urlscan.io logo urlscan.io
SecurityTrails logo

votre-dossier-client.connaisicliks.com Open in urlscan Pro
94.76.228.135  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://sub.acesonlines.com/
Effective URL: https://votre-dossier-client.connaisicliks.com/
Submission: On August 25 via manual from FR — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 4 domains to perform 8 HTTP transactions. The main IP is 94.76.228.135, located in United Kingdom and belongs to SIMPLYTRANSIT, GB. The main domain is votre-dossier-client.connaisicliks.com.
TLS certificate: Issued by R3 on August 10th 2022. Valid for: 3 months.
This is the only time votre-dossier-client.connaisicliks.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious2 votes Show Verdicts

Domain & IP information

IP Address AS Autonomous System
1 109.206.241.35 211252 (AS_DELIS)
1 2001:8d8:100f... 8560 (IONOS-AS ...)
3 94.76.228.135 29550 (SIMPLYTRA...)
3 158.191.150.242 9159 (Credit Ag...)
8 5
Domain Requested by
3 images-courriel.credit-agricole.fr votre-dossier-client.connaisicliks.com
3 votre-dossier-client.connaisicliks.com expressentruempelung.de
votre-dossier-client.connaisicliks.com
1 expressentruempelung.de sub.acesonlines.com
1 sub.acesonlines.com
8 4

This site contains links to these domains. Also see Links.

Domain
emailing-pros-b6715d.ingress-daribow.ewp.live
desabo.ca-technologies.credit-agricole.fr
Subject Issuer Validity Valid
sub.acesonlines.com
R3		 2022-08-23 -
2022-11-21		 3 months crt.sh
*.expressentruempelung.de
Encryption Everywhere DV TLS CA - G1		 2021-09-17 -
2022-09-30		 a year crt.sh
votre-dossier-client.connaisicliks.com
R3		 2022-08-10 -
2022-11-08		 3 months crt.sh
images-courriel.credit-agricole.fr
Sectigo RSA Organization Validation Secure Server CA		 2022-01-31 -
2023-01-31		 a year crt.sh

This page contains 1 frames:

Primary Page: https://votre-dossier-client.connaisicliks.com/
Frame ID: C661639D24FD6E12B175177B6B463227
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://sub.acesonlines.com/ Page URL
  2. https://expressentruempelung.de/jumber/nedos/nit.html Page URL
  3. https://votre-dossier-client.connaisicliks.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

8
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

5
IPs

4
Countries

23 kB
Transfer

33 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://sub.acesonlines.com/ Page URL
  2. https://expressentruempelung.de/jumber/nedos/nit.html Page URL
  3. https://votre-dossier-client.connaisicliks.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
sub.acesonlines.com/ 		264 B
295 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sub.acesonlines.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
109.206.241.35 Ashburn, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
br
content-type
text/html
date
Thu, 25 Aug 2022 06:49:02 GMT
etag
W/"108-5e6e07c1a84b8"
last-modified
Tue, 23 Aug 2022 03:51:52 GMT
server
nginx
x-accel-version
0.01
x-powered-by
PleskLin
nit.html
expressentruempelung.de/jumber/nedos/ 		250 B
325 B 		Document
General
Check archive.org
Download Go to
Full URL
https://expressentruempelung.de/jumber/nedos/nit.html
Requested by
Host: sub.acesonlines.com
URL: https://sub.acesonlines.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::2c9 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Referer
https://sub.acesonlines.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
gzip
content-type
text/html
date
Thu, 25 Aug 2022 06:49:02 GMT
etag
W/"fa-5d175d95294c0"
last-modified
Tue, 23 Nov 2021 14:49:31 GMT
server
Apache
Primary Request /
votre-dossier-client.connaisicliks.com/ 		15 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://votre-dossier-client.connaisicliks.com/
Requested by
Host: expressentruempelung.de
URL: https://expressentruempelung.de/jumber/nedos/nit.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
94.76.228.135 , United Kingdom, ASN29550 (SIMPLYTRANSIT, GB),
Reverse DNS
94-76-228-135.static.as29550.net
Software
nginx / PleskLin
Resource Hash
555947c92d03455ddabb88000c57e227bd070d3b0919d0c62ca51b5328d17c7e

