finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl Open in urlscan Pro
195.78.67.12 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bit.ly/uNexi
Effective URL:
https://finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/
Submission: On March 25 via manual (March 25th 2024, 3:10:22 pm UTC) from IT — Scanned from IT

Summary HTTP 25 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 5 IPs in 4 countries across 6 domains to perform 25 HTTP transactions. The main IP is 195.78.67.12, located in Konstancin-Jeziorna, Poland and belongs to CF-GDA, PL. The main domain is finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl.
TLS certificate: Issued by Certum Domain Validation CA SHA2 on July 31st 2023. Valid for: a year.

This is the only time finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nexi (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.10 67.199.248.10	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	18.245.60.60 18.245.60.60	16509 (AMAZON-02) (AMAZON-02)
17	195.78.67.12 195.78.67.12	41079 (CF-GDA) (CF-GDA)
1	212.102.56.178 212.102.56.178	60068 (CDN77 _) (CDN77 _)
1	52.29.116.227 52.29.116.227	16509 (AMAZON-02) (AMAZON-02)
5	195.181.175.15 195.181.175.15	60068 (CDN77 _) (CDN77 _)
1	185.198.118.126 185.198.118.126	35051 (NEXI-AS) (NEXI-AS)
25	5

1 67.199.248.10 (United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.60.60 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-245-60-60.fra60.r.cloudfront.net

short.gy	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 195.78.67.12 (Konstancin-Jeziorna, Poland)

ASN41079 (CF-GDA, PL)
PTR: s144.cyber-folks.pl

finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.102.56.178 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)
PTR: 245149724.fra.cdn77.com

www.smartsuppchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.29.116.227 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-116-227.eu-central-1.compute.amazonaws.com

bootstrap.smartsuppchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 195.181.175.15 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)
PTR: 809075600.fra.cdn77.com

widget-v3.smartsuppcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
translations.smartsuppcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.198.118.126 (Italy)

ASN35051 (NEXI-AS, IT)

www.nexi.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	cfolks.pl finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl	717 KB
5	smartsuppcdn.com widget-v3.smartsuppcdn.com — Cisco Umbrella Rank: 73565 translations.smartsuppcdn.com — Cisco Umbrella Rank: 76713	97 KB
2	smartsuppchat.com www.smartsuppchat.com — Cisco Umbrella Rank: 68961 bootstrap.smartsuppchat.com — Cisco Umbrella Rank: 63890	6 KB
1	nexi.it www.nexi.it	1 KB
1	short.gy 1 redirects short.gy — Cisco Umbrella Rank: 123191	461 B
1	bit.ly 1 redirects bit.ly — Cisco Umbrella Rank: 5992	279 B
25	6

	Domain	Requested by
17	finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl	finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl
4	widget-v3.smartsuppcdn.com	www.smartsuppchat.com
1	translations.smartsuppcdn.com	widget-v3.smartsuppcdn.com
1	www.nexi.it
1	bootstrap.smartsuppchat.com	www.smartsuppchat.com
1	www.smartsuppchat.com	finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl
1	short.gy	1 redirects
1	bit.ly	1 redirects
25	8

This site contains links to these domains. Also see Links.

Domain
policies.google.com
www.hotjar.com
site.adform.com
www.google.com
it-it.facebook.com
www.amazon.it
twitter.com
www.criteo.com
privacy.microsoft.com
fanplayr.com
windows.microsoft.com
support.mozilla.org
support.google.com
support.apple.com
www.nexi.it
apps.apple.com
play.google.com
privati.nexi.it

Subject Issuer	Validity	Valid
*.cfolks.pl Certum Domain Validation CA SHA2	`2023-07-31` - `2024-07-30`	a year	crt.sh
*.smartsuppchat.com RapidSSL TLS RSA CA G1	`2023-12-04` - `2024-12-28`	a year	crt.sh
*.smartsuppcdn.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2023-10-23` - `2024-11-16`	a year	crt.sh
www.nexi.it GlobalSign RSA OV SSL CA 2018	`2023-08-04` - `2024-08-21`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/
Frame ID: 0FDD687CFE5D627C33105ECABEE58C4E
Requests: 21 HTTP requests in this frame

