account.avenir-mutuelle.com Open in urlscan Pro
185.178.29.62  Malicious Activity! Public Scan

3 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request recover-account Show response account.avenir-mutuelle.com/common/	31 KB 10 KB	103ms 31ms	Document text/html	185.178.29.62 TALSION
General Check archive.org Show headers Download Go to Full URL https://account.avenir-mutuelle.com/common/recover-account Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.178.29.62 , France, ASN206508 (TALSION, FR), Reverse DNS smtp.rse.polylogis.work Software uSphere / Resource Hash 1dc4ade4db58be0eeb1344fb1ca43eb5b0658ffa34ad87083206960bb69a2b77 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers Cache-Control no-cache, private, max-age=0 Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Fri, 27 Oct 2023 02:07:47 GMT Expires Thu, 01 Jan 1970 01:00:00 GMT Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains Transfer-Encoding chunked Vary Cookie X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-XSS-Protection 1; mode=block server uSphere
GET H/1.1	200 OK	converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css account.avenir-mutuelle.com/resources/	109 KB 21 KB	26ms 25ms	Stylesheet text/css	185.178.29.62 TALSION
General Check archive.org Show headers Download Go to Full URL https://account.avenir-mutuelle.com/resources/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css Requested by Host: account.avenir-mutuelle.com URL: https://account.avenir-mutuelle.com/common/recover-account Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.178.29.62 , France, ASN206508 (TALSION, FR), Reverse DNS smtp.rse.polylogis.work Software uSphere / Resource Hash 1a0ea89ae667420caeae29d594d53258e6ed157dab7e8dfe6f154f0054b0cf99 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language fr-FR,fr;q=0.9 Referer https://account.avenir-mutuelle.com/common/recover-account User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Fri, 27 Oct 2023 02:07:47 GMT Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Last-Modified Thu, 26 Oct 2023 09:43:42 GMT server uSphere Content-Encoding gzip X-Frame-Options SAMEORIGIN Transfer-Encoding chunked Content-Type text/css; charset=utf-8 Vary Cookie Connection keep-alive X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	ConvergedLogin_PCore_cMGnwaE07ZSpRlsZYnkefA2.js Show response account.avenir-mutuelle.com/resources/	417 KB 116 KB	53ms 26ms	Script text/javascript	185.178.29.62 TALSION
General Check archive.org Show headers Download Go to Full URL https://account.avenir-mutuelle.com/resources/ConvergedLogin_PCore_cMGnwaE07ZSpRlsZYnkefA2.js Requested by Host: account.avenir-mutuelle.com URL: https://account.avenir-mutuelle.com/common/recover-account Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.178.29.62 , France, ASN206508 (TALSION, FR), Reverse DNS smtp.rse.polylogis.work Software uSphere / Resource Hash 5e5db30942d45585570d00fcbbc1367602aa2a48efe5863e9f3bb415a3c708c1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language fr-FR,fr;q=0.9 Referer https://account.avenir-mutuelle.com/common/recover-account User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Fri, 27 Oct 2023 02:07:47 GMT Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Last-Modified Thu, 26 Oct 2023 09:43:42 GMT server uSphere Content-Encoding gzip X-Frame-Options SAMEORIGIN Transfer-Encoding chunked Content-Type text/javascript; charset=utf-8 Vary Cookie Connection keep-alive X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	ux.converged.login.strings-fr.min_vgom4losulaejsjsmsmnma2.js Show response account.avenir-mutuelle.com/resources/	56 KB 17 KB	93ms 53ms	Script text/javascript	185.178.29.62 TALSION
General Check archive.org Show headers Download Go to Full URL https://account.avenir-mutuelle.com/resources/ux.converged.login.strings-fr.min_vgom4losulaejsjsmsmnma2.js Requested by Host: account.avenir-mutuelle.com URL: https://account.avenir-mutuelle.com/common/recover-account Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.178.29.62 , France, ASN206508 (TALSION, FR), Reverse DNS smtp.rse.polylogis.work Software uSphere / Resource Hash 4e88dc20714db3b6e64114677bc36df10fb0ab51482a5c5d48421618c4809007 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language fr-FR,fr;q=0.9 Referer https://account.avenir-mutuelle.com/common/recover-account User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Fri, 27 Oct 2023 02:07:47 GMT Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Last-Modified Thu, 26 Oct 2023 09:43:42 GMT server uSphere Content-Encoding gzip X-Frame-Options SAMEORIGIN Transfer-Encoding chunked Content-Type text/javascript; charset=utf-8 Vary Cookie Connection keep-alive X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	convergedlogin_pcustomizationloader_ddc6955191c1ed8e0957.js Show response account.avenir-mutuelle.com/resources/	153 KB 35 KB	102ms 62ms	Script text/javascript	185.178.29.62 TALSION
