Report - connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/

Report Overview

Visited public
2025-04-28 10:59:30
Tags
suspicious
URL
connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Finishing URL
connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
IP / ASN
151.236.4.90
#57169 EDIS GmbH
Title
Crédit Agricole
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2005-01-25	2012-05-22	2025-04-23	469 B	90 kB	142.250.74.42
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2025-04-23	962 B	143 kB	104.16.175.226
connexioncontrole-ca-agricolesecuripass.dvrlists.com	unknown	unknown	No data	No data	3.6 kB	777 kB	151.236.4.90
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-04-23	1.5 kB	1.6 MB	104.17.25.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-04-28	medium	connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/assets/js/jquery-3.6.1.min.js	Detects file containing Telegram Bot API

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-04-27	medium	connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/	Credit Agricole S.A.

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Telegram Bot detected

URL
connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/assets/js/jquery-3.6.1.min.js
IP / ASN
151.236.4.90
#57169 EDIS GmbH

Token
5906268408:AAEqm-kjjZrZcPBVJbkIAg6QJZo67vu8jME

Bot Overview
User ID 5906268408
Username AgriPan_bot
First Name Agri
Last Name
Chat Information
Chat ID 1774172947
Chat Type private
Title
User Count 2
Admins 0
Pending Messages 0

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/assets/js/main.js	ScriptElement	1.7 kB	2023-03-26	2025-04-28
Pretty URL connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/assets/js/main.js IP 151.236.4.90 ASN #57169 EDIS GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 01:04 Last Seen2025-04-28 10:59 Times Seen420 Hash 2dc67549209149f1480d8466b87f6d3e 2e6c1faef52c85bc0f4dd049b99468345d47cd40 2ca7aa1d81228a9c5d45e13f96de1cd280afe6f5540b45b8b7705618b64af733 Loading...

	connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/assets/js/jquery-3.6.1.min.js	ScriptElement	93 kB	2023-03-26	2025-04-28
Pretty URL connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/assets/js/jquery-3.6.1.min.js IP 151.236.4.90 ASN #57169 EDIS GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 01:04 Last Seen2025-04-28 10:59 Times Seen110 Hash da886b27b09631413f809e37f4597705 eeb608cc0ea99c41bc91a53fe20ca81a402b21fd 316d80857724c22b6eb25606933c1e5b4986b5e8246fc2539e6eecd966ea0c96 Loading...

	cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js	ScriptElement	79 kB	2023-03-07	2025-05-19
Pretty URL cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js IP 104.16.175.226 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-19 20:04 Times Seen11990 Hash 0aa8d64e726c4a57adb5c88f9115996b 901169527507ff9e662cf64d8e361f359308970d 7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe Loading...

	cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/js/all.min.js	ScriptElement	1.5 MB	2023-03-09	2025-05-17
Pretty URL cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/js/all.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 05:04 Last Seen2025-05-17 16:35 Times Seen4740 Hash d5beb8fa265f90be5ccadd6b32b8672f 7bdc23c06b51e7e42c05de486680a3c18aa5ce5a 6a769e18b06859751eaa2259044a6ff76e3ddcd6572a516d8ce3a2d7b8c7538e Loading...

	connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/common/region.js	ScriptElement	831 B	2023-03-26	2025-04-28
Pretty URL connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/common/region.js IP 151.236.4.90 ASN #57169 EDIS GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 01:04 Last Seen2025-04-28 10:59 Times Seen506 Hash 9c41d76b689cc4e2e57788f48c852c45 585c8fc602fd8cc4b912e48babb5859c72ee6a7d 6fd6839426aabc880cef8714c245bd0d65d6cbf86415c318649b0e48a97ce290 Loading...

	cdnjs.cloudflare.com/ajax/libs/sweetalert/2.1.2/sweetalert.min.js	ScriptElement	41 kB	2023-03-07	2025-05-18
Pretty URL cdnjs.cloudflare.com/ajax/libs/sweetalert/2.1.2/sweetalert.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-18 07:45 Times Seen4439 Hash f3b8ce97ff6ce324da6232da353adf40 2a3daabc70232c6350ab48d32605dc4a6ac1f1fa 2ac46ebee46d515be86deeba385b4e41f8cff160364b362c9a6e153df327c66b Loading...

