urlscan.io logo urlscan.io
SecurityTrails logo

crgis-crtes.is-leet.com Open in urlscan Pro
139.64.245.140  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://courrier-information.scrapping.cc/
Effective URL: https://crgis-crtes.is-leet.com/Accer.comptes.Credit.Agricole.fr/Client/dep.html
Submission: On December 30 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 5 HTTP transactions. The main IP is 139.64.245.140, located in Canada and belongs to DATACITY, CA. The main domain is crgis-crtes.is-leet.com.
TLS certificate: Issued by R10 on December 28th 2024. Valid for: 3 months.
This is the only time crgis-crtes.is-leet.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Credit Agricole (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 130.61.69.238 31898 (ORACLE-BM...)
1 162.159.140.229 13335 (CLOUDFLAR...)
4 139.64.245.140 31798 (DATACITY)
5 2
Apex Domain
Subdomains		 Transfer
4 is-leet.com
crgis-crtes.is-leet.com
1 MB
1 t.co
t.co — Cisco Umbrella Rank: 904
837 B
1 scrapping.cc
courrier-information.scrapping.cc
194 B
5 3
Domain Requested by
4 crgis-crtes.is-leet.com t.co
crgis-crtes.is-leet.com
1 t.co
1 courrier-information.scrapping.cc 1 redirects
5 3

This site contains no links.

Subject Issuer Validity Valid
t.co
E6		 2024-11-26 -
2025-02-24		 3 months crt.sh
crgis-crtes.is-leet.com
R10		 2024-12-28 -
2025-03-28		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://crgis-crtes.is-leet.com/Accer.comptes.Credit.Agricole.fr/Client/dep.html
Frame ID: FDB0AFE25B69FC301BC52ADF9CD3FD65
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Accès CR - Crédit Agricole

Page URL History Show full URLs

  1. http://courrier-information.scrapping.cc/ HTTP 307
    https://courrier-information.scrapping.cc/ HTTP 307
    http://courrier-information.scrapping.cc/ HTTP 302
    https://t.co/ru9YJXCzxm Page URL
  2. https://crgis-crtes.is-leet.com/Accer.comptes.Credit.Agricole.fr/Client/dep.html Page URL

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

1087 kB
Transfer

1092 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://courrier-information.scrapping.cc/ HTTP 307
    https://courrier-information.scrapping.cc/ HTTP 307
    http://courrier-information.scrapping.cc/ HTTP 302
    https://t.co/ru9YJXCzxm Page URL
  2. https://crgis-crtes.is-leet.com/Accer.comptes.Credit.Agricole.fr/Client/dep.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://courrier-information.scrapping.cc/ HTTP 307
  • https://courrier-information.scrapping.cc/ HTTP 307
  • http://courrier-information.scrapping.cc/ HTTP 302
  • https://t.co/ru9YJXCzxm

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
ru9YJXCzxm
t.co/
Redirect Chain
  • http://courrier-information.scrapping.cc/
  • https://courrier-information.scrapping.cc/
  • http://courrier-information.scrapping.cc/
  • https://t.co/ru9YJXCzxm
397 B
837 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/ru9YJXCzxm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.140.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare tsa_o /
Resource Hash
f92c9f82e90746f6a1c1395c9fd6ecafbad8df577a67fd45634de9fcdda6c09c
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
private,max-age=300
cf-cache-status
DYNAMIC
cf-ray
8fa2a926cb041c73-FRA
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 30 Dec 2024 14:18:43 GMT
expires
Mon, 30 Dec 2024 14:23:43 GMT
perf
7402827104
server
cloudflare tsa_o
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
b47043c359d1f671a4c72b8f8f419e56f5bfa6d4101dad8406b2db00063d1b68
x-response-time
108
x-transaction-id
af6e77d2fa39ab89
x-xss-protection
0

