| GET creditagricolesecureconnect.com/web/res/pc-menu.png |  45.139.104.132 | 200 OK | 5.4 kB |
URL GET creditagricolesecureconnect.com/web/res/pc-menu.png IP45.139.104.132:443 ASN#399979 AS-493NETWORKING
Requested byhttps://creditagricolesecureconnect.com/web/depart.php CertificateIssuerLet's Encrypt Subjectcreditagricolesecureconnect.com Fingerprint08:D6:75:81:E9:86:B1:CE:41:E9:26:AB:10:37:58:D4:96:9B:73:95 ValidityTue, 08 Apr 2025 09:54:26 GMT - Mon, 07 Jul 2025 09:54:25 GMT
File typePNG image data, 559 x 67, 8-bit/color RGBA, non-interlaced Hash82d68cf5016464a60e6dd7c8e9094936 974b6e8f5de0e447063cae72fecf81f468d6a918 21063a036ce45e05fcbba86a2475f770fd06c3884011f1755e108a07cb673746
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Credit Agricole S.A. | | Quad9 DNS | malicious | Sinkholed |
GET /web/res/pc-menu.png HTTP/1.1
Host: creditagricolesecureconnect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creditagricolesecureconnect.com/web/depart.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 09 Apr 2025 10:26:22 GMT
content-type: image/png
content-length: 5433
last-modified: Mon, 07 Apr 2025 00:06:01 GMT
etag: "67f316e9-1539"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| GET creditagricolesecureconnect.com/web/res/back2.jpg | 45.139.104.132 | 200 OK | 244 kB |
URL GET creditagricolesecureconnect.com/web/res/back2.jpg IP45.139.104.132:443 ASN#399979 AS-493NETWORKING
Requested byhttps://creditagricolesecureconnect.com/web/depart.php CertificateIssuerLet's Encrypt Subjectcreditagricolesecureconnect.com Fingerprint08:D6:75:81:E9:86:B1:CE:41:E9:26:AB:10:37:58:D4:96:9B:73:95 ValidityTue, 08 Apr 2025 09:54:26 GMT - Mon, 07 Jul 2025 09:54:25 GMT
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=17, height=791, bps=218, PhotometricInterpretation=RGB, description=Diverse culture people using mobile smartphone outdoor - Happy friends having fun with technology trends - Youth, new generatio, manufacturer=SONY, model=ILCE-7M2, orientation=upper-left, width=1326], progressive, precision 8, 960x960, components 3 Size244 kB (243919 bytes) Hashb259c4797d838add41da1047021d2480 13de10f5a348efa8ff3d856f2e347eeff8a33579 c4966ab5e78e2270952b89576c4a0a386e8a7ea673c56f0f396d620abf4f81b8
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Credit Agricole S.A. | | Quad9 DNS | malicious | Sinkholed |
GET /web/res/back2.jpg HTTP/1.1
Host: creditagricolesecureconnect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creditagricolesecureconnect.com/web/depart.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 09 Apr 2025 10:26:22 GMT
content-type: image/jpeg
content-length: 243919
last-modified: Mon, 07 Apr 2025 00:06:11 GMT
etag: "67f316f3-3b8cf"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| GET creditagricolesecureconnect.com/ | 45.139.104.132 | 302 Found | 151 kB |
URL User Request GET creditagricolesecureconnect.com/ IP45.139.104.132:443 ASN#399979 AS-493NETWORKING
CertificateIssuerLet's Encrypt Subjectcreditagricolesecureconnect.com Fingerprint08:D6:75:81:E9:86:B1:CE:41:E9:26:AB:10:37:58:D4:96:9B:73:95 ValidityTue, 08 Apr 2025 09:54:26 GMT - Mon, 07 Jul 2025 09:54:25 GMT
Size151 kB (150735 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Credit Agricole S.A. | | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: creditagricolesecureconnect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Wed, 09 Apr 2025 10:26:21 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: web/depart.php
