youtuberbuzz.com Open in urlscan Pro
104.168.181.55 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5...
Submission: On September 21 via automatic, source openphish (September 21st 2017, 4:44:31 pm UTC)

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 104.168.181.55, located in Tulsa, United States and belongs to HOSTWINDS - Hostwinds LLC., US. The main domain is youtuberbuzz.com.

This is the only time youtuberbuzz.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Credit Agricole (Banking)

Domain & IP information

	IP Address	AS Autonomous System
4	104.168.181.55 104.168.181.55	54290 (HOSTWINDS) (HOSTWINDS - Hostwinds LLC.)
2	158.191.172.47 158.191.172.47	9159 () ()
1	2400:cb00:204... 2400:cb00:2048:1::6812:3665	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
1	2400:cb00:204... 2400:cb00:2048:1::6812:3765	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
8	4

4 104.168.181.55 (Tulsa, United States)

ASN54290 (HOSTWINDS - Hostwinds LLC., US)
PTR: client-104-168-181-55.hostwindsdns.com

youtuberbuzz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 158.191.172.47 (France)

ASN9159 (, FR)

www.credit-agricole.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6812:3665 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

store1.up-00.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6812:3765 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

store4.up-00.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	youtuberbuzz.com youtuberbuzz.com	6 KB
2	up-00.com store1.up-00.com store4.up-00.com	98 KB
2	credit-agricole.fr www.credit-agricole.fr	11 KB
8	3

	Domain	Requested by
4	youtuberbuzz.com	youtuberbuzz.com
2	www.credit-agricole.fr	youtuberbuzz.com
1	store4.up-00.com	youtuberbuzz.com
1	store1.up-00.com	youtuberbuzz.com
8	4

This site contains no links.

Subject Issuer	Validity	Valid
www.credit-agricole.fr CLASS 2 KEYNECTIS CA	`2016-12-07` - `2017-12-08`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/0c8938464c37dadabb9e02f491d72bd9/final.php
Frame ID: 18153.1
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Authentification

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

Page Statistics

8
Requests

25 %
HTTPS

50 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

115 kB
Transfer

129 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request final.php Show response
youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/0c8938464c37dadabb9e02f491d72bd9/ 17 KB
6 KB 309ms
156ms Document
text/html 104.168.181.55
Hostwinds LLC.

General

Check archive.org

Show headers Download Go to

Full URL: http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/0c8938464c37dadabb9e02f491d72bd9/final.php
Protocol: HTTP/1.1
Server: 104.168.181.55 Tulsa, United States, ASN54290 (HOSTWINDS - Hostwinds LLC., US),
Reverse DNS: client-104-168-181-55.hostwindsdns.com
Software: LiteSpeed / PHP/5.6.25
Resource Hash: 9916360fd7629d7dc9abc3b1e16ba24152275e208c37386205dfb95b0b8e8c01

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 21 Sep 2017 16:44:20 GMT
Content-Encoding: gzip
Server: LiteSpeed
X-Powered-By: PHP/5.6.25
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-Ranges: bytes

GET
H/1.1 404
Not Found authentication.js
youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/0c8938464c37dadabb9e02f491d72bd9/js/ 0
0 296ms
148ms Script
text/html 104.168.181.55
Hostwinds LLC.

General

Check archive.org

Show headers Download Go to

Full URL: http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/0c8938464c37dadabb9e02f491d72bd9/js/authentication.js
Requested by: Host: youtuberbuzz.com
URL: http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/0c8938464c37dadabb9e02f491d72bd9/final.php
Protocol: HTTP/1.1
Server: 104.168.181.55 Tulsa, United States, ASN54290 (HOSTWINDS - Hostwinds LLC., US),
Reverse DNS: client-104-168-181-55.hostwindsdns.com
Software: LiteSpeed /
Resource Hash

Request headers

Referer: http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/0c8938464c37dadabb9e02f491d72bd9/final.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 21 Sep 2017 16:44:20 GMT
Server: LiteSpeed
Content-Type: text/html
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1148

