artdufil.fr
Open in
urlscan Pro
137.74.195.25
Malicious Activity!
Public Scan
Submission: On March 15 via automatic, source openphish
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on March 7th 2019. Valid for: 3 months.
This is the only time artdufil.fr was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 137.74.195.25 137.74.195.25 | 16276 (OVH) (OVH) | |
5 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
artdufil.fr
artdufil.fr |
177 KB |
5 | 1 |
Domain | Requested by | |
---|---|---|
5 | artdufil.fr |
artdufil.fr
|
5 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
artdufil.fr Let's Encrypt Authority X3 |
2019-03-07 - 2019-06-05 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/?dispatch=fRtArKICQUFFQek2XgQHdxN4wtrrorbEjFeLpWnfR3VHhfKfwA
Frame ID: 7A51BB086B1F3EADC114E37498EBBE65
Requests: 5 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/ |
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gs_login.css
artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/css/ |
73 KB 73 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/js/ |
94 KB 94 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/js/ |
696 B 1006 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
paypal-logo-129x32.svg
artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/images/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery function| IsEmail function| Nextgs function| change1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
artdufil.fr/ | Name: PHPSESSID Value: hv386n9q70ukl598pcq461dej3 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
artdufil.fr
137.74.195.25
161ddce728615bd31a9c34fbb1cd047a4fe165e30cb86f826d1c856a956016ca
80a154d4d2c0d0f52dd5e5f112c4bd4dd84a8330a06322a97024c511b4c311ff
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
d1392fa12aac3ca18b4affae5bafbaf45c40ea904d3852343e58244dadfd6290
e11af7d139a5662450db6a0c86ae436be08a7cf86ada8c7d038e9edb955f1ce4