urlscan.io logo urlscan.io
SecurityTrails logo

hi4d8d2zyd.preview-postedstuff.com Open in urlscan Pro
52.215.48.49  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://kts.group/page-CAgri.php
Effective URL: https://hi4d8d2zyd.preview-postedstuff.com/V2-ZBrv-Zu3Z-Cmuh-EJpd/
Submission: On March 16 via api from LU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 5 domains to perform 7 HTTP transactions. The main IP is 52.215.48.49, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is hi4d8d2zyd.preview-postedstuff.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 10th 2023. Valid for: 7 months.
This is the only time hi4d8d2zyd.preview-postedstuff.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Credit Agricole (Banking)

Domain & IP information

IP Address AS Autonomous System
1 31.31.196.93 197695 (AS-REG)
1 52.215.48.49 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 65.9.66.57 16509 (AMAZON-02)
1 52.85.96.7 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
7 6
1    31.31.196.93 (Russian Federation)

ASN197695 (AS-REG, RU)
PTR: vip38.hosting.reg.ru
kts.group
1    52.215.48.49 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-48-49.eu-west-1.compute.amazonaws.com
hi4d8d2zyd.preview-postedstuff.com
1    2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    65.9.66.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-57.fra56.r.cloudfront.net
d15k2d11r6t6rl.cloudfront.net
1    52.85.96.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-96-7.pmo50.r.cloudfront.net
d1oco4z2z1fhwp.cloudfront.net
1    2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
Domain Requested by
2 d15k2d11r6t6rl.cloudfront.net hi4d8d2zyd.preview-postedstuff.com
1 www.gstatic.com www.google.com
1 d1oco4z2z1fhwp.cloudfront.net hi4d8d2zyd.preview-postedstuff.com
1 www.google.com hi4d8d2zyd.preview-postedstuff.com
1 hi4d8d2zyd.preview-postedstuff.com
1 kts.group
7 6

This site contains links to these domains. Also see Links.

Domain
artclubnorthcote.com
www.designedwithbee.com
Subject Issuer Validity Valid
www.kts.group
GlobalSign GCC R3 DV TLS CA 2020		 2022-02-17 -
2023-03-21		 a year crt.sh
*.postedstuff.com
Amazon RSA 2048 M02		 2023-02-10 -
2023-09-24		 7 months crt.sh
www.google.com
GTS CA 1C3		 2023-03-02 -
2023-05-25		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2022-12-08 -
2023-12-07		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-03-02 -
2023-05-25		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://hi4d8d2zyd.preview-postedstuff.com/V2-ZBrv-Zu3Z-Cmuh-EJpd/
Frame ID: CB19637A0DE7612A61888A7ADB1AF45C
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://kts.group/page-CAgri.php Page URL
  2. https://hi4d8d2zyd.preview-postedstuff.com/V2-ZBrv-Zu3Z-Cmuh-EJpd/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

7
Requests

100 %
HTTPS

33 %
IPv6

5
Domains

6
Subdomains

6
IPs

4
Countries

239 kB
Transfer

496 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://kts.group/page-CAgri.php Page URL
  2. https://hi4d8d2zyd.preview-postedstuff.com/V2-ZBrv-Zu3Z-Cmuh-EJpd/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
page-CAgri.php
kts.group/ 		179 B
320 B 		Document
General
Check archive.org
Download Go to
Full URL
https://kts.group/page-CAgri.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
31.31.196.93 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
vip38.hosting.reg.ru
Software
nginx / PHP/7.1.18
Resource Hash
a8d10881db849617c4ad81520b4303e5fefa6593529ead60cc19af48cb58f4b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 16 Mar 2023 02:19:08 GMT
server
nginx
strict-transport-security
max-age=31536000;
vary
Accept-Encoding
x-powered-by
PHP/7.1.18
Primary Request /
hi4d8d2zyd.preview-postedstuff.com/V2-ZBrv-Zu3Z-Cmuh-EJpd/ 		8 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hi4d8d2zyd.preview-postedstuff.com/V2-ZBrv-Zu3Z-Cmuh-EJpd/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.215.48.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-48-49.eu-west-1.compute.amazonaws.com
Software
uvicorn /
Resource Hash
455183719b4501b0a3da765263f4ce4eed1af11cf705ef615572fc90d2d137aa

Request headers

Referer
https://kts.group/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
7841
content-type
text/html; charset=utf-8
date
Thu, 16 Mar 2023 02:19:08 GMT
server
uvicorn
api.js
www.google.com/recaptcha/ 		850 B
875 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: hi4d8d2zyd.preview-postedstuff.com
URL: https://hi4d8d2zyd.preview-postedstuff.com/V2-ZBrv-Zu3Z-Cmuh-EJpd/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b5eeeafc2ea6cb8412324bb4d24c46e3206f3048ba47e54805234a2157f28591
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hi4d8d2zyd.preview-postedstuff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36

