www.vidal-herve.fr - urlscan.io

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 4 HTTP transactions. The main IP is 2001:8d8:100f:f000::200, located in Germany and belongs to IONOS-AS IONOS SE, DE. The main domain is www.vidal-herve.fr.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G2 on September 22nd 2024. Valid for: a year.

This is the only time www.vidal-herve.fr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 3	2001:8d8:100f... 2001:8d8:100f:f000::200	8560 (IONOS-AS ...) (IONOS-AS IONOS SE)
1	2400:52e0:1e0... 2400:52e0:1e00::865:1	60068 (CDN77 Dat...) (CDN77 Datacamp Limited)
1	2600:9000:272... 2600:9000:2724:9600:9:2939:6700:93a1	() ()
4	3

3 2001:8d8:100f:f000::200 (Germany) 1 redirects

ASN8560 (IONOS-AS IONOS SE, DE)

www.vidal-herve.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:52e0:1e00::865:1 (Germany)

ASN60068 (CDN77 Datacamp Limited, GB)

media.diariouno.com.ar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2724:9600:9:2939:6700:93a1 (None, )

ASN- ()

wpassets.brainstation.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	vidal-herve.fr 1 redirects www.vidal-herve.fr	8 KB
1	brainstation.io wpassets.brainstation.io	317 KB
1	diariouno.com.ar media.diariouno.com.ar — Cisco Umbrella Rank: 748191	33 KB
4	3

	Domain	Requested by
3	www.vidal-herve.fr	1 redirects
1	wpassets.brainstation.io
1	media.diariouno.com.ar	www.vidal-herve.fr
4	3

This site contains no links.

Subject Issuer	Validity	Valid
*.vidal-herve.fr Encryption Everywhere DV TLS CA - G2	`2024-09-22` - `2025-10-07`	a year	crt.sh
*.diariouno.com.ar ZeroSSL ECC Domain Secure Site CA	`2024-10-15` - `2025-01-13`	3 months	crt.sh
*.brainstation.io Amazon RSA 2048 M02	`2024-02-24` - `2025-03-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.vidal-herve.fr/wp/web/wp/fax/fax/login.html
Frame ID: 6F3723625AC1E49194DBA2473759801B
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Iniciar sesión - Netflix

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Page Statistics

4
Requests

75 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

358 kB
Transfer

359 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://www.vidal-herve.fr/favicon.ico HTTP 302
https://www.vidal-herve.fr/wp-content/uploads/2023/07/vidal-herve-logo-100x100.png

