cecafaonline.com
Open in
urlscan Pro
207.174.213.93
Malicious Activity!
Public Scan
Effective URL: https://cecafaonline.com/ca/agricolefrance/
Submission: On January 22 via manual from IN
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on November 26th 2020. Valid for: a year.
This is the only time cecafaonline.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Credit Agricole (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 207.174.214.139 207.174.214.139 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY) | |
12 | 207.174.213.93 207.174.213.93 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:1b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
13 | 2 |
ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
PTR: bh-59.webhostbox.net
davidmachinerygroup.com |
ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
cecafaonline.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
cecafaonline.com
cecafaonline.com |
659 KB |
1 |
jquery.com
code.jquery.com |
81 KB |
1 |
davidmachinerygroup.com
1 redirects
davidmachinerygroup.com |
218 B |
13 | 3 |
Domain | Requested by | |
---|---|---|
12 | cecafaonline.com |
cecafaonline.com
|
1 | code.jquery.com |
cecafaonline.com
|
1 | davidmachinerygroup.com | 1 redirects |
13 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cecafaonline.com Sectigo RSA Domain Validation Secure Server CA |
2020-11-26 - 2021-11-26 |
a year | crt.sh |
jquery.org Sectigo RSA Domain Validation Secure Server CA |
2020-10-06 - 2021-10-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cecafaonline.com/ca/agricolefrance/
Frame ID: FBAF972DBFBFEE8F2267DBA10850AFDB
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://davidmachinerygroup.com/model.php
HTTP 302
https://cecafaonline.com/ca/agricolefrance/ Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://davidmachinerygroup.com/model.php
HTTP 302
https://cecafaonline.com/ca/agricolefrance/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
cecafaonline.com/ca/agricolefrance/ Redirect Chain
|
23 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlib-part.min.d47449a234bc4b4c909a1f229a23a136.css
cecafaonline.com/ca/agricolefrance/etc/designs/ca/npc/ |
1 MB 311 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlibStoreLocatorT33Part.min.f72730de703c2d266b7fde791cfa1701.css
cecafaonline.com/ca/agricolefrance/etc/designs/ca/npc/ |
16 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlibStoreLocatorT34Part.min.d6f5a64818501f04345746b0e2618b09.css
cecafaonline.com/ca/agricolefrance/etc/designs/ca/npc/ |
20 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlibBoutonVertPart.min.d41d8cd98f00b204e9800998ecf8427e.css
cecafaonline.com/ca/agricolefrance/etc/designs/ca/npc/ |
126 B 183 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
npc.css
cecafaonline.com/ca/agricolefrance/etc/designs/ca/ |
65 B 152 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
cecafaonline.com/ca/agricolefrance/ |
29 KB 29 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.js
code.jquery.com/ |
274 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg.jpg
cecafaonline.com/ca/agricolefrance/img/ |
97 KB 98 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
npcicons.woff2
cecafaonline.com/ca/agricolefrance/etc/designs/ca/npc/clientlib-resources/fonts/npcicons/ |
28 KB 28 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-Semibold.woff2
cecafaonline.com/ca/agricolefrance/etc/designs/ca/npc/clientlib-resources/fonts/opensans/ |
60 KB 61 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-Bold.woff2
cecafaonline.com/ca/agricolefrance/etc/designs/ca/npc/clientlib-resources/fonts/opensans/ |
60 KB 60 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-Regular.woff2
cecafaonline.com/ca/agricolefrance/etc/designs/ca/npc/clientlib-resources/fonts/opensans/ |
58 KB 59 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Credit Agricole (Banking)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery boolean| isshow0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cecafaonline.com
code.jquery.com
davidmachinerygroup.com
2001:4de0:ac19::1:b:1b
207.174.213.93
207.174.214.139
1743e231c64b15f6a1a1f1b27709bdad707f31c2a1bf0dafb96c436b13a1833d
3d4fa9831c884b27ffdec69d695b8825dfb1db9d4b7fe9239f0dd292416f5c59
516b533f35fd31de9fbd049d12e81b64e3e193ae336ac5d97c5daa231bc19fa8
51f0bacf9e49a400a5a2947ef6b14127ef3241b0760d97721e0aedd7add66456
5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55
7ea0b4e54c37dd905880465555342c30ec1b0c2a741d2d5ca16c033c1566754c
9c4e734217f5e99191b4a74930a3d1c20fbbd82c5f5f3fb6d910867c2bd064ce
af884a315bcd9416a98878e5f5359273033633ab837e9316938827a62124ab8d
b8dfef32142bfb01be95f98c5b2b4f9e387db96bfb6638a6488353d0ab867dd9
be9c2e6f4c408e6a26c48e614bd8dc0600ed393839c07cdc7c1d6142d4fe3bed
bfc677b38005de15554d5c097efa3611424a38887e22eac860736813274c82c6
d90fd15b1195709c30038dc52c6836fe9804a48d419134a4f19a3b9856007a8f
f4c4a3e3425f675b29e4ef93cee4d932f4e16829eb9d1a1e3007c817e5c21c30