urlscan.io logo urlscan.io
SecurityTrails logo

seleziona-filiale.from-wi.com Open in urlscan Pro
207.180.231.184  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://seleziona-filiale.from-wi.com/sel/
Submission: On October 22 via manual from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 6 HTTP transactions. The main IP is 207.180.231.184, located in Nuremberg, Germany and belongs to CONTABO, DE. The main domain is seleziona-filiale.from-wi.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on October 15th 2020. Valid for: 3 months.
This is the only time seleziona-filiale.from-wi.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Poste Italiane (Online) BNP Paribas (Banking)

Domain & IP information

IP Address AS Autonomous System
1 207.180.231.184 51167 (CONTABO)
1 62.241.12.21 15720 (Viale Europa)
1 193.203.234.203 20942 (ISP-ASN2)
1 2a02:26f0:170... 20940 (AKAMAI-ASN1)
1 151.101.112.133 54113 (FASTLY)
1 2a02:26f0:170... 20940 (AKAMAI-ASN1)
6 6
1    207.180.231.184 (Nuremberg, Germany)

ASN51167 (CONTABO, DE)
PTR: vmi461014.contaboserver.net
seleziona-filiale.from-wi.com
1    62.241.12.21 (Italy)

ASN15720 (Viale Europa, 175, IT)
www.poste.it
1    193.203.234.203 (Milan, Italy)

ASN20942 (ISP-ASN2, IT)
group.intesasanpaolo.com
1    2a02:26f0:1700:1ad::4445 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
bnl.it
1    151.101.112.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
avatars1.githubusercontent.com
1    2a02:26f0:1700:1a4::2a52 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
cdn-pays.bnpparibas.com
Domain Requested by
1 cdn-pays.bnpparibas.com seleziona-filiale.from-wi.com
1 avatars1.githubusercontent.com seleziona-filiale.from-wi.com
1 bnl.it seleziona-filiale.from-wi.com
1 group.intesasanpaolo.com seleziona-filiale.from-wi.com
1 www.poste.it seleziona-filiale.from-wi.com
1 seleziona-filiale.from-wi.com
6 6

This site contains links to these domains. Also see Links.

Domain
profilo-privato-cli.gets-it.net
Subject Issuer Validity Valid
seleziona-filiale.from-wi.com
ZeroSSL RSA Domain Secure Site CA		 2020-10-15 -
2021-01-13		 3 months crt.sh
www.poste.it
GlobalSign Extended Validation CA - SHA256 - G3		 2020-03-04 -
2021-03-05		 a year crt.sh
www.group.intesasanpaolo.com
Intesa Sanpaolo Organization Validation CA		 2020-07-03 -
2021-07-03		 a year crt.sh
bnl01.bnpparibas.com
DigiCert ECC Extended Validation Server CA		 2020-03-06 -
2021-10-23		 2 years crt.sh
www.github.com
DigiCert SHA2 High Assurance Server CA		 2020-05-06 -
2022-04-14		 2 years crt.sh
bnp03s.bnpparibas.com
DigiCert Secure Site ECC CA-1		 2020-10-13 -
2021-08-19		 10 months crt.sh

This page contains 1 frames:

Primary Page: https://seleziona-filiale.from-wi.com/sel/
Frame ID: 83D33F606B608B57C6B583FB97A249B9
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

6
Requests

100 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

80 kB
Transfer

78 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
seleziona-filiale.from-wi.com/sel/ 		1 KB
757 B 		Document
General
Check archive.org
Download Go to
Full URL
https://seleziona-filiale.from-wi.com/sel/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
207.180.231.184 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
vmi461014.contaboserver.net
Software
Apache/2.4.18 (Ubuntu) /
Resource Hash
fc38f2e0682c74f78a047155dd6023a71f3bc3ab187948f4863436626a38174d

Request headers

Host
seleziona-filiale.from-wi.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 22 Oct 2020 13:22:19 GMT
Server
Apache/2.4.18 (Ubuntu)
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
505
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
logo-poste-italiane.png
www.poste.it/risorse_dt/condivise/immagini/loghi/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.poste.it/risorse_dt/condivise/immagini/loghi/logo-poste-italiane.png
Requested by
Host: seleziona-filiale.from-wi.com
URL: https://seleziona-filiale.from-wi.com/sel/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.241.12.21 , Italy, ASN15720 (Viale Europa, 175, IT),
Reverse DNS
Software
nginx /
Resource Hash
4b76e5a6a06f430c4c3c7a801632cf646f4fac8bbe919ff14938396abb08ae0f

