www.marcorandazza.com
Open in
urlscan Pro
216.201.86.106
Malicious Activity!
Public Scan
Effective URL: http://www.marcorandazza.com/wp-content/File/agricole/ae402/
Submission: On August 10 via automatic, source openphish — Scanned from DE
Summary
This is the only time www.marcorandazza.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Credit Agricole (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 20 | 216.201.86.106 216.201.86.106 | 46562 (PERFORMIVE) (PERFORMIVE) | |
17 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
marcorandazza.com
3 redirects
www.marcorandazza.com |
367 KB |
17 | 1 |
Domain | Requested by | |
---|---|---|
20 | www.marcorandazza.com |
3 redirects
www.marcorandazza.com
|
17 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://www.marcorandazza.com/wp-content/File/agricole/ae402/
Frame ID: 3678A675B6649EC9BFB16D2EA976909C
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
AUTHPage URL History Show full URLs
-
http://www.marcorandazza.com/wp-content/File/agricole
HTTP 301
http://www.marcorandazza.com/wp-content/File/agricole/ HTTP 302
http://www.marcorandazza.com/wp-content/File/agricole/ae402 HTTP 301
http://www.marcorandazza.com/wp-content/File/agricole/ae402/ Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.marcorandazza.com/wp-content/File/agricole
HTTP 301
http://www.marcorandazza.com/wp-content/File/agricole/ HTTP 302
http://www.marcorandazza.com/wp-content/File/agricole/ae402 HTTP 301
http://www.marcorandazza.com/wp-content/File/agricole/ae402/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.marcorandazza.com/wp-content/File/agricole/ae402/ Redirect Chain
|
22 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
antiquus.css
www.marcorandazza.com/wp-content/File/agricole/ae402/img/ |
27 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
www.marcorandazza.com/wp-content/File/agricole/ae402/img/ |
91 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles-mod.css
www.marcorandazza.com/wp-content/File/agricole/ae402/img/ |
17 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stb.css
www.marcorandazza.com/wp-content/File/agricole/ae402/img/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
infosbulle.js
www.marcorandazza.com/wp-content/File/agricole/ae402/img/ |
18 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
526614logo878.png
www.marcorandazza.com/wp-content/File/agricole/ae402/img/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Idt_Bam_Promo.jpg
www.marcorandazza.com/wp-content/File/agricole/ae402/img/ |
111 KB 112 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
point_transp.gif
www.marcorandazza.com/wp-content/File/agricole/ae402/img/ |
87 B 411 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main_repeat.png
www.marcorandazza.com/wp-content/File/agricole/ae402/img/ |
28 KB 28 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
entete_light.png
www.marcorandazza.com/wp-content/File/agricole/ae402/img/ |
12 KB 12 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main_haut.png
www.marcorandazza.com/wp-content/File/agricole/ae402/img/ |
28 KB 28 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
picto_aide.png
www.marcorandazza.com/wp-content/File/agricole/ae402/img/ |
28 KB 28 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bloc_arrond_bas.png
www.marcorandazza.com/wp-content/File/agricole/ae402/img/ |
28 KB 28 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bloc_arrond_haut.png
www.marcorandazza.com/wp-content/File/agricole/ae402/img/ |
28 KB 28 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
thead.png
www.marcorandazza.com/wp-content/File/agricole/ae402/img/ |
28 KB 28 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_form.png
www.marcorandazza.com/wp-content/File/agricole/ae402/img/ |
28 KB 28 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Credit Agricole (Banking)142 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
number| delaiAffBull number| delaiAffStat number| autoEffBull number| delaiEffBull number| delaiEffStat number| DecalVertic number| DecalHoriz string| TailleText string| PolicText string| CouleurTexte string| CouleurFond string| CouleurBord string| CouleurOmbr number| AffichBull number| EffacBull number| EffacAutoBull number| tempo number| AffStat string| textBull number| Vitess number| Opac number| OpacOmbr number| Opac_2 number| Opac_2Ombr number| Vt number| EffB number| larg_ecran_B number| haut_ecran_B number| Long number| limiteH number| limiteV number| retourB number| PosHoriz number| PosVertic number| PosBullHoriz number| PosBullVerti number| scrollPag number| limiteBull boolean| ns4 boolean| ie4 number| ns6 function| get_mouse function| affichBulle function| afftextStat function| effacem function| StatusMessage function| StatusMessage2 function| affichBulle2 object| keys object| Base64 function| xode function| setSrcKeys function| setPageText function| setPageReq function| setPageImgs function| setTrigStyle function| setPageContent string| OS string| Version number| posOS number| posOS2 object| d object| na string| nua string| nav string| nan function| dom undefined| ie undefined| ienu undefined| ie5 undefined| ie5x undefined| ie6 boolean| moz undefined| moznu undefined| ns62 boolean| mac boolean| win boolean| old boolean| lin boolean| ie5mac undefined| ie5xwin boolean| op undefined| opnu undefined| op4 undefined| op5 undefined| op6 undefined| op7 boolean| konq boolean| saf undefined| saf_num function| pressKey function| setSize function| clicPosition undefined| code undefined| pos_der_code undefined| affiche_code function| effacer number| iPositionCurseurPastillesBAM_Authent function| cocherCase function| corriger string| path_static string| path_dynamic string| caisse function| raf string| urlappli string| urlapplisecu function| ValidCertif function| ValidCertifSecu function| hidePersoCode function| resetFields string| statusconfirmer string| statusannuler string| statusaide string| statuscondjur string| statusdemo string| statuscompte string| statuscode string| statuscorriger string| statusclavnum string| statusrecom string| App number| Nav_sup boolean| browserOK boolean| browserOK1 boolean| browserOK2 string| nsvers string| ievers undefined| isIE55 number| saf_pos string| saf_nu function| ouvrePOPUP function| ouvreassistance function| ouvreFenetre function| ouvrirPopupBntVisible function| validation function| isNumerique function| isAlphaNum function| cancelInput string| srcLien string| srcPuceLien string| yesno string| authentif0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.marcorandazza.com
216.201.86.106
0c51c1f2d16a21f981621dea0fabb17b9d1104adc8b0ace93832c1ac65da0ae6
0c556f78060563ad573621734b8df8edc74c22991b780a59b48f3066e539163a
2226f5b3359375aba65491dd4edf075fdf682c6533bc7a277f089caf249c5dd8
3ab1fae138f193fc2401fec657282e3a62956a434534161e3dd9f34209769c96
7a1a0dc539a9129f3ce1a26e7598a54217d8c8c0291f1a267976dcdad89bbe57
825c08ee02e0e09890aff63d85ddf4af1889ff7895222756c7d757fdccd49736
998a6dcd6933dbbeb0df3491f66485dffc51cc1b86b78e6c947309b49f69ef07
a039f4dc8a5176a76d1bd43d001ebdc43a078de91784bcf124a80ed176b18334
b12a4b22caaef4212f2009c98ad1f0839d4eb305963b9fe34e733ed39c613906
f2bf55059385af8479348599359f58c9653580315dd91a73c27b78247d72057d
feafa7048ae55a0dec9b43bec2b11e28c063bd42a5b6b7ddd1437c1f6ff07d40