www.revista.boanova.pt
Open in
urlscan Pro
94.46.13.104
Malicious Activity!
Public Scan
Effective URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/lo...
Submission: On June 19 via manual from FR
Summary
This is the only time www.revista.boanova.pt was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banque Populaire (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 64.29.151.221 64.29.151.221 | 30447 (INFB2-AS) (INFB2-AS - InternetNamesForBusiness.com) | |
1 11 | 94.46.13.104 94.46.13.104 | 24768 (ALMOUROLTEC) (ALMOUROLTEC) | |
1 | 213.190.91.126 213.190.91.126 | 20900 (MAN-CASTR...) (MAN-CASTRES-AS Network operating in the South Western France (Toulouse-Castres)) | |
1 | 91.134.157.162 91.134.157.162 | 16276 (OVH) (OVH) | |
13 | 4 |
ASN30447 (INFB2-AS - InternetNamesForBusiness.com, US)
PTR: hostedc40.carrierzone.com
www.winesmarties.net |
ASN24768 (ALMOUROLTEC, PT)
PTR: serv01.terradasideias.pt
www.revista.boanova.pt |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
boanova.pt
1 redirects
www.revista.boanova.pt |
41 KB |
1 |
facil-iti.com
ws.facil-iti.com |
|
1 |
banquepopulaire.fr
www.ibps.rivesparis.banquepopulaire.fr |
|
1 |
winesmarties.net
www.winesmarties.net |
534 B |
13 | 4 |
Domain | Requested by | |
---|---|---|
11 | www.revista.boanova.pt |
1 redirects
www.revista.boanova.pt
|
1 | ws.facil-iti.com |
www.revista.boanova.pt
|
1 | www.ibps.rivesparis.banquepopulaire.fr |
www.revista.boanova.pt
|
1 | www.winesmarties.net | |
13 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.rivesparis.banquepopulaire.fr |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.ibps.banquepopulaire.fr thawte SHA256 SSL CA |
2017-10-20 - 2018-11-30 |
a year | crt.sh |
ws.facil-iti.com Gandi Standard SSL CA 2 |
2018-03-05 - 2020-04-08 |
2 years | crt.sh |
This page contains 3 frames:
Primary Page:
http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
Frame ID: 036C07987523354BA07CE9F625E34F87
Requests: 11 HTTP requests in this frame
Frame:
https://www.ibps.rivesparis.banquepopulaire.fr/s3f-web/getResource?mod=1
Frame ID: BDCEBADEBA7C88E897CB17E946541541
Requests: 1 HTTP requests in this frame
Frame:
https://ws.facil-iti.com/tag/proxy/?id=4dd51e5b-178d-11e6-abd6-000c298ed446&d=d3d3LmljZ2F1dGguYmFucXVlcG9wdWxhaXJlLmZy
Frame ID: E387556752E456B4C33882BE400E2517
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://www.winesmarties.net/readme.html Page URL
-
http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.pa...
HTTP 302
http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.pa... Page URL
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Présentation Cyberplus
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://www.winesmarties.net/readme.html Page URL
-
http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/
HTTP 302
http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
readme.html
www.winesmarties.net/ |
168 B 534 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/ Redirect Chain
|
8 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/css/ |
13 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
custom.css
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/css/ |
243 B 484 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
play_cyberplus.svg
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/img/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
getResource
www.ibps.rivesparis.banquepopulaire.fr/s3f-web/ Frame BDCE |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
/
ws.facil-iti.com/tag/proxy/ Frame E387 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
eyeOn.svg
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/img/ |
424 B 424 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
21.png
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/img/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Ubuntu-L.ttf
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/font/ubuntu/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Ubuntu-R.ttf
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/font/ubuntu/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Ubuntu-M.ttf
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/font/ubuntu/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
symbols_89C3.ttf
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/font/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banque Populaire (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ws.facil-iti.com/ | Name: srvnode Value: srv01 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ws.facil-iti.com
www.ibps.rivesparis.banquepopulaire.fr
www.revista.boanova.pt
www.winesmarties.net
213.190.91.126
64.29.151.221
91.134.157.162
94.46.13.104
15e87657a047e93869e58fbb8db45541af71a1b871a0f346c512239082635dfc
1c7c4ad1a6c4cb2d1f7efc07ddfdd3cf8c70c9193357c80eecb3d9bf26605722
39036ed5148c614cdc0cc98ad981591d852dd96827743db932425284b011d162
3c31de6adca8d603701482d28de049340d37bb25cac2760a7d41835c699be2fb
632496ad3208d36ebe21e49cee95b48b8dd3289330f5b7ee37401a19990caf4d
a31c32b8c888cc44ff96c873bf2e1db49e9329714cc6ae17470c53e9fe96833d