app-verify-creditagricole-jrzvtju113p.dyndns.dk Open in urlscan Pro
85.215.109.115 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://anfiide.net/
Effective URL:
https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth/region.php
Submission Tags: @ecarlesi threat #phishing #creditagricole Search All
Submission: On October 07 via api (October 7th 2023, 2:14:06 am UTC) from AU — Scanned from AU

Summary HTTP 1 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 1 HTTP transactions. The main IP is 85.215.109.115, located in Berlin, Germany and belongs to STRATO STRATO AG, DE. The main domain is app-verify-creditagricole-jrzvtju113p.dyndns.dk.
TLS certificate: Issued by R3 on October 6th 2023. Valid for: 3 months.

This is the only time app-verify-creditagricole-jrzvtju113p.dyndns.dk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Credit Agricole (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 2	217.160.0.216 217.160.0.216	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
1 1	52.11.26.109 52.11.26.109	16509 (AMAZON-02) (AMAZON-02)
2 3	85.215.109.115 85.215.109.115	6724 (STRATO ST...) (STRATO STRATO AG)
1	2

2 217.160.0.216 (Germany) 2 redirects

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: 217-160-0-216.elastic-ssl.ui-r.com

anfiide.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pastebien.anfiide.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.11.26.109 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-11-26-109.us-west-2.compute.amazonaws.com

t12mzi51s4.execute-api.us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 85.215.109.115 (Berlin, Germany) 2 redirects

ASN6724 (STRATO STRATO AG, DE)

app-verify-creditagricole-jrzvtju113p.dyndns.dk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	dyndns.dk 2 redirects app-verify-creditagricole-jrzvtju113p.dyndns.dk	3 MB
2	anfiide.net 2 redirects anfiide.net pastebien.anfiide.net	672 B
1	amazonaws.com 1 redirects t12mzi51s4.execute-api.us-west-2.amazonaws.com	239 B
1	3

	Domain	Requested by
3	app-verify-creditagricole-jrzvtju113p.dyndns.dk	2 redirects
1	t12mzi51s4.execute-api.us-west-2.amazonaws.com	1 redirects
1	pastebien.anfiide.net	1 redirects
1	anfiide.net	1 redirects
1	4

This site contains no links.

Subject Issuer	Validity	Valid
app-verify-creditagricole-jrzvtju113p.dyndns.dk R3	`2023-10-06` - `2024-01-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth/region.php
Frame ID: 00918B88D4871B951FD546CA4C5BBD63
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Accès CR - Crédit Agricole

Page URL History Show full URLs

http://anfiide.net/ HTTP 302
http://pastebien.anfiide.net/ HTTP 302
https://t12mzi51s4.execute-api.us-west-2.amazonaws.com/track?curr_track_type=link_click&link_id=YZ56UI1&temp_id=IjMxNDM2MCI_3D&emai... HTTP 301
https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth HTTP 301
https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth/ HTTP 302
https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth/region.php Page URL