Redirect headers

Connection
keep-alive
Date
Mon, 30 Dec 2024 14:18:43 GMT
Location
https://t.co/ru9YJXCzxm
Transfer-Encoding
chunked
X-Request-ID
43f1df18819e1fc764700f5d69db7be9
Primary Request dep.html
crgis-crtes.is-leet.com/Accer.comptes.Credit.Agricole.fr/Client/ 		4 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://crgis-crtes.is-leet.com/Accer.comptes.Credit.Agricole.fr/Client/dep.html
Requested by
Host: t.co
URL: https://t.co/ru9YJXCzxm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
139.64.245.140 , Canada, ASN31798 (DATACITY, CA),
Reverse DNS
c999963718-cloudpro-778827788.cloudatcost.com
Software
nginx / PleskLin
Resource Hash
ad3fea269700c0956c73932baf7a1fab5fe8b2e52a91af32ac87d9655aa4e041
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Referer
https://t.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-encoding
br
content-type
text/html
date
Mon, 30 Dec 2024 14:18:41 GMT
etag
W/"64456bb2-113b"
last-modified
Sun, 23 Apr 2023 17:32:34 GMT
server
nginx
strict-transport-security
max-age=15768000; includeSubDomains
x-powered-by
PleskLin
image-dep.css
crgis-crtes.is-leet.com/Accer.comptes.Credit.Agricole.fr/Client/files/ 		4 KB
871 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crgis-crtes.is-leet.com/Accer.comptes.Credit.Agricole.fr/Client/files/image-dep.css
Requested by
Host: crgis-crtes.is-leet.com
URL: https://crgis-crtes.is-leet.com/Accer.comptes.Credit.Agricole.fr/Client/dep.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
139.64.245.140 , Canada, ASN31798 (DATACITY, CA),
Reverse DNS
c999963718-cloudpro-778827788.cloudatcost.com
Software
nginx / PleskLin
Resource Hash
9d9cb236f2fd4561efc72a9e8b36cc08d24e276b56e186601615205bb6224763
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://crgis-crtes.is-leet.com/Accer.comptes.Credit.Agricole.fr/Client/dep.html

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
content-encoding
br
etag
W/"64456bbe-11b8"
date
Mon, 30 Dec 2024 14:18:41 GMT
content-type
text/css
last-modified
Sun, 23 Apr 2023 17:32:46 GMT
server
nginx
x-powered-by
PleskLin
back-dep1.PNG
crgis-crtes.is-leet.com/Accer.comptes.Credit.Agricole.fr/Client/files/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crgis-crtes.is-leet.com/Accer.comptes.Credit.Agricole.fr/Client/files/back-dep1.PNG
Requested by
Host: crgis-crtes.is-leet.com
URL: https://crgis-crtes.is-leet.com/Accer.comptes.Credit.Agricole.fr/Client/files/image-dep.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
139.64.245.140 , Canada, ASN31798 (DATACITY, CA),
Reverse DNS
c999963718-cloudpro-778827788.cloudatcost.com
Software
nginx / PleskLin
Resource Hash
80bf25076f4dcddd6b061dc5d153dbf323f78f2f1e9ec5d43aa6fe1ca85e9852
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://crgis-crtes.is-leet.com/Accer.comptes.Credit.Agricole.fr/Client/files/image-dep.css

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
etag
"64456bb6-10be7c"
accept-ranges
bytes
content-length
1097340
date
Mon, 30 Dec 2024 14:18:41 GMT
content-type
image/png
last-modified
Sun, 23 Apr 2023 17:32:38 GMT
server
nginx
x-powered-by
PleskLin
favicon.ico
crgis-crtes.is-leet.com/Accer.comptes.Credit.Agricole.fr/Client/files/ 		11 KB
11 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://crgis-crtes.is-leet.com/Accer.comptes.Credit.Agricole.fr/Client/files/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
139.64.245.140 , Canada, ASN31798 (DATACITY, CA),
Reverse DNS
c999963718-cloudpro-778827788.cloudatcost.com
Software
nginx / PleskLin
Resource Hash
0aaf5804a0bfa2db97cbb1dd89d62307c7580007638c51a5751bfec9c152d595
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://crgis-crtes.is-leet.com/Accer.comptes.Credit.Agricole.fr/Client/dep.html

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
etag
"64456bbe-2ccd"
accept-ranges
bytes
content-length
11469
date
Mon, 30 Dec 2024 14:18:41 GMT
content-type
image/vnd.microsoft.icon
last-modified
Sun, 23 Apr 2023 17:32:46 GMT
server
nginx
x-powered-by
PleskLin

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Credit Agricole (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Domain/Path Name / Value
.t.co/ Name: muc
Value: b4ba134c-b8c3-4f0a-bdda-9cbb034aab0a
.t.co/ Name: __cf_bm
Value: 64QXqOG4Qn6v5CfiM4pZM6JlYzMtuaeFKL5WogYHHUo-1735568323-1.0.1.1-z0ck4zJfhxVmNIQ5xkZgh87UZWEJ8Vc0amvyHOFAaGUCU6uJ7LCftWgWr5P8chFjIcfabcv.EFOxmR0.xVdmRg

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0