Frame: https://widget-v3.smartsuppcdn.com/assets/main-838bbda2.js
Frame ID: DEFCAE87F23A7AC8527FE83FD550FD5A
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Area Personale

Page URL History Show full URLs

http://bit.ly/uNexi HTTP 307
https://bit.ly/uNexi HTTP 301
https://short.gy/G1gecS HTTP 302
https://finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/ Page URL

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc/designs/

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

25
Requests

100 %
HTTPS

0 %
IPv6

6
Domains

8
Subdomains

5
IPs

4
Countries

821 kB
Transfer

1839 kB
Size

2
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://policies.google.com/privacy
Title: google-analytics.com

Search URL Search Domain Scan URL

URL: https://www.hotjar.com/privacy
Title: Hotjar.com

Search URL Search Domain Scan URL

URL: http://site.adform.com/privacy-policy/en/
Title: track.adform.net

Search URL Search Domain Scan URL

URL: http://www.google.com/policies/technologies/ads/
Title: doubleclick.net

Search URL Search Domain Scan URL

URL: https://it-it.facebook.com/about/privacy/cookies
Title: Facebook

Search URL Search Domain Scan URL

URL: http://www.amazon.it/gp/dra/info
Title: Amazon-adsystem.com

Search URL Search Domain Scan URL

URL: https://twitter.com/privacy
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.criteo.com/it/privacy/
Title: Criteo.com

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/it-it/privacystatement
Title: Bing

Search URL Search Domain Scan URL

URL: https://fanplayr.com/files/en/Fanplayr-Privacy-Policy-May-2018.pdf
Title: FanPlayr

Search URL Search Domain Scan URL

URL: http://windows.microsoft.com/en-GB/windows7/How-to-manage-cookies-in-Internet-Explorer-9
Title: Internet Explorer

Search URL Search Domain Scan URL

URL: http://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?redirectlocale=en-US&redirectslug=Cookies
Title: Firefox

Search URL Search Domain Scan URL

URL: http://support.google.com/chrome/bin/answer.py?hl=en&answer=95647
Title: Google Chrome

Search URL Search Domain Scan URL

URL: http://support.apple.com/kb/PH5042
Title: Safari

Search URL Search Domain Scan URL

URL: https://www.nexi.it/

Search URL Search Domain Scan URL

URL: https://apps.apple.com/it/app/nexi-pay/id518695175

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=it.icbpi.mobile&hl=it

Search URL Search Domain Scan URL

URL: https://www.nexi.it/login-titolari.html
Title: Non sei tu?

Search URL Search Domain Scan URL

URL: https://privati.nexi.it/registration/intro
Title: REGISTRATI

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bit.ly/uNexi HTTP 307
https://bit.ly/uNexi HTTP 301
https://short.gy/G1gecS HTTP 302
https://finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/
Redirect Chain

http://bit.ly/uNexi
https://bit.ly/uNexi
https://short.gy/G1gecS
https://finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto/

305 KB
35 KB

226ms
71ms

Document
text/html

195.78.67.12
CF-GDA

General

			Domain/Path	Expires	Name / Value
			finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl/sicuro-login-supporto/wp-content/plugins/esterno-login-supporto	1970-01-21 04:58:59	Name: COOKIE_KEY Value: 171137941712
			.bit.ly/	1970-01-20 23:42:11	Name: _bit Value: o2pfag-ce0eb5b52fdbcb92ab-00g

finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl Open in urlscan Pro 195.78.67.12 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

25 Requests

100 %HTTPS

0 %IPv6

6 Domains

8 Subdomains

5 IPs

4 Countries

821 kBTransfer

1839 kBSize

2 Cookies

19 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

2 Cookies

Indicators

finestra-sistema-sicuro-operatore-supporto-melone.cfolks.pl Open in urlscan Pro
195.78.67.12 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

100 %
HTTPS

0 %
IPv6

6
Domains

8
Subdomains

5
IPs

4
Countries

821 kB
Transfer

1839 kB
Size

2
Cookies

25 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!