serbatoiericambi.com Open in urlscan Pro
185.81.2.195 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://serbatoiericambi.com/paute/labanquepostale/pst/pst/
Effective URL:
https://serbatoiericambi.com/paute/labanquepostale/pst/pst/
Submission: On July 02 via api (July 2nd 2024, 7:12:27 am UTC) from US — Scanned from IT

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 17 HTTP transactions. The main IP is 185.81.2.195, located in Rome, Italy and belongs to SERVERPLAN-AS, IT. The main domain is serbatoiericambi.com.
TLS certificate: Issued by R3 on May 10th 2024. Valid for: 3 months.

This is the only time serbatoiericambi.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banque Postale (Banking)

Domain & IP information

	IP Address		AS Autonomous System
17	185.81.2.195 185.81.2.195		52030 (SERVERPLA...) (SERVERPLAN-AS)
17	1

17 185.81.2.195 (Rome, Italy)

ASN52030 (SERVERPLAN-AS, IT)
PTR: ananke.dnshigh.com

serbatoiericambi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	serbatoiericambi.com serbatoiericambi.com	212 KB
17	1

	Domain	Requested by
17	serbatoiericambi.com	serbatoiericambi.com
17	1

This site contains no links.

Subject Issuer	Validity	Valid
serbatoiericambi.com R3	`2024-05-10` - `2024-08-08`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://serbatoiericambi.com/paute/labanquepostale/pst/pst/
Frame ID: D590D3172EBAB4F1C13A83B53D55615D
Requests: 7 HTTP requests in this frame

Frame: https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php
Frame ID: A874BE819063FE347D4806F594B2B155
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Banque - banque en ligne - La Banque Postale – La Banque Postale

Page URL History Show full URLs

http://serbatoiericambi.com/paute/labanquepostale/pst/pst/ HTTP 307
https://serbatoiericambi.com/paute/labanquepostale/pst/pst/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