	cdn.jsdelivr.net/npm/sweetalert2@7.26.11/dist/sweetalert2.all.min.js	ScriptElement	62 kB	2023-03-07	2025-04-28
Pretty URL cdn.jsdelivr.net/npm/sweetalert2@7.26.11/dist/sweetalert2.all.min.js IP 104.16.175.226 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-04-28 10:59 Times Seen1456 Hash cdb34f3de7cfb2d32a2ed08d98e7382c 9b04f4f986048aa09ebeeb459f17e274bbc3cde6 6965c967fe2474e34f024a08618c84e9f995c3482a3c46e793b9eca4b00d82e2 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-05-20
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-20 04:36 Times Seen110002 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js	ScriptElement	8.3 kB	2023-03-07	2025-05-19
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-05-19 18:17 Times Seen6423 Hash cc290e6c3aeecf5021dd82ad8df2512a fb983aecd3940e8ebbfe5e74c8099cee9223c957 2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995 Loading...

HTTP Transactions (13)

URL IP Response Size

connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/assets/js/jquery-3.6.1.min.js

151.236.4.90

200 OK

93 kB

URL GET
connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/assets/js/jquery-3.6.1.min.js
IP
151.236.4.90:443
ASN
#57169 EDIS GmbH

Requested by
https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Certificate
IssuerLet's Encrypt
Subjectconnexioncontrole-ca-agricolesecuripass.dvrlists.com
FingerprintA1:A3:55:0C:34:2D:D2:0E:B8:3B:1B:E8:B1:12:BE:4F:1A:32:92:E1
ValiditySat, 26 Apr 2025 17:00:02 GMT - Fri, 25 Jul 2025 17:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
93 kB (92575 bytes)
Hash
da886b27b09631413f809e37f4597705
eeb608cc0ea99c41bc91a53fe20ca81a402b21fd
316d80857724c22b6eb25606933c1e5b4986b5e8246fc2539e6eecd966ea0c96

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code
YARAhub by abuse.ch	malware	Detects file containing Telegram Bot API

HTTP Headers

GET /n25capa/84805/assets/js/jquery-3.6.1.min.js HTTP/1.1
Host: connexioncontrole-ca-agricolesecuripass.dvrlists.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 28 Apr 2025 10:59:08 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 27 Apr 2025 12:19:59 GMT
vary: Accept-Encoding
etag: W/"680e20ef-1699f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js

104.17.25.14

200 OK

8.3 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (542)
Size
8.3 kB (8327 bytes)
Hash
cc290e6c3aeecf5021dd82ad8df2512a
fb983aecd3940e8ebbfe5e74c8099cee9223c957
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995

HTTP Headers

GET /ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 28 Apr 2025 10:59:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 3074
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 93760c69c84b56c5-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-2087"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 387495
expires: Sat, 18 Apr 2026 10:59:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XYbF%2F57POEFxGGC2QeniTJ8zRuBnWwp9wT6qbdrOswSztQRzWg5Z7udpNCn%2BZ%2B7jDnk%2BjpiX05yRcj8WP1gQLKDme61lrgV7XT3WGp3t3xZTUUYnrpufgya2YjZ%2BNnpYrQLrY2CO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/media/js/js.js

151.236.4.90

404 Not Found

2.9 kB

URL GET
connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/media/js/js.js
IP
151.236.4.90:443
ASN
#57169 EDIS GmbH

Requested by
https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Certificate
IssuerLet's Encrypt
Subjectconnexioncontrole-ca-agricolesecuripass.dvrlists.com
FingerprintA1:A3:55:0C:34:2D:D2:0E:B8:3B:1B:E8:B1:12:BE:4F:1A:32:92:E1
ValiditySat, 26 Apr 2025 17:00:02 GMT - Fri, 25 Jul 2025 17:00:01 GMT

File type
HTML document, ASCII text, with very long lines (634)
Size
2.9 kB (2898 bytes)
Hash
f01ba522c3539135df33250082846848
af31de06cf3d07cf83f104af8755b0cc5222ffc6
2e8deb28946a6b41ccb927eaa43bbaa78ea82cef39a40638f2e5afa8e90e73ca