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request login.html Show response www.vidal-herve.fr/wp/web/wp/fax/fax/	5 KB 2 KB	103ms 36ms	Document text/html	2001:8d8:100f:f000::200 IONOS-AS IONOS SE
General Check archive.org Show headers Download Go to Full URL https://www.vidal-herve.fr/wp/web/wp/fax/fax/login.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:8d8:100f:f000::200 , Germany, ASN8560 (IONOS-AS IONOS SE, DE), Reverse DNS Software Apache / WP Rocket/3.17.2 Resource Hash `9632b6165439da2c3ab34a2c9dfd5bbc1651123f5e91b4a9bd441c09483e1256` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ranges bytes cache-control max-age=0, public content-encoding gzip content-length 1856 content-type text/html; charset=UTF-8 date Tue, 26 Nov 2024 02:15:00 GMT expires Tue, 26 Nov 2024 02:15:00 GMT server Apache vary Accept-Encoding x-powered-by WP Rocket/3.17.2
GET H2	200	netflix-peliculasjpg.jpg media.diariouno.com.ar/p/71eae7b0078429c2908e78706384c2a3/adjuntos/298/imagenes/009/413/0009413549/1200x0/smart/	33 KB 33 KB	181ms 31ms	Image image/webp	2400:52e0:1e00::865:1 CDN77 Datacamp Li...
General Check archive.org Show headers Download Go to Show image Full URL https://media.diariouno.com.ar/p/71eae7b0078429c2908e78706384c2a3/adjuntos/298/imagenes/009/413/0009413549/1200x0/smart/netflix-peliculasjpg.jpg Requested by Host: www.vidal-herve.fr URL: https://www.vidal-herve.fr/wp/web/wp/fax/fax/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::865:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB), Reverse DNS Software BunnyCDN-DE1-865 / Resource Hash `9cda5250b1777f927c9e5ec7b73c79cad688f607c87869229c04122f60be671c` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.vidal-herve.fr/ Response headers cdn-status 200 t-size 1200x0 expires Sun, 23 Nov 2025 04:27:55 GMT t-s-path Path adjuntos/298/imagenes/009/413/0009413549/1200x0/smart/netflix-peliculasjpg.jpg date Tue, 26 Nov 2024 02:15:01 GMT content-type image/webp cdn-cachedat 11/25/2024 17:45:54 vary Accept cdn-cache HIT cdn-requestpullcode 200 t-via TDImages cache-control public, max-age=31536000 cdn-requestpullsuccess True cdn-requesttime 1 cdn-uid 5269bb51-2f9a-4530-bb44-6b6ca00c470a cdn-requestid 5083c0cf7457c0d0d324da7477cec6d2 cdn-pullzone 162104 cdn-proxyver 1.06 x-thinkindot-l3 TDImages-ECS access-control-allow-origin * t-path adjuntos/298/imagenes/009/413/0009413549.jpg content-length 33488 cdn-edgestorageid 1054 server BunnyCDN-DE1-865 cdn-requestcountrycode FR
GET H2	200	vidal-herve-logo-100x100.png www.vidal-herve.fr/wp-content/uploads/2023/07/ Redirect Chain https://www.vidal-herve.fr/favicon.ico https://www.vidal-herve.fr/wp-content/uploads/2023/07/vidal-herve-logo-100x100.png	5 KB 5 KB	40ms 40ms	Other image/webp	2001:8d8:100f:f000::200 IONOS-AS IONOS SE
General Check archive.org Show headers Download Go to Full URL https://www.vidal-herve.fr/wp-content/uploads/2023/07/vidal-herve-logo-100x100.png Protocol H2 Server 2001:8d8:100f:f000::200 , Germany, ASN8560 (IONOS-AS IONOS SE, DE), Reverse DNS Software Apache / Resource Hash `1d43c5a46290e60363251e20c30f907eb35dd2129169b2f31abcf46cbd28918d` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.vidal-herve.fr/wp/web/wp/fax/fax/login.html Response headers cache-control max-age=10368000 expires Wed, 26 Mar 2025 02:15:03 GMT accept-ranges bytes content-length 5284 date Tue, 26 Nov 2024 02:15:03 GMT content-type image/webp vary Accept,Accept-Encoding server Apache last-modified Wed, 23 Oct 2024 17:57:20 GMT Redirect headers x-redirect-by WordPress strict-transport-security max-age=2592000 link <https://www.vidal-herve.fr/wp-json/>; rel="https://api.w.org/" location https://www.vidal-herve.fr/wp-content/uploads/2023/07/vidal-herve-logo-100x100.png x-content-type-options nosniff referrer-policy origin-when-cross-origin permissions-policy accelerometer=(self), autoplay=(self), camera=(self), encrypted-media=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), payment=(self), usb=(self) date Tue, 26 Nov 2024 02:15:01 GMT x-xss-protection 1 content-type text/html; charset=UTF-8 server Apache x-frame-options sameorigin
GET H2	200	Netflix-Background.jpg wpassets.brainstation.io/app/uploads/2017/04/13100509/	316 KB 317 KB	198ms 48ms	Image image/jpeg	2600:9000:2724:9600:9:2939:6700:93a1
General Check archive.org Show headers Download Go to Show image Full URL https://wpassets.brainstation.io/app/uploads/2017/04/13100509/Netflix-Background.jpg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2724:9600:9:2939:6700:93a1 -, , ASN (), Reverse DNS Software AmazonS3 / Resource Hash `c4d143fbc63dde4eb0f0f8bd9a8ced56f7e0bd663e45b3a4b7f5f30c9f105be1` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.vidal-herve.fr/ Response headers cache-control max-age=31536000 etag "d2edb29f3f970c36aadecbb01ed0bb79" x-amz-version-id i8qOpHi0HOf8EtvuHpIkeOew1b.uXl3r age 3654511 via 1.1 24df21f8156a0df29febdf6c3e09e32c.cloudfront.net (CloudFront) expires Fri, 12 Aug 2022 07:27:57 GMT accept-ranges bytes x-cache Hit from cloudfront content-length 323929 x-amz-cf-id T4EV6IIo4pLjgGYq6qndxpEac2m2T0dcyk1YLuwICSVctXKlke7QXg== date Mon, 14 Oct 2024 19:06:36 GMT content-type image/jpeg last-modified Thu, 12 Aug 2021 07:27:58 GMT server AmazonS3 x-amz-cf-pop FRA56-P12

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| changeBackground

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://www.vidal-herve.fr/wp/web/wp/fax/fax/login.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

media.diariouno.com.ar
wpassets.brainstation.io
www.vidal-herve.fr
2001:8d8:100f:f000::200
2400:52e0:1e00::865:1
2600:9000:2724:9600:9:2939:6700:93a1
1d43c5a46290e60363251e20c30f907eb35dd2129169b2f31abcf46cbd28918d
9632b6165439da2c3ab34a2c9dfd5bbc1651123f5e91b4a9bd441c09483e1256
9cda5250b1777f927c9e5ec7b73c79cad688f607c87869229c04122f60be671c
c4d143fbc63dde4eb0f0f8bd9a8ced56f7e0bd663e45b3a4b7f5f30c9f105be1

www.vidal-herve.fr Open in urlscan Pro 2001:8d8:100f:f000::200 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

4 Requests

75 %HTTPS

100 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

358 kBTransfer

359 kBSize

0 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

www.vidal-herve.fr Open in urlscan Pro
2001:8d8:100f:f000::200 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

75 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

358 kB
Transfer

359 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!