postgroup-lu.com Open in urlscan Pro
164.68.115.95 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://postgroup-lu.com/facture/LuFrais/
Effective URL:
https://postgroup-lu.com/facture/LuFrais/LUX1.php
Submission: On September 20 via automatic, source openphish (September 20th 2023, 3:20:41 am UTC) — Scanned from DE

Summary HTTP 24 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 24 HTTP transactions. The main IP is 164.68.115.95, located in Nuremberg, Germany and belongs to CONTABO, DE. The main domain is postgroup-lu.com.
TLS certificate: Issued by R3 on June 27th 2023. Valid for: 3 months.

This is the only time postgroup-lu.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Post Luxembourg (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
2 23	164.68.115.95 164.68.115.95	51167 (CONTABO) (CONTABO)
1	2606:4700::68... 2606:4700::6812:c134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
24	3

23 164.68.115.95 (Nuremberg, Germany) 2 redirects

ASN51167 (CONTABO, DE)
PTR: wrld.alojatudo.online

postgroup-lu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:c134 (United States)

ASN13335 (CLOUDFLARENET, US)

hello.myfonts.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	postgroup-lu.com 2 redirects postgroup-lu.com	428 KB
1	myfonts.net hello.myfonts.net — Cisco Umbrella Rank: 15583	353 B
0	post.lu Failed cdn.post.lu Failed
24	3

	Domain	Requested by
23	postgroup-lu.com	2 redirects postgroup-lu.com
1	hello.myfonts.net	postgroup-lu.com
0	cdn.post.lu Failed	postgroup-lu.com
24	3

This site contains no links.

Subject Issuer	Validity	Valid
postgroup-lu.com R3	`2023-06-27` - `2023-09-25`	3 months	crt.sh
*.myfonts.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-29` - `2024-09-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://postgroup-lu.com/facture/LuFrais/LUX1.php
Frame ID: 9301928C82076F50D617246D86F13196
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Track and Trace: Le suivi des envois, colis et recommandés - POSTTrack and TraceSearch EngineBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

http://postgroup-lu.com/facture/LuFrais/ HTTP 301
https://postgroup-lu.com/facture/LuFrais/ HTTP 302
https://postgroup-lu.com/facture/LuFrais/LUX1.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

