![](/screenshots/29014cc3-edb8-4928-9be0-76e76f6076ed.png)
mr726554429km.sells-it.net
Open in
urlscan Pro
162.0.230.63
Malicious Activity!
Public Scan
Submission Tags: 7376343
Submission: On December 08 via api from US — Scanned from IT
Summary
TLS certificate: Issued by R3 on December 7th 2021. Valid for: 3 months.
This is the only time mr726554429km.sells-it.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Swiss Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 162.0.230.63 162.0.230.63 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
4 | 176.31.232.62 176.31.232.62 | 16276 (OVH) (OVH) | |
2 | 94.23.87.92 94.23.87.92 | 16276 (OVH) (OVH) | |
1 | 194.41.184.183 194.41.184.183 | 12511 (CH-POSTNE...) (CH-POSTNETZ Post CH AG) | |
1 | 2a00:1450:400... 2a00:1450:4001:813::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:17c8:0:1... 2a00:17c8:0:103::20a | 12511 (CH-POSTNE...) (CH-POSTNETZ Post CH AG) | |
1 | 2a00:1450:400... 2a00:1450:4001:80f::2003 | 15169 (GOOGLE) (GOOGLE) | |
2 | 194.41.184.89 194.41.184.89 | 12511 (CH-POSTNE...) (CH-POSTNETZ Post CH AG) | |
19 | 9 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server1.ing-alert.co
mr726554429km.sells-it.net |
ASN16276 (OVH, FR)
PTR: comandia-nginx-1-server.t-urge.com
cdn.mycomandia.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
sells-it.net
mr726554429km.sells-it.net |
228 KB |
4 |
post.ch
service.post.ch www.post.ch fonts.post.ch |
653 KB |
4 |
mycomandia.com
cdn.mycomandia.com |
42 KB |
2 |
correos.es
tienda.correos.es |
3 KB |
1 |
gstatic.com
fonts.gstatic.com |
45 KB |
1 |
googleapis.com
fonts.googleapis.com |
1009 B |
19 | 6 |
Domain | Requested by | |
---|---|---|
7 | mr726554429km.sells-it.net |
mr726554429km.sells-it.net
|
4 | cdn.mycomandia.com |
mr726554429km.sells-it.net
|
2 | fonts.post.ch |
mr726554429km.sells-it.net
|
2 | tienda.correos.es |
mr726554429km.sells-it.net
tienda.correos.es |
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | www.post.ch |
mr726554429km.sells-it.net
|
1 | fonts.googleapis.com |
mr726554429km.sells-it.net
|
1 | service.post.ch |
mr726554429km.sells-it.net
|
19 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
mr726554429km.sells-it.net R3 |
2021-12-07 - 2022-03-07 |
3 months | crt.sh |
*.mycomandia.com DigiCert SHA2 Secure Server CA |
2019-11-06 - 2022-01-03 |
2 years | crt.sh |
tienda.correos.es Entrust Certification Authority - L1K |
2021-03-02 - 2022-04-01 |
a year | crt.sh |
service.post.ch SwissSign Server Gold CA 2014 - G22 |
2021-04-30 - 2022-04-30 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-11-01 - 2022-01-24 |
3 months | crt.sh |
www.post.ch SwissSign Server Gold CA 2014 - G22 |
2021-03-04 - 2022-03-04 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-11-08 - 2022-01-31 |
3 months | crt.sh |
fonts.post.ch SwissSign Server Gold CA 2014 - G22 |
2021-05-27 - 2022-05-27 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://mr726554429km.sells-it.net/c97254298h/ch75244288/manage/
Frame ID: AAACEB1D565BC9EEF3D3D2237EF6F1E2
Requests: 15 HTTP requests in this frame
Frame:
https://mr726554429km.sells-it.net/c97254298h/ch75244288/manage/web.php
Frame ID: 2F6222297D378DD10241F214944D2CF8
Requests: 5 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
mr726554429km.sells-it.net/c97254298h/ch75244288/manage/ |
631 KB 81 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
posten.css
mr726554429km.sells-it.net/c97254298h/ch75244288/manage/css/ |
162 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
mr726554429km.sells-it.net/c97254298h/ch75244288/manage/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a1.css
