postaslovenska.eu
Open in
urlscan Pro
45.145.166.191
Malicious Activity!
Public Scan
Effective URL: https://postaslovenska.eu/billing-info.php
Submission Tags: falconsandbox
Submission: On May 09 via api from US — Scanned from FR
Summary
TLS certificate: Issued by R3 on May 2nd 2022. Valid for: 3 months.
This is the only time postaslovenska.eu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Community Verdicts: Malicious — 1 votes Show Verdicts
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 45.145.166.191 45.145.166.191 | 207992 (FEELB) (FEELB) | |
1 | 62.152.231.250 62.152.231.250 | 5578 (AS-BENEST...) (AS-BENESTRA Bratislava) | |
7 | 195.160.171.124 195.160.171.124 | () () | |
13 | 3 |
ASN5578 (AS-BENESTRA Bratislava, Slovak Republic, SK)
PTR: bb-250.slposta.sk
www.posta.sk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
sia.eu
vpos.sia.eu |
24 KB |
5 |
postaslovenska.eu
postaslovenska.eu |
46 KB |
1 |
posta.sk
www.posta.sk |
7 KB |
13 | 3 |
Domain | Requested by | |
---|---|---|
7 | vpos.sia.eu |
postaslovenska.eu
|
5 | postaslovenska.eu |
postaslovenska.eu
|
1 | www.posta.sk |
postaslovenska.eu
|
13 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
postaslovenska.eu R3 |
2022-05-02 - 2022-07-31 |
3 months | crt.sh |
posta.sk CA Disig R2I2 Certification Service |
2021-11-09 - 2022-12-09 |
a year | crt.sh |
vpos.sia.eu Entrust Certification Authority - L1K |
2022-01-11 - 2023-01-21 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://postaslovenska.eu/billing-info.php
Frame ID: 847DADB29A495E3B02600B91F16DF767
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
Poštová bankaPage URL History Show full URLs
- https://postaslovenska.eu/ Page URL
- https://postaslovenska.eu/billing-info.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://postaslovenska.eu/ Page URL
- https://postaslovenska.eu/billing-info.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
postaslovenska.eu/ |
655 B 512 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sl-posta-logo.svg
www.posta.sk/images/site/ |
7 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yellow-loading.gif
postaslovenska.eu/img/ |
7 KB 7 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
billing-info.php
postaslovenska.eu/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
visa-front-end.css
postaslovenska.eu/ |
2 KB 577 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_PB_290.png
vpos.sia.eu/template/IP000002/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
top-visa.png
postaslovenska.eu/img/ |
36 KB 37 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
maestro_800.png
vpos.sia.eu/template/IP000002/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mastercard_800.png
vpos.sia.eu/template/IP000002/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
visa_290.png
vpos.sia.eu/template/IP000002/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
visa_el_290.png
vpos.sia.eu/template/IP000002/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MSC.png
vpos.sia.eu/template/IP000002/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
VV.png
vpos.sia.eu/template/IP000002/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Malicious
page.url
Submitted on
January 20th 2023, 8:59:38 am
UTC —
From Netherlands
Threats:
Brand Impersonation
Phishing
Scam
Comment: Tries to get people's name, email address and phone number. Impersonates the French iTerminal.
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
postaslovenska.eu
vpos.sia.eu
www.posta.sk
195.160.171.124
45.145.166.191
62.152.231.250
099d704e483706db7b57ed339d592dd2e4688f4951f7d09f420476c23bb42509
1131549dda74001fd94bf14fd5bd222a78459a50541adfacc9e22f2b9e812f5e
143f8123b382b004db25a6720c123b6ff7bb99d42f995aa0da434b3cab433c20
3ad5e1c0a3f74a89b5917e92315ce9de8f7636224f508146f1e4bd1e15f1a3a4
3ce7d80d7cfd2cf827ed6c0ff7d7f960366492d4aad5dc0542dad03a421e73d9
3f282d8c0b8a5e9e85f9b0f27eb56b2c276aa68b3e906f64fcb5013e6da3746d
516d6a7cb12ad5f2c4f9429ae6481d05feb689b055c5cce13f01c382b3e7ad48
713bfed2a3962bb6d2502d0f85c0c8f8e0e6187eca9f3ee3587fd428b709ba4e
80fdba1f49f46c0525bfaba91f6ac58dfee20c3757706ca1a3362bf1b19a4f63
b9693002b812fc714b9ac0da45301fbeb5d39f0d37f91fa8724fb7dccd2fdda7
c1c7e69bfe0ba47b31d55c59be3b0e48cc591c8e5db9904398633c256b7ce574
d8593150f41db0030451cbb0ea9195453e7528366b7a8d7b5e4d07d9ad2e2f2a
e31ee6d24aab76fbefa6f2970c3844c994893325f090076eb32c2dfa2ca23d40