ixiresidences.fr
Open in
urlscan Pro
5.44.160.3
Malicious Activity!
Public Scan
Effective URL: https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798
Submission: On October 26 via api from PL — Scanned from DE
Summary
TLS certificate: Issued by R3 on August 26th 2022. Valid for: 3 months.
This is the only time ixiresidences.fr was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Credit Agricole (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 104.244.42.5 104.244.42.5 | 13414 (TWITTER) (TWITTER) | |
1 4 | 40.88.23.18 40.88.23.18 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2620:1ec:46::45 2620:1ec:46::45 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 66.155.71.150 66.155.71.150 | 13768 (COGECO-PEER1) (COGECO-PEER1) | |
2 2 | 2600:1901:0:8... 2600:1901:0:8eee:: | 15169 (GOOGLE) (GOOGLE) | |
3 15 | 5.44.160.3 5.44.160.3 | 38926 (SYSTONIC-AS) (SYSTONIC-AS) | |
18 | 6 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
epk.is | |
cm.epica.ai | |
pixel.epica.ai |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
ixiresidences.fr
3 redirects
ixiresidences.fr |
585 KB |
4 |
epica.ai
1 redirects
cdn.epica.ai — Cisco Umbrella Rank: 208716 cm.epica.ai — Cisco Umbrella Rank: 8868 pixel.epica.ai — Cisco Umbrella Rank: 230225 |
42 KB |
2 |
pro-market.net
2 redirects
fei.pro-market.net — Cisco Umbrella Rank: 2526 |
822 B |
1 |
sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 602 |
191 B |
1 |
epk.is
epk.is |
2 KB |
1 |
t.co
t.co — Cisco Umbrella Rank: 483 |
541 B |
18 | 6 |
Domain | Requested by | |
---|---|---|
15 | ixiresidences.fr |
3 redirects
epk.is
ixiresidences.fr |
2 | fei.pro-market.net | 2 redirects |
2 | cm.epica.ai | 1 redirects |
1 | pixel.epica.ai |
epk.is
|
1 | pixel-sync.sitescout.com |
epk.is
|
1 | cdn.epica.ai |
epk.is
|
1 | epk.is |
t.co
|
1 | t.co | |
18 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-03-07 - 2023-03-06 |
a year | crt.sh |
*.epk.is R3 |
2022-10-25 - 2023-01-23 |
3 months | crt.sh |
*.epica.ai DigiCert TLS RSA SHA256 2020 CA1 |
2021-12-08 - 2022-12-10 |
a year | crt.sh |
*.sitescout.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1 |
2021-12-15 - 2023-01-15 |
a year | crt.sh |
ixiresidences.fr R3 |
2022-08-26 - 2022-11-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798
Frame ID: E8DB0EADA138F5C90509694D8FA09579
Requests: 19 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://t.co/lG9ORp8txG Page URL
- https://epk.is/GdEjE Page URL
-
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/?epica_id=eyJzaHVfaWQiOiJkMzk1ND...
HTTP 302
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/index.php HTTP 302
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/index.php?valid=true&id=22921880 HTTP 302
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798 Page URL
Detected technologies
Adobe Experience Manager (CMS) ExpandDetected patterns
- <div class="[^"]*parbase
PHP (Programming Languages) Expand
Detected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://t.co/lG9ORp8txG Page URL
- https://epk.is/GdEjE Page URL
-
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/?epica_id=eyJzaHVfaWQiOiJkMzk1NDljYy0xNTdkLTRjOTYtYjViYi0yYjFmOGY2NGUwZmMifQ%3D%3D
HTTP 302
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/index.php HTTP 302
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/index.php?valid=true&id=22921880 HTTP 302
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://cm.epica.ai/api/v1/cookie_matcher/datonics?shu_id=d39549cc-157d-4c96-b5bb-2b1f8f64e0fc&write_key=4ddb2f2ec6aa410a32715bd3127985be HTTP 302
- https://fei.pro-market.net/engine?site=159114&size=1x1&mimetype=img&du=14&csync=a9a3144b-51f4-468f-81eb-bcb55e8875de&rnd=1666766224785543 HTTP 302
- https://fei.pro-market.net/engine?site=159114&size=1x1&mimetype=img&du=14&csync=a9a3144b-51f4-468f-81eb-bcb55e8875de&rnd=1666766224785543&sr HTTP 302
- https://cm.epica.ai/api/v1/cookie_matcher/datonics?datonics_id=8298799768788878342&anonymous_id=&write_key=
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
lG9ORp8txG
t.co/ |
215 B 541 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GdEjE
epk.is/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
epica.min.js
cdn.epica.ai/epica.js/v1/4ddb2f2ec6aa410a32715bd3127985be/ |
