leazing.fr
Open in
urlscan Pro
51.159.18.46
Malicious Activity!
Public Scan
Effective URL: https://leazing.fr/vmail/ws1.php
Submission: On December 06 via manual from AU — Scanned from DE
Summary
TLS certificate: Issued by R3 on October 28th 2021. Valid for: 3 months.
This is the only time leazing.fr was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2a03:2880:f01... 2a03:2880:f01c:8004:face:b00c:0:8c | 32934 (FACEBOOK) (FACEBOOK) | |
2 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
13 | 152.199.23.37 152.199.23.37 | 15133 (EDGECAST) (EDGECAST) | |
4 7 | 51.159.18.46 51.159.18.46 | 12876 (Online SAS) (Online SAS) | |
1 | 20.190.159.138 20.190.159.138 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 32 | 45.60.78.208 45.60.78.208 | 19551 (INCAPSULA) (INCAPSULA) | |
5 | 104.75.88.194 104.75.88.194 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 34.197.248.129 34.197.248.129 | 14618 (AMAZON-AES) (AMAZON-AES) | |
3 | 23.45.108.166 23.45.108.166 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
2 | 130.61.67.95 130.61.67.95 | 31898 (ORACLE-BM...) (ORACLE-BMC-31898) | |
1 | 15.236.176.210 15.236.176.210 | 16509 (AMAZON-02) (AMAZON-02) | |
65 | 11 |
ASN32934 (FACEBOOK, US)
ad.atdmt.com |
ASN12876 (Online SAS, FR)
PTR: sd-147578.dedibox.fr
simulea.fr | |
leazing.fr | |
www.leazing.fr |
ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-194.deploy.static.akamaitechnologies.com
tags.tiqcdn.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-248-129.compute-1.amazonaws.com
api.ipstack.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-45-108-166.deploy.static.akamaitechnologies.com
c.oracleinfinity.io |
ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com
zurich.data.adobedc.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
32 |
zurich.com
1 redirects
www.zurich.com |
3 MB |
13 |
msftauth.net
aadcdn.msftauth.net |
131 KB |
6 |
leazing.fr
3 redirects
leazing.fr www.leazing.fr |
16 KB |
5 |
oracleinfinity.io
c.oracleinfinity.io dc.oracleinfinity.io |
34 KB |
5 |
tiqcdn.com
tags.tiqcdn.com |
119 KB |
2 |
web.app
demobile.web.app |
37 KB |
1 |
adobedc.net
zurich.data.adobedc.net |
393 B |
1 |
ipstack.com
api.ipstack.com |
1 KB |
1 |
simulea.fr
1 redirects
simulea.fr |
271 B |
1 |
live.com
login.live.com Failed |
|
1 |
atdmt.com
1 redirects
ad.atdmt.com |
966 B |
0 |
Failed
function sub() { [native code] }. Failed |
|
65 | 12 |
Domain | Requested by | |
---|---|---|
32 | www.zurich.com |
1 redirects
leazing.fr
www.zurich.com demobile.web.app |
13 | aadcdn.msftauth.net |
demobile.web.app
leazing.fr |
5 | tags.tiqcdn.com |
www.zurich.com
tags.tiqcdn.com |
4 | leazing.fr |
2 redirects
demobile.web.app
leazing.fr |
3 | c.oracleinfinity.io |
tags.tiqcdn.com
c.oracleinfinity.io |
2 | dc.oracleinfinity.io |
c.oracleinfinity.io
|
2 | www.leazing.fr |
1 redirects
leazing.fr
|
2 | demobile.web.app |
demobile.web.app
|
1 | zurich.data.adobedc.net | |
1 | api.ipstack.com |
www.zurich.com
|
1 | simulea.fr | 1 redirects |
1 | login.live.com |
demobile.web.app
leazing.fr |
1 | ad.atdmt.com | 1 redirects |
0 | www. Failed |
demobile.web.app
|
65 | 14 |
This site contains links to these domains. Also see Links.