24
Requests

92 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

428 kB
Transfer

1621 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://postgroup-lu.com/facture/LuFrais/ HTTP 301
https://postgroup-lu.com/facture/LuFrais/ HTTP 302
https://postgroup-lu.com/facture/LuFrais/LUX1.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request LUX1.php Show response postgroup-lu.com/facture/LuFrais/ Redirect Chain http://postgroup-lu.com/facture/LuFrais/ https://postgroup-lu.com/facture/LuFrais/ https://postgroup-lu.com/facture/LuFrais/LUX1.php	240 KB 31 KB	104ms 104ms	Document text/html	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Full URL https://postgroup-lu.com/facture/LuFrais/LUX1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PHP/8.0.30 PleskLin Resource Hash `828f39ee521b49bd545f3e7caa66abb7f4a6639c26a3e8598b938d956487ca3e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-type text/html; charset=UTF-8 date Wed, 20 Sep 2023 03:20:36 GMT server nginx x-powered-by PHP/8.0.30 PleskLin Redirect headers content-type text/html; charset=UTF-8 date Wed, 20 Sep 2023 03:20:36 GMT location ./LUX1.php server nginx x-powered-by PHP/8.0.30 PleskLin
GET H2	200	main.css postgroup-lu.com/facture/LuFrais/asx/	49 KB 9 KB	59ms 53ms	Stylesheet text/css	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Full URL https://postgroup-lu.com/facture/LuFrais/asx/main.css Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `33f7ba54e91e5047a99b33bfa13829b80bf60621f13b37a903ab7ecfd97e3c0f` Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/facture/LuFrais/LUX1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT content-encoding br last-modified Thu, 29 Jun 2023 12:08:39 GMT server nginx etag W/"649d7447-c589" x-powered-by PleskLin content-type text/css
GET H2	200	clay.css postgroup-lu.com/facture/LuFrais/asx/	559 KB 59 KB	81ms 75ms	Stylesheet text/css	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Full URL https://postgroup-lu.com/facture/LuFrais/asx/clay.css Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `53dd9472c339b9339490fbd27130189810390f1bf55b57f6aee08263e66a8159` Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/facture/LuFrais/LUX1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT content-encoding br last-modified Thu, 29 Jun 2023 12:08:39 GMT server nginx etag W/"649d7447-8bb23" x-powered-by PleskLin content-type text/css
GET H2	200	main(1).css postgroup-lu.com/facture/LuFrais/asx/	79 KB 13 KB	122ms 117ms	Stylesheet text/css	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Full URL https://postgroup-lu.com/facture/LuFrais/asx/main(1).css Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `6efbf42b8df2e7d656c9f38b1951be1ec0b29e96cde928235fab2eb0f85bd903` Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/facture/LuFrais/LUX1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT content-encoding br last-modified Thu, 29 Jun 2023 12:08:39 GMT server nginx etag W/"649d7447-13d23" x-powered-by PleskLin content-type text/css
GET H2	200	main(2).css postgroup-lu.com/facture/LuFrais/asx/	82 KB 15 KB	122ms 117ms	Stylesheet text/css	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Full URL https://postgroup-lu.com/facture/LuFrais/asx/main(2).css Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `b1309e6083d9ca05b3817f7d2e2e6f81fdb8449a6c5bef26acba31e3e58af02e` Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/facture/LuFrais/LUX1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT content-encoding br last-modified Thu, 29 Jun 2023 12:08:39 GMT server nginx etag W/"649d7447-14831" x-powered-by PleskLin content-type text/css
GET H2	200	custom_post.css postgroup-lu.com/facture/LuFrais/asx/	327 KB 37 KB	120ms 117ms	Stylesheet text/css	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Full URL https://postgroup-lu.com/facture/LuFrais/asx/custom_post.css Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `25a985b09e65643f16e8f1647b63894af8bee9f0de0dce595f7efe0ba9e61474` Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/facture/LuFrais/LUX1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT content-encoding br last-modified Thu, 29 Jun 2023 12:08:39 GMT server nginx etag W/"649d7447-51a4e" x-powered-by PleskLin content-type text/css
GET H2	200	fix_portal.css postgroup-lu.com/facture/LuFrais/asx/	3 KB 838 B	121ms 117ms	Stylesheet text/css	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Full URL https://postgroup-lu.com/facture/LuFrais/asx/fix_portal.css Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `bde904d5655730923c9f2e695d23e31ef49b14a3076bfa57445b633d62dfb899` Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/facture/LuFrais/LUX1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT content-encoding br last-modified Thu, 29 Jun 2023 12:08:39 GMT server nginx etag W/"649d7447-ab2" x-powered-by PleskLin content-type text/css