GET
H/1.1 200
OK f4e4b15ee25a1b4dca5039e50b3f32.png
www.credit-agricole.fr/local/cache-gd2/90/ 9 KB
9 KB 90ms
26ms Image
image/png 158.191.172.47

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.credit-agricole.fr/local/cache-gd2/90/f4e4b15ee25a1b4dca5039e50b3f32.png?1505081466

Requested by

Host: youtuberbuzz.com
URL: http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/0c8938464c37dadabb9e02f491d72bd9/final.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

158.191.172.47 , France, ASN9159 (, FR),

Reverse DNS

Software

Apache /

Resource Hash

f333f2fcf0fc6deb49618932f5ce44eb14b0bac35322fd98100fab9490551903

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/0c8938464c37dadabb9e02f491d72bd9/final.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 21 Sep 2017 16:44:20 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 21 Sep 2017 16:44:13 GMT
Server: Apache
ETag: "2230-559b5cd677ad5"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
X-Robots-Tag: noindex, follow
Keep-Alive: timeout=5, max=100
Content-Length: 8752
X-Xss-Protection: 1; mode=block
Expires: Sat, 21 Oct 2017 16:44:20 GMT

GET
H/1.1 200
OK 205be68a1ef005d2e7792dd79f3c24.png
www.credit-agricole.fr/local/cache-gd2/21/ 3 KB
3 KB 26ms
26ms Image
image/png 158.191.172.47

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.credit-agricole.fr/local/cache-gd2/21/205be68a1ef005d2e7792dd79f3c24.png?1505090519

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

158.191.172.47 , France, ASN9159 (, FR),

Reverse DNS

Software

Apache /

Resource Hash

f1965d63907826b0d6649e89d45f51da57718622274e652cb22ad0e0518a2115

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/0c8938464c37dadabb9e02f491d72bd9/final.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 21 Sep 2017 16:44:20 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 21 Sep 2017 16:44:17 GMT
Server: Apache
ETag: "a7e-559b5cda907f4"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
X-Robots-Tag: noindex, follow
Keep-Alive: timeout=5, max=99
Content-Length: 2686
X-Xss-Protection: 1; mode=block
Expires: Sat, 21 Oct 2017 16:44:20 GMT

GET
H/1.1 200
OK 150509208302571.png
store1.up-00.com/2017-09/ 769 B
769 B 14ms
8ms Image
image/png 2400:cb00:2048:1::6812:3665
CloudFlare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://store1.up-00.com/2017-09/150509208302571.png
Requested by: Host: youtuberbuzz.com
URL: http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/0c8938464c37dadabb9e02f491d72bd9/final.php
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6812:3665 , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),
Reverse DNS
Software: cloudflare-nginx /
Resource Hash: b2d514069c57ccfac450842727d457a50dd41d5543799241b0b254afa1dd9ee1

Request headers

Referer: http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/0c8938464c37dadabb9e02f491d72bd9/final.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 21 Sep 2017 16:44:20 GMT
CF-Cache-Status: HIT
Last-Modified: Mon, 11 Sep 2017 01:13:37 GMT
Server: cloudflare-nginx
ETag: "59b5e341-301"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: public, max-age=259200
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 3a1e7d13c3cc236c-FRA
Content-Length: 769
Expires: Sun, 24 Sep 2017 16:44:20 GMT

GET
H/1.1 200
OK 150509102477841.png
store4.up-00.com/2017-09/ 97 KB
97 KB 14ms
8ms Image
image/png 2400:cb00:2048:1::6812:3765
CloudFlare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://store4.up-00.com/2017-09/150509102477841.png
Requested by: Host: youtuberbuzz.com
URL: http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/0c8938464c37dadabb9e02f491d72bd9/final.php
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6812:3765 , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),
Reverse DNS
Software: cloudflare-nginx /
Resource Hash: 6b598512a01f4d0780b5f4b99e55942fcbfb254d2c9ab36a4db3f2fcd4d9d2b6