Request headers

Referer
https://expressentruempelung.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
br
content-type
text/html
date
Thu, 25 Aug 2022 06:49:02 GMT
etag
W/"63044ea6-3d66"
last-modified
Tue, 23 Aug 2022 03:51:02 GMT
server
nginx
x-powered-by
PleskLin
px.gif
votre-dossier-client.connaisicliks.com/Mise%20%C3%A0%20jour%20de%20votre%20dossier%20client_files/ 		247 B
247 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://votre-dossier-client.connaisicliks.com/Mise%20%C3%A0%20jour%20de%20votre%20dossier%20client_files/px.gif
Requested by
Host: votre-dossier-client.connaisicliks.com
URL: https://votre-dossier-client.connaisicliks.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
94.76.228.135 , United Kingdom, ASN29550 (SIMPLYTRANSIT, GB),
Reverse DNS
94-76-228-135.static.as29550.net
Software
nginx /
Resource Hash
9927b7a6696ce69c6ed7c83e61b985c08d0a873ee3254aaaecaec312f622d70d

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://votre-dossier-client.connaisicliks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 25 Aug 2022 06:49:02 GMT
content-encoding
br
server
nginx
content-type
text/html; charset=iso-8859-1
12FEF16B6096B6635365CAA0EF0275ABA43A0678.jpg
images-courriel.credit-agricole.fr/IMG/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images-courriel.credit-agricole.fr/IMG/12FEF16B6096B6635365CAA0EF0275ABA43A0678.jpg
Requested by
Host: votre-dossier-client.connaisicliks.com
URL: https://votre-dossier-client.connaisicliks.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.191.150.242 , France, ASN9159 (Credit Agricole, FR),
Reverse DNS
Software
Apache /
Resource Hash
93ba615562b9c8502407573b8a5f49e6717926a45d39e2e713aea6218308deaf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://votre-dossier-client.connaisicliks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 25 Aug 2022 06:49:02 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Aug 2022 06:08:29 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
no-store
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
2866
25FEFD4F2E724D5BC58CDF38813308CA71CD3527.jpg
images-courriel.credit-agricole.fr/IMG/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images-courriel.credit-agricole.fr/IMG/25FEFD4F2E724D5BC58CDF38813308CA71CD3527.jpg
Requested by
Host: votre-dossier-client.connaisicliks.com
URL: https://votre-dossier-client.connaisicliks.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.191.150.242 , France, ASN9159 (Credit Agricole, FR),
Reverse DNS
Software
Apache /
Resource Hash
953b1867e40b5431827a748f825820d1ffa3972617d7c4116711fde33aa51d2f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://votre-dossier-client.connaisicliks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 25 Aug 2022 06:49:02 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Aug 2022 06:08:29 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
no-store
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1681
separateur_un.gif
votre-dossier-client.connaisicliks.com/Mise%20%C3%A0%20jour%20de%20votre%20dossier%20client_files/ 		258 B
258 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://votre-dossier-client.connaisicliks.com/Mise%20%C3%A0%20jour%20de%20votre%20dossier%20client_files/separateur_un.gif
Requested by
Host: votre-dossier-client.connaisicliks.com
URL: https://votre-dossier-client.connaisicliks.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
94.76.228.135 , United Kingdom, ASN29550 (SIMPLYTRANSIT, GB),
Reverse DNS
94-76-228-135.static.as29550.net
Software
nginx /
Resource Hash
881c3d977e55a6da40171c2b9cf88a62b454ed94869a00f215e84f002d0342f1

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://votre-dossier-client.connaisicliks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 25 Aug 2022 06:49:02 GMT
content-encoding
br
server
nginx
content-type
text/html; charset=iso-8859-1
C3C722E197F3A834630A62C19983B6F65C7856C9.jpg
images-courriel.credit-agricole.fr/IMG/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images-courriel.credit-agricole.fr/IMG/C3C722E197F3A834630A62C19983B6F65C7856C9.jpg
Requested by
Host: votre-dossier-client.connaisicliks.com
URL: https://votre-dossier-client.connaisicliks.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.191.150.242 , France, ASN9159 (Credit Agricole, FR),
Reverse DNS
Software
Apache /
Resource Hash
5a0bed36c32ba4381dc48ef84fd811b0e2352cf95c617552d5b886e7fa10d87f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://votre-dossier-client.connaisicliks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 25 Aug 2022 06:49:02 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Aug 2022 06:08:29 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
no-store
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
11179
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3d294a62c653e2c9d73ce0bdda879c75374bd1d602da4c0df063eb79257e48e6

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on August 25th 2022, 6:49:48 am UTC — From France

Threats: Phishing
Brands: Credit Agricole FR
Comment: Phishing - Website is trying to steal user credentials

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

0 Cookies

2 Console Messages

Source Level URL
Text
network error URL: https://votre-dossier-client.connaisicliks.com/Mise%20%C3%A0%20jour%20de%20votre%20dossier%20client_files/px.gif
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://votre-dossier-client.connaisicliks.com/Mise%20%C3%A0%20jour%20de%20votre%20dossier%20client_files/separateur_un.gif
Message:
Failed to load resource: the server responded with a status of 404 ()