212 kB
Transfer

295 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://serbatoiericambi.com/paute/labanquepostale/pst/pst/ HTTP 307
https://serbatoiericambi.com/paute/labanquepostale/pst/pst/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response serbatoiericambi.com/paute/labanquepostale/pst/pst/ Redirect Chain http://serbatoiericambi.com/paute/labanquepostale/pst/pst/ https://serbatoiericambi.com/paute/labanquepostale/pst/pst/	1 KB 495 B	188ms 90ms	Document text/html	185.81.2.195 SERVERPLAN-AS
General Check archive.org Show headers Download Go to Full URL https://serbatoiericambi.com/paute/labanquepostale/pst/pst/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.81.2.195 Rome, Italy, ASN52030 (SERVERPLAN-AS, IT), Reverse DNS ananke.dnshigh.com Software Apache / Resource Hash `a6783bd9c1e24e36535c8e51c50e2446df0aa720dd806cc64e35cbc623b0c45b` Request headers Accept-Language it-IT,it;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers content-encoding br content-length 400 content-type text/html; charset=UTF-8 date Tue, 02 Jul 2024 07:12:22 GMT server Apache vary Accept-Encoding Redirect headers Location https://serbatoiericambi.com/paute/labanquepostale/pst/pst/ Non-Authoritative-Reason HttpsUpgrades
GET H2	200	index_01.gif serbatoiericambi.com/paute/labanquepostale/pst/pst/images/	7 KB 7 KB	36ms 36ms	Image image/gif	185.81.2.195 SERVERPLAN-AS
General Check archive.org Show headers Download Go to Show image Full URL https://serbatoiericambi.com/paute/labanquepostale/pst/pst/images/index_01.gif Requested by Host: serbatoiericambi.com URL: https://serbatoiericambi.com/paute/labanquepostale/pst/pst/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.81.2.195 Rome, Italy, ASN52030 (SERVERPLAN-AS, IT), Reverse DNS ananke.dnshigh.com Software Apache / Resource Hash `68374609fd96961cd1590f53a2b061527ae5ba00bc5a505b7c5758aea3b93b7e` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://serbatoiericambi.com/paute/labanquepostale/pst/pst/ Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 07:12:22 GMT last-modified Wed, 07 Jul 2021 04:06:51 GMT server Apache accept-ranges bytes etag "1d2141d-1a60-5c680ab068cc0" content-length 6752 content-type image/gif
GET H2	200	index_02.gif serbatoiericambi.com/paute/labanquepostale/pst/pst/images/	4 KB 4 KB	37ms 37ms	Image image/gif	185.81.2.195 SERVERPLAN-AS
General Check archive.org Show headers Download Go to Show image Full URL https://serbatoiericambi.com/paute/labanquepostale/pst/pst/images/index_02.gif Requested by Host: serbatoiericambi.com URL: https://serbatoiericambi.com/paute/labanquepostale/pst/pst/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.81.2.195 Rome, Italy, ASN52030 (SERVERPLAN-AS, IT), Reverse DNS ananke.dnshigh.com Software Apache / Resource Hash `50f08e3f8e9097920c6d34dc772b9cf34310e754b8455e0926c8dfcb3dfccc35` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://serbatoiericambi.com/paute/labanquepostale/pst/pst/ Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 07:12:22 GMT last-modified Wed, 07 Jul 2021 04:06:51 GMT server Apache accept-ranges bytes etag "1d2141e-10d8-5c680ab068cc0" content-length 4312 content-type image/gif
GET H2	200	index_04.gif serbatoiericambi.com/paute/labanquepostale/pst/pst/images/	16 KB 16 KB	54ms 53ms	Image image/gif	185.81.2.195 SERVERPLAN-AS
General Check archive.org Show headers Download Go to Show image Full URL https://serbatoiericambi.com/paute/labanquepostale/pst/pst/images/index_04.gif Requested by Host: serbatoiericambi.com URL: https://serbatoiericambi.com/paute/labanquepostale/pst/pst/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.81.2.195 Rome, Italy, ASN52030 (SERVERPLAN-AS, IT), Reverse DNS ananke.dnshigh.com Software Apache / Resource Hash `c2ad8f0fc38f50b12290b2d62bb678bee2fc6c927df5c16ff615708e4c283296` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://serbatoiericambi.com/paute/labanquepostale/pst/pst/ Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 07:12:22 GMT last-modified Wed, 07 Jul 2021 04:06:51 GMT server Apache accept-ranges bytes etag "1d2141f-3f17-5c680ab068cc0" content-length 16151 content-type image/gif
GET H2	200	index_05.gif serbatoiericambi.com/paute/labanquepostale/pst/pst/images/	62 KB 62 KB	84ms 84ms	Image image/gif	185.81.2.195 SERVERPLAN-AS
General Check archive.org Show headers Download Go to Show image Full URL https://serbatoiericambi.com/paute/labanquepostale/pst/pst/images/index_05.gif Requested by Host: serbatoiericambi.com URL: https://serbatoiericambi.com/paute/labanquepostale/pst/pst/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.81.2.195 Rome, Italy, ASN52030 (SERVERPLAN-AS, IT), Reverse DNS ananke.dnshigh.com Software Apache / Resource Hash `04fd3a5bb751974a97e3025f80bb60966d6746f14ac75ddba4de8a1a9bec4def` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://serbatoiericambi.com/paute/labanquepostale/pst/pst/ Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 07:12:22 GMT last-modified Wed, 07 Jul 2021 04:06:51 GMT server Apache accept-ranges bytes etag "1d21420-f76e-5c680ab068cc0" content-length 63342 content-type image/gif