Domain |
---|
passwordreset.zurich.com |
www.zurich.com |
privacy.zurich.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
web.app GTS CA 1D4 |
2021-12-02 - 2022-03-02 |
3 months | crt.sh |
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA |
2021-05-13 - 2022-05-13 |
a year | crt.sh |
leazing.fr R3 |
2021-10-28 - 2022-01-26 |
3 months | crt.sh |
graph.windows.net DigiCert SHA2 Secure Server CA |
2021-11-25 - 2022-11-25 |
a year | crt.sh |
*.zurich.com DigiCert SHA2 Secure Server CA |
2020-02-21 - 2022-02-25 |
2 years | crt.sh |
*.tiqcdn.com DigiCert SHA2 Secure Server CA |
2021-04-19 - 2022-04-27 |
a year | crt.sh |
apilayer.net Amazon |
2021-09-10 - 2022-10-09 |
a year | crt.sh |
c.oracleinfinity.io DigiCert SHA2 Secure Server CA |
2021-10-18 - 2022-10-18 |
a year | crt.sh |
dc.oracleinfinity.io DigiCert TLS RSA SHA256 2020 CA1 |
2021-08-16 - 2022-09-07 |
a year | crt.sh |
*.data.adobedc.net DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2021-10-07 - 2022-10-08 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://leazing.fr/vmail/ws1.php
Frame ID: 9537A2854A7EC92EDE3DBE4E2E51F67F
Requests: 21 HTTP requests in this frame
Frame:
https://www.%3C/?php%20echo%20$domain;%20?%3E
Frame ID: B846EEE831BFE629E2703FB4D39BB04D
Requests: 1 HTTP requests in this frame
Frame:
https://www.zurich.com/
Frame ID: 983316756B489706A909074D60127A8F
Requests: 44 HTTP requests in this frame
Screenshot
Page Title
Sign in to your accountPage URL History Show full URLs
-
https://ad.atdmt.com/c/img;adv=40000444734006;ec=106147206444477;c.a=064712;s.a=Struckmann;p.a=Th...
HTTP 302
https://demobile.web.app/thr7Pmasa7XstruB8xkmannq0HzuriB8xha7XB8xr7Pm Page URL
-
http://simulea.fr/id.php?url=https://demobile.web.app/thr7Pmasa7XstruB8xkmannq0HzuriB8xha7XB8x...
HTTP 302
https://leazing.fr/vmail/?client-request-id=dGhvbWFzLnN0cnVja21hbm5AenVyaWNoLmNvbQ== HTTP 302
https://leazing.fr/vmail/ws1.php Page URL
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Forgotten my password
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ad.atdmt.com/c/img;adv=40000444734006;ec=106147206444477;c.a=064712;s.a=Struckmann;p.a=Thomas;a.a=app2,41431;qpb=1;?h=demobile.web.app/thr7Pmasa7XstruB8xkmannq0HzuriB8xha7XB8xr7Pm
HTTP 302
https://demobile.web.app/thr7Pmasa7XstruB8xkmannq0HzuriB8xha7XB8xr7Pm Page URL
-
http://simulea.fr/id.php?url=https://demobile.web.app/thr7Pmasa7XstruB8xkmannq0HzuriB8xha7XB8xr7Pm
HTTP 302
https://leazing.fr/vmail/?client-request-id=dGhvbWFzLnN0cnVja21hbm5AenVyaWNoLmNvbQ== HTTP 302
https://leazing.fr/vmail/ws1.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://ad.atdmt.com/c/img;adv=40000444734006;ec=106147206444477;c.a=064712;s.a=Struckmann;p.a=Thomas;a.a=app2,41431;qpb=1;?h=demobile.web.app/thr7Pmasa7XstruB8xkmannq0HzuriB8xha7XB8xr7Pm HTTP 302
- https://demobile.web.app/thr7Pmasa7XstruB8xkmannq0HzuriB8xha7XB8xr7Pm
- https://leazing.fr/vmail/); HTTP 301
- https://www.leazing.fr/vmail/ HTTP 302
- https://www.leazing.fr/vmail/ws1.php
- https://www.zurich.com/ HTTP 302
- https://www.zurich.com/
65 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
thr7Pmasa7XstruB8xkmannq0HzuriB8xha7XB8xr7Pm
demobile.web.app/ Redirect Chain
|
28 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
108 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pfetchsessionsprogress_3cdbaab1cf6d9b038234.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ |
15 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pidpdisambiguation_76e0875415977704da38.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ |
7 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_ppassword_6f5648a25cfbe86f348c.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ |
20 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Me.htm
login.live.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
0 20 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
0 12 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
https://www.%3C/?php%20echo%20$domain;%20?%3E
https://www.%3C/?php%20echo%20$domain;%20?%3E Frame B846 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
);
demobile.web.app/ |
28 KB 28 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
ws1.php
leazing.fr/vmail/ Redirect Chain
