connect.navigo.fr
Open in
urlscan Pro
45.223.137.7
Malicious Activity!
Public Scan
URL:
https://connect.navigo.fr/auth/realms/connect/protocol/openid-connect/auth?client_id=account&redirect_uri=https%3A%2F%2Fco...
Submission: On December 16 via api from US — Scanned from US
Submission: On December 16 via api from US — Scanned from US
Summary
This website contacted 1 IPs
in 1 countries
across 1 domains to perform 11 HTTP transactions.
The main IP is 45.223.137.7, located in
United States and
belongs to INCAPSULA, US.
The main domain is connect.navigo.fr.
TLS certificate: Issued by QuoVadis Global SSL ICA G3 on January 23rd 2023. Valid for: a year.
This is the only time connect.navigo.fr was scanned on urlscan.io!
TLS certificate: Issued by QuoVadis Global SSL ICA G3 on January 23rd 2023. Valid for: a year.
This is the only time connect.navigo.fr was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Île-de-France Mobilités (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 11 | 45.223.137.7 45.223.137.7 | 19551 (INCAPSULA) (INCAPSULA) | |
| 11 | 1 |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 11 |
navigo.fr
connect.navigo.fr |
145 KB |
| 11 | 1 |
| Domain | Requested by | |
|---|---|---|
| 11 | connect.navigo.fr |
connect.navigo.fr
|
| 11 | 1 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.iledefrance-mobilites.fr |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| connect.navigo.fr QuoVadis Global SSL ICA G3 |
2023-01-23 - 2024-01-23 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://connect.navigo.fr/auth/realms/connect/protocol/openid-connect/auth?client_id=account&redirect_uri=https%3A%2F%2Fconnect.navigo.fr%2Fauth%2Frealms%2Fconnect%2Faccount%2Flogin-redirect&state=0%2Fb6a3a4fa-7ce2-46f7-8f79-e79759a7c2cf&response_type=code&scope=openid
Frame ID: 82D961B5BB5A0AF805F0702B2B814D56
Requests: 11 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
URL: https://www.iledefrance-mobilites.fr/aide-et-contacts/navigo-connect/je-narrive-pas-a-me-connecter
Title: I am unable to log in
Title: I am unable to log in
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
auth
connect.navigo.fr/auth/realms/connect/protocol/openid-connect/ |
6 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.min-2.5.11.css
connect.navigo.fr/auth/resources/r4v0g/login/navigo-connect/css/ |
22 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
illu1-login.svg
connect.navigo.fr/auth/resources/r4v0g/login/navigo-connect/img/ |
49 KB 21 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
script.min-2.5.11.js
connect.navigo.fr/auth/resources/r4v0g/login/navigo-connect/js/ |
84 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
_Incapsula_Resource
connect.navigo.fr/ |
146 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ic-select-close.svg
connect.navigo.fr/auth/resources/r4v0g/login/navigo-connect/img/ |
619 B 825 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Logo_IDFM-H.svg
connect.navigo.fr/auth/resources/r4v0g/login/navigo-connect/img/ |
21 KB 9 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ic-blank.svg
connect.navigo.fr/auth/resources/r4v0g/login/navigo-connect/img/ |
319 B 594 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
raleway-regular-webfont.woff2
