www.revista.boanova.pt Open in urlscan Pro
94.46.13.104 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.winesmarties.net/readme.html
Effective URL:
http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/lo...
Submission: On June 19 via manual (June 19th 2018, 11:35:28 am UTC) from FR

Summary HTTP 13 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 13 HTTP transactions. The main IP is 94.46.13.104, located in Portugal and belongs to ALMOUROLTEC, PT. The main domain is www.revista.boanova.pt.

This is the only time www.revista.boanova.pt was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banque Populaire (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	64.29.151.221 64.29.151.221	30447 (INFB2-AS) (INFB2-AS - InternetNamesForBusiness.com)
1 11	94.46.13.104 94.46.13.104	24768 (ALMOUROLTEC) (ALMOUROLTEC)
1	213.190.91.126 213.190.91.126	20900 (MAN-CASTR...) (MAN-CASTRES-AS Network operating in the South Western France (Toulouse-Castres))
1	91.134.157.162 91.134.157.162	16276 (OVH) (OVH)
13	4

1 64.29.151.221 (Fort Lauderdale, United States)

ASN30447 (INFB2-AS - InternetNamesForBusiness.com, US)
PTR: hostedc40.carrierzone.com

www.winesmarties.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 94.46.13.104 (Portugal) 1 redirects

ASN24768 (ALMOUROLTEC, PT)
PTR: serv01.terradasideias.pt

www.revista.boanova.pt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.190.91.126 (France)

ASN20900 (MAN-CASTRES-AS Network operating in the South Western France (Toulouse-Castres), FR)
PTR: 126-91-190-213.intermediasud.com

www.ibps.rivesparis.banquepopulaire.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.134.157.162 (France)

ASN16276 (OVH, FR)
PTR: ws.facil-iti.com

ws.facil-iti.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	boanova.pt 1 redirects www.revista.boanova.pt	41 KB
1	facil-iti.com ws.facil-iti.com
1	banquepopulaire.fr www.ibps.rivesparis.banquepopulaire.fr
1	winesmarties.net www.winesmarties.net	534 B
13	4

	Domain	Requested by
11	www.revista.boanova.pt	1 redirects www.revista.boanova.pt
1	ws.facil-iti.com	www.revista.boanova.pt
1	www.ibps.rivesparis.banquepopulaire.fr	www.revista.boanova.pt
1	www.winesmarties.net
13	4

This site contains links to these domains. Also see Links.

Domain
www.rivesparis.banquepopulaire.fr

Subject Issuer	Validity	Valid
www.ibps.banquepopulaire.fr thawte SHA256 SSL CA	`2017-10-20` - `2018-11-30`	a year	crt.sh
ws.facil-iti.com Gandi Standard SSL CA 2	`2018-03-05` - `2020-04-08`	2 years	crt.sh

This page contains 3 frames:

Primary Page: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
Frame ID: 036C07987523354BA07CE9F625E34F87
Requests: 11 HTTP requests in this frame

Frame: https://www.ibps.rivesparis.banquepopulaire.fr/s3f-web/getResource?mod=1
Frame ID: BDCEBADEBA7C88E897CB17E946541541
Requests: 1 HTTP requests in this frame

Frame: https://ws.facil-iti.com/tag/proxy/?id=4dd51e5b-178d-11e6-abd6-000c298ed446&d=d3d3LmljZ2F1dGguYmFucXVlcG9wdWxhaXJlLmZy
Frame ID: E387556752E456B4C33882BE400E2517
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.winesmarties.net/readme.html Page URL
http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.pa... HTTP 302
http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.pa... Page URL

Page Statistics

13
Requests

15 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

41 kB
Transfer

39 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.rivesparis.banquepopulaire.fr/portailinternet/Pages/ReinitPwd/DemoRedirect.aspx
Title: Présentation Cyberplus

