www.vedecom.fr
Open in
urlscan Pro
2001:4b98:dc0:950::152
Malicious Activity!
Public Scan
Effective URL: https://www.vedecom.fr/en/home/cpa-bill.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLa...
Submission: On May 07 via manual from US — Scanned from FR
Summary
TLS certificate: Issued by Gandi Standard SSL CA 2 on January 22nd 2023. Valid for: a year.
This is the only time www.vedecom.fr was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Canada Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 5 | 2001:4b98:dc0... 2001:4b98:dc0:950::152 | 29169 (GANDI-AS ...) (GANDI-AS Domain name registrar - www.gandi.net) | |
4 | 2 |
ASN29169 (GANDI-AS Domain name registrar - www.gandi.net, FR)
www.vedecom.fr |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
vedecom.fr
1 redirects
www.vedecom.fr |
419 KB |
4 | 1 |
Domain | Requested by | |
---|---|---|
5 | www.vedecom.fr |
1 redirects
www.vedecom.fr
|
4 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.vedecom.fr Gandi Standard SSL CA 2 |
2023-01-22 - 2024-02-21 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.vedecom.fr/en/home/cpa-bill.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMy4wLjU2NzIuNjMgU2FmYXJpLzUzNy4zNjIwMDE6NDFkMDo4OmQxNTQ6OjYyMDIzOk1heTpTdW4=
Frame ID: A565E1A6EF3EC764E3470F6412DB564E
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
Canada PostCartCartFacebookTwitterInstagramLinkedinYouTubeFacebookTwitterInstagramLinkedinYouTubeFacebookTwitterInstagramLinkedinYouTubePage URL History Show full URLs
-
https://www.vedecom.fr/en/home/
HTTP 302
https://www.vedecom.fr/en/home/cpa-bill.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7I... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.vedecom.fr/en/home/
HTTP 302
https://www.vedecom.fr/en/home/cpa-bill.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMy4wLjU2NzIuNjMgU2FmYXJpLzUzNy4zNjIwMDE6NDFkMDo4OmQxNTQ6OjYyMDIzOk1heTpTdW4= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
cpa-bill.php
www.vedecom.fr/en/home/ Redirect Chain
|
652 KB 338 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
12 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
938 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
320 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
185 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
907 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
56 KB 56 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1007 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
817 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
www.vedecom.fr/en/home/cpa_files/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
imask.min.js
www.vedecom.fr/en/home/cpa_files/ |
45 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
infos.js
www.vedecom.fr/en/home/cpa_files/ |
95 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
219 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
724 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Canada Post (Transportation)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery object| __core-js_shared__ object| core function| IMask1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.vedecom.fr/ | Name: PHPSESSID Value: v2gtm72smmmm6vbf9iuh61d6jk |
15 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.vedecom.fr
2001:4b98:dc0:950::152
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
1287b4c6427119cabf899a5ea898f81e831a2742614813a3302f671690b399c2
1b266a185acb1c67f8d1d57635b734d62eb846558ee128d5f80dcc98d2a476e5
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
31d6c83c556571fbd4cbac36e0319c9d9b9d275fbe6c8156ce39bb4e878193f4
3228f4cd6fd28ef733c3d98079f3478b1c4cb3338dcd7b95658ba731b817e113
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
3712c17c27414c5a3981a0c1946d831001f5ad4e45b62577c08928c37f6ec8d4
3cec1a10482ab62ddd412f5f2711833fa88693526916e6119956d5041960dff3
6a50626ef34e5da6014662089f0775c6187d23e5c22379da71203848eac50ee3
8608c8e2dcc2a14b5b21503077bf54d62a215a013a4eb7b80b09099d201a445e
8b76b3502583edddf22df0b9c6ee640053a2cdfeaa113ceff3ea9b61d1f6410d
abf1f63a2886e67a68c108a433a64215a46d85737b37e6ad9b1cae1e38318917
acf56f4833ccd8789f66864deae46f9a6efb8625f15b9e5996a00e5634f094e1
d1f9fbf33db045a86af8a16f01659de9e5fbcce3199edb10a3ac4dc76155c4f9
e467e89a41e68909313eef448847f3446650158fb5d046295fea70fd7d776b87
e62e54914dbabecaaaa6b6ba4b605ec384be240d485555452e7e094a3c5d9b7c