authentificationdsp2.libe6235.odns.fr Open in urlscan Pro
109.234.162.145  Malicious Activity! Public Scan

URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
Submission: On May 13 via automatic, source openphish — Scanned from FR

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 11 HTTP transactions. The main IP is 109.234.162.145, located in France and belongs to O2SWITCH, FR. The main domain is authentificationdsp2.libe6235.odns.fr.
This is the only time authentificationdsp2.libe6235.odns.fr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banque Postale (Banking)

Domain & IP information

IP Address AS Autonomous System
8 109.234.162.145 50474 (O2SWITCH)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2001:4de0:ac1... 20446 (STACKPATH...)
11 3
Apex Domain
Subdomains
Transfer
8 odns.fr
authentificationdsp2.libe6235.odns.fr
177 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 432
49 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 660
30 KB
11 3
Domain Requested by
8 authentificationdsp2.libe6235.odns.fr authentificationdsp2.libe6235.odns.fr
2 cdn.jsdelivr.net authentificationdsp2.libe6235.odns.fr
1 code.jquery.com authentificationdsp2.libe6235.odns.fr
11 3

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-07-03 -
2022-07-02
a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2021-07-14 -
2022-08-14
a year crt.sh

This page contains 1 frames:

Primary Page: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
Frame ID: 87F98D7AFCF1B0859D84B4B2F3A05E36
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

Connexion à l'espace client - La Banque Postale

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

11
Requests

27 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

256 kB
Transfer

508 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login.php
authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/
9 KB
2 KB
Document
General
Full URL
http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
Protocol
HTTP/1.1
Server
109.234.162.145 , France, ASN50474 (O2SWITCH, FR),
Reverse DNS
109-234-162-145.reverse.odns.fr
Software
o2switch-PowerBoost-v3 / PHP/5.6.40
Resource Hash
9aff694ebdeca822c282bbc6814350e0890ae5ffb73b0cf1b8a48650d6709b8f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 13 May 2022 01:00:50 GMT
Server
o2switch-PowerBoost-v3
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Powered-By
PHP/5.6.40
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.1.0/dist/css/
159 KB
25 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.1.0/dist/css/bootstrap.min.css
Requested by
Host: authentificationdsp2.libe6235.odns.fr
URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cfc391e34328c09f0680ae8ff3d63e86224ae7e71c973147ccb84540b2fdd9b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://authentificationdsp2.libe6235.odns.fr/
Origin
http://authentificationdsp2.libe6235.odns.fr
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Fri, 13 May 2022 01:00:51 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
3253558
x-jsd-version
5.1.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19170-FRA, cache-itm18846-ITM
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"27ba0-OW9RszP/bwkm9uZ61ubJxpvqezE"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FT5riBaBN6ZGXkWaQQ7c8bkrddK4USlvp32jWMOlLu%2B0yYyBmQWLZOADdC44vz2gDhPc8EldSajCO0soucCZPcCczxoiSUn3sAAlRmTxg4oC95FoMNt2593RoXsMUTkAMa3vjtF0nWVEXPbfUIk%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
70a775a4392e4031-CDG
style.css
authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/css/
0
0
Stylesheet
General
Full URL
http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/css/style.css
Requested by
Host: authentificationdsp2.libe6235.odns.fr
URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
Protocol
HTTP/1.1
Server
109.234.162.145 , France, ASN50474 (O2SWITCH, FR),
Reverse DNS
109-234-162-145.reverse.odns.fr
Software
o2switch-PowerBoost-v3 /
Resource Hash

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Fri, 13 May 2022 01:00:50 GMT
Server
o2switch-PowerBoost-v3
Connection
keep-alive
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
entete1lg.PNG
authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/
24 KB
25 KB
Image
General
Full URL
http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/entete1lg.PNG
Requested by
Host: authentificationdsp2.libe6235.odns.fr
URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
Protocol
HTTP/1.1
Server
109.234.162.145 , France, ASN50474 (O2SWITCH, FR),
Reverse DNS
109-234-162-145.reverse.odns.fr
Software
o2switch-PowerBoost-v3 /
Resource Hash
bd766ec2683adaa85b4d360558f41b6aabd45ca8fe78c56c34f9cfc9336ac4bf

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Fri, 13 May 2022 01:00:50 GMT
Last-Modified
Thu, 12 May 2022 13:21:55 GMT
Server
o2switch-PowerBoost-v3
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
24973
Content-Type
image/png
entete1_mobile.png
authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/
12 KB
13 KB
Image
General
Full URL
http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/entete1_mobile.png
Requested by
Host: authentificationdsp2.libe6235.odns.fr
URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
Protocol
HTTP/1.1
Server
109.234.162.145 , France, ASN50474 (O2SWITCH, FR),
Reverse DNS
109-234-162-145.reverse.odns.fr
Software
o2switch-PowerBoost-v3 /
Resource Hash
77016d3792770d388b1abd580af5681c840fd83e2b1466ccebb823cced537ee3

