Submitted URL: https://t.co/lG9ORp8txG
Effective URL: https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798
Submission: On October 26 via api from PL — Scanned from DE

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 18 HTTP transactions. The main IP is 5.44.160.3, located in France and belongs to SYSTONIC-AS, FR. The main domain is ixiresidences.fr.
TLS certificate: Issued by R3 on August 26th 2022. Valid for: 3 months.
This is the only time ixiresidences.fr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Credit Agricole (Banking)

Domain & IP information

IP Address AS Autonomous System
1 104.244.42.5 13414 (TWITTER)
1 4 40.88.23.18 8075 (MICROSOFT...)
1 2620:1ec:46::45 8068 (MICROSOFT...)
1 66.155.71.150 13768 (COGECO-PEER1)
2 2 2600:1901:0:8... 15169 (GOOGLE)
3 15 5.44.160.3 38926 (SYSTONIC-AS)
18 6
Apex Domain
Subdomains
Transfer
15 ixiresidences.fr
ixiresidences.fr
585 KB
4 epica.ai
cdn.epica.ai — Cisco Umbrella Rank: 208716
cm.epica.ai — Cisco Umbrella Rank: 8868
pixel.epica.ai — Cisco Umbrella Rank: 230225
42 KB
2 pro-market.net
fei.pro-market.net — Cisco Umbrella Rank: 2526
822 B
1 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 602
191 B
1 epk.is
epk.is
2 KB
1 t.co
t.co — Cisco Umbrella Rank: 483
541 B
18 6
Domain Requested by
15 ixiresidences.fr 3 redirects epk.is
ixiresidences.fr
2 fei.pro-market.net 2 redirects
2 cm.epica.ai 1 redirects
1 pixel.epica.ai epk.is
1 pixel-sync.sitescout.com epk.is
1 cdn.epica.ai epk.is
1 epk.is t.co
1 t.co
18 8

This site contains no links.

Subject Issuer Validity Valid
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-07 -
2023-03-06
a year crt.sh
*.epk.is
R3
2022-10-25 -
2023-01-23
3 months crt.sh
*.epica.ai
DigiCert TLS RSA SHA256 2020 CA1
2021-12-08 -
2022-12-10
a year crt.sh
*.sitescout.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1
2021-12-15 -
2023-01-15
a year crt.sh
ixiresidences.fr
R3
2022-08-26 -
2022-11-24
3 months crt.sh

This page contains 1 frames:

Primary Page: https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798
Frame ID: E8DB0EADA138F5C90509694D8FA09579
Requests: 19 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://t.co/lG9ORp8txG Page URL
  2. https://epk.is/GdEjE Page URL
  3. https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/?epica_id=eyJzaHVfaWQiOiJkMzk1ND... HTTP 302
    https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/index.php HTTP 302
    https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/index.php?valid=true&id=22921880 HTTP 302
    https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <div class="[^"]*parbase

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

18
Requests

94 %
HTTPS

33 %
IPv6

6
Domains

8
Subdomains

6
IPs

3
Countries

627 kB
Transfer

1927 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/lG9ORp8txG Page URL
  2. https://epk.is/GdEjE Page URL
  3. https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/?epica_id=eyJzaHVfaWQiOiJkMzk1NDljYy0xNTdkLTRjOTYtYjViYi0yYjFmOGY2NGUwZmMifQ%3D%3D HTTP 302
    https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/index.php HTTP 302
    https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/index.php?valid=true&id=22921880 HTTP 302
    https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://cm.epica.ai/api/v1/cookie_matcher/datonics?shu_id=d39549cc-157d-4c96-b5bb-2b1f8f64e0fc&write_key=4ddb2f2ec6aa410a32715bd3127985be HTTP 302
  • https://fei.pro-market.net/engine?site=159114&size=1x1&mimetype=img&du=14&csync=a9a3144b-51f4-468f-81eb-bcb55e8875de&rnd=1666766224785543 HTTP 302
  • https://fei.pro-market.net/engine?site=159114&size=1x1&mimetype=img&du=14&csync=a9a3144b-51f4-468f-81eb-bcb55e8875de&rnd=1666766224785543&sr HTTP 302
  • https://cm.epica.ai/api/v1/cookie_matcher/datonics?datonics_id=8298799768788878342&anonymous_id=&write_key=

