auth.sekoia.eu Open in urlscan Pro
163.172.121.151 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://auth.sekoia.eu/
Effective URL:
https://auth.sekoia.eu/signin/v2/challenge/login.php?service=share&passive=true&rm=false&continue=pwd.php=1&scc=1&ltmpl...
Submission: On May 27 via automatic, source certstream-suspicious (May 27th 2021, 1:51:07 pm UTC)

Summary HTTP 1 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 163.172.121.151, located in France and belongs to Online SAS, FR. The main domain is auth.sekoia.eu.
TLS certificate: Issued by R3 on February 10th 2021. Valid for: 3 months.

This is the only time auth.sekoia.eu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

	IP Address		AS Autonomous System
2 3	163.172.121.151 163.172.121.151		12876 (Online SAS) (Online SAS)
1	2

3 163.172.121.151 (France) 2 redirects

ASN12876 (Online SAS, FR)
PTR: 163-172-121-151.rev.poneytelecom.eu

auth.sekoia.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	sekoia.eu 2 redirects auth.sekoia.eu	271 KB
1	1

	Domain	Requested by
3	auth.sekoia.eu	2 redirects
1	1

This site contains links to these domains. Also see Links.

Domain
support.google.com
accounts.google.com

Subject Issuer	Validity	Valid
sekoia.eu R3	`2021-02-10` - `2021-05-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://auth.sekoia.eu/signin/v2/challenge/login.php?service=share&passive=true&rm=false&continue=pwd.php=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin
Frame ID: F551481057AF0C7011D6A81E6E370D01
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://auth.sekoia.eu/ HTTP 301
https://auth.sekoia.eu/signin/v2/challenge/login.php?continue=https%3A%2F%2Faccounts.google.com%2Fo... HTTP 301
https://auth.sekoia.eu/signin/v2/challenge/login.php?service=share&passive=true&rm=false&continue=p... Page URL

Detected technologies

Debian (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Debian/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

1
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

376 kB
Transfer

534 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://support.google.com/chrome/answer/6130773?hl=fr
Title: En savoir plus

Search URL Search Domain Scan URL

URL: https://support.google.com/accounts?hl=fr
Title: Aide

Search URL Search Domain Scan URL

URL: https://accounts.google.com/TOS?loc=FR&hl=fr&privacy=true
Title: Confidentialité

Search URL Search Domain Scan URL

URL: https://accounts.google.com/TOS?loc=FR&hl=fr
Title: Conditions d'utilisation

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://auth.sekoia.eu/ HTTP 301
https://auth.sekoia.eu/signin/v2/challenge/login.php?continue=https%3A%2F%2Faccounts.google.com%2Fo%2Fsaml2%2Fidp%3Ffrom_login%3D1%26zt%3DC25E2%2588%2599AF-3PDcAAAAvs5P8fLHO2g&followup=%3DChRid0EzX0dURGxsYWFNSHBrNWhZRxIfUTh1b1pfMVVMYzhiMEVBN1JaNXdOM005QmI1dmVCYw%25E2%2588%2599AF-3PDcAAAAAY26as%3DZjQLHO2g&oauth=1&ltmpl=popup&sarp=1&faa=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&cid=1&navigationDirection=forward&TL=AM3QAYZ8uj5RLFd4w3QZ5ilQ0IiloBXTkzwHiCjInY6yRgzcQGiIkkC4-H7YlWbl HTTP 301
https://auth.sekoia.eu/signin/v2/challenge/login.php?service=share&passive=true&rm=false&continue=pwd.php=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
9 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.php Show response auth.sekoia.eu/signin/v2/challenge/ Redirect Chain https://auth.sekoia.eu/ https://auth.sekoia.eu/signin/v2/challenge/login.php?continue=https%3A%2F%2Faccounts.google.com%2Fo%2Fsaml2%2Fidp%3Ffrom_login%3D1%26zt%3DC25E2%2588%2599AF-3PDcAAAAvs5P8fLHO2g&followup=%3DChRid0EzX... https://auth.sekoia.eu/signin/v2/challenge/login.php?service=share&passive=true&rm=false&continue=pwd.php=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin	427 KB 270 KB	180ms 64ms	Document text/html	163.172.121.151 Online SAS
General Check archive.org Show headers Download Go to Full URL https://auth.sekoia.eu/signin/v2/challenge/login.php?service=share&passive=true&rm=false&continue=pwd.php=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 163.172.121.151 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-121-151.rev.poneytelecom.eu Software Apache/2.4.46 (Debian) / Resource Hash `a92b609cf3eaf7943a485f469f84618f12ec733b2e8a0f484b5ba4b1c0aa3729` Request headers Host auth.sekoia.eu Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Cookie PHPSESSID=hbvgabpcigt71ei84mnvu3mpvu Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Thu, 27 May 2021 13:50:52 GMT Server Apache/2.4.46 (Debian) Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Vary Accept-Encoding Content-Encoding gzip Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Date Thu, 27 May 2021 13:50:51 GMT Server Apache/2.4.46 (Debian) Set-Cookie PHPSESSID=hbvgabpcigt71ei84mnvu3mpvu; path=/ Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Location login.php?service=share&passive=true&rm=false&continue=pwd.php=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin Keep-Alive timeout=5, max=99 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET DATA	200 OK	truncated /	267 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/svg+xml;charset=UTF-8
GET DATA	200 OK	truncated /	15 KB 15 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc` Request headers Origin https://auth.sekoia.eu Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	15 KB 15 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7` Request headers Origin https://auth.sekoia.eu Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	21 KB 21 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd` Request headers Origin https://auth.sekoia.eu Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	21 KB 21 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7` Request headers Origin https://auth.sekoia.eu Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	12 KB 12 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `dbb8f45730d91bffff8307cfdf7c82e67745d84cb6063a1f3880fadfad59c57d` Request headers Origin https://auth.sekoia.eu Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	7 KB 7 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9ca415df2c57b1f26947351c66ccfaf99d2f8f01b4b8de019a3ae6f3a9c780c7` Request headers Origin https://auth.sekoia.eu Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	10 KB 10 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361` Request headers Origin https://auth.sekoia.eu Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	5 KB 5 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0dfa6a82824cf2be6bb8543de6ef56b87daae5dd63f9e68c88f02697f94af740` Request headers Origin https://auth.sekoia.eu Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			auth.sekoia.eu/	1969-12-31 23:59:59	Name: PHPSESSID Value: hbvgabpcigt71ei84mnvu3mpvu

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.sekoia.eu
163.172.121.151
0dfa6a82824cf2be6bb8543de6ef56b87daae5dd63f9e68c88f02697f94af740
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
9ca415df2c57b1f26947351c66ccfaf99d2f8f01b4b8de019a3ae6f3a9c780c7
a92b609cf3eaf7943a485f469f84618f12ec733b2e8a0f484b5ba4b1c0aa3729
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
dbb8f45730d91bffff8307cfdf7c82e67745d84cb6063a1f3880fadfad59c57d

auth.sekoia.eu Open in urlscan Pro 163.172.121.151 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

1 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

376 kBTransfer

534 kBSize

1 Cookies

4 Outgoing links

Page URL History

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

1 Cookies

Indicators

auth.sekoia.eu Open in urlscan Pro
163.172.121.151 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

376 kB
Transfer

534 kB
Size

1
Cookies

1 HTTP transactions
9 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!