poste-it-bc7f98.ingress-florina.ewp.live Open in urlscan Pro
63.250.43.137 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://darjakazimiradka1.blogspot.com/
Effective URL:
https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/fcc-authentication....
Submission: On October 01 via manual (October 1st 2022, 11:57:57 pm UTC) from IT — Scanned from IT

Summary HTTP 11 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 11 HTTP transactions. The main IP is 63.250.43.137, located in United States and belongs to NAMECHEAP-NET, US. The main domain is poste-it-bc7f98.ingress-florina.ewp.live.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 24th 2022. Valid for: a year.

This is the only time poste-it-bc7f98.ingress-florina.ewp.live was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Poste Italiane (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
3 13	63.250.43.137 63.250.43.137	22612 (NAMECHEAP...) (NAMECHEAP-NET)
11	3

1 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

darjakazimiradka1.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 63.250.43.137 (United States) 3 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: ingress-florina.easywp.com

poste-it-bc7f98.ingress-florina.ewp.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	ewp.live 3 redirects poste-it-bc7f98.ingress-florina.ewp.live	453 KB
1	blogspot.com darjakazimiradka1.blogspot.com	15 KB
11	2

	Domain	Requested by
13	poste-it-bc7f98.ingress-florina.ewp.live	3 redirects darjakazimiradka1.blogspot.com poste-it-bc7f98.ingress-florina.ewp.live
1	darjakazimiradka1.blogspot.com
11	2

This site contains links to these domains. Also see Links.

Domain
www.poste.it
posteid.poste.it

Subject Issuer	Validity	Valid
misc-sni.blogspot.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.ingress-florina.ewp.live Sectigo RSA Domain Validation Secure Server CA	`2022-05-24` - `2023-05-24`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/fcc-authentication.php?it=KsfHqcrItc5EVEfg3kfzKTBXifkR6iClFzebiHafK1T152ZSQ2Kyy84pZE129Q4vMt2y6ljUUWjIdWJwV7tbPN7n0xc43O7YGKS2mZjOBELh9l
Frame ID: 13242C81230F300AB8F5ADF447E834C4
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Accedi o Registrati

Page URL History Show full URLs

https://darjakazimiradka1.blogspot.com/ Page URL
https://poste-it-bc7f98.ingress-florina.ewp.live/J0T8366CG6X3DKA1/ HTTP 302
https://poste-it-bc7f98.ingress-florina.ewp.live/indexx.php HTTP 302
https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56 HTTP 301
http://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/ HTTP 307
https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/ Page URL
https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza... Page URL
https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

11
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

562 kB
Transfer

1372 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.poste.it/index.html

Search URL Search Domain Scan URL

URL: https://posteid.poste.it/identificazione/identificazione.shtml
Title: Scopri di più

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://darjakazimiradka1.blogspot.com/ Page URL
https://poste-it-bc7f98.ingress-florina.ewp.live/J0T8366CG6X3DKA1/ HTTP 302
https://poste-it-bc7f98.ingress-florina.ewp.live/indexx.php HTTP 302
https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56 HTTP 301
http://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/ HTTP 307
https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/ Page URL
https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/authentication.php?it=08420a5adea79d208ae959ebdebd0e38 Page URL
https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/fcc-authentication.php?it=KsfHqcrItc5EVEfg3kfzKTBXifkR6iClFzebiHafK1T152ZSQ2Kyy84pZE129Q4vMt2y6ljUUWjIdWJwV7tbPN7n0xc43O7YGKS2mZjOBELh9l Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://poste-it-bc7f98.ingress-florina.ewp.live/J0T8366CG6X3DKA1/ HTTP 302
https://poste-it-bc7f98.ingress-florina.ewp.live/indexx.php HTTP 302
https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56 HTTP 301
http://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/ HTTP 307
https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/

11 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 /
darjakazimiradka1.blogspot.com/ 70 KB
15 KB 412ms
285ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://darjakazimiradka1.blogspot.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 15029
content-type: text/html; charset=UTF-8
date: Sat, 01 Oct 2022 23:57:50 GMT
etag: W/"ebd41a694319637e22348f506e41afb6b137f05bb0f28beb7f5bdf0368a74c50"
expires: Sat, 01 Oct 2022 23:57:50 GMT
last-modified: Sat, 01 Oct 2022 22:02:09 GMT
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2

