france24.nlfrancemm.com
Open in
urlscan Pro
81.92.125.211
Malicious Activity!
Public Scan
URL:
https://france24.nlfrancemm.com/m/ml/200243/524141
Submission Tags: @phish_report
Submission: On December 16 via api from FI — Scanned from FI
Submission Tags: @phish_report
Submission: On December 16 via api from FI — Scanned from FI
Summary
This website contacted 3 IPs
in 2 countries
across 3 domains to perform 4 HTTP transactions.
The main IP is 81.92.125.211, located in
Belgium and
belongs to ACTITO, BE.
The main domain is france24.nlfrancemm.com.
TLS certificate: Issued by R3 on November 26th 2023. Valid for: 3 months.
This is the only time france24.nlfrancemm.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on November 26th 2023. Valid for: 3 months.
This is the only time france24.nlfrancemm.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Community Verdicts: Malicious — 1 votes Show Verdicts
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 81.92.125.211 81.92.125.211 | 39905 (ACTITO) (ACTITO) | |
| 2 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 80.169.111.142 80.169.111.142 | 8220 (COLT COLT...) (COLT COLT Technology Services Group Limited) | |
| 4 | 3 |
1
80.169.111.142
(Brussels, Belgium)
ASN8220 (COLT COLT Technology Services Group Limited, GB)
PTR: villers.citobi.be
ASN8220 (COLT COLT Technology Services Group Limited, GB)
PTR: villers.citobi.be
| cdn.actito.be |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 988 |
70 KB |
| 1 |
actito.be
cdn.actito.be — Cisco Umbrella Rank: 458698 |
6 KB |
| 1 |
nlfrancemm.com
france24.nlfrancemm.com |
1 KB |
| 4 | 3 |
| Domain | Requested by | |
|---|---|---|
| 2 | maxcdn.bootstrapcdn.com |
france24.nlfrancemm.com
maxcdn.bootstrapcdn.com |
| 1 | cdn.actito.be |
france24.nlfrancemm.com
|
| 1 | france24.nlfrancemm.com | |
| 4 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| france24.nlfrancemm.com R3 |
2023-11-26 - 2024-02-24 |
3 months | crt.sh |
| bootstrapcdn.com GTS CA 1P5 |
2023-11-30 - 2024-02-28 |
3 months | crt.sh |
| *.actito.be GeoTrust TLS RSA CA G1 |
2023-11-28 - 2024-11-30 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://france24.nlfrancemm.com/m/ml/200243/524141
Frame ID: 6E54F9D4498952411EDFE7F04E733583
Requests: 4 HTTP requests in this frame
Screenshot
Page Title
ACTITODetected technologies
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
524141
france24.nlfrancemm.com/m/ml/200243/ |
1009 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/ |
26 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
actito-style.css
cdn.actito.be/actito-error/ |
6 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.4.0/fonts/ |
63 KB 64 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Malicious
page.url
Submitted on
December 16th 2023, 11:37:57 pm
UTC —
From United States
Threats:
Social Engineering
Phishing
Spearphishing
Comment: SCAM WEBSITE USED FOR PHISHING https://france24.nlfrancemm.com/m/ml/200243/524141
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Content-Type-Options | nosniff |
| X-Frame-Options | DENY |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.actito.be
france24.nlfrancemm.com
maxcdn.bootstrapcdn.com
2606:4700::6812:bcf
80.169.111.142
81.92.125.211
19d5ceb75d7b395090a03fa0d30e8e45f7ca86e13b73371ee63b435ffa117c0a
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
5003b9f40142f1210df1f1c1c278432e28c6b986b27136bf9149ca6e2b130542
936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829