credit-agricole-pmcpci.vigitrust.com
Open in
urlscan Pro
5.9.162.132
Malicious Activity!
Public Scan
Effective URL: https://credit-agricole-pmcpci.vigitrust.com/cragri/login/index.php
Submission: On May 30 via manual from FR
Summary
TLS certificate: Issued by COMODO RSA Organization Validation Se... on September 14th 2017. Valid for: 2 years.
This is the only time credit-agricole-pmcpci.vigitrust.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Credit Agricole (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.231.146.66 67.231.146.66 | 26211 (PROOFPOIN...) (PROOFPOINT-ASN-US-WEST - Proofpoint) | |
1 17 | 5.9.162.132 5.9.162.132 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 172.217.18.170 172.217.18.170 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 172.217.18.163 172.217.18.163 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
19 | 3 |
ASN26211 (PROOFPOINT-ASN-US-WEST - Proofpoint, Inc., US)
PTR: urldefense.proofpoint.com
urldefense.proofpoint.com |
ASN24940 (HETZNER-AS, DE)
PTR: static.132.162.9.5.clients.your-server.de
credit-agricole-pmcpci.vigitrust.com |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s29-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s29-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
vigitrust.com
1 redirects
credit-agricole-pmcpci.vigitrust.com |
478 KB |
2 |
gstatic.com
fonts.gstatic.com |
77 KB |
1 |
googleapis.com
fonts.googleapis.com |
349 B |
1 |
proofpoint.com
1 redirects
urldefense.proofpoint.com |
166 B |
19 | 4 |
Domain | Requested by | |
---|---|---|
17 | credit-agricole-pmcpci.vigitrust.com |
1 redirects
credit-agricole-pmcpci.vigitrust.com
|
2 | fonts.gstatic.com |
credit-agricole-pmcpci.vigitrust.com
|
1 | fonts.googleapis.com |
credit-agricole-pmcpci.vigitrust.com
|
1 | urldefense.proofpoint.com | 1 redirects |
19 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
download.moodle.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.vigitrust.com COMODO RSA Organization Validation Secure Server CA |
2017-09-14 - 2019-09-16 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://credit-agricole-pmcpci.vigitrust.com/cragri/login/index.php
Frame ID: B628C5F6BCA9995865C1210B5049F6AD
Requests: 19 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://urldefense.proofpoint.com/v2/url?u=https-3A__credit-2Dagricole-2Dpmcpci.vigitrust.com_cragri_&d=DwMGaQ...
HTTP 302
https://credit-agricole-pmcpci.vigitrust.com/cragri/ HTTP 303
https://credit-agricole-pmcpci.vigitrust.com/cragri/login/index.php Page URL
Detected technologies
Moodle (LMS) ExpandDetected patterns
- meta keywords /^moodle/i
PHP (Programming Languages) Expand
Detected patterns
- headers server /php\/?([\d.]+)?/i
- meta keywords /^moodle/i
Windows Server (Operating Systems) Expand
Detected patterns
- headers server /Win32|Win64/i
OpenSSL (Web Server Extensions) Expand
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
RequireJS (JavaScript Frameworks) Expand
Detected patterns
- env /^requirejs$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Get the mobile app
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://urldefense.proofpoint.com/v2/url?u=https-3A__credit-2Dagricole-2Dpmcpci.vigitrust.com_cragri_&d=DwMGaQ&c=Lsth-TOFRr_8fiQHrMDiw7UdOUxHPWHg_5YUsyXasZc&r=zKGLW7MFyFF1Q3jk4GbKhELachuDCntBaNSSpmL9lPE&m=OugLIAeHBM1t12de1oQjSIVjluVhjqQOh16Le3T41ME&s=QwuEle11Id2UVXjbTSk2rfg0SkBIKZJgxgbUvS7rvCk&e=
HTTP 302
https://credit-agricole-pmcpci.vigitrust.com/cragri/ HTTP 303
https://credit-agricole-pmcpci.vigitrust.com/cragri/login/index.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.php
credit-agricole-pmcpci.vigitrust.com/cragri/login/ Redirect Chain
|
32 KB 33 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yui_combo.php
credit-agricole-pmcpci.vigitrust.com/cragri/theme/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
all
credit-agricole-pmcpci.vigitrust.com/cragri/theme/styles.php/essential/1516017055_1/ |
836 KB 139 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
css
fonts.googleapis.com/ |
451 B 349 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yui_combo.php
credit-agricole-pmcpci.vigitrust.com/cragri/theme/ |
276 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
javascript-static.js
credit-agricole-pmcpci.vigitrust.com/cragri/lib/javascript.php/1516016919/lib/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
CA-2lines-h-rvb.png