GET H2	200	onetrust.css postgroup-lu.com/facture/LuFrais/asx/	23 KB 3 KB	120ms 117ms	Stylesheet text/css	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Full URL https://postgroup-lu.com/facture/LuFrais/asx/onetrust.css Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `41cf1c32876ab908fd4460abaaab8657f444c4d3e32c53ddbcff54dfac83ff9d` Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/facture/LuFrais/LUX1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT content-encoding br last-modified Thu, 29 Jun 2023 12:08:39 GMT server nginx etag W/"649d7447-5c9c" x-powered-by PleskLin content-type text/css
GET H2	200	logo-post.svg postgroup-lu.com/facture/LuFrais/asx/	9 KB 10 KB	141ms 138ms	Image image/svg+xml	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://postgroup-lu.com/facture/LuFrais/asx/logo-post.svg Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `59d18565c29f8c4c26ff1b862f5d0b9b69b74089b39efdab0ab88146ec57aecc` Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/facture/LuFrais/LUX1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT last-modified Thu, 29 Jun 2023 12:08:39 GMT server nginx etag "649d7447-25e4" x-powered-by PleskLin content-type image/svg+xml accept-ranges bytes content-length 9700
GET H2	200	styles.ac9f89177784e2371ba7.css postgroup-lu.com/facture/LuFrais/asx/	1 KB 530 B	143ms 140ms	Stylesheet text/css	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Full URL https://postgroup-lu.com/facture/LuFrais/asx/styles.ac9f89177784e2371ba7.css Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `04526caad48ebb27b8dd9bad6be02ae8c92cd19ccd00bdbc3697972e6f4553a1` Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/facture/LuFrais/LUX1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT content-encoding br last-modified Thu, 29 Jun 2023 12:08:39 GMT server nginx etag W/"649d7447-5c8" x-powered-by PleskLin content-type text/css
GET H2	200	package.png postgroup-lu.com/facture/LuFrais/asx/	1 KB 1 KB	141ms 138ms	Image image/png	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://postgroup-lu.com/facture/LuFrais/asx/package.png Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `bc379cec5907e4de7326f5e1674de814b4a49de9bcd0d280345a63b3f1302012` Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/facture/LuFrais/LUX1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT last-modified Thu, 29 Jun 2023 12:08:39 GMT server nginx etag "649d7447-462" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 1122
GET H2	200	logo-post-circle.png postgroup-lu.com/facture/LuFrais/asx/	5 KB 5 KB	131ms 128ms	Image image/png	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://postgroup-lu.com/facture/LuFrais/asx/logo-post-circle.png Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `d8438feb7fb87f27e3f7356aa480223779610764372e434b99e67a8b0976bd5b` Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/facture/LuFrais/LUX1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT last-modified Thu, 29 Jun 2023 12:08:39 GMT server nginx etag "649d7447-1432" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 5170
GET H2	200	styles.a77d7d7e77b32ba817c1.css postgroup-lu.com/facture/LuFrais/asx/	255 B 260 B	142ms 138ms	Stylesheet text/css	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Full URL https://postgroup-lu.com/facture/LuFrais/asx/styles.a77d7d7e77b32ba817c1.css Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `426d75e12884778fdeed19f879ffe83f6d916bcec034e31fc441149791318518` Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/facture/LuFrais/LUX1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT content-encoding br last-modified Thu, 29 Jun 2023 12:08:39 GMT x-accel-version 0.01 server nginx etag W/"ff-5ff438f8e4c96" x-powered-by PleskLin content-type text/css
GET H2	200	logo-post(1).svg postgroup-lu.com/facture/LuFrais/asx/	9 KB 10 KB	140ms 137ms	Image image/svg+xml	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://postgroup-lu.com/facture/LuFrais/asx/logo-post(1).svg Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `59d18565c29f8c4c26ff1b862f5d0b9b69b74089b39efdab0ab88146ec57aecc` Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/facture/LuFrais/LUX1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT last-modified Thu, 29 Jun 2023 12:08:39 GMT server nginx etag "649d7447-25e4" x-powered-by PleskLin content-type image/svg+xml accept-ranges bytes content-length 9700
GET H2	200	agregation_compte_moteur_recherche.jpg postgroup-lu.com/facture/LuFrais/asx/	35 KB 35 KB	142ms 139ms	Image image/jpeg	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://postgroup-lu.com/facture/LuFrais/asx/agregation_compte_moteur_recherche.jpg Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `515a3a00a375dab334e6c8c9c26beffd3b81ceac2f4451bfd9183321cb789e13` Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/facture/LuFrais/LUX1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT last-modified Thu, 29 Jun 2023 12:08:39 GMT server nginx etag "649d7447-8bf1" x-powered-by PleskLin content-type image/jpeg accept-ranges bytes content-length 35825
