leboncoincolis2654645.bid

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 2606:4700:3032::6815:59cd, located in United States and belongs to CLOUDFLARENET, US. The main domain is leboncoincolis2654645.bid.
TLS certificate: Issued by E1 on March 6th 2024. Valid for: 3 months.

This is the only time leboncoincolis2654645.bid was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Leboncoin (E-commerce)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3030::ac43:a4e2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:303... 2606:4700:3032::6815:59cd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	1

1 2606:4700:3030::ac43:a4e2 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

leboncoincolis2654645.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3032::6815:59cd (United States)

ASN13335 (CLOUDFLARENET, US)

leboncoincolis2654645.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	leboncoincolis2654645.bid 1 redirects leboncoincolis2654645.bid	252 KB
5	1

	Domain	Requested by
6	leboncoincolis2654645.bid	1 redirects leboncoincolis2654645.bid
5	1

This site contains no links.

Subject Issuer	Validity	Valid
leboncoincolis2654645.bid E1	`2024-03-06` - `2024-06-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://leboncoincolis2654645.bid/
Frame ID: 2BA4584D58D38AC18F8D080FC25F811B
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Se connecter - leboncoin

Page URL History Show full URLs

http://leboncoincolis2654645.bid/ HTTP 301
https://leboncoincolis2654645.bid/ Page URL

