81.2.253.50
Open in
urlscan Pro
81.2.253.50
Malicious Activity!
Public Scan
Effective URL: http://81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyM...
Submission: On June 18 via automatic, source openphish
Summary
This is the only time 81.2.253.50 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banque Populaire (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 64.99.64.32 64.99.64.32 | 15348 (TUCOWS) (TUCOWS - Tucows.com Co.) | |
3 19 | 81.2.253.50 81.2.253.50 | 24806 (INTERNET-...) (INTERNET-CZ Ktis 2) | |
1 | 2a00:1450:400... 2a00:1450:4001:814::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
3 | 2a00:1450:400... 2a00:1450:400e:803::2003 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 91.134.157.248 91.134.157.248 | 16276 (OVH) (OVH) | |
23 | 6 |
ASN15348 (TUCOWS - Tucows.com Co., CA)
PTR: sfwebfor.tucows.com
www.koldinaremaslone.com |
ASN24806 (INTERNET-CZ Ktis 2, 384 03 Ktis, CZ)
PTR: host50-253-2-81.serverdedicati.aruba.it
81.2.253.50 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
gstatic.com
fonts.gstatic.com |
121 KB |
2 |
facil-iti.com
ws.facil-iti.com |
3 KB |
2 |
googleapis.com
ajax.googleapis.com fonts.googleapis.com |
58 KB |
1 |
koldinaremaslone.com
1 redirects
www.koldinaremaslone.com |
286 B |
23 | 4 |
Domain | Requested by | |
---|---|---|
3 | fonts.gstatic.com |
81.2.253.50
|
2 | ws.facil-iti.com |
81.2.253.50
ws.facil-iti.com |
1 | fonts.googleapis.com |
81.2.253.50
|
1 | ajax.googleapis.com |
81.2.253.50
|
1 | www.koldinaremaslone.com | 1 redirects |
23 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.icgauth.banquepopulaire.fr |
www.bpalc.banquepopulaire.fr |
www.ibps.bpalc.banquepopulaire.fr |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ws.facil-iti.com Gandi Standard SSL CA 2 |
2018-03-05 - 2020-04-08 |
2 years | crt.sh |
This page contains 4 frames:
Primary Page:
http://81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/
Frame ID: 2A14D0FB95F7ADD6F4B2BD83CB3DA1AD
Requests: 15 HTTP requests in this frame
Frame:
http://81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/index_files/getResource.html
Frame ID: FDD27F196CB38BE6D5A0A0F419268809
Requests: 7 HTTP requests in this frame
Frame:
http://81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/index_files/saved_resource.html
Frame ID: 6DB4773AFC98BB83CFD6663C4BA7035C
Requests: 1 HTTP requests in this frame
Frame:
https://ws.facil-iti.com/tag/proxy/?id=09875e11-178a-11e6-abd6-000c298ed446&d=ODEuMi4yNTMuNTA=
Frame ID: 413470CA7973823824111E76C318824E
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://www.koldinaremaslone.com/
HTTP 302
http://81.2.253.50/uilokatrpopasscyberplu HTTP 301
http://81.2.253.50/uilokatrpopasscyberplu/ HTTP 302
http://81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyM... HTTP 301
http://81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyM... Page URL
Detected technologies
Ubuntu (Operating Systems) ExpandDetected patterns
- headers server /Ubuntu/i
AngularJS (JavaScript Frameworks) Expand
Detected patterns
- script /\/([\d.]+(?:\-?rc[.\d]*)*)\/angular(?:\.min)?\.js/i
- script /angular.*\.js/i
- env /^angular$/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Voir la démo Cyberplus
Search URL Search Domain Scan URL
Title: Aide à la connexion
Search URL Search Domain Scan URL
Title: Sécurité
Search URL Search Domain Scan URL
Title: Infos navigateurs
Search URL Search Domain Scan URL
Title: Mentions légales
Search URL Search Domain Scan URL
Title: Présentation Cyberplus
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.koldinaremaslone.com/
HTTP 302
http://81.2.253.50/uilokatrpopasscyberplu HTTP 301
http://81.2.253.50/uilokatrpopasscyberplu/ HTTP 302
http://81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU= HTTP 301
http://81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/ Redirect Chain
|
16 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
angular.min.js
ajax.googleapis.com/ajax/libs/angularjs/1.6.4/ |
163 KB 58 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
css
fonts.googleapis.com/ |
2 KB 440 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.min.css
81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/index_files/ |
13 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
custom.css
81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/index_files/ |