18 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
lG9ORp8txG
t.co/
215 B
541 B
Document
General
Full URL
https://t.co/lG9ORp8txG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private,max-age=300
content-encoding
gzip
content-length
170
content-type
text/html; charset=utf-8
date
Wed, 26 Oct 2022 06:37:03 GMT
expires
Wed, 26 Oct 2022 06:42:03 GMT
perf
7626143928
server
tsa_o
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
0e3905d0d3bab8eace57dfe0c004ca545cba9de60830ee56021d99ef3ad1ab7e
x-response-time
118
x-transaction-id
247cc4f68dab2c9d
x-xss-protection
0
GdEjE
epk.is/
3 KB
2 KB
Document
General
Full URL
https://epk.is/GdEjE
Requested by
Host: t.co
URL: https://t.co/lG9ORp8txG
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.88.23.18 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
openresty/1.15.8.2 /
Resource Hash
7f1922560dd69fbcb4500783e4c152c2eb5b555795e93bc594bb7a56e6040ac4
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://t.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-origin
https://platform.epica.ai
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 26 Oct 2022 06:37:04 GMT
server
openresty/1.15.8.2
strict-transport-security
max-age=15724800; includeSubDomains
vary
Accept-Encoding
epica.min.js
cdn.epica.ai/epica.js/v1/4ddb2f2ec6aa410a32715bd3127985be/
154 KB
40 KB
Script
General
Full URL
https://cdn.epica.ai/epica.js/v1/4ddb2f2ec6aa410a32715bd3127985be/epica.min.js
Requested by
Host: epk.is
URL: https://epk.is/GdEjE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
88b6ff2f39fcce7bef859789db3de61c405c2c801c788a3116b4f6ab09b8115a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://epk.is/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 26 Oct 2022 06:37:04 GMT
content-encoding
br
last-modified
Sat, 15 Oct 2022 10:07:03 GMT
server
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-md5
W3pF+UFzIa6xDJEpdcHRag==
x-azure-ref-originshield
0/IVYYwAAAAACbNAWyOP+T50D3ApDvuYFQU1TMDRFREdFMTkyMQA0MDY1NGMyNy0yYjk1LTQzOGQtYjdiYi05Nzk4NTY1ZTAwMzg=
etag
"0x8DAAE9501F26528"
x-azure-ref
0kNVYYwAAAAAuUjUESND3Q6mTtCgHGRyvQlJVMzBFREdFMDQxNQA0MDY1NGMyNy0yYjk1LTQzOGQtYjdiYi05Nzk4NTY1ZTAwMzg=
x-cache
TCP_HIT
content-type
application/octet-stream
access-control-allow-origin
*
x-ms-request-id
66e21c56-601e-005d-4592-e8c6d1000000
x-ms-version
2018-03-28
accept-ranges
bytes
usersync
pixel-sync.sitescout.com/connectors/poderio/
0
191 B
Image
General
Full URL
https://pixel-sync.sitescout.com/connectors/poderio/usersync?redir=https%3A%2F%2Fcm.epica.ai%2Fapi%2Fv1%2Fcookie_matcher%2Fcentro%3Fcentro_id%3D%7BuserId%7D%26shu_id%3Dd39549cc-157d-4c96-b5bb-2b1f8f64e0fc%26write_key%3D4ddb2f2ec6aa410a32715bd3127985be
Requested by
Host: epk.is
URL: https://epk.is/GdEjE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://epk.is/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma
no-cache
date
Wed, 26 Oct 2022 06:37:04 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
expires
Tue, 11 Oct 1977 12:34:56 GMT
datonics
cm.epica.ai/api/v1/cookie_matcher/
Redirect Chain
  • https://cm.epica.ai/api/v1/cookie_matcher/datonics?shu_id=d39549cc-157d-4c96-b5bb-2b1f8f64e0fc&write_key=4ddb2f2ec6aa410a32715bd3127985be
  • https://fei.pro-market.net/engine?site=159114&size=1x1&mimetype=img&du=14&csync=a9a3144b-51f4-468f-81eb-bcb55e8875de&rnd=1666766224785543
  • https://fei.pro-market.net/engine?site=159114&size=1x1&mimetype=img&du=14&csync=a9a3144b-51f4-468f-81eb-bcb55e8875de&rnd=1666766224785543&sr
  • https://cm.epica.ai/api/v1/cookie_matcher/datonics?datonics_id=8298799768788878342&anonymous_id=&write_key=
43 B
479 B
Image
General
Full URL
https://cm.epica.ai/api/v1/cookie_matcher/datonics?datonics_id=8298799768788878342&anonymous_id=&write_key=
Protocol
H2
Server
40.88.23.18 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
openresty/1.15.8.2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://epk.is/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 26 Oct 2022 06:37:05 GMT
strict-transport-security
max-age=15724800; includeSubDomains
server
openresty/1.15.8.2
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length
43

