app.uncow-connect.online
Open in
urlscan Pro
199.188.200.216
Malicious Activity!
Public Scan
Effective URL: https://app.uncow-connect.online/3D-FB/CETEL/clients/egebB3.php?verification
Submission: On January 24 via manual from FR — Scanned from FR
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 22nd 2022. Valid for: a year.
This is the only time app.uncow-connect.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Cetelem (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.123.122 167.89.123.122 | 11377 (SENDGRID) (SENDGRID) | |
2 21 | 199.188.200.216 199.188.200.216 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
2 | 2606:4700::68... 2606:4700::6810:5914 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
2 | 2606:4700::68... 2606:4700::6810:125e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:82a::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:80f::2003 | 15169 (GOOGLE) (GOOGLE) | |
26 | 6 |
ASN11377 (SENDGRID, US)
PTR: o16789123x122.outbound-mail.sendgrid.net
u25233794.ct.sendgrid.net |
ASN22612 (NAMECHEAP-NET, US)
PTR: server267-1.web-hosting.com
app.uncow-connect.online |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
uncow-connect.online
2 redirects
app.uncow-connect.online |
114 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 227 |
358 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 440 |
47 KB |
1 |
gstatic.com
fonts.gstatic.com |
44 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 47 |
1 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 584 |
30 KB |
1 |
sendgrid.net
1 redirects
u25233794.ct.sendgrid.net |
259 B |
26 | 7 |
Domain | Requested by | |
---|---|---|
21 | app.uncow-connect.online |
2 redirects
app.uncow-connect.online
|
2 | cdnjs.cloudflare.com |
app.uncow-connect.online
|
2 | cdn.jsdelivr.net |
app.uncow-connect.online
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
app.uncow-connect.online
|
1 | code.jquery.com |
app.uncow-connect.online
|
1 | u25233794.ct.sendgrid.net | 1 redirects |
26 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
app.uncow-connect.online Sectigo RSA Domain Validation Secure Server CA |
2022-01-22 - 2023-01-22 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-07-03 - 2022-07-02 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-12-27 - 2022-03-21 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-12-27 - 2022-03-21 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://app.uncow-connect.online/3D-FB/CETEL/clients/egebB3.php?verification
Frame ID: 1A572F255CCE2425240D9B89AD905354
Requests: 26 HTTP requests in this frame
Screenshot
Page Title
🔒 Espace Personnel - CetelemPage URL History Show full URLs
-
https://u25233794.ct.sendgrid.net/ls/click?upn=SqMf-2FY6zR-2BnGkO70CR8-2FuOiBIDSDy4fSH-2FIAgL36BUX92bx5hQabMyT...
HTTP 302
https://app.uncow-connect.online/3D-FB/CETEL?pwd=cetelem HTTP 301
https://app.uncow-connect.online/3D-FB/CETEL/?pwd=cetelem HTTP 302
https://app.uncow-connect.online/3D-FB/CETEL/clients/egebB3.php?verification Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u25233794.ct.sendgrid.net/ls/click?upn=SqMf-2FY6zR-2BnGkO70CR8-2FuOiBIDSDy4fSH-2FIAgL36BUX92bx5hQabMyTMyRO08L5UfeGEKHfXmp6LytHwlbv4y-2FGfBwAUj5CiC5obIX9Hp-2BI-3D9Gn2_IVzRVYoSJeQ5HHg6ZCkhfy-2FH00MJlCT55PDSY-2Fr1usBeW1TgfZjtLYmKYf6Y3KyQ4zqNT5FIk20qb4gWnGPlrAsW3eNSWhoUVq00ZJ-2FB-2F6VsVmzwwLlnjD5HZr6qHK-2B-2BFtV-2FWkILmKI4vLCuSeGeWbtCiyIIChPG9ij-2FBbdwXJlbX0-2FPxeag8HPirZtK61OI1bgkvHpQlFoPJhDv-2Bf52r5n9AdmLGMfFqQwF3xKe1acUSKlQZYcEst4kmMb4DHIngixIHoJVtCZ83S06kPojwc7IVWqY63wrFUzTzjS75Qh4sq5oBQz-2F-2FNCUNpd8w6mG3BYqZPbLAtGivwQJnznJvU5KkCnCMlxH4oVuHJFCFwLZCY4T3hbneh2cvkPLNxF9FQuRxMpHu20DwKJJpy-2BTxz15hJjDE3k1mtlKaeog2EfuLPv4uFyVNc69h1ldjUrY3Kq-2BL3klfIBKTRLjjO5nIfJ3uwJ0bZxGMfV-2F947EUaLqqhGNVTPWUH9wqzqfk7rlwclkkH10aVHFgB8pqITlqt2yBqT-2F8i-2FjXoZeVeahCxE-3D
HTTP 302
https://app.uncow-connect.online/3D-FB/CETEL?pwd=cetelem HTTP 301
https://app.uncow-connect.online/3D-FB/CETEL/?pwd=cetelem HTTP 302
https://app.uncow-connect.online/3D-FB/CETEL/clients/egebB3.php?verification Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
egebB3.php
app.uncow-connect.online/3D-FB/CETEL/clients/ Redirect Chain
|
14 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/ |
157 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
helpers.css
app.uncow-connect.online/3D-FB/CETEL/assets/css/ |
41 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
