robot.wizlink.eu
Open in
urlscan Pro
85.128.138.250
Malicious Activity!
Public Scan
Effective URL: https://robot.wizlink.eu/wp-admin/user/fr/
Submission: On October 28 via manual from FR — Scanned from FR
Summary
TLS certificate: Issued by nazwaSSL on April 28th 2023. Valid for: a year.
This is the only time robot.wizlink.eu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: FR Government (Government) Impots Gouv (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 69.60.99.96 69.60.99.96 | 15083 (INFOLINK-...) (INFOLINK-MIA-) | |
1 2 | 85.128.138.250 85.128.138.250 | 15967 (NETARTGROUP) (NETARTGROUP) | |
1 | 2 |
ASN15967 (NETARTGROUP, PL)
PTR: shared-akg250.rev.nazwa.pl
robot.wizlink.eu |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
wizlink.eu
1 redirects
robot.wizlink.eu |
154 KB |
1 |
1sh.me
1 redirects
1sh.me |
204 B |
1 | 2 |
Domain | Requested by | |
---|---|---|
2 | robot.wizlink.eu | 1 redirects |
1 | 1sh.me | 1 redirects |
1 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.impots.gouv.fr |
browsehappy.com |
www.accepterlescookies.com |
play.test.google.com |
app.franceconnect.gouv.fr |
www.telepaiement.dgfip.finances.gouv.fr |
cfspart.impots.gouv.fr |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.wizlink.eu nazwaSSL |
2023-04-28 - 2024-04-27 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://robot.wizlink.eu/wp-admin/user/fr/
Frame ID: 52381FF86C160FB8863AB4FD57665241
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Particuliers | authentificationPage URL History Show full URLs
-
https://1sh.me/e64592a5
HTTP 302
https://robot.wizlink.eu/wp-admin/user/fr HTTP 301
https://robot.wizlink.eu/wp-admin/user/fr/ Page URL
Page Statistics
12 Outgoing links
These are links going to different origins than the main page.
Title: celle requise par la DGFiP
Search URL Search Domain Scan URL
Title: une version plus récente ou un autre navigateur
Search URL Search Domain Scan URL
Title: accepter les cookies.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Accueil impots.gouv.FR
Search URL Search Domain Scan URL
Title: Qu'est-ce que FranceConnect?
Search URL Search Domain Scan URL
Title: Payer en ligne
Search URL Search Domain Scan URL
Title: ou sur vos avis
Search URL Search Domain Scan URL
Title: centre des Finances publiques .
Search URL Search Domain Scan URL
Title: centre des Finances publiques .
Search URL Search Domain Scan URL
Title: centre des Finances publiques .
Search URL Search Domain Scan URL
Title: impots.gouv.fr
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://1sh.me/e64592a5
HTTP 302
https://robot.wizlink.eu/wp-admin/user/fr HTTP 301
https://robot.wizlink.eu/wp-admin/user/fr/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
1 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
robot.wizlink.eu/wp-admin/user/fr/ Redirect Chain
|
423 KB 154 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
18 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
19 KB 19 KB |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
92 KB 92 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: FR Government (Government) Impots Gouv (Government)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 object| documentPictureInPicture function| savepage_ShadowLoader function| validateAndLimit1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
1sh.me/ | Name: PHPSESSID Value: da9ruumvra719r68fjvqq4d6cr |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
1sh.me
robot.wizlink.eu
69.60.99.96
85.128.138.250
0284492d7ed7c4b3aa4caddde43e07d08cccc51bc25b11c8d20d515d3769d55a
254798574aeb4e94ef4b45f271e804f0b63eb45def80468d9af516213ebe13dd
2be11b4cf348ebdb13674d8cf0d1938df9c71f0f64fb0fb70fa08ed40830f684
434c00e8f522092a173a70f7f6e95747cf8c2b75328bdf76c6ed1e4b2039cbbc
880cbec4f5672334414f9b979a09ad51f7158c92a694bbabfc8a83538c8e0e2e
90d8552964c8e804a6dea1870bfd34d3114389e6c28b725bcdec63808b75c8a6
c4502e1bffc9155988eeb261ae88885e93211e73cad60005d710ba19ac860b5e
dfcae6bf0ca22253e333881e0bf7eb42d14057eb00024a5bd19943b04cbb95ec
f38f88db94a67b5fcc8f90965a6623a509e35cb81b6b252f0c9d7fdd29ff1a88
fbfbeba2efbe209c8b67b37fdc325b572d728eb77ce7d1084e25fe15f489e744