z.z5.tel
Open in
urlscan Pro
13.38.145.69
Public Scan
Effective URL: https://z.z5.tel/wavestone/campaign/run/campagne-phishing-septembre-2022-fr
Submission: On September 07 via manual from FR — Scanned from FR
Summary
TLS certificate: Issued by Amazon on August 18th 2022. Valid for: a year.
This is the only time z.z5.tel was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 51.15.160.155 51.15.160.155 | 12876 (Online SAS) (Online SAS) | |
4 12 | 13.38.145.69 13.38.145.69 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 52.95.154.56 52.95.154.56 | 16509 (AMAZON-02) (AMAZON-02) | |
12 | 3 |
ASN16509 (AMAZON-02, US)
PTR: ec2-13-38-145-69.eu-west-3.compute.amazonaws.com
z.z5.tel |
ASN16509 (AMAZON-02, US)
PTR: s3-r-w.eu-west-3.amazonaws.com
sensiwave3-prod.s3.eu-west-3.amazonaws.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
z5.tel
4 redirects
z.z5.tel |
105 KB |
3 |
office36o.com
1 redirects
www.office36o.com |
2 KB |
2 |
amazonaws.com
sensiwave3-prod.s3.eu-west-3.amazonaws.com |
8 KB |
12 | 3 |
Domain | Requested by | |
---|---|---|
12 | z.z5.tel |
4 redirects
www.office36o.com
z.z5.tel |
3 | www.office36o.com |
1 redirects
www.office36o.com
|
2 | sensiwave3-prod.s3.eu-west-3.amazonaws.com |
z.z5.tel
|
12 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
7eams.com R3 |
2022-08-19 - 2022-11-17 |
3 months | crt.sh |
*.z5.tel Amazon |
2022-08-18 - 2023-09-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://z.z5.tel/wavestone/campaign/run/campagne-phishing-septembre-2022-fr
Frame ID: 87404E713FEFD34C0C3DF2D654A7583E
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Sign in to your accountPage URL History Show full URLs
-
http://www.office36o.com/GES8YSb53iNrxfxiTx4PIdBjvx8S3Mad?signature=93fc2e9a1a2ee4140a175e8a704732771...
HTTP 301
https://www.office36o.com/GES8YSb53iNrxfxiTx4PIdBjvx8S3Mad?signature=93fc2e9a1a2ee4140a175e8a704732771... Page URL
-
https://z.z5.tel/swauth/GES8YSb53iNrxfxiTx4PIdBjvx8S3Mad
HTTP 302
https://z.z5.tel/wavestone/auth/GES8YSb53iNrxfxiTx4PIdBjvx8S3Mad HTTP 302
https://z.z5.tel/wavestone/campaign/run/campagne-phishing-septembre-2022-fr Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.office36o.com/GES8YSb53iNrxfxiTx4PIdBjvx8S3Mad?signature=93fc2e9a1a2ee4140a175e8a7047327716288acca79dcccaf8579d20bf796878
HTTP 301
https://www.office36o.com/GES8YSb53iNrxfxiTx4PIdBjvx8S3Mad?signature=93fc2e9a1a2ee4140a175e8a7047327716288acca79dcccaf8579d20bf796878 Page URL
-
https://z.z5.tel/swauth/GES8YSb53iNrxfxiTx4PIdBjvx8S3Mad
HTTP 302
https://z.z5.tel/wavestone/auth/GES8YSb53iNrxfxiTx4PIdBjvx8S3Mad HTTP 302
https://z.z5.tel/wavestone/campaign/run/campagne-phishing-septembre-2022-fr Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://www.office36o.com/GES8YSb53iNrxfxiTx4PIdBjvx8S3Mad?signature=93fc2e9a1a2ee4140a175e8a7047327716288acca79dcccaf8579d20bf796878 HTTP 301
- https://www.office36o.com/GES8YSb53iNrxfxiTx4PIdBjvx8S3Mad?signature=93fc2e9a1a2ee4140a175e8a7047327716288acca79dcccaf8579d20bf796878
- https://z.z5.tel/wavestone/media/campaigns/campagne-phishing-septembre-2022-fr/portals_assets/fr-fr/202204141527_logo%20wavestone.PNG HTTP 302
- https://sensiwave3-prod.s3.eu-west-3.amazonaws.com/pv3_wavestone/medias/campaigns/campagne-phishing-septembre-2022-fr/portals_assets/fr-fr/202204141527_logo%20wavestone.PNG?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJUIWM6I6P5YYOXQQ%2F20220907%2Feu-west-3%2Fs3%2Faws4_request&X-Amz-Date=20220907T085214Z&X-Amz-SignedHeaders=host&X-Amz-Expires=2400&X-Amz-Signature=99ea56174f2eb6f95886243f5294440dca49b2f98ba0a36bb784344b24608a80
- https://z.z5.tel/wavestone/media/campaigns/campagne-phishing-septembre-2022-fr/portals_assets/fr-fr/202204201041_couleur.PNG HTTP 302
