www.confermaspedizione.online Open in urlscan Pro
2a02:4780:a:807:0:238e:fe5f:1  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.confermaspedizione.online/	4 KB 2 KB	111ms 35ms	Document text/html	2a02:4780:a:807:0:238e:fe5f:1 AS-HOSTINGER
General Check archive.org Show headers Download Go to Full URL https://www.confermaspedizione.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a02:4780:a:807:0:238e:fe5f:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY), Reverse DNS Software LiteSpeed / PHP/7.4.30 Resource Hash 7e0cdd4949148479cfc9587fb74bc1d403190088297816ffea74f3c7eaaf4829 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-encoding br content-length 1746 content-security-policy upgrade-insecure-requests content-type text/html; charset=UTF-8 date Mon, 08 Aug 2022 11:18:25 GMT server LiteSpeed vary Accept-Encoding x-powered-by PHP/7.4.30
GET H2	200	bootstrap.min.css www.confermaspedizione.online/css/	119 KB 18 KB	38ms 37ms	Stylesheet text/css	2a02:4780:a:807:0:238e:fe5f:1 AS-HOSTINGER
General Check archive.org Show headers Download Go to Full URL https://www.confermaspedizione.online/css/bootstrap.min.css Requested by Host: www.confermaspedizione.online URL: https://www.confermaspedizione.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a02:4780:a:807:0:238e:fe5f:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY), Reverse DNS Software LiteSpeed / Resource Hash 8b922a249c9f81562d99eee24407bf38c7feac74a10dfe712292c0b032144dfa Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Request headers accept-language de-DE,de;q=0.9 Referer https://www.confermaspedizione.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Mon, 08 Aug 2022 11:18:25 GMT content-encoding br last-modified Wed, 03 Aug 2022 10:32:04 GMT server LiteSpeed etag "1ddb3-62ea4ea4-f90cd53ee1fee2fa;br" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 content-security-policy upgrade-insecure-requests accept-ranges bytes content-length 18250 expires Mon, 15 Aug 2022 11:18:25 GMT
GET H2	200	css.css www.confermaspedizione.online/css/	206 KB 28 KB	71ms 70ms	Stylesheet text/css	2a02:4780:a:807:0:238e:fe5f:1 AS-HOSTINGER
General Check archive.org Show headers Download Go to Full URL https://www.confermaspedizione.online/css/css.css Requested by Host: www.confermaspedizione.online URL: https://www.confermaspedizione.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a02:4780:a:807:0:238e:fe5f:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY), Reverse DNS Software LiteSpeed / Resource Hash 6cfde476dffc41c1ba2f4a228f1f2be0052d7f67093674264506377577e4cd09 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Request headers accept-language de-DE,de;q=0.9 Referer https://www.confermaspedizione.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Mon, 08 Aug 2022 11:18:25 GMT content-encoding br last-modified Wed, 03 Aug 2022 10:32:04 GMT server LiteSpeed etag "33727-62ea4ea4-cc44998d04b8af73;br" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 content-security-policy upgrade-insecure-requests accept-ranges bytes content-length 28381 expires Mon, 15 Aug 2022 11:18:25 GMT
GET H2	200	jquery.min.js Show response www.confermaspedizione.online/css/	95 KB 32 KB	101ms 101ms	Script application/x-javascript	2a02:4780:a:807:0:238e:fe5f:1 AS-HOSTINGER
General Check archive.org Show headers Download Go to Full URL https://www.confermaspedizione.online/css/jquery.min.js Requested by Host: www.confermaspedizione.online URL: https://www.confermaspedizione.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a02:4780:a:807:0:238e:fe5f:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY), Reverse DNS Software LiteSpeed / Resource Hash 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Request headers accept-language de-DE,de;q=0.9 Referer https://www.confermaspedizione.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Mon, 08 Aug 2022 11:18:25 GMT content-encoding br last-modified Wed, 03 Aug 2022 10:32:04 GMT server LiteSpeed etag "17b8b-62ea4ea4-8475c325730f911f;br" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=604800 content-security-policy upgrade-insecure-requests accept-ranges bytes content-length 32576 expires Mon, 15 Aug 2022 11:18:25 GMT