GET H2	200	login.php Show response serbatoiericambi.com/paute/labanquepostale/pst/pst/ Frame A874	5 KB 1 KB	114ms 113ms	Document text/html	185.81.2.195 SERVERPLAN-AS
General Check archive.org Show headers Download Go to Full URL https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Requested by Host: serbatoiericambi.com URL: https://serbatoiericambi.com/paute/labanquepostale/pst/pst/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.81.2.195 Rome, Italy, ASN52030 (SERVERPLAN-AS, IT), Reverse DNS ananke.dnshigh.com Software Apache / Resource Hash `58f7b7e041929ecb690aa5f3b756fa6d5991261b4ce913affbc0429b1ea93592` Request headers Accept-Language it-IT,it;q=0.9;q=0.9 Referer https://serbatoiericambi.com/paute/labanquepostale/pst/pst/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers content-encoding br content-length 1282 content-type text/html; charset=UTF-8 date Tue, 02 Jul 2024 07:12:22 GMT server Apache vary Accept-Encoding
GET H2	200	bg.jpg serbatoiericambi.com/paute/labanquepostale/pst/pst/images/	14 KB 14 KB	113ms 112ms	Image image/jpeg	185.81.2.195 SERVERPLAN-AS
General Check archive.org Show headers Download Go to Show image Full URL https://serbatoiericambi.com/paute/labanquepostale/pst/pst/images/bg.jpg Requested by Host: serbatoiericambi.com URL: https://serbatoiericambi.com/paute/labanquepostale/pst/pst/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.81.2.195 Rome, Italy, ASN52030 (SERVERPLAN-AS, IT), Reverse DNS ananke.dnshigh.com Software Apache / Resource Hash `9c3c51c993e93289ee20b82b30e73ddab4ea26312b9aab6f0b16e0e289ab5be9` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://serbatoiericambi.com/paute/labanquepostale/pst/pst/ Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 07:12:22 GMT last-modified Wed, 07 Jul 2021 04:06:51 GMT server Apache accept-ranges bytes etag "1d21417-364e-5c680ab068cc0" content-length 13902 content-type image/jpeg
GET H2	200	cvs_all.css serbatoiericambi.com/paute/labanquepostale/pst/pst/css/ Frame A874	6 KB 1 KB	36ms 36ms	Stylesheet text/css	185.81.2.195 SERVERPLAN-AS
General Check archive.org Show headers Download Go to Full URL https://serbatoiericambi.com/paute/labanquepostale/pst/pst/css/cvs_all.css Requested by Host: serbatoiericambi.com URL: https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.81.2.195 Rome, Italy, ASN52030 (SERVERPLAN-AS, IT), Reverse DNS ananke.dnshigh.com Software Apache / Resource Hash `5296bd3298e015e024430cd102cf35c4b7fdfe9b8b717116dfa21d854c7991ca` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 07:12:22 GMT content-encoding br last-modified Wed, 07 Jul 2021 04:06:51 GMT server Apache etag "1d21411-1738-5c680ab068cc0-br" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 1321
GET H2	200	cvs_portable.css serbatoiericambi.com/paute/labanquepostale/pst/pst/css/ Frame A874	1012 B 359 B	34ms 34ms	Stylesheet text/css	185.81.2.195 SERVERPLAN-AS
General Check archive.org Show headers Download Go to Full URL https://serbatoiericambi.com/paute/labanquepostale/pst/pst/css/cvs_portable.css Requested by Host: serbatoiericambi.com URL: https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.81.2.195 Rome, Italy, ASN52030 (SERVERPLAN-AS, IT), Reverse DNS ananke.dnshigh.com Software Apache / Resource Hash `82d32f68e5fa3a27052e1b6d8f2989e059ce83c0ec408f00c82abcd9639ee386` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 07:12:22 GMT content-encoding br last-modified Wed, 07 Jul 2021 04:06:51 GMT server Apache etag "1d21412-3f4-5c680ab068cc0-br" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 295
GET H2	200	transparent.gif serbatoiericambi.com/paute/labanquepostale/pst/pst/images/ Frame A874	42 B 93 B	33ms 33ms	Image image/gif	185.81.2.195 SERVERPLAN-AS
General Check archive.org Show headers Download Go to Show image Full URL https://serbatoiericambi.com/paute/labanquepostale/pst/pst/images/transparent.gif Requested by Host: serbatoiericambi.com URL: https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.81.2.195 Rome, Italy, ASN52030 (SERVERPLAN-AS, IT), Reverse DNS ananke.dnshigh.com Software Apache / Resource Hash `ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 07:12:22 GMT last-modified Wed, 07 Jul 2021 04:06:51 GMT server Apache accept-ranges bytes etag "1d21425-2a-5c680ab068cc0" content-length 42 content-type image/gif
GET H2	200	jquery-1.7.2.min.js Show response serbatoiericambi.com/paute/labanquepostale/pst/pst/js/ Frame A874	93 KB 32 KB	40ms 40ms	Script application/javascript	185.81.2.195 SERVERPLAN-AS
General Check archive.org Show headers Download Go to Full URL https://serbatoiericambi.com/paute/labanquepostale/pst/pst/js/jquery-1.7.2.min.js Requested by Host: serbatoiericambi.com URL: https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.81.2.195 Rome, Italy, ASN52030 (SERVERPLAN-AS, IT), Reverse DNS ananke.dnshigh.com Software Apache / Resource Hash `d72fcb8924d1e14dbd4b04aff994c1183ee86c620f0aaac034f75fc508548220` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 07:12:22 GMT content-encoding br last-modified Wed, 07 Jul 2021 04:06:51 GMT server Apache etag "1d21441-1727b-5c680ab068cc0-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 32467
