postgroup-lu.com
Open in
urlscan Pro
164.68.115.95
Malicious Activity!
Public Scan
Effective URL: https://postgroup-lu.com/facture/LuFrais/LUX1.php
Submission: On September 20 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R3 on June 27th 2023. Valid for: 3 months.
This is the only time postgroup-lu.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Post Luxembourg (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 26 | 164.68.115.95 164.68.115.95 | 51167 (CONTABO) (CONTABO) | |
1 | 104.18.192.52 104.18.192.52 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
25 | 3 |
ASN51167 (CONTABO, DE)
PTR: wrld.alojatudo.online
postgroup-lu.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
26 |
postgroup-lu.com
4 redirects
postgroup-lu.com |
429 KB |
1 |
myfonts.net
hello.myfonts.net — Cisco Umbrella Rank: 15583 |
352 B |
0 |
post.lu
Failed
cdn.post.lu Failed |
|
25 | 3 |
Domain | Requested by | |
---|---|---|
26 | postgroup-lu.com |
4 redirects
postgroup-lu.com
|
1 | hello.myfonts.net |
postgroup-lu.com
|
0 | cdn.post.lu Failed |
postgroup-lu.com
|
25 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
postgroup-lu.com R3 |
2023-06-27 - 2023-09-25 |
3 months | crt.sh |
*.myfonts.net DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-08-29 - 2024-09-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://postgroup-lu.com/facture/LuFrais/LUX1.php
Frame ID: 81CE6E0EBA34E5B317ABC88C5B520A84
Requests: 25 HTTP requests in this frame
Screenshot
Page Title
Track and Trace: Le suivi des envois, colis et recommandés - POSTTrack and TraceSearch EngineBack ButtonSearch IconFilter IconPage URL History Show full URLs
-
http://postgroup-lu.com/facture
HTTP 301
https://postgroup-lu.com/facture HTTP 301
https://postgroup-lu.com/facture/ HTTP 302
https://postgroup-lu.com/facture/LuFrais/ HTTP 302
https://postgroup-lu.com/facture/LuFrais/LUX1.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://postgroup-lu.com/facture
HTTP 301
https://postgroup-lu.com/facture HTTP 301
https://postgroup-lu.com/facture/ HTTP 302
https://postgroup-lu.com/facture/LuFrais/ HTTP 302
https://postgroup-lu.com/facture/LuFrais/LUX1.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
LUX1.php
postgroup-lu.com/facture/LuFrais/ Redirect Chain
|
240 KB 31 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
postgroup-lu.com/facture/LuFrais/asx/ |
49 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clay.css
postgroup-lu.com/facture/LuFrais/asx/ |
559 KB 59 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main(1).css
postgroup-lu.com/facture/LuFrais/asx/ |
79 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main(2).css
postgroup-lu.com/facture/LuFrais/asx/ |
82 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom_post.css
postgroup-lu.com/facture/LuFrais/asx/ |
327 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fix_portal.css
postgroup-lu.com/facture/LuFrais/asx/ |
3 KB 838 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
onetrust.css
postgroup-lu.com/facture/LuFrais/asx/ |
23 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-post.svg
postgroup-lu.com/facture/LuFrais/asx/ |
9 KB 10 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.ac9f89177784e2371ba7.css
postgroup-lu.com/facture/LuFrais/asx/ |
1 KB 530 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
package.png
postgroup-lu.com/facture/LuFrais/asx/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-post-circle.png
postgroup-lu.com/facture/LuFrais/asx/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.a77d7d7e77b32ba817c1.css
