fr-boursorama-fr.web.app
Open in
urlscan Pro
2620:0:890::100
Malicious Activity!
Public Scan
Effective URL: https://fr-boursorama-fr.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073
Submission: On June 23 via api from CZ — Scanned from FR
Summary
TLS certificate: Issued by GTS CA 1D4 on May 10th 2023. Valid for: 3 months.
This is the only time fr-boursorama-fr.web.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Boursorama (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 5.39.68.33 5.39.68.33 | 16276 (OVH) (OVH) | |
2 | 192.99.71.107 192.99.71.107 | 16276 (OVH) (OVH) | |
2 | 2001:67c:4e8:... 2001:67c:4e8:f004::9 | 62041 (TELEGRAM) (TELEGRAM) | |
1 1 | 2606:4700:10:... 2606:4700:10::6814:8b41 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
18 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
4 | 2606:4700:e6:... 2606:4700:e6::ac40:cb1c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.237.62.211 104.237.62.211 | 18450 (WEBNX) (WEBNX) | |
28 | 6 |
ASN18450 (WEBNX, US)
PTR: hosted-by.racknerd.com
api.ipify.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
web.app
linkbs.web.app fr-boursorama-fr.web.app |
303 KB |
4 |
fontawesome.com
ka-f.fontawesome.com — Cisco Umbrella Rank: 4145 |
30 KB |
2 |
telegram.org
api.telegram.org — Cisco Umbrella Rank: 35240 |
1 KB |
2 |
ip-api.io
ip-api.io — Cisco Umbrella Rank: 378193 |
2 KB |
1 |
ipify.org
api.ipify.org — Cisco Umbrella Rank: 2448 |
116 B |
1 |
tinyurl.com
1 redirects
tinyurl.com — Cisco Umbrella Rank: 17588 |
519 B |
1 |
agencek2.com
uptime.agencek2.com |
3 KB |
28 | 7 |
Domain | Requested by | |
---|---|---|
17 | fr-boursorama-fr.web.app |
fr-boursorama-fr.web.app
|
4 | ka-f.fontawesome.com |
fr-boursorama-fr.web.app
|
2 | api.telegram.org |
uptime.agencek2.com
fr-boursorama-fr.web.app |
2 | ip-api.io |
uptime.agencek2.com
fr-boursorama-fr.web.app |
1 | api.ipify.org |
fr-boursorama-fr.web.app
|
1 | linkbs.web.app |
uptime.agencek2.com
|
1 | tinyurl.com | 1 redirects |
1 | uptime.agencek2.com | |
28 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
uptime.agencek2.com R3 |
2023-05-19 - 2023-08-17 |
3 months | crt.sh |
ip-api.io R3 |
2023-06-11 - 2023-09-09 |
3 months | crt.sh |
api.telegram.org Go Daddy Secure Certificate Authority - G2 |
2023-03-26 - 2024-04-26 |
a year | crt.sh |
web.app GTS CA 1D4 |
2023-05-10 - 2023-08-08 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-12 - 2023-08-12 |
a year | crt.sh |
*.ipify.org Sectigo RSA Domain Validation Secure Server CA |
2023-02-07 - 2024-02-18 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://fr-boursorama-fr.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073
Frame ID: 8EEDF5F982CDE01716189E0144ADFC7B
Requests: 28 HTTP requests in this frame
Screenshot
Page Title
Espace ClientLogo Boursorama BanquePage URL History Show full URLs
- https://uptime.agencek2.com/ Page URL
-
https://tinyurl.com/5dwkdzkx
HTTP 301
https://linkbs.web.app/ Page URL
- https://fr-boursorama-fr.web.app/ Page URL
- https://fr-boursorama-fr.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073 Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://uptime.agencek2.com/ Page URL
-
https://tinyurl.com/5dwkdzkx
HTTP 301
https://linkbs.web.app/ Page URL
- https://fr-boursorama-fr.web.app/ Page URL
- https://fr-boursorama-fr.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- https://tinyurl.com/5dwkdzkx HTTP 301
- https://linkbs.web.app/
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
uptime.agencek2.com/ |
12 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
ip-api.io/json/ |
505 B 945 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
sendMessage
api.telegram.org/bot5812238966:AAFZgHTzE8yweBMxgfFtCCwz0bF9QJ12DzI/ |
385 B 632 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
linkbs.web.app/ Redirect Chain
|
220 B 488 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
fr-boursorama-fr.web.app/ |
13 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
ip-api.io/json/ |
505 B 945 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
sendMessage
api.telegram.org/bot5812238966:AAFZgHTzE8yweBMxgfFtCCwz0bF9QJ12DzI/ |
385 B 631 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
login.html
fr-boursorama-fr.web.app/ |
