139.99.165.34 Open in urlscan Pro
139.99.165.34 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/
Submission Tags: @ipnigh
Submission: On December 22 via api (December 22nd 2019, 12:04:05 am UTC) from GB

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 1 domains to perform 12 HTTP transactions. The main IP is 139.99.165.34, located in Sydney, Australia and belongs to OVH, FR. The main domain is 139.99.165.34.

This is the only time 139.99.165.34 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Poste Italiane (Online)

Domain & IP information

	IP Address	AS Autonomous System
11	139.99.165.34 139.99.165.34	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:814::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
12	2

11 139.99.165.34 (Sydney, Australia)

ASN16276 (OVH, FR)
PTR: ip34.ip-139-99-165.net

139.99.165.34	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	google-analytics.com www.google-analytics.com	102 B
12	1

	Domain	Requested by
1	www.google-analytics.com
12	1

This site contains no links.

Subject Issuer	Validity	Valid
*.google-analytics.com GTS CA 1O1	`2019-12-03` - `2020-02-25`	3 months	crt.sh

This page contains 2 frames:

Primary Page: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/
Frame ID: 56DD8181D73A33392B3904C93A941A27
Requests: 5 HTTP requests in this frame

Frame: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/login.php
Frame ID: 56A00EE06CD880AC73D1CEC7DC53FC54
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

12
Requests

8 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

2
IPs

2
Countries

153 kB
Transfer

246 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

http://www.google-analytics.com/__utm.gif?utmwv=5.3.8&utms=1&utmn=2067924110&utmhn=139.99.165.34&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Verificare%20l%27identit%C3%A0&utmhid=1236372049&utmr=-&utmp=%2F2f0d600b1a72b33b117a129c09fd7ec5%2F&utmac=UA-9575317-2&utmcc=__utma%3D1.2097437354.1576973027.1576973027.1576973027.1%3B%2B__utmz%3D1.1576973027.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmu=Hh~ HTTP 307
https://www.google-analytics.com/__utm.gif?utmwv=5.3.8&utms=1&utmn=2067924110&utmhn=139.99.165.34&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Verificare%20l%27identit%C3%A0&utmhid=1236372049&utmr=-&utmp=%2F2f0d600b1a72b33b117a129c09fd7ec5%2F&utmac=UA-9575317-2&utmcc=__utma%3D1.2097437354.1576973027.1576973027.1576973027.1%3B%2B__utmz%3D1.1576973027.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmu=Hh~

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/ 1 KB
782 B 1054ms
1040ms Document
text/html 139.99.165.34
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/
Protocol: HTTP/1.1
Server: 139.99.165.34 Sydney, Australia, ASN16276 (OVH, FR),
Reverse DNS: ip34.ip-139-99-165.net
Software: Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.29
Resource Hash: 8c49276bb5a2e476434328fc378a79fc1cdaf2f1bc7b3a38ea50ee7fd0a14a1c

Request headers

Host: 139.99.165.34
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 21 Dec 2019 23:59:58 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 509
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

GET
H/1.1 200
OK css.css
139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/etc/ 393 B
535 B 253ms
252ms Stylesheet
text/css 139.99.165.34
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/etc/css.css
Requested by: Host: 139.99.165.34
URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/
Protocol: HTTP/1.1
Server: 139.99.165.34 Sydney, Australia, ASN16276 (OVH, FR),
Reverse DNS: ip34.ip-139-99-165.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: b56efa1cca7e380d0588b493826ccaa0d7861f07a3c41c2c228144cd3c3d7de3

Request headers

Referer: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 21 Dec 2019 23:59:59 GMT
Content-Encoding: gzip
Last-Modified: Sat, 21 Dec 2019 21:51:51 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "189-59a3dcd4e165a-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 201

GET
H/1.1 200
OK gas.js Show response
139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/etc/ 1 KB
845 B 507ms
493ms Script
application/javascript 139.99.165.34
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/etc/gas.js
Requested by: Host: 139.99.165.34
URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/
Protocol: HTTP/1.1
Server: 139.99.165.34 Sydney, Australia, ASN16276 (OVH, FR),
Reverse DNS: ip34.ip-139-99-165.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: ab5a7adb72d762b4a1945fb8514f61584f4bf6404b6acb9725bf60cba967d4dd

Request headers

Referer: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 21 Dec 2019 23:59:59 GMT
Content-Encoding: gzip
Last-Modified: Sat, 21 Dec 2019 21:51:51 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "451-59a3dcd4e1272-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 496