postgroup-lu.com/facture/LuFrais/asx/ |
255 B 260 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-post(1).svg
postgroup-lu.com/facture/LuFrais/asx/ |
9 KB 10 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
agregation_compte_moteur_recherche.jpg
postgroup-lu.com/facture/LuFrais/asx/ |
35 KB 35 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
packup_img.jpg
postgroup-lu.com/facture/LuFrais/asx/ |
14 KB 14 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bamboo.jpg
postgroup-lu.com/facture/LuFrais/asx/ |
49 KB 49 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
facture_client.jpg
postgroup-lu.com/facture/LuFrais/asx/ |
22 KB 23 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aui_deprecated.css
postgroup-lu.com/facture/LuFrais/asx/portal/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3d702d
hello.myfonts.net/count/ |
0 352 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
package.png
postgroup-lu.com/facture/LuFrais/asx/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font.woff2
postgroup-lu.com/facture/LuFrais/asx/ |
26 KB 26 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icomoon.ttf
postgroup-lu.com/facture/LuFrais/asx/ |
86 KB 86 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
font.woff2
cdn.post.lu/newpostlu/babel-theme/fonts/museo/MuseoSansRounded300/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
font.woff
cdn.post.lu/newpostlu/babel-theme/fonts/museo/MuseoSansRounded300/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cdn.post.lu
- URL
- https://cdn.post.lu/newpostlu/babel-theme/fonts/museo/MuseoSansRounded300/font.woff2
- Domain
- cdn.post.lu
- URL
- https://cdn.post.lu/newpostlu/babel-theme/fonts/museo/MuseoSansRounded300/font.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Post Luxembourg (Transportation)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.myfonts.net/ | Name: __cf_bm Value: VTYfohBMi8jy.Xo2uxMfwd1GfPLIHyxC0DtkgXolnRg-1695179872-0-AYC82StaHz5icc5nA6ZXEFuQ6FbdDPUEpUWvRO7UTN3SIMkr9zdDTp45IWrEx0qp9oUl8ryEgCte9DPaEMzg/3k= |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.post.lu
hello.myfonts.net
postgroup-lu.com
cdn.post.lu
104.18.192.52
164.68.115.95
04526caad48ebb27b8dd9bad6be02ae8c92cd19ccd00bdbc3697972e6f4553a1
1941d69eb1c8e8277dd0d85545281506041aa524ae55577a364017c780d0df9f
1d0ce22c09af9702c61733a7fe8b6e91b3126d968df8dfb7923ccb697fa215ac
25a985b09e65643f16e8f1647b63894af8bee9f0de0dce595f7efe0ba9e61474
33f7ba54e91e5047a99b33bfa13829b80bf60621f13b37a903ab7ecfd97e3c0f
41cf1c32876ab908fd4460abaaab8657f444c4d3e32c53ddbcff54dfac83ff9d
426d75e12884778fdeed19f879ffe83f6d916bcec034e31fc441149791318518
515a3a00a375dab334e6c8c9c26beffd3b81ceac2f4451bfd9183321cb789e13
53dd9472c339b9339490fbd27130189810390f1bf55b57f6aee08263e66a8159
59d18565c29f8c4c26ff1b862f5d0b9b69b74089b39efdab0ab88146ec57aecc
6efbf42b8df2e7d656c9f38b1951be1ec0b29e96cde928235fab2eb0f85bd903
828f39ee521b49bd545f3e7caa66abb7f4a6639c26a3e8598b938d956487ca3e
b1309e6083d9ca05b3817f7d2e2e6f81fdb8449a6c5bef26acba31e3e58af02e
bc379cec5907e4de7326f5e1674de814b4a49de9bcd0d280345a63b3f1302012
bde904d5655730923c9f2e695d23e31ef49b14a3076bfa57445b633d62dfb899
c54f4fe18dbc658d293686cc5c32d477c929c1dfc058c383579b847982c0dfe9
d33ae1cc6cced5a19f7e11f432b59aad8cf8da0cfe7455e52f154b21c2f61338
d705e7b8df406db8a9c85bd139805f9c229810f3326b18089567a731fa0c7005
d8438feb7fb87f27e3f7356aa480223779610764372e434b99e67a8b0976bd5b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855