Redirect headers

pragma
no-cache
date
Wed, 26 Oct 2022 06:37:04 GMT
via
1.1 google
server
Apache-Coyote/1.1
anserver
gapp-eu-5.c.datonics-gcp-01.internal
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
access-control-allow-origin
*
location
https://cm.epica.ai/api/v1/cookie_matcher/datonics?datonics_id=8298799768788878342&anonymous_id=&write_key=
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
expires
Mon, 1 Jan 1990 0:0:0 GMT
/
pixel.epica.ai/api/v1/shu/
43 B
388 B
Image
General
Full URL
https://pixel.epica.ai/api/v1/shu/?data=eyJpbnRlZ3JhdGlvbnMiOnt9LCJjb250ZXh0Ijp7InBhZ2UiOnsicGF0aCI6Ii9HZEVqRSIsInJlZmVycmVyIjoiaHR0cHM6Ly90LmNvLyIsInNlYXJjaCI6IiIsInRpdGxlIjoiIiwidXJsIjoiaHR0cHM6Ly9lcGsuaXMvR2RFakUiLCJ1cmxfaWQiOiI2ODUxOSIsInVybF9tZXRhZGF0YSI6eyJ0aXRsZSI6IiIsImZ1bGxfdXJsIjoiaHR0cHM6Ly9peGlyZXNpZGVuY2VzLmZyL0Fncmljb2xlL3VuemlwL25ld2VlL25ld2VlL25ld2VlL25ldy9xOTk1NTAvIn19LCJjYW1wYWlnbiI6eyJuYW1lIjoiIiwidGVybSI6IiIsInNvdXJjZSI6IiIsIm1lZGl1bSI6IiIsImNvbnRlbnQiOiIifX0sIndyaXRlS2V5IjoiNGRkYjJmMmVjNmFhNDEwYTMyNzE1YmQzMTI3OTg1YmUiLCJtZXNzYWdlSWQiOiJhanMtZjVmOWU4MjNkN2U4MTE5M2Q4OTBkYTI4NjIyMmE2ZmQiLCJhbm9ueW1vdXNJZCI6ImQzOTU0OWNjLTE1N2QtNGM5Ni1iNWJiLTJiMWY4ZjY0ZTBmYyIsImVwaWNhU2Vzc2lvbiI6eyJzZXNzaW9uSWQiOjE2NjY3NjYyMjQ0NTksImV2ZW50TnVtYmVyIjoxfSwidXNlcklkIjpudWxsLCJwcm9wZXJ0aWVzIjp7InBhdGgiOiIvR2RFakUiLCJyZWZlcnJlciI6Imh0dHBzOi8vdC5jby8iLCJzZWFyY2giOiIiLCJ0aXRsZSI6IiIsInVybCI6Imh0dHBzOi8vZXBrLmlzL0dkRWpFIiwidXJsX2lkIjoiNjg1MTkiLCJ1cmxfbWV0YWRhdGEiOnsidGl0bGUiOiIiLCJmdWxsX3VybCI6Imh0dHBzOi8vaXhpcmVzaWRlbmNlcy5mci9BZ3JpY29sZS91bnppcC9uZXdlZS9uZXdlZS9uZXdlZS9uZXcvcTk5NTUwLyJ9fX0%3D
Requested by
Host: epk.is
URL: https://epk.is/GdEjE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.88.23.18 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
openresty/1.15.8.2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://epk.is/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 26 Oct 2022 06:37:04 GMT
strict-transport-security
max-age=15724800; includeSubDomains
server
openresty/1.15.8.2
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length
43
Primary Request a6635011.php
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/
Redirect Chain
  • https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/?epica_id=eyJzaHVfaWQiOiJkMzk1NDljYy0xNTdkLTRjOTYtYjViYi0yYjFmOGY2NGUwZmMifQ%3D%3D
  • https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/index.php
  • https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/index.php?valid=true&id=22921880
  • https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798
13 KB
4 KB
Document
General
Full URL
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798
Requested by
Host: epk.is
URL: https://epk.is/GdEjE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.44.160.3 , France, ASN38926 (SYSTONIC-AS, FR),
Reverse DNS
antispam3.sys1.fr
Software
Apache / PHP/7.2.33
Resource Hash
f603944070175a80eb4a8b78948ce3fa56de74b087f76a8b179c77602d5f74f1