GET H2	200	val_keypad_cvvs-commun-unifie.js Show response serbatoiericambi.com/paute/labanquepostale/pst/pst/js/ Frame A874	12 KB 3 KB	39ms 38ms	Script application/javascript	185.81.2.195 SERVERPLAN-AS
General Check archive.org Show headers Download Go to Full URL https://serbatoiericambi.com/paute/labanquepostale/pst/pst/js/val_keypad_cvvs-commun-unifie.js Requested by Host: serbatoiericambi.com URL: https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.81.2.195 Rome, Italy, ASN52030 (SERVERPLAN-AS, IT), Reverse DNS ananke.dnshigh.com Software Apache / Resource Hash `2a1b1bcc9c6967a945cd3cb5cf2fd15acb4379f62b18e470df77c84291ca4abe` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 07:12:22 GMT content-encoding br last-modified Wed, 07 Jul 2021 04:06:51 GMT server Apache etag "1d21443-30d7-5c680ab068cc0-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 3315
GET H2	200	val_keypad_cvvs-unifie.js Show response serbatoiericambi.com/paute/labanquepostale/pst/pst/js/ Frame A874	7 KB 2 KB	40ms 40ms	Script application/javascript	185.81.2.195 SERVERPLAN-AS
General Check archive.org Show headers Download Go to Full URL https://serbatoiericambi.com/paute/labanquepostale/pst/pst/js/val_keypad_cvvs-unifie.js Requested by Host: serbatoiericambi.com URL: https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.81.2.195 Rome, Italy, ASN52030 (SERVERPLAN-AS, IT), Reverse DNS ananke.dnshigh.com Software Apache / Resource Hash `0de1db4555ff83bf6338bd6f1cf63e0282cdb365d06570f13637c9ba35f703fa` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 07:12:22 GMT content-encoding br last-modified Wed, 07 Jul 2021 04:06:51 GMT server Apache etag "1d21445-1cb3-5c680ab068cc0-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 2170
GET H2	200	transparent.gif serbatoiericambi.com/paute/labanquepostale/pst/pst/images/ Frame A874	42 B 0	0ms 0ms	Image image/gif	185.81.2.195 SERVERPLAN-AS
General Check archive.org Show headers Download Go to Show image Full URL https://serbatoiericambi.com/paute/labanquepostale/pst/pst/images/transparent.gif Requested by Host: serbatoiericambi.com URL: https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.81.2.195 Rome, Italy, ASN52030 (SERVERPLAN-AS, IT), Reverse DNS ananke.dnshigh.com Software Apache / Resource Hash `ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 07:12:22 GMT last-modified Wed, 07 Jul 2021 04:06:51 GMT server Apache accept-ranges bytes etag "1d21425-2a-5c680ab068cc0" content-length 42 content-type image/gif
GET H2	404	bad.png serbatoiericambi.com/paute/labanquepostale/pst/pst/img/ Frame A874	64 KB 64 KB	1828ms 1827ms	Image text/html	185.81.2.195 SERVERPLAN-AS
General Check archive.org Show headers Download Go to Show image Full URL https://serbatoiericambi.com/paute/labanquepostale/pst/pst/img/bad.png Requested by Host: serbatoiericambi.com URL: https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.81.2.195 Rome, Italy, ASN52030 (SERVERPLAN-AS, IT), Reverse DNS ananke.dnshigh.com Software Apache / Resource Hash `85efa7af3937f4b35a4ab4f8b92962dbacf890d375731482dfa30b031823e6ad` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 07:12:23 GMT content-encoding br server Apache vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-transform, no-cache, must-revalidate, max-age=0 link <https://serbatoiericambi.com/wp-json/>; rel="https://api.w.org/" expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	200	login.png serbatoiericambi.com/paute/labanquepostale/pst/pst/data_img/ Frame A874	5 KB 5 KB	30ms 30ms	Image image/png	185.81.2.195 SERVERPLAN-AS
General Check archive.org Show headers Download Go to Show image Full URL https://serbatoiericambi.com/paute/labanquepostale/pst/pst/data_img/login.png Requested by Host: serbatoiericambi.com URL: https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.81.2.195 Rome, Italy, ASN52030 (SERVERPLAN-AS, IT), Reverse DNS ananke.dnshigh.com Software Apache / Resource Hash `fb04604a9152cc57920f51513c860c699b2c71551334e5986b12ecc560b4ed2e` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://serbatoiericambi.com/paute/labanquepostale/pst/pst/login.php Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 07:12:23 GMT last-modified Wed, 07 Jul 2021 04:06:51 GMT server Apache accept-ranges bytes etag "1d21414-121b-5c680ab068cc0" content-length 4635 content-type image/png
GET H2	200	favicon.ico serbatoiericambi.com/	0 70 B	47ms 46ms	Other image/vnd.microsoft.icon	185.81.2.195 SERVERPLAN-AS
General Check archive.org Show headers Download Go to Full URL https://serbatoiericambi.com/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.81.2.195 Rome, Italy, ASN52030 (SERVERPLAN-AS, IT), Reverse DNS ananke.dnshigh.com Software Apache / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://serbatoiericambi.com/paute/labanquepostale/pst/pst/ Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 07:12:24 GMT content-encoding br server Apache content-length 1 vary Accept-Encoding content-type image/vnd.microsoft.icon