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.winesmarties.net/readme.html Page URL
http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/ HTTP 302
http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Cookie set readme.html
www.winesmarties.net/ 168 B
534 B 364ms
125ms Document
text/html 64.29.151.221
InternetNamesForB...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.winesmarties.net/readme.html
Protocol: HTTP/1.1
Server: 64.29.151.221 Fort Lauderdale, United States, ASN30447 (INFB2-AS - InternetNamesForBusiness.com, US),
Reverse DNS: hostedc40.carrierzone.com
Software: /
Resource Hash

Request headers

Host: www.winesmarties.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 036C07987523354BA07CE9F625E34F87

Response headers

Date: Tue, 19 Jun 2018 11:35:18 GMT
Last-Modified: Tue, 19 Jun 2018 02:32:46 GMT
Accept-Ranges: bytes
Content-Length: 168
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Content-Type: text/html
Set-Cookie: TS0194eee0=010bd7804436254dc2742ff07e0165475ee5a27ee9756041ff7e6366cde1b4a1f4e76786508016a606a1f1e53db4e17f3f580d7650; Path=/

GET
H/1.1

200
OK

Primary Request login.php Show response
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/
Redirect Chain

http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/
http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58

8 KB
9 KB

70ms
68ms

Document
text/html

94.46.13.104
ALMOUROLTEC

General

Check archive.org

Show headers Download Go to

Full URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
Protocol: HTTP/1.1
Server: 94.46.13.104 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS: serv01.terradasideias.pt
Software: Apache / PHP/5.3.29
Resource Hash: 1c7c4ad1a6c4cb2d1f7efc07ddfdd3cf8c70c9193357c80eecb3d9bf26605722

Request headers

Host: www.revista.boanova.pt
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://www.winesmarties.net/readme.html
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 036C07987523354BA07CE9F625E34F87
Referer: http://www.winesmarties.net/readme.html

Response headers

Date: Tue, 19 Jun 2018 11:35:20 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

Redirect headers

Date: Tue, 19 Jun 2018 11:35:20 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Location: login.php?sess=1d25e85b28ea7819f225b28ea7819f58
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

GET
H/1.1 200
OK app.css
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/css/ 13 KB
13 KB 44ms
44ms Stylesheet
text/css 94.46.13.104
ALMOUROLTEC

General

Check archive.org

Show headers Download Go to

Full URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/css/app.css
Requested by: Host: www.revista.boanova.pt
URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
Protocol: HTTP/1.1
Server: 94.46.13.104 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS: serv01.terradasideias.pt
Software: Apache /
Resource Hash: 3c31de6adca8d603701482d28de049340d37bb25cac2760a7d41835c699be2fb

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.revista.boanova.pt
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Tue, 19 Jun 2018 11:35:20 GMT
Last-Modified: Tue, 19 Jun 2018 02:52:00 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 13483

GET
H/1.1 200
OK custom.css
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/css/ 243 B
484 B 44ms
44ms Stylesheet
text/css 94.46.13.104
ALMOUROLTEC

General

Check archive.org

Show headers Download Go to

Full URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/css/custom.css
Requested by: Host: www.revista.boanova.pt
URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
Protocol: HTTP/1.1
Server: 94.46.13.104 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS: serv01.terradasideias.pt
Software: Apache /
Resource Hash: 632496ad3208d36ebe21e49cee95b48b8dd3289330f5b7ee37401a19990caf4d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.revista.boanova.pt
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Tue, 19 Jun 2018 11:35:20 GMT
Last-Modified: Tue, 19 Jun 2018 02:52:00 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 243

GET
H/1.1 200
OK play_cyberplus.svg
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/img/ 2 KB
3 KB 44ms
44ms Image
image/svg+xml 94.46.13.104
ALMOUROLTEC

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/img/play_cyberplus.svg
Requested by: Host: www.revista.boanova.pt
URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
Protocol: HTTP/1.1
Server: 94.46.13.104 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS: serv01.terradasideias.pt
Software: Apache /
Resource Hash: 15e87657a047e93869e58fbb8db45541af71a1b871a0f346c512239082635dfc

