authentificationdsp2.libe6235.odns.fr Open in urlscan Pro
109.234.162.145  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.php Show response authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/	9 KB 2 KB	179ms 36ms	Document text/html	109.234.162.145 O2SWITCH
General Check archive.org Show headers Download Go to Full URL http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php Protocol HTTP/1.1 Server 109.234.162.145 , France, ASN50474 (O2SWITCH, FR), Reverse DNS 109-234-162-145.reverse.odns.fr Software o2switch-PowerBoost-v3 / PHP/5.6.40 Resource Hash 9aff694ebdeca822c282bbc6814350e0890ae5ffb73b0cf1b8a48650d6709b8f Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Fri, 13 May 2022 01:00:50 GMT Server o2switch-PowerBoost-v3 Transfer-Encoding chunked Vary Accept-Encoding X-Powered-By PHP/5.6.40
GET H2	200	bootstrap.min.css cdn.jsdelivr.net/npm/bootstrap@5.1.0/dist/css/	159 KB 25 KB	78ms 32ms	Stylesheet text/css	2606:4700::6810:5514 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/bootstrap@5.1.0/dist/css/bootstrap.min.css Requested by Host: authentificationdsp2.libe6235.odns.fr URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cfc391e34328c09f0680ae8ff3d63e86224ae7e71c973147ccb84540b2fdd9b8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer http://authentificationdsp2.libe6235.odns.fr/ Origin http://authentificationdsp2.libe6235.odns.fr accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Fri, 13 May 2022 01:00:51 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 3253558 x-jsd-version 5.1.0 x-cache HIT, HIT cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains; preload alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-served-by cache-fra19170-FRA, cache-itm18846-ITM timing-allow-origin * x-jsd-version-type version server cloudflare etag W/"27ba0-OW9RszP/bwkm9uZ61ubJxpvqezE" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FT5riBaBN6ZGXkWaQQ7c8bkrddK4USlvp32jWMOlLu%2B0yYyBmQWLZOADdC44vz2gDhPc8EldSajCO0soucCZPcCczxoiSUn3sAAlRmTxg4oC95FoMNt2593RoXsMUTkAMa3vjtF0nWVEXPbfUIk%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable cf-ray 70a775a4392e4031-CDG
GET H/1.1	404 Not Found	style.css authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/css/	0 0	29ms 28ms	Stylesheet text/html	109.234.162.145 O2SWITCH
General Check archive.org Show headers Download Go to Full URL http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/css/style.css Requested by Host: authentificationdsp2.libe6235.odns.fr URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php Protocol HTTP/1.1 Server 109.234.162.145 , France, ASN50474 (O2SWITCH, FR), Reverse DNS 109-234-162-145.reverse.odns.fr Software o2switch-PowerBoost-v3 / Resource Hash Request headers accept-language fr-FR,fr;q=0.9 Referer http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Date Fri, 13 May 2022 01:00:50 GMT Server o2switch-PowerBoost-v3 Connection keep-alive Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	entete1lg.PNG authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/	24 KB 25 KB	71ms 46ms	Image image/png	109.234.162.145 O2SWITCH
General Check archive.org Show headers Download Go to Show image Full URL http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/entete1lg.PNG Requested by Host: authentificationdsp2.libe6235.odns.fr URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php Protocol HTTP/1.1 Server 109.234.162.145 , France, ASN50474 (O2SWITCH, FR), Reverse DNS 109-234-162-145.reverse.odns.fr Software o2switch-PowerBoost-v3 / Resource Hash bd766ec2683adaa85b4d360558f41b6aabd45ca8fe78c56c34f9cfc9336ac4bf Request headers accept-language fr-FR,fr;q=0.9 Referer http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Date Fri, 13 May 2022 01:00:50 GMT Last-Modified Thu, 12 May 2022 13:21:55 GMT Server o2switch-PowerBoost-v3 Connection keep-alive Accept-Ranges bytes Content-Length 24973 Content-Type image/png
GET H/1.1	200 OK	entete1_mobile.png authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/	12 KB 13 KB	110ms 86ms	Image image/png	109.234.162.145 O2SWITCH