HTTP Headers

GET /n25capa/84805/media/js/js.js HTTP/1.1
Host: connexioncontrole-ca-agricolesecuripass.dvrlists.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Mon, 28 Apr 2025 10:59:08 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
etag: W/"680d1e9a-b52"
content-encoding: gzip
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

142.250.74.42

200 OK

90 kB

URL GET
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint7E:14:87:08:DF:BA:04:65:17:BA:3B:4F:BA:EA:BC:8C:3F:0A:A4:00
ValidityMon, 31 Mar 2025 08:55:43 GMT - Mon, 23 Jun 2025 08:55:42 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
90 kB (89476 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Apr 2025 15:03:18 GMT
expires: Fri, 24 Apr 2026 15:03:18 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 330950
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/sweetalert2@7.26.11/dist/sweetalert2.all.min.js

104.16.175.226

200 OK

62 kB

URL GET
cdn.jsdelivr.net/npm/sweetalert2@7.26.11/dist/sweetalert2.all.min.js
IP
104.16.175.226:443
ASN
#13335 CLOUDFLARENET

Requested by
https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Certificate
IssuerSectigo Limited
Subject*.jsdelivr.net
FingerprintA6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F
ValidityFri, 25 Apr 2025 00:00:00 GMT - Mon, 04 May 2026 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (34666)
Size
62 kB (61673 bytes)
Hash
cdb34f3de7cfb2d32a2ed08d98e7382c
9b04f4f986048aa09ebeeb459f17e274bbc3cde6
6965c967fe2474e34f024a08618c84e9f995c3482a3c46e793b9eca4b00d82e2

HTTP Headers

GET /npm/sweetalert2@7.26.11/dist/sweetalert2.all.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 28 Apr 2025 10:59:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 15789
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 7.26.11
x-jsd-version-type: version
etag: W/"f0e9-mwT0+YYEiqCevutFnxfidLvDzeY"
content-encoding: br
x-served-by: cache-fra-eddf8230098-FRA, cache-lga21924-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 4281968
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BY1GjUpx7LEeWw11PC9RsOJMJxuwI0yH7jKjsfV%2BmAofMX5HrBwNnYwlTIk7D5EblYcq7qmSZfZbAfWaWo4V3NzPpnf25xE0XZ31eHdAQuDM1XhdjEXKpEsEGqizLWRU86U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 93760c69cb4eb51e-OSL
X-Firefox-Spdy: h2

connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/common/region.js

151.236.4.90

200 OK

831 B

URL GET
connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/common/region.js
IP
151.236.4.90:443
ASN
#57169 EDIS GmbH

Requested by
https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Certificate
IssuerLet's Encrypt
Subjectconnexioncontrole-ca-agricolesecuripass.dvrlists.com
FingerprintA1:A3:55:0C:34:2D:D2:0E:B8:3B:1B:E8:B1:12:BE:4F:1A:32:92:E1
ValiditySat, 26 Apr 2025 17:00:02 GMT - Fri, 25 Jul 2025 17:00:01 GMT

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
831 B (831 bytes)
Hash
9c41d76b689cc4e2e57788f48c852c45
585c8fc602fd8cc4b912e48babb5859c72ee6a7d
6fd6839426aabc880cef8714c245bd0d65d6cbf86415c318649b0e48a97ce290

HTTP Headers

GET /n25capa/84805/common/region.js HTTP/1.1
Host: connexioncontrole-ca-agricolesecuripass.dvrlists.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 28 Apr 2025 10:59:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 831
last-modified: Sun, 27 Apr 2025 12:19:59 GMT
etag: "680e20ef-33f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

connexioncontrole-ca-agricolesecuripass.dvrlists.com/favicon.ico

151.236.4.90

404 Not Found

2.9 kB

URL GET
connexioncontrole-ca-agricolesecuripass.dvrlists.com/favicon.ico
IP
151.236.4.90:443
ASN
#57169 EDIS GmbH

