ScanMalware.com

Security Scan Report: cooren.transit-clients-fr.com

Redirected to: https://www.lemonde.fr/

Submitted: Nov 21, 2025, 2:40:08 PMCompleted: Nov 21, 2025, 2:44:14 PMpubliccompleted
Loading additional data...

Summary

This website contacted 14 IPs in 2 countries across 7 domains to perform 105 HTTP transactions. The main domain is lemonde.fr.

Submitted URL: https://cooren.transit-clients-fr.com/

Effective URL: https://www.lemonde.fr/Redirected

AI Security Verdict

High Risk

Confidence: 82%

7
Risk Score

High‑risk phishing page impersonating Le Monde, redirects from a suspicious domain.

Risk Factors
Unranked domain (not in Cisco Umbrella top 1 M) used to mimic a well‑known news brand
Brand impersonation on an unusual domain
Suspicious redirect chain from unknown domain to legitimate site
Domain age information unavailable

Details

Page Title

Le Monde in English – World news, culture and opinion

Scan Type

public

Language

🇫🇷

French

(80% confidence)

Category

corporate business

(76%)

Domain Information

Within the commercial generic top-level domain (.com), 'cooren.transit-clients-fr.com' is registered; it also runs on subdomain 'cooren'. Its registrable label 'transit-clients-fr' stretches across 18 characters split between four vowels and 12 consonants, plus 2 hyphens. Word splitting yields three words: transit, clients, fr. Median word length is seven characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://cooren.transit-clients-fr.com/

Page Load Overview

0.55s
Total Load Time
105
HTTP Requests
7
Domains
1.8 MB
Total Size

Language Analysis

Primary Language

🇫🇷French
Code: fr
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:fr
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:fr
Text Length:63,017 chars
Detector Agreement:100%

Website Classification

Primary Category

corporate business76% confidence
Type: static
Method: ml+structural

All Detected Categories

corporate business
76%
news media journalism
69%
corporate
25%
news/blog
20%

Detected Features

Articles
OG: website

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
95146.75.122.217Frankfurt am Main, Hesse, Germany
AS54113FASTLY
14104.21.37.193United States
AS13335CLOUDFLARENET
718.245.86.4United States
AS16509AMAZON-02
72606:4700:3034::ac43:d4acUnited States
AS13335CLOUDFLARENET
7104.21.90.149United States
AS13335CLOUDFLARENET
72606:4700:3037::6815:25c1United States
AS13335CLOUDFLARENET
718.245.86.69United States
AS16509AMAZON-02
72606:4700:3033::ac43:9dddUnited States
AS13335CLOUDFLARENET
72606:4700:3030::6815:5a95United States
AS13335CLOUDFLARENET
718.245.86.101United States
AS16509AMAZON-02
10514--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T16B542A7175942F3A919384EABFE1365896215812C3C64E56FBBB9B9887CFDC143A330C

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

6144:9IB4l49Schlzij5rOUOcfBmRLCuDNDc7Ne/vLh1kBROyCfH6sIiwwGg58Vhuvwvg:C9Schlzday9F

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:299704:cQACICJAl8FEEQVDYniyBfIYbghAAQeAAsKEjlEk4ChAsqKgqMD6Dm2QwZwQFBhBqNgdT8QQAmIAI8lkhCyCmYKqhtRQYAms

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:003c3c3c181c1c00
Perceptual Hash:98cb3636613636d9
Difference Hash:0f7171713329290e
Wavelet Hash:e73c3c3c3c3c3e02
Color Hash:#d29a79

Other Hashes

Crop Resistant:622a8a2ab2a23327,0f7171713329290e

Scan History

Scan history not available

Unable to load historical scan data