|
33 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
108 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pfetchsessionsprogress_3cdbaab1cf6d9b038234.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ |
15 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pidpdisambiguation_76e0875415977704da38.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ |
7 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_ppassword_6f5648a25cfbe86f348c.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ |
20 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
leazing.fr/vmail/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
aadcdn.msftauth.net/shared/1.0/content/images/ |
513 B 426 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
0 19 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
0 12 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.zurich.com/ Frame 9833 |
212 B 539 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ws1.php
www.leazing.fr/vmail/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_Incapsula_Resource
www.zurich.com/ Frame 9833 |
169 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_Incapsula_Resource
www.zurich.com/ Frame 9833 |
29 B 264 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.zurich.com/ Frame 9833 Redirect Chain
|
95 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_Incapsula_Resource
www.zurich.com/ Frame 9833 |
1 B 245 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
_Incapsula_Resource
www.zurich.com/ Frame 9833 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
optimized-min.css
www.zurich.com/-/media/feature/experience-accelerator/bootstrap-4/bootstrap-4/styles/ Frame 9833 |
29 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
optimized-min.css
www.zurich.com/-/media/themes/dotcom/styles/ Frame 9833 |
414 KB 81 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
VisitorIdentification.js
www.zurich.com/layouts/system/ Frame 9833 |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.sync.js
tags.tiqcdn.com/utag/zurich-group/grp-default/prod/ Frame 9833 |
109 B 343 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0747FC10D2F448D0BDC082F32C908B66.ashx
www.zurich.com/-/media/ Frame 9833 |
220 KB 220 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
quicklinks-sprite-3.svg
www.zurich.com/-/media/project/zurich/dotcom/home/images/ Frame 9833 |
9 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stage-statues-glasgow.jpg
www.zurich.com/-/media/Project/Zurich/Dotcom/campaigns/gbc/stage/ Frame 9833 |
145 KB 145 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
27884FA1C73F44C68D08E94487FDC78D.ashx
www.zurich.com/-/media/ Frame 9833 |
247 KB 248 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
teaser-staying-afloat-during-floods.jpg
www.zurich.com/-/media/project/zurich/dotcom/industry-knowledge/flood-and-water-damage/images/ Frame 9833 |
260 KB 261 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
teaser-battle-for-biodiversity-understanding-the-value-of-nature.jpg
www.zurich.com/-/media/project/zurich/dotcom/industry-knowledge/climate-change/images/ Frame 9833 |
153 KB 154 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
teaser-the-gathering-storm-adapting-to-change.jpg
www.zurich.com/-/media/project/zurich/dotcom/industry-knowledge/climate-change/images/ Frame 9833 |
98 KB 99 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
52BD96431D6648E99208414D3BF1D062.ashx
www.zurich.com/-/media/ Frame 9833 |
292 KB 292 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
F73F9216143D492796288424B57B5923.ashx
www.zurich.com/-/media/ Frame 9833 |
235 KB 236 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4BFF9E6780C249009D333366A673C136.ashx
www.zurich.com/-/media/ Frame 9833 |
357 KB 357 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AF40EDA475FB47988F3ACE1D28F0323B.ashx
www.zurich.com/-/media/ Frame 9833 |
213 KB 213 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5CA66B1C20FE4D14831C6FEFDFA94F5B.ashx
www.zurich.com/-/media/ Frame 9833 |
208 KB 209 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
teaser-zzf.jpg
www.zurich.com/-/media/project/zurich/dotcom/sustainability/images/ Frame 9833 |