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Fri, 13 May 2022 01:00:50 GMT
Last-Modified
Thu, 12 May 2022 13:21:55 GMT
Server
o2switch-PowerBoost-v3
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
12733
Content-Type
image/png
right.png
authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/
20 KB
20 KB
Image
General
Full URL
http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/right.png
Requested by
Host: authentificationdsp2.libe6235.odns.fr
URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
Protocol
HTTP/1.1
Server
109.234.162.145 , France, ASN50474 (O2SWITCH, FR),
Reverse DNS
109-234-162-145.reverse.odns.fr
Software
o2switch-PowerBoost-v3 /
Resource Hash
1e114c89ff68be36510b55b46a624ae63b8b24fbf3584b7cab06242908bfd09b

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Fri, 13 May 2022 01:00:50 GMT
Last-Modified
Thu, 12 May 2022 13:21:55 GMT
Server
o2switch-PowerBoost-v3
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
20656
Content-Type
image/png
pied.png
authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/
50 KB
50 KB
Image
General
Full URL
http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/pied.png
Requested by
Host: authentificationdsp2.libe6235.odns.fr
URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
Protocol
HTTP/1.1
Server
109.234.162.145 , France, ASN50474 (O2SWITCH, FR),
Reverse DNS
109-234-162-145.reverse.odns.fr
Software
o2switch-PowerBoost-v3 /
Resource Hash
661c6129a31f6b63d621992b8f441d5c5dc8795c36e9e14fb31f12cf0c32be11

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Fri, 13 May 2022 01:00:50 GMT
Last-Modified
Thu, 12 May 2022 13:21:55 GMT
Server
o2switch-PowerBoost-v3
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
51251
Content-Type
image/png
pied_mobile.png
authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/
66 KB
66 KB
Image
General
Full URL
http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/img/pied_mobile.png
Requested by
Host: authentificationdsp2.libe6235.odns.fr
URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
Protocol
HTTP/1.1
Server
109.234.162.145 , France, ASN50474 (O2SWITCH, FR),
Reverse DNS
109-234-162-145.reverse.odns.fr
Software
o2switch-PowerBoost-v3 /
Resource Hash
487bf16b7670bc59adc08ebc69239b4c6b614a0a9349a6b25c330ddf69adaca6

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Fri, 13 May 2022 01:00:50 GMT
Last-Modified
Thu, 12 May 2022 13:21:55 GMT
Server
o2switch-PowerBoost-v3
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
67447
Content-Type
image/png
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.1.1/dist/js/
77 KB
24 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.1.1/dist/js/bootstrap.bundle.min.js
Requested by
Host: authentificationdsp2.libe6235.odns.fr
URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5a12b84f9543d5ba3231837c2f2467563405aa66a582b6fc400985f85df49ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://authentificationdsp2.libe6235.odns.fr/
Origin
http://authentificationdsp2.libe6235.odns.fr
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Fri, 13 May 2022 01:00:51 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4549152
x-jsd-version
5.1.1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19130-FRA, cache-cdg20747-CDG
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"13417-CF7M/QNtoe32ATiKaM/lyzFrHiw"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DiQkdlUJPgu1BXBg5U837QZ2oyWfeq4cjxwJYwcf74ZYZaCg%2FU5vlX0PxvLoUezV1SEXh0xDs65%2Bu%2F3X8GYoui35%2FA9foXicC%2BQckLJ7erN14%2BlygU0FYeDxzvr3ubJYnsLLcibC1pW7aIoCaHE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
70a775a439304031-CDG
jquery-3.5.1.min.js
code.jquery.com/
87 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.5.1.min.js
Requested by
Host: authentificationdsp2.libe6235.odns.fr
URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://authentificationdsp2.libe6235.odns.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Fri, 13 May 2022 01:00:51 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-15d84"
vary
Accept-Encoding
x-hw
1652403651.dop036.pa1.t,1652403651.cds207.pa1.hn,1652403651.cds214.pa1.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30879
script.js
authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/js/
3 KB
1 KB
Script
General
Full URL
http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/js/script.js
Requested by
Host: authentificationdsp2.libe6235.odns.fr
URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
Protocol
HTTP/1.1
Server
109.234.162.145 , France, ASN50474 (O2SWITCH, FR),
Reverse DNS
109-234-162-145.reverse.odns.fr
Software
o2switch-PowerBoost-v3 /
Resource Hash
545258145e55cc2d76e2e87437eb81f4f369a9c539410946701fb55238b7abfa

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Fri, 13 May 2022 01:00:50 GMT
Content-Encoding
gzip
Last-Modified
Thu, 12 May 2022 13:21:55 GMT
Server
o2switch-PowerBoost-v3
Vary
Accept-Encoding
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banque Postale (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone number| uidEvent object| bootstrap function| $ function| jQuery number| x

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: http://authentificationdsp2.libe6235.odns.fr/authentifierds2/configuration/accessfull/accespost/aed511419797106/asset/css/style.css
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)