Request headers

Referer: http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/0c8938464c37dadabb9e02f491d72bd9/final.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 21 Sep 2017 16:44:20 GMT
CF-Cache-Status: HIT
Last-Modified: Mon, 11 Sep 2017 00:55:59 GMT
Server: cloudflare-nginx
ETag: "59b5df1f-185f6"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: public, max-age=259200
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 3a1e7d14e0da26f6-FRA
Content-Length: 99830
Expires: Sun, 24 Sep 2017 16:44:20 GMT

GET
H/1.1 404
Not Found ar_h.gif
youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/imgs/imagesTemplates/ 1 KB
0 148ms
148ms Image
text/html 104.168.181.55
Hostwinds LLC.

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/imgs/imagesTemplates/ar_h.gif
Requested by: Host: youtuberbuzz.com
URL: http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/0c8938464c37dadabb9e02f491d72bd9/final.php
Protocol: HTTP/1.1
Server: 104.168.181.55 Tulsa, United States, ASN54290 (HOSTWINDS - Hostwinds LLC., US),
Reverse DNS: client-104-168-181-55.hostwindsdns.com
Software: LiteSpeed /
Resource Hash: 70c65bd0e084398a87baa298c1fafa52afff402096cb350d563d309565c07e83

Request headers

Referer: http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/0c8938464c37dadabb9e02f491d72bd9/final.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 21 Sep 2017 16:44:20 GMT
Server: LiteSpeed
Content-Type: text/html
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1148

GET
H/1.1 404
Not Found ar_b.gif
youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/imgs/imagesTemplates/ 1 KB
0 296ms
148ms Image
text/html 104.168.181.55
Hostwinds LLC.

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/imgs/imagesTemplates/ar_b.gif
Requested by: Host: youtuberbuzz.com
URL: http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/0c8938464c37dadabb9e02f491d72bd9/final.php
Protocol: HTTP/1.1
Server: 104.168.181.55 Tulsa, United States, ASN54290 (HOSTWINDS - Hostwinds LLC., US),
Reverse DNS: client-104-168-181-55.hostwindsdns.com
Software: LiteSpeed /
Resource Hash: 70c65bd0e084398a87baa298c1fafa52afff402096cb350d563d309565c07e83

Request headers

Referer: http://youtuberbuzz.com/cledigita10Ginrmation/www.mes-acces.credit-agri-cole.fr-banques-portailL-particulier-homepagese5642A/cred/0c8938464c37dadabb9e02f491d72bd9/final.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 21 Sep 2017 16:44:20 GMT
Server: LiteSpeed
Content-Type: text/html
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1148

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Credit Agricole (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

store1.up-00.com
store4.up-00.com
www.credit-agricole.fr
youtuberbuzz.com
104.168.181.55
158.191.172.47
2400:cb00:2048:1::6812:3665
2400:cb00:2048:1::6812:3765
6b598512a01f4d0780b5f4b99e55942fcbfb254d2c9ab36a4db3f2fcd4d9d2b6
70c65bd0e084398a87baa298c1fafa52afff402096cb350d563d309565c07e83
9916360fd7629d7dc9abc3b1e16ba24152275e208c37386205dfb95b0b8e8c01
b2d514069c57ccfac450842727d457a50dd41d5543799241b0b254afa1dd9ee1
f1965d63907826b0d6649e89d45f51da57718622274e652cb22ad0e0518a2115
f333f2fcf0fc6deb49618932f5ce44eb14b0bac35322fd98100fab9490551903

youtuberbuzz.com Open in urlscan Pro 104.168.181.55 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

8 Requests

25 %HTTPS

50 %IPv6

3 Domains

4 Subdomains

4 IPs

2 Countries

115 kBTransfer

129 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

youtuberbuzz.com Open in urlscan Pro
104.168.181.55 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

25 %
HTTPS

50 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

115 kB
Transfer

129 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!