x-powered-by: PHP/8.1.29, PleskLin
X-Firefox-Spdy: h2
|
|
| GET creditagricolesecureconnect.com/web/depart.php | 45.139.104.132 | 200 OK | 151 kB |
URL User Request GET creditagricolesecureconnect.com/web/depart.php IP45.139.104.132:443 ASN#399979 AS-493NETWORKING
CertificateIssuerLet's Encrypt Subjectcreditagricolesecureconnect.com Fingerprint08:D6:75:81:E9:86:B1:CE:41:E9:26:AB:10:37:58:D4:96:9B:73:95 ValidityTue, 08 Apr 2025 09:54:26 GMT - Mon, 07 Jul 2025 09:54:25 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (16398), with CRLF, CR, LF line terminators Size151 kB (150735 bytes) Hasha7fdb6b2215d1d447f5b4df5da90626c 3bda104a38e1934e288a750ee59666dbda4c1ac2 5524848c14e61442f29ee4b358ac302d01d64904729131d48351af7cdd0a4ef1
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Credit Agricole S.A. | | Quad9 DNS | malicious | Sinkholed |
GET /web/depart.php HTTP/1.1
Host: creditagricolesecureconnect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 09 Apr 2025 10:26:21 GMT
content-type: text/html; charset=UTF-8
content-length: 5150
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/8.1.29, PleskLin
X-Firefox-Spdy: h2
|
|
| GET creditagricolesecureconnect.com/web/res/logo.png | 45.139.104.132 | 200 OK | 6.6 kB |
URL GET creditagricolesecureconnect.com/web/res/logo.png IP45.139.104.132:443 ASN#399979 AS-493NETWORKING
Requested byhttps://creditagricolesecureconnect.com/web/depart.php CertificateIssuerLet's Encrypt Subjectcreditagricolesecureconnect.com Fingerprint08:D6:75:81:E9:86:B1:CE:41:E9:26:AB:10:37:58:D4:96:9B:73:95 ValidityTue, 08 Apr 2025 09:54:26 GMT - Mon, 07 Jul 2025 09:54:25 GMT
File typePNG image data, 195 x 50, 8-bit/color RGBA, non-interlaced Hashd5aaa1735e76b896a2fcd37ca2183eae 6fdfd6f20623ea24a5c794f8728aef46c9b4b3bd d4d7832cf0f0b869c483506c9bc2bd5985233f10c6f985add83f2a6a2a959cdd
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Credit Agricole S.A. | | Quad9 DNS | malicious | Sinkholed |
GET /web/res/logo.png HTTP/1.1
Host: creditagricolesecureconnect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creditagricolesecureconnect.com/web/depart.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 09 Apr 2025 10:26:22 GMT
content-type: image/png
content-length: 6584
last-modified: Mon, 07 Apr 2025 00:06:13 GMT
etag: "67f316f5-19b8"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| GET creditagricolesecureconnect.com/web/res/Gotham-Light.woff2 | 45.139.104.132 | 200 OK | 40 kB |
URL GET creditagricolesecureconnect.com/web/res/Gotham-Light.woff2 IP45.139.104.132:443 ASN#399979 AS-493NETWORKING
Requested byhttps://creditagricolesecureconnect.com/web/depart.php CertificateIssuerLet's Encrypt Subjectcreditagricolesecureconnect.com Fingerprint08:D6:75:81:E9:86:B1:CE:41:E9:26:AB:10:37:58:D4:96:9B:73:95 ValidityTue, 08 Apr 2025 09:54:26 GMT - Mon, 07 Jul 2025 09:54:25 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 40280, version 3.19726 Hash7624ae091962735719fb82bf900c22b7 393477ccdcd62b914d90dd379dd7d677d761e416 e266d1f2bcf1da0faff6964637fdcd9a4e47c50a7a56be74424f409f30c83c5e
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Credit Agricole S.A. | | Quad9 DNS | malicious | Sinkholed |
GET /web/res/Gotham-Light.woff2 HTTP/1.1
Host: creditagricolesecureconnect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creditagricolesecureconnect.com/web/res/fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 09 Apr 2025 10:26:22 GMT