200

/
poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/
Redirect Chain

https://poste-it-bc7f98.ingress-florina.ewp.live/J0T8366CG6X3DKA1/
https://poste-it-bc7f98.ingress-florina.ewp.live/indexx.php
https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56
http://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/
https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/

121 B
550 B

270ms
270ms

Document
text/html

63.250.43.137
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/

Requested by

Host: darjakazimiradka1.blogspot.com
URL: https://darjakazimiradka1.blogspot.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.137 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-florina.easywp.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://darjakazimiradka1.blogspot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

accept-ranges: bytes
age: 0
cache-control: no-store, no-cache, must-revalidate, public
content-encoding: gzip
content-length: 137
content-type: text/html; charset=UTF-8
date: Sat, 01 Oct 2022 23:57:52 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-cache: MISS
x-cacheable: YES
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/
Non-Authoritative-Reason: HSTS

GET
H2 200 authentication.php Show response
poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/ 2 KB
1 KB 263ms
262ms Document
text/html 63.250.43.137
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/authentication.php?it=08420a5adea79d208ae959ebdebd0e38

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.137 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-florina.easywp.com

Software

nginx /

Resource Hash

6877b847e9af0f9257745537b8cc1b4a119e09cff61c9baf593fee4eb37c4845

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

accept-ranges: bytes
age: 0
cache-control: no-store, no-cache, must-revalidate, public
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 01 Oct 2022 23:57:52 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-cache: MISS
x-cacheable: YES
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 404 scamti.css
poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/loading_files/ 0
0 185ms
184ms Stylesheet
text/html 63.250.43.137
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/loading_files/scamti.css

Requested by

Host: poste-it-bc7f98.ingress-florina.ewp.live
URL: https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/authentication.php?it=08420a5adea79d208ae959ebdebd0e38

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.137 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-florina.easywp.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/authentication.php?it=08420a5adea79d208ae959ebdebd0e38
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 23:57:53 GMT
content-encoding: gzip
strict-transport-security: max-age=15768000
server: nginx
age: 0
vary: Accept-Encoding
x-cache: MISS
content-type: text/html

GET
H2 404 MOBILE.css
poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/loading_files/ 0
0 186ms
186ms Stylesheet
text/html 63.250.43.137
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/loading_files/MOBILE.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.137 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-florina.easywp.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/authentication.php?it=08420a5adea79d208ae959ebdebd0e38
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 23:57:53 GMT
content-encoding: gzip
strict-transport-security: max-age=15768000
server: nginx
age: 0
vary: Accept-Encoding
x-cache: MISS
content-type: text/html
content-length: 167

GET
H2 200 logo-poste-italiane-blocco-giallo@2x.png
poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/IMG/ 15 KB
15 KB 550ms
549ms Image
image/png 63.250.43.137
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/IMG/logo-poste-italiane-blocco-giallo@2x.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.137 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-florina.easywp.com

Software

nginx /

Resource Hash

2ff24ce698a6d66e532f8930d1772bcf83c308c2ebfc1c24c6d8a833940144ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/authentication.php?it=08420a5adea79d208ae959ebdebd0e38
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 23:57:53 GMT
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-cacheable: YES
age: 0
x-cache: MISS
content-length: 15130
x-xss-protection: 1; mode=block
last-modified: Sat, 01 Oct 2022 23:57:52 GMT
server: nginx
etag: "6338d400-3b1a"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
content-type: image/png
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 spinner_giallo.gif
poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/IMG/ 33 KB
34 KB 341ms
340ms Image
image/gif 63.250.43.137
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/IMG/spinner_giallo.gif

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.137 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-florina.easywp.com

