ch-post.org Open in urlscan Pro
162.241.61.214 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://crmcap.udgvirtual.udg.mx/SugarCRM/custom/intox.html
Effective URL:
https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_comman...
Submission: On August 21 via api (August 21st 2020, 3:45:07 pm UTC) from US

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 5 domains to perform 13 HTTP transactions. The main IP is 162.241.61.214, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is ch-post.org.
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 21st 2020. Valid for: 3 months.

This is the only time ch-post.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Transportation (Transportation) Swiss Post (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	148.202.167.35 148.202.167.35	2549 (Universid...) (Universidad de Guadalajara)
4 6	162.241.61.214 162.241.61.214	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	185.8.53.70 185.8.53.70	62325 (OGONE) (OGONE)
1	151.101.112.193 151.101.112.193	54113 (FASTLY) (FASTLY)
1	2a00:17c8:0:1... 2a00:17c8:0:103::20a	12511 (CH-POSTNE...) (CH-POSTNETZ Post CH AG)
13	6

1 148.202.167.35 (Guadalajara, Mexico)

ASN2549 (Universidad de Guadalajara, MX)
PTR: 35-167.suv.udg.mx

crmcap.udgvirtual.udg.mx	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 162.241.61.214 (Provo, United States) 4 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-61-214.unifiedlayer.com

ch-post.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.8.53.70 (Belgium)

ASN62325 (OGONE, BE)

secure.ogone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:17c8:0:103::20a (Rickenbach, Germany)

ASN12511 (CH-POSTNETZ Post CH AG, CH)

www.post.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	ch-post.org 4 redirects ch-post.org	9 KB
1	post.ch www.post.ch	4 KB
1	imgur.com i.imgur.com	3 KB
1	ogone.com secure.ogone.com	85 KB
1	udg.mx crmcap.udgvirtual.udg.mx	468 B
13	5

	Domain	Requested by
6	ch-post.org	4 redirects ch-post.org
1	www.post.ch	ch-post.org
1	i.imgur.com	ch-post.org
1	secure.ogone.com	ch-post.org
1	crmcap.udgvirtual.udg.mx
13	5

This site contains no links.

Subject Issuer	Validity	Valid
ch-post.org cPanel, Inc. Certification Authority	`2020-08-21` - `2020-11-19`	3 months	crt.sh
secure.ogone.com Entrust Certification Authority - L1M	`2019-12-31` - `2022-03-30`	2 years	crt.sh
*.imgur.com DigiCert SHA2 Secure Server CA	`2020-01-15` - `2022-03-16`	2 years	crt.sh
www.post.ch SwissSign Server Gold CA 2014 - G22	`2019-07-31` - `2021-07-31`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_commande_WS312979482fcustomer-center-viewinvoice-commissioning-customs-people_and_physical-and-legal-idcheckurl.php=a8b56e5c3c7e22a39a3317549b21a83e/checkout.html
Frame ID: 999B0B80776F39E058708DDE3E21532C
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://crmcap.udgvirtual.udg.mx/SugarCRM/custom/intox.html Page URL
https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter HTTP 301
https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/ HTTP 302
https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-deliver... HTTP 301
https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-deliver... HTTP 302
https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-deliver... Page URL

Detected technologies

Debian (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Debian/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

13
Requests

38 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

6
IPs

4
Countries

101 kB
Transfer

115 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://crmcap.udgvirtual.udg.mx/SugarCRM/custom/intox.html Page URL
https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter HTTP 301
https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/ HTTP 302
https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_commande_WS312979482fcustomer-center-viewinvoice-commissioning-customs-people_and_physical-and-legal-idcheckurl.php=a8b56e5c3c7e22a39a3317549b21a83e HTTP 301
https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_commande_WS312979482fcustomer-center-viewinvoice-commissioning-customs-people_and_physical-and-legal-idcheckurl.php=a8b56e5c3c7e22a39a3317549b21a83e/ HTTP 302
https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_commande_WS312979482fcustomer-center-viewinvoice-commissioning-customs-people_and_physical-and-legal-idcheckurl.php=a8b56e5c3c7e22a39a3317549b21a83e/checkout.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK intox.html Show response
crmcap.udgvirtual.udg.mx/SugarCRM/custom/ 128 B
468 B 886ms
296ms Document
text/html 148.202.167.35
Universidad de Gu...

General

Check archive.org

Show headers Download Go to

Full URL: http://crmcap.udgvirtual.udg.mx/SugarCRM/custom/intox.html
Protocol: HTTP/1.1
Server: 148.202.167.35 Guadalajara, Mexico, ASN2549 (Universidad de Guadalajara, MX),
Reverse DNS: 35-167.suv.udg.mx
Software: Apache/2.2.16 (Debian) /
Resource Hash: c4bc69ba88bf719defa3e6fa0368f8425bb82a76f35d1b3576452a2bb1e4410e

Request headers

Host: crmcap.udgvirtual.udg.mx
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 21 Aug 2020 15:58:36 GMT
Server: Apache/2.2.16 (Debian)
Last-Modified: Fri, 21 Aug 2020 13:38:12 GMT
ETag: "7654e-80-5ad63591d1900"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 130
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

GET
H2

200

Primary Request checkout.html Show response
ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_commande_WS312979482fcustomer-center-viewinvoice-commissioning-customs-people_and_physical-and-...
Redirect Chain

https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter
https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/
https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_commande_WS312979482fcustomer-center-viewinvoice-commissioning-customs-people_and_physi...
https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_commande_WS312979482fcustomer-center-viewinvoice-commissioning-customs-people_and_physi...
https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_commande_WS312979482fcustomer-center-viewinvoice-commissioning-customs-people_and_physi...