154 KB 40 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
usersync
pixel-sync.sitescout.com/connectors/poderio/ |
0 191 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
datonics
cm.epica.ai/api/v1/cookie_matcher/ Redirect Chain
|
43 B 479 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
pixel.epica.ai/api/v1/shu/ |
43 B 388 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
a6635011.php
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/ Redirect Chain
|
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
6997f510.css
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/ |
1 MB 169 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1f61aaac.css
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/ |
15 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3d681eff.css
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/ |
19 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d41d8cd9.css
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/ |
0 265 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
CA_Logo_seul-1.svg
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/imgs// |
16 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
901 B 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
acces_cr_part_carre.jpg
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/imgs// |
238 KB 220 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
npcicons-crunchy.woff2
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/clientlib-resources/resources/fonts/npcicons-crunchy/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Gotham-Book.woff2
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/ |
41 KB 41 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Gotham-Bold.woff2
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/ |
38 KB 39 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Gotham-Medium.woff2
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/ |
41 KB 41 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Gotham-Light.woff2
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/ |
39 KB 40 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Credit Agricole (Banking)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.t.co/ | Name: muc Value: 08342705-c37b-4fdb-bee1-9eeb962506c8 |
|
.epk.is/ | Name: ajs_user_id Value: null |
|
.epk.is/ | Name: ajs_group_id Value: null |
|
.epk.is/ | Name: ajs_anonymous_id Value: %22d39549cc-157d-4c96-b5bb-2b1f8f64e0fc%22 |
|
epk.is/ | Name: epica_session_d39549cc-157d-4c96-b5bb-2b1f8f64e0fc Value: eyJzZXNzaW9uSWQiOjE2NjY3NjYyMjQ0NTksImxhc3RFdmVudFRpbWUiOjE2NjY3NjYyMjQ0NTksImV2ZW50TnVtYmVyIjoxfQ%3D%3D |
|
.pro-market.net/ | Name: anProfile Value: "1r1tazyrwi7t2+1+1f=1+1g=1+1j=41+rs=s+rt=20011B60101000021011D1A6D3B7AA9A+s2=(rkcl1s)+vm=14-a9a3144b-51f4-468f-81eb-bcb55e8875de" |
|
ixiresidences.fr/ | Name: PHPSESSID Value: 459a6e919a25fb62d14d02f63332fd3e |
|
.epk.is/ | Name: pdr_sync_datonics Value: d39549cc-157d-4c96-b5bb-2b1f8f64e0fc |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=0 |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.epica.ai
cm.epica.ai
epk.is
fei.pro-market.net
ixiresidences.fr
pixel-sync.sitescout.com
pixel.epica.ai
t.co
104.244.42.5
2600:1901:0:8eee::
2620:1ec:46::45
40.88.23.18
5.44.160.3
66.155.71.150
0093bc28c850f155462b7c8892fe1f840b4da40590a45fcab97e962ddb624606
2b4f1630e7cc5b5f4b6dd7b74888509cf60f756f29f3b4405cd0310c10155361
319881caca6f5f0d1e8e24040579d93386008e39dee1045965124b86303143e1
3f51250e2d3ef478f59bc89cb67681b5ed423f8f8dc22062fb49e101e5032a2e
4a3b0d2a941677f6fb37a438d20deacc3cea1d6fdc728f72cf3d7ca099cc0ca9
74a3ce7b4b1c07d85bfb5aeb0ec7c32914f348e7262e236271e135a991a61c3a
76155584344103aa0faa76819ed842f16b3ddb62f37d90b36549ac738404721b
7f1922560dd69fbcb4500783e4c152c2eb5b555795e93bc594bb7a56e6040ac4
88b6ff2f39fcce7bef859789db3de61c405c2c801c788a3116b4f6ab09b8115a
91f03ca0626fae8c1f0ed8db8eb4df4b927071bc2f1f5cff4fbe1a97a2babfc3
ba17f8257b1f710aa0e7136f4bd4b91a9a7db4f9cac2c409caf8708a64787303
c4966ab5e78e2270952b89576c4a0a386e8a7ea673c56f0f396d620abf4f81b8
e266d1f2bcf1da0faff6964637fdcd9a4e47c50a7a56be74424f409f30c83c5e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f603944070175a80eb4a8b78948ce3fa56de74b087f76a8b179c77602d5f74f1