content-type: font/woff2
content-length: 40280
last-modified: Mon, 07 Apr 2025 00:06:05 GMT
etag: "67f316ed-9d58"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| GET creditagricolesecureconnect.com/web/res/Gotham-Bold.woff2 | 45.139.104.132 | 200 OK | 39 kB |
URL GET creditagricolesecureconnect.com/web/res/Gotham-Bold.woff2 IP45.139.104.132:443 ASN#399979 AS-493NETWORKING
Requested byhttps://creditagricolesecureconnect.com/web/depart.php CertificateIssuerLet's Encrypt Subjectcreditagricolesecureconnect.com Fingerprint08:D6:75:81:E9:86:B1:CE:41:E9:26:AB:10:37:58:D4:96:9B:73:95 ValidityTue, 08 Apr 2025 09:54:26 GMT - Mon, 07 Jul 2025 09:54:25 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 39264, version 3.19726 Hash003e90cf8cb3f8b4bef30d6764da18ed 512e44f40b54d0e5e081dda9fd5ea8a4429a508c 319881caca6f5f0d1e8e24040579d93386008e39dee1045965124b86303143e1
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Credit Agricole S.A. | | Quad9 DNS | malicious | Sinkholed |
GET /web/res/Gotham-Bold.woff2 HTTP/1.1
Host: creditagricolesecureconnect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creditagricolesecureconnect.com/web/res/fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 09 Apr 2025 10:26:22 GMT
content-type: font/woff2
content-length: 39264
last-modified: Mon, 07 Apr 2025 00:06:08 GMT
etag: "67f316f0-9960"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| GET creditagricolesecureconnect.com/web/res/style.css | 45.139.104.132 | 200 OK | 3.3 kB |
URL GET creditagricolesecureconnect.com/web/res/style.css IP45.139.104.132:443 ASN#399979 AS-493NETWORKING
Requested byhttps://creditagricolesecureconnect.com/web/depart.php CertificateIssuerLet's Encrypt Subjectcreditagricolesecureconnect.com Fingerprint08:D6:75:81:E9:86:B1:CE:41:E9:26:AB:10:37:58:D4:96:9B:73:95 ValidityTue, 08 Apr 2025 09:54:26 GMT - Mon, 07 Jul 2025 09:54:25 GMT
File typeassembler source, ASCII text, with CRLF line terminators Hash6989768a1c291a0b8c7df73a300a0cd1 aa0446550bc7ed8a2fc3b8718ae94afcf7c7cb1a b61c8248657276765c3281004cb55a2d0fa4400585781f785f17df8983162cd7
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Credit Agricole S.A. | | Quad9 DNS | malicious | Sinkholed |
GET /web/res/style.css HTTP/1.1
Host: creditagricolesecureconnect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creditagricolesecureconnect.com/web/depart.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 09 Apr 2025 10:26:22 GMT
content-type: text/css
last-modified: Mon, 07 Apr 2025 00:06:15 GMT
etag: W/"67f316f7-ce1"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
|
|
| GET creditagricolesecureconnect.com/web/res/search.png | 45.139.104.132 | 200 OK | 1.5 kB |
URL GET creditagricolesecureconnect.com/web/res/search.png IP45.139.104.132:443 ASN#399979 AS-493NETWORKING
Requested byhttps://creditagricolesecureconnect.com/web/depart.php CertificateIssuerLet's Encrypt Subjectcreditagricolesecureconnect.com Fingerprint08:D6:75:81:E9:86:B1:CE:41:E9:26:AB:10:37:58:D4:96:9B:73:95 ValidityTue, 08 Apr 2025 09:54:26 GMT - Mon, 07 Jul 2025 09:54:25 GMT
File typePNG image data, 131 x 67, 8-bit/color RGBA, non-interlaced Hash6e46b573ac3bef44a92ef4a327897275 422f0046a603f3af8f11873d6367907380a37891 719c0a598c756a61795246b268553b0b45f9c42c831ffc77b3cbcbbea65f52a6
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Credit Agricole S.A. | | Quad9 DNS | malicious | Sinkholed |
GET /web/res/search.png HTTP/1.1