Request headers

Referer
https://seleziona-filiale.from-wi.com/sel/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
public
Date
Thu, 22 Oct 2020 13:22:19 GMT
Last-Modified
Wed, 29 Jul 2020 13:30:52 GMT
Server
nginx
ETag
"5f217a0c-182d"
Content-Type
image/png
Cache-Control
max-age=3600, public
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6189
Expires
Thu, 22 Oct 2020 14:22:19 GMT
img.jpg
group.intesasanpaolo.com/content/dam/portalgroup/nuove-immagini/chi-siamo/09-Storia_Logo-Intesa-SanPaolo.jpg.transform/resize-425/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://group.intesasanpaolo.com/content/dam/portalgroup/nuove-immagini/chi-siamo/09-Storia_Logo-Intesa-SanPaolo.jpg.transform/resize-425/img.jpg
Requested by
Host: seleziona-filiale.from-wi.com
URL: https://seleziona-filiale.from-wi.com/sel/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.203.234.203 Milan, Italy, ASN20942 (ISP-ASN2, IT),
Reverse DNS
Software
/
Resource Hash
ca7e077aacc81410ac1a627be8c30aeae00328fccd505ecfeb88396e40c96881
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

Referer
https://seleziona-filiale.from-wi.com/sel/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 22 Oct 2020 13:22:19 GMT
Last-Modified
Thu, 06 Aug 2020 17:26:22 GMT
ETag
"1a50-5ac38c9839b18"
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=100
Content-Length
6736
bnl-logo.png
bnl.it/images/bnl/homepage-language/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bnl.it/images/bnl/homepage-language/bnl-logo.png
Requested by
Host: seleziona-filiale.from-wi.com
URL: https://seleziona-filiale.from-wi.com/sel/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:1ad::4445 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
37faf4fac9de99c2198064be4dbb77d407cd9c02c9e8838b05bc2c1092a5e07a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://seleziona-filiale.from-wi.com/sel/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 22 Oct 2020 13:22:19 GMT
Vary
Host,Accept-Encoding
Last-Modified
Tue, 19 May 2020 21:19:29 GMT
ETag
"871f-5a606d5beec83"
x-frame-options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
Access-Control-Allow-Origin
https://bnl.it
Cache-Control
max-age=1200
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
34591
Expires
Thu, 22 Oct 2020 13:42:19 GMT
34343708
avatars1.githubusercontent.com/u/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars1.githubusercontent.com/u/34343708?s=400&u=66cde4b5d03cd5c5d3b817d4272ee8ca3aea8ea1&v=4
Requested by
Host: seleziona-filiale.from-wi.com
URL: https://seleziona-filiale.from-wi.com/sel/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
166b1ccb97039394516e141b551229e667811cc75e7090e804c6ca20df96c4e3
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://seleziona-filiale.from-wi.com/sel/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID
d45abfc05b67e868ca9ec83b576b415ada00105a
Content-Security-Policy
default-src 'none'
Via
1.1 varnish
X-Content-Type-Options
nosniff
X-Cache
HIT
X-Cache-Hits
1
Connection
keep-alive
Vary
Authorization,Accept-Encoding
Content-Length
12068
X-Xss-Protection
1; mode=block
X-Served-By
cache-hhn4070-HHN
Last-Modified
Tue, 18 Dec 2018 09:04:41 GMT
X-GitHub-Request-Id
B7F6:1E40:81656:A1B25:5EDBC58F
X-Timer
S1603372939.374959,VS0,VE1
X-Frame-Options
deny
Date
Thu, 22 Oct 2020 13:22:19 GMT
Source-Age
11911676
Strict-Transport-Security
max-age=31557600
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=300
Etag
"c72085400ff1d55e3abc3d74b64d8fdcd2098e87"
Accept-Ranges
bytes
Timing-Allow-Origin
https://github.com
Expires
Thu, 22 Oct 2020 13:27:19 GMT
logo-default.png
cdn-pays.bnpparibas.com/wp-content/themes/bnpparibasworld/assets/img/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-pays.bnpparibas.com/wp-content/themes/bnpparibasworld/assets/img/logo-default.png
Requested by
Host: seleziona-filiale.from-wi.com
URL: https://seleziona-filiale.from-wi.com/sel/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:1a4::2a52 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
e50c4204469f6a59549d785c3da3b0f196edde016dd59fe968785b9f826593bc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://seleziona-filiale.from-wi.com/sel/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 22 Oct 2020 13:22:19 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 23 Jul 2015 05:03:39 GMT
Content-Type
image/png
Cache-Control
max-age=50109
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
18953
Expires
Fri, 23 Oct 2020 03:17:28 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Poste Italiane (Online) BNP Paribas (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes

0 Cookies