po-recover-item.com
Open in
urlscan Pro
95.213.216.216
Malicious Activity!
Public Scan
Effective URL: http://po-recover-item.com/main/
Submission: On April 07 via api from GB — Scanned from GB
Summary
This is the only time po-recover-item.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Post Office UK (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
20 | 95.213.216.216 95.213.216.216 | 49505 (SELECTEL) (SELECTEL) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1b | 20446 (STACKPATH...) (STACKPATH-CDN) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
22 | 4 |
ASN49505 (SELECTEL, RU)
PTR: gl.topfresh.eu
po-recover-item.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
po-recover-item.com
po-recover-item.com |
784 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 238 |
28 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 647 |
29 KB |
22 | 3 |
Domain | Requested by | |
---|---|---|
20 | po-recover-item.com |
po-recover-item.com
cdnjs.cloudflare.com |
1 | cdnjs.cloudflare.com |
po-recover-item.com
|
1 | code.jquery.com |
po-recover-item.com
|
22 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.postoffice.co.uk |
corporate.postoffice.co.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-21 - 2022-09-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://po-recover-item.com/main/
Frame ID: 0427B9CCCDE06E9E0009299B5F8C5125
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
Post Office - Your account pagePage URL History Show full URLs
- http://po-recover-item.com/ Page URL
- http://po-recover-item.com/main/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
11 Outgoing links
These are links going to different origins than the main page.
Title: Read our Cookie Policy
Search URL Search Domain Scan URL
Title: How to address mail
Search URL Search Domain Scan URL
Title: Lost and Damaged items
Search URL Search Domain Scan URL
Title: Get the best value from your postage
Search URL Search Domain Scan URL
Title: Prohibited and Restricted Goods for the UK
Search URL Search Domain Scan URL
Title: Prohibited and Restricted Goods � International
Search URL Search Domain Scan URL
Title: Site Conditions
Search URL Search Domain Scan URL
Title: Cymraeg
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://po-recover-item.com/ Page URL
- http://po-recover-item.com/main/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
po-recover-item.com/ |
479 KB 480 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
m3d.css
po-recover-item.com/ |
151 B 355 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-2.2.4.min.js
code.jquery.com/ |
84 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/ |
87 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ajax.php
po-recover-item.com/m3dularbh/ |
0 150 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
po-recover-item.com/main/ |
17 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
normalize.css
po-recover-item.com/main/myaccount/css/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui.css
po-recover-item.com/main/myaccount/css/ |
23 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-1-1010.css
po-recover-item.com/main/myaccount/css/ |
55 KB 55 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
screen-medium-1010.css
po-recover-item.com/main/myaccount/css/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
screen-large-1010.css
po-recover-item.com/main/myaccount/css/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
po-recover-item.com/main/myaccount/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loggedin.png
po-recover-item.com/main/myaccount/img/icons/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
purchase.png
po-recover-item.com/main/myaccount/img/features/ |
41 KB 42 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
purchase3.png
po-recover-item.com/main/myaccount/img/features/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
purchase2.png
po-recover-item.com/main/myaccount/img/features/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cursor1.png
po-recover-item.com/main/myaccount/img/features/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
screen-small-1010.css
po-recover-item.com/main/myaccount/css/ |
9 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
screen-small-fixes-1010.css
po-recover-item.com/main/myaccount/css/ |
765 B 969 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-new-page.png
po-recover-item.com/main/myaccount/img/ |
488 B 693 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_footer.png
po-recover-item.com/main/myaccount/img/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
probapro-regular.ttf
po-recover-item.com/main/myaccount/fonts/ |
90 KB 91 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
266 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Post Office UK (Government)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
po-recover-item.com/ | Name: PHPSESSID Value: 93721acaf9f326495c1bc344f2f4025b |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
code.jquery.com
po-recover-item.com
2001:4de0:ac18::1:a:1b
2606:4700::6811:180e
95.213.216.216
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
13138ea0a8d61629d3dc71996989a9a1b4ec77aabbe50386f9de09670d49ff0a
1820f952e59946e54941ea025e9a83f62c836c0b776178a16cf82938bda2eec2
1a740456b83f483ce8d0718b2ef3cff6a8a102ff5e3e155193052fe94cd438b8
2f49fa82a606f729e56861e28d262e98afb010fe79086a77735e0c9c0c9d5d53
519b6119bbac3d1a3dae32159b8a0f57528e768fd4c7b39dc4b3c60da759353e
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33
7e7d1cc55513e05f8c75076a661d7c96f25af1ea8920e5ab329f6e9b8b5b2207
8598ce6e06ab54d1878b0a5ea1967ff9bd84a17a6e1e33b89b033d6a9755a8ad
8beb6e6183733303dfb6302ae9ba542013a922ac1c21f91c49395ea7695c88f0
970441d6239b1624089f050fdf6fd136cc08ad0cc99349fa645f934e4f7e29cc
97128a0880e55d556ef29bd4f7bacbfc9a5a77ab1e279725748692b0ac93b2a9
c113ebc50cb4d96a2b7829a0aaca2fe5a01b36197859283dab10767d6a267072
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4
ce617c20736f06dcab191c9ad1f40de02a75c8096a93934a29a4dbeed1891683
d525e72e87b954683dfbed4c34c22088bfa5ef886c7f888b287848ac8784d2a0
da84dbbd7c249bd5670bf5e4ffdece2e3bd7556f05cd219c2c06b25cd8c89925
dbca6e3b0eaeee26600206664fb06532b9e87dbbb05cc2ee1e2859249623324d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8a8c505120f001a8561e1c8d20cc9339542463fa09872ad0349a10065629103
fcf8ae3ad5559cc8f855fe4deaf332d20efc7077fcab1c3302afa5fcc1b8ac48
ff6cfc412d94242f508078ced466d7e7211fc2b583f78278c0fdf63aa6d4796d