appelorange-1.es.cx
Open in
urlscan Pro
185.27.134.136
Malicious Activity!
Public Scan
Effective URL: http://appelorange-1.es.cx/?i=1
Submission: On March 22 via automatic, source openphish
Summary
This is the only time appelorange-1.es.cx was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Orange (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 80.67.188.109 80.67.188.109 | 20766 (GITOYEN-M...) (GITOYEN-MAIN-AS The main Autonomous System of Gitoyen (Paris) | |
4 | 185.27.134.136 185.27.134.136 | 34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited) | |
1 | 37.59.114.67 37.59.114.67 | 16276 (OVH) (OVH) | |
2 | 104.24.186.20 104.24.186.20 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 35.190.64.167 35.190.64.167 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
8 | 5 |
ASN20766 (GITOYEN-MAIN-AS The main Autonomous System of Gitoyen (Paris, France)., FR)
PTR: bm.didry.org
lstu.fr |
ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
PTR: 13613427185.ifastnet.org
appelorange-1.es.cx |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnondemand.org |
ASN15169 (GOOGLE - Google LLC, US)
PTR: 167.64.190.35.bc.googleusercontent.com
onclickmega.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
es.cx
appelorange-1.es.cx |
118 KB |
2 |
cdnondemand.org
cdnondemand.org |
16 KB |
1 |
onclickmega.com
onclickmega.com |
153 B |
1 |
host.com.es
host.com.es |
6 KB |
1 |
lstu.fr
1 redirects
lstu.fr |
130 B |
8 | 5 |
Domain | Requested by | |
---|---|---|
4 | appelorange-1.es.cx |
appelorange-1.es.cx
|
2 | cdnondemand.org |
appelorange-1.es.cx
|
1 | onclickmega.com |
appelorange-1.es.cx
|
1 | host.com.es |
appelorange-1.es.cx
|
1 | lstu.fr | 1 redirects |
8 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://appelorange-1.es.cx/?i=1
Frame ID: 6CE5B4FD3D9146004860E80402899FDC
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://lstu.fr/appel-orange
HTTP 301
http://appelorange-1.es.cx/ Page URL
- http://appelorange-1.es.cx/?i=1 Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://lstu.fr/appel-orange
HTTP 301
http://appelorange-1.es.cx/ Page URL
- http://appelorange-1.es.cx/?i=1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://lstu.fr/appel-orange HTTP 301
- http://appelorange-1.es.cx/
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
appelorange-1.es.cx/ Redirect Chain
|
830 B 828 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aes.js
appelorange-1.es.cx/ |
30 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
appelorange-1.es.cx/ |
117 KB 86 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
appelorange-1.es.cx/dir/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fsd.js
host.com.es/ |
5 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
25 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
11 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
958 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
24 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
compatibility.js
cdnondemand.org/script/ |
10 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
suurl.php
onclickmega.com/script/ |
0 153 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chrome.js
cdnondemand.org/script/ |
17 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Orange (Telecommunication)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| adcashMacros object| zoneSett object| urls object| _0xb170 function| acPrefetch object| CTABPu object| _0xd348 function| ufpAttach object| CTAMAT object| adcashUfp object| _0xa56f object| Cnac object| stamat function| NqPnfu7741589072100934 function| NqPnfu object| NqpnfuVfNOrggreArgjbex boolean| _0x90aa0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
appelorange-1.es.cx
cdnondemand.org
host.com.es
lstu.fr
onclickmega.com
104.24.186.20
185.27.134.136
35.190.64.167
37.59.114.67
80.67.188.109
3999f960910b8ecdddf27296e808e1324b543d8f5b4e872c2366c74b2cb846b4
3bdeb702be2c4eccf0b1ecdf8c7a71f57a19d950fc230a139ab37ef20c5473a7
3d315d1bd65c44e256c31ca1a5c33be31f0b3434e274952f9e796bbd0a4cb530
8736afe0af5304877013e49d2331f1385bcb145e75c0728345b740ef194dbb4f
9162f2c6b197e4b727117a878ee9f63ac3618b45c111e5d5e54ac1602929f403
ac619155970e097f975521df987a62b074c76d4565c3c12d9336b06511dc2da2
b6e46499a2cd7d2af4706d8701b632e7a0ea512aab6a9749f6bdad0979f3cb80
d1e76abe713b1ee9baa5908741ba83510aabbbae160054a2a5f0e296ea50f629
d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc
daaa5c644bf38efac4fcc136e6706ad8d66143c788aabff2006fe3761aeb2ae3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855