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banque Postale (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 undefined| event object| fence object| sharedStorage

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.serbatoiericambi.com/	1969-12-31 23:59:59	Name: apbct_timestamp Value: 1719904343
.serbatoiericambi.com/	1969-12-31 23:59:59	Name: apbct_prev_referer Value: https%3A%2F%2Fserbatoiericambi.com%2Fpaute%2Flabanquepostale%2Fpst%2Fpst%2Flogin.php
.serbatoiericambi.com/	1969-12-31 23:59:59	Name: apbct_site_landing_ts Value: 1719904343
.serbatoiericambi.com/	1969-12-31 23:59:59	Name: apbct_page_hits Value: 1
.serbatoiericambi.com/	1969-12-31 23:59:59	Name: apbct_cookies_test Value: %257B%2522cookies_names%2522%253A%255B%2522apbct_timestamp%2522%252C%2522apbct_prev_referer%2522%252C%2522apbct_site_landing_ts%2522%252C%2522apbct_page_hits%2522%255D%252C%2522check_value%2522%253A%2522b537c2783a2ef5ef4b23c466d3313c40%2522%257D
serbatoiericambi.com/	1969-12-31 23:59:59	Name: ct_sfw_pass_key Value: a013ee12d63bc873eacc8943416b2cc8
serbatoiericambi.com/	1970-01-21 06:30:40	Name: gdpr[consent_types] Value: %5B%5D
serbatoiericambi.com/	1970-01-21 06:30:40	Name: gdpr[allowed_cookies] Value: %5B%22Wordpress%3A+cookie+tecnici+necessari+per+il+funzionamento+del+sito.%22%5D

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://serbatoiericambi.com/paute/labanquepostale/pst/pst/img/bad.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

serbatoiericambi.com
185.81.2.195
04fd3a5bb751974a97e3025f80bb60966d6746f14ac75ddba4de8a1a9bec4def
0de1db4555ff83bf6338bd6f1cf63e0282cdb365d06570f13637c9ba35f703fa
2a1b1bcc9c6967a945cd3cb5cf2fd15acb4379f62b18e470df77c84291ca4abe
50f08e3f8e9097920c6d34dc772b9cf34310e754b8455e0926c8dfcb3dfccc35
5296bd3298e015e024430cd102cf35c4b7fdfe9b8b717116dfa21d854c7991ca
58f7b7e041929ecb690aa5f3b756fa6d5991261b4ce913affbc0429b1ea93592
68374609fd96961cd1590f53a2b061527ae5ba00bc5a505b7c5758aea3b93b7e
82d32f68e5fa3a27052e1b6d8f2989e059ce83c0ec408f00c82abcd9639ee386
85efa7af3937f4b35a4ab4f8b92962dbacf890d375731482dfa30b031823e6ad
9c3c51c993e93289ee20b82b30e73ddab4ea26312b9aab6f0b16e0e289ab5be9
a6783bd9c1e24e36535c8e51c50e2446df0aa720dd806cc64e35cbc623b0c45b
c2ad8f0fc38f50b12290b2d62bb678bee2fc6c927df5c16ff615708e4c283296
d72fcb8924d1e14dbd4b04aff994c1183ee86c620f0aaac034f75fc508548220
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fb04604a9152cc57920f51513c860c699b2c71551334e5986b12ecc560b4ed2e

serbatoiericambi.com Open in urlscan Pro 185.81.2.195 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

212 kBTransfer

295 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

8 Cookies

1 Console Messages

Indicators

serbatoiericambi.com Open in urlscan Pro
185.81.2.195 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

212 kB
Transfer

295 kB
Size

8
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!