Submitted URL: https://suivi-express-chrono.fr/login.php?sessionid=f5a4c924dc50f50e69c75065f211c6be
Effective URL: https://suivi-express-chrono.fr/login.php?sessionid=d56398325489462e5e1374d7c5c8e69f
Submission: On November 30 via automatic, source openphish — Scanned from FR

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 84.21.172.82, located in United States and belongs to AS_DELIS, US. The main domain is suivi-express-chrono.fr.
TLS certificate: Issued by R3 on November 26th 2022. Valid for: 3 months.
This is the only time suivi-express-chrono.fr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Swisscom (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
2 12 84.21.172.82 211252 (AS_DELIS)
10 1
Apex Domain
Subdomains
Transfer
12 suivi-express-chrono.fr
suivi-express-chrono.fr
387 KB
10 1
Domain Requested by
12 suivi-express-chrono.fr 2 redirects suivi-express-chrono.fr
10 1

This site contains no links.

Subject Issuer Validity Valid
suivi-express-chrono.fr
R3
2022-11-26 -
2023-02-24
3 months crt.sh

This page contains 1 frames:

Primary Page: https://suivi-express-chrono.fr/login.php?sessionid=d56398325489462e5e1374d7c5c8e69f
Frame ID: 025324B48BD26B7FB9C6BFDB2C696F07
Requests: 10 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://suivi-express-chrono.fr/login.php?sessionid=f5a4c924dc50f50e69c75065f211c6be HTTP 302
    https://suivi-express-chrono.fr/index.php HTTP 302
    https://suivi-express-chrono.fr/login.php?sessionid=d56398325489462e5e1374d7c5c8e69f Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

387 kB
Transfer

796 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://suivi-express-chrono.fr/login.php?sessionid=f5a4c924dc50f50e69c75065f211c6be HTTP 302
    https://suivi-express-chrono.fr/index.php HTTP 302
    https://suivi-express-chrono.fr/login.php?sessionid=d56398325489462e5e1374d7c5c8e69f Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login.php
suivi-express-chrono.fr/
Redirect Chain
  • https://suivi-express-chrono.fr/login.php?sessionid=f5a4c924dc50f50e69c75065f211c6be
  • https://suivi-express-chrono.fr/index.php
  • https://suivi-express-chrono.fr/login.php?sessionid=d56398325489462e5e1374d7c5c8e69f
122 KB
20 KB
Document
General
Full URL
https://suivi-express-chrono.fr/login.php?sessionid=d56398325489462e5e1374d7c5c8e69f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.21.172.82 , United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
nginx / PHP/8.0.25 PleskLin
Resource Hash
9ad54391786b153fef429b6910ddb5ea15f4d861d6dcbcacdfe05f2d1344894f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
20595
content-type
text/html; charset=UTF-8
date
Wed, 30 Nov 2022 01:02:57 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.0.25 PleskLin

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 30 Nov 2022 01:02:57 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
login.php?sessionid=d56398325489462e5e1374d7c5c8e69f
pragma
no-cache
server
nginx
x-powered-by
PHP/8.0.25 PleskLin
commons-d5b596036e661ac38f22c70a7cd50323.css
suivi-express-chrono.fr/assets/
354 KB
46 KB
Stylesheet
General
Full URL
https://suivi-express-chrono.fr/assets/commons-d5b596036e661ac38f22c70a7cd50323.css
Requested by
Host: suivi-express-chrono.fr
URL: https://suivi-express-chrono.fr/login.php?sessionid=d56398325489462e5e1374d7c5c8e69f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.21.172.82 , United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
e003ddb101ae145bb19a68ef60b2252bf787ab4f1c7424019c17c5402ca48ae3

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://suivi-express-chrono.fr/login.php?sessionid=d56398325489462e5e1374d7c5c8e69f
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Wed, 30 Nov 2022 01:02:57 GMT
content-encoding
br
last-modified
Sat, 06 Aug 2022 09:41:32 GMT
server
nginx
etag
W/"62ee374c-587bc"
x-powered-by
PleskLin
content-type
text/css
username-18965c05ee0f844a4bb9fde6dfa6a0f2.css
suivi-express-chrono.fr/assets/
218 B
379 B
Stylesheet
General
Full URL
https://suivi-express-chrono.fr/assets/username-18965c05ee0f844a4bb9fde6dfa6a0f2.css
Requested by
Host: suivi-express-chrono.fr
URL: https://suivi-express-chrono.fr/login.php?sessionid=d56398325489462e5e1374d7c5c8e69f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.21.172.82 , United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
ef871a6fc64d3235225cf03da396ac7276fcaf902d799bc967eee7a5d6148b22

