myblog-8uv7112ahp.live-website.com Open in urlscan Pro
2001:8d8:100f:f000::200 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://eeihffb.r.af.d.sendibt2.com/tr/cl/HWt6F8Sg5pTiFVGhtrZKlfFPIdxiMbIOhMYGeICRhb-Bc01hZnGA1qKpHPXWuRMyDCaXUbXPo3clEQMgygJkEfEip3...
Effective URL:
https://myblog-8uv7112ahp.live-website.com/imp/imp2022/imp2022/VR/infos.php
Submission: On April 20 via manual (April 20th 2023, 2:39:39 pm UTC) from FR — Scanned from FR

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 7 domains to perform 18 HTTP transactions. The main IP is 2001:8d8:100f:f000::200, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is myblog-8uv7112ahp.live-website.com.
TLS certificate: Issued by GeoTrust RSA CA 2018 on June 15th 2022. Valid for: a year.

This is the only time myblog-8uv7112ahp.live-website.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Impots Gouv (Government)

Domain & IP information

	IP Address	AS Autonomous System
1	1.179.112.196 1.179.112.196	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700::68... 2606:4700::6812:1f68	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:ff60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	132.226.118.109 132.226.118.109	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
2 14	2001:8d8:100f... 2001:8d8:100f:f000::200	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
18	6

1 1.179.112.196 (France)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: m1179112196.mailinblue.me

eeihffb.r.af.d.sendibt2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1f68 (United States)

ASN13335 (CLOUDFLARENET, US)

sibautomation.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:ff60 (United States)

ASN13335 (CLOUDFLARENET, US)

in-automate.sendinblue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 132.226.118.109 (Phoenix, United States) 1 redirects

ASN31898 (ORACLE-BMC-31898, US)

sylvieriquier.is-a-landscaper.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2001:8d8:100f:f000::200 (Germany) 2 redirects

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)

myblog-8uv7112ahp.live-website.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	live-website.com 2 redirects myblog-8uv7112ahp.live-website.com	141 KB
2	gstatic.com fonts.gstatic.com	27 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 119	1 KB
1	is-a-landscaper.com 1 redirects sylvieriquier.is-a-landscaper.com	188 B
1	sendinblue.com in-automate.sendinblue.com — Cisco Umbrella Rank: 28305	331 B
1	sibautomation.com sibautomation.com — Cisco Umbrella Rank: 26957	1 KB
1	sendibt2.com eeihffb.r.af.d.sendibt2.com	831 B
18	7

	Domain	Requested by
14	myblog-8uv7112ahp.live-website.com	2 redirects eeihffb.r.af.d.sendibt2.com myblog-8uv7112ahp.live-website.com
2	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	myblog-8uv7112ahp.live-website.com
1	sylvieriquier.is-a-landscaper.com	1 redirects
1	in-automate.sendinblue.com	sibautomation.com
1	sibautomation.com	eeihffb.r.af.d.sendibt2.com
1	eeihffb.r.af.d.sendibt2.com
18	7

This site contains no links.

Subject Issuer	Validity	Valid
*.r.af.d.sendibt2.com R3	`2023-04-14` - `2023-07-13`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-09` - `2023-06-09`	a year	crt.sh
sendinblue.com Cloudflare Inc ECC CA-3	`2022-09-26` - `2023-09-25`	a year	crt.sh
*.live-website.com GeoTrust RSA CA 2018	`2022-06-15` - `2023-06-18`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://myblog-8uv7112ahp.live-website.com/imp/imp2022/imp2022/VR/infos.php
Frame ID: E1586109F4FDE67AA11644B24B3E8BE2
Requests: 16 HTTP requests in this frame

Frame: https://sibautomation.com/cm.html?id=4487551
Frame ID: 2D96422C6DB71580EACA55D9E560589B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Particuliers |

Page URL History Show full URLs

https://eeihffb.r.af.d.sendibt2.com/tr/cl/HWt6F8Sg5pTiFVGhtrZKlfFPIdxiMbIOhMYGeICRhb-Bc01hZnGA1qKpHPXWuRMyDCaXUb... Page URL
http://sylvieriquier.is-a-landscaper.com/ HTTP 302
https://myblog-8uv7112ahp.live-website.com/imp/imp2022/imp2022/VR HTTP 301
https://myblog-8uv7112ahp.live-website.com/imp/imp2022/imp2022/VR/ HTTP 302
https://myblog-8uv7112ahp.live-website.com/imp/imp2022/imp2022/VR/infos.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

100 %
HTTPS

71 %
IPv6

7
Domains

7
Subdomains

6
IPs

3
Countries

171 kB
Transfer

378 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://eeihffb.r.af.d.sendibt2.com/tr/cl/HWt6F8Sg5pTiFVGhtrZKlfFPIdxiMbIOhMYGeICRhb-Bc01hZnGA1qKpHPXWuRMyDCaXUbXPo3clEQMgygJkEfEip3llqQs0kbwpXSBZZ14iQBggHGmcc0YJhtHTZOm6ag9z8hcNibfv0EqD5l_3B6Ic3B_xxpS0GJxx6nPw36lmxpLf3M0u3Qe8tY2PzOR0qRE4MOTo_wO_08d2vrw5BK6BSRYz80T2-aIuQ_oZyXRlxucpCdC2dxI Page URL
http://sylvieriquier.is-a-landscaper.com/ HTTP 302
https://myblog-8uv7112ahp.live-website.com/imp/imp2022/imp2022/VR HTTP 301
https://myblog-8uv7112ahp.live-website.com/imp/imp2022/imp2022/VR/ HTTP 302
https://myblog-8uv7112ahp.live-website.com/imp/imp2022/imp2022/VR/infos.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 HWt6F8Sg5pTiFVGhtrZKlfFPIdxiMbIOhMYGeICRhb-Bc01hZnGA1qKpHPXWuRMyDCaXUbXPo3clEQMgygJkEfEip3llqQs0kbwpXSBZZ14iQBggHGmcc0YJhtHTZOm6ag9z8hcNibfv0EqD5l_3B6Ic3B_xxpS0GJxx6nPw36lmxpLf3M0u3Qe8tY2PzOR0qRE4M... Show response
eeihffb.r.af.d.sendibt2.com/tr/cl/ 671 B
831 B 108ms
38ms Document
text/html 1.179.112.196
GOOGLE-CLOUD-PLAT...

General

Source	Level	URL Text
network	error	URL: https://myblog-8uv7112ahp.live-website.com/imp/imp2022/imp2022/VR/style/1111.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://myblog-8uv7112ahp.live-website.com/imp/imp2022/imp2022/VR/style/ebpe-druckheader-image Message: Failed to load resource: the server responded with a status of 404 ()

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

myblog-8uv7112ahp.live-website.com Open in urlscan Pro 2001:8d8:100f:f000::200 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

71 %IPv6

7 Domains

7 Subdomains

6 IPs

3 Countries

171 kBTransfer

378 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

1 Cookies

2 Console Messages

Security Headers

Indicators

myblog-8uv7112ahp.live-website.com Open in urlscan Pro
2001:8d8:100f:f000::200 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

71 %
IPv6

7
Domains

7
Subdomains

6
IPs

3
Countries

171 kB
Transfer

378 kB
Size

1
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!