Request headers

Referer
https://epk.is/GdEjE
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
3353
Content-Type
text/html; charset-UTF-8;charset=UTF-8
Date
Wed, 26 Oct 2022 06:37:05 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=15, max=98
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
X-Powered-By
PHP/7.2.33

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
417
Content-Type
text/html; charset-UTF-8;charset=UTF-8
Date
Wed, 26 Oct 2022 06:37:05 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=15, max=99
Location
./a6635011.php?id=53341798
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
X-Powered-By
PHP/7.2.33
6997f510.css
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/
1 MB
169 KB
Stylesheet
General
Full URL
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/6997f510.css
Requested by
Host: ixiresidences.fr
URL: https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.44.160.3 , France, ASN38926 (SYSTONIC-AS, FR),
Reverse DNS
antispam3.sys1.fr
Software
Apache /
Resource Hash
74a3ce7b4b1c07d85bfb5aeb0ec7c32914f348e7262e236271e135a991a61c3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Wed, 26 Oct 2022 06:37:05 GMT
Content-Encoding
gzip
Last-Modified
Tue, 25 Oct 2022 17:52:55 GMT
Server
Apache
ETag
"143120-5ebdf93ec08a0-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=97
1f61aaac.css
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/
15 KB
4 KB
Stylesheet
General
Full URL
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/1f61aaac.css
Requested by
Host: ixiresidences.fr
URL: https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.44.160.3 , France, ASN38926 (SYSTONIC-AS, FR),
Reverse DNS
antispam3.sys1.fr
Software
Apache /
Resource Hash
91f03ca0626fae8c1f0ed8db8eb4df4b927071bc2f1f5cff4fbe1a97a2babfc3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Wed, 26 Oct 2022 06:37:05 GMT
Content-Encoding
gzip
Last-Modified
Tue, 25 Oct 2022 17:52:55 GMT
Server
Apache
ETag
"3dcc-5ebdf93ebe960-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
4067
3d681eff.css
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/
19 KB
5 KB
Stylesheet
General
Full URL
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/3d681eff.css
Requested by
Host: ixiresidences.fr
URL: https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.44.160.3 , France, ASN38926 (SYSTONIC-AS, FR),
Reverse DNS
antispam3.sys1.fr
Software
Apache /
Resource Hash
0093bc28c850f155462b7c8892fe1f840b4da40590a45fcab97e962ddb624606