General Check archive.org Show headers Download Go to Full URL https://account.avenir-mutuelle.com/resources/convergedlogin_pcustomizationloader_ddc6955191c1ed8e0957.js Requested by Host: account.avenir-mutuelle.com URL: https://account.avenir-mutuelle.com/common/recover-account Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.178.29.62 , France, ASN206508 (TALSION, FR), Reverse DNS smtp.rse.polylogis.work Software uSphere / Resource Hash 01660e542f763dc77c51bed6a1d3e422d5583d3778b9d0ee44c28f37d8e03fe9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language fr-FR,fr;q=0.9 Referer https://account.avenir-mutuelle.com/common/recover-account User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Fri, 27 Oct 2023 02:07:47 GMT Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Last-Modified Thu, 26 Oct 2023 09:43:42 GMT server uSphere Content-Encoding gzip X-Frame-Options SAMEORIGIN Transfer-Encoding chunked Content-Type text/javascript; charset=utf-8 Vary Cookie Connection keep-alive X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	convergedlogin_pfetchsessionsprogress_af6a7e05798bc1589a37.js Show response account.avenir-mutuelle.com/resources/	15 KB 6 KB	80ms 38ms	Script text/javascript	185.178.29.62 TALSION
General Check archive.org Show headers Download Go to Full URL https://account.avenir-mutuelle.com/resources/convergedlogin_pfetchsessionsprogress_af6a7e05798bc1589a37.js Requested by Host: account.avenir-mutuelle.com URL: https://account.avenir-mutuelle.com/common/recover-account Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.178.29.62 , France, ASN206508 (TALSION, FR), Reverse DNS smtp.rse.polylogis.work Software uSphere / Resource Hash fe2e69f0fe9b0556bf7744e2296438cce01b469047b212d171f7522bc2a8780d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language fr-FR,fr;q=0.9 Referer https://account.avenir-mutuelle.com/common/recover-account User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Fri, 27 Oct 2023 02:07:47 GMT Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Last-Modified Thu, 26 Oct 2023 09:43:42 GMT server uSphere Content-Encoding gzip X-Frame-Options SAMEORIGIN Transfer-Encoding chunked Content-Type text/javascript; charset=utf-8 Vary Cookie Connection keep-alive X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	convergedlogin_pstringcustomizationhelper_9aadf765d76ab50766b.js Show response account.avenir-mutuelle.com/resources/	111 KB 36 KB	81ms 39ms	Script text/javascript	185.178.29.62 TALSION
General Check archive.org Show headers Download Go to Full URL https://account.avenir-mutuelle.com/resources/convergedlogin_pstringcustomizationhelper_9aadf765d76ab50766b.js Requested by Host: account.avenir-mutuelle.com URL: https://account.avenir-mutuelle.com/common/recover-account Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.178.29.62 , France, ASN206508 (TALSION, FR), Reverse DNS smtp.rse.polylogis.work Software uSphere / Resource Hash 02c6e0ac4cebe14cf42f0aad5ea0f14c5f4ab6c321f988d455ed7fa756a80aa5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language fr-FR,fr;q=0.9 Referer https://account.avenir-mutuelle.com/common/recover-account User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Fri, 27 Oct 2023 02:07:47 GMT Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Last-Modified Thu, 26 Oct 2023 09:43:42 GMT server uSphere Content-Encoding gzip X-Frame-Options SAMEORIGIN Transfer-Encoding chunked Content-Type text/javascript; charset=utf-8 Vary Cookie Connection keep-alive X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	convergedlogin_ppassword_14c7752fe697ea25c3e7.js Show response account.avenir-mutuelle.com/resources/	26 KB 8 KB	77ms 33ms	Script text/javascript	185.178.29.62 TALSION
