robot.wizlink.eu Open in urlscan Pro
85.128.138.250 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://1sh.me/e64592a5
Effective URL:
https://robot.wizlink.eu/wp-admin/user/fr/
Submission: On October 28 via manual (October 28th 2023, 1:29:20 pm UTC) from FR — Scanned from FR

Summary HTTP 1 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 1 HTTP transactions. The main IP is 85.128.138.250, located in Poland and belongs to NETARTGROUP, PL. The main domain is robot.wizlink.eu.
TLS certificate: Issued by nazwaSSL on April 28th 2023. Valid for: a year.

This is the only time robot.wizlink.eu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: FR Government (Government) Impots Gouv (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 1	69.60.99.96 69.60.99.96	15083 (INFOLINK-...) (INFOLINK-MIA-)
1 2	85.128.138.250 85.128.138.250	15967 (NETARTGROUP) (NETARTGROUP)
1	2

1 69.60.99.96 (Miami, United States) 1 redirects

ASN15083 (INFOLINK-MIA-, US)
PTR: mailingboss.net

1sh.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.128.138.250 (Poland) 1 redirects

ASN15967 (NETARTGROUP, PL)
PTR: shared-akg250.rev.nazwa.pl

robot.wizlink.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	wizlink.eu 1 redirects robot.wizlink.eu	154 KB
1	1sh.me 1 redirects 1sh.me	204 B
1	2

	Domain	Requested by
2	robot.wizlink.eu	1 redirects
1	1sh.me	1 redirects
1	2

This site contains links to these domains. Also see Links.

Domain
www.impots.gouv.fr
browsehappy.com
www.accepterlescookies.com
play.test.google.com
app.franceconnect.gouv.fr
www.telepaiement.dgfip.finances.gouv.fr
cfspart.impots.gouv.fr

Subject Issuer	Validity	Valid
*.wizlink.eu nazwaSSL	`2023-04-28` - `2024-04-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://robot.wizlink.eu/wp-admin/user/fr/
Frame ID: 52381FF86C160FB8863AB4FD57665241
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Particuliers | authentification

Page URL History Show full URLs

https://1sh.me/e64592a5 HTTP 302
https://robot.wizlink.eu/wp-admin/user/fr HTTP 301
https://robot.wizlink.eu/wp-admin/user/fr/ Page URL

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

265 kB
Transfer

585 kB
Size

1
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.impots.gouv.fr/portail/particulier/questions/quelle-configuration-doit-avoir-mon-ordinateur
Title: celle requise par la DGFiP

Search URL Search Domain Scan URL

URL: https://browsehappy.com/
Title: une version plus récente ou un autre navigateur

Search URL Search Domain Scan URL

URL: http://www.accepterlescookies.com/
Title: accepter les cookies.

Search URL Search Domain Scan URL

URL: https://play.test.google.com/store/apps/details?id=fr.gouv.finances.smartphone.android

Search URL Search Domain Scan URL

URL: https://www.impots.gouv.fr/
Title: Accueil impots.gouv.FR

Search URL Search Domain Scan URL

URL: https://app.franceconnect.gouv.fr/en-savoir-plus
Title: Qu'est-ce que FranceConnect?

Search URL Search Domain Scan URL

URL: https://www.telepaiement.dgfip.finances.gouv.fr/stl/redirectPart.htm
Title: Payer en ligne

Search URL Search Domain Scan URL

URL: https://www.impots.gouv.fr/portail/particulier/questions/jai-egare-les-identifiants-dacces-mon-espace-particulier-comment-puis-je-les-0
Title: ou sur vos avis

Search URL Search Domain Scan URL

URL: https://www.impots.gouv.fr/portail/contacts?4950
Title: centre des Finances publiques .

Search URL Search Domain Scan URL

URL: https://www.impots.gouv.fr/portail/contacts?4949
Title: centre des Finances publiques .

Search URL Search Domain Scan URL

URL: https://www.impots.gouv.fr/portail/contacts
Title: centre des Finances publiques .