GET H3	200	logo.png www.confermaspedizione.online/	6 KB 6 KB	32ms 32ms	Image image/png	2a02:4780:a:807:0:238e:fe5f:1 AS-HOSTINGER
General Check archive.org Show headers Download Go to Show image Full URL https://www.confermaspedizione.online/logo.png Requested by Host: www.confermaspedizione.online URL: https://www.confermaspedizione.online/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a02:4780:a:807:0:238e:fe5f:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY), Reverse DNS Software LiteSpeed / Resource Hash ae53804e3f0fa8db8ead3ac02099b6d0213ab8b27f0da066e443eb04d0c9e242 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Request headers accept-language de-DE,de;q=0.9 Referer https://www.confermaspedizione.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Mon, 08 Aug 2022 11:18:25 GMT last-modified Wed, 03 Aug 2022 10:32:04 GMT server LiteSpeed etag "1732-62ea4ea4-6a3e8600d43c0290;;;" content-type image/png cache-control public, max-age=604800 content-security-policy upgrade-insecure-requests accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 5938 expires Mon, 15 Aug 2022 11:18:25 GMT
GET H3	200	img1.png www.confermaspedizione.online/css/	6 KB 6 KB	32ms 32ms	Image image/png	2a02:4780:a:807:0:238e:fe5f:1 AS-HOSTINGER
General Check archive.org Show headers Download Go to Show image Full URL https://www.confermaspedizione.online/css/img1.png Requested by Host: www.confermaspedizione.online URL: https://www.confermaspedizione.online/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a02:4780:a:807:0:238e:fe5f:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY), Reverse DNS Software LiteSpeed / Resource Hash cf4a172da82df7d22d9b0bea415bb6c2a2080dc6bb600f96effc73b517dcc11a Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Request headers accept-language de-DE,de;q=0.9 Referer https://www.confermaspedizione.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Mon, 08 Aug 2022 11:18:25 GMT last-modified Wed, 03 Aug 2022 10:32:04 GMT server LiteSpeed etag "1943-62ea4ea4-8495895f387b8b38;;;" content-type image/png cache-control public, max-age=604800 content-security-policy upgrade-insecure-requests accept-ranges bytes content-length 6467 expires Mon, 15 Aug 2022 11:18:25 GMT
GET H3	200	ico-messages-info.png www.confermaspedizione.online/	2 KB 2 KB	32ms 32ms	Image image/png	2a02:4780:a:807:0:238e:fe5f:1 AS-HOSTINGER
General Check archive.org Show headers Download Go to Show image Full URL https://www.confermaspedizione.online/ico-messages-info.png Requested by Host: www.confermaspedizione.online URL: https://www.confermaspedizione.online/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a02:4780:a:807:0:238e:fe5f:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY), Reverse DNS Software LiteSpeed / Resource Hash b98b52b6f7cfb28e5e097f3bc02d50335264686a95ee79b7603737c8e78e5a7c Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Request headers accept-language de-DE,de;q=0.9 Referer https://www.confermaspedizione.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Mon, 08 Aug 2022 11:18:25 GMT last-modified Wed, 03 Aug 2022 10:32:04 GMT server LiteSpeed etag "857-62ea4ea4-a508264612156572;;;" content-type image/png cache-control public, max-age=604800 content-security-policy upgrade-insecure-requests accept-ranges bytes content-length 2135 expires Mon, 15 Aug 2022 11:18:25 GMT
GET H3	200	spinner_giallo.gif www.confermaspedizione.online/	33 KB 33 KB	32ms 32ms	Image image/gif	2a02:4780:a:807:0:238e:fe5f:1 AS-HOSTINGER