Software

nginx /

Resource Hash

ea638c8244c7a5cc50e617807b1fc35637430f976e8210ef3d560a5eb059e5f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/authentication.php?it=08420a5adea79d208ae959ebdebd0e38
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 23:57:53 GMT
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-cacheable: YES
age: 0
x-cache: MISS
content-length: 33869
x-xss-protection: 1; mode=block
last-modified: Sat, 01 Oct 2022 23:57:52 GMT
server: nginx
etag: "6338d400-844d"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
content-type: image/gif
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Primary Request fcc-authentication.php Show response
poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/ 980 KB
362 KB 270ms
270ms Document
text/html 63.250.43.137
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/fcc-authentication.php?it=KsfHqcrItc5EVEfg3kfzKTBXifkR6iClFzebiHafK1T152ZSQ2Kyy84pZE129Q4vMt2y6ljUUWjIdWJwV7tbPN7n0xc43O7YGKS2mZjOBELh9l

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.137 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-florina.easywp.com

Software

nginx /

Resource Hash

21113027f5c398d66b4b6181835a9cb94fe388d6f0148f013e4f49d233e355eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/authentication.php?it=08420a5adea79d208ae959ebdebd0e38
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

accept-ranges: bytes
age: 0
cache-control: no-store, no-cache, must-revalidate, public
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 01 Oct 2022 23:57:55 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-cache: MISS
x-cacheable: YES
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 6 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4b76e5a6a06f430c4c3c7a801632cf646f4fac8bbe919ff14938396abb08ae0f

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 33 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ea638c8244c7a5cc50e617807b1fc35637430f976e8210ef3d560a5eb059e5f5

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 logo-poste-italiane-medium@2x.png
poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/IMG/ 8 KB
9 KB 184ms
184ms Image
image/png 63.250.43.137
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/IMG/logo-poste-italiane-medium@2x.png

Requested by

Host: poste-it-bc7f98.ingress-florina.ewp.live
URL: https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/fcc-authentication.php?it=KsfHqcrItc5EVEfg3kfzKTBXifkR6iClFzebiHafK1T152ZSQ2Kyy84pZE129Q4vMt2y6ljUUWjIdWJwV7tbPN7n0xc43O7YGKS2mZjOBELh9l

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.137 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-florina.easywp.com

Software

nginx /

Resource Hash

0350d55856fae67acbb6f73bf73230cb7578ad5c24c1b54fc8833421137da168

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/fcc-authentication.php?it=KsfHqcrItc5EVEfg3kfzKTBXifkR6iClFzebiHafK1T152ZSQ2Kyy84pZE129Q4vMt2y6ljUUWjIdWJwV7tbPN7n0xc43O7YGKS2mZjOBELh9l
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 23:57:55 GMT
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-cacheable: YES
age: 0
x-cache: MISS
content-length: 8393
x-xss-protection: 1; mode=block
last-modified: Sat, 01 Oct 2022 23:57:52 GMT
server: nginx
etag: "6338d400-20c9"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
content-type: image/png
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d26cdfa4e4c99bcd4d99047beff09a62f8e0c955654b7a4968acf1ebdc293cb8

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 29 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bdf5e8e560271728707e75e2219c35c1f3323d1f37e8f44f51913e5f3dbeeb64

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 64a42f338dfeb8a8d96426afc134df194afce1dcf0fb9771e02905b8e366103a

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 32 KB
32 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0fa4aee030662ed700dc5cb2e13e52b85fb1254a195d9ab0a1a10d79e645c8f8

Request headers

Referer
Origin: https://poste-it-bc7f98.ingress-florina.ewp.live
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
DATA 200
OK truncated
/ 32 KB
32 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4563e60af72ef8d0cc8b7c64716d81610d2f6595c7f76c8069b2015a89d623e2

Request headers

Referer
Origin: https://poste-it-bc7f98.ingress-florina.ewp.live
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
DATA 200
OK truncated
/ 32 KB
32 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 98a9f23066501d2b1676f72a2feb355caa114d4dffce7bae927083af92ccd6c9

Request headers

Referer
Origin: https://poste-it-bc7f98.ingress-florina.ewp.live
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
H2 200 JOJ.js Show response
poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/CLIENT.STATU/ 87 KB
31 KB 188ms
187ms Script
application/javascript 63.250.43.137
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/CLIENT.STATU/JOJ.js