General Check archive.org Show headers Download Go to Full URL https://account.avenir-mutuelle.com/resources/convergedlogin_ppassword_14c7752fe697ea25c3e7.js Requested by Host: account.avenir-mutuelle.com URL: https://account.avenir-mutuelle.com/common/recover-account Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.178.29.62 , France, ASN206508 (TALSION, FR), Reverse DNS smtp.rse.polylogis.work Software uSphere / Resource Hash a090bd9cdd0b439c719747d4d299fbc625d89ed3f860d378451f567d79810b2a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language fr-FR,fr;q=0.9 Referer https://account.avenir-mutuelle.com/common/recover-account User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Fri, 27 Oct 2023 02:07:47 GMT Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Last-Modified Thu, 26 Oct 2023 09:43:42 GMT server uSphere Content-Encoding gzip X-Frame-Options SAMEORIGIN Transfer-Encoding chunked Content-Type text/javascript; charset=utf-8 Vary Cookie Connection keep-alive X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg account.avenir-mutuelle.com/resources/	4 KB 4 KB	26ms 25ms	Image image/svg+xml	185.178.29.62 TALSION
General Check archive.org Show headers Download Go to Show image Full URL https://account.avenir-mutuelle.com/resources/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg Requested by Host: account.avenir-mutuelle.com URL: https://account.avenir-mutuelle.com/common/recover-account Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.178.29.62 , France, ASN206508 (TALSION, FR), Reverse DNS smtp.rse.polylogis.work Software uSphere / Resource Hash 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language fr-FR,fr;q=0.9 Referer https://account.avenir-mutuelle.com/common/recover-account User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Fri, 27 Oct 2023 02:07:47 GMT Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Last-Modified Thu, 26 Oct 2023 09:43:42 GMT server uSphere Vary Cookie X-Frame-Options SAMEORIGIN Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 3651 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg account.avenir-mutuelle.com/resources/	2 KB 2 KB	24ms 24ms	Image image/svg+xml	185.178.29.62 TALSION
General Check archive.org Show headers Download Go to Show image Full URL https://account.avenir-mutuelle.com/resources/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg Requested by Host: account.avenir-mutuelle.com URL: https://account.avenir-mutuelle.com/common/recover-account Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 185.178.29.62 , France, ASN206508 (TALSION, FR), Reverse DNS smtp.rse.polylogis.work Software uSphere / Resource Hash 0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language fr-FR,fr;q=0.9 Referer https://account.avenir-mutuelle.com/common/recover-account User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Fri, 27 Oct 2023 02:07:47 GMT Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Last-Modified Thu, 26 Oct 2023 09:43:42 GMT server uSphere Vary Cookie X-Frame-Options SAMEORIGIN Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 1864 X-XSS-Protection 1; mode=block

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| $Debug object| $Do function| $Loader function| GetString function| GetErrorString function| GetUrl object| $B object| webpackJsonp object| StringRepository object| PROOF boolean| __ boolean| __convergedlogin_pcustomizationloader_ddc6955191c1ed8e0957 boolean| __convergedlogin_pfetchsessionsprogress_af6a7e05798bc1589a37 boolean| __convergedlogin_pstringcustomizationhelper_9aadf765d76ab50766b5 boolean| __convergedlogin_ppassword_14c7752fe697ea25c3e7

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			account.avenir-mutuelle.com/resources	1969-12-31 23:59:59	Name: csrf_token Value: lchzMBqHuIEionnux77zdnrR5sagB/sLaZgqMpook3I=
			account.avenir-mutuelle.com/common	1969-12-31 23:59:59	Name: csrf_token Value: XxFQ+hC4PxH6fkL8egXhMz1+s8yzFzUxUhUs89Z46jI=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

account.avenir-mutuelle.com
185.178.29.62
01660e542f763dc77c51bed6a1d3e422d5583d3778b9d0ee44c28f37d8e03fe9
02c6e0ac4cebe14cf42f0aad5ea0f14c5f4ab6c321f988d455ed7fa756a80aa5
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
1a0ea89ae667420caeae29d594d53258e6ed157dab7e8dfe6f154f0054b0cf99
1dc4ade4db58be0eeb1344fb1ca43eb5b0658ffa34ad87083206960bb69a2b77
4e88dc20714db3b6e64114677bc36df10fb0ab51482a5c5d48421618c4809007
5e5db30942d45585570d00fcbbc1367602aa2a48efe5863e9f3bb415a3c708c1
a090bd9cdd0b439c719747d4d299fbc625d89ed3f860d378451f567d79810b2a
fe2e69f0fe9b0556bf7744e2296438cce01b469047b212d171f7522bc2a8780d