photonuriacastilla.com
Open in
urlscan Pro
109.70.131.187
Malicious Activity!
Public Scan
Submission: On June 17 via automatic, source openphish
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on May 26th 2019. Valid for: 3 months.
This is the only time photonuriacastilla.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Crédit Lyonnais (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 18 | 109.70.131.187 109.70.131.187 | 45037 (HISPAWEB-...) (HISPAWEB-NETWORK) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::2008 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 2 | 34.246.143.222 34.246.143.222 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
19 | 3 |
ASN45037 (HISPAWEB-NETWORK, ES)
PTR: hosting.hispaweb.com
photonuriacastilla.com | |
www.photonuriacastilla.com |
ASN15169 (GOOGLE - Google LLC, US)
ssl.google-analytics.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-246-143-222.eu-west-1.compute.amazonaws.com
logs.xiti.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
photonuriacastilla.com
1 redirects
photonuriacastilla.com www.photonuriacastilla.com |
414 KB |
2 |
xiti.com
1 redirects
logs.xiti.com |
457 B |
1 |
google-analytics.com
ssl.google-analytics.com |
17 KB |
19 | 3 |
Domain | Requested by | |
---|---|---|
17 | photonuriacastilla.com |
1 redirects
photonuriacastilla.com
|
2 | logs.xiti.com |
1 redirects
photonuriacastilla.com
|
1 | ssl.google-analytics.com |
photonuriacastilla.com
|
1 | www.photonuriacastilla.com |
photonuriacastilla.com
|
19 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
photonuriacastilla.com Let's Encrypt Authority X3 |
2019-05-26 - 2019-08-24 |
3 months | crt.sh |
*.google-analytics.com Google Internet Authority G3 |
2019-05-21 - 2019-08-13 |
3 months | crt.sh |
*.xiti.com Thawte RSA CA 2018 |
2019-03-12 - 2020-05-22 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://photonuriacastilla.com/wp-content/mail/46fed/index3.php
Frame ID: 53F5D29D5E3E819FD2E3A7FBC9B54C3E
Requests: 19 HTTP requests in this frame
Screenshot
Detected technologies
Adobe Experience Manager (CMS) ExpandDetected patterns
- html /<div class="[^"]*parbase/i
PHP (Programming Languages) Expand
Detected patterns
- url /\.php(?:$|\?)/i
Java (Programming Languages) Expand
Detected patterns
- html /<div class="[^"]*parbase/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 15- https://photonuriacastilla.com/SCUW/images/parcours/fond-cadenas.jpg HTTP 301
- https://www.photonuriacastilla.com/SCUW/images/parcours/fond-cadenas.jpg
- https://logs.xiti.com/hit.xiti?s=388889&s2=16&p=videoposte::tfi_gestion_beneficiaires_creation_compte_saisie_otp&hl=21x3x41&vrn=1&lng=en-US&vtag=41003&idp=2103415724115&jv=0&r=1600x1200x24x24&re=1600x1200&ref= HTTP 302
- https://logs.xiti.com/hit.xiti?s=388889&s2=16&p=videoposte::tfi_gestion_beneficiaires_creation_compte_saisie_otp&hl=21x3x41&vrn=1&lng=en-US&vtag=41003&idp=2103415724115&jv=0&r=1600x1200x24x24&re=1600x1200&ref=&Rdt=On
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index3.php
photonuriacastilla.com/wp-content/mail/46fed/ |
8 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.5.1.js
photonuriacastilla.com/wp-content/mail/46fed/NEW/ |
83 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
reset-0.9.css
photonuriacastilla.com/wp-content/mail/46fed/NEW/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BPGridGenerator.jsp
photonuriacastilla.com/wp-content/mail/46fed/NEW/ |
6 KB 7 KB |
Stylesheet
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clavier.css
photonuriacastilla.com/wp-content/mail/46fed/NEW/ |
10 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
general.css
photonuriacastilla.com/wp-content/mail/46fed/NEW/ |
23 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header.css
photonuriacastilla.com/wp-content/mail/46fed/NEW/ |
9 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
formulaire.css
photonuriacastilla.com/wp-content/mail/46fed/NEW/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clavier.js
photonuriacastilla.com/wp-content/mail/46fed/NEW/ |
5 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ss.js
photonuriacastilla.com/wp-content/mail/46fed/img/ |
931 B 766 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.gif
photonuriacastilla.com/wp-content/mail/46fed/img/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
default.css
photonuriacastilla.com/wp-content/mail/46fed/img/ |
97 KB 97 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
photonuriacastilla.com/wp-content/mail/46fed/img/ |
134 KB 134 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
picto-cadenas.png
photonuriacastilla.com/wp-content/mail/46fed/img/ |
251 B 551 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iframeResizer.min.js
photonuriacastilla.com/wp-content/mail/46fed/img/ |
