gros-fichiers.facture-enligne.pro Open in urlscan Pro
2606:4700:3033::6815:5b0f Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://gros-fichiers.facture-enligne.pro/
Submission: On September 26 via manual (September 26th 2024, 2:51:19 pm UTC) from FR — Scanned from FR

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 4 countries across 4 domains to perform 10 HTTP transactions. The main IP is 2606:4700:3033::6815:5b0f, located in United States and belongs to CLOUDFLARENET, US. The main domain is gros-fichiers.facture-enligne.pro.
TLS certificate: Issued by WE1 on September 23rd 2024. Valid for: 3 months.

This is the only time gros-fichiers.facture-enligne.pro was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sharepoint (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3033::6815:5b0f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 6	172.67.207.156 172.67.207.156	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	154.197.224.100 154.197.224.100	135097 (MYCLOUD-A...) (MYCLOUD-AS-AP LUOGELANG FRANCE LIMITED)
1	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
2	51.68.254.173 51.68.254.173	16276 (OVH) (OVH)
10	5

1 2606:4700:3033::6815:5b0f (United States)

ASN13335 (CLOUDFLARENET, US)

gros-fichiers.facture-enligne.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.67.207.156 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

gros-fichiers.facture-enligne.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 154.197.224.100 (Hong Kong, Hong Kong)

ASN135097 (MYCLOUD-AS-AP LUOGELANG FRANCE LIMITED, HK)

www.pngkey.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.68.254.173 (United Kingdom)

ASN16276 (OVH, FR)
PTR: webfo.grosfichiers.com

www.grosfichiers.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	facture-enligne.pro 1 redirects gros-fichiers.facture-enligne.pro	399 KB
2	grosfichiers.com www.grosfichiers.com	698 B
1	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 59	5 KB
1	pngkey.com www.pngkey.com — Cisco Umbrella Rank: 146523	14 KB
10	4

	Domain	Requested by
7	gros-fichiers.facture-enligne.pro	1 redirects gros-fichiers.facture-enligne.pro
2	www.grosfichiers.com
1	lh3.googleusercontent.com	gros-fichiers.facture-enligne.pro
1	www.pngkey.com	gros-fichiers.facture-enligne.pro
10	4

This site contains no links.

Subject Issuer	Validity	Valid
facture-enligne.pro WE1	`2024-09-23` - `2024-12-22`	3 months	crt.sh
pngkey.com R10	`2024-07-21` - `2024-10-19`	3 months	crt.sh
*.googleusercontent.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
grosfichiers.com Sectigo RSA Extended Validation Secure Server CA	`2024-07-16` - `2025-07-05`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://gros-fichiers.facture-enligne.pro/
Frame ID: ED870348D1506A4F177B43494F331672
Requests: 8 HTTP requests in this frame

Frame: https://gros-fichiers.facture-enligne.pro/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js
Frame ID: 27F3494A770BAA64FE52D13D26315855
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Files available for download

Page Statistics

10
Requests

90 %
HTTPS

40 %
IPv6

4
Domains

4
Subdomains

5
IPs

4
Countries

419 kB
Transfer

427 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://gros-fichiers.facture-enligne.pro/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://gros-fichiers.facture-enligne.pro/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
gros-fichiers.facture-enligne.pro/ 10 KB
4 KB 2655ms
2484ms Document
text/html 2606:4700:3033::6815:5b0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gros-fichiers.facture-enligne.pro/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:5b0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.1.29
Resource Hash: 7bb6180907e7471afcf14875a6a265def52105b4789caacf190aa02b0c6f3ab5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8c94121d6eb3cd50-LHR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 26 Sep 2024 14:51:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FLReZUpEU6GyVw6o4D2%2B%2FJivRvEwXkVCBISX9Rfqr1rWoOfnebzZKzXo%2BIlj0JLMh2q%2BaUA6%2BaOhBjHPR9JnJOyaoX5eFz4QA4RdLj60bAJlT4H5xV%2B6HEoNonc524DKZXX9tPZlRD5BOJNeHMS2NPPXzXw1%2BxLP9Fd2PYMttfg%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
vary: Accept-Encoding
x-powered-by: PHP/8.1.29