23 KB
7 KB

145ms
144ms

Document
text/html

162.241.61.214
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_commande_WS312979482fcustomer-center-viewinvoice-commissioning-customs-people_and_physical-and-legal-idcheckurl.php=a8b56e5c3c7e22a39a3317549b21a83e/checkout.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.61.214 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-61-214.unifiedlayer.com
Software: Apache /
Resource Hash: 637767742dce2f1a27ee19aed5c2c74fbf0104c6ba4f6ddb27e5ef096a3ae21a

Request headers

:method: GET
:authority: ch-post.org
:scheme: https
:path: /id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_commande_WS312979482fcustomer-center-viewinvoice-commissioning-customs-people_and_physical-and-legal-idcheckurl.php=a8b56e5c3c7e22a39a3317549b21a83e/checkout.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: http://crmcap.udgvirtual.udg.mx/SugarCRM/custom/intox.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://crmcap.udgvirtual.udg.mx/SugarCRM/custom/intox.html

Response headers

status: 200
date: Fri, 21 Aug 2020 15:44:51 GMT
server: Apache
last-modified: Fri, 21 Aug 2020 15:44:51 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 7448
content-type: text/html

Redirect headers

status: 302
date: Fri, 21 Aug 2020 15:44:51 GMT
server: Apache
location: checkout.html
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 200 wait_turn.gif
ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_commande_WS312979482fcustomer-center-viewinvoice-commissioning-customs-people_and_physical-and-... 1 KB
1 KB 147ms
143ms Image
image/gif 162.241.61.214
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_commande_WS312979482fcustomer-center-viewinvoice-commissioning-customs-people_and_physical-and-legal-idcheckurl.php=a8b56e5c3c7e22a39a3317549b21a83e/Betaalbevestiging_files/wait_turn.gif
Requested by: Host: ch-post.org
URL: https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_commande_WS312979482fcustomer-center-viewinvoice-commissioning-customs-people_and_physical-and-legal-idcheckurl.php=a8b56e5c3c7e22a39a3317549b21a83e/checkout.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.61.214 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-61-214.unifiedlayer.com
Software: Apache /
Resource Hash: 59b66845812b0f601bd3212774a8982a9aaf6d82074e258ea951e2465fad5407

Request headers

Referer: https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_commande_WS312979482fcustomer-center-viewinvoice-commissioning-customs-people_and_physical-and-legal-idcheckurl.php=a8b56e5c3c7e22a39a3317549b21a83e/checkout.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 21 Aug 2020 15:44:51 GMT
last-modified: Fri, 21 Aug 2020 15:44:51 GMT
server: Apache
accept-ranges: bytes
content-length: 1106
content-type: image/gif

GET
H/1.1 200
OK jquery-3.3.1.min.js Show response
secure.ogone.com/ncol/prod/js/jquery.core/ 85 KB
85 KB 6262ms
845ms Script
application/javascript 185.8.53.70
OGONE

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.ogone.com/ncol/prod/js/jquery.core/jquery-3.3.1.min.js

Requested by

Host: ch-post.org
URL: https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_commande_WS312979482fcustomer-center-viewinvoice-commissioning-customs-people_and_physical-and-legal-idcheckurl.php=a8b56e5c3c7e22a39a3317549b21a83e/checkout.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.8.53.70 , Belgium, ASN62325 (OGONE, BE),

Reverse DNS

Software

Resource Hash

4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_commande_WS312979482fcustomer-center-viewinvoice-commissioning-customs-people_and_physical-and-legal-idcheckurl.php=a8b56e5c3c7e22a39a3317549b21a83e/checkout.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 21 Aug 2020 15:44:57 GMT
Last-Modified: Mon, 29 Oct 2018 16:55:22 GMT
Accept-Ranges: bytes
ETag: "0b9252ea86fd41:0"
Content-Length: 86929
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript

GET jquery-migrate-1.4.1.min.js
secure.ogone.com/ncol/prod/js/jquery.plugins/ 0
0

GET Class.create.js
secure.ogone.com/ncol/prod/js/jquery.plugins/dependencies/ 0
0

GET jquery.jquery-encoder-0.1.0.min.js
secure.ogone.com/ncol/prod/js/jquery.plugins/ 0
0

