info-declaration-remboursement.com Open in urlscan Pro
66.235.200.146 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://info-declaration-remboursement.com/moncompte-auth/
Submission: On February 26 via api (February 26th 2024, 8:28:57 am UTC) from EE — Scanned from FR

Summary HTTP 1 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 66.235.200.146, located in United States and belongs to CLOUDFLARENET, US. The main domain is info-declaration-remboursement.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 13th 2023. Valid for: a year.

This is the only time info-declaration-remboursement.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: La Poste (Transportation)

Domain & IP information

	IP Address		AS Autonomous System
1	66.235.200.146 66.235.200.146		13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2

1 66.235.200.146 (United States)

ASN13335 (CLOUDFLARENET, US)
PTR: host77.ipowerweb.com

info-declaration-remboursement.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	info-declaration-remboursement.com info-declaration-remboursement.com	2 MB
1	1

	Domain	Requested by
1	info-declaration-remboursement.com
1	1

This site contains links to these domains. Also see Links.

Domain
moncompte.laposte.fr
aide.laposte.fr
www.laposte.fr

Subject Issuer	Validity	Valid
info-declaration-remboursement.com Cloudflare Inc ECC CA-3	`2023-10-13` - `2024-10-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://info-declaration-remboursement.com/moncompte-auth/
Frame ID: A5E81CB65570CF099EE8B8D276E0109B
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Connectez-vous à votre Compte - La Poste Révéler le mot de passe

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

2210 kB
Transfer

3927 kB
Size

1
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://moncompte.laposte.fr/moncompte-auth/auth/realms/mon-compte/login-actions/reset-credentials?client_id=1b03814da3eb73961783f7673f051038&tab_id=oDl6vm0xXvM
Title: Définir un nouveau mot de passe

Search URL Search Domain Scan URL

URL: https://moncompte.laposte.fr/moncompte-auth/auth/realms/mon-compte/login-actions/registration?client_id=1b03814da3eb73961783f7673f051038&tab_id=oDl6vm0xXvM
Title: Créer un compte

Search URL Search Domain Scan URL

URL: https://moncompte.laposte.fr/moncompte-auth/auth/realms/mon-compte/login-actions/authenticate?client_id=1b03814da3eb73961783f7673f051038&tab_id=oDl6vm0xXvM&execution=75dc9899-6b92-48aa-ab05-31ed66108dbd&kc_locale=en
Title: English

Search URL Search Domain Scan URL

URL: https://aide.laposte.fr/categorie/mes-commandes-mon-espace-client/mon-compte
Title: Aide et contact Aide et contact

Search URL Search Domain Scan URL

URL: https://moncompte.laposte.fr/moncompte-auth/auth/resources/rfq0p/login/moncompte/cgu.html
Title: Conditions Générales d'Utilisation CGU

Search URL Search Domain Scan URL

URL: https://www.laposte.fr/accessibilite-moncompte
Title: Accessibilité : partiellement conforme Accessibilité : partiellement conforme

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
11 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response info-declaration-remboursement.com/moncompte-auth/	3 MB 2 MB	97ms 39ms	Document text/html	66.235.200.146 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://info-declaration-remboursement.com/moncompte-auth/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 66.235.200.146 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS host77.ipowerweb.com Software cloudflare / Resource Hash `c0779ac8d13fbc8f3923fac9f1d40656a75fba20f427c5c3eb0307a7773d4b3e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 accept-language fr-FR,fr;q=0.9 Response headers age 322 cache-control max-age=7200 cf-cache-status HIT cf-ray 85b6d12798b10344-CDG content-encoding gzip content-type text/html; charset=UTF-8 date Mon, 26 Feb 2024 08:28:51 GMT expires Mon, 26 Feb 2024 10:23:27 GMT host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== last-modified Mon, 26 Feb 2024 08:23:29 GMT server cloudflare vary Accept-Encoding x-endurance-cache-level 2 x-newfold-cache-level 2 x-nginx-cache WordPress
GET DATA	200 OK	truncated /	352 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `13e9eb7dba60196ca988d20af502820927b2b4ae2f15f6bf0c2f6e59af6e0d60` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	7 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `335e2927330d07cb8399270d7515f2fcb8b6819b75e6be75cf2cd578418ac359` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `cdd79675e3077f3f5d7fbd9f0d047539fc942900f617a38ca21b60d2519a6f91` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	249 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f478fcd90b6ab7a398a05f1a2143ea7c20f9c07b5d70b5fb2ee8c7c5c2f7a64b` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	239 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `fad73292b4d231ed982e30b9d64531f159e5ee517387bb1c4c5dc481de387807` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	32 KB 32 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b` Request headers Referer Origin https://info-declaration-remboursement.com accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	15 KB 15 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615` Request headers Referer Origin https://info-declaration-remboursement.com accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	15 KB 15 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860` Request headers Referer Origin https://info-declaration-remboursement.com accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	16 KB 16 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e` Request headers Referer Origin https://info-declaration-remboursement.com accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	174 KB 174 KB		Font font/ttf
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `889c4332adc6d3db9aef4304f2195250839fc09f8adfb6774032ecbc1c171e79` Request headers Referer Origin https://info-declaration-remboursement.com accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type font/ttf
GET DATA	200 OK	truncated /	165 KB 165 KB		Font font/ttf
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `74c6deaca1fdb6e207b4a257b3d05dc2f33b4f4c782246ba52843f277865a50f` Request headers Referer Origin https://info-declaration-remboursement.com accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type font/ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: La Poste (Transportation)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| savepage_ShadowLoader function| validateEmail

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.info-declaration-remboursement.com/	1969-12-31 23:59:59	Name: _cfuvid Value: wwfONUpVgyZu6LfHR4ot4O3QpvudL.BUAmvRnb8Jtjk-1708936131791-0.0-604800000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

info-declaration-remboursement.com
66.235.200.146
13e9eb7dba60196ca988d20af502820927b2b4ae2f15f6bf0c2f6e59af6e0d60
335e2927330d07cb8399270d7515f2fcb8b6819b75e6be75cf2cd578418ac359
74c6deaca1fdb6e207b4a257b3d05dc2f33b4f4c782246ba52843f277865a50f
889c4332adc6d3db9aef4304f2195250839fc09f8adfb6774032ecbc1c171e79
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
c0779ac8d13fbc8f3923fac9f1d40656a75fba20f427c5c3eb0307a7773d4b3e
cdd79675e3077f3f5d7fbd9f0d047539fc942900f617a38ca21b60d2519a6f91
f478fcd90b6ab7a398a05f1a2143ea7c20f9c07b5d70b5fb2ee8c7c5c2f7a64b
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fad73292b4d231ed982e30b9d64531f159e5ee517387bb1c4c5dc481de387807

info-declaration-remboursement.com Open in urlscan Pro 66.235.200.146 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

1 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

2210 kBTransfer

3927 kBSize

1 Cookies

7 Outgoing links

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

info-declaration-remboursement.com Open in urlscan Pro
66.235.200.146 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

2210 kB
Transfer

3927 kB
Size

1
Cookies

1 HTTP transactions
11 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!