Search URL Search Domain Scan URL

URL: https://cfspart.impots.gouv.fr/
Title: impots.gouv.fr

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://1sh.me/e64592a5 HTTP 302
https://robot.wizlink.eu/wp-admin/user/fr HTTP 301
https://robot.wizlink.eu/wp-admin/user/fr/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
9 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response robot.wizlink.eu/wp-admin/user/fr/ Redirect Chain https://1sh.me/e64592a5 https://robot.wizlink.eu/wp-admin/user/fr https://robot.wizlink.eu/wp-admin/user/fr/	423 KB 154 KB	227ms 227ms	Document text/html	85.128.138.250 NETARTGROUP
General Check archive.org Show headers Download Go to Full URL https://robot.wizlink.eu/wp-admin/user/fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.128.138.250 , Poland, ASN15967 (NETARTGROUP, PL), Reverse DNS shared-akg250.rev.nazwa.pl Software Apache/2 / Resource Hash `fbfbeba2efbe209c8b67b37fdc325b572d728eb77ce7d1084e25fe15f489e744` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers content-encoding br content-type text/html; charset=UTF-8 date Sat, 28 Oct 2023 13:29:15 GMT server Apache/2 vary Accept-Encoding x-cdn-nazwa.pl-location WAW x-cdn-nazwa.pl-policyused cdn=disabled Redirect headers content-length 250 content-type text/html; charset=iso-8859-1 date Sat, 28 Oct 2023 13:29:15 GMT location https://robot.wizlink.eu/wp-admin/user/fr/ server Apache/2 x-cdn-nazwa.pl-location WAW x-cdn-nazwa.pl-policyused cdn=disabled
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `dfcae6bf0ca22253e333881e0bf7eb42d14057eb00024a5bd19943b04cbb95ec` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	14 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f38f88db94a67b5fcc8f90965a6623a509e35cb81b6b252f0c9d7fdd29ff1a88` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	5 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2be11b4cf348ebdb13674d8cf0d1938df9c71f0f64fb0fb70fa08ed40830f684` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	4 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `434c00e8f522092a173a70f7f6e95747cf8c2b75328bdf76c6ed1e4b2039cbbc` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	6 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `880cbec4f5672334414f9b979a09ad51f7158c92a694bbabfc8a83538c8e0e2e` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	18 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `90d8552964c8e804a6dea1870bfd34d3114389e6c28b725bcdec63808b75c8a6` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	3 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c4502e1bffc9155988eeb261ae88885e93211e73cad60005d710ba19ac860b5e` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	19 KB 19 KB		Font text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0284492d7ed7c4b3aa4caddde43e07d08cccc51bc25b11c8d20d515d3769d55a` Request headers Referer Origin https://robot.wizlink.eu accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Content-Type text/plain
GET DATA	200 OK	truncated /	92 KB 92 KB		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `254798574aeb4e94ef4b45f271e804f0b63eb45def80468d9af516213ebe13dd` Request headers Referer Origin https://robot.wizlink.eu accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Content-Type application/x-font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: FR Government (Government) Impots Gouv (Government)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			1sh.me/	1969-12-31 23:59:59	Name: PHPSESSID Value: da9ruumvra719r68fjvqq4d6cr

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1sh.me
robot.wizlink.eu
69.60.99.96
85.128.138.250
0284492d7ed7c4b3aa4caddde43e07d08cccc51bc25b11c8d20d515d3769d55a
254798574aeb4e94ef4b45f271e804f0b63eb45def80468d9af516213ebe13dd
2be11b4cf348ebdb13674d8cf0d1938df9c71f0f64fb0fb70fa08ed40830f684
434c00e8f522092a173a70f7f6e95747cf8c2b75328bdf76c6ed1e4b2039cbbc
880cbec4f5672334414f9b979a09ad51f7158c92a694bbabfc8a83538c8e0e2e
90d8552964c8e804a6dea1870bfd34d3114389e6c28b725bcdec63808b75c8a6
c4502e1bffc9155988eeb261ae88885e93211e73cad60005d710ba19ac860b5e
dfcae6bf0ca22253e333881e0bf7eb42d14057eb00024a5bd19943b04cbb95ec
f38f88db94a67b5fcc8f90965a6623a509e35cb81b6b252f0c9d7fdd29ff1a88
fbfbeba2efbe209c8b67b37fdc325b572d728eb77ce7d1084e25fe15f489e744

robot.wizlink.eu Open in urlscan Pro 85.128.138.250 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

1 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

265 kBTransfer

585 kBSize

1 Cookies

12 Outgoing links

Page URL History

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

Indicators

robot.wizlink.eu Open in urlscan Pro
85.128.138.250 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

265 kB
Transfer

585 kB
Size

1
Cookies

1 HTTP transactions
9 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!