connexionpostalclient.firebaseapp.com
Open in
urlscan Pro
2620:0:890::100
Malicious Activity!
Public Scan
Submission: On May 12 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by GTS CA 1D4 on April 18th 2022. Valid for: 3 months.
This is the only time connexionpostalclient.firebaseapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banque Postale (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
1 | 185.16.252.161 185.16.252.161 | 35676 (LA-POSTE) (LA-POSTE) | |
2 2 | 81.80.208.143 81.80.208.143 | 3215 (France Te...) (France Telecom - Orange) | |
2 | 81.80.208.9 81.80.208.9 | 3215 (France Te...) (France Telecom - Orange) | |
4 | 3 |
ASN35676 (LA-POSTE, FR)
PTR: www.labanquepostale.fr
www.labanquepostale.fr |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
gmf.fr
2 redirects
espace-assure.gmf.fr statique.gmf.fr |
7 KB |
1 |
labanquepostale.fr
www.labanquepostale.fr — Cisco Umbrella Rank: 300370 |
4 KB |
1 |
firebaseapp.com
connexionpostalclient.firebaseapp.com |
2 KB |
4 | 3 |
Domain | Requested by | |
---|---|---|
2 | statique.gmf.fr |
connexionpostalclient.firebaseapp.com
|
2 | espace-assure.gmf.fr | 2 redirects |
1 | www.labanquepostale.fr |
connexionpostalclient.firebaseapp.com
|
1 | connexionpostalclient.firebaseapp.com | |
4 | 4 |
Subject Issuer | Validity | Valid | |
---|---|---|---|
firebaseapp.com GTS CA 1D4 |
2022-04-18 - 2022-07-17 |
3 months | crt.sh |
www.labanquepostale.fr DigiCert SHA2 Extended Validation Server CA |
2020-07-08 - 2022-07-09 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://connexionpostalclient.firebaseapp.com/
Frame ID: 942CFF5F8EB5F74399169C4AADD4D3F3
Requests: 4 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Title: ME CONNECTER
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://espace-assure.gmf.fr/commun/images/mail/editique/mail_telephone.jpg HTTP 302
- https://statique.gmf.fr/commun/images/mail/editique/mail_telephone.jpg
- https://espace-assure.gmf.fr/commun/images/mail/editique/mail_localiser_agence.jpg HTTP 302
- https://statique.gmf.fr/commun/images/mail/editique/mail_localiser_agence.jpg
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
connexionpostalclient.firebaseapp.com/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LOGO-LBP-digital-fd-clair-RVB.svg
www.labanquepostale.fr/content/dam/lbp/images/logo/la-banque-postale/ |
3 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mail_telephone.jpg
statique.gmf.fr/commun/images/mail/editique/ Redirect Chain
|
4 KB 4 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mail_localiser_agence.jpg
statique.gmf.fr/commun/images/mail/editique/ Redirect Chain
|
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banque Postale (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
connexionpostalclient.firebaseapp.com
espace-assure.gmf.fr
statique.gmf.fr
www.labanquepostale.fr
185.16.252.161
2620:0:890::100
81.80.208.143
81.80.208.9
739104b5349ad414323b0f821b747b55af29af684d47f6c6a189edb08b76b4e3
846d4f9c97e53802a6a1db7b0ac863264c3da11afc60c7be39efac6cd1cc0ad3
af450b4c4cc261252e529bea96cc645e18c9165d7214e98b85e8f3ca7cd200b9
d52229e1305c2edc39aafc89c7afa957127d883ff1eb1a77f1dcfe4f3201be3a