credit-agricole-pmcpci.vigitrust.com/cragri/pluginfile.php/1/theme_essential/logo/1516017055/ |
21 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
help
credit-agricole-pmcpci.vigitrust.com/cragri/theme/image.php/essential/core/1516017055/ |
693 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
require.min.js
credit-agricole-pmcpci.vigitrust.com/cragri/lib/javascript.php/1516016919/lib/requirejs/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer
credit-agricole-pmcpci.vigitrust.com/cragri/theme/javascript.php/essential/1516017055/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jizaRExUiTo99u79D0KEwA.ttf
fonts.gstatic.com/s/ptsans/v9/ |
94 KB 58 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header
credit-agricole-pmcpci.vigitrust.com/cragri/theme/image.php/essential/theme/1516017055/bg/ |
470 B 994 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
TK3iWkUHHAIjg752GT8D.ttf
fonts.gstatic.com/s/oswald/v16/ |
32 KB 19 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yui_combo.php
credit-agricole-pmcpci.vigitrust.com/cragri/theme/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
first.js
credit-agricole-pmcpci.vigitrust.com/cragri/lib/requirejs.php/1516016919/core/ |
570 KB 138 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yui_combo.php
credit-agricole-pmcpci.vigitrust.com/cragri/theme/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yui_combo.php
credit-agricole-pmcpci.vigitrust.com/cragri/theme/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.2.1.min.js
credit-agricole-pmcpci.vigitrust.com/cragri/lib/javascript.php/1516016919/lib/jquery/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yui_combo.php
credit-agricole-pmcpci.vigitrust.com/cragri/theme/ |
16 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Credit Agricole (Banking)35 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| M function| yui1ConfigFn function| yui2ConfigFn object| YUI_config function| YUI object| Y function| checkall function| checknone function| select_all_in_element_with_id function| select_all_in function| deselect_all_in function| confirm_if function| findParentNode function| unmaskPassword function| filterByParent function| fix_column_widths function| fix_column_width function| insertAtCursor function| increment_filename function| right_to_left function| openpopup function| close_window function| focuscontrol function| old_onload_focus function| build_querystring function| build_windowoptionsstring function| convert_object_to_string function| stripHTML function| updateProgressBar function| require function| requirejs function| define function| customise_dock_for_theme function| $ function| jQuery2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
credit-agricole-pmcpci.vigitrust.com/cragri/ | Name: MoodleSession Value: e39dj0nek06lfcl9ucsn97kb91 |
|
credit-agricole-pmcpci.vigitrust.com/cragri/login | Name: loglevel Value: WARN |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | sameorigin |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
credit-agricole-pmcpci.vigitrust.com
fonts.googleapis.com
fonts.gstatic.com
urldefense.proofpoint.com
172.217.18.163
172.217.18.170
5.9.162.132
67.231.146.66
13eaaadfa414f262b7964320054bb2b322b9ef9f3522bc25c9d60dc83b5141cf
15599ce9cc209d7355f3a1b52ea93602e96ceb861fbf5bf81176fa4af1c41bc3
23754eaeadb09d272d12ccacaf0c4bdfae5b01776b04fb8d174f766a2bd31c3a
2d15854a9034f30687ed47fcbb8b4a035d149657892138bbbed1967fbc8cad21
391426c6b13d077eeb75cf35cf707b52c3ee31e6661b2d523dcf22f108083ada
39d4709523364a8f0b54ba67cbebf01b0ee823eda2f8b9cad0871a3a890828b8
4b9f572393f50aa7fd63ba6ac5d3b39c1a4ee71e27766757a76821418c040650
4d8b560b0de451450b378976aadf95623e77714bfdcddf7a4602332d2c98d394
6f2ebd98878c17d0a815886c92f27bb986b83b2681ab243a1c3b97c0cbe655a7
71e82cfc66dd6ab24bea7a8c09a4d7e710c4323ab354f1b3c8a43ce76cf2e343
79a3f957ea95b5da406604108a36354d2a3e9b44eff5f4f8471d0ad605c2647f
7a8ae764c93823acfd4524ba77b426303c51fd8a4998d9d8485a35ee43717e96
a8ab4ee5168786ae30470928d5848867bd2774b4b1ea5de13291395328ba35db
a9139333e691280dc8aae068afc0ac6da3e8e1f8085392f0fbfc1de0e8a6ca63
b2dd4606646500a413457bfd81ca019c4552ecbef998609bf85f7591c8377003
b3fa79533b0772136e92e6877f31e979e68b4be7b81500c8bce38b67fa71257c
c4cc4d14d94d940a82ceb24dc9c9ae9d4573a436e1369db31f2d9c2b1546fe18
cab42aa7092c9d449ea6cc947267d1fdee61a3856ac8842fce69c7e37a600bd3
ed3b51f6240250bb0427957fc3fa326a1a1140acbc31d8f162a568346b8366da