app-verify-creditagricole-jrzvtju113p.dyndns.dk
Open in
urlscan Pro
85.215.109.115
Malicious Activity!
Public Scan
Effective URL: https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth/region.php
Submission Tags: @ecarlesi threat #phishing #creditagricole Search All
Submission: On October 07 via api from AU — Scanned from AU
Summary
TLS certificate: Issued by R3 on October 6th 2023. Valid for: 3 months.
This is the only time app-verify-creditagricole-jrzvtju113p.dyndns.dk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Credit Agricole (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 217.160.0.216 217.160.0.216 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
1 1 | 52.11.26.109 52.11.26.109 | 16509 (AMAZON-02) (AMAZON-02) | |
2 3 | 85.215.109.115 85.215.109.115 | 6724 (STRATO ST...) (STRATO STRATO AG) | |
1 | 2 |
ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: 217-160-0-216.elastic-ssl.ui-r.com
anfiide.net | |
pastebien.anfiide.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-11-26-109.us-west-2.compute.amazonaws.com
t12mzi51s4.execute-api.us-west-2.amazonaws.com |
ASN6724 (STRATO STRATO AG, DE)
app-verify-creditagricole-jrzvtju113p.dyndns.dk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
dyndns.dk
2 redirects
app-verify-creditagricole-jrzvtju113p.dyndns.dk |
3 MB |
2 |
anfiide.net
2 redirects
anfiide.net pastebien.anfiide.net |
672 B |
1 |
amazonaws.com
1 redirects
t12mzi51s4.execute-api.us-west-2.amazonaws.com |
239 B |
1 | 3 |
Domain | Requested by | |
---|---|---|
3 | app-verify-creditagricole-jrzvtju113p.dyndns.dk | 2 redirects |
1 | t12mzi51s4.execute-api.us-west-2.amazonaws.com | 1 redirects |
1 | pastebien.anfiide.net | 1 redirects |
1 | anfiide.net | 1 redirects |
1 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
app-verify-creditagricole-jrzvtju113p.dyndns.dk R3 |
2023-10-06 - 2024-01-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth/region.php
Frame ID: 00918B88D4871B951FD546CA4C5BBD63
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
Accès CR - Crédit AgricolePage URL History Show full URLs
-
http://anfiide.net/
HTTP 302
http://pastebien.anfiide.net/ HTTP 302
https://t12mzi51s4.execute-api.us-west-2.amazonaws.com/track?curr_track_type=link_click&link_id=YZ56UI1&temp_id=IjMxNDM2MCI_3D&emai... HTTP 301
https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth HTTP 301
https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth/ HTTP 302
https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth/region.php Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://anfiide.net/
HTTP 302
http://pastebien.anfiide.net/ HTTP 302
https://t12mzi51s4.execute-api.us-west-2.amazonaws.com/track?curr_track_type=link_click&link_id=YZ56UI1&temp_id=IjMxNDM2MCI_3D&email_id=mailget_email_id_replace&s_id=mailget_s_id_replace&server=replace_smtp_server&type=replace_drip_type HTTP 301
https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth HTTP 301
https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth/ HTTP 302
https://app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth/region.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
1 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
region.php
app-verify-creditagricole-jrzvtju113p.dyndns.dk/agribyapp/auth/ Redirect Chain
|
4 MB 3 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
22 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
16 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
581 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
87 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
238 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
183 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
37 KB 37 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
88 KB 88 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
75 KB 75 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
23 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Credit Agricole (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| savepage_ShadowLoader function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
anfiide.net
app-verify-creditagricole-jrzvtju113p.dyndns.dk
pastebien.anfiide.net
t12mzi51s4.execute-api.us-west-2.amazonaws.com
217.160.0.216
52.11.26.109
85.215.109.115
17ec4a572a7e747f47a755bf0f22b0a8150d0ece6ac760cd46b4826d13cf6256
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
4976f0796d8f82ad9766b9ef9e270e5e082ee57a79f6fbb121e9f3279e4cb4dd
4a3b0d2a941677f6fb37a438d20deacc3cea1d6fdc728f72cf3d7ca099cc0ca9
51c0c375bf0283cfd97678864030f9c8a564b756cc4c6b640782f3ded7479aba
5c44321c0ba44a1fa665ba4c928fbebd869a3082c458bd2d20a0d07a4e5fcc24
5db63f3ba53740ed463cc68dbf63e1412944ed6f647aaab85c7507abfaacf6f1
76506e128f2b47b7179f5037bd885a1674455ffeb6b5093cdb4c7eefbf436ce8
829ad3ed0c2f892e7df84989078dd4246fc0a5f1a179439e6314462465dbb2f6
8c40de2f4f4739d1fe369662082fa9f14338c79f8f8e68d1d7fbc38bc97c6797
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
c4966ab5e78e2270952b89576c4a0a386e8a7ea673c56f0f396d620abf4f81b8
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d