Host: creditagricolesecureconnect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creditagricolesecureconnect.com/web/depart.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 09 Apr 2025 10:26:22 GMT
content-type: image/png
content-length: 1498
last-modified: Mon, 07 Apr 2025 00:06:10 GMT
etag: "67f316f2-5da"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| GET creditagricolesecureconnect.com/favicon.ico | 45.139.104.132 | 404 Not Found | 278 B |
URL GET creditagricolesecureconnect.com/favicon.ico IP45.139.104.132:443 ASN#399979 AS-493NETWORKING
Requested byhttps://creditagricolesecureconnect.com/web/depart.php CertificateIssuerLet's Encrypt Subjectcreditagricolesecureconnect.com Fingerprint08:D6:75:81:E9:86:B1:CE:41:E9:26:AB:10:37:58:D4:96:9B:73:95 ValidityTue, 08 Apr 2025 09:54:26 GMT - Mon, 07 Jul 2025 09:54:25 GMT
File typeHTML document, ASCII text Hash2d6ab3c3c43c194a5d08e4f5b48f664a dc0ef6afb3b827783a2dd8905a8fb29a791948a2 573b954c5487d63289703d7cc8c2f945aaa73ca7c5ecf47d8dbea47a1074f1f4
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Credit Agricole S.A. | | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: creditagricolesecureconnect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creditagricolesecureconnect.com/web/depart.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
server: nginx
date: Wed, 09 Apr 2025 10:26:22 GMT
content-type: text/html; charset=iso-8859-1
content-encoding: br
X-Firefox-Spdy: h2
|
|
| GET creditagricolesecureconnect.com/web/res/menu.png | 45.139.104.132 | 200 OK | 311 B |
URL GET creditagricolesecureconnect.com/web/res/menu.png IP45.139.104.132:443 ASN#399979 AS-493NETWORKING
Requested byhttps://creditagricolesecureconnect.com/web/depart.php CertificateIssuerLet's Encrypt Subjectcreditagricolesecureconnect.com Fingerprint08:D6:75:81:E9:86:B1:CE:41:E9:26:AB:10:37:58:D4:96:9B:73:95 ValidityTue, 08 Apr 2025 09:54:26 GMT - Mon, 07 Jul 2025 09:54:25 GMT
File typePNG image data, 53 x 50, 8-bit/color RGBA, non-interlaced Hash212ab8ba0002cf0f2c79d7cac247926f eae93b3c15073bc013acf51f8601f3a2f20f19c9 599e6ff8546fb8183657fba87d64bd6d4c20d642005754f3d05342b2d117ee35
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Credit Agricole S.A. | | Quad9 DNS | malicious | Sinkholed |
GET /web/res/menu.png HTTP/1.1
Host: creditagricolesecureconnect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creditagricolesecureconnect.com/web/depart.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 09 Apr 2025 10:26:22 GMT
content-type: image/png
content-length: 311
x-accel-version: 0.01
last-modified: Mon, 07 Apr 2025 00:06:11 GMT
etag: "137-6322500fa93ab"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
|
|
| GET creditagricolesecureconnect.com/web/res/fonts.css | 45.139.104.132 | 200 OK | 147 B |
URL GET creditagricolesecureconnect.com/web/res/fonts.css IP45.139.104.132:443 ASN#399979 AS-493NETWORKING
Requested byhttps://creditagricolesecureconnect.com/web/depart.php CertificateIssuerLet's Encrypt Subjectcreditagricolesecureconnect.com Fingerprint08:D6:75:81:E9:86:B1:CE:41:E9:26:AB:10:37:58:D4:96:9B:73:95 ValidityTue, 08 Apr 2025 09:54:26 GMT - Mon, 07 Jul 2025 09:54:25 GMT
File typeASCII text, with CRLF line terminators Hash4120e6cc4fc73fb5086f4adade40359f 43dfd8388f198e735fe61d32b961da67216f96f0 1a0d94397022ccef8557d7c459cca9975496c73965368f2dd0fbf1529ef305a1
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Credit Agricole S.A. | | Quad9 DNS | malicious | Sinkholed |
