finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl
Open in
urlscan Pro
195.78.67.12
Malicious Activity!
Public Scan
Effective URL: https://finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/
Submission: On March 25 via manual from IT — Scanned from IT
Summary
TLS certificate: Issued by Certum Domain Validation CA SHA2 on July 31st 2023. Valid for: a year.
This is the only time finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nexi (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.10 67.199.248.10 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 1 | 18.245.60.60 18.245.60.60 | 16509 (AMAZON-02) (AMAZON-02) | |
17 | 195.78.67.12 195.78.67.12 | 41079 (CF-GDA) (CF-GDA) | |
1 | 212.102.56.178 212.102.56.178 | 60068 (CDN77 _) (CDN77 _) | |
1 | 52.29.116.227 52.29.116.227 | 16509 (AMAZON-02) (AMAZON-02) | |
5 | 195.181.175.15 195.181.175.15 | 60068 (CDN77 _) (CDN77 _) | |
1 | 185.198.118.126 185.198.118.126 | 35051 (NEXI-AS) (NEXI-AS) | |
25 | 5 |
ASN16509 (AMAZON-02, US)
PTR: server-18-245-60-60.fra60.r.cloudfront.net
short.gy |
ASN41079 (CF-GDA, PL)
PTR: s144.cyber-folks.pl
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl |
ASN60068 (CDN77 _, GB)
PTR: 245149724.fra.cdn77.com
www.smartsuppchat.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-116-227.eu-central-1.compute.amazonaws.com
bootstrap.smartsuppchat.com |
ASN60068 (CDN77 _, GB)
PTR: 809075600.fra.cdn77.com
widget-v3.smartsuppcdn.com | |
translations.smartsuppcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
cfolks.pl
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl |
717 KB |
5 |
smartsuppcdn.com
widget-v3.smartsuppcdn.com — Cisco Umbrella Rank: 73565 translations.smartsuppcdn.com — Cisco Umbrella Rank: 76713 |
97 KB |
2 |
smartsuppchat.com
www.smartsuppchat.com — Cisco Umbrella Rank: 68961 bootstrap.smartsuppchat.com — Cisco Umbrella Rank: 63890 |
6 KB |
1 |
nexi.it
www.nexi.it |
1 KB |
1 |
short.gy
1 redirects
short.gy — Cisco Umbrella Rank: 123191 |
461 B |
1 |
bit.ly
1 redirects
bit.ly — Cisco Umbrella Rank: 5992 |
279 B |
25 | 6 |
Domain | Requested by | |
---|---|---|
17 | finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl |
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl
|
4 | widget-v3.smartsuppcdn.com |
www.smartsuppchat.com
|
1 | translations.smartsuppcdn.com |
widget-v3.smartsuppcdn.com
|
1 | www.nexi.it | |
1 | bootstrap.smartsuppchat.com |
www.smartsuppchat.com
|
1 | www.smartsuppchat.com |
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl
|
1 | short.gy | 1 redirects |
1 | bit.ly | 1 redirects |
25 | 8 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.cfolks.pl Certum Domain Validation CA SHA2 |
2023-07-31 - 2024-07-30 |
a year | crt.sh |
*.smartsuppchat.com RapidSSL TLS RSA CA G1 |
2023-12-04 - 2024-12-28 |
a year | crt.sh |
*.smartsuppcdn.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1 |
2023-10-23 - 2024-11-16 |
a year | crt.sh |
www.nexi.it GlobalSign RSA OV SSL CA 2018 |
2023-08-04 - 2024-08-21 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/
Frame ID: 0FDD687CFE5D627C33105ECABEE58C4E
Requests: 21 HTTP requests in this frame
Frame:
https://widget-v3.smartsuppcdn.com/assets/main-838bbda2.js
Frame ID: DEFCAE87F23A7AC8527FE83FD550FD5A
Requests: 4 HTTP requests in this frame
Screenshot
Page Title
Area PersonalePage URL History Show full URLs
-
http://bit.ly/uNexi
HTTP 307
https://bit.ly/uNexi HTTP 301
https://short.gy/G1gecS HTTP 302
https://finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/ Page URL
Detected technologies
Adobe Experience Manager (CMS) ExpandDetected patterns
- /etc/designs/
WordPress (CMS) Expand
Detected patterns
- /wp-(?:content|includes)/
Bootstrap (Web Frameworks) Expand
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
19 Outgoing links
These are links going to different origins than the main page.
Title: google-analytics.com
Search URL Search Domain Scan URL
Title: Hotjar.com
Search URL Search Domain Scan URL
Title: track.adform.net
Search URL Search Domain Scan URL
Title: doubleclick.net
Search URL Search Domain Scan URL
Title: Facebook
Search URL Search Domain Scan URL
Title: Amazon-adsystem.com
Search URL Search Domain Scan URL
Title: Twitter
Search URL Search Domain Scan URL
Title: Criteo.com
Search URL Search Domain Scan URL
Title: Bing
Search URL Search Domain Scan URL
Title: FanPlayr
Search URL Search Domain Scan URL
Title: Internet Explorer
Search URL Search Domain Scan URL
Title: Firefox
Search URL Search Domain Scan URL
Title: Google Chrome
Search URL Search Domain Scan URL
Title: Safari
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Non sei tu?