Requested by
https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Certificate
IssuerLet's Encrypt
Subjectconnexioncontrole-ca-agricolesecuripass.dvrlists.com
FingerprintA1:A3:55:0C:34:2D:D2:0E:B8:3B:1B:E8:B1:12:BE:4F:1A:32:92:E1
ValiditySat, 26 Apr 2025 17:00:02 GMT - Fri, 25 Jul 2025 17:00:01 GMT

File type
HTML document, ASCII text, with very long lines (634)
Size
2.9 kB (2898 bytes)
Hash
f01ba522c3539135df33250082846848
af31de06cf3d07cf83f104af8755b0cc5222ffc6
2e8deb28946a6b41ccb927eaa43bbaa78ea82cef39a40638f2e5afa8e90e73ca

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: connexioncontrole-ca-agricolesecuripass.dvrlists.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Mon, 28 Apr 2025 10:59:08 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
etag: W/"680d1e9a-b52"
content-encoding: gzip
X-Firefox-Spdy: h2

connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/

151.236.4.90

200 OK

671 kB

URL User Request GET
connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
IP
151.236.4.90:443
ASN
#57169 EDIS GmbH

Certificate
IssuerLet's Encrypt
Subjectconnexioncontrole-ca-agricolesecuripass.dvrlists.com
FingerprintA1:A3:55:0C:34:2D:D2:0E:B8:3B:1B:E8:B1:12:BE:4F:1A:32:92:E1
ValiditySat, 26 Apr 2025 17:00:02 GMT - Fri, 25 Jul 2025 17:00:01 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (36812)
Size
671 kB (670900 bytes)
Hash
8b900a26d5971e18afdbf6a243ae1dfc
e51a53528bff407029b90c3d836b4b25f7018882
45a5a4b09832cd98a2193fb3f7cb367f75fe2002632a376db395a3046d37eb71

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Credit Agricole S.A.

HTTP Headers

GET /n25capa/84805/ HTTP/1.1
Host: connexioncontrole-ca-agricolesecuripass.dvrlists.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 28 Apr 2025 10:59:08 GMT
content-type: text/html; charset=utf-8
last-modified: Sun, 27 Apr 2025 12:19:59 GMT
vary: Accept-Encoding
etag: W/"680e20ef-a3cb4"
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js

104.16.175.226

200 OK

79 kB

URL GET
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js
IP
104.16.175.226:443
ASN
#13335 CLOUDFLARENET

Requested by
https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Certificate
IssuerSectigo Limited
Subject*.jsdelivr.net
FingerprintA6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F
ValidityFri, 25 Apr 2025 00:00:00 GMT - Mon, 04 May 2026 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
79 kB (78743 bytes)
Hash
0aa8d64e726c4a57adb5c88f9115996b
901169527507ff9e662cf64d8e361f359308970d
7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe

HTTP Headers

GET /npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 28 Apr 2025 10:59:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 21528
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 5.0.2
x-jsd-version-type: version
etag: W/"13397-kBFpUnUH/55mLPZNjjYfNZMIlw0"
content-encoding: br
x-served-by: cache-fra-eddf8230080-FRA, cache-lga21939-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 1076285
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s4e%2BFTZc7nLnthiu0mYDA0ox%2FTkuRuhF%2Ft4NoO2IR0OciFdx9U3ungVTc%2F7rIIMPShgNzdSxCZ7JwqxD0dHtmYok5A%2BI78Cd1woi8RjR0qhuqo4Qb0L6d1Qgir8dUwySA6U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 93760c699b09b51e-OSL
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/js/all.min.js

104.17.25.14

200 OK

1.5 MB

URL GET
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/js/all.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65317)
Size
1.5 MB (1528342 bytes)
Hash
d5beb8fa265f90be5ccadd6b32b8672f
7bdc23c06b51e7e42c05de486680a3c18aa5ce5a
6a769e18b06859751eaa2259044a6ff76e3ddcd6572a516d8ce3a2d7b8c7538e

HTTP Headers

GET /ajax/libs/font-awesome/6.2.0/js/all.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 28 Apr 2025 10:59:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 418541
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 93760c69c84456c5-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "630e6e62-662ed"
last-modified: Tue, 30 Aug 2022 20:09:06 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 11174845
expires: Sat, 18 Apr 2026 10:59:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LhdK1Hqu%2FJOQhV1gZl9A9vqu9UAOhYXXfYWmHNFF7r7tfBwaZaABiYFk1QHobF2QSuLcReZEs%2Bn%2B9Pb2fmK4qG%2Fbj15dr6SXfoTfEWpLKA4V4yvSGcvlMJp9STDjCtJg84%2BFkDyM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/assets/js/main.js

