appasebec.imkclientes.es
Open in
urlscan Pro
185.129.251.75
Malicious Activity!
Public Scan
Effective URL: https://appasebec.imkclientes.es/wp-content/maintenance/assets/images/myeneldi-rimborso/Enel2021-Rimborso/RAK-LOG-D.php?ip=185.15...
Submission Tags: falconsandbox
Submission: On January 12 via api from US
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 15th 2020. Valid for: a year.
This is the only time appasebec.imkclientes.es was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Enel (Utility)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 185.201.11.153 185.201.11.153 | 395111 (KVCNET-2009) (KVCNET-2009) | |
2 7 | 185.129.251.75 185.129.251.75 | 203178 (CUBENODE) (CUBENODE) | |
1 | 2620:0:862:ed... 2620:0:862:ed1a::2:b | 14907 (WIKIMEDIA) (WIKIMEDIA) | |
1 | 2.21.38.75 2.21.38.75 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
8 | 4 |
ASN395111 (KVCNET-2009, US)
globalminingtrade.org | |
railoffshoreengineering.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-21-38-75.deploy.static.akamaitechnologies.com
jp.rakuten-static.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
imkclientes.es
2 redirects
appasebec.imkclientes.es |
79 KB |
1 |
rakuten-static.com
jp.rakuten-static.com |
636 B |
1 |
railoffshoreengineering.com
railoffshoreengineering.com |
|
1 |
wikimedia.org
upload.wikimedia.org |
53 KB |
1 |
globalminingtrade.org
1 redirects
globalminingtrade.org |
368 B |
8 | 5 |
Domain | Requested by | |
---|---|---|
7 | appasebec.imkclientes.es |
2 redirects
appasebec.imkclientes.es
|
1 | jp.rakuten-static.com |
appasebec.imkclientes.es
|
1 | railoffshoreengineering.com |
appasebec.imkclientes.es
|
1 | upload.wikimedia.org |
appasebec.imkclientes.es
|
1 | globalminingtrade.org | 1 redirects |
8 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.enel.it |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.imkclientes.es Sectigo RSA Domain Validation Secure Server CA |
2020-07-15 - 2021-07-16 |
a year | crt.sh |
*.wikipedia.org DigiCert SHA2 High Assurance Server CA |
2020-11-09 - 2021-11-16 |
a year | crt.sh |
railoffshoreengineering.com R3 |
2020-12-02 - 2021-03-02 |
3 months | crt.sh |
intl.rakuten-static.com DigiCert SHA2 Secure Server CA |
2020-12-21 - 2021-10-04 |
9 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://appasebec.imkclientes.es/wp-content/maintenance/assets/images/myeneldi-rimborso/Enel2021-Rimborso/RAK-LOG-D.php?ip=185.156.175.107&countryCode=CH&OS=Mac%20OS%20X&token=TW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgzLjAuNDEwMy42MSBTYWZhcmkvNTM3LjM2MTg1LjE1Ni4xNzUuMTA3MjAyMTpKYW46VHVlOjE1
Frame ID: A868DCD1CF92548A41485EFD460C5E2E
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
[Enel]LoginPage URL History Show full URLs
-
http://globalminingtrade.org/user/js/enel-redirecttion/Please-willyouredirect/
HTTP 302
https://appasebec.imkclientes.es/wp-content/maintenance/assets/images/myeneldi-rimborso/Enel2021-Rimborso/ HTTP 302
https://appasebec.imkclientes.es/wp-content/maintenance/assets/images/myeneldi-rimborso/Enel2021-Rimborso/D.php HTTP 302
https://appasebec.imkclientes.es/wp-content/maintenance/assets/images/myeneldi-rimborso/Enel2021-Rimborso/RAK... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Supporto
Search URL Search Domain Scan URL
Title: Informazioni legali
Search URL Search Domain Scan URL
Title: Recupera Password
Search URL Search Domain Scan URL
Title: Recupera Username
Search URL Search Domain Scan URL
Title: Se hai problemi di accesso?
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://globalminingtrade.org/user/js/enel-redirecttion/Please-willyouredirect/
HTTP 302
https://appasebec.imkclientes.es/wp-content/maintenance/assets/images/myeneldi-rimborso/Enel2021-Rimborso/ HTTP 302
https://appasebec.imkclientes.es/wp-content/maintenance/assets/images/myeneldi-rimborso/Enel2021-Rimborso/D.php HTTP 302
https://appasebec.imkclientes.es/wp-content/maintenance/assets/images/myeneldi-rimborso/Enel2021-Rimborso/RAK-LOG-D.php?ip=185.156.175.107&countryCode=CH&OS=Mac%20OS%20X&token=TW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgzLjAuNDEwMy42MSBTYWZhcmkvNTM3LjM2MTg1LjE1Ni4xNzUuMTA3MjAyMTpKYW46VHVlOjE1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
RAK-LOG-D.php
appasebec.imkclientes.es/wp-content/maintenance/assets/images/myeneldi-rimborso/Enel2021-Rimborso/ Redirect Chain
|
9 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
D-login.css
appasebec.imkclientes.es/wp-content/maintenance/assets/images/myeneldi-rimborso/Enel2021-Rimborso/rakuten_files/ |
5 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
800px-Enel_logo_2016.png
upload.wikimedia.org/wikipedia/commons/thumb/4/47/Enel_logo_2016.png/ |
52 KB 53 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t.gif
appasebec.imkclientes.es/wp-content/maintenance/assets/images/myeneldi-rimborso/Enel2021-Rimborso/rakuten_files/ |
43 B 80 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Rakuten_pc_20px@2x.png
appasebec.imkclientes.es/wp-content/maintenance/assets/images/myeneldi-rimborso/Enel2021-Rimborso/rakuten_files/ |
64 KB 65 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pop.gif
appasebec.imkclientes.es/wp-content/maintenance/assets/images/myeneldi-rimborso/Enel2021-Rimborso/rakuten_files/ |
75 B 104 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg_btn_red_btm.png
railoffshoreengineering.com/rakuten/test/desktop/rakuten_files/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
info.gif
jp.rakuten-static.com/1/im/ic/ui/ |
360 B 636 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Enel (Utility)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
appasebec.imkclientes.es
globalminingtrade.org
jp.rakuten-static.com
railoffshoreengineering.com
upload.wikimedia.org
185.129.251.75
185.201.11.153
2.21.38.75
2620:0:862:ed1a::2:b
33be38e33c8eb9aa13a4ed44c2e2813207bef13a5ba265818e485f0ebbc83f3b
46af4a1baa69ad8acb5d9095e3b652e22f9fed29eef1eac496e75e405eab2b38
7ab9a4d7f597471f82e8ebc6019525cd45f81decff7853062056a3c3417eba59
7bd02e4a0238133ce6133206119c54485c56c8cbc0ef32bd27fdb6694f8ca4a7
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
ba39adc86f66b0ccb6457f6e5bc93c962da0138a18b61ee5fd5d08c9bd611ba9
dff118925f28f8bc6b2f509a0e18227f186c6cf239990e77191e1f6f4f4634bc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855