pia-accademie.clients-cr-agri.pro
Open in
urlscan Pro
188.114.96.3
Malicious Activity!
Public Scan
Effective URL: https://pia-accademie.clients-cr-agri.pro/login.php?CTLoginErrorMsg=Identifiant%20ou%20mot%20de%20passe%20incorrect&CT_ORIG_URL=https%3A%2...
Submission: On June 28 via manual from FR — Scanned from FR
Summary
TLS certificate: Issued by WE1 on June 25th 2024. Valid for: 3 months.
This is the only time pia-accademie.clients-cr-agri.pro was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Community Verdicts: Malicious — 1 votes Show Verdicts
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 35.81.174.242 35.81.174.242 | 16509 (AMAZON-02) (AMAZON-02) | |
2 13 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 | 195.83.89.163 195.83.89.163 | 2200 (FR-RENATE...) (FR-RENATER Reseau National de telecommunications pour la Technologie) | |
1 | 195.83.89.99 195.83.89.99 | 2200 (FR-RENATE...) (FR-RENATER Reseau National de telecommunications pour la Technologie) | |
20 | 3 |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-81-174-242.us-west-2.compute.amazonaws.com
imsva91-ctp.trendmicro.com |
ASN13335 (CLOUDFLARENET, US)
pia-accademie.clients-cr-agri.pro |
ASN2200 (FR-RENATER Reseau National de telecommunications pour la Technologie, FR)
PTR: vip-163.ac-orleans-tours.fr
pia.ac-orleans-tours.fr |
ASN2200 (FR-RENATER Reseau National de telecommunications pour la Technologie, FR)
bv.ac-orleans-tours.fr |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
clients-cr-agri.pro
2 redirects
pia-accademie.clients-cr-agri.pro |
94 KB |
9 |
ac-orleans-tours.fr
pia.ac-orleans-tours.fr bv.ac-orleans-tours.fr |
121 KB |
1 |
trendmicro.com
1 redirects
imsva91-ctp.trendmicro.com |
133 B |
20 | 3 |
Domain | Requested by | |
---|---|---|
13 | pia-accademie.clients-cr-agri.pro |
2 redirects
pia-accademie.clients-cr-agri.pro
|
8 | pia.ac-orleans-tours.fr |
pia-accademie.clients-cr-agri.pro
pia.ac-orleans-tours.fr |
1 | bv.ac-orleans-tours.fr | |
1 | imsva91-ctp.trendmicro.com | 1 redirects |
20 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
clients-cr-agri.pro WE1 |
2024-06-25 - 2024-09-23 |
3 months | crt.sh |
extranet.ac-orleans-tours.fr GEANT OV RSA CA 4 |
2024-02-21 - 2025-02-20 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://pia-accademie.clients-cr-agri.pro/login.php?CTLoginErrorMsg=Identifiant%20ou%20mot%20de%20passe%20incorrect&CT_ORIG_URL=https%3A%2F%2Fpia.ac-orleans-tours.fr%3A443%2Fprotege%2F&ct_orig_uri=https%3A%2F%2Fpia.ac-orleans-tours.fr%3A443%2Fprotege%2F
Frame ID: F6BC72E3E0DDFD0BE553CCD37DD84AAA
Requests: 18 HTTP requests in this frame
Frame:
https://pia-accademie.clients-cr-agri.pro/cdn-cgi/challenge-platform/h/b/scripts/jsd/c7e29c8c8b6e/main.js
Frame ID: 23D62CCF03F7AD66E5B61C767D921042
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
AuthentificationPage URL History Show full URLs
-
https://imsva91-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fpia%2daccademie.clients%2dcr%2dagri...