GET
H/1.1 200
OK ga.js Show response
139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/etc/ 36 KB
15 KB 506ms
493ms Script
application/javascript 139.99.165.34
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/etc/ga.js
Requested by: Host: 139.99.165.34
URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/
Protocol: HTTP/1.1
Server: 139.99.165.34 Sydney, Australia, ASN16276 (OVH, FR),
Reverse DNS: ip34.ip-139-99-165.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 368ae23e2ac5a6b7c4e7a2e6e816b9ba74432b75772d4eb1e2d96cafeb252d82

Request headers

Referer: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 21 Dec 2019 23:59:59 GMT
Content-Encoding: gzip
Last-Modified: Sat, 21 Dec 2019 21:51:51 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "91f2-59a3dcd4e0e8a-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 14970

GET
H/1.1 200
OK login.php Show response
139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/ Frame 56A0 2 KB
1 KB 252ms
252ms Document
text/html 139.99.165.34
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/login.php
Requested by: Host: 139.99.165.34
URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/
Protocol: HTTP/1.1
Server: 139.99.165.34 Sydney, Australia, ASN16276 (OVH, FR),
Reverse DNS: ip34.ip-139-99-165.net
Software: Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.29
Resource Hash: 3993aed40a44f2db27a4f0b4c116bd852746111ddd78f9d09ea29868bd29a19b

Request headers

Host: 139.99.165.34
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/

Response headers

Date: Sat, 21 Dec 2019 23:59:59 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 899
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html

GET
H/1.1 200
OK style.css
139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/etc/ Frame 56A0 1 KB
818 B 253ms
252ms Stylesheet
text/css 139.99.165.34
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/etc/style.css
Requested by: Host: 139.99.165.34
URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/login.php
Protocol: HTTP/1.1
Server: 139.99.165.34 Sydney, Australia, ASN16276 (OVH, FR),
Reverse DNS: ip34.ip-139-99-165.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: e6965fd3346222275aca7748de0391d0cd427a32d1e4440e74f4aaaee97e5b44

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 22 Dec 2019 00:00:00 GMT
Content-Encoding: gzip
Last-Modified: Sat, 21 Dec 2019 21:51:51 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "59f-59a3dcd4e1272-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 484

GET
H/1.1 200
OK jquery.min.js Show response
139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/etc/ Frame 56A0 95 KB
33 KB 259ms
259ms Script
application/javascript 139.99.165.34
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/etc/jquery.min.js
Requested by: Host: 139.99.165.34
URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/login.php
Protocol: HTTP/1.1
Server: 139.99.165.34 Sydney, Australia, ASN16276 (OVH, FR),
Reverse DNS: ip34.ip-139-99-165.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 27d92130c0321dad5a03760fd5ac98a3d04ed4c94d88418fe6d50da1f7fc5cbe

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 22 Dec 2019 00:00:00 GMT
Content-Encoding: gzip
Last-Modified: Sat, 21 Dec 2019 21:51:51 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "17b90-59a3dcd4e165a-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 33769

GET
H/1.1 200
OK cerc.js Show response
139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/etc/ Frame 56A0 13 KB
3 KB 256ms
255ms Script
application/javascript 139.99.165.34
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/etc/cerc.js
Requested by: Host: 139.99.165.34
URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/login.php
Protocol: HTTP/1.1
Server: 139.99.165.34 Sydney, Australia, ASN16276 (OVH, FR),
Reverse DNS: ip34.ip-139-99-165.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 95b3b19ec66c44d979e55597fe361d4b8a914713dea81198293ceaf67595a0b2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 22 Dec 2019 00:00:00 GMT
Content-Encoding: gzip
Last-Modified: Sat, 21 Dec 2019 21:51:51 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "34d5-59a3dcd4e1272-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 3195

GET
H/1.1 200
OK 1.png
139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/etc/ Frame 56A0 57 KB
57 KB 505ms
491ms Image
image/png 139.99.165.34
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/etc/1.png
Requested by: Host: 139.99.165.34
URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/login.php
Protocol: HTTP/1.1
Server: 139.99.165.34 Sydney, Australia, ASN16276 (OVH, FR),
Reverse DNS: ip34.ip-139-99-165.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 8490a0c8f2baea8f672dae2e711f5fe1ffebb980c6649a6d42ad8f4de12a8d3b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 22 Dec 2019 00:00:00 GMT
Last-Modified: Sat, 21 Dec 2019 21:51:51 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "e293-59a3dcd4e1272"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 58003

GET
H/1.1 200
OK loading.png
139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/etc/ Frame 56A0 6 KB
6 KB 253ms
252ms Image
image/png 139.99.165.34
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/etc/loading.png
Requested by: Host: 139.99.165.34
URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/login.php
Protocol: HTTP/1.1
Server: 139.99.165.34 Sydney, Australia, ASN16276 (OVH, FR),
Reverse DNS: ip34.ip-139-99-165.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 4b76e5a6a06f430c4c3c7a801632cf646f4fac8bbe919ff14938396abb08ae0f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 22 Dec 2019 00:00:00 GMT
Last-Modified: Sat, 21 Dec 2019 21:51:51 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "182d-59a3dcd4e165a"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 6189