GET
H3 200 speculation
gros-fichiers.facture-enligne.pro/cdn-cgi/ 128 B
614 B 28ms
27ms Other
application/speculationrules+json 172.67.207.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gros-fichiers.facture-enligne.pro/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.207.156 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://gros-fichiers.facture-enligne.pro
Referer: https://gros-fichiers.facture-enligne.pro/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hk5tJ2N2GfZ6vzN2pd35XnO0rVhJqt792CdcRvrxRFXHHRcJAU%2FdX%2FHrO%2Fqe1LWVLjnSo67BGy8jBvjFPZGMnjo%2BtCvoiUQbzbIchrbCubvETIVXZZYaOWpxbzC%2BZv5sFS0KqSPm7VjNISKxiDxLJ%2F6%2FmG0%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c94122cfb8b949f-LHR
access-control-allow-origin: https://gros-fichiers.facture-enligne.pro
content-length: 128
date: Thu, 26 Sep 2024 14:51:15 GMT
content-type: application/speculationrules+json
vary: Origin, Accept-Encoding
server: cloudflare

GET
H/1.1 200
OK 758-7586567_down-arrow-png-transparent-icon-emblem.png
www.pngkey.com/png/full/ 15 KB
14 KB 1254ms
441ms Image
image/png 154.197.224.100
MYCLOUD-AS-AP LUO...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.pngkey.com/png/full/758-7586567_down-arrow-png-transparent-icon-emblem.png
Requested by: Host: gros-fichiers.facture-enligne.pro
URL: https://gros-fichiers.facture-enligne.pro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 154.197.224.100 Hong Kong, Hong Kong, ASN135097 (MYCLOUD-AS-AP LUOGELANG FRANCE LIMITED, HK),
Reverse DNS
Software: nginx/1.14.0 /
Resource Hash: 96fef8646d0d2b0ebf404ba926136de1a166279de6ad9f4fd45c326cb4379df7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://gros-fichiers.facture-enligne.pro/

Response headers

Transfer-Encoding: chunked
Content-Encoding: gzip
ETag: W/"5c7cc976-3ad5"
Connection: keep-alive
Date: Thu, 26 Sep 2024 14:51:16 GMT
Content-Type: image/png
Last-Modified: Mon, 04 Mar 2019 06:45:10 GMT
Server: nginx/1.14.0
Vary: Accept-Encoding

GET
H2 200 o3SXprBTJYcFmAA9xiMsv6EHM98Kpkf8dNcZhgsDk6nlQULl1-2bpgunhu_LDlEtCeJinrSzEvPiin5cO0CcfX_GfhQ0myPPaItOXdOOAQ83Iya6HqABHw=h60
lh3.googleusercontent.com/ 5 KB
5 KB 118ms
28ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/o3SXprBTJYcFmAA9xiMsv6EHM98Kpkf8dNcZhgsDk6nlQULl1-2bpgunhu_LDlEtCeJinrSzEvPiin5cO0CcfX_GfhQ0myPPaItOXdOOAQ83Iya6HqABHw=h60

Requested by

Host: gros-fichiers.facture-enligne.pro
URL: https://gros-fichiers.facture-enligne.pro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e9fe662243d1beae816a5dd927827a9612494a0b93d885f8cba2ad597b68d1c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://gros-fichiers.facture-enligne.pro/

Response headers

access-control-expose-headers: Content-Length
etag: "v1"
age: 5461
x-content-type-options: nosniff
expires: Fri, 27 Sep 2024 13:20:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 26 Sep 2024 13:20:14 GMT
content-disposition: inline;filename="unnamed.png"
content-type: image/png
vary: Origin
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
access-control-allow-origin: *
content-length: 5176
x-xss-protection: 0
server: fife

GET
H3 200 pdf.png
gros-fichiers.facture-enligne.pro/ 7 KB
7 KB 37ms
36ms Image
image/png 172.67.207.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gros-fichiers.facture-enligne.pro/pdf.png
Requested by: Host: gros-fichiers.facture-enligne.pro
URL: https://gros-fichiers.facture-enligne.pro/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.207.156 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db307fcef7f95139689007d7a623b340ec21282bd421c4e4b2ba09078f230545

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://gros-fichiers.facture-enligne.pro/

Response headers

cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
etag: "66f55385-1aae"
age: 5895
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dpfm633uPZ5aJgFhwhXiUx%2FM9951p6pLZhJDO1H%2BayawAa0uzTdhVyRow6mLc1ChFI15mR1Q1PZVL%2Fi7yBgTbQYwNFNljaz%2BGKmWldTxxPRYvf4B43hoy1%2FVLbaP%2BWNqeEwK%2BJdHJl9YfflpVZWaUIMei3g%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c94122d1ba4949f-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 6830
date: Thu, 26 Sep 2024 14:51:15 GMT
content-type: image/png
last-modified: Thu, 26 Sep 2024 12:28:53 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3

200

main.js Show response
gros-fichiers.facture-enligne.pro/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/ Frame 27F3
Redirect Chain

https://gros-fichiers.facture-enligne.pro/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://gros-fichiers.facture-enligne.pro/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?