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.revista.boanova.pt
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Tue, 19 Jun 2018 11:35:20 GMT
Last-Modified: Tue, 19 Jun 2018 02:52:00 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 2497

GET
H/1.1 200
OK getResource
www.ibps.rivesparis.banquepopulaire.fr/s3f-web/ Frame BDCE 0
0 488ms
261ms Document
text/html 213.190.91.126
MAN-CASTRES-AS Ne...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ibps.rivesparis.banquepopulaire.fr/s3f-web/getResource?mod=1

Requested by

Host: www.revista.boanova.pt
URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.190.91.126 , France, ASN20900 (MAN-CASTRES-AS Network operating in the South Western France (Toulouse-Castres), FR),

Reverse DNS

126-91-190-213.intermediasud.com

Software

IWS /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Host: www.ibps.rivesparis.banquepopulaire.fr
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 036C07987523354BA07CE9F625E34F87
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58

Response headers

Date: Tue, 19 Jun 2018 11:35:17 GMT
Server: IWS
Content-Type: text/html;charset=UTF-8
Strict-Transport-Security: max-age=31536000
Keep-Alive: timeout=8, max=300
Connection: Keep-Alive
Transfer-Encoding: chunked

GET
H/1.1 200
OK Cookie set /
ws.facil-iti.com/tag/proxy/ Frame E387 0
0 94ms
16ms Document
text/html 91.134.157.162
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.facil-iti.com/tag/proxy/?id=4dd51e5b-178d-11e6-abd6-000c298ed446&d=d3d3LmljZ2F1dGguYmFucXVlcG9wdWxhaXJlLmZy

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.157.162 , France, ASN16276 (OVH, FR),

Reverse DNS

ws.facil-iti.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Host: ws.facil-iti.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 036C07987523354BA07CE9F625E34F87
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58

Response headers

Date: Tue, 19 Jun 2018 11:35:19 GMT
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 0
Cache-Control: private, max-age=86400
Expires: Wed, 20 Jun 2018 11:35:19 GMT
ETag: "17702-1-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Length: 1743
Content-Type: text/html; charset=UTF-8
Set-Cookie: srvnode=srv01; path=/

GET
H/1.1 404
Not Found eyeOn.svg
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/img/ 424 B
424 B 44ms
43ms Image
text/html 94.46.13.104
ALMOUROLTEC

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/img/eyeOn.svg
Requested by: Host: www.revista.boanova.pt
URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
Protocol: HTTP/1.1
Server: 94.46.13.104 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS: serv01.terradasideias.pt
Software: Apache /
Resource Hash: a31c32b8c888cc44ff96c873bf2e1db49e9329714cc6ae17470c53e9fe96833d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.revista.boanova.pt
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/css/app.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/css/app.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Tue, 19 Jun 2018 11:35:20 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 424
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK 21.png
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/img/ 15 KB
15 KB 131ms
44ms Image
image/png 94.46.13.104
ALMOUROLTEC

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/img/21.png
Requested by: Host: www.revista.boanova.pt
URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
Protocol: HTTP/1.1
Server: 94.46.13.104 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS: serv01.terradasideias.pt
Software: Apache /
Resource Hash: 39036ed5148c614cdc0cc98ad981591d852dd96827743db932425284b011d162

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.revista.boanova.pt
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/css/custom.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/css/custom.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Tue, 19 Jun 2018 11:35:20 GMT
Last-Modified: Tue, 19 Jun 2018 02:52:00 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 14865

GET
H/1.1 404
Not Found Ubuntu-L.ttf
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/font/ubuntu/ 0
0 85ms
44ms Font
text/html 94.46.13.104
ALMOUROLTEC

General

Check archive.org

Show headers Download Go to

Full URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/font/ubuntu/Ubuntu-L.ttf
Requested by: Host: www.revista.boanova.pt
URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
Protocol: HTTP/1.1
Server: 94.46.13.104 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS: serv01.terradasideias.pt
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Origin: http://www.revista.boanova.pt
Accept-Encoding: gzip, deflate
Host: www.revista.boanova.pt
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: */*
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/css/app.css
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/css/app.css
Origin: http://www.revista.boanova.pt