GET form_validation.js
secure.ogone.com/ncol/prod/js/ 0
0

GET
H2 200 yvq9kDX.png
i.imgur.com/ 3 KB
3 KB 101ms
33ms Image
image/png 151.101.112.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/yvq9kDX.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

8eab0a98668e768f47e03deb52480d8fff2b6a0ef6d49e29b23646fb0af27f06

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_commande_WS312979482fcustomer-center-viewinvoice-commissioning-customs-people_and_physical-and-legal-idcheckurl.php=a8b56e5c3c7e22a39a3317549b21a83e/checkout.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 21 Aug 2020 15:44:51 GMT
x-content-type-options: nosniff
age: 1035016
x-cache: HIT, HIT
status: 200
content-length: 2802
x-served-by: cache-bwi5134-BWI, cache-hhn4042-HHN
last-modified: Sun, 09 Aug 2020 16:14:37 GMT
server: cat factory 1.0
x-timer: S1598024692.988946,VS0,VE1
etag: "802f006db5b45477ca03a0f1136c1973"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET Fp_inc.1.2.js
secure.ogone.com/ncol/prod/js/fp/ 0
0

GET base64_inc.js
secure.ogone.com/ncol/prod/ 0
0

GET wait_turn.gif
secure.ogone.com/images/ 0
0

GET
H/1.1 200
OK logo---die-post.svg
www.post.ch/-/media/portal-opp/global/logos/ 3 KB
4 KB 63ms
17ms Image
image/svg+xml 2a00:17c8:0:103::20a
CH-POSTNETZ Post ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.post.ch/-/media/portal-opp/global/logos/logo---die-post.svg?la=fr&vs=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a00:17c8:0:103::20a Rickenbach, Germany, ASN12511 (CH-POSTNETZ Post CH AG, CH),

Reverse DNS

Software

Delivery1 /

Resource Hash

02bccc8398397aecd364759ddae4c4c1a018f989d288d5062ad841bc6fe3ab14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ch-post.org/id/45/fsd26/fsd3/7e7/login56ds/portal-delivery4/fkundencenter/portal-delivery_ReEfeErence_commande_WS312979482fcustomer-center-viewinvoice-commissioning-customs-people_and_physical-and-legal-idcheckurl.php=a8b56e5c3c7e22a39a3317549b21a83e/checkout.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 07 Aug 2020 10:36:51 GMT
X-Content-Type-Options: nosniff
Age: 1228079
Content-Disposition: inline; filename="Logo - Die Post.svg"
Connection: Keep-Alive
Content-Length: 3136
X-Xss-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Link: <https://www.post.ch/-/media/portal-opp/global/logos/logo---die-post.svg?la=fr>; rel="canonical"
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 23 May 2019 11:00:28 GMT
Server: Delivery1
ETag: 7dee2b61bc2b4df382532e2bfe3c6243
Strict-Transport-Security: max-age=31536000
Content-Type: image/svg+xml
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Keep-Alive: timeout=5
Expires: Sun, 06 Sep 2020 10:36:52 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: secure.ogone.com
URL: https://secure.ogone.com/ncol/prod/js/jquery.plugins/jquery-migrate-1.4.1.min.js

Domain: secure.ogone.com
URL: https://secure.ogone.com/ncol/prod/js/jquery.plugins/dependencies/Class.create.js

Domain: secure.ogone.com
URL: https://secure.ogone.com/ncol/prod/js/jquery.plugins/jquery.jquery-encoder-0.1.0.min.js

Domain: secure.ogone.com
URL: https://secure.ogone.com/ncol/prod/js/form_validation.js

Domain: secure.ogone.com
URL: https://secure.ogone.com/ncol/prod/js/fp/Fp_inc.1.2.js

Domain: secure.ogone.com
URL: https://secure.ogone.com/ncol/prod/base64_inc.js

Domain: secure.ogone.com
URL: https://secure.ogone.com/images/wait_turn.gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Transportation (Transportation) Swiss Post (Transportation)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ch-post.org
crmcap.udgvirtual.udg.mx
i.imgur.com
secure.ogone.com
www.post.ch
secure.ogone.com
148.202.167.35
151.101.112.193
162.241.61.214
185.8.53.70
2a00:17c8:0:103::20a
02bccc8398397aecd364759ddae4c4c1a018f989d288d5062ad841bc6fe3ab14
4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de
59b66845812b0f601bd3212774a8982a9aaf6d82074e258ea951e2465fad5407
637767742dce2f1a27ee19aed5c2c74fbf0104c6ba4f6ddb27e5ef096a3ae21a
8eab0a98668e768f47e03deb52480d8fff2b6a0ef6d49e29b23646fb0af27f06
c4bc69ba88bf719defa3e6fa0368f8425bb82a76f35d1b3576452a2bb1e4410e

ch-post.org Open in urlscan Pro 162.241.61.214 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

38 %HTTPS

20 %IPv6

5 Domains

5 Subdomains

6 IPs

4 Countries

101 kBTransfer

115 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

ch-post.org Open in urlscan Pro
162.241.61.214 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

38 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

6
IPs

4
Countries

101 kB
Transfer

115 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!