GET /web/res/fonts.css HTTP/1.1
Host: creditagricolesecureconnect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creditagricolesecureconnect.com/web/depart.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 09 Apr 2025 10:26:22 GMT
content-type: text/css
content-length: 97
x-accel-version: 0.01
last-modified: Mon, 07 Apr 2025 00:06:17 GMT
etag: "93-6322501544be8-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2
|
|
| GET creditagricolesecureconnect.com/web/res/jq.js | 45.139.104.132 | 200 OK | 369 kB |
URL GET creditagricolesecureconnect.com/web/res/jq.js IP45.139.104.132:443 ASN#399979 AS-493NETWORKING
Requested byhttps://creditagricolesecureconnect.com/web/depart.php CertificateIssuerLet's Encrypt Subjectcreditagricolesecureconnect.com Fingerprint08:D6:75:81:E9:86:B1:CE:41:E9:26:AB:10:37:58:D4:96:9B:73:95 ValidityTue, 08 Apr 2025 09:54:26 GMT - Mon, 07 Jul 2025 09:54:25 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65434), with no line terminators Size369 kB (369177 bytes) Hashda5dde515a49fb9248e84c45d5a63370 37825dc4bfb94d3def358d26e6ba0d13840e4045 d066c11600369c32eea993e482d74be1bcc76c906f18f2ea7cd995bba6ecc385
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Credit Agricole S.A. | | Quad9 DNS | malicious | Sinkholed |
GET /web/res/jq.js HTTP/1.1
Host: creditagricolesecureconnect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creditagricolesecureconnect.com/web/depart.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 09 Apr 2025 10:26:22 GMT
content-type: text/javascript
last-modified: Mon, 07 Apr 2025 00:06:19 GMT
etag: W/"67f316fb-5a219"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
|
|
| GET cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js |  104.17.25.14 | 200 OK | 88 kB |
URL GET cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js IP104.17.25.14:443
Requested byhttps://creditagricolesecureconnect.com/web/depart.php CertificateIssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash2c872dbe60f4ba70fb85356113d8b35e ee48592d1fff952fcf06ce0b666ed4785493afdc fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
GET /ajax/libs/jquery/3.7.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creditagricolesecureconnect.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 09 Apr 2025 10:26:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 27446
cf-ray: 92d94e47ded67129-OSL
server: cloudflare
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64ed75bb-6b36"
last-modified: Tue, 29 Aug 2023 04:36:11 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 29006
expires: Mon, 30 Mar 2026 10:26:22 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ebD9jtdhvrI8J4an%2FnjPlegXFbFkCVlqfFisvHdxuVFxllVIcUqQS4OEc8PpMs2k7kLt%2FIIKhfFpD%2Bh5gymVVhulSTwHKDHcJYbUxHoA9cFd7VId2k921EQWisUBlQlMxJfLQKHv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| POST telegrambotcheck.duckdns.org:5001/receive_token?referrer=loco | 0.0.0.0 | | 0 B |
URL POST telegrambotcheck.duckdns.org:5001/receive_token?referrer=loco IP0.0.0.0:0
Requested byhttps://creditagricolesecureconnect.com/web/depart.php
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
POST /receive_token?referrer=loco HTTP/1.1
Host: telegrambotcheck.duckdns.org:5001
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creditagricolesecureconnect.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://creditagricolesecureconnect.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|