General Check archive.org Show headers Download Go to Show image Full URL http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/entete1_mobile.png Requested by Host: authentificationdsp2.libe6235.odns.fr URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php Protocol HTTP/1.1 Server 109.234.162.145 , France, ASN50474 (O2SWITCH, FR), Reverse DNS 109-234-162-145.reverse.odns.fr Software o2switch-PowerBoost-v3 / Resource Hash 77016d3792770d388b1abd580af5681c840fd83e2b1466ccebb823cced537ee3 Request headers accept-language fr-FR,fr;q=0.9 Referer http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Date Fri, 13 May 2022 01:00:50 GMT Last-Modified Thu, 12 May 2022 13:21:55 GMT Server o2switch-PowerBoost-v3 Connection keep-alive Accept-Ranges bytes Content-Length 12733 Content-Type image/png
GET H/1.1	200 OK	right.png authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/	20 KB 20 KB	89ms 65ms	Image image/png	109.234.162.145 O2SWITCH
General Check archive.org Show headers Download Go to Show image Full URL http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/right.png Requested by Host: authentificationdsp2.libe6235.odns.fr URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php Protocol HTTP/1.1 Server 109.234.162.145 , France, ASN50474 (O2SWITCH, FR), Reverse DNS 109-234-162-145.reverse.odns.fr Software o2switch-PowerBoost-v3 / Resource Hash 1e114c89ff68be36510b55b46a624ae63b8b24fbf3584b7cab06242908bfd09b Request headers accept-language fr-FR,fr;q=0.9 Referer http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Date Fri, 13 May 2022 01:00:50 GMT Last-Modified Thu, 12 May 2022 13:21:55 GMT Server o2switch-PowerBoost-v3 Connection keep-alive Accept-Ranges bytes Content-Length 20656 Content-Type image/png
GET H/1.1	200 OK	pied.png authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/	50 KB 50 KB	132ms 108ms	Image image/png	109.234.162.145 O2SWITCH
General Check archive.org Show headers Download Go to Show image Full URL http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/pied.png Requested by Host: authentificationdsp2.libe6235.odns.fr URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php Protocol HTTP/1.1 Server 109.234.162.145 , France, ASN50474 (O2SWITCH, FR), Reverse DNS 109-234-162-145.reverse.odns.fr Software o2switch-PowerBoost-v3 / Resource Hash 661c6129a31f6b63d621992b8f441d5c5dc8795c36e9e14fb31f12cf0c32be11 Request headers accept-language fr-FR,fr;q=0.9 Referer http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Date Fri, 13 May 2022 01:00:50 GMT Last-Modified Thu, 12 May 2022 13:21:55 GMT Server o2switch-PowerBoost-v3 Connection keep-alive Accept-Ranges bytes Content-Length 51251 Content-Type image/png
GET H/1.1	200 OK	pied_mobile.png authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/	66 KB 66 KB	121ms 121ms	Image image/png	109.234.162.145 O2SWITCH
General Check archive.org Show headers Download Go to Show image Full URL http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/pied_mobile.png Requested by Host: authentificationdsp2.libe6235.odns.fr URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php Protocol HTTP/1.1 Server 109.234.162.145 , France, ASN50474 (O2SWITCH, FR), Reverse DNS 109-234-162-145.reverse.odns.fr Software o2switch-PowerBoost-v3 / Resource Hash 487bf16b7670bc59adc08ebc69239b4c6b614a0a9349a6b25c330ddf69adaca6 Request headers accept-language fr-FR,fr;q=0.9 Referer http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Date Fri, 13 May 2022 01:00:50 GMT Last-Modified Thu, 12 May 2022 13:21:55 GMT Server o2switch-PowerBoost-v3 Connection keep-alive Accept-Ranges bytes Content-Length 67447 Content-Type image/png