Search URL Search Domain Scan URL
Title: REGISTRATI
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bit.ly/uNexi
HTTP 307
https://bit.ly/uNexi HTTP 301
https://short.gy/G1gecS HTTP 302
https://finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/ Redirect Chain
|
305 KB 35 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/Area%20Personale_files/ |
568 KB 64 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.js.download
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/Area%20Personale_files/ |
87 KB 88 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style(1).css
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/Area%20Personale_files/ |
18 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo--light-double.svg
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/Area%20Personale_files/ |
1 KB 789 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app_store.svg
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/Area%20Personale_files/ |
15 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
google_play.svg
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/Area%20Personale_files/ |
25 KB 18 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loader.js
www.smartsuppchat.com/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-close.svg
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/Area%20Personale_files/ |
2 KB 798 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-phone.svg
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/Area%20Personale_files/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-close-white.svg
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/Area%20Personale_files/ |
2 KB 932 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-phone-warning-white.svg
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/Area%20Personale_files/ |
4 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ico-down-blue.svg
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/Area%20Personale_files/ |
898 B 553 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-blocked.svg
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/Area%20Personale_files/ |
935 B 509 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
placeholder_login_portale_privati.png
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/ |
422 KB 423 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
karbon-regular-webfont.woff
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/Area%20Personale_files/fonts/ |
24 KB 24 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
karbon-medium-webfont.woff
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/Area%20Personale_files/fonts/ |
24 KB 24 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
karbon-semibold-webfont.woff
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/Area%20Personale_files/fonts/ |
24 KB 25 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0bdae9460b53b23e2ee3ba0841d901be3f650b3d.json
bootstrap.smartsuppchat.com/widget/ |
1 KB 678 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
manifest.json
widget-v3.smartsuppcdn.com/ |
2 KB 827 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon-32x32.png
www.nexi.it/etc/designs/nexi/favicon/ |
502 B 1 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-838bbda2.js
widget-v3.smartsuppcdn.com/assets/ Frame DEFC |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-7c63ec1d.js
widget-v3.smartsuppcdn.com/assets/ Frame DEFC |
160 KB 53 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style-39cdd505.css
widget-v3.smartsuppcdn.com/assets/ Frame DEFC |
31 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
defaults
translations.smartsuppcdn.com/api/v1/widget/translations/lang/it/ Frame DEFC |
6 KB 3 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nexi (Banking)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| onpagereveal object| _smartsupp function| smartsupp function| $ function| jQuery boolean| SMARTSUPP_LOADED object| $smartsupp2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto | Name: COOKIE_KEY Value: 171137941712 |
|
.bit.ly/ | Name: _bit Value: o2pfag-ce0eb5b52fdbcb92ab-00g |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bit.ly
bootstrap.smartsuppchat.com
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl
short.gy
translations.smartsuppcdn.com
widget-v3.smartsuppcdn.com
www.nexi.it
www.smartsuppchat.com
18.245.60.60
185.198.118.126
195.181.175.15
195.78.67.12
212.102.56.178
52.29.116.227
67.199.248.10
0696904b24ea3bdaf9ee857ded71391ccd44d40b84334571a5c5e71f93b4a0c6
0fd57cef207ce115977643a1da6b9a6e2f6e51e81fb34523b8782d8fa664bdc8
32cde70fcb4ed6949904cec5ef9065adce2196b3e8216bb5874019a9efe96edd
4061275193aa1a5245941f7768b307219fc0f86f44dc1cf4d293168b93a72259
458bea4f85a5cafc5ee092b64710838b0cac9d1b0a481344350cc6a89b0c55bb
502d154b07b59f922c49d1f8b24aff3a07658aed7d6180e1cd46f1371a4784f4
50c8f8cf3eb1f7a201882f9edf2adfffc6e581e1b82dff0036aafd0a753e2e3c
5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f
6237979e7c25add0e1d540e1f4d9152f3439068d71b2e7fa131b8eaea2a7af6e
639b1152fbd3f3aa23ed25bbece62d21358d3d6676079bcfcd0b46896b33204c
71ab4858bd79a67b5c489a4e440cee8bd46bda4357ee7123df2bbf211fa35eb9
7e6f9ccce4ea514b53fb258d72b5682c74d1e81ef9148d3c406fbd03cfd56919
92751c1749c593c1ad2a7b61ff640b0dbb1a4c32db1981a523e5432cc35a029f
93429cc811196b0375f0e34a08446f9ed9c6a530192245960003a63a968a8948
ade827343407a2a81168acb91cabc1ed7d83de7010966dd1b7f06f4e0344b9e6
b537732673b775e0ae91ae05d6191112b12426038cf9259d38e699e6c885ce75
c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc
c8e1f312e86564f3d293bb04806f55d4296cc3342321655bb738d7d61eeeef22
d04f54a3e3cd989fea71dcf2946677a72e693615a195900d0b8d5f5e8ce18ea5
d5ded7a91066c885b90252eb9849575a6c2f2e9c87d8748c496af886b731d3f8
d8a616ec6e0f5839218a41981db608d2866b0183334adf444bf2107e6bcdaf58
dc50ef7f80147b0a2407f5a560125db8b36c799d5a5a32b17d83fea8f03492e5
ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340
f1926ee7a205ed96afdd1b8a74d845d21a64dadb6ef76e672558e5b84b58274c