Requested by

Host: poste-it-bc7f98.ingress-florina.ewp.live
URL: https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/fcc-authentication.php?it=KsfHqcrItc5EVEfg3kfzKTBXifkR6iClFzebiHafK1T152ZSQ2Kyy84pZE129Q4vMt2y6ljUUWjIdWJwV7tbPN7n0xc43O7YGKS2mZjOBELh9l

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.137 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-florina.easywp.com

Software

nginx /

Resource Hash

ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/fcc-authentication.php?it=KsfHqcrItc5EVEfg3kfzKTBXifkR6iClFzebiHafK1T152ZSQ2Kyy84pZE129Q4vMt2y6ljUUWjIdWJwV7tbPN7n0xc43O7YGKS2mZjOBELh9l
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 23:57:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
x-cacheable: YES
age: 0
x-cache: MISS
x-xss-protection: 1; mode=block
last-modified: Sat, 01 Oct 2022 23:57:52 GMT
server: nginx
etag: W/"6338d400-15d9d"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H2 200 CLIENT.php Show response
poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/CLIENT.STATU/ 0
330 B 772ms
772ms XHR
text/html 63.250.43.137
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/CLIENT.STATU/CLIENT.php

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.137 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-florina.easywp.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/fcc-authentication.php?it=KsfHqcrItc5EVEfg3kfzKTBXifkR6iClFzebiHafK1T152ZSQ2Kyy84pZE129Q4vMt2y6ljUUWjIdWJwV7tbPN7n0xc43O7YGKS2mZjOBELh9l
X-Requested-With: XMLHttpRequest
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 01 Oct 2022 23:57:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=15768000
age: 0
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
x-cache: MISS
cache-control: public
accept-ranges: bytes
content-length: 20
x-xss-protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Poste Italiane (Online)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/loading_files/scamti.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://poste-it-bc7f98.ingress-florina.ewp.live/italia.192.145.127.217-eed1f3079faf407054182bcb8ac4ba56/sistema.di.sicurezza/loading_files/MOBILE.css Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

darjakazimiradka1.blogspot.com
poste-it-bc7f98.ingress-florina.ewp.live
2a00:1450:4001:828::2001
63.250.43.137
0350d55856fae67acbb6f73bf73230cb7578ad5c24c1b54fc8833421137da168
0fa4aee030662ed700dc5cb2e13e52b85fb1254a195d9ab0a1a10d79e645c8f8
21113027f5c398d66b4b6181835a9cb94fe388d6f0148f013e4f49d233e355eb
2ff24ce698a6d66e532f8930d1772bcf83c308c2ebfc1c24c6d8a833940144ec
4563e60af72ef8d0cc8b7c64716d81610d2f6595c7f76c8069b2015a89d623e2
4b76e5a6a06f430c4c3c7a801632cf646f4fac8bbe919ff14938396abb08ae0f
64a42f338dfeb8a8d96426afc134df194afce1dcf0fb9771e02905b8e366103a
6877b847e9af0f9257745537b8cc1b4a119e09cff61c9baf593fee4eb37c4845
98a9f23066501d2b1676f72a2feb355caa114d4dffce7bae927083af92ccd6c9
bdf5e8e560271728707e75e2219c35c1f3323d1f37e8f44f51913e5f3dbeeb64
d26cdfa4e4c99bcd4d99047beff09a62f8e0c955654b7a4968acf1ebdc293cb8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea638c8244c7a5cc50e617807b1fc35637430f976e8210ef3d560a5eb059e5f5
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127

poste-it-bc7f98.ingress-florina.ewp.live Open in urlscan Pro 63.250.43.137 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

562 kBTransfer

1372 kBSize

0 Cookies

2 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

0 Cookies

2 Console Messages

Security Headers

Indicators

poste-it-bc7f98.ingress-florina.ewp.live Open in urlscan Pro
63.250.43.137 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

562 kB
Transfer

1372 kB
Size

0
Cookies

11 HTTP transactions
8 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!