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

2
IPs

2
Countries

2915 kB
Transfer

4773 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://anfiide.net/ HTTP 302
http://pastebien.anfiide.net/ HTTP 302
https://t12mzi51s4.execute-api.us-west-2.amazonaws.com/track?curr_track_type=link_click&link_id=YZ56UI1&temp_id=IjMxNDM2MCI_3D&email_id=mailget_email_id_replace&s_id=mailget_s_id_replace&server=replace_smtp_server&type=replace_drip_type HTTP 301
https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth HTTP 301
https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth/ HTTP 302
https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth/region.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
13 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request region.php Show response app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth/ Redirect Chain http://anfiide.net/ http://pastebien.anfiide.net/ https://t12mzi51s4.execute-api.us-west-2.amazonaws.com/track?curr_track_type=link_click&link_id=YZ56UI1&temp_id=IjMxNDM2MCI_3D&email_id=mailget_email_id_replace&s_id=mailget_s_id_replace&server=rep... https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth/ https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth/region.php	4 MB 3 MB	849ms 849ms	Document text/html	85.215.109.115 STRATO STRATO AG
General Check archive.org Show headers Download Go to Full URL https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth/region.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.215.109.115 Berlin, Germany, ASN6724 (STRATO STRATO AG, DE), Reverse DNS Software nginx / PHP/8.0.30 PleskLin Resource Hash `51c0c375bf0283cfd97678864030f9c8a564b756cc4c6b640782f3ded7479aba` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers content-encoding gzip content-type text/html; charset=UTF-8 date Sat, 07 Oct 2023 02:13:57 GMT server nginx vary Accept-Encoding x-powered-by PHP/8.0.30 PleskLin Redirect headers content-length 5 content-type text/html; charset=UTF-8 date Sat, 07 Oct 2023 02:13:57 GMT location region.php#VdtJkjVm1ghMjAZdXLaLNeEuEptsg6eUIGxJrQxVI6P9WouUajvU2WEqJC3KZGZwG15OLFja6WSPvXO6wYtwXKIyzO&token=DTwov5oSE77TjBdIaLjd7nQgh8NzOaYNT96NkCpiQSlh7JDl2pfZyKNKIDtch7xJ6RC4WAbvIAG server nginx x-powered-by PHP/8.0.30 PleskLin
GET DATA	200 OK	truncated /	22 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5c44321c0ba44a1fa665ba4c928fbebd869a3082c458bd2d20a0d07a4e5fcc24` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5db63f3ba53740ed463cc68dbf63e1412944ed6f647aaab85c7507abfaacf6f1` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4976f0796d8f82ad9766b9ef9e270e5e082ee57a79f6fbb121e9f3279e4cb4dd` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8c40de2f4f4739d1fe369662082fa9f14338c79f8f8e68d1d7fbc38bc97c6797` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	16 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4a3b0d2a941677f6fb37a438d20deacc3cea1d6fdc728f72cf3d7ca099cc0ca9` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	581 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `17ec4a572a7e747f47a755bf0f22b0a8150d0ece6ac760cd46b4826d13cf6256` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated Show response /	87 KB 0		Script application/javascript
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type application/javascript;charset=utf-8
GET DATA	200 OK	truncated /	238 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c4966ab5e78e2270952b89576c4a0a386e8a7ea673c56f0f396d620abf4f81b8` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	183 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `829ad3ed0c2f892e7df84989078dd4246fc0a5f1a179439e6314462465dbb2f6` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	37 KB 37 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e` Request headers Referer Origin https://app-verify-creditagricole-jrzvtju113p.dyndns.dk accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	88 KB 88 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `76506e128f2b47b7179f5037bd885a1674455ffeb6b5093cdb4c7eefbf436ce8` Request headers Referer Origin https://app-verify-creditagricole-jrzvtju113p.dyndns.dk accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	75 KB 75 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe` Request headers Referer Origin https://app-verify-creditagricole-jrzvtju113p.dyndns.dk accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated Show response /	23 KB 0		Script application/javascript
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type application/javascript;charset=utf-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Credit Agricole (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| savepage_ShadowLoader function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

anfiide.net
app-verify-creditagricole-jrzvtju113p.dyndns.dk
pastebien.anfiide.net
t12mzi51s4.execute-api.us-west-2.amazonaws.com
217.160.0.216
52.11.26.109
85.215.109.115
17ec4a572a7e747f47a755bf0f22b0a8150d0ece6ac760cd46b4826d13cf6256
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
4976f0796d8f82ad9766b9ef9e270e5e082ee57a79f6fbb121e9f3279e4cb4dd
4a3b0d2a941677f6fb37a438d20deacc3cea1d6fdc728f72cf3d7ca099cc0ca9
51c0c375bf0283cfd97678864030f9c8a564b756cc4c6b640782f3ded7479aba
5c44321c0ba44a1fa665ba4c928fbebd869a3082c458bd2d20a0d07a4e5fcc24
5db63f3ba53740ed463cc68dbf63e1412944ed6f647aaab85c7507abfaacf6f1
76506e128f2b47b7179f5037bd885a1674455ffeb6b5093cdb4c7eefbf436ce8
829ad3ed0c2f892e7df84989078dd4246fc0a5f1a179439e6314462465dbb2f6
8c40de2f4f4739d1fe369662082fa9f14338c79f8f8e68d1d7fbc38bc97c6797
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
c4966ab5e78e2270952b89576c4a0a386e8a7ea673c56f0f396d620abf4f81b8
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

app-verify-creditagricole-jrzvtju113p.dyndns.dk Open in urlscan Pro 85.215.109.115 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

1 Requests

100 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

2 IPs

2 Countries

2915 kBTransfer

4773 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

app-verify-creditagricole-jrzvtju113p.dyndns.dk Open in urlscan Pro
85.215.109.115 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

2
IPs

2
Countries

2915 kB
Transfer

4773 kB
Size

0
Cookies

1 HTTP transactions
13 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!