- https://sensiwave3-prod.s3.eu-west-3.amazonaws.com/pv3_wavestone/medias/campaigns/campagne-phishing-septembre-2022-fr/portals_assets/fr-fr/202204201041_couleur.PNG?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJUIWM6I6P5YYOXQQ%2F20220907%2Feu-west-3%2Fs3%2Faws4_request&X-Amz-Date=20220907T085214Z&X-Amz-SignedHeaders=host&X-Amz-Expires=2400&X-Amz-Signature=aa13c2605507507d7eff1332131a6677c02858f935462813eee95b18e7ad3faa
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
GES8YSb53iNrxfxiTx4PIdBjvx8S3Mad
www.office36o.com/ Redirect Chain
|
403 B 533 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b.js
www.office36o.com/ |
2 KB 859 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
campagne-phishing-septembre-2022-fr
z.z5.tel/wavestone/campaign/run/ Redirect Chain
|
7 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
z.z5.tel/vendor/bootstrap/css/ |
152 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open-iconic-bootstrap.min.css
z.z5.tel/vendor/open-iconic-master/css/ |
9 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sw_ui.css
z.z5.tel/css/ |
4 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
202204141527_logo%20wavestone.PNG
sensiwave3-prod.s3.eu-west-3.amazonaws.com/pv3_wavestone/medias/campaigns/campagne-phishing-septembre-2022-fr/portals_assets/fr-fr/ Redirect Chain
|
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.min.js
z.z5.tel/vendor/jquery/ |
86 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
z.z5.tel/vendor/popper.js/ |
21 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
z.z5.tel/vendor/bootstrap/js/ |
57 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sw_user_ui.js
z.z5.tel/js/ |
175 B 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
202204201041_couleur.PNG
sensiwave3-prod.s3.eu-west-3.amazonaws.com/pv3_wavestone/medias/campaigns/campagne-phishing-septembre-2022-fr/portals_assets/fr-fr/ Redirect Chain
|
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| Popper object| bootstrap function| getCertificate function| switch_lang5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
z.z5.tel/ | Name: PHPSESSID Value: 87it7ma0s7tjjspma38vau1psp |
|
z.z5.tel/ | Name: AWSALB Value: cKXdwF6m/Ktme943eZEaCDossziX1pKys7mXwCSVIy3Fmk9pczaM7X16M+4H8GU62AhqEi561DD8rN1utXdipKg/3dHy5a6qDTU2RbjWFYimPbQMD1q2NHGFMeC7 |
|
z.z5.tel/ | Name: AWSALBCORS Value: cKXdwF6m/Ktme943eZEaCDossziX1pKys7mXwCSVIy3Fmk9pczaM7X16M+4H8GU62AhqEi561DD8rN1utXdipKg/3dHy5a6qDTU2RbjWFYimPbQMD1q2NHGFMeC7 |
|
z.z5.tel/ | Name: XSRF-TOKEN Value: eyJpdiI6InpCY1wvK1Y0RGd2ZjBVb1MyOEpESTZRPT0iLCJ2YWx1ZSI6IkgrMmlpanAzZzFjdDVRUmlmUlBKT1wvdFBrTm0zRDhSVmthdktXMzhSODgxVnZlaGcrVGpVOEtRdHJHVVAzK3UwIiwibWFjIjoiNDRmYTZlODBlMGExNGY2OWRjNTY2MmMyN2Q1ZTg2MWQ3MmJkYjRjZjNmYzMxZDFjMjUyMDJkODA5ZDE2MTY5OCJ9 |
|
z.z5.tel/ | Name: sensiwave_session Value: eyJpdiI6IlFlQWFuRFdYXC9GY25XTEoyRnM1ZEZRPT0iLCJ2YWx1ZSI6IlhOVEFIVjNPVmU1WmdXUHJ6a0hhK2hENElpQkZXejRCMjRSTFhwcmJIQmJOYWhKSWcrTkN3Y2s0U3Y4S0lFRjIiLCJtYWMiOiIwMjcxYWVhMTEzN2RhZTE0MDFjMzI5NjNjZmI2ZjgyODc5ZGIyODJmNGI2MjI2NTkzODg3M2Y2NzJkNGZmMGVmIn0%3D |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
sensiwave3-prod.s3.eu-west-3.amazonaws.com
www.office36o.com
z.z5.tel
13.38.145.69
51.15.160.155
52.95.154.56
049fc6f9efb2edb41dad8912d91053c8d7c11e903d22e19a3e67fd86db9be4c4
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
2b45fe53cd2590454a72c27e4b61b09132f434a53ad2c7d961d6acd0301f2cb4
33c2c61df7f92c3cdd25d4ad53d92a9604c62ccfe5261c2f953657d2e4922d20
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2
99a19df2222e386b58e5a454747113d3fd9e4f81fba433b13391783dbcee512b
ad1c1655664ca51b0a8bd0f269ec835ddf3f17303e84ecca52b7a228a0938d31
b107c7671b16513565cb34c7a35b86b7a9015745fece899fedbd3e1ca7313325
fef69e280730f88cabfdd126beea7eed532fcec854acc5658919963088aa2ce9