flux.messagesleboncoin.fr
Open in
urlscan Pro
194.34.232.72
Malicious Activity!
Public Scan
URL:
https://flux.messagesleboncoin.fr/default/track-success
Submission: On December 15 via api from US — Scanned from US
Submission: On December 15 via api from US — Scanned from US
Summary
This website contacted 4 IPs
in 2 countries
across 4 domains to perform 9 HTTP transactions.
The main IP is 194.34.232.72, located in
Düsseldorf, Germany and
belongs to CONTABO, DE.
The main domain is flux.messagesleboncoin.fr.
TLS certificate: Issued by R3 on November 14th 2023. Valid for: 3 months.
This is the only time flux.messagesleboncoin.fr was scanned on urlscan.io!
TLS certificate: Issued by R3 on November 14th 2023. Valid for: 3 months.
This is the only time flux.messagesleboncoin.fr was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Leboncoin (E-commerce)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 6 | 194.34.232.72 194.34.232.72 | 51167 (CONTABO) (CONTABO) | |
| 1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2607:f8b0:400... 2607:f8b0:4006:809::200a | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2607:f8b0:400... 2607:f8b0:4006:81c::2003 | 15169 (GOOGLE) (GOOGLE) | |
| 9 | 4 |
6
194.34.232.72
(Düsseldorf, Germany)
ASN51167 (CONTABO, DE)
PTR: vmi1460876.contaboserver.net
ASN51167 (CONTABO, DE)
PTR: vmi1460876.contaboserver.net
| flux.messagesleboncoin.fr |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 6 |
messagesleboncoin.fr
flux.messagesleboncoin.fr |
172 KB |
| 1 |
gstatic.com
fonts.gstatic.com |
48 KB |
| 1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29 |
3 KB |
| 1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 204 |
11 KB |
| 9 | 4 |
| Domain | Requested by | |
|---|---|---|
| 6 | flux.messagesleboncoin.fr |
flux.messagesleboncoin.fr
|
| 1 | fonts.gstatic.com |
fonts.googleapis.com
|
| 1 | fonts.googleapis.com |
flux.messagesleboncoin.fr
|
| 1 | cdnjs.cloudflare.com |
flux.messagesleboncoin.fr
|
| 9 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| flux.messagesleboncoin.fr R3 |
2023-11-14 - 2024-02-12 |
3 months | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
| upload.video.google.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
| *.gstatic.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://flux.messagesleboncoin.fr/default/track-success
Frame ID: 78A0745270642F29D7A683613D059776
Requests: 9 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
track-success
flux.messagesleboncoin.fr/default/ |
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.css
flux.messagesleboncoin.fr/ |
8 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
script.js
flux.messagesleboncoin.fr/ |
98 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
imask.min.js
cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/ |
45 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
lbc-front-web-logo.svg
flux.messagesleboncoin.fr/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
credit_card_black_24dp.svg
flux.messagesleboncoin.fr/ |
282 B 571 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
login-illustration.png
flux.messagesleboncoin.fr/ |
125 KB 125 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css2
fonts.googleapis.com/ |
57 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ |
47 KB 48 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Leboncoin (E-commerce)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture object| __core-js_shared__ object| core function| IMask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
flux.messagesleboncoin.fr
fonts.googleapis.com
fonts.gstatic.com
194.34.232.72
2606:4700::6811:190e
2607:f8b0:4006:809::200a
2607:f8b0:4006:81c::2003
2f4a1a8942747889ea4d91e751b446aaa48e04e144cf8c9269551ac34b00444c
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
42c964b8b17402974fa3943ab3cab5ceef748fc12f7ec796a445034a0538d407
755edc5b26465da4ea363e856963e39ce975702797eb1d16e1aa7cbee5110861
8b76b3502583edddf22df0b9c6ee640053a2cdfeaa113ceff3ea9b61d1f6410d
abf308a351422c8fb7cfc7a1ecec936e744ddf02bf426bc884a0115b1c28af1a
b23dd666d2fb7770a1107d23cc42bb5183df686876da235dc197b40c76f3e36c
b4bd7ddb3091012d6e263aea4479027125254cf1fdc98aed6a99807bb79a08ef
f5aa4fee00a00c0c8f1e2bae469d8839ec8bf1ca9ce70799c0fbfd00fb41fd35