urlscan.io logo urlscan.io
SecurityTrails logo

peruix.net Open in urlscan Pro
2a06:98c1:3120::3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.ediliziaconidi.it/wp-content/upgrade/4.php
Effective URL: https://peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/
Submission: On June 15 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is peruix.net.
TLS certificate: Issued by E1 on May 23rd 2023. Valid for: 3 months.
This is the only time peruix.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Postbank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 89.46.110.63 31034 (ARUBA-ASN)
1 4 2a06:98c1:312... 13335 (CLOUDFLAR...)
4 2
Apex Domain
Subdomains		 Transfer
4 peruix.net
peruix.net
947 KB
1 ediliziaconidi.it
www.ediliziaconidi.it
173 B
4 2
Domain Requested by
4 peruix.net 1 redirects peruix.net
1 www.ediliziaconidi.it 1 redirects
4 2

This site contains links to these domains. Also see Links.

Domain
www.postbank.de
meine.postbank.de
Subject Issuer Validity Valid
peruix.net
E1		 2023-05-23 -
2023-08-21		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/
Frame ID: 1AB5612F8644D7D0626D9A380CC52086
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login - Postbank Banking & Brokerage

Page URL History Show full URLs

  1. https://www.ediliziaconidi.it/wp-content/upgrade/4.php HTTP 302
    http://peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/ HTTP 301
    https://peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Page Statistics

4
Requests

75 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1035 kB
Transfer

2459 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.ediliziaconidi.it/wp-content/upgrade/4.php HTTP 302
    http://peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/ HTTP 301
    https://peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/
Redirect Chain
  • https://www.ediliziaconidi.it/wp-content/upgrade/4.php
  • http://peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/
  • https://peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/
2 MB
945 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a32720641fbcfee703e117167fa23cb86f956631a5f92cc371d892e3419a04d
Security Headers
Name Value
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=0, no-cache
cf-cache-status
DYNAMIC
cf-ray
7d7960d19a9535ec-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 15 Jun 2023 08:17:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
same-origin same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fmxANkFxXMCIBs%2Fu%2FNrheICsHY4TeJLDkCtrPcBqmjwMjgRVQ3NoKOGA3Y8CP3ZR1PCu6hRgLH%2BWPn8yQWS6cHOpL%2FU8ceQZ4r59walDJE1v4bS4Kgw2bqxSXthjjY%2FIOGrXZ1oCAnhp"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff nosniff
x-frame-options
SAMEORIGIN SAMEORIGIN
x-page-speed
1
x-permitted-cross-domain-policies
master-only master-only
x-xss-protection
1; mode=block 1; mode=block

Redirect headers

CF-Cache-Status
DYNAMIC
CF-RAY
7d7960cdfd0d924a-FRA
Connection
keep-alive
Content-Type
text/html
Date
Thu, 15 Jun 2023 08:17:42 GMT
Location
https://peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Referrer-Policy
same-origin
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BTi4u%2BtXj2QOiFy4VHlecEVCU5qoTrbeKwBcgfzDWEaj93s%2BlOVCgagExhk%2B7DfP%2F5%2BC63x1i6PoRpYetPjwcQulLCKyPsWaxEKT9OWb7ZEyLFYNGWINEo9xvfB3ojHZQu3MnIAaYqCn"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Permitted-Cross-Domain-Policies
master-only
X-XSS-Protection
1; mode=block
alt-svc
h3=":443"; ma=86400
1.JiBnMqyl6S.gif
peruix.net/pagespeed_static/ 		53 B
415 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://peruix.net/pagespeed_static/1.JiBnMqyl6S.gif
Requested by
Host: peruix.net
URL: https://peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1eddc73cd37d151291adc510a4a547c4b0248b5bf7d368fcf4b73840a75b819a
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date
Thu, 15 Jun 2023 08:17:46 GMT
x-content-type-options
nosniff, nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
master-only
age
322237
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Sun, 11 Jun 2023 14:47:09 GMT
server
cloudflare
etag
W/"0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/gif
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rilCKyadVkTEvld8YJu7irFl3M62oCoPbzuaagu5Ub2FC16Pwl44s0AJLgNZRWZcQJIiyPBKwpq8v29%2F5zfDa9%2BF5nUchplYFo%2FfiPss99YO5GQCx0Y3vz1xOsUJWenY6VtC75sov13Z"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
7d7960ec4c0935ec-FRA
svg-icon-sprite.svg
peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/bundles/@pbs/patternlib_pb/lib/runtime/assets/images/ 		0
0
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
44a485e43d7c032784496d17e884bdc41683d3ad3d9999287fa848a2f698ac20

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fe5103f855975085f28d2a255145a386f30d2afe2a1b26fa9943d74b54859b7b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type
image/svg+xml
xrenice.png.pagespeed.ic.VNPyoMPwZc.webp
peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/index_files/ 		620 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/index_files/xrenice.png.pagespeed.ic.VNPyoMPwZc.webp
Requested by
Host: peruix.net
URL: https://peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4868a82be3d8392e5070fdfb00f472063b2b08fbd5d8332cec679a71ffb494d4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date
Thu, 15 Jun 2023 08:17:46 GMT
cf-cache-status
HIT
x-original-content-length
1373
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
223405
alt-svc
h3=":443"; ma=86400
content-length
620
x-page-speed
1
last-modified
Mon, 12 Jun 2023 07:47:22 GMT
server
cloudflare
etag
W/"0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qUFwZTSfdmPMBFOMK8Q5UERfrNY6FPh3L08LjqELf3BxJho045K%2BUJ7BrMVZG5TCAFt9SxwcaPBODPGiqzaL%2FbZz2kEvf5Li7D8T9ImL6E5P9zbq9XXL87WKuG7dT6%2BMdOX9Gfk6PGPo"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
7d7960ec4c0d35ec-FRA
link
<https://peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/index_files/renice.png>; rel="canonical"
expires
Tue, 11 Jun 2024 07:47:22 GMT
truncated
/ 		1016 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2b46a500fcaaee5c95cbe3ebeb539f6f9a7a14978387f696ab6f092838e9c920

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		48 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0392b37cafa1d3eaf5f00c2594df53bea1f7c7059180098d4185a2425d580d1c

Request headers

Referer
Origin
https://peruix.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		41 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
33f227be2f5d1077c023bf5bfaa69f4498c74c3771d820ac23e2e2ca2a2bcd0d

Request headers

Referer
Origin
https://peruix.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		612 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
545d99b57daa48a5fd7781e1ace4be2422a069625a8c71924d2a245998755df7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		15 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2afc1ff4a798ce317d694abd9ecb5dc5f7e1211f80e3864902c0f6da65746c14

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		50 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1dba4aed649c01e3a9864ed3313c4b506525c74e107760f113b31dc044a0f452

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type
image/jpeg

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
peruix.net
URL
https://peruix.net/wp-content/themes/seotheme/theme/PostBank.de/meine/bundles/@pbs/patternlib_pb/lib/runtime/assets/images/svg-icon-sprite.svg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Postbank (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| savepage_ShadowLoader object| pagespeed

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block