GET H2	200	packup_img.jpg postgroup-lu.com/facture/LuFrais/asx/	14 KB 14 KB	131ms 129ms	Image image/jpeg	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://postgroup-lu.com/facture/LuFrais/asx/packup_img.jpg Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `c54f4fe18dbc658d293686cc5c32d477c929c1dfc058c383579b847982c0dfe9` Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/facture/LuFrais/LUX1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT last-modified Thu, 29 Jun 2023 12:08:39 GMT server nginx etag "649d7447-3601" x-powered-by PleskLin content-type image/jpeg accept-ranges bytes content-length 13825
GET H2	200	bamboo.jpg postgroup-lu.com/facture/LuFrais/asx/	49 KB 49 KB	141ms 139ms	Image image/jpeg	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://postgroup-lu.com/facture/LuFrais/asx/bamboo.jpg Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `1d0ce22c09af9702c61733a7fe8b6e91b3126d968df8dfb7923ccb697fa215ac` Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/facture/LuFrais/LUX1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT last-modified Thu, 29 Jun 2023 12:08:39 GMT server nginx etag "649d7447-c4e6" x-powered-by PleskLin content-type image/jpeg accept-ranges bytes content-length 50406
GET H2	200	facture_client.jpg postgroup-lu.com/facture/LuFrais/asx/	22 KB 23 KB	140ms 139ms	Image image/jpeg	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://postgroup-lu.com/facture/LuFrais/asx/facture_client.jpg Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `d33ae1cc6cced5a19f7e11f432b59aad8cf8da0cfe7455e52f154b21c2f61338` Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/facture/LuFrais/LUX1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT last-modified Thu, 29 Jun 2023 12:08:39 GMT server nginx etag "649d7447-59a4" x-powered-by PleskLin content-type image/jpeg accept-ranges bytes content-length 22948
GET H2	404	aui_deprecated.css postgroup-lu.com/facture/LuFrais/asx/portal/	0 0	49ms 49ms	Stylesheet text/html	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Full URL https://postgroup-lu.com/facture/LuFrais/asx/portal/aui_deprecated.css?t=1598461760344 Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/asx/main(1).css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/facture/LuFrais/asx/main(1).css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT content-encoding br last-modified Tue, 27 Jun 2023 10:50:09 GMT server nginx etag W/"328-5ff1a3b20f71b" content-type text/html
GET H2	200	3d702d hello.myfonts.net/count/	0 353 B	143ms 50ms	Stylesheet text/css	2606:4700::6812:c134 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hello.myfonts.net/count/3d702d Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/asx/custom_post.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2606:4700::6812:c134 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://postgroup-lu.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:36 GMT server cloudflare age 1 expect-ct null vary Accept-Encoding content-type text/css access-control-allow-origin * cache-control max-age=604800 accept-ranges bytes cf-ray 8096eefee88c03a6-FRA content-length 0 expires Thu, 19 Sep 2024 03:20:36 GMT
GET H2	200	font.woff2 postgroup-lu.com/facture/LuFrais/asx/	26 KB 26 KB	52ms 51ms	Font font/woff2	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Full URL https://postgroup-lu.com/facture/LuFrais/asx/font.woff2 Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/asx/custom_post.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `d705e7b8df406db8a9c85bd139805f9c229810f3326b18089567a731fa0c7005` Request headers Referer https://postgroup-lu.com/facture/LuFrais/asx/custom_post.css Origin https://postgroup-lu.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:37 GMT last-modified Thu, 29 Jun 2023 12:08:39 GMT server nginx etag "649d7447-6910" x-powered-by PleskLin content-type font/woff2 accept-ranges bytes content-length 26896
GET H2	200	icomoon.ttf postgroup-lu.com/facture/LuFrais/asx/	86 KB 86 KB	49ms 49ms	Font application/font-sfnt	164.68.115.95 CONTABO
General Check archive.org Show headers Download Go to Full URL https://postgroup-lu.com/facture/LuFrais/asx/icomoon.ttf?3oo126 Requested by Host: postgroup-lu.com URL: https://postgroup-lu.com/facture/LuFrais/asx/custom_post.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 164.68.115.95 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS wrld.alojatudo.online Software nginx / PleskLin Resource Hash `1941d69eb1c8e8277dd0d85545281506041aa524ae55577a364017c780d0df9f` Request headers Referer https://postgroup-lu.com/facture/LuFrais/asx/custom_post.css Origin https://postgroup-lu.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 03:20:37 GMT last-modified Thu, 29 Jun 2023 12:08:39 GMT server nginx etag "649d7447-156dc" x-powered-by PleskLin content-type application/font-sfnt accept-ranges bytes content-length 87772
GET		font.woff2 cdn.post.lu/newpostlu/babel-theme/fonts/museo/MuseoSansRounded300/	0 0

