confermaspedizione.online
Open in
urlscan Pro
2a02:4780:dead:54bd::1
Malicious Activity!
Public Scan
Submission Tags: @ecarlesi possiblethreat #phishing Search All
Submission: On July 09 via api from CA — Scanned from NL
Summary
This is the only time confermaspedizione.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Poste Italiane (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 2a02:4780:dea... 2a02:4780:dead:54bd::1 | 204915 (AWEX) (AWEX) | |
1 | 2606:4700::68... 2606:4700::6811:a229 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a02:6ea0:c70... 2a02:6ea0:c700::19 | 60068 (CDN77 ^_^) (CDN77 ^_^) | |
1 | 52.29.33.0 52.29.33.0 | 16509 (AMAZON-02) (AMAZON-02) | |
13 | 4 |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-33-0.eu-central-1.compute.amazonaws.com
bootstrap.smartsuppchat.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
confermaspedizione.online
confermaspedizione.online |
569 KB |
2 |
smartsuppchat.com
www.smartsuppchat.com — Cisco Umbrella Rank: 47671 bootstrap.smartsuppchat.com — Cisco Umbrella Rank: 44063 |
6 KB |
1 |
000webhost.com
cdn.000webhost.com — Cisco Umbrella Rank: 85589 |
2 KB |
13 | 3 |
Domain | Requested by | |
---|---|---|
10 | confermaspedizione.online |
confermaspedizione.online
|
1 | bootstrap.smartsuppchat.com |
www.smartsuppchat.com
|
1 | www.smartsuppchat.com |
confermaspedizione.online
|
1 | cdn.000webhost.com |
confermaspedizione.online
|
13 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.000webhost.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.000webhost.com Sectigo RSA Domain Validation Secure Server CA |
2023-01-10 - 2024-02-10 |
a year | crt.sh |
*.smartsuppchat.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1 |
2022-11-30 - 2023-12-29 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://confermaspedizione.online/
Frame ID: 456349E4E1CE0317CA32E0B2B2994228
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
AvvisoDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
confermaspedizione.online/ |
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
confermaspedizione.online/css/ |
119 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
confermaspedizione.online/css/ |
206 KB 40 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
confermaspedizione.online/css/ |
95 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
confermaspedizione.online/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img1.png
confermaspedizione.online/css/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ico-messages-info.png
confermaspedizione.online/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer-powered-by-000webhost-white2.png
cdn.000webhost.com/000webhost/logo/ |
2 KB 2 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loader.js
www.smartsuppchat.com/ |
19 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spinner_giallo.gif
confermaspedizione.online/ |
33 KB 33 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
410ed4d13b214b021ba7664664a215cb24f4fd74.json
bootstrap.smartsuppchat.com/widget/ |
57 B 271 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ccc.jpg
confermaspedizione.online/ |
394 KB 395 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ico-messages-info.png
confermaspedizione.online/css/css/ |
18 KB 18 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Poste Italiane (Online)28 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery object| _smartsupp function| smartsupp function| getCookie undefined| wordpressAdminBody object| notification object| hostingerLogo undefined| mainContent undefined| googleFont undefined| css undefined| style undefined| sheet undefined| button undefined| link undefined| mainContentHolder undefined| h1Tag undefined| h2Tag undefined| paragraph undefined| list undefined| org_html undefined| new_html undefined| saleImage boolean| SMARTSUPP_LOADED object| $smartsupp1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
confermaspedizione.online/ | Name: COOKIE_KEY Value: 168887721927 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bootstrap.smartsuppchat.com
cdn.000webhost.com
confermaspedizione.online
www.smartsuppchat.com
2606:4700::6811:a229
2a02:4780:dead:54bd::1
2a02:6ea0:c700::19
52.29.33.0
1e3f60d29de08e299aa39aadee4c5c47414c0e6108298deb9ec78d14d62ed238
238badd18e387b81d7278e83b750b16303c5cfa17fb556890b35cff8186b125f
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6cfde476dffc41c1ba2f4a228f1f2be0052d7f67093674264506377577e4cd09
86f2673ec74a632865109a76b2232f4f5b3587daa219e07a17ef1d9c76a0fda5
8b922a249c9f81562d99eee24407bf38c7feac74a10dfe712292c0b032144dfa
9d4b2002d474cbf50574d59bc65beedd17f877547426da345072fd1adba5d76f
9e3ec8fde823fb0178e76391aa3fc10e2f277d4e50b75fb00e6c195f3dec11fe
aa51ba604ac980212354d1892b6cd6b24c666cd16e4b106cdbefc72d82be3326
ae53804e3f0fa8db8ead3ac02099b6d0213ab8b27f0da066e443eb04d0c9e242
b98b52b6f7cfb28e5e097f3bc02d50335264686a95ee79b7603737c8e78e5a7c
cf4a172da82df7d22d9b0bea415bb6c2a2080dc6bb600f96effc73b517dcc11a
ea638c8244c7a5cc50e617807b1fc35637430f976e8210ef3d560a5eb059e5f5