infopostalecodeifo.com

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 158.69.142.105, located in Montreal, Canada and belongs to OVH, FR. The main domain is infopostalecodeifo.com.
TLS certificate: Issued by R3 on September 7th 2022. Valid for: 3 months.

This is the only time infopostalecodeifo.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Swiss Post (Transportation)

Domain & IP information

	IP Address		AS Autonomous System
1	158.69.142.105 158.69.142.105		16276 (OVH) (OVH)
1	2

1 158.69.142.105 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ns1-minerva.scriptcase.host

infopostalecodeifo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	infopostalecodeifo.com infopostalecodeifo.com	534 KB
1	1

	Domain	Requested by
1	infopostalecodeifo.com
1	1

This site contains no links.

Subject Issuer	Validity	Valid
webmail.infopostalecodeifo.com R3	`2022-09-07` - `2022-12-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://infopostalecodeifo.com/wp/ag/
Frame ID: 8705023A2C1D4A1A8FFEE96239C2914A
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login - Die Post

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

594 kB
Transfer

1841 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
infopostalecodeifo.com/wp/ag/ 2 MB
534 KB 670ms
384ms Document
text/html 158.69.142.105
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://infopostalecodeifo.com/wp/ag/

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

158.69.142.105 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

ns1-minerva.scriptcase.host

Software

nginx /

Resource Hash

287462d5c4cd8f07b130b89cbde0bf6d37170c5f5d3d80dc9cf43a1b13667d68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=0, no-cache, s-maxage=10
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 07 Sep 2022 19:38:01 GMT
server: nginx
vary: Accept-Encoding
x-content-type-options: nosniff
x-mod-pagespeed: 1.13.35.2-0
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Scriptcase
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e6588910b958f4a9a306c50e9d07bf7be49ba583b195c0f8fe834cd116bdc49b

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 12 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1acd05ab88099bfd7d9bc42f138e333ed86a9523dd252917aba47e26c143c096

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 12 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 419e4a1f8a4d1122be855af9bdccb7931696d31ee58bdb538573c8b7cdbdf503

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 187 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf3d35d5cb9529e6a751dd854a9916e390be29855f04209c316a9ae8b2ceadb9

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 30 KB
30 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c0dff120512a8b623a3dbc0b98fcc028d8380961dbb89c0f9ad391b47a2a13b7

Request headers

Referer
Origin: https://infopostalecodeifo.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: font/woff2

GET
DATA 200
OK truncated
/ 30 KB
30 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6dbba61ebcd011f90651705072296582ef12065838be406c1033a7b198b1ea1b

Request headers

Referer
Origin: https://infopostalecodeifo.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Swiss Post (Transportation)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

infopostalecodeifo.com
158.69.142.105
1acd05ab88099bfd7d9bc42f138e333ed86a9523dd252917aba47e26c143c096
287462d5c4cd8f07b130b89cbde0bf6d37170c5f5d3d80dc9cf43a1b13667d68
419e4a1f8a4d1122be855af9bdccb7931696d31ee58bdb538573c8b7cdbdf503
6dbba61ebcd011f90651705072296582ef12065838be406c1033a7b198b1ea1b
bf3d35d5cb9529e6a751dd854a9916e390be29855f04209c316a9ae8b2ceadb9
c0dff120512a8b623a3dbc0b98fcc028d8380961dbb89c0f9ad391b47a2a13b7
e6588910b958f4a9a306c50e9d07bf7be49ba583b195c0f8fe834cd116bdc49b

infopostalecodeifo.com Open in urlscan Pro 158.69.142.105 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

1 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

594 kBTransfer

1841 kBSize

0 Cookies

0 Outgoing links

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

infopostalecodeifo.com Open in urlscan Pro
158.69.142.105 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

594 kB
Transfer

1841 kB
Size

0
Cookies

1 HTTP transactions
6 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!