262 B 517 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
play_cyberplus.svg
81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/index_files/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
getResource.html
81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/index_files/ Frame FDD2 |
19 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
eyeOn.svg
81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/img/ |
387 B 387 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_BPALC_desktop.png
81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/ |
23 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Ubuntu-L.ttf
81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/font/ubuntu/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Ubuntu-R.ttf
81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/font/ubuntu/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
symbols_89C3.ttf
81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/font/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Ubuntu-M.ttf
81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/font/ubuntu/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
charte_iv0.css
81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/index_files/ Frame FDD2 |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles_bp.css
81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/index_files/ Frame FDD2 |
393 B 518 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
faciliti-tag.min.js.t%C3%A9l%C3%A9chargement
81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/index_files/ Frame FDD2 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BP_Picto_service-securise.png
81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/index_files/ Frame FDD2 |
992 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
4iCv6KVjbNBYlgoC1CzjsGyI.ttf
fonts.gstatic.com/s/ubuntu/v11/ |
88 KB 46 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
4iCs6KVjbNBYlgoKfw7z.ttf
fonts.gstatic.com/s/ubuntu/v11/ |
75 KB 41 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
4iCv6KVjbNBYlgoCxCvjsGyI.ttf
fonts.gstatic.com/s/ubuntu/v11/ |
67 KB 35 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
faciliti-tag.min.js
ws.facil-iti.com/tag/ Frame FDD2 |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
saved_resource.html
81.2.253.50/uilokatrpopasscyberplu/a0d29c67cdc5318fda19b69d8690a7fdYzhiNWU3MGIzYWM4N2QyMGY0ZWFjYWQwZTI2YTcyMTU=/index_files/ Frame 6DB4 |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame FDD2 |
10 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
ws.facil-iti.com/tag/proxy/ Frame 4134 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banque Populaire (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| angular function| myFunction1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ws.facil-iti.com/ | Name: srvnode Value: srv01 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
fonts.googleapis.com
fonts.gstatic.com
ws.facil-iti.com
www.koldinaremaslone.com
2a00:1450:4001:80b::200a
2a00:1450:4001:814::200a
2a00:1450:400e:803::2003
64.99.64.32
81.2.253.50
91.134.157.248
02b476d9782db747125d36099bb7ce83d11dd3f330ef296d3fb26da3b6e9676e
0d678adf0dc2a5eb47bd147931d06ad0a7757a1afc233005a551ce9934ed4d4f
15e87657a047e93869e58fbb8db45541af71a1b871a0f346c512239082635dfc
22edc0e6778ed62a046d971287468840d96534c62233ccfbd99e6b1783cabe7b
3c31de6adca8d603701482d28de049340d37bb25cac2760a7d41835c699be2fb
40c794795becc02ee24cf66e44f441ec180aec4745d7e8f5aa1f4b41a324011b
5940caaa75867f75b733f436da31f02fc3bb6b4fc5c2fae39bb0a339773cc012
7028d0bae5ddc07e46330709ea671b475106e30279f04408af41de351a787dc7
87c1426c40addbd9712b8db3c7e08b9b54ccfea5807071c702214f0c8e373c4d
8c50aa8567731858e81bcfd2027718d9a7c8fd7bf54cf496499adbf5da5741b9
902518f9b6aefd8d44bc7a457a79915d5a9256fbcb9208e33a9ef4bbb0e9047f
a3e7708185f0d0a9f6d3a5f53c1ab54a1ea4df62df64356d6d703d2ee1b3ed81
a959517c44b62efe733a6149c6c30c98dddc88cc493a868c12cced893c9ad491
b1b4d28622bdd2d68b9240ba327ebcc8d1c0843e27cfa638ff654751a1d971ad
d31722cdd31a9c8c1c8d0cb19b07b040f71b47939f50b06d07942503057bb27c
e59b99d1ec20929fc4fe16d56066d77abcea5d7e52c17aec0ae1e100552e4624
ef0615bb84011bbf3e33d37ad0b63640b121fa0e0a193bcab82a3ebe1e524a55
f4e2d22f6bbdfba63d83bf0d7af3ab960c296465dc9f946368b06379808ab30d