artdufil.fr - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 137.74.195.25, located in France and belongs to OVH, FR. The main domain is artdufil.fr.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 7th 2019. Valid for: 3 months.

This is the only time artdufil.fr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address		AS Autonomous System
5	137.74.195.25 137.74.195.25		16276 (OVH) (OVH)
5	1

5 137.74.195.25 (France)

ASN16276 (OVH, FR)
PTR: 25.ip-137-74-195.eu

artdufil.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	artdufil.fr artdufil.fr	177 KB
5	1

	Domain	Requested by
5	artdufil.fr	artdufil.fr
5	1

This site contains no links.

Subject Issuer	Validity	Valid
artdufil.fr Let's Encrypt Authority X3	`2019-03-07` - `2019-06-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/?dispatch=fRtArKICQUFFQek2XgQHdxN4wtrrorbEjFeLpWnfR3VHhfKfwA
Frame ID: 7A51BB086B1F3EADC114E37498EBBE65
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

177 kB
Transfer

175 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/	4 KB 4 KB	4264ms 4195ms	Document text/html	137.74.195.25 OVH
General Check archive.org Show headers Download Go to Full URL https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/?dispatch=fRtArKICQUFFQek2XgQHdxN4wtrrorbEjFeLpWnfR3VHhfKfwA Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 137.74.195.25 , France, ASN16276 (OVH, FR), Reverse DNS 25.ip-137-74-195.eu Software nginx / PHP/5.6.40 PleskLin Resource Hash `d1392fa12aac3ca18b4affae5bafbaf45c40ea904d3852343e58244dadfd6290` Request headers Host artdufil.fr Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Server nginx Date Fri, 15 Mar 2019 03:10:38 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive X-Powered-By PHP/5.6.40 PleskLin Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Set-Cookie PHPSESSID=hv386n9q70ukl598pcq461dej3; path=/
GET H/1.1	200 OK	gs_login.css artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/css/	73 KB 73 KB	31ms 27ms	Stylesheet text/css	137.74.195.25 OVH
General Check archive.org Show headers Download Go to Full URL https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/css/gs_login.css Requested by Host: artdufil.fr URL: https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/?dispatch=fRtArKICQUFFQek2XgQHdxN4wtrrorbEjFeLpWnfR3VHhfKfwA Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 137.74.195.25 , France, ASN16276 (OVH, FR), Reverse DNS 25.ip-137-74-195.eu Software nginx / PleskLin Resource Hash `80a154d4d2c0d0f52dd5e5f112c4bd4dd84a8330a06322a97024c511b4c311ff` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host artdufil.fr User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/?dispatch=fRtArKICQUFFQek2XgQHdxN4wtrrorbEjFeLpWnfR3VHhfKfwA Cookie PHPSESSID=hv386n9q70ukl598pcq461dej3 Connection keep-alive Cache-Control no-cache Referer https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/?dispatch=fRtArKICQUFFQek2XgQHdxN4wtrrorbEjFeLpWnfR3VHhfKfwA User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Mar 2019 03:10:38 GMT Last-Modified Fri, 15 Mar 2019 01:29:09 GMT Server nginx X-Powered-By PleskLin Content-Type text/css Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Content-Length 74372 Expires Fri, 22 Mar 2019 03:10:38 GMT
GET H/1.1	200 OK	jquery.js Show response artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/js/	94 KB 94 KB	79ms 27ms	Script text/javascript	137.74.195.25 OVH
General Check archive.org Show headers Download Go to Full URL https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/js/jquery.js Requested by Host: artdufil.fr URL: https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/?dispatch=fRtArKICQUFFQek2XgQHdxN4wtrrorbEjFeLpWnfR3VHhfKfwA Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 137.74.195.25 , France, ASN16276 (OVH, FR), Reverse DNS 25.ip-137-74-195.eu Software nginx / PleskLin Resource Hash `161ddce728615bd31a9c34fbb1cd047a4fe165e30cb86f826d1c856a956016ca` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host artdufil.fr User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/?dispatch=fRtArKICQUFFQek2XgQHdxN4wtrrorbEjFeLpWnfR3VHhfKfwA Cookie PHPSESSID=hv386n9q70ukl598pcq461dej3 Connection keep-alive Cache-Control no-cache Referer https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/?dispatch=fRtArKICQUFFQek2XgQHdxN4wtrrorbEjFeLpWnfR3VHhfKfwA User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Mar 2019 03:10:38 GMT Last-Modified Fri, 15 Mar 2019 01:29:09 GMT Server nginx X-Powered-By PleskLin Content-Type text/javascript Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Content-Length 95825 Expires Fri, 22 Mar 2019 03:10:38 GMT