12 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
xtroi.js
photonuriacastilla.com/wp-content/mail/46fed/img/ |
18 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fond-cadenas.jpg
www.photonuriacastilla.com/SCUW/images/parcours/ Redirect Chain
|
4 KB 4 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga.js
ssl.google-analytics.com/ |
45 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hit.xiti
logs.xiti.com/ Redirect Chain
|
35 B 100 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Crédit Lyonnais (Banking)188 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery function| addCode function| emptyCode boolean| encodeXor function| encodeBase64LCL function| myXOR function| createCookie function| readCookie function| saveIdentifiant function| removeIdentifiant function| saveIdentifiantBel function| validateForm function| date_heure object| date number| annee number| moi object| mois number| j number| jour object| jours number| h string| m number| s string| resultat function| iFrameResize object| _gaq function| xt_cart object| xtnv string| xtsd string| xtsite string| xtn2 string| xtpage boolean| roitest boolean| visiteciblee string| xtdi string| xt1 string| xtcode string| xt46 string| xt50 string| xt48 boolean| xt54 boolean| xt58 boolean| xtdocl string| xtud string| xt2 number| xt3 string| xtkwv string| xtkwp object| xtadch object| xt4 object| xtoid boolean| xtkey object| xt49 number| xt5 object| xw object| xd object| xtg string| xtv object| xt6 string| xt7 number| xt36 string| xt37 undefined| xturl string| xt38 string| xt8 string| xt9 string| xt8b string| xtp object| xt10 boolean| xt11 string| xt12 string| xt13 string| xtm number| xtclzone string| xt15 string| xt17 string| xt44 string| xt47 string| xt18 string| xtmc string| xtcr string| xtac string| xtat string| xtan string| xtnp string| xt19 string| xt20 object| xts object| xt21 number| xt22 function| xtserial function| xtclURL function| xtf1 function| xtf2 function| xt_addchain function| wck function| xtf3 function| xt_med function| xt_ad function| xt_adc function| xt_click function| xt_form function| xt_rm function| xtf4 function| f_nb string| xtidpg number| xt23 string| xt16 number| xt43 function| xt_addProduct function| xt_rd function| xt_addProduct_v2 function| xt_addProduct_load function| xt_ParseUrl function| xt_ParseUrl3 function| xtestr undefined| xtvid undefined| xtexp string| xtpm string| xtpmd string| xtpmc string| xtpan string| xtpat string| xtpant object| xt24 object| xtdtgo object| xt25 object| xt26 object| xt55 object| xt27 object| xt56 object| xt28 string| xtocl object| xtord string| xtgord string| xtvrn number| xtgmt string| xtgo string| xtpgt object| xto object| xtock string| xtdrm object| xtanc object| xtattc object| xtanct object| xtxp object| xt29 object| xt30 number| xt31 number| xt57 string| xtan2 string| xtat2 string| xt32 string| xt35 object| xtor object| xtor_duree object| xtdate2 number| xt34 number| xtecart string| xt33 string| Xt_r string| xtnav boolean| xtIE number| xtvers boolean| xtnet boolean| xtmac boolean| xtOP string| xtconn string| xthome string| xtresr string| xtlang string| xthl string| xt45 string| Xt_param object| xtvalCZ undefined| xtdateo string| Xt_id object| xtide undefined| xtmpide string| Xt_i function| startTimer function| checkSecond boolean| flag object| _gat0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
logs.xiti.com
photonuriacastilla.com
ssl.google-analytics.com
www.photonuriacastilla.com
109.70.131.187
2a00:1450:4001:80b::2008
34.246.143.222
047dd6cc726a073dee019cb03ba0a8903b74195bafc1771ac320481430a535da
094df68d385da742959a3811ec203d450a2db599bca402ab54e2a4471f9f4b7d
114103669d613b731972950477202e64ae4bc52fb021425a95e3f248081510cf
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
28da5aea659ba669ea1e22cd30e64c1b254639ff743dbbf7431e72afa30382ae
2ab2773dbca2d31f235c84cf688f1805a47ec61ed2550423ebcbf471ab01e6ac
3de3ffe79cc57f3699ac9d3cb4f1531c36cba6f224967b1c9ea7047cc44f78c5
5604120e254d101f2429c7461e2f2ae954fc86b73243c7e0e9b91d93568a71b7
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ff4f2de56ff3b203abb5ca12c5a2ab31a191c9cb8414aa80447c5b18d03520b
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
83e616960727693c4122314d8a56e1ee9e6454350356f53cbfafca4f38ebfd22
8d35c3b035177092c5077a8288b9bde03d066c661fa3a9cfe04199f9d331f357
99f9c1defa03ce48872f7f0417061ba7e14970f467bc41a1477629929523cf85
9b704de133d8350079295666a8fc6d83130855d075ac97aa1fb75123f404a106
adeebd4d4b63ea80f1b76ea0cef84e6bade7263dd94c1506a655719ec31cb4fc
dcb23acee043bec4c1b914f0accc5742678f793210f60d21846120668db86a3a
ebf41c1b6bc83a3bbe04084dd28b23e931ebc5ec32e2a8cbb62016706acbc875
ff36edc6d8930470eb93a5b526adae0a2046cb9c33b165ff6ee63783a8468196