blocca-pagamento.000webhostapp.com
Open in
urlscan Pro
145.14.144.245
Malicious Activity!
Public Scan
Submitted URL: http://bitly.ws/?redirect=AIAp
Effective URL: https://blocca-pagamento.000webhostapp.com/
Submission: On February 24 via automatic, source phishtank — Scanned from PL
Effective URL: https://blocca-pagamento.000webhostapp.com/
Submission: On February 24 via automatic, source phishtank — Scanned from PL
Summary
This website contacted 2 IPs
in 3 countries
across 3 domains to perform 21 HTTP transactions.
The main IP is 145.14.144.245, located in
Netherlands and
belongs to AWEX, CY.
The main domain is blocca-pagamento.000webhostapp.com.
TLS certificate: Issued by RapidSSL Global TLS RSA4096 SHA256 20... on August 4th 2022. Valid for: a year.
This is the only time blocca-pagamento.000webhostapp.com was scanned on urlscan.io!
TLS certificate: Issued by RapidSSL Global TLS RSA4096 SHA256 20... on August 4th 2022. Valid for: a year.
This is the only time blocca-pagamento.000webhostapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BPER Banca (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 185.11.100.204 185.11.100.204 | 29522 (CF-KRK) (CF-KRK) | |
| 20 | 145.14.144.245 145.14.144.245 | 204915 (AWEX) (AWEX) | |
| 1 | 104.17.162.41 104.17.162.41 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 21 | 2 |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 20 |
000webhostapp.com
blocca-pagamento.000webhostapp.com |
1 MB |
| 1 |
000webhost.com
cdn.000webhost.com — Cisco Umbrella Rank: 81263 |
|
| 1 |
bitly.ws
1 redirects
bitly.ws — Cisco Umbrella Rank: 275299 |
286 B |
| 21 | 3 |
| Domain | Requested by | |
|---|---|---|
| 20 | blocca-pagamento.000webhostapp.com |
blocca-pagamento.000webhostapp.com
|
| 1 | cdn.000webhost.com |
blocca-pagamento.000webhostapp.com
|
| 1 | bitly.ws | 1 redirects |
| 21 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| migrazioneib.bpergroup.net |
| www.bper.it |
| www.000webhost.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.000webhostapp.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1 |
2022-08-04 - 2023-07-10 |
a year | crt.sh |
| *.000webhost.com Sectigo RSA Domain Validation Secure Server CA |
2023-01-10 - 2024-02-10 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://blocca-pagamento.000webhostapp.com/
Frame ID: 27895F1C9934719D7D03866A2B985284
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
LoginPage URL History Show full URLs
-
http://bitly.ws/?redirect=AIAp
HTTP 301
https://blocca-pagamento.000webhostapp.com/ Page URL
Page Statistics
11 Outgoing links
These are links going to different origins than the main page.
URL: https://migrazioneib.bpergroup.net/wizardmigrazione/content/static/index.html
Title: Ottieni credenziali
Title: Ottieni credenziali
Search URL Search Domain Scan URL
URL: https://www.bper.it/documents/2084926082/2094568827/BPER++Banca+-+Guida+Primi+Passi+IB.pdf/9af37eb4-e9bf-a081-2c6d-a3e62001f52f?t=1668170555300
Search URL Search Domain Scan URL
URL: https://www.bper.it/benvenuti-bper-banca
Search URL Search Domain Scan URL
URL: https://www.bper.it/benvenuti-bper-banca/domande-risposte-utili-carige-bml
Search URL Search Domain Scan URL
URL: https://www.bper.it/benvenuti-bper-banca/domande-e-risposte-utili-cesare-ponti
Search URL Search Domain Scan URL
URL: https://www.bper.it/footer/informative-normative/dleg-231-01?_ga=2.240983747.177688189.1647968555-1305436462.1632925734
Title: D.Lgs. 231/01
Title: D.Lgs. 231/01
Search URL Search Domain Scan URL
URL: https://www.bper.it/footer/trasparenza?_ga=2.198529775.177688189.1647968555-1305436462.1632925734
Title: Trasparenza
Title: Trasparenza
Search URL Search Domain Scan URL
URL: https://www.bper.it/footer/informative-normative/note-legali?_ga=2.198529775.177688189.1647968555-1305436462.1632925734
Title: Note legali
Title: Note legali
Search URL Search Domain Scan URL
URL: https://www.bper.it/footer/informative-normative/aml?_ga=2.198529775.177688189.1647968555-1305436462.1632925734
Title: AML
Title: AML
Search URL Search Domain Scan URL
URL: https://www.bper.it/footer/privacy-policy/gestione-cookies/internet-banking
Title: Cookie policy
Title: Cookie policy
Search URL Search Domain Scan URL
URL: https://www.000webhost.com/?utm_source=000webhostapp&utm_campaign=000_logo&utm_medium=website&utm_content=footer_img
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bitly.ws/?redirect=AIAp
HTTP 301
https://blocca-pagamento.000webhostapp.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
blocca-pagamento.000webhostapp.com/ Redirect Chain
|
174 KB 37 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
styles.1609657cf8a367b812cc.css
blocca-pagamento.000webhostapp.com/index_files/ |