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://suivi-express-chrono.fr/login.php?sessionid=d56398325489462e5e1374d7c5c8e69f
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Wed, 30 Nov 2022 01:02:57 GMT
content-encoding
gzip
last-modified
Sat, 06 Aug 2022 09:41:32 GMT
server
nginx
x-accel-version
0.01
etag
"da-5e58f63436b00-gzip"
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
173
myswisscom_logo.png
suivi-express-chrono.fr/assets/
7 KB
7 KB
Image
General
Full URL
https://suivi-express-chrono.fr/assets/myswisscom_logo.png
Requested by
Host: suivi-express-chrono.fr
URL: https://suivi-express-chrono.fr/login.php?sessionid=d56398325489462e5e1374d7c5c8e69f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.21.172.82 , United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
dc58ded68592d0376a68cb174f5509208c22edc10b0003aaac51e35484447364

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://suivi-express-chrono.fr/login.php?sessionid=d56398325489462e5e1374d7c5c8e69f
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Wed, 30 Nov 2022 01:02:57 GMT
last-modified
Sat, 06 Aug 2022 09:41:28 GMT
server
nginx
etag
"62ee3748-1c10"
x-powered-by
PleskLin
content-type
image/png
accept-ranges
bytes
content-length
7184
lifeform-spritesheet-db5b9234be03de8612bb31c38e09fcf7.png
suivi-express-chrono.fr/assets/
38 KB
38 KB
Image
General
Full URL
https://suivi-express-chrono.fr/assets/lifeform-spritesheet-db5b9234be03de8612bb31c38e09fcf7.png
Requested by
Host: suivi-express-chrono.fr
URL: https://suivi-express-chrono.fr/assets/commons-d5b596036e661ac38f22c70a7cd50323.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.21.172.82 , United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
f9adb57dca9cbd2514ed249714b613d65e78a81cadda2882679a9672c812d25e

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://suivi-express-chrono.fr/assets/commons-d5b596036e661ac38f22c70a7cd50323.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Wed, 30 Nov 2022 01:02:57 GMT
last-modified
Sat, 06 Aug 2022 10:01:06 GMT
server
nginx
etag
"62ee3be2-9630"
x-powered-by
PleskLin
content-type
image/png
accept-ranges
bytes
content-length
38448
TheSansB_700_-7dac4ba6f5bfb4ba199e7fe3454a6780.woff2
suivi-express-chrono.fr/assets/
48 KB
49 KB
Font
General
Full URL
https://suivi-express-chrono.fr/assets/TheSansB_700_-7dac4ba6f5bfb4ba199e7fe3454a6780.woff2
Requested by
Host: suivi-express-chrono.fr
URL: https://suivi-express-chrono.fr/assets/commons-d5b596036e661ac38f22c70a7cd50323.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.21.172.82 , United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
09525fb3b4747dfbceaa9401af3c089fae3aa045934b77ec444cfe62c0efd3da

Request headers

Referer
https://suivi-express-chrono.fr/assets/commons-d5b596036e661ac38f22c70a7cd50323.css
Origin
https://suivi-express-chrono.fr
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Wed, 30 Nov 2022 01:02:57 GMT
last-modified
Sat, 06 Aug 2022 10:01:16 GMT
server
nginx
etag
"62ee3bec-c1b8"
x-powered-by
PleskLin
content-type
font/woff2
accept-ranges
bytes
content-length
49592
TheSansB_400_-4f0d59a18ca1c88dcfbbce6510b21da5.woff2
suivi-express-chrono.fr/assets/
50 KB
50 KB
Font
General
Full URL
https://suivi-express-chrono.fr/assets/TheSansB_400_-4f0d59a18ca1c88dcfbbce6510b21da5.woff2
Requested by
Host: suivi-express-chrono.fr
URL: https://suivi-express-chrono.fr/assets/commons-d5b596036e661ac38f22c70a7cd50323.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.21.172.82 , United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
f0cc4ee9dc83925f474ab0b5ed3a5395038c979e157d4bae8e67225f1b0922d8