mr726554429km.sells-it.net/c97254298h/ch75244288/manage/css/ |
11 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.mycomandia.com/static/shop/common/bundle/bootstrap-4.1.0/css/ |
137 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
validationEngine.jquery.css
cdn.mycomandia.com/static/shop/common/css/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flaticon.css
cdn.mycomandia.com/static/shop/common/fonts/flaticon/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-all.min.css
cdn.mycomandia.com/static/shop/common/bundle/font-awesome-5/web-fonts-with-css/css/ |
36 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
new-style-common-screen.css
mr726554429km.sells-it.net/c97254298h/ch75244288/manage/css/ |
68 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common-dynamic.css
tienda.correos.es/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
post-modules.css
service.post.ch/zopa/app/widgets/versions/01/shared/styles/unic-1.0/ |
560 KB 564 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web.php
mr726554429km.sells-it.net/c97254298h/ch75244288/manage/ Frame 2F62 |
50 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 1009 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.min.css
mr726554429km.sells-it.net/c97254298h/ch75244288/manage/css/ Frame 2F62 |
516 KB 84 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo---die-post.svg
www.post.ch/-/media/portal-opp/global/logos/ Frame 2F62 |
4 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common-dynamic.css
tienda.correos.es/css/ |
2 KB 2 KB |
Image
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
266 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v12/ |
44 KB 45 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FrutigerNeueLTW05-Regular.woff2
fonts.post.ch/frutiger/ Frame 2F62 |
41 KB 42 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FrutigerNeueLTW06-Light.woff2
fonts.post.ch/frutiger/ Frame 2F62 |
42 KB 43 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Swiss Post (Transportation)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.mycomandia.com
fonts.googleapis.com
fonts.gstatic.com
fonts.post.ch
mr726554429km.sells-it.net
service.post.ch
tienda.correos.es
www.post.ch
162.0.230.63
176.31.232.62
194.41.184.183
194.41.184.89
2a00:1450:4001:80f::2003
2a00:1450:4001:813::200a
2a00:17c8:0:103::20a
94.23.87.92
089822305b9af8e8bf8797060fa68e6d18068b4fd7e8938f30b125ab6f61a2b9
22555d3bb6e48103bf2658d7dc3d43344c0bb06baca0e07590f7460b74ec15cc
2447fae3a8312ebaba19d739c6760739094387762133c8fd558453341d67da34
2650ffdcb2bf4147d062825fee353bd86e80c1f1c22c0b29ea856fdd3213e0a3
33db14098bf834638220e962a1562e4d6bceee589fa4ae01cc2602e4041a5c24
34959e43e6ecf368807a84f92ad9aa6e2dcd5f0c5c1e57da55e8f3248d9d9255
3852e318be92f466a519fc358242e1d6429f7abde32597e24176a07e161a8fa0
3b6ea96dc7afad4ed97ab8104e19ad0034ffebe86688095943bfbf02a06cee4c
56b2d42164e04491044fbd3f20f82c7f9e99230e9226d6307d87d27e4ff52cb6
5de2bb18fd21ceb93b119848786d28feec97fba057868faa6a936a01ea85be90
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33
74bae13d9efd8887509a78ea9afa99b38a0d176f5750317f940c356bcfc1fb46
95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd
aa3e42cd825bf41478a7ddbf8db133fdaa717b60c03de17b8b00b277c84f0820
cd363d0f8425d6b271c14ee5d6a8d693c3aa1323b64979b69c69d26661927303
cfac6241dd3aabb5f1552c17501790093015c006a8e13671823c1ff4872beaae
d57f0454f106eff11c18b45792a1be05ca0cd79ea653a201a37939e8235eff73
e1b22fd62eb8d1ab5508632b886f949d8b1718fa20cbbf34bc46ca42a7f30e9f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec64ed9278e14d2d682d49d44b5d69be4ef8828fd6c596f6eeab23e94d84fd71