver_Logotype.svg.png
server-timing
cache;desc="hit-front", host;desc="cp3055"
content-length
32988
x-client-ip
2001:41d0:d:364d::5
accept-ranges
bytes
last-modified
Tue, 27 Apr 2021 07:00:15 GMT
server
ATS/8.0.8
etag
700d818d50b217153c8dff374bc5a416
strict-transport-security
max-age=106384710; includeSubDomains; preload
report-to
{ "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
permissions-policy
interest-cohort=(),ch-ua-arch=(self "intake-analytics.wikimedia.org"),ch-ua-bitness=(self "intake-analytics.wikimedia.org"),ch-ua-full-version-list=(self "intake-analytics.wikimedia.org"),ch-ua-model=(self "intake-analytics.wikimedia.org"),ch-ua-platform-version=(self "intake-analytics.wikimedia.org")
accept-ch
Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
timing-allow-origin
*
U6Px6y7.png
i.imgur.com/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/U6Px6y7.png
Requested by
Host: antipolis.fr
URL: http://antipolis.fr/mend/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.16.193 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
32f31f362f7c3d81b8e2fcab690c9a9d2ef7724c585b49e2aa4da4b348f364d4
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://antipolis.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 01:29:01 GMT
x-content-type-options
nosniff
age
2262576
x-cache
HIT, HIT
content-length
14344
x-served-by
cache-iad-kiad7000164-IAD, cache-vie6372-VIE
last-modified
Mon, 21 Jan 2019 17:00:16 GMT
server
cat factory 1.0
x-timer
S1662341341.054503,VS0,VE1
etag
"5703cc719e312e7bcf093a897a91ec2b"
strict-transport-security
max-age=300
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Naver (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation

0 Cookies