Request headers

Referer
https://suivi-express-chrono.fr/assets/commons-d5b596036e661ac38f22c70a7cd50323.css
Origin
https://suivi-express-chrono.fr
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Wed, 30 Nov 2022 01:02:57 GMT
last-modified
Sat, 06 Aug 2022 10:01:00 GMT
server
nginx
etag
"62ee3bdc-c614"
x-powered-by
PleskLin
content-type
font/woff2
accept-ranges
bytes
content-length
50708
sdx-icons-52bbae4a4d0e4326575281ff2211b1b9.woff2
suivi-express-chrono.fr/assets/
71 KB
72 KB
Font
General
Full URL
https://suivi-express-chrono.fr/assets/sdx-icons-52bbae4a4d0e4326575281ff2211b1b9.woff2
Requested by
Host: suivi-express-chrono.fr
URL: https://suivi-express-chrono.fr/assets/commons-d5b596036e661ac38f22c70a7cd50323.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.21.172.82 , United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
004400cc60cbc0a9186a1a84676cabf76107f4911f5251a0a6ec75906f3c5153

Request headers

Referer
https://suivi-express-chrono.fr/assets/commons-d5b596036e661ac38f22c70a7cd50323.css
Origin
https://suivi-express-chrono.fr
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Wed, 30 Nov 2022 01:02:57 GMT
last-modified
Sat, 06 Aug 2022 09:41:54 GMT
server
nginx
etag
"62ee3762-11d74"
x-powered-by
PleskLin
content-type
font/woff2
accept-ranges
bytes
content-length
73076
TheSansB_300_-725d06aefcb68dc767cf1bc91d7b5c1e.woff2
suivi-express-chrono.fr/assets/
55 KB
55 KB
Font
General
Full URL
https://suivi-express-chrono.fr/assets/TheSansB_300_-725d06aefcb68dc767cf1bc91d7b5c1e.woff2
Requested by
Host: suivi-express-chrono.fr
URL: https://suivi-express-chrono.fr/assets/commons-d5b596036e661ac38f22c70a7cd50323.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.21.172.82 , United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
a6bab48f290efd74478d95eab8bc0610cc32ffa78dc5adbb8fbc34f30ce8d930

Request headers

Referer
https://suivi-express-chrono.fr/assets/commons-d5b596036e661ac38f22c70a7cd50323.css
Origin
https://suivi-express-chrono.fr
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Wed, 30 Nov 2022 01:02:57 GMT
last-modified
Sat, 06 Aug 2022 10:01:00 GMT
server
nginx
etag
"62ee3bdc-da38"
x-powered-by
PleskLin
content-type
font/woff2
accept-ranges
bytes
content-length
55864
TheSansB_500_-d7955bec1417e0168f42adfe7ceaf8b5.woff2
suivi-express-chrono.fr/assets/
51 KB
51 KB
Font
General
Full URL
https://suivi-express-chrono.fr/assets/TheSansB_500_-d7955bec1417e0168f42adfe7ceaf8b5.woff2
Requested by
Host: suivi-express-chrono.fr
URL: https://suivi-express-chrono.fr/assets/commons-d5b596036e661ac38f22c70a7cd50323.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.21.172.82 , United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
6010e95e45ae8c7c0064724e1ea3ac9495ae55a6241633446db052364c06f5f3

Request headers

Referer
https://suivi-express-chrono.fr/assets/commons-d5b596036e661ac38f22c70a7cd50323.css
Origin
https://suivi-express-chrono.fr
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Wed, 30 Nov 2022 01:02:57 GMT
last-modified
Sat, 06 Aug 2022 10:01:04 GMT
server
nginx
etag
"62ee3be0-cb4c"
x-powered-by
PleskLin
content-type
font/woff2
accept-ranges
bytes
content-length
52044

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Swisscom (Telecommunication)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
suivi-express-chrono.fr/ Name: PHPSESSID
Value: 9j1aq210up5ckgn5e5kvie6kcb