General Check archive.org Show headers Download Go to Show image Full URL https://www.confermaspedizione.online/spinner_giallo.gif Requested by Host: www.confermaspedizione.online URL: https://www.confermaspedizione.online/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a02:4780:a:807:0:238e:fe5f:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY), Reverse DNS Software LiteSpeed / Resource Hash ea638c8244c7a5cc50e617807b1fc35637430f976e8210ef3d560a5eb059e5f5 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Request headers accept-language de-DE,de;q=0.9 Referer https://www.confermaspedizione.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Mon, 08 Aug 2022 11:18:25 GMT last-modified Wed, 03 Aug 2022 10:32:04 GMT server LiteSpeed etag "844d-62ea4ea4-2df21990145b3c03;;;" content-type image/gif cache-control public, max-age=604800 content-security-policy upgrade-insecure-requests accept-ranges bytes content-length 33869 expires Mon, 15 Aug 2022 11:18:25 GMT
GET H3	200	ccc.jpg www.confermaspedizione.online/	394 KB 395 KB	34ms 33ms	Image image/jpeg	2a02:4780:a:807:0:238e:fe5f:1 AS-HOSTINGER
General Check archive.org Show headers Download Go to Show image Full URL https://www.confermaspedizione.online/ccc.jpg Protocol H3 Security QUIC, , AES_128_GCM Server 2a02:4780:a:807:0:238e:fe5f:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY), Reverse DNS Software LiteSpeed / Resource Hash aa51ba604ac980212354d1892b6cd6b24c666cd16e4b106cdbefc72d82be3326 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Request headers accept-language de-DE,de;q=0.9 Referer https://www.confermaspedizione.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Mon, 08 Aug 2022 11:18:28 GMT last-modified Wed, 03 Aug 2022 10:32:02 GMT server LiteSpeed etag "6291b-62ea4ea2-1947e0472def6d79;;;" content-type image/jpeg cache-control public, max-age=604800 content-security-policy upgrade-insecure-requests accept-ranges bytes content-length 403739 expires Mon, 15 Aug 2022 11:18:28 GMT
GET H3	404	ico-messages-info.png www.confermaspedizione.online/css/css/	2 KB 2 KB	32ms 32ms	Image text/html	2a02:4780:a:807:0:238e:fe5f:1 AS-HOSTINGER
General Check archive.org Show headers Download Go to Show image Full URL https://www.confermaspedizione.online/css/css/ico-messages-info.png Requested by Host: www.confermaspedizione.online URL: https://www.confermaspedizione.online/css/css.css Protocol H3 Security QUIC, , AES_128_GCM Server 2a02:4780:a:807:0:238e:fe5f:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY), Reverse DNS Software LiteSpeed / Resource Hash 3d70ce95eb1eb78620cc57fe1a6a479e6f2d70508bf813238e573863df000d6e Request headers accept-language de-DE,de;q=0.9 Referer https://www.confermaspedizione.online/css/css.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Mon, 08 Aug 2022 11:18:28 GMT content-encoding br last-modified Tue, 19 Jul 2022 09:35:25 GMT server LiteSpeed etag "999-62d67add-a0e71d75b2de5e6a;br" vary Accept-Encoding content-type text/html accept-ranges bytes content-length 912

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Poste Italiane (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.confermaspedizione.online/	1970-01-20 14:41:57	Name: COOKIE_KEY Value: 165995750595

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.confermaspedizione.online/css/css/ico-messages-info.png Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.confermaspedizione.online
2a02:4780:a:807:0:238e:fe5f:1
3d70ce95eb1eb78620cc57fe1a6a479e6f2d70508bf813238e573863df000d6e
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6cfde476dffc41c1ba2f4a228f1f2be0052d7f67093674264506377577e4cd09
7e0cdd4949148479cfc9587fb74bc1d403190088297816ffea74f3c7eaaf4829
8b922a249c9f81562d99eee24407bf38c7feac74a10dfe712292c0b032144dfa
aa51ba604ac980212354d1892b6cd6b24c666cd16e4b106cdbefc72d82be3326
ae53804e3f0fa8db8ead3ac02099b6d0213ab8b27f0da066e443eb04d0c9e242
b98b52b6f7cfb28e5e097f3bc02d50335264686a95ee79b7603737c8e78e5a7c
cf4a172da82df7d22d9b0bea415bb6c2a2080dc6bb600f96effc73b517dcc11a
ea638c8244c7a5cc50e617807b1fc35637430f976e8210ef3d560a5eb059e5f5