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Page Statistics

5
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

251 kB
Transfer

421 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://leboncoincolis2654645.bid/ HTTP 301
https://leboncoincolis2654645.bid/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response leboncoincolis2654645.bid/ Redirect Chain http://leboncoincolis2654645.bid/ https://leboncoincolis2654645.bid/	14 KB 5 KB	512ms 441ms	Document text/html	2606:4700:3032::6815:59cd CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://leboncoincolis2654645.bid/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:59cd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fb5653ae8ba4a8b76fbd7d14e49332cd11265094ebdfaa13d5a8a8a43bfed23b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 860b1036ae498dc0-MIA content-encoding br content-type text/html; charset=UTF-8 date Thu, 07 Mar 2024 13:51:58 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=67CahWPGJrzb%2FI9V5lvSOJEXculbcSVqgl2l6OfsVzr2Ao94q5jcowmJ14GXskmqho4L5d6GismjE7zzTm%2FDbjkZgeMauZyzwb5pyh1Ud69YBtKzDs5IBcHQ1Q%2BNyj%2BIIWUyx%2F5jbnuMP%2BAwQ9c3LGJZk41v0%2FTZ"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers CF-RAY 860b10352a883716-MIA Cache-Control max-age=3600 Connection keep-alive Date Thu, 07 Mar 2024 13:51:58 GMT Expires Thu, 07 Mar 2024 14:51:58 GMT Location https://leboncoincolis2654645.bid/ NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zKGkDgv1niB9qK9DBK4r8775q%2FcvfDlqBXS5ttxvNYowmTmO7x%2FEE48FxwSkcs8fTtfh45XpOBIfhA7k89gJYbhX5IuPXn9YC9xauCoc5dn3%2B1Zd%2BVZJejcB%2FiI4oBoIJ44wsTHqc8GIc%2FF9ZrYZ%2BDLycj%2B977oe"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Vary Accept-Encoding alt-svc h3=":443"; ma=86400
GET H2	200	051a827b67f644a0.css leboncoincolis2654645.bid/assets/site/	201 KB 38 KB	45ms 45ms	Stylesheet text/css	2606:4700:3032::6815:59cd CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://leboncoincolis2654645.bid/assets/site/051a827b67f644a0.css Requested by Host: leboncoincolis2654645.bid URL: https://leboncoincolis2654645.bid/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:59cd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1b89a1a7ad21b2e3256cb9822b47cb699f7254d0a9faf868b4ccadb24df363d8` Request headers accept-language en-US,en;q=0.9 Referer https://leboncoincolis2654645.bid/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Thu, 07 Mar 2024 13:51:58 GMT content-encoding br cf-cache-status HIT last-modified Thu, 07 Mar 2024 01:50:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 5525 etag W/"65e91d64-32367" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pYnELulLhCx3xwFF8GsQTxq6gBgnVMiznbldnRm9uuKQGaNnF8wBD%2F53POmq2D%2FxvKhBPp%2FqFU9uHGFYEuUzM4G%2BLtqZkbTJlXqeTLtMcHndes3omZHvbHnNwh3BwyKaHm%2Fw4tbpucS2Fxd5v3gtIehcxxa1Lu6R"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=86400 cf-ray 860b10396a488dc0-MIA alt-svc h3=":443"; ma=86400 expires Fri, 08 Mar 2024 12:19:53 GMT
GET H2	200	login-illustration.png leboncoincolis2654645.bid/assets/site/	125 KB 125 KB	37ms 37ms	Image image/png	2606:4700:3032::6815:59cd CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://leboncoincolis2654645.bid/assets/site/login-illustration.png Requested by Host: leboncoincolis2654645.bid URL: https://leboncoincolis2654645.bid/assets/site/051a827b67f644a0.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:59cd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b4bd7ddb3091012d6e263aea4479027125254cf1fdc98aed6a99807bb79a08ef` Request headers accept-language en-US,en;q=0.9 Referer https://leboncoincolis2654645.bid/assets/site/051a827b67f644a0.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Thu, 07 Mar 2024 13:51:59 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 5524 alt-svc h3=":443"; ma=86400 content-length 127924 last-modified Wed, 06 Mar 2024 23:36:34 GMT server cloudflare etag "65e8fe02-1f3b4" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xZ3Zvd8YWty8h%2Bc%2B947ALiwY6gTCJJuLH4CVsGFl3jrijm86Khs3OiP%2F0ecz1HTfsVhkBJi%2BdMqNg%2F0Boze821%2BAGAUrZaCgeuujuj2nDH0WfBTUuWEdA%2BjeqiDyIbejNm57kRosAhnpeVuHigV01HA05gQa81Uu"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=86400 accept-ranges bytes cf-ray 860b1039cad88dc0-MIA expires Fri, 08 Mar 2024 12:19:55 GMT
GET H2	200	nunitosans-bold.woff2 leboncoincolis2654645.bid/assets/site/	41 KB 41 KB	62ms 62ms	Font application/octet-stream	2606:4700:3032::6815:59cd CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://leboncoincolis2654645.bid/assets/site/nunitosans-bold.woff2 Requested by Host: leboncoincolis2654645.bid URL: https://leboncoincolis2654645.bid/assets/site/051a827b67f644a0.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:59cd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `56ac43ee0f779bd5ecc5799cbd58a9ec0104d846f74f53472bd2712277859d93` Request headers Referer https://leboncoincolis2654645.bid/assets/site/051a827b67f644a0.css Origin https://leboncoincolis2654645.bid accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Thu, 07 Mar 2024 13:51:59 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 5524 alt-svc h3=":443"; ma=86400 content-length 41964 last-modified Wed, 06 Mar 2024 23:36:34 GMT server cloudflare etag "65e8fe02-a3ec" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lIWCT7T%2FXsTYV%2BR4LRwCDZy0Ba2ereLP16wfJkEFdCMQf22Gw57JxiHWQDXsbX1hkdCyy4AL1pmOR8elDKS4PWe4NjsZgxAKbX5aeup1%2FXwrBuWLv%2F%2Fb%2FfqDJtfLsnFmhKoR7Ad7tTl0Y%2BOQqhlQ2z7c0%2FdulYJQ"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=86400 accept-ranges bytes cf-ray 860b1039cae18dc0-MIA expires Fri, 08 Mar 2024 12:19:55 GMT
GET H2	200	nunitosans-regular.woff2 leboncoincolis2654645.bid/assets/site/	41 KB 41 KB	62ms 61ms	Font application/octet-stream	2606:4700:3032::6815:59cd CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://leboncoincolis2654645.bid/assets/site/nunitosans-regular.woff2 Requested by Host: leboncoincolis2654645.bid URL: https://leboncoincolis2654645.bid/assets/site/051a827b67f644a0.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:59cd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `467fed74f6aa80945eee4c8e2aacd69e372afee214ad79e089513386c4b237e5` Request headers Referer https://leboncoincolis2654645.bid/assets/site/051a827b67f644a0.css Origin https://leboncoincolis2654645.bid accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Thu, 07 Mar 2024 13:51:59 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 5524 alt-svc h3=":443"; ma=86400 content-length 41848 last-modified Wed, 06 Mar 2024 23:36:34 GMT server cloudflare etag "65e8fe02-a378" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RuFXgyik0S4SMXLb%2B%2F07F0G5RFJcCfvHtCpq3O04FviujSeicKhiTwuaas0fk%2BgJHFKUXl2G3%2BnKXbX05NbGaQF7xgNkz5AWfK3vZjIZVP87sRpFFDljLi%2Ba1mu7J%2BBX3OQuDp1fdH7T8R3B2cgXlreRyfTbZfLA"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=86400 accept-ranges bytes cf-ray 860b1039cae48dc0-MIA expires Fri, 08 Mar 2024 12:19:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Leboncoin (E-commerce)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| togglePassword

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

leboncoincolis2654645.bid
2606:4700:3030::ac43:a4e2
2606:4700:3032::6815:59cd
1b89a1a7ad21b2e3256cb9822b47cb699f7254d0a9faf868b4ccadb24df363d8
467fed74f6aa80945eee4c8e2aacd69e372afee214ad79e089513386c4b237e5
56ac43ee0f779bd5ecc5799cbd58a9ec0104d846f74f53472bd2712277859d93
b4bd7ddb3091012d6e263aea4479027125254cf1fdc98aed6a99807bb79a08ef
fb5653ae8ba4a8b76fbd7d14e49332cd11265094ebdfaa13d5a8a8a43bfed23b

leboncoincolis2654645.bid Open in urlscan Pro 2606:4700:3032::6815:59cd Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

251 kBTransfer

421 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

leboncoincolis2654645.bid Open in urlscan Pro
2606:4700:3032::6815:59cd Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

251 kB
Transfer

421 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!