![](/screenshots/08837026-b48d-40fc-8781-bcd095a53197.png)
todentaminen.posti.fi
Open in
urlscan Pro
65.9.95.91
Malicious Activity!
Public Scan
Effective URL: https://todentaminen.posti.fi/uas/error/view?entityID=5b05bc63-9195-4687-9ac0-df872...
Submission: On May 21 via manual from AT — Scanned from FI
Summary
TLS certificate: Issued by Amazon RSA 2048 M03 on January 31st 2024. Valid for: a year.
This is the only time todentaminen.posti.fi was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: MobilePay (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 18 | 65.9.95.91 65.9.95.91 | 16509 (AMAZON-02) (AMAZON-02) | |
17 | 1 |
ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-91.prg50.r.cloudfront.net
todentaminen.posti.fi |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
posti.fi
1 redirects
todentaminen.posti.fi |
193 KB |
17 | 1 |
Domain | Requested by | |
---|---|---|
18 | todentaminen.posti.fi |
1 redirects
todentaminen.posti.fi
|
17 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.posti.fi |
Subject Issuer | Validity | Valid | |
---|---|---|---|
prd.auth.posticloud.fi Amazon RSA 2048 M03 |
2024-01-31 - 2025-03-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://todentaminen.posti.fi/uas/error/view?entityID=5b05bc63-9195-4687-9ac0-df872...
Frame ID: C5A1305EAEDF49FA664168EE4A0FB4BF
Requests: 17 HTTP requests in this frame
Screenshot
![](/screenshots/08837026-b48d-40fc-8781-bcd095a53197.png)
Page Title
PostiPage URL History Show full URLs
-
http://todentaminen.posti.fi/uas/authn/*/view?_id=bb16f1cc-518e-445b-91f9-802c224090af&entityID=5b05bc63-...
HTTP 307
https://todentaminen.posti.fi/uas/authn/*/view?_id=bb16f1cc-518e-445b-91f9-802c224090af&entityID=5b05bc63-... HTTP 302
https://todentaminen.posti.fi/uas/error/view?entityID=5b05bc63-9195-4687-9ac0-df872... Page URL
Detected technologies
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Ehdot
Search URL Search Domain Scan URL
Title: Tietosuoja
Search URL Search Domain Scan URL
Title: Tuki
Search URL Search Domain Scan URL
Title: Ehdot
Search URL Search Domain Scan URL
Title: Tietosuoja
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://todentaminen.posti.fi/uas/authn/*/view?_id=bb16f1cc-518e-445b-91f9-802c224090af&entityID=5b05bc63-9195-4687-9ac0-df872...
HTTP 307
https://todentaminen.posti.fi/uas/authn/*/view?_id=bb16f1cc-518e-445b-91f9-802c224090af&entityID=5b05bc63-9195-4687-9ac0-df872... HTTP 302
https://todentaminen.posti.fi/uas/error/view?entityID=5b05bc63-9195-4687-9ac0-df872... Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
view
todentaminen.posti.fi/uas/error/ Redirect Chain
|
9 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
todentaminen.posti.fi/uas/template/default/ |
20 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
todentaminen.posti.fi/uas/webjars/jquery/3.7.1/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
view.js
todentaminen.posti.fi/uas/template/default/resource/ |
6 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
todentaminen.posti.fi/uas/template/default/resource/ |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xhr.js
todentaminen.posti.fi/uas/template/default/resource/script/ |
1 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
posti_common.js
todentaminen.posti.fi/uas/template/default/resource/ |
10 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo
todentaminen.posti.fi/uas/template/default/ |
4 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default_page_icon
todentaminen.posti.fi/uas/template/default/resource/ |
4 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
posti_background_left
todentaminen.posti.fi/uas/template/posti/resource/ |
24 KB 10 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_alert
todentaminen.posti.fi/uas/template/posti/resource/ |
829 B 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
posti_background_right
todentaminen.posti.fi/uas/template/posti/resource/ |
19 KB 8 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
montserrat-regular.woff2
todentaminen.posti.fi/uas/template/posti/resource/ |
28 KB 29 KB |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
montserrat-700.woff2
todentaminen.posti.fi/uas/template/posti/resource/ |
28 KB 29 KB |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
montserrat-500.woff2
todentaminen.posti.fi/uas/template/posti/resource/ |
28 KB 29 KB |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chevron_down
todentaminen.posti.fi/uas/template/posti/resource/ |
174 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.ico
todentaminen.posti.fi/uas/template/default/ |
22 KB 23 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: MobilePay (Financial)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| View object| view function| OnWindowLoad function| AutoFocus function| OnSubmitClick function| DisableSubmit function| disableEnterKeyAndFocus function| addEventHandler function| getFirstNodeValue function| clearGenericMfaStrongAuthCookie function| setMfaStrongAuthUrl3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
todentaminen.posti.fi/uas | Name: JSESSIONID Value: 2B9F9850668F2464A93A8212998A3149 |
|
todentaminen.posti.fi/ | Name: AWSALB Value: pedw6fFGg+N+/BtFbiw7Yqlfb4dZHBRvVhfJ2V6C0IjfWUdWwg8MaG7YlejG3IIgt97KojQm+r0F1+O9dMgk226TWRXZIz8YhDOQZPz/zMr1HUw+dC4xaQXNk24V |
|
todentaminen.posti.fi/ | Name: AWSALBCORS Value: pedw6fFGg+N+/BtFbiw7Yqlfb4dZHBRvVhfJ2V6C0IjfWUdWwg8MaG7YlejG3IIgt97KojQm+r0F1+O9dMgk226TWRXZIz8YhDOQZPz/zMr1HUw+dC4xaQXNk24V |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'none'; connect-src 'self'; frame-src *.posti.fi *.posti.com *.netposti.fi *.omaposti.fi *.omaposti.com *.itella.fi *.itella.com *.postinext.fi *.postinext.com *.posticloud.fi; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | deny |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
todentaminen.posti.fi
65.9.95.91
0c0428703717799bfc75042090acc9f443d492f1c795f4df4306e9a9dd612127
261e933313b6a954084442326334600df53be3701a7bfc314d307a46553fe612
44d534fbe4c22af785941cdbfd66ec935b27333fe10e26294eb9f9ff21f2a486
5157c549b18199c1f27b28a0902c87881aba365e67236816652f49010c6b243b
596af74d8179ebc97c9c5ccae92fd4659c561709f5146064d58ebda10f59eae3
685e9cd87f2026059a596f6eb45e9a4a222eba41da1d0e4805c4ea8fc63843b2
7369278822be5f721d30313590626205239000c8da4dc48c144913a783387ba0
7369dc918fd559a14c5b719f7a20cb3bdd9aeaec28e2158831ec1fd46de86eb7
7aa067551ebceb07ef031e5661461379ab6be9ecd4f381ee27ca0f1b22256604
9e237344b18f7f0084cce23f540de53ae79136d9dac59c4f438439266fdbab83
cb15fa3084adac41439d772b620de689cd54ed49f0c3f01c43a50374d5a3f558
cebb4620cfa1dd09c4b53ab5ddbd3f7661f1ebedeea79a1c28cb83d9c90eb9b0
d63dc7a0d1c160e21a23d2b4fadebf955439759044d238649de014296d97e0be
e77180ce5a2fc5dba86aaf8621d09f584459bf4f3b0694838f79f6e1df77733b
ea6ec16c4b53ef2fa344f940002b96b8625c755514ca25229ebdcb3a197ced14
f7977de79cee71ad4eafa4c08d07e7aed0726e58c0001c6803b523e83ad6b515
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a