app.uncow-connect.online/3D-FB/CETEL/assets/css/ |
9 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
app.uncow-connect.online/3D-FB/CETEL/assets/imgs/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mainmenu.png
app.uncow-connect.online/3D-FB/CETEL/assets/imgs/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
btt.png
app.uncow-connect.online/3D-FB/CETEL/assets/imgs/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
menu-mobile.png
app.uncow-connect.online/3D-FB/CETEL/assets/imgs/ |
118 B 318 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-small.png
app.uncow-connect.online/3D-FB/CETEL/assets/imgs/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
user.png
app.uncow-connect.online/3D-FB/CETEL/assets/imgs/ |
853 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
how.png
app.uncow-connect.online/3D-FB/CETEL/assets/imgs/ |
358 B 558 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
success.png
app.uncow-connect.online/3D-FB/CETEL/assets/imgs/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ex.png
app.uncow-connect.online/3D-FB/CETEL/assets/imgs/ |
512 B 712 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img.png
app.uncow-connect.online/3D-FB/CETEL/assets/imgs/ |
65 KB 65 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
remove.png
app.uncow-connect.online/3D-FB/CETEL/assets/imgs/ |
345 B 545 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon1.png
app.uncow-connect.online/3D-FB/CETEL/assets/imgs/ |
638 B 838 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon2.png
app.uncow-connect.online/3D-FB/CETEL/assets/imgs/ |
1019 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/ |
82 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.js
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/js/ |
1 MB 355 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.payment.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
app.uncow-connect.online/3D-FB/CETEL/assets/js/ |
150 B 363 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
8 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.png
app.uncow-connect.online/3D-FB/CETEL/assets/imgs/ |
812 B 1012 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons5.png
app.uncow-connect.online/3D-FB/CETEL/assets/imgs/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ |
44 KB 44 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Cetelem (Banking)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| bootstrap object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
app.uncow-connect.online/ | Name: PHPSESSID Value: 3bf42f88d44ab63a8bea89589565e787 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app.uncow-connect.online
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
u25233794.ct.sendgrid.net
167.89.123.122
199.188.200.216
2001:4de0:ac18::1:a:1b
2606:4700::6810:125e
2606:4700::6810:5914
2a00:1450:4001:80f::2003
2a00:1450:4001:82a::200a
20a3ef6979bbe5e4de1afaecc703e1d34cbc5e3ceab36d378539506327692d72
21778a3a131fbbf7366d7f69a3a8d97df1f7c7a186268cf20962468daeed07ae
297584023e77ca109c4b031456e441ed022300ee00d9f30bc1e1b61b2570bf0b
4168c4883554741bf914fda5f9c247a47ccbb83a7c65289e7cfc46590791a0a5
45946c8af1d1bba2561117e273264ca03f741e1de5fe12d1a60908639c01f120
473d45843f48a6419fe8e1fa16f2dd89e6ec686d616b697cc075fcf86ea009b2
4f170247e1768f40ceb39a7e08a9250b3e0d1fe5d85e9ac437b6fba12ccf61ba
6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37
786729996e8cfc06306966f638c2f38b4e7b782b68d3dbcdf572c922b68269eb
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01
919a62b2522ce782d7d0142149d750749db0f7a615e39707f0819b2b676b0573
9366cd2feb12988a6c933387c3de1d102fe2af39d703484a39d40d298c1606be
9bdc3b15de5347fd7fb4c348f54f376703d8392615f41414f7954927e812fcc8
abfd538ebcfc154ded989533907265e7adc7211832cc948218ed1bd495de6c8b
ac900c2be82abccdf67b5c6fdddcdff474b9a3584c69232aaed09b73ee791cc0
c0ab15f3de775ecc9e6ebdfa187e37cf7c785d77f72b9ec15e1681f8f44a41f8
c3847462653a6f0f3ca82b96bd1cd5fd65b0dd762e7a34ede21954f1be6b2a8d
cc4e4acd6ef6957fb28e3675b0b760775514147c800da1e9db31a5bcd3de1e0f
ce3974f9d3c3f960e338d675b7d8274ca6a3a9199f4183b7f609fba35ed33333
d26a90569f730022dbc4e65e859bba8a64e712295e4adb6f68c4bcb21cb8e27a
db2971ba6ee145e3b6160a4fc4eec78569aec710d3094123346f69c8d406a39a
dcc093d9dee8f5094a7052fa3cea30796458f3f904ae294fa87ad6823319f03e
ebae56dd5fc8fa7d56c5ccf3518e6bcc4b3edecb867ea0cd008400020c640a33
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d