pass.carrefoures.es-zona.com
Open in
urlscan Pro
104.131.71.92
Malicious Activity!
Public Scan
Effective URL: https://pass.carrefoures.es-zona.com/
Submission: On December 24 via api from BE — Scanned from ES
Summary
TLS certificate: Issued by R3 on December 21st 2023. Valid for: 3 months.
This is the only time pass.carrefoures.es-zona.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Carrefour (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 195.224.99.184 195.224.99.184 | 5413 (AS5413) (AS5413) | |
1 | 2606:4700::68... 2606:4700::6810:5614 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 11 | 104.131.71.92 104.131.71.92 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
1 2 | 2606:4700::68... 2606:4700::6810:7aaf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 6 |
ASN5413 (AS5413, GB)
PTR: ukc04.uk
www.pass.carrefour-es.mx |
ASN14061 (DIGITALOCEAN-ASN, US)
pass.carrefoures.es-zona.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
es-zona.com
1 redirects
pass.carrefoures.es-zona.com |
5 MB |
2 |
unpkg.com
1 redirects
unpkg.com — Cisco Umbrella Rank: 857 |
14 KB |
2 |
carrefour-es.mx
1 redirects
www.pass.carrefour-es.mx |
775 B |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 204 |
2 KB |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 313 |
2 KB |
14 | 5 |
Domain | Requested by | |
---|---|---|
11 | pass.carrefoures.es-zona.com |
1 redirects
www.pass.carrefour-es.mx
pass.carrefoures.es-zona.com unpkg.com |
2 | unpkg.com |
1 redirects
pass.carrefoures.es-zona.com
|
2 | www.pass.carrefour-es.mx | 1 redirects |
1 | cdnjs.cloudflare.com |
pass.carrefoures.es-zona.com
|
1 | cdn.jsdelivr.net |
www.pass.carrefour-es.mx
|
14 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.pass.carrefour.es |
Subject Issuer | Validity | Valid | |
---|---|---|---|
pass.carrefour-es.mx R3 |
2023-12-16 - 2024-03-15 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-02 - 2024-05-01 |
a year | crt.sh |
pass.carrefoures.es-zona.com R3 |
2023-12-21 - 2024-03-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://pass.carrefoures.es-zona.com/
Frame ID: 8792ACE223205D4324A85DEBA547A81A
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
Carrefour PASS- Acceso Zona Clientes✔️Page URL History Show full URLs
- https://www.pass.carrefour-es.mx/ Page URL
-
https://www.pass.carrefour-es.mx/go.php
HTTP 302
https://pass.carrefoures.es-zona.com/ HTTP 302
https://pass.carrefoures.es-zona.com/b-check/ Page URL
- https://pass.carrefoures.es-zona.com/ Page URL
Detected technologies
jsDelivr (CDN) ExpandDetected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: ¿Has olvidado tu contraseña?
Search URL Search Domain Scan URL
Title: Únete ahora
Search URL Search Domain Scan URL
Title: Solicítala
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www.pass.carrefour-es.mx/ Page URL
-
https://www.pass.carrefour-es.mx/go.php
HTTP 302
https://pass.carrefoures.es-zona.com/ HTTP 302
https://pass.carrefoures.es-zona.com/b-check/ Page URL
- https://pass.carrefoures.es-zona.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://www.pass.carrefour-es.mx/go.php HTTP 302
- https://pass.carrefoures.es-zona.com/ HTTP 302
- https://pass.carrefoures.es-zona.com/b-check/
- https://unpkg.com/htmx.org@1.8.4 HTTP 302
- https://unpkg.com/htmx.org@1.8.4/dist/htmx.min.js
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
www.pass.carrefour-es.mx/ |
195 B 487 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js.cookie.min.js
cdn.jsdelivr.net/npm/js-cookie@3.0.5/dist/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
pass.carrefoures.es-zona.com/b-check/ Redirect Chain
|
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
htmx.min.js
unpkg.com/htmx.org@1.8.4/dist/ Redirect Chain
|
39 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
output.276793ffaa36.js
pass.carrefoures.es-zona.com/static/CACHE/js/ |
480 B 463 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bot.js
pass.carrefoures.es-zona.com/static/js/ |
15 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spinner.gif
cdnjs.cloudflare.com/ajax/libs/x-editable/1.4.3/inputs/select2/lib/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
pass.carrefoures.es-zona.com/b-check/ |
0 226 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
pass.carrefoures.es-zona.com/ |
5 MB 5 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
output.276793ffaa36.js
pass.carrefoures.es-zona.com/static/CACHE/js/ |
480 B 389 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
15 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
10 KB 0 |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-desktop.png
pass.carrefoures.es-zona.com/static/ |
379 KB 379 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Ubuntu-Bold.ttf
pass.carrefoures.es-zona.com/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
373 KB 373 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Ubuntu-Medium.ttf
pass.carrefoures.es-zona.com/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
278 KB 278 KB |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
30 KB 30 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Ubuntu-Regular.ttf
pass.carrefoures.es-zona.com/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
264 KB 264 KB |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
293 KB 293 KB |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Carrefour (Financial)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| rot13 object| deobfuscate_elements string| converted2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.pass.carrefour-es.mx/ | Name: _c_t_c Value: 1 |
|
pass.carrefoures.es-zona.com/ | Name: sessionid Value: lgjjgicenguhicu9i2hnpkvk6x65k52y |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdnjs.cloudflare.com
pass.carrefoures.es-zona.com
unpkg.com
www.pass.carrefour-es.mx
104.131.71.92
195.224.99.184
2606:4700::6810:5614
2606:4700::6810:7aaf
2606:4700::6811:180e
0567a0c534c52ccbb886548588a44f0cd69eae172cbd38e7536b948f6098c7c6
1cbbb925877b430133b58622508783a3aa584636ce81867edc2295d087cfc133
276793ffaa362fe23e6684786ea1758d3c9c0f35a2f6d8a6b44cf74276f512cb
2e7c409e1cec260ce69ce35fc1a3f434a5f02dfca1a2c1957be5d22bdae9b952
407187954aa77921d8c1ced49e3e2bba2cf1eb5eac407fb62eb3d5d718cf7304
582cc085dd8fea044917d1efde838e77e845262fd025bbfe0339f808607c81f6
633d596f7288835ff04eba1105f41cf6fe5c9ffed41f2cb20a3f00fb035c0c8b
6391bacfed01eb47da06bc9cbeb681968f77bdac7c1fd70b748468f50d195adf
711c3b14734853f12f1dfac81b78a857aec196a6ad505be176f9f957d56683ee
7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa
804c40b2d0b936488b0010625c9adf70024a09be3412f5544fc1c3a13881474e
84e838b19ee1ad7a8fac184a988893f5f7b2566fca3d4e4794d393100b894af4
b4fe62639dceb1ab793412f119b3221fc0a07d12a240be01460cac084c24a1db
df72edb141a16578945a0356c8a6a37239015251962071639b99b0184691ed1d
e8e147e15907f25cad69b2bcf060213efad4ed04e0d36374715cbca17b2afc1c
f6ecff617ec2ba7f559e6f535cad9b70a3f91120737535dab4d4548a6c83576c
fb8177ef6d51eeed2b036af06f95e97db80acbfd442d0de4d37556fad56dfeb6