284 KB 43 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
esw.min.css
blocca-pagamento.000webhostapp.com/index_files/ |
9 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bper-logo.svg
blocca-pagamento.000webhostapp.com/index_files/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
TRADING.svg
blocca-pagamento.000webhostapp.com/index_files/ |
13 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
BPER%20ZONE.svg
blocca-pagamento.000webhostapp.com/index_files/ |
12 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
BPER%20CARD.svg
blocca-pagamento.000webhostapp.com/index_files/ |
14 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
SM.svg
blocca-pagamento.000webhostapp.com/index_files/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bper%20casa.jpg
blocca-pagamento.000webhostapp.com/index_files/ |
118 KB 119 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Variabile.png
blocca-pagamento.000webhostapp.com/index_files/ |
88 KB 88 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
12_22-BPER-Banner-Web-342x140.png
blocca-pagamento.000webhostapp.com/index_files/ |
243 KB 244 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
footer-powered-by-000webhost-white2.png
cdn.000webhost.com/000webhost/logo/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Squircle.svg
blocca-pagamento.000webhostapp.com/assets/img/ |
18 KB 18 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
john-schnobrich-2FPjlAyMQTA-unsplash.jpg
blocca-pagamento.000webhostapp.com/assets/img/ |
18 KB 18 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
squircle.58857b4cb939762a8814.svg
blocca-pagamento.000webhostapp.com/ |
18 KB 18 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KievitPro-Regular.otf
blocca-pagamento.000webhostapp.com/index_files/kievit-pro/ |
140 KB 140 KB |
Font
application/vnd.oasis.opendocument.formula-template |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ark-iconfont.ttf
blocca-pagamento.000webhostapp.com/index_files/ |
81 KB 81 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KievitPro-Bold.otf
blocca-pagamento.000webhostapp.com/index_files/kievit-pro/ |
143 KB 144 KB |
Font
application/vnd.oasis.opendocument.formula-template |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bper-icons.ttf
blocca-pagamento.000webhostapp.com/index_files/bper-icons/ |
91 KB 91 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KievitPro-Medium.otf
blocca-pagamento.000webhostapp.com/index_files/kievit-pro/ |
142 KB 142 KB |
Font
application/vnd.oasis.opendocument.formula-template |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KievitPro-Book.otf
blocca-pagamento.000webhostapp.com/index_files/kievit-pro/ |
140 KB 140 KB |
Font
application/vnd.oasis.opendocument.formula-template |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BPER Banca (Banking)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| getCookie undefined| wordpressAdminBody object| notification object| hostingerLogo undefined| mainContent undefined| googleFont undefined| css undefined| style undefined| sheet undefined| button undefined| link undefined| mainContentHolder undefined| h1Tag undefined| h2Tag undefined| paragraph undefined| list undefined| org_html undefined| new_html undefined| saleImage1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| blocca-pagamento.000webhostapp.com/ | Name: COOKIE_KEY Value: 167727138116 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bitly.ws
blocca-pagamento.000webhostapp.com
cdn.000webhost.com
104.17.162.41
145.14.144.245
185.11.100.204
02c4d3b380dbd48f28aa31ae66172cdfbaac8ff940e3ebc9cfef7d853b73ea61
03b99f1b7c7d616204ee60056eee3d6b2d4153365131d606978ccbfc30404082
0f64c1547d33c0d5a6ec2bea1296da06f8d1b876ff4b3bdc6e5151a1ca0c702c
238badd18e387b81d7278e83b750b16303c5cfa17fb556890b35cff8186b125f
311167b08911270f63af4fc478295e4da13b546eba9d38a8146a23bd2bcdb313
5a81fd5d88908220d70c5c8af65732d0f63d1de0b5e413f658392b245c6402e7
60db760f7d5fd9c6b680ac00f719128ebd9fa9a30168e0d98f92ae7a66e4a5a5
65c5f92b8c9b015ff9f30794e92f74863b2230a489f99d5f2eee31cc3caacc35
66e2487f94a47c96a9c0c7d9c1c552df5230f74b2356c82e5b4f616e55ce0962
6d7257d5d026cee2c8d3a673ed80ba236122bed9bf8504ca5cb846985e99c81a
721f2d2fe18f13edc2ae51c1918c1b0a2d7b668318c559310ab35fa22363fdad
76e69830b8d2953df45a0acfd2b6290a5f817145f048fce5620d15fc93ef7bb0
92fa835eeba17c1cecced2b77b8442e56c64b849b38c9c45198abcc6f92da365
9d8d90b0d6790c92d58efb1cdb5074ab053686472b2c72bbf6c0b904330dd370
a0443c4e71b45535f85b76f868d42f950de2e469a19804d8e09d51e148260d9b
b3af152bb31ca20c9cfb95dbbac19e5d5cfca5cbc7660c5fb2a0b72415db401c
bf996a693d8c7b587ecb289bea2789e2141ab78c1ac33e5d1dbb7a7e2d83c69f
cff4895f0f3bb9572b58947952cc8ea899933769b4cefe951caf630315ab39bd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855