connect.navigo.fr/auth/resources/r4v0g/login/navigo-connect/css/ |
24 KB 25 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
raleway-bold-webfont.woff2
connect.navigo.fr/auth/resources/r4v0g/login/navigo-connect/css/ |
24 KB 25 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
_Incapsula_Resource
connect.navigo.fr/ |
1 B 196 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Île-de-France Mobilités (Transportation)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture string| pathname object| language_links boolean| selector_open function| validateEmail function| validatePassword function| validateBirthDate function| validateBirthdateRegex function| getYear function| switchButtonClassName function| notEmpty function| setValidationCheck function| invalidStartOrEndCharacterValidator function| multipleCharacterValidator function| unauthorizedCharacterValidator function| characterReplacer function| $ function| jQuery8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| connect.navigo.fr/auth/realms/connect/ | Name: AUTH_SESSION_ID Value: ced7f000-be8d-40e4-8eb9-0549cb3bf10b.hsso74-79bbfd687d-5qfrj |
|
| connect.navigo.fr/auth/realms/connect/ | Name: AUTH_SESSION_ID_LEGACY Value: ced7f000-be8d-40e4-8eb9-0549cb3bf10b.hsso74-79bbfd687d-5qfrj |
|
| connect.navigo.fr/auth/realms/connect/ | Name: KC_RESTART Value: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJkYTY2OGU5Mi0yMDM2LTRjOWUtOTJjMC1hNmY0NjgzM2UwYzcifQ.eyJjaWQiOiJhY2NvdW50IiwicHR5Ijoib3BlbmlkLWNvbm5lY3QiLCJydXJpIjoiaHR0cHM6Ly9jb25uZWN0Lm5hdmlnby5mci9hdXRoL3JlYWxtcy9jb25uZWN0L2FjY291bnQvbG9naW4tcmVkaXJlY3QiLCJhY3QiOiJBVVRIRU5USUNBVEUiLCJub3RlcyI6eyJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHBzOi8vY29ubmVjdC5uYXZpZ28uZnIvYXV0aC9yZWFsbXMvY29ubmVjdCIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6Ly9jb25uZWN0Lm5hdmlnby5mci9hdXRoL3JlYWxtcy9jb25uZWN0L2FjY291bnQvbG9naW4tcmVkaXJlY3QiLCJzdGF0ZSI6IjAvYjZhM2E0ZmEtN2NlMi00NmY3LThmNzktZTc5NzU5YTdjMmNmIn19.8_IL52qRxiVj7687r2wjsKZ32PSTqE2e-viWu4zZX7s |
|
| connect.navigo.fr/ | Name: 02f782a4254e48b91ce125dd300b5218 Value: 5f3ffe139d101c8adece2c1264c3ca3b |
|
| .navigo.fr/ | Name: visid_incap_2734212 Value: a7HDNGBxTeeS7AGTPMHg+LfDfWUAAAAAQUIPAAAAAADaB/s2fw4lfzA0cXPQDEED |
|
| .navigo.fr/ | Name: incap_ses_160_2734212 Value: ZTMqXIFgx1Yxo/qWR284ArfDfWUAAAAAzjUahrKD2sqM5DS0o+ZiIA== |
|
| connect.navigo.fr/ | Name: ___utmvc Value: Q/VBXTb1R1J5RDTL/Ym8LPIUENpPQCvQ3laVv7y6pre8EGmyyoO9IRtyGGe6qG5aMiLSHBB45w9ofEVu0ehiyUJHPEhjkyFmuhR05a4HmVyVp3bL3ljqQ6hUKHaYhnwS5Xinfbpw8JRloF90vwj0bW3iJivA4VRt5tvZtG+dZ8bexVoVOEzWdTtzwIwn7u6wpKyxrT/OuneTrh6hvJeBVhJCl5px+865Wct50mWhjK5HzFFKOFrotqRiT6scDM1ZCtbOZ3m4QDWs/B3ViirDT6ibgnMShj2trLAr/TmPhTTMWK1qiE/j8rd/83dAJYZilAiC8IlApObN57U1KwVXBKUxjD2QtcNgeWY8aqq/PPSDoTLJ1iu+f0d7FTdpfhXDuwQAK0p+9eNPwuhqogTvefZTKsWK2KVZSfilYG7tp2sUMSaSbRRjOY2unFXD9oMZMMb75OaDxN4rUTvrktVBE1cqa6Y4ha6qJTkLlS6NpQbZ2A5m9fuE7aHnwx3ecbpPlRSCnQvPKqvsOQ4m7YcZmIRZ7H8jGizpK3ybKkZcdo6QnJ0EP9H+GOXqz0vx+VA09FzBaXeLV7ido8jQGYyWSFW39Hhpplj8zuJb7EaRR0cZzWYfDyN4H2TBVWUgDBU3ciXV+Ik+NvsWrojJPQt8BkR1UPnFNoCEcubGKEkdwNlVogwmhNdk8wzmv/HxEkCGhZIj5PiE8h+cnch0ZteqwgVdqCPCaYEF1FVpubtyHru71NgyoTb0hooVx/wGjeEU939h99HxV8fSBa/dFHaBSJbD3/EkvNowovbkHiu9jJCmf4r8n9oBZe3jNRQoIwrJSYuecqfF4XIo/Ke2KqjI7dxUcrYNp3YB73y4FTR/sU9MfioTM0ngFnFtSAdU6MDruKGZJMhsqtDtnM+qi9mCDYWtLY5JQNw5VSvkpjIxbjmnJ1fGs92zzUbKTxfePU3+q95uyZ5sZ4pHxk1lyBwuYCH4q+xGVSLaA3dWdRHj9Em4Q2RhR+jr5A8cDaJogkiKr0r04x/TaDWZLe3ZNSkgxQ7a2wYCfaJNNklktPmtTHFFav4CohUcgvH8FSJ7c2q1j1a3/yIKSSOoMWaaOcRJfIzvSOg+/Ufx/t527hH/AsQkHpfnfiP161Qrsqi+KEe7lrasTW0nSWt+n1DDxCGpR8ha1pQn6RH4kwf2DqKBmi7fKhuNf8FZJiF0nhcvmh7iRwCN54TViLk1eDODJESXfrUWmnAzwwGp3LO3mtYz3pRHH1J+2R5E2sBlwnDSFK4Yuo46KHnp27c85IKUSaqkQHh+WwywutkepCgJQbEz9mvkVzm+35XRZAqvslpy/nGZcuNL89u86ATrLqF8/YHsjXUAhptdBqR7NtDMKrOqa8To44CeruUj/W22FQbP9CdfgJiYlIJv+54KW8E1et4/va7JgLa4M/OSPR7ngvtnptwnzZ1HcUsxR6gLeZD6qcG70z7k/dX3GC4AIsq3969Qz7WXalSbN7nfC8p3LDXhaSgoUCwD7Ur7XOpSZSB3qT9k7fg3bGXzk+ELTpLK0rRRPFOFCgv9RiT5TJCvOgVwyV5cLVuf3il5TlHhfArJ8bOjlGqxEOOM3KbuouZ1A2Kq/Y965RD3zi1yn2miMMRM6hCNGM+nkFcdj0LvkhOLyT50wCzajPWq5gQDxOgPYit7v4tHK5QFeGmp6FPF0DgCM856Hs3HHZ7Q48bSVdJNwVc/dPYpORYuvyzTr6bOb9tv4x40NWPjO1k7Us3LMRmAsM7Zem6jo+xkX5DVv3gnpIZg5bBT/+5zHe4CPN48hRLgpzQi3IprAE1fsdlESy/YU7DalI1FsbqCb5Zm+ErtSEwFxaSVcrmwTXOZUlwChgK8x2u6BV66UtAwqgQs1cVMRHmnI3EA1aFDFu6yPgaHBmBdElziKMyUekqNz8wh5G3tURp5yIVjFhAYIPS87PuEZSfaJHFKmsVDswKNXGkkMrQtkj3IcB0cAUoDNyloy593pE7/zqJvPlFMMywM+MBp8Jc98wytbwVxI906MX+mwMIsMBr58APNAG8RsjH5BbTGY5Hgjo3kjbGNvS5dwiUi4m3UwLTSucbiFpLFQ4fTa9rG3a1CcryYgRSfOxVcYh2caCbepJ2/7k4sKkmA68xeIIVSkTAdryCAeCjZc+qVKJul1BZy6iZcQwSvCYk70Czat/MfyWlkjyY0+2BCkEEGQaDqpOqtaJJEfPblXGT+8kwAje7LCzNumP0C/0b4+eGH8FzPtbFeJxRsDjMu9gwfedjhKwcUz5SUQjAsXYR3StrdJgiYQAsV3bEIdR266A3rhsGDG8JOGmLSMCeNvgmQeCixUj675++OieUVttihKsCCJos4PuiYyQA6R3cGh/+Ac+dyYa9vGMq0RPEtGILLSCzufalJStfm51i5f5519fJy+QIg1woaxyMkDKFjdXfoQRaN6zc8lTMJBKDHs1wnwDaH6iTK7zDuyMHR6bOIT5LhzQujq22Od3DUpTUya52SzuqTiDREd1Eobc6LlsfkvgqgPAhUhXBfLvbG/o1dIue7L1n1LjX2R6vcgY2tiU+J8aMQ9I+E4NSqlG0rUjvdB43635oeMUsuLlhCzHjjBSM0idsyG6FEiz0CS/pMGfq2slxEIcT3FDgerl0c8UVbA3ze6EADUb+VNn4VWi3V+MJT8vpsMJRLqEJVAWZXlecR5HjhWfSC5MXQ0lT/AFLwibj2uIDc2nbdHXovW+cQTaagqQjUZXB0hYhypdoQPGEgxMf344qdqdpa5P3XlZYI2OCRvXdVUXaAs0b94a9NYGmAxdLILGRpZ2VzdD0xOTMyOTAsMTkzMzA0LHM9OTU3Yzk3YTk4NDdjOTI2NjZkOWM5ZWE4OTk5MjljNjY2NjllNzc3Y2FiYWM2OTdhYWE2NjdkYTM2NDljN2Y3NjgzOTY2OTgyOTQ3MTcxNmU= |
|
| .navigo.fr/ | Name: incap_ses_8074_2734212 Value: q0v0YYDVfQxXwx5eLZ0McLjDfWUAAAAAuhlda80KUuKfeHwVIG+/Qg== |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Content-Security-Policy | frame-src 'self' https://www.google.com |
| Strict-Transport-Security | max-age=31536000; includeSubDomains |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | ALLOW-FROM https://www.google.com |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
connect.navigo.fr
45.223.137.7
138d39d1c6d9c83aa408fc718a336ba5f8e93148c5c47ab8576700fa152a9743
3306d62cb82c5264475ac8d0d25d755cb4549741f4c60cb54b67a01293e2a5ad
3c331d900a86d66e48c7b87c297765396434dc2b3f5251ca73e97af6006d84ef
4f11141e8511d01d10ec5f6a194f28d978e379ec5632e837c2277c982ddbf2b5
72882ea04072d7c05e5dcc43f1169de998e0e500035871dcee6f893aac71ecba
7789412758110a071ec11cae242e7a5a3fe50c84601969d752cbc8eb1535609e
7cfa80248f935afc5ce6348283fbddbe1c7545378dc38ebfedfc1e723f28a873
b8067539e1af25261b5bd58ebb9ed256a3ca9ae3ab86563926a9e912733835a9
dea38cd98f57867f2fdd47dd9a755623f0b7b29516c7273c0c281e61fb8b87fe
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fb5ccb94c515624a0aca852e6f68ae3eb5a2aad7a6ca467876086db965f93049