Response headers

date
Thu, 16 Mar 2023 02:19:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
555
x-xss-protection
1; mode=block
expires
Thu, 16 Mar 2023 02:19:08 GMT
logo_Agir_chaque_jour_CA_H_Desktop-1.svg
d15k2d11r6t6rl.cloudfront.net/public/users/Integrators/BeeProAgency/960544_945088/ 		22 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d15k2d11r6t6rl.cloudfront.net/public/users/Integrators/BeeProAgency/960544_945088/logo_Agir_chaque_jour_CA_H_Desktop-1.svg
Requested by
Host: hi4d8d2zyd.preview-postedstuff.com
URL: https://hi4d8d2zyd.preview-postedstuff.com/V2-ZBrv-Zu3Z-Cmuh-EJpd/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-57.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5c44321c0ba44a1fa665ba4c928fbebd869a3082c458bd2d20a0d07a4e5fcc24

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hi4d8d2zyd.preview-postedstuff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36

Response headers

date
Thu, 16 Mar 2023 02:19:10 GMT
content-encoding
gzip
via
1.1 47a7b8b932d91b0edbfc42f1ba94ebc0.cloudfront.net (CloudFront)
last-modified
Tue, 14 Mar 2023 19:43:04 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
W/"8a6438815d53936ba84ffbef78c8bcfc"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
image/svg+xml
x-amz-cf-id
kg2RGKesIWwkJvaepJWraF1GDlZ5ET1G9gM8dsp4v8UH1MdcmTnYIA==
logo%20Securipass.png
d15k2d11r6t6rl.cloudfront.net/public/users/Integrators/BeeProAgency/960544_945088/ 		48 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d15k2d11r6t6rl.cloudfront.net/public/users/Integrators/BeeProAgency/960544_945088/logo%20Securipass.png
Requested by
Host: hi4d8d2zyd.preview-postedstuff.com
URL: https://hi4d8d2zyd.preview-postedstuff.com/V2-ZBrv-Zu3Z-Cmuh-EJpd/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-57.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7b40e7a94bf269928b2cf5b4be8ad3e428a73c12f1d82f3172d396d7859716d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hi4d8d2zyd.preview-postedstuff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36

Response headers

date
Thu, 16 Mar 2023 02:19:10 GMT
via
1.1 47a7b8b932d91b0edbfc42f1ba94ebc0.cloudfront.net (CloudFront)
last-modified
Tue, 14 Mar 2023 19:43:16 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
"54013d57334cd681727950bf486bbc15"
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
48666
x-amz-cf-id
w_qWBHKBBozucEezB4L0JcBmz72DbA6X084s1rXyVjRCH087XdLs_g==
bee.png
d1oco4z2z1fhwp.cloudfront.net/assets/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d1oco4z2z1fhwp.cloudfront.net/assets/bee.png
Requested by
Host: hi4d8d2zyd.preview-postedstuff.com
URL: https://hi4d8d2zyd.preview-postedstuff.com/V2-ZBrv-Zu3Z-Cmuh-EJpd/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.96.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-96-7.pmo50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
20df19eebf8f8d25355f57446931b7ee227b146d6fb07362bcff1534c118e466

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hi4d8d2zyd.preview-postedstuff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36

Response headers

date
Thu, 16 Mar 2023 01:08:25 GMT
via
1.1 bd38af9fa525f4cbbadf1a6ff2af7686.cloudfront.net (CloudFront)
last-modified
Wed, 08 Mar 2023 16:02:34 GMT
server
AmazonS3
x-amz-cf-pop
PMO50-C1
age
4728
x-amz-server-side-encryption
AES256
etag
"e81ea65e866d69316f8b067f3dd5322c"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
13028
x-amz-cf-id
fhRG2ifxrLJLlB1RwYSERNX2RwiiKl8fKHSXBsaoWGZqXlAVbFej4g==
recaptcha__de.js
www.gstatic.com/recaptcha/releases/MuIyr8Ej74CrXhJDQy37RPBe/ 		405 KB
162 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/MuIyr8Ej74CrXhJDQy37RPBe/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5e008e03e1be26d3c8a0291bb1d29f93bddeef133fefd946ed207245fc6e63ea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://hi4d8d2zyd.preview-postedstuff.com/
Origin
https://hi4d8d2zyd.preview-postedstuff.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 00:21:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
439052
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
165509
x-xss-protection
0
last-modified
Sun, 05 Mar 2023 21:03:42 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 10 Mar 2024 00:21:37 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Credit Agricole (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| onSubmit object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000;