leboncoincolis2654645.bid
Open in
urlscan Pro
2606:4700:3032::6815:59cd
Malicious Activity!
Public Scan
Effective URL: https://leboncoincolis2654645.bid/
Submission: On March 07 via api from US — Scanned from US
Summary
TLS certificate: Issued by E1 on March 6th 2024. Valid for: 3 months.
This is the only time leboncoincolis2654645.bid was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Leboncoin (E-commerce)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3030::ac43:a4e2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 2606:4700:303... 2606:4700:3032::6815:59cd | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
leboncoincolis2654645.bid
1 redirects
leboncoincolis2654645.bid |
252 KB |
5 | 1 |
Domain | Requested by | |
---|---|---|
6 | leboncoincolis2654645.bid |
1 redirects
leboncoincolis2654645.bid
|
5 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
leboncoincolis2654645.bid E1 |
2024-03-06 - 2024-06-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://leboncoincolis2654645.bid/
Frame ID: 2BA4584D58D38AC18F8D080FC25F811B
Requests: 5 HTTP requests in this frame
Screenshot
Page Title
Se connecter - leboncoinPage URL History Show full URLs
-
http://leboncoincolis2654645.bid/
HTTP 301
https://leboncoincolis2654645.bid/ Page URL
Detected technologies
React (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+data-react
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://leboncoincolis2654645.bid/
HTTP 301
https://leboncoincolis2654645.bid/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
leboncoincolis2654645.bid/ Redirect Chain
|
14 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
051a827b67f644a0.css
leboncoincolis2654645.bid/assets/site/ |
201 KB 38 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-illustration.png
leboncoincolis2654645.bid/assets/site/ |
125 KB 125 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nunitosans-bold.woff2
leboncoincolis2654645.bid/assets/site/ |
41 KB 41 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nunitosans-regular.woff2
leboncoincolis2654645.bid/assets/site/ |
41 KB 41 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Leboncoin (E-commerce)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| togglePassword0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
leboncoincolis2654645.bid
2606:4700:3030::ac43:a4e2
2606:4700:3032::6815:59cd
1b89a1a7ad21b2e3256cb9822b47cb699f7254d0a9faf868b4ccadb24df363d8
467fed74f6aa80945eee4c8e2aacd69e372afee214ad79e089513386c4b237e5
56ac43ee0f779bd5ecc5799cbd58a9ec0104d846f74f53472bd2712277859d93
b4bd7ddb3091012d6e263aea4479027125254cf1fdc98aed6a99807bb79a08ef
fb5653ae8ba4a8b76fbd7d14e49332cd11265094ebdfaa13d5a8a8a43bfed23b