8 KB
4 KB

164ms
163ms

Script
application/javascript

172.67.207.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gros-fichiers.facture-enligne.pro/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?

Requested by

Host: gros-fichiers.facture-enligne.pro
URL: https://gros-fichiers.facture-enligne.pro/

Protocol

Server

172.67.207.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6d338d408c7042a403d4a17ffef8c05a16a2ffca1eda5c0798615a2f392c180

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G87bD2C1FyPhBi0CqJXTL5WrnsRdothmRRzYaTvyIJOsRZJjkAHOQq2AKEXlvBEpQ3e5NvgDrV8qqaTv2I9tbd3M4kJnegcKudmRROIPPdskQlfwZfJu3YFBjSS2AeOJ06W7IG%2BHbkniQVcEczu01OFmvKk%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8c94122d5bfc949f-LHR
date: Thu, 26 Sep 2024 14:51:15 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

Redirect headers

cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eut%2F5p0XKI5NIRKw3n4kZIWdGQDnOGHn3q3qdU%2F%2BMABKo3sEZH%2Fw0U73pZajAvVtusUnZegAae3RE6mEYWe%2FSN79mv2Vy04DAbkwi8y8%2FSWUwxptWqCi%2B5xq7lfuzgS4qT9VYxrQnqAsS9fpPJDCloBQ1%2FU%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c94122d2bba949f-LHR
access-control-allow-origin: *
content-length: 0
date: Thu, 26 Sep 2024 14:51:15 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 img.png
gros-fichiers.facture-enligne.pro/ 381 KB
382 KB 42ms
41ms Image
image/png 172.67.207.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gros-fichiers.facture-enligne.pro/img.png
Requested by: Host: gros-fichiers.facture-enligne.pro
URL: https://gros-fichiers.facture-enligne.pro/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.207.156 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c54e6c02523613894450e42c69bcfd6f4b4d983b2628f98e4e4beab21fe8698

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://gros-fichiers.facture-enligne.pro/

Response headers

cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
etag: "66f55383-5f518"
age: 5895
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BoVNzN8FdfBkYKv9mrP3YJWlBfHNt2ONbMrbcRL9%2Fw1qPZfdON7k4FJMVh2ilCckP%2BdFKCQiC1JZ6FpuWKGdWnHCDY3iriU%2BcoNi%2Fd0GORUrYVVbhaO2%2BP4F3RL%2B2cjeuA4gK0Iyqm8d49BGaFeV7NO7p10%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c94122d2bbc949f-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 390424
date: Thu, 26 Sep 2024 14:51:15 GMT
content-type: image/png
last-modified: Thu, 26 Sep 2024 12:28:51 GMT
vary: Accept-Encoding
server: cloudflare

POST
H3 200 8c94121d6eb3cd50 Show response
gros-fichiers.facture-enligne.pro/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 27F3 0
923 B 36ms
33ms XHR
text/plain 172.67.207.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gros-fichiers.facture-enligne.pro/cdn-cgi/challenge-platform/h/g/jsd/r/8c94121d6eb3cd50
Requested by: Host: gros-fichiers.facture-enligne.pro
URL: https://gros-fichiers.facture-enligne.pro/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.207.156 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

cf-ray: 8c94122eedab949f-LHR
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length: 0
date: Thu, 26 Sep 2024 14:51:15 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=83%2B2kmw87GAXpFGJ7TVbJJ34hl7RKqMC3EcmMJxU0IzigqTHnzK1V4IlvHkVxdBwt5pThxMnyen9sRi71uZF5gcyOVL33KIRFrxbWAd4BSlCfchDAPgAl78QHpaNRNcnUh1bVwoDml4eetc6AbcFZgEaMGA%3D"}],"group":"cf-nel","max_age":604800}

GET
H2 200 favicon.ico
www.grosfichiers.com/ 318 B
698 B 60ms
16ms Other
image/x-icon 51.68.254.173
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.grosfichiers.com/favicon.ico

