todentaminen-postin.xyz
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Public Scan
Effective URL: https://todentaminen-postin.xyz/posti.php
Submission: On July 06 via automatic, source certstream-suspicious — Scanned from NL
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 6th 2022. Valid for: a year.
This is the only time todentaminen-postin.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: FI Government (Government) S-Pankki (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 162.0.235.150 162.0.235.150 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
18 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 52.222.214.14 52.222.214.14 | 16509 (AMAZON-02) (AMAZON-02) | |
20 | 2 |
ASN22612 (NAMECHEAP-NET, US)
PTR: premium152-1.web-hosting.com
linkb.cc |
ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-14.fra56.r.cloudfront.net
todentaminen.posti.fi |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
todentaminen-postin.xyz
todentaminen-postin.xyz |
96 KB |
2 |
posti.fi
todentaminen.posti.fi |
5 KB |
1 |
linkb.cc
1 redirects
linkb.cc |
426 B |
1 |
paketti-vastaanotto.shop
1 redirects
paketti-vastaanotto.shop |
552 B |
20 | 4 |
Domain | Requested by | |
---|---|---|
18 | todentaminen-postin.xyz |
todentaminen-postin.xyz
|
2 | todentaminen.posti.fi |
todentaminen-postin.xyz
|
1 | linkb.cc | 1 redirects |
1 | paketti-vastaanotto.shop | 1 redirects |
20 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.posti.fi |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-07-06 - 2023-07-05 |
a year | crt.sh |
prd.auth.posticloud.fi Amazon |
2022-03-31 - 2023-04-29 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://todentaminen-postin.xyz/posti.php
Frame ID: BD90CFC9269BD5DD42DDDD2A6AEA595E
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
PostiPage URL History Show full URLs
-
https://paketti-vastaanotto.shop/
HTTP 301
https://linkb.cc/jgrMH HTTP 301
https://todentaminen-postin.xyz/posti.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Ehdot
Search URL Search Domain Scan URL
Title: Tietosuoja
Search URL Search Domain Scan URL
Title: Tuki
Search URL Search Domain Scan URL
Title: Ehdot
Search URL Search Domain Scan URL
Title: Tietosuoja
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://paketti-vastaanotto.shop/
HTTP 301
https://linkb.cc/jgrMH HTTP 301
https://todentaminen-postin.xyz/posti.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
posti.php
todentaminen-postin.xyz/ Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
todentaminen-postin.xyz/assets/bootstrap/css/ |
160 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
todentaminen-postin.xyz/assets/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
view.js
todentaminen-postin.xyz/assets/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
todentaminen-postin.xyz/assets/ |
1 KB 934 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xhr.js
todentaminen-postin.xyz/assets/ |
609 B 890 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
posti_common.js
todentaminen-postin.xyz/assets/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
todentaminen-postin.xyz/assets/bootstrap/js/ |
58 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo
todentaminen.posti.fi/uas/template/postifi/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default_page_icon
todentaminen.posti.fi/uas/template/postifi/resource/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
saastro.svg
todentaminen-postin.xyz/assets/ |
16 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
opfi.png
todentaminen-postin.xyz/assets/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
danske.png
todentaminen-postin.xyz/assets/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
nordea.png
todentaminen-postin.xyz/assets/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pop.svg
todentaminen-postin.xyz/assets/ |
15 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
s-bank-fi.svg
todentaminen-postin.xyz/assets/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
aktia.png
todentaminen-postin.xyz/assets/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
posti_background
todentaminen-postin.xyz/uas/template/posti/resource/ |
285 B 285 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
montserrat-latin.woff2
todentaminen-postin.xyz/uas/template/posti/resource/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
online
todentaminen-postin.xyz/user/ |
285 B 736 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: FI Government (Government) S-Pankki (Banking)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| View function| OnWindowLoad function| AutoFocus function| OnSubmitClick function| DisableSubmit function| disableEnterKeyAndFocus function| addEventHandler function| getFirstNodeValue number| uidEvent object| bootstrap4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
linkb.cc/ | Name: PHPSESSID Value: afhn42rmulcd9rrvjha3dgemur |
|
linkb.cc/ | Name: short_1310 Value: 1 |
|
todentaminen.posti.fi/ | Name: AWSALB Value: EGlLxg2LLZaXqOwGUz/ON7pX2jZJEG3QyxG/4yZRsqzd4OYnlHHy4o/gcB2ZdozZH+dn/EqqA9g3fO5IRJH2Q8KtY7pCgS08Fd2VRgqmY6xyn5nHBGRYpIZV1Qs9 |
|
todentaminen.posti.fi/ | Name: AWSALBCORS Value: EGlLxg2LLZaXqOwGUz/ON7pX2jZJEG3QyxG/4yZRsqzd4OYnlHHy4o/gcB2ZdozZH+dn/EqqA9g3fO5IRJH2Q8KtY7pCgS08Fd2VRgqmY6xyn5nHBGRYpIZV1Qs9 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
linkb.cc
paketti-vastaanotto.shop
todentaminen-postin.xyz
todentaminen.posti.fi
162.0.235.150
2a06:98c1:3120::3
2a06:98c1:3121::3
52.222.214.14
04cae54abc8a20bf2472dce96b907e3ae644e93be8a1b64526366a7ca4ee1935
10eb059e03c15afc454d93c485ffa40a28b7e51ce3d50d5cd96dba14141411d2
1cd94c4882c5a1d5595ccf51b960957d4a0986edc0d11acf9c7e6fa0f7c587ac
2ad3016e00a223ccc762ac24e5bd7e5ce59a06367e905c4d9ddc38394b41e515
2d34defd9d666208dbf43eb4c26c857c44fae6c94e74f80a33e3cded82a9736b
354a91860edacf6efa78dddebbbb52f3c1ffb918bf00de225af359040aedb181
62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab
70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce
7134918e8cbec0d57679fab0a87ea10a1679a7314d244edbe5632f7fdad1ae34
80fba8e31c8c429aea8045a3f0d14fc2cd4aa31cb4b3c77cedd78cbb9a28bf0c
963b56b456a2894648d641ac2123fe07a7d391b44b8bd978148fe48c7b9df277
9a2a4e18e1c004e3e0c23a1b55ef6c1f08e63ca664eb7e0d41afa4c2991ccb2a
b930ee05cd1f71d674780884e9f5f5452b09fb1f4ee9b72be0ea572abc803c61
bb4bc0e2888635579d67ef5d4ce71fd440c0e381854b2d0c8d63c5691d137128
bba5a6187feba2accccb2b87e9165bae488e1f16c03334d011b25d2e65e3d5bf
cf706fa69112a1da62242b2fa0eaf430d39d94fb668820b57e5371a4dd4b7419
d47958fd26ce03af9e7c0dfb4dc15c713041a9aa50f8ed91d59a8bdb4d8254cf
f549b7f82c657c6667a9307218885710788ce71d4349b6a8b74abd8eb19be6ae