GET		font.woff cdn.post.lu/newpostlu/babel-theme/fonts/museo/MuseoSansRounded300/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn.post.lu
URL: https://cdn.post.lu/newpostlu/babel-theme/fonts/museo/MuseoSansRounded300/font.woff2

Domain: cdn.post.lu
URL: https://cdn.post.lu/newpostlu/babel-theme/fonts/museo/MuseoSansRounded300/font.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Post Luxembourg (Transportation)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.myfonts.net/	1970-01-20 14:53:01	Name: __cf_bm Value: cz.CPz.l5FKJJcxsLeCINhkCyW_O_dijXXzdE25CwyU-1695180036-0-AQPbJh0qBq6cTQNSa0dNQUcwtBcrNN8FWByUKLPbl9w1DrA1K4usiEYEpRFJmNe6lHvpoM3tWzM7vZXBZ3Nf68c=

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://postgroup-lu.com/facture/LuFrais/asx/portal/aui_deprecated.css?t=1598461760344 Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Message: Access to font at 'https://cdn.post.lu/newpostlu/babel-theme/fonts/museo/MuseoSansRounded300/font.woff2' from origin 'https://postgroup-lu.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cdn.post.lu/newpostlu/babel-theme/fonts/museo/MuseoSansRounded300/font.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php Message: Access to font at 'https://cdn.post.lu/newpostlu/babel-theme/fonts/museo/MuseoSansRounded300/font.woff' from origin 'https://postgroup-lu.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cdn.post.lu/newpostlu/babel-theme/fonts/museo/MuseoSansRounded300/font.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.post.lu
hello.myfonts.net
postgroup-lu.com
cdn.post.lu
164.68.115.95
2606:4700::6812:c134
04526caad48ebb27b8dd9bad6be02ae8c92cd19ccd00bdbc3697972e6f4553a1
1941d69eb1c8e8277dd0d85545281506041aa524ae55577a364017c780d0df9f
1d0ce22c09af9702c61733a7fe8b6e91b3126d968df8dfb7923ccb697fa215ac
25a985b09e65643f16e8f1647b63894af8bee9f0de0dce595f7efe0ba9e61474
33f7ba54e91e5047a99b33bfa13829b80bf60621f13b37a903ab7ecfd97e3c0f
41cf1c32876ab908fd4460abaaab8657f444c4d3e32c53ddbcff54dfac83ff9d
426d75e12884778fdeed19f879ffe83f6d916bcec034e31fc441149791318518
515a3a00a375dab334e6c8c9c26beffd3b81ceac2f4451bfd9183321cb789e13
53dd9472c339b9339490fbd27130189810390f1bf55b57f6aee08263e66a8159
59d18565c29f8c4c26ff1b862f5d0b9b69b74089b39efdab0ab88146ec57aecc
6efbf42b8df2e7d656c9f38b1951be1ec0b29e96cde928235fab2eb0f85bd903
828f39ee521b49bd545f3e7caa66abb7f4a6639c26a3e8598b938d956487ca3e
b1309e6083d9ca05b3817f7d2e2e6f81fdb8449a6c5bef26acba31e3e58af02e
bc379cec5907e4de7326f5e1674de814b4a49de9bcd0d280345a63b3f1302012
bde904d5655730923c9f2e695d23e31ef49b14a3076bfa57445b633d62dfb899
c54f4fe18dbc658d293686cc5c32d477c929c1dfc058c383579b847982c0dfe9
d33ae1cc6cced5a19f7e11f432b59aad8cf8da0cfe7455e52f154b21c2f61338
d705e7b8df406db8a9c85bd139805f9c229810f3326b18089567a731fa0c7005
d8438feb7fb87f27e3f7356aa480223779610764372e434b99e67a8b0976bd5b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

postgroup-lu.com Open in urlscan Pro 164.68.115.95 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

24 Requests

92 %HTTPS

50 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

428 kBTransfer

1621 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

5 Console Messages

Indicators

postgroup-lu.com Open in urlscan Pro
164.68.115.95 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

92 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

428 kB
Transfer

1621 kB
Size

1
Cookies

24 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!