![](/screenshots/0a4f9bf6-5b25-4fe4-9bae-a2c8b89cb002.png)
greenkinkajou.com
Open in
urlscan Pro
198.54.116.83
Malicious Activity!
Public Scan
Effective URL: https://greenkinkajou.com/groupbnpparibasnc/app/user.php
Submission: On November 16 via manual from NZ — Scanned from NZ
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 11th 2023. Valid for: a year.
This is the only time greenkinkajou.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BNP Paribas (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 14 | 198.54.116.83 198.54.116.83 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
2 | 2600:1415:200... 2600:1415:2000:1ab::4415 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
14 | 2 |
ASN22612 (NAMECHEAP-NET, US)
PTR: business31-4.web-hosting.com
greenkinkajou.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
greenkinkajou.com
2 redirects
greenkinkajou.com |
903 KB |
2 |
bnpparibas.net
nc.bnpparibas.net |
2 KB |
14 | 2 |
Domain | Requested by | |
---|---|---|
14 | greenkinkajou.com |
2 redirects
greenkinkajou.com
|
2 | nc.bnpparibas.net |
greenkinkajou.com
|
14 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
nc.bnpparibas.net |
www.bnpparibas.nc |
antilles-guyane.bnpparibas |
antilles-guyane.bnpparibas.net |
Subject Issuer | Validity | Valid | |
---|---|---|---|
greenkinkajou.com Sectigo RSA Domain Validation Secure Server CA |
2023-01-11 - 2023-12-22 |
a year | crt.sh |
bnp06s.bnpparibas.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-11-14 - 2024-06-11 |
7 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://greenkinkajou.com/groupbnpparibasnc/app/user.php
Frame ID: EB76841781672E98D5B8C6EF2E5EE58A
Requests: 14 HTTP requests in this frame
Screenshot
![](/screenshots/0a4f9bf6-5b25-4fe4-9bae-a2c8b89cb002.png)
Page Title
BNPPARIBAS NET IDENTIFICATIONPage URL History Show full URLs
-
https://greenkinkajou.com/groupbnpparibasnc/
HTTP 302
https://greenkinkajou.com/groupbnpparibasnc/app/index.php HTTP 302
https://greenkinkajou.com/groupbnpparibasnc/app/user.php Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Banque distance - NouvelleCaledonie.bnpparibas.nc
Search URL Search Domain Scan URL
Title: Accueil
Search URL Search Domain Scan URL
Title: Aide la connexion ?
Search URL Search Domain Scan URL
Title: Convention
Search URL Search Domain Scan URL
Title: Politique des Cookies
Search URL Search Domain Scan URL
Title: Espace Donn es Personnelles
Search URL Search Domain Scan URL
Title: Visite guid e
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://greenkinkajou.com/groupbnpparibasnc/
HTTP 302
https://greenkinkajou.com/groupbnpparibasnc/app/index.php HTTP 302
https://greenkinkajou.com/groupbnpparibasnc/app/user.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
user.php
greenkinkajou.com/groupbnpparibasnc/app/ Redirect Chain
|
16 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dciweb.css
greenkinkajou.com/groupbnpparibasnc/app/BNPPARIBAS_files/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bnp.css
greenkinkajou.com/groupbnpparibasnc/app/BNPPARIBAS_files/ |
16 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tools.js.download
greenkinkajou.com/groupbnpparibasnc/app/BNPPARIBAS_files/ |
42 KB 42 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
headerBack.jpg
greenkinkajou.com/groupbnpparibasnc/app/BNPPARIBAS_files/ |
10 KB 10 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
francec.gif
nc.bnpparibas.net/part/fr/ |
208 B 548 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
greatbrc.gif
nc.bnpparibas.net/part/fr/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
etape1.png
greenkinkajou.com/groupbnpparibasnc/app/BNPPARIBAS_files/ |
476 B 859 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
etape2.png
greenkinkajou.com/groupbnpparibasnc/app/BNPPARIBAS_files/ |
567 B 950 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dciweb.png
greenkinkajou.com/groupbnpparibasnc/app/BNPPARIBAS_files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flecheCorriger.png
greenkinkajou.com/groupbnpparibasnc/app/BNPPARIBAS_files/ |
538 B 921 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
btn_valider.png
greenkinkajou.com/groupbnpparibasnc/app/BNPPARIBAS_files/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
btn_annuler.png
greenkinkajou.com/groupbnpparibasnc/app/BNPPARIBAS_files/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
covid19-information.png
greenkinkajou.com/groupbnpparibasnc/app/BNPPARIBAS_files/ |
831 KB 831 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BNP Paribas (Banking)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture object| theBody function| clearParams function| control function| submitform function| key function| pwd_writeM number| CellX number| CellY number| col number| lig object| tabcar number| posX number| posY number| posX1 number| posY11 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
greenkinkajou.com/ | Name: PHPSESSID Value: 201dj8s4hdmv48lt1hb1dknep9 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload; |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
greenkinkajou.com
nc.bnpparibas.net
198.54.116.83
2600:1415:2000:1ab::4415
0635d965c9c0bc6b7958c2f4a30fecf1e70f67c68cb8caf520dfa8b910d6b4f0
0da01629c4b396bd5d1433cdc5d901f9f32df0ffcdc8c9703153014e7d36e674
4ede7bb44d8cdb4447d0e9589c5ce0980725605bbb6193f96be49d72fd7b4827
6177af01393759499dd3201f4b469f7a2f276b376a7bfd9736bfa0b5b70cc97d
69613cf59b48e5b3762119469f32715e4546d170725d1675d1fd02a364de7d3a
7e226712937dc5e54e9575ef0cb6ec124dc77aab6bde0cecaa9face4a583f911
8a56cd2b0b8b3fb49bbd0502d7ad0ad6d01e955a0e270b68ccc83bf03dd9d25b
955510e34da1928b4ab68f72385e6281ffdf2e5c4326c70cb73f914579bb9c43
99c5135aa6eed33bf4ad8aa53556a5b3a508e9a0fab486cc25806090831c57cd
9acb35fd1f062dca2710241d1f7ac8cb1b5eb21375f1be5b339172cf17d2e802
a88e26f41f545357457f98016637f8f4311437060f90e1352eb4ed220972b50e
b67681cb230c4d6e1c7635b95fbdc00ddf56a3dcf4bfeb6e94c08336e6534b5a
f266f7e14644c34b42531dc2022dc3bc0b92c09d9c6613d5ff92a0edbe45d40b
f7ac02953144040664d7bbcbe0ef5af6ad2966a546de3846931557852538d5be