HTTP 302
https://pia-accademie.clients-cr-agri.pro/ HTTP 302
https://pia-accademie.clients-cr-agri.pro/login.php?CTLoginErrorMsg=Identifiant%20ou%20mot%20de%20passe%20incorrect&CT... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://imsva91-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fpia%2daccademie.clients%2dcr%2dagri.pro&umid=EBDA1F5D-1BEC-1606-BD60-0D1A8C7ABFA5&auth=b2e75a85dac1d6c2329f45d980d65bc87d967b19-08a5f4147df75d10d53aa3a14e769997f69d72f7
HTTP 302
https://pia-accademie.clients-cr-agri.pro/ HTTP 302
https://pia-accademie.clients-cr-agri.pro/login.php?CTLoginErrorMsg=Identifiant%20ou%20mot%20de%20passe%20incorrect&CT_ORIG_URL=https%3A%2F%2Fpia.ac-orleans-tours.fr%3A443%2Fprotege%2F&ct_orig_uri=https%3A%2F%2Fpia.ac-orleans-tours.fr%3A443%2Fprotege%2F Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 16- https://pia-accademie.clients-cr-agri.pro/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://pia-accademie.clients-cr-agri.pro/cdn-cgi/challenge-platform/h/b/scripts/jsd/c7e29c8c8b6e/main.js
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
login.php
pia-accademie.clients-cr-agri.pro/ Redirect Chain
|
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
pia.ac-orleans-tours.fr/login/js/ |
2 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.12.0.min.js
pia.ac-orleans-tours.fr/login/js/ |
95 KB 95 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
pia.ac-orleans-tours.fr/login/style/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
responsive.css
pia.ac-orleans-tours.fr/login/style/ |
2 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bandeau_gauche_national.jpg
pia-accademie.clients-cr-agri.pro/login_files/ |
25 KB 26 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
portail_titre_accueil.gif
pia-accademie.clients-cr-agri.pro/login_files/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
portail_titre_accueil_2l.gif
pia-accademie.clients-cr-agri.pro/login_files/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
portail_titre2.gif
pia-accademie.clients-cr-agri.pro/login_files/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
authentification-enh.css
pia-accademie.clients-cr-agri.pro/flogin_files/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
apps-mire-pia-160x100.png
pia-accademie.clients-cr-agri.pro/login_files/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
apps-mire-sosidentifiant-160x100.png
pia-accademie.clients-cr-agri.pro/login_files/ |
22 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
apps-mire-accesbloque-160x100.png
pia-accademie.clients-cr-agri.pro/login_files/ |
22 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
check_adresse.js
pia.ac-orleans-tours.fr/fileadmin/ |
1 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
contour_bleu_vert_top_left.gif
pia.ac-orleans-tours.fr/login/images/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
contour_bleu_vert_bottom_right.gif
pia.ac-orleans-tours.fr/login/images/ |
932 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-eye-open.png
pia.ac-orleans-tours.fr/login/images/ |
350 B 698 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
pia-accademie.clients-cr-agri.pro/cdn-cgi/challenge-platform/h/b/scripts/jsd/c7e29c8c8b6e/ Frame 23D6 Redirect Chain
|
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
bv.ac-orleans-tours.fr/sos_identifiant/ |
11 KB 12 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
89aca18a2a259ef4
pia-accademie.clients-cr-agri.pro/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 23D6 |
0 700 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Malicious
page.domain
Submitted on
June 28th 2024, 9:27:54 am
UTC —
From France
Threats:
Phishing
Comment: Phishing site targeting French Education Administration
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 undefined| event object| fence object| sharedStorage function| getFocus function| startup function| isIE function| $ function| jQuery undefined| str1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.clients-cr-agri.pro/ | Name: cf_clearance Value: GmDmEDznxU6AM870oovum_29bz9i3fg.RmST8fDDHjI-1719566742-1.0.1.1-CHMwYRp4xppfNr4kmdOaCcD1mOoXfv2K1sc0Q47a69A3sBXaTg398HshBpLxEqo82xqJlppPpBZ_32fsOgaQnA |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bv.ac-orleans-tours.fr
imsva91-ctp.trendmicro.com
pia-accademie.clients-cr-agri.pro
pia.ac-orleans-tours.fr
188.114.96.3
195.83.89.163
195.83.89.99
35.81.174.242
09966d1a1a6a6e10d0b016ce71ad623aab78b78cf7c9bca140e72c4d60bc3e0b
0a69fbb4ccc6230aeb27572423f5f165af1e351d05aabeff1c0123cec77dfe34
294de875f49b66e79228470e78f8eb404021565fd467134223cd8f993cd75b1b
4772ee017340730161f1bb054a9e62f213ea64a5549961a73bdebe7719b45cbb
494dd2295cd4aec65f409c1ffb2dd16b927277db13e98054cce13c5a12ef0321
5b24b39536564664d3b3f8370c7f5eebdda366c5ea5ba7acee6a853e115fd4a7
5f1ab65fe2ad6b381a1ae036716475bf78c9b2e309528cf22170c1ddeefddcbf
6000a76a34b3aa8b167a704b416b2e41e604ca2f5fb629c5d6eab3907b07e8c4
63ae340679d5af35ec862cc7cc430135ddb8b194f702e5505292c70a63a46d83
7485e692663acb8c2933fdae3d022bc1984a1a0528e0feb259c3ef2febc87f73
755f96082971f9e4765197cce7de89ea43eaa0d930deeb470a8efaff282541f5
850e0414f841d0cf617aa9e383b55bda957e2f676e02eb4c3611633052c22e65
8c81b6cbb3ca90d967cf811099e7636d47bb122d2950ecfcb9e56f0713aeadeb
910b98e8ff825a7e4e242eef351f55bb64ca19232eb09c3f3d1dbf99669d03bd
a0e585b3324d091e9591fdfb631b2d81f69680a04c482e9d6b7d39e4eb6278cd
aea828876559677665a8115d6de8c58f009a7fa04c87e89fc0eeede67c31b159
da750e99cc4663d1b2b150d41c53598c8afa584a3d2ab0d45f8ba11777906b01
df1a98d6ee3b9578353f14046cccfdd676066bd87d793b766f634a185761802e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855