Response headers

Date: Tue, 19 Jun 2018 11:35:20 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Length: 435
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found Ubuntu-R.ttf
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/font/ubuntu/ 0
0 87ms
43ms Font
text/html 94.46.13.104
ALMOUROLTEC

General

Check archive.org

Show headers Download Go to

Full URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/font/ubuntu/Ubuntu-R.ttf
Requested by: Host: www.revista.boanova.pt
URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
Protocol: HTTP/1.1
Server: 94.46.13.104 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS: serv01.terradasideias.pt
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Origin: http://www.revista.boanova.pt
Accept-Encoding: gzip, deflate
Host: www.revista.boanova.pt
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: */*
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/css/app.css
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/css/app.css
Origin: http://www.revista.boanova.pt

Response headers

Date: Tue, 19 Jun 2018 11:35:20 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 435
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found Ubuntu-M.ttf
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/font/ubuntu/ 0
0 127ms
44ms Font
text/html 94.46.13.104
ALMOUROLTEC

General

Check archive.org

Show headers Download Go to

Full URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/font/ubuntu/Ubuntu-M.ttf
Requested by: Host: www.revista.boanova.pt
URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
Protocol: HTTP/1.1
Server: 94.46.13.104 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS: serv01.terradasideias.pt
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Origin: http://www.revista.boanova.pt
Accept-Encoding: gzip, deflate
Host: www.revista.boanova.pt
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: */*
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/css/app.css
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/css/app.css
Origin: http://www.revista.boanova.pt

Response headers

Date: Tue, 19 Jun 2018 11:35:20 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=95
Content-Length: 435
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found symbols_89C3.ttf
www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/font/ 0
0 129ms
43ms Font
text/html 94.46.13.104
ALMOUROLTEC

General

Check archive.org

Show headers Download Go to

Full URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/font/symbols_89C3.ttf
Requested by: Host: www.revista.boanova.pt
URL: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/login.php?sess=1d25e85b28ea7819f225b28ea7819f58
Protocol: HTTP/1.1
Server: 94.46.13.104 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS: serv01.terradasideias.pt
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Origin: http://www.revista.boanova.pt
Accept-Encoding: gzip, deflate
Host: www.revista.boanova.pt
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: */*
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/css/app.css
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer: http://www.revista.boanova.pt/plugins/authentication/_/information=index.php/labanquepopulaire1-WebSSO/.particuliers_BP=IDE/css/app.css
Origin: http://www.revista.boanova.pt

Response headers

Date: Tue, 19 Jun 2018 11:35:20 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 432
Content-Type: text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banque Populaire (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ws.facil-iti.com/	1969-12-31 23:59:59	Name: srvnode Value: srv01

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ws.facil-iti.com
www.ibps.rivesparis.banquepopulaire.fr
www.revista.boanova.pt
www.winesmarties.net
213.190.91.126
64.29.151.221
91.134.157.162
94.46.13.104
15e87657a047e93869e58fbb8db45541af71a1b871a0f346c512239082635dfc
1c7c4ad1a6c4cb2d1f7efc07ddfdd3cf8c70c9193357c80eecb3d9bf26605722
39036ed5148c614cdc0cc98ad981591d852dd96827743db932425284b011d162
3c31de6adca8d603701482d28de049340d37bb25cac2760a7d41835c699be2fb
632496ad3208d36ebe21e49cee95b48b8dd3289330f5b7ee37401a19990caf4d
a31c32b8c888cc44ff96c873bf2e1db49e9329714cc6ae17470c53e9fe96833d

www.revista.boanova.pt Open in urlscan Pro 94.46.13.104 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

13 Requests

15 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

41 kBTransfer

39 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

www.revista.boanova.pt Open in urlscan Pro
94.46.13.104 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

15 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

41 kB
Transfer

39 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!