GET H2	200	bootstrap.bundle.min.js Show response cdn.jsdelivr.net/npm/bootstrap@5.1.1/dist/js/	77 KB 24 KB	75ms 30ms	Script application/javascript	2606:4700::6810:5514 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/bootstrap@5.1.1/dist/js/bootstrap.bundle.min.js Requested by Host: authentificationdsp2.libe6235.odns.fr URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e5a12b84f9543d5ba3231837c2f2467563405aa66a582b6fc400985f85df49ad Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer http://authentificationdsp2.libe6235.odns.fr/ Origin http://authentificationdsp2.libe6235.odns.fr accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Fri, 13 May 2022 01:00:51 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 4549152 x-jsd-version 5.1.1 x-cache HIT, HIT cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains; preload alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-served-by cache-fra19130-FRA, cache-cdg20747-CDG timing-allow-origin * x-jsd-version-type version server cloudflare etag W/"13417-CF7M/QNtoe32ATiKaM/lyzFrHiw" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DiQkdlUJPgu1BXBg5U837QZ2oyWfeq4cjxwJYwcf74ZYZaCg%2FU5vlX0PxvLoUezV1SEXh0xDs65%2Bu%2F3X8GYoui35%2FA9foXicC%2BQckLJ7erN14%2BlygU0FYeDxzvr3ubJYnsLLcibC1pW7aIoCaHE%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable cf-ray 70a775a439304031-CDG
GET H2	200	jquery-3.5.1.min.js Show response code.jquery.com/	87 KB 30 KB	61ms 20ms	Script application/javascript	2001:4de0:ac18::1:a:1b STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.5.1.min.js Requested by Host: authentificationdsp2.libe6235.odns.fr URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (STACKPATH-CDN, US), Reverse DNS Software nginx / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Request headers accept-language fr-FR,fr;q=0.9 Referer http://authentificationdsp2.libe6235.odns.fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Fri, 13 May 2022 01:00:51 GMT content-encoding gzip last-modified Fri, 20 Aug 2021 17:47:53 GMT server nginx etag W/"611feac9-15d84" vary Accept-Encoding x-hw 1652403651.dop036.pa1.t,1652403651.cds207.pa1.hn,1652403651.cds214.pa1.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 30879
GET H/1.1	200 OK	script.js Show response authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/js/	3 KB 1 KB	51ms 27ms	Script application/javascript	109.234.162.145 O2SWITCH
General Check archive.org Show headers Download Go to Full URL http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/js/script.js Requested by Host: authentificationdsp2.libe6235.odns.fr URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php Protocol HTTP/1.1 Server 109.234.162.145 , France, ASN50474 (O2SWITCH, FR), Reverse DNS 109-234-162-145.reverse.odns.fr Software o2switch-PowerBoost-v3 / Resource Hash 545258145e55cc2d76e2e87437eb81f4f369a9c539410946701fb55238b7abfa Request headers accept-language fr-FR,fr;q=0.9 Referer http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Date Fri, 13 May 2022 01:00:50 GMT Content-Encoding gzip Last-Modified Thu, 12 May 2022 13:21:55 GMT Server o2switch-PowerBoost-v3 Vary Accept-Encoding Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banque Postale (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone number| uidEvent object| bootstrap function| $ function| jQuery number| x

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/css/style.css Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

authentificationdsp2.libe6235.odns.fr
cdn.jsdelivr.net
code.jquery.com
109.234.162.145
2001:4de0:ac18::1:a:1b
2606:4700::6810:5514
1e114c89ff68be36510b55b46a624ae63b8b24fbf3584b7cab06242908bfd09b
487bf16b7670bc59adc08ebc69239b4c6b614a0a9349a6b25c330ddf69adaca6
545258145e55cc2d76e2e87437eb81f4f369a9c539410946701fb55238b7abfa
661c6129a31f6b63d621992b8f441d5c5dc8795c36e9e14fb31f12cf0c32be11
77016d3792770d388b1abd580af5681c840fd83e2b1466ccebb823cced537ee3
9aff694ebdeca822c282bbc6814350e0890ae5ffb73b0cf1b8a48650d6709b8f
bd766ec2683adaa85b4d360558f41b6aabd45ca8fe78c56c34f9cfc9336ac4bf
cfc391e34328c09f0680ae8ff3d63e86224ae7e71c973147ccb84540b2fdd9b8
e5a12b84f9543d5ba3231837c2f2467563405aa66a582b6fc400985f85df49ad
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d