239 KB 240 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
optimized-min.js
www.zurich.com/-/media/themes/dotcom/scripts/ Frame 9833 |
357 KB 114 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_Incapsula_Resource
www.zurich.com/ Frame 9833 |
143 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.js
tags.tiqcdn.com/utag/zurich-group/grp-default/prod/ Frame 9833 |
398 KB 90 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ZurichSans-Light_woff2.woff2
www.zurich.com/-/media/themes/dotcom/fonts/ZurichSans/ Frame 9833 |
22 KB 22 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zurich-icons_woff2.woff2
www.zurich.com/-/media/themes/dotcom/fonts/zIcons/ Frame 9833 |
64 KB 65 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ZurichSans-Regular_woff2.woff2
www.zurich.com/-/media/themes/dotcom/fonts/ZurichSans/ Frame 9833 |
22 KB 22 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Ogg-Regular_woff2.woff2
www.zurich.com/-/media/themes/dotcom/fonts/Ogg/ Frame 9833 |
59 KB 60 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ZurichSans-SemiBold_woff2.woff2
www.zurich.com/-/media/themes/dotcom/fonts/ZurichSans/ Frame 9833 |
22 KB 22 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
check
api.ipstack.com/ Frame 9833 |
934 B 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.123.js
tags.tiqcdn.com/utag/zurich-group/grp-default/prod/ Frame 9833 |
18 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.128.js
tags.tiqcdn.com/utag/zurich-group/grp-default/prod/ Frame 9833 |
73 KB 23 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
odc.js
c.oracleinfinity.io/acs/account/9cwwojhdmh/js/main/ Frame 9833 |
39 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_Incapsula_Resource
www.zurich.com/ Frame 9833 |
1 B 245 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ Frame 9833 |
2 B 202 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.js
c.oracleinfinity.io/acs/common/js/1.3.37/ Frame 9833 |
33 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
analytics.js
c.oracleinfinity.io/acs/account/9cwwojhdmh/js/main/analytics-default/ Frame 9833 |
25 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wtid.js
dc.oracleinfinity.io/9cwwojhdmh/ Frame 9833 |
189 B 372 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dcs.gif
dc.oracleinfinity.io/9cwwojhdmh/ Frame 9833 |
43 B 371 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
routing.json
www.zurich.com/-/media/project/zurich/dotcom/data/ Frame 9833 |
47 KB 47 KB |
Fetch
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flag.svg
www.zurich.com/-/media/themes/dotcom/images/ Frame 9833 |
617 KB 151 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s81598038474776
zurich.data.adobedc.net/b/ss/zurichversicherungs.all.prod,zurichversicherungs.grp.all.prod/1/JS-2.22.0/ Frame 9833 |
43 B 393 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- login.live.com
- URL
- https://login.live.com/Me.htm?v=3
- Domain
- www.
- URL
- https://www.%3C/?php%20echo%20$domain;%20?%3E
- Domain
- www.zurich.com
- URL
- https://www.zurich.com/_Incapsula_Resource?ES2LURCT=67&t=78&d=complete%20(s%3A1%2Cc%3A27%2Cr%3A460)
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| webpackJsonp boolean| __convergedlogin_pfetchsessionsprogress_3cdbaab1cf6d9b038234 boolean| __convergedlogin_pidpdisambiguation_76e0875415977704da38 boolean| __convergedlogin_ppassword_6f5648a25cfbe86f348c7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
leazing.fr/ | Name: PHPSESSID Value: u541ulpsvh0gqabf4ivadpsdll |
|
www.leazing.fr/ | Name: PHPSESSID Value: 8q1gdt42nsqn673q6p7md82uv5 |
|
.login.live.com/ | Name: uaid Value: a8b946cb8ecb46509a49a15bca4cff25 |
|
.login.live.com/ | Name: MSPRequ Value: id=N<=1638774027&co=1 |
|
www.zurich.com/ | Name: shell#lang Value: en |
|
www.zurich.com/ | Name: SC_ANALYTICS_GLOBAL_COOKIE Value: 753ec77f948046c49766ddc2c4d8700f|False |
|
www.zurich.com/ | Name: sxa_site Value: Dotcom |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msftauth.net
ad.atdmt.com
api.ipstack.com
c.oracleinfinity.io
dc.oracleinfinity.io
demobile.web.app
leazing.fr
login.live.com
simulea.fr
tags.tiqcdn.com
www.
www.leazing.fr
www.zurich.com
zurich.data.adobedc.net
login.live.com
www.