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.68.254.173 , United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

webfo.grosfichiers.com

Software

nginx GrosFichiers /

Resource Hash

07952222f81fbb7d219416b46fee1012d7012406cf932d87cebe0c318f2d10fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://gros-fichiers.facture-enligne.pro/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: max-age=2592000
etag: "578f139a-13e"
expect-ct: max-age=604800, report-uri="https://grosfichiers.report-uri.com/r/d/ct/reportOnly"
x-content-type-options: nosniff
expires: Sat, 26 Oct 2024 14:51:16 GMT
accept-ranges: bytes
content-length: 318
date: Thu, 26 Sep 2024 14:51:16 GMT
x-xss-protection: 1; mode=block
content-type: image/x-icon
last-modified: Wed, 20 Jul 2016 06:00:58 GMT
server: nginx GrosFichiers
x-frame-options: SAMEORIGIN

GET
H2 200 favicon.ico
www.grosfichiers.com/ 318 B
0 0ms
0ms Other
image/x-icon 51.68.254.173
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.grosfichiers.com/favicon.ico

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.68.254.173 , United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

webfo.grosfichiers.com

Software

nginx GrosFichiers /

Resource Hash

07952222f81fbb7d219416b46fee1012d7012406cf932d87cebe0c318f2d10fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://gros-fichiers.facture-enligne.pro/

Response headers

cache-control: max-age=2592000
etag: "578f139a-13e"
expect-ct: max-age=604800, report-uri="https://grosfichiers.report-uri.com/r/d/ct/reportOnly"
x-content-type-options: nosniff
expires: Sat, 26 Oct 2024 14:51:16 GMT
accept-ranges: bytes
content-length: 318
date: Thu, 26 Sep 2024 14:51:16 GMT
x-xss-protection: 1; mode=block
content-type: image/x-icon
last-modified: Wed, 20 Jul 2016 06:00:58 GMT
server: nginx GrosFichiers
x-frame-options: SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sharepoint (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| showHide

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.facture-enligne.pro/	1970-01-21 08:34:58	Name: cf_clearance Value: ffkKBm2l6ESnctrzs.Qmo_hEiAcEqUDmY3M2eOilTZ4-1727362275-1.2.1.1-7uOcSuM7brn6Ii_TX.dXx_fkTDJRiJpwyMguikIhlZmzqhbP.TAj9XIO8VkWyQ_7HXTTfMOl3TixVwV7HAP8pj_goE.gTqmQtLb4bcRN..eB57k3z8NCTgSRELIOOIoc85RZrOqI9z.NYyuRNHtOfyNle5BK.dCNLgxPCPem3QGKGXIRL7K8RexhDBdJiqKsxK9kEv17YQj3mjbx1SCAAxnHQWRPhH8VsVvPXofuHIuk0ObowyfV4v1SUxz1SPZp_w9sljorm5oePikL1lrtrKWMALqm_23pYe3NshBsOBCQyQ1pW5_0IGxpNLn3yC2g_TDOn87PpDnM2E8Uy9m.pP8PIPYS16f7aejfyQ7_i1dbcKwFzYu6FKwwByviGC7C

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://gros-fichiers.facture-enligne.pro/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

gros-fichiers.facture-enligne.pro
lh3.googleusercontent.com
www.grosfichiers.com
www.pngkey.com
154.197.224.100
172.67.207.156
2606:4700:3033::6815:5b0f
2a00:1450:4001:81c::2001
51.68.254.173
07952222f81fbb7d219416b46fee1012d7012406cf932d87cebe0c318f2d10fd
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
2c54e6c02523613894450e42c69bcfd6f4b4d983b2628f98e4e4beab21fe8698
7bb6180907e7471afcf14875a6a265def52105b4789caacf190aa02b0c6f3ab5
96fef8646d0d2b0ebf404ba926136de1a166279de6ad9f4fd45c326cb4379df7
db307fcef7f95139689007d7a623b340ec21282bd421c4e4b2ba09078f230545
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9fe662243d1beae816a5dd927827a9612494a0b93d885f8cba2ad597b68d1c2
f6d338d408c7042a403d4a17ffef8c05a16a2ffca1eda5c0798615a2f392c180

gros-fichiers.facture-enligne.pro Open in urlscan Pro 2606:4700:3033::6815:5b0f Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

10 Requests

90 %HTTPS

40 %IPv6

4 Domains

4 Subdomains

5 IPs

4 Countries

419 kBTransfer

427 kBSize

1 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

gros-fichiers.facture-enligne.pro Open in urlscan Pro
2606:4700:3033::6815:5b0f Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

90 %
HTTPS

40 %
IPv6

4
Domains

4
Subdomains

5
IPs

4
Countries

419 kB
Transfer

427 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!