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Wed, 26 Oct 2022 06:37:05 GMT
Content-Encoding
gzip
Last-Modified
Tue, 25 Oct 2022 17:52:55 GMT
Server
Apache
ETag
"4b32-5ebdf93ebe960-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
4648
d41d8cd9.css
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/
0
265 B
Stylesheet
General
Full URL
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/d41d8cd9.css
Requested by
Host: ixiresidences.fr
URL: https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.44.160.3 , France, ASN38926 (SYSTONIC-AS, FR),
Reverse DNS
antispam3.sys1.fr
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Wed, 26 Oct 2022 06:37:05 GMT
Last-Modified
Tue, 25 Oct 2022 17:52:55 GMT
Server
Apache
ETag
"0-5ebdf93ec08a0"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
0
CA_Logo_seul-1.svg
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/imgs//
16 KB
5 KB
Image
General
Full URL
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/imgs//CA_Logo_seul-1.svg
Requested by
Host: ixiresidences.fr
URL: https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.44.160.3 , France, ASN38926 (SYSTONIC-AS, FR),
Reverse DNS
antispam3.sys1.fr
Software
Apache /
Resource Hash
4a3b0d2a941677f6fb37a438d20deacc3cea1d6fdc728f72cf3d7ca099cc0ca9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Wed, 26 Oct 2022 06:37:05 GMT
Content-Encoding
gzip
Last-Modified
Tue, 25 Oct 2022 17:52:55 GMT
Server
Apache
ETag
"3f78-5ebdf93ec1840-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
truncated
/
901 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
76155584344103aa0faa76819ed842f16b3ddb62f37d90b36549ac738404721b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/jpeg
acces_cr_part_carre.jpg
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/imgs//
238 KB
220 KB
Image
General
Full URL
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/imgs//acces_cr_part_carre.jpg
Requested by
Host: ixiresidences.fr
URL: https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.44.160.3 , France, ASN38926 (SYSTONIC-AS, FR),
Reverse DNS
antispam3.sys1.fr
Software
Apache /
Resource Hash
c4966ab5e78e2270952b89576c4a0a386e8a7ea673c56f0f396d620abf4f81b8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/a6635011.php?id=53341798
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Wed, 26 Oct 2022 06:37:05 GMT
Content-Encoding
gzip
Last-Modified
Tue, 25 Oct 2022 17:52:55 GMT
Server
Apache
ETag
"3b8cf-5ebdf93ec1840-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=96
npcicons-crunchy.woff2
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/clientlib-resources/resources/fonts/npcicons-crunchy/
16 KB
16 KB
Font
General
Full URL
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/clientlib-resources/resources/fonts/npcicons-crunchy/npcicons-crunchy.woff2
Requested by
Host: ixiresidences.fr
URL: https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/6997f510.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.44.160.3 , France, ASN38926 (SYSTONIC-AS, FR),
Reverse DNS
antispam3.sys1.fr
Software
Apache /
Resource Hash
2b4f1630e7cc5b5f4b6dd7b74888509cf60f756f29f3b4405cd0310c10155361

Request headers

Referer
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/6997f510.css
Origin
https://ixiresidences.fr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Wed, 26 Oct 2022 06:37:05 GMT
Content-Encoding
gzip
Last-Modified
Tue, 25 Oct 2022 17:52:55 GMT
Server
Apache
ETag
"3efc-5ebdf93ec08a0-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Gotham-Book.woff2
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/
41 KB
41 KB
Font
General
Full URL
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/Gotham-Book.woff2
Requested by
Host: ixiresidences.fr
URL: https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/6997f510.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.44.160.3 , France, ASN38926 (SYSTONIC-AS, FR),
Reverse DNS
antispam3.sys1.fr
Software
Apache /
Resource Hash
3f51250e2d3ef478f59bc89cb67681b5ed423f8f8dc22062fb49e101e5032a2e