216 KB 29 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1.css
fr-boursorama-fr.web.app/css/ |
181 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2.css
fr-boursorama-fr.web.app/css/ |
595 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3.css
fr-boursorama-fr.web.app/css/ |
142 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4.css
fr-boursorama-fr.web.app/css/ |
196 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
5.css
fr-boursorama-fr.web.app/css/ |
35 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
6.css
fr-boursorama-fr.web.app/css/ |
129 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
363d4a4d7b.js
fr-boursorama-fr.web.app/js/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery-1.11.0.js
fr-boursorama-fr.web.app/js/ |
276 KB 69 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.inputmask.bundle.js
fr-boursorama-fr.web.app/js/ |
214 KB 32 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
axios.min.js
fr-boursorama-fr.web.app/js/ |
41 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
fr-boursorama-fr.web.app/js/ |
899 B 725 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v6.4.0/css/ |
100 KB 23 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v6.4.0/css/ |
27 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v5-font-face.min.css
ka-f.fontawesome.com/releases/v6.4.0/css/ |
823 B 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v6.4.0/css/ |
2 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
api.ipify.org/ |
21 B 116 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
proximanova-bold-webfont-cache-1458301567.woff2
fr-boursorama-fr.web.app/css/fonts/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
proximanova-regular-webfont-cache-1458301567.woff2
fr-boursorama-fr.web.app/css/fonts/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
proximanova-medium-webfont-cache-1521040380.woff2
fr-boursorama-fr.web.app/css/fonts/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
proximanova-semibold-webfont-cache-1572260791.woff2
fr-boursorama-fr.web.app/css/fonts/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Boursorama (Banking)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend object| FontAwesomeKitConfig function| $ function| jQuery function| Inputmask function| axios function| postData function| hasAt function| validate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.ipify.org
api.telegram.org
fr-boursorama-fr.web.app
ip-api.io
ka-f.fontawesome.com
linkbs.web.app
tinyurl.com
uptime.agencek2.com
104.237.62.211
192.99.71.107
2001:67c:4e8:f004::9
2606:4700:10::6814:8b41
2606:4700:e6::ac40:cb1c
2620:0:890::100
5.39.68.33
112ac2e3ffe928e7a1dca786498b893f07d5b4f59153b7c43d74e2d9315bdf24
159c902dfcff3c62a2725f7287360322288f21d717ca019bdbbba63af71b3419
1a2ae249b4f343bab4ba5e4692860f863838ab6bee51a4702d3d1555d520e173
1b4b9bc613a34d05328e493db7c257ded1560681a47f2f0e7a32d95ad8d4c47b
1d08e5a091a415aaeb621a8c6409054d0d67656553375fd27a3f2da779651097
208b172fff345eb16ca35fc49a442b3ba92283e90d7e7e9f0af704cf524eee38
425741cc35824b5b3b18d4135fbef6afca30662d23638366af151f7e74ba2575
5cbeb9095648444ae26ad665785931d937a10bc83b78f2cf51eaefea0dc0ec21
611282d72af9f414bbc1272c919a1336265f4dbd6f2cf78f25d70bf09d1b8b8c
698d247b4a8020859cb7d1ba6f1da9d345e89a619a0a890e56b69ae0d0a9015c
6c57f6799cf187a6b7e7e3c188a728b416662c74b245337c4c0119eaea76efa3
88c14ddc84ca453ea9fa093b11728f247f352b03e47b3083be7f805aba9df393
8b76118a08d0a4bd9d26a064d74d0a79339f8bfc15d0c08497226d7d58f386fa
af59041c11cf929a2d34e75e190b5da8ef037bd0fbe81a863c3bdcf430dd6b76
b2f57c7dd709e7c318e9a1134d4a028b75d4b8fa3ca9ee64a7bd0f73cc784568
c95d1fb1d2285f81e925222f0850b22b2624f55d2aea6089597eed155d358468
c9fa5a5920c868d017739ce902206c4b749fa83dc7dcfa8f153c53e4175eed6d
cbd3d839b2c90831a6e2d2caa53ff4c02629888dac219756be2757d4d7156387
ce0343e1d6f489768eeefe022c12181c6a0822e756239851310acf076d23d10c
d144babd74738640f3133de675f5fa21c7fb58bfbd430dbd967ca813403afbfd
d739b310b8a43bf4cda5f110d77bdfefa2123a890e1442b0270e0898f6b7f44e
e53ee2f002f94b2f0538c486bb2228daf092cd58d487a528d5c80e67e18a6f75
e9a3ed3097af3491b7582893352df85155f41076c7b994d9e93f76d446793c2d
fc6d016af92c77df78ac5a8a607ffc1c528f105be3e5276825e90f64faa15e27
fd28ebf7bdffb45da731413ed6e6940dc60123aa120bfa5a3909a40b2a2ba7e1