ca-espaceclient-activationenligne.com
Open in
urlscan Pro
192.185.131.129
Malicious Activity!
Public Scan
Submission: On April 19 via automatic, source openphish
Summary
This is the only time ca-espaceclient-activationenligne.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Credit Agricole (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
23 | 192.185.131.129 192.185.131.129 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
1 | 203.150.230.122 203.150.230.122 | 4618 (INET-TH-A...) (INET-TH-AS Internet Thailand Company Limited) | |
1 2 | 172.241.79.185 172.241.79.185 | 7203 (LEASEWEB-...) (LEASEWEB-USA-SFO-12 - Leaseweb USA) | |
25 | 3 |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
ca-espaceclient-activationenligne.com |
ASN4618 (INET-TH-AS Internet Thailand Company Limited, TH)
PTR: host122.porar.com
www.lazikakhaoko.com |
ASN7203 (LEASEWEB-USA-SFO-12 - Leaseweb USA, Inc., US)
scriptv.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
23 |
ca-espaceclient-activationenligne.com
ca-espaceclient-activationenligne.com |
299 KB |
2 |
scriptv.net
1 redirects
scriptv.net |
3 KB |
1 |
lazikakhaoko.com
www.lazikakhaoko.com |
515 B |
25 | 3 |
Domain | Requested by | |
---|---|---|
23 | ca-espaceclient-activationenligne.com |
ca-espaceclient-activationenligne.com
|
2 | scriptv.net |
1 redirects
ca-espaceclient-activationenligne.com
|
1 | www.lazikakhaoko.com |
ca-espaceclient-activationenligne.com
|
25 | 3 |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://ca-espaceclient-activationenligne.com/identification/e1793/email.php
Frame ID: 90BE1BE506DA3D4D313DF4F995BD8831
Requests: 25 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 16- http://scriptv.net/v2.js HTTP 301
- http://scriptv.net/index.html
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
email.php
ca-espaceclient-activationenligne.com/identification/e1793/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cara98732.css
ca-espaceclient-activationenligne.com/identification/e1793/ENT923MAIL/ |
26 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
corazone450.css
ca-espaceclient-activationenligne.com/identification/e1793/ENT923MAIL/ |
26 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
smit983.css
ca-espaceclient-activationenligne.com/identification/e1793/ENT923MAIL/ |
78 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sperados20.css
ca-espaceclient-activationenligne.com/identification/e1793/ENT923MAIL/ |
78 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles-mod_002.css
ca-espaceclient-activationenligne.com/identification/e1793/ENT923MAIL/ |
12 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles-mod.css
ca-espaceclient-activationenligne.com/identification/e1793/ENT923MAIL/ |
12 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
saa.css
ca-espaceclient-activationenligne.com/identification/e1793/ENT923MAIL/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wreport.js
ca-espaceclient-activationenligne.com/identification/e1793/entreBam_fichiers/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
xtclicks.js
ca-espaceclient-activationenligne.com/identification/e1793/entreBam_fichiers/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.detectmobilebrowser.js
ca-espaceclient-activationenligne.com/identification/e1793/entreBam_fichiers/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
xtcore.js
ca-espaceclient-activationenligne.com/identification/e1793/entreBam_fichiers/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
ca-espaceclient-activationenligne.com/identification/e1793/ENT923MAIL/ |
266 KB 87 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wreport.js
ca-espaceclient-activationenligne.com/identification/e1793/entreeBam_fichier/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
siteon0.gif
ca-espaceclient-activationenligne.com/identification/e1793/ENT923MAIL/ |
8 KB 8 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bb.jpeg
ca-espaceclient-activationenligne.com/identification/e1793/ENT923MAIL/ |
115 KB 115 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mrc.PNG
www.lazikakhaoko.com/ |
0 515 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.html
scriptv.net/ Redirect Chain
|
0 2 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wreport.js
ca-espaceclient-activationenligne.com/identification/e1793/entreeBam_fichier/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main_repeat.png
ca-espaceclient-activationenligne.com/identification/e1793/img/ |
12 KB 12 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
entete_light.png
ca-espaceclient-activationenligne.com/identification/e1793/ENT923MAIL/ |
411 B 627 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main_haut.png
ca-espaceclient-activationenligne.com/identification/e1793/ENT923MAIL/ |
143 B 359 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bloc_arrond_bas.png
ca-espaceclient-activationenligne.com/identification/e1793/img/ |
12 KB 12 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bloc_arrond_haut.png
ca-espaceclient-activationenligne.com/identification/e1793/img/ |
12 KB 12 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
thead.png
ca-espaceclient-activationenligne.com/identification/e1793/img/ |
3 KB 3 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Credit Agricole (Banking)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| Validate function| $ function| jQuery string| jQuery_var string| Allow_js string| Browser_Type number| IE6 number| Mozilla_Version string| Flash_var function| DP_jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ca-espaceclient-activationenligne.com
scriptv.net
www.lazikakhaoko.com
172.241.79.185
192.185.131.129
203.150.230.122
39bfc682e4192d3c8b346d717ca11e4cab45cb44b417be2a7966b01af9e28f5e
5a812b6d079563d5007a74f2e8a6fb3cb465b65e5199dc8976d9306e664e6fee
5d543f61030c25631f94239c4ffdafe2bdd913373e467de48988c433cc2d19b1
5e6e4b59e776656c913d4f6fa9e5c586678c9954a2b75fc287752ee9b6e976d2
6355d2f569635d7ed7c4fa9286e79a5eb5ecc6b17d64f97e64687195a1d4e7c3
82bb557cf480b5f06d375306fdf9fb8bdfd9c3139250eeac4c56e65435cdddb3
9fcab327f6ceaf3b22cde395516929fa4a054ce134c67d0c0788b07a240e38ff
a307d1f6262aaa120d2d8d18603e6b0eb9a7f58c2865d689a5a7c2d6b707fbbb
b5e5d80362aaa3b4253339f2909f3859e5b7696d4548c228fde532240d275ef7
b98e58f0f2c62969d61ce2ec31043dacb8d378ecbbfcae138b6250d432e195dd
be75bd4ece74fdb044d991fed3ebe153c99009970c90a171b24d2d8949e28bd8
c2eb575af2dd8cbf678afc27903c39d00e4083a82f2f340e6e7eaebb2c6b7131
ca71e814c098eea53cdbc9d31f658d5b45c83287860ca5c3dcfaec5842d2efe1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f6b6ebd962eb5771760ecfd687419341e5cc2ae2275f27ec8ee18d238fe17b1f