GET H/1.1	200 OK	login.js Show response artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/js/	696 B 1006 B	69ms 17ms	Script text/javascript	137.74.195.25 OVH
General Check archive.org Show headers Download Go to Full URL https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/js/login.js Requested by Host: artdufil.fr URL: https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/?dispatch=fRtArKICQUFFQek2XgQHdxN4wtrrorbEjFeLpWnfR3VHhfKfwA Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 137.74.195.25 , France, ASN16276 (OVH, FR), Reverse DNS 25.ip-137-74-195.eu Software nginx / PleskLin Resource Hash `e11af7d139a5662450db6a0c86ae436be08a7cf86ada8c7d038e9edb955f1ce4` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host artdufil.fr User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/?dispatch=fRtArKICQUFFQek2XgQHdxN4wtrrorbEjFeLpWnfR3VHhfKfwA Cookie PHPSESSID=hv386n9q70ukl598pcq461dej3 Connection keep-alive Cache-Control no-cache Referer https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/?dispatch=fRtArKICQUFFQek2XgQHdxN4wtrrorbEjFeLpWnfR3VHhfKfwA User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Mar 2019 03:10:38 GMT Last-Modified Fri, 15 Mar 2019 01:29:09 GMT Server nginx X-Powered-By PleskLin Content-Type text/javascript Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Content-Length 696 Expires Fri, 22 Mar 2019 03:10:38 GMT
GET H/1.1	200 OK	paypal-logo-129x32.svg artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/images/	5 KB 5 KB	15ms 13ms	Image image/svg+xml	137.74.195.25 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/images/paypal-logo-129x32.svg Requested by Host: artdufil.fr URL: https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/?dispatch=fRtArKICQUFFQek2XgQHdxN4wtrrorbEjFeLpWnfR3VHhfKfwA Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 137.74.195.25 , France, ASN16276 (OVH, FR), Reverse DNS 25.ip-137-74-195.eu Software nginx / PleskLin Resource Hash `b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host artdufil.fr User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/css/gs_login.css Cookie PHPSESSID=hv386n9q70ukl598pcq461dej3 Connection keep-alive Cache-Control no-cache Referer https://artdufil.fr/bankID/gs_gen/gs75fc50b5864745273a6b204d86d48cc2/css/gs_login.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Mar 2019 03:10:38 GMT Last-Modified Fri, 15 Mar 2019 01:29:09 GMT Server nginx X-Powered-By PleskLin Content-Type image/svg+xml Access-Control-Allow-Origin * Cache-Control max-age=31536000 Connection keep-alive Accept-Ranges bytes Content-Length 4945 Expires Sat, 14 Mar 2020 03:10:38 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			artdufil.fr/	1969-12-31 23:59:59	Name: PHPSESSID Value: hv386n9q70ukl598pcq461dej3

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

artdufil.fr
137.74.195.25
161ddce728615bd31a9c34fbb1cd047a4fe165e30cb86f826d1c856a956016ca
80a154d4d2c0d0f52dd5e5f112c4bd4dd84a8330a06322a97024c511b4c311ff
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
d1392fa12aac3ca18b4affae5bafbaf45c40ea904d3852343e58244dadfd6290
e11af7d139a5662450db6a0c86ae436be08a7cf86ada8c7d038e9edb955f1ce4

artdufil.fr Open in urlscan Pro 137.74.195.25 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

177 kBTransfer

175 kBSize

1 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

Indicators

artdufil.fr Open in urlscan Pro
137.74.195.25 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

177 kB
Transfer

175 kB
Size

1
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!