Request headers

Referer
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/6997f510.css
Origin
https://ixiresidences.fr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Wed, 26 Oct 2022 06:37:05 GMT
Content-Encoding
gzip
Last-Modified
Tue, 25 Oct 2022 17:52:55 GMT
Server
Apache
ETag
"a300-5ebdf93ec08a0-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Gotham-Bold.woff2
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/
38 KB
39 KB
Font
General
Full URL
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/Gotham-Bold.woff2
Requested by
Host: ixiresidences.fr
URL: https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/6997f510.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.44.160.3 , France, ASN38926 (SYSTONIC-AS, FR),
Reverse DNS
antispam3.sys1.fr
Software
Apache /
Resource Hash
319881caca6f5f0d1e8e24040579d93386008e39dee1045965124b86303143e1

Request headers

Referer
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/6997f510.css
Origin
https://ixiresidences.fr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Wed, 26 Oct 2022 06:37:05 GMT
Content-Encoding
gzip
Last-Modified
Tue, 25 Oct 2022 17:52:55 GMT
Server
Apache
ETag
"9960-5ebdf93ec08a0-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Gotham-Medium.woff2
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/
41 KB
41 KB
Font
General
Full URL
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/Gotham-Medium.woff2
Requested by
Host: ixiresidences.fr
URL: https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/6997f510.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.44.160.3 , France, ASN38926 (SYSTONIC-AS, FR),
Reverse DNS
antispam3.sys1.fr
Software
Apache /
Resource Hash
ba17f8257b1f710aa0e7136f4bd4b91a9a7db4f9cac2c409caf8708a64787303

Request headers

Referer
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/6997f510.css
Origin
https://ixiresidences.fr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Wed, 26 Oct 2022 06:37:05 GMT
Content-Encoding
gzip
Last-Modified
Tue, 25 Oct 2022 17:52:55 GMT
Server
Apache
ETag
"a210-5ebdf93ec08a0-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Gotham-Light.woff2
ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/
39 KB
40 KB
Font
General
Full URL
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/clientlib-resources/resources/fonts/gotham/Gotham-Light.woff2
Requested by
Host: ixiresidences.fr
URL: https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/6997f510.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.44.160.3 , France, ASN38926 (SYSTONIC-AS, FR),
Reverse DNS
antispam3.sys1.fr
Software
Apache /
Resource Hash
e266d1f2bcf1da0faff6964637fdcd9a4e47c50a7a56be74424f409f30c83c5e

Request headers

Referer
https://ixiresidences.fr/Agricole/unzip/newee/newee/newee/new/q99550/layouts/css/6997f510.css
Origin
https://ixiresidences.fr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Wed, 26 Oct 2022 06:37:05 GMT
Content-Encoding
gzip
Last-Modified
Tue, 25 Oct 2022 17:52:55 GMT
Server
Apache
ETag
"9d58-5ebdf93ec08a0-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=98

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Credit Agricole (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

8 Cookies

Domain/Path Name / Value
.t.co/ Name: muc
Value: 08342705-c37b-4fdb-bee1-9eeb962506c8
.epk.is/ Name: ajs_user_id
Value: null
.epk.is/ Name: ajs_group_id
Value: null
.epk.is/ Name: ajs_anonymous_id
Value: %22d39549cc-157d-4c96-b5bb-2b1f8f64e0fc%22
epk.is/ Name: epica_session_d39549cc-157d-4c96-b5bb-2b1f8f64e0fc
Value: eyJzZXNzaW9uSWQiOjE2NjY3NjYyMjQ0NTksImxhc3RFdmVudFRpbWUiOjE2NjY3NjYyMjQ0NTksImV2ZW50TnVtYmVyIjoxfQ%3D%3D
.pro-market.net/ Name: anProfile
Value: "1r1tazyrwi7t2+1+1f=1+1g=1+1j=41+rs=s+rt=20011B60101000021011D1A6D3B7AA9A+s2=(rkcl1s)+vm=14-a9a3144b-51f4-468f-81eb-bcb55e8875de"
ixiresidences.fr/ Name: PHPSESSID
Value: 459a6e919a25fb62d14d02f63332fd3e
.epk.is/ Name: pdr_sync_datonics
Value: d39549cc-157d-4c96-b5bb-2b1f8f64e0fc

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0