www.zurich.com
104.75.88.194
130.61.67.95
15.236.176.210
152.199.23.37
20.190.159.138
23.45.108.166
2620:0:890::100
2a03:2880:f01c:8004:face:b00c:0:8c
34.197.248.129
45.60.78.208
51.159.18.46
0140da8c4170309baa728814f96185de2c71bb6a9101d51cb040ece949aa3128
03f2936a3c66508407533616f430352cf0973de3a7d738123c88598c511e3364
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
086666ac482e38a17f8d7ade7fb6779903e06b563258ce3f7bcda9d509814705
137a69498d304e3027a8b9f6eb07bdee5ef53fa7e387d3705044f2024aed15ed
2050db2fdf1ee8089a171f78de3b2f87c84407a411ebca17c597f63b4e5779a6
2389b46f025c29b0b446267bc0146e7d544c86c2e2695a26472e90ca76630d3e
2b7728e29e061baeafae92202616d8e3cf6069a2fb0edfc6ab33f42e132d6b6c
30a330011bd3bb02b4bb1102e8d0a4b992d79845bf81c3468948c755fc938c5e
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
3a86effc7c4dd167081f9faa7af8a7deca2635528b2839fe0311a96273a69496
3e85b32666748c1d87cf20701468244b8662ef85417d44bc7f731bc4bbc56db4
405047a552700ac6b9364d34d5807da86e1e12583fd65741282f01b8383a8055
4a040240e5c7d1585f93b2a8f23159cd8e4d4ecac28fc371a3b5f539a08f66e7
50e59be4b2c7a1eb000ef322c1d27e50adfd8cddda05db0d60899dcb0dc71d66
558a8ed81355f3cdfc69e59973acfc8550afd2f57c7c0edd91e1375b605bc15b
58ed5a49319e2ce32057321c26eb3c0b6421fc6569767e4f85a5fcde6daa39c9
65228fd2558cd49b47573d964a5615c31fa39a7c621990a4e3fb2438f2be05d1
6875c967b65657ad1428d6e197e8ffa288f2f1bc90465db42e2d25e446cc95a8
6bd115330118cf151f45a0a62ff19de437bd1c8c86e2bc1d01303f10f553d985
7139f07f917998f1a482f070139ce5b0e448669a8f77e9710e74e1a2307f564e
74cd8137acbc1a6e89405ac2bd3098d744b9aec5b9cfc80ee54ea963664355cf
7846ca3d8b09793eb0ffb2b7ebc22d845696779b762e2a122d6411694a05d20d
7cb7621f3eb49c78b89d119106cf42981a3075da154dc96af6ca24f8f68c6f53
86af1846068e70008a8d326c5d2e7bbd2eb4fc1edf8d016b27634ad0e79cccfa
8b6a3b17737161e5fe8c29e401372a94b8e650226cf0cd17b4c3c4de5b380b11
9c8c4ed761dd345134d78e59e4447f30f01023e6dcab5439e03c65128b42833c
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a3341bb53953eca994fb140e1e825cc89f8c0060815028d24b7f5bdd9b972bc0
b06067be19e0e2e023602a0becf87fc20bc2a40d6f606d4a647bab3d30619828
b395c15c7d51ba6975254495e010e11420d24650bb0dafc213a8401a3760f4a3
b3ddeccf7ca2b306a5ce43804ac7beb68377f335a050c81613856aa520bfa914
c13c7e1d74caf1b83ff942d6bd58557908e29c037331af5d32c0f581a486a32c
c2920d4b7a2409219002adee50b7eff2131a0c565855f7d6b0b31bed2385fa86
c56e81cbf9ade88b66654152f3ec2218818e29db3b608fc958a4c70c0b3a2080
c9393d3c900adacb5948f0d4f455804c0317fb469f67f8526dc7fd7bbb3edfd1
cc216de13f977863a8e196f0966f3bdf06017513e9aaa9734c293d720db7ab61
d02032286070b4dd9d8fbd985a7bdca8af8edf52b89ff177db3bfcb2c8a9c43d
d117e910b473eb2b3218007cbfe491c97bc00efd04c98182787f20888a57d9c9
d11b1bf4202334a76e4b60e2b2ba7470ff7a6b7dd8fd91c6500157358a6d7b3d
d3228b0aabf6238236548b9508c941cbaae78375b99aa5662330f27ed5344ff2
dfce9c2886fbce2f777a9e48c67996c5e9d1ffde5af946939ef729cb62daa32d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9b270d2a6af5d01dd798963a97d66ce020da7501b55c0239c0b5d7c1d5d2375
ef6323cdd41e716c924ebeac4afcf5c5025000a22d9395e9db67f65c13c78a4c
f05c97b3f88c04a72f89c2f4c49af9fe4c92c7df6d464d2a94e2e1de45838ed6
f78b716b3ffcee267c16f97dc481f51f041443edae74b05023a5a31ffd5b3c31
fa4cb4f24d8dee58357e7c5c35494263c83f36e17ac77e26fb1c3d62d94c3e1b