151.236.4.90

200 OK

1.7 kB

URL GET
connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/assets/js/main.js
IP
151.236.4.90:443
ASN
#57169 EDIS GmbH

Requested by
https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Certificate
IssuerLet's Encrypt
Subjectconnexioncontrole-ca-agricolesecuripass.dvrlists.com
FingerprintA1:A3:55:0C:34:2D:D2:0E:B8:3B:1B:E8:B1:12:BE:4F:1A:32:92:E1
ValiditySat, 26 Apr 2025 17:00:02 GMT - Fri, 25 Jul 2025 17:00:01 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
1.7 kB (1727 bytes)
Hash
2dc67549209149f1480d8466b87f6d3e
2e6c1faef52c85bc0f4dd049b99468345d47cd40
2ca7aa1d81228a9c5d45e13f96de1cd280afe6f5540b45b8b7705618b64af733

HTTP Headers

GET /n25capa/84805/assets/js/main.js HTTP/1.1
Host: connexioncontrole-ca-agricolesecuripass.dvrlists.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 28 Apr 2025 10:59:08 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 27 Apr 2025 12:19:59 GMT
vary: Accept-Encoding
etag: W/"680e20ef-6bf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/sweetalert/2.1.2/sweetalert.min.js

104.17.25.14

200 OK

41 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/sweetalert/2.1.2/sweetalert.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (40808), with no line terminators
Size
41 kB (40808 bytes)
Hash
f3b8ce97ff6ce324da6232da353adf40
2a3daabc70232c6350ab48d32605dc4a6ac1f1fa
2ac46ebee46d515be86deeba385b4e41f8cff160364b362c9a6e153df327c66b

HTTP Headers

GET /ajax/libs/sweetalert/2.1.2/sweetalert.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://connexioncontrole-ca-agricolesecuripass.dvrlists.com
DNT: 1
Connection: keep-alive
Referer: https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 28 Apr 2025 10:59:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 10494
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 93760c69cad71c12-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ff8-9f68"
last-modified: Mon, 04 May 2020 16:16:56 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 333266
expires: Sat, 18 Apr 2026 10:59:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x3H4ouM3KZ31qu5Y1dMT%2Fqd8LxRywPClHUcbh7PJeE7FgU3bAOvrElxwhBl58LTH3Cr8PVHcayWZABaVRC8bcguAj06KCJoJJDRTyCPAE%2FclrK40p1zh%2Ff%2FFiTPbuiGr9kLy19Z7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/media/js/js.js

151.236.4.90

404 Not Found

2.9 kB

URL GET
connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/media/js/js.js
IP
151.236.4.90:443
ASN
#57169 EDIS GmbH

Requested by
https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Certificate
IssuerLet's Encrypt
Subjectconnexioncontrole-ca-agricolesecuripass.dvrlists.com
FingerprintA1:A3:55:0C:34:2D:D2:0E:B8:3B:1B:E8:B1:12:BE:4F:1A:32:92:E1
ValiditySat, 26 Apr 2025 17:00:02 GMT - Fri, 25 Jul 2025 17:00:01 GMT

File type
HTML document, ASCII text, with very long lines (634)
Size
2.9 kB (2898 bytes)
Hash
f01ba522c3539135df33250082846848
af31de06cf3d07cf83f104af8755b0cc5222ffc6
2e8deb28946a6b41ccb927eaa43bbaa78ea82cef39a40638f2e5afa8e90e73ca

HTTP Headers

GET /n25capa/84805/media/js/js.js HTTP/1.1
Host: connexioncontrole-ca-agricolesecuripass.dvrlists.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://connexioncontrole-ca-agricolesecuripass.dvrlists.com/n25capa/84805/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Mon, 28 Apr 2025 10:59:08 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
etag: W/"680d1e9a-b52"
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Telegram Bot detected

Token

Bot Overview

Chat Information

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)