GET
H/1.1 200
OK spinner.gif
139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/etc/ Frame 56A0 33 KB
33 KB 254ms
254ms Image
image/gif 139.99.165.34
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/etc/spinner.gif
Requested by: Host: 139.99.165.34
URL: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/etc/login.php
Protocol: HTTP/1.1
Server: 139.99.165.34 Sydney, Australia, ASN16276 (OVH, FR),
Reverse DNS: ip34.ip-139-99-165.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: ea638c8244c7a5cc50e617807b1fc35637430f976e8210ef3d560a5eb059e5f5

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 22 Dec 2019 00:00:00 GMT
Last-Modified: Sat, 21 Dec 2019 21:51:51 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "844d-59a3dcd4e165a"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 33869

GET
H2

200

__utm.gif
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/__utm.gif?utmwv=5.3.8&utms=1&utmn=2067924110&utmhn=139.99.165.34&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Verificar...
https://www.google-analytics.com/__utm.gif?utmwv=5.3.8&utms=1&utmn=2067924110&utmhn=139.99.165.34&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Verifica...

35 B
102 B

6ms
6ms

Image
image/gif

2a00:1450:4001:814::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/__utm.gif?utmwv=5.3.8&utms=1&utmn=2067924110&utmhn=139.99.165.34&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Verificare%20l%27identit%C3%A0&utmhid=1236372049&utmr=-&utmp=%2F2f0d600b1a72b33b117a129c09fd7ec5%2F&utmac=UA-9575317-2&utmcc=__utma%3D1.2097437354.1576973027.1576973027.1576973027.1%3B%2B__utmz%3D1.1576973027.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmu=Hh~

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://139.99.165.34/2f0d600b1a72b33b117a129c09fd7ec5/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 22 Nov 2019 00:59:50 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2588637
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/__utm.gif?utmwv=5.3.8&utms=1&utmn=2067924110&utmhn=139.99.165.34&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Verificare%20l%27identit%C3%A0&utmhid=1236372049&utmr=-&utmp=%2F2f0d600b1a72b33b117a129c09fd7ec5%2F&utmac=UA-9575317-2&utmcc=__utma%3D1.2097437354.1576973027.1576973027.1576973027.1%3B%2B__utmz%3D1.1576973027.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmu=Hh~
Non-Authoritative-Reason: HSTS

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Poste Italiane (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
139.99.165.34/	1970-01-19 06:02:54	Name: __utmb Value: 1.1.10.1576973027
139.99.165.34/	1970-01-19 10:25:41	Name: __utmz Value: 1.1576973027.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
139.99.165.34/	1969-12-31 23:59:59	Name: __utmc Value: 1
139.99.165.34/	1970-01-19 23:34:05	Name: __utma Value: 1.2097437354.1576973027.1576973027.1576973027.1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.google-analytics.com
139.99.165.34
2a00:1450:4001:814::200e
27d92130c0321dad5a03760fd5ac98a3d04ed4c94d88418fe6d50da1f7fc5cbe
368ae23e2ac5a6b7c4e7a2e6e816b9ba74432b75772d4eb1e2d96cafeb252d82
3993aed40a44f2db27a4f0b4c116bd852746111ddd78f9d09ea29868bd29a19b
4b76e5a6a06f430c4c3c7a801632cf646f4fac8bbe919ff14938396abb08ae0f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8490a0c8f2baea8f672dae2e711f5fe1ffebb980c6649a6d42ad8f4de12a8d3b
8c49276bb5a2e476434328fc378a79fc1cdaf2f1bc7b3a38ea50ee7fd0a14a1c
95b3b19ec66c44d979e55597fe361d4b8a914713dea81198293ceaf67595a0b2
ab5a7adb72d762b4a1945fb8514f61584f4bf6404b6acb9725bf60cba967d4dd
b56efa1cca7e380d0588b493826ccaa0d7861f07a3c41c2c228144cd3c3d7de3
e6965fd3346222275aca7748de0391d0cd427a32d1e4440e74f4aaaee97e5b44
ea638c8244c7a5cc50e617807b1fc35637430f976e8210ef3d560a5eb059e5f5

139.99.165.34 Open in urlscan Pro 139.99.165.34 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

12 Requests

8 %HTTPS

50 %IPv6

1 Domains

1 Subdomains

2 IPs

2 Countries

153 kBTransfer

246 kBSize

4 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

4 Cookies

Indicators

139.99.165.34 Open in urlscan Pro
139.99.165.34 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

8 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

2
IPs

2
Countries

153 kB
Transfer

246 kB
Size

4
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!