banque.axafr.tel
Open in
urlscan Pro
159.69.58.82
Malicious Activity!
Public Scan
Effective URL: https://banque.axafr.tel/login/
Submission Tags: https://phish.report @phish_report Search All
Submission: On July 03 via api from FI — Scanned from AU
Summary
TLS certificate: Issued by R3 on July 1st 2023. Valid for: 3 months.
This is the only time banque.axafr.tel was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Axa (Insurance)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 45.114.226.228 45.114.226.228 | 13768 (COGECO-PEER1) (COGECO-PEER1) | |
1 18 | 159.69.58.82 159.69.58.82 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 142.250.204.138 142.250.204.138 | 15169 (GOOGLE) (GOOGLE) | |
19 | 3 |
ASN13768 (COGECO-PEER1, CA)
PTR: qnlvd732.hostpapavps.net
dentalimplants.com.au |
ASN24940 (HETZNER-AS, DE)
PTR: linux1207.grserver.gr
banque.axafr.tel |
ASN15169 (GOOGLE, US)
PTR: hkg07s41-in-f10.1e100.net
ajax.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
axafr.tel
1 redirects
banque.axafr.tel |
887 KB |
2 |
dentalimplants.com.au
2 redirects
dentalimplants.com.au |
182 B |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 433 |
31 KB |
19 | 3 |
Domain | Requested by | |
---|---|---|
18 | banque.axafr.tel |
1 redirects
banque.axafr.tel
|
2 | dentalimplants.com.au | 2 redirects |
1 | ajax.googleapis.com |
banque.axafr.tel
|
19 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
banque.axafr.tel R3 |
2023-07-01 - 2023-09-29 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-06-19 - 2023-09-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://banque.axafr.tel/login/
Frame ID: 9B8A1D141ADBF63CA313057038250027
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
AuthentificationPage URL History Show full URLs
-
https://dentalimplants.com.au/l
HTTP 301
https://dentalimplants.com.au/l/ HTTP 302
https://banque.axafr.tel/login HTTP 301
https://banque.axafr.tel/login/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://dentalimplants.com.au/l
HTTP 301
https://dentalimplants.com.au/l/ HTTP 302
https://banque.axafr.tel/login HTTP 301
https://banque.axafr.tel/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
banque.axafr.tel/login/ Redirect Chain
|
22 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
banque.axafr.tel/login/css/ |
123 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
axb_app.css
banque.axafr.tel/login/css/ |
195 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.css
banque.axafr.tel/login/css/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
axb_app2.css
banque.axafr.tel/login/css/ |
41 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modules-hashes-lib.min.js
banque.axafr.tel/login/js/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
domi-auth-fat.js
banque.axafr.tel/login/js/ |
1005 KB 240 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
brand-i18n-lib.min.js
banque.axafr.tel/login/js/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otp-wc-lib.min.js
banque.axafr.tel/login/js/ |
138 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.js
banque.axafr.tel/login/js/ |
772 KB 126 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow_chevron_blue.svg
banque.axafr.tel/login/css/assets/images/ |
975 B 754 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sourcesanspro-bold.woff2
banque.axafr.tel/login/fonts/ |
81 KB 82 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sourcesanspro-regular.woff2
banque.axafr.tel/login/fonts/ |
83 KB 83 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
efa44ed4-bac8-4519-b178-35ad16586659
https://banque.axafr.tel/ |
6 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
authent.jpg
banque.axafr.tel/login/css/assets/images/ |
100 KB 100 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.svg
banque.axafr.tel/login/js/assets/images/ |
205 KB 75 KB |
Fetch
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.svg
banque.axafr.tel/login/js/assets/images/ |
205 KB 75 KB |
Fetch
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
banque.axafr.tel/login/js/assets/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Axa (Insurance)45 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend object| ModulesHashesLib function| getEmp function| getNavigator function| getLanguage function| getScreenResolution function| getNavigatorPlatform function| x64Add function| x64Multiply function| x64Rotl function| x64LeftShift function| x64Xor function| x64Fmix function| x64hash128 function| detect function| t function| u function| A function| C function| y function| z function| B undefined| sjcl undefined| D undefined| E undefined| F undefined| G undefined| H object| angular function| _ function| moment object| timekeeper object| xhook object| domtoimage object| BrandI18nLib object| JSON3 function| $ function| jQuery function| auth_back function| auth_next function| submit_form object| uxLib string| uxEfs0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
banque.axafr.tel
dentalimplants.com.au
142.250.204.138
159.69.58.82
45.114.226.228
1adf1f5ce75fd61ee93ee5c0addd2a67ca30c60a0e196aff94175adc8bb977c1
4043288121a80631ae3f30ad21031a77e8937e729efbaedf0342efcba2ddd699
4d776fd13e3906339a1bccf1b0c243f9e9da2aaa05d09e58260a95c92f77a237
621ac9d6e3205ec43743bc63947322782ad63dc3e39d25e6535005c0d3ef8086
65ea9eb1b0dd897dacf9a2b1d501456c43c60cfc2f63c0be026079bd5b67c38c
832c33fc238d8718f406d04f43080ea70562892add487ba6745a3ef131461643
88cab827e057fb6324adcd3c2ed3eb208ac434a440f2cb6f32ef0c6f8af6156d
89de2f207fac8289b2b0d7300b282db8347db9f3098a30662c72ced8c199971c
8ac6ff8e8cf78df0900957290ec8eea2e8cf1cdda638bfefcade7e0f00f26bb0
a1a1df7eb2feeeda70bfe572b27b892b8067bc13d7fe9904c873e18998bec4f6
ab1912868016d8b637e414c6f955d5be881e1d93e48f952beaf3f05af99a7959
b4759f6b003895de3b7a62daa34619d97be67545b16f1cacf595a2f7c854147f
c5e8137f80f3bd8881e561b37b25b07dbaf7d70c7bf94b76769c2fb01e2969b3
d8384d8da1d2066146afe05c62b2f5853d357d4efbd89e0cb91a89b5b6f01e3f
edfea819415ff38872bae9e171c3e1bc2b9d9e1907b1b61d5e576c281dcf3f77
eea9741a9a8fb7335f16385485f96b6156e438c9c7c9b248cbc8329e22b1fdf1
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
faa5da3f63f443c8735d17772f17e1e7a994105fdcec66c09e7d9e88467e3ce3