cloudppdati.it
Open in
urlscan Pro
2001:8d8:100f:f000::2ab
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On July 11 via api from GB
Summary
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G1 on July 10th 2019. Valid for: a year.
This is the only time cloudppdati.it was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banca Sella (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 2001:8d8:100f... 2001:8d8:100f:f000::2ab | 8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48) | |
1 | 2a00:1450:400... 2a00:1450:4001:815::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
3 | 2a00:1450:400... 2a00:1450:4001:81a::2003 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
17 | 4 |
ASN15169 (GOOGLE - Google LLC, US)
fonts.googleapis.com |
ASN15169 (GOOGLE - Google LLC, US)
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
cloudppdati.it
cloudppdati.it |
218 KB |
3 |
gstatic.com
fonts.gstatic.com |
41 KB |
1 |
googleapis.com
fonts.googleapis.com |
686 B |
0 |
sella.it
Failed
www.sella.it Failed |
|
17 | 4 |
Domain | Requested by | |
---|---|---|
12 | cloudppdati.it |
cloudppdati.it
|
3 | fonts.gstatic.com |
cloudppdati.it
|
1 | fonts.googleapis.com |
cloudppdati.it
|
0 | www.sella.it Failed |
cloudppdati.it
|
17 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.cloudppdati.it Encryption Everywhere DV TLS CA - G1 |
2019-07-10 - 2020-07-09 |
a year | crt.sh |
*.googleapis.com Google Internet Authority G3 |
2019-06-18 - 2019-09-10 |
3 months | crt.sh |
*.google.com Google Internet Authority G3 |
2019-06-18 - 2019-09-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://cloudppdati.it/Autenticazione/step_four.php
Frame ID: DE72C50205B6F97A5768EACF51AEB6A3
Requests: 17 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
step_four.php
cloudppdati.it/Autenticazione/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style4713.css
cloudppdati.it/Autenticazione/css/ |
39 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
cloudppdati.it/Autenticazione/script/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor.minc97a.js
cloudppdati.it/Autenticazione/script/ |
74 KB 74 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script3e1c.js
cloudppdati.it/Autenticazione/script/ |
5 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
emberPm.js
cloudppdati.it/Autenticazione/script/ |
635 B 789 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
optimizescreen.js
cloudppdati.it/Autenticazione/script/ |
8 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_sellait.png
cloudppdati.it/loghi/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spacer11.gif
cloudppdati.it/Autenticazione/img/banner/ |
43 B 186 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
asscli.js
cloudppdati.it/ita/scripts/ |
0 142 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
5 KB 686 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow.png
cloudppdati.it/Autenticazione/img/ |
586 B 731 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v15/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JTURjIg1_i6t8kCHKm45_ZpC3gnD_vx3rCs.woff2
fonts.gstatic.com/s/montserrat/v13/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v15/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
cdgm.spr
cloudppdati.it/Autenticazione/ |
340 B 354 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
piwik.jsp
www.sella.it/Autenticazione/piwik/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.sella.it
- URL
- https://www.sella.it/Autenticazione/piwik/piwik.jsp
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banca Sella (Online)27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery undefined| AuthFormValidator function| enableBtn function| checkAll function| showKeyboard function| hideKeyboard function| formValidatorsubmitHandler function| initAuthFormValidator undefined| authTokenTimer function| resetAuthToken function| checkServices function| switchUser object| _0x7d0d object| _0xb137 object| _0x3401 object| _0x9d45 object| _0x7dad function| ottimizzaVisualizzazione boolean| i_acrobatreader boolean| v_acrobatreader number| n number| p string| _gstr1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cloudppdati.it/ | Name: PHPSESSID Value: 39295e7e66477a860f9533ac24996602 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cloudppdati.it
fonts.googleapis.com
fonts.gstatic.com
www.sella.it
www.sella.it
2001:8d8:100f:f000::2ab
2a00:1450:4001:815::200a
2a00:1450:4001:81a::2003
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
11797daecacce6d0abc75f454e4f1f41d9192c464edc8e3f452f9a1f3ee4b53f
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1f57cb524ab22adc27e182c03ae78a72f409dcf035879131887d2de0da85ef70
2e7c20bf76055f8e950f681258b3df5d94a9730b1a0f60df04fe55bb02baf2da
2f4db54c2bc3e98a5a79f661221bb5d353222ba1832f2da64435916812ff88e1
368a1b2207f9f04fe7a1da80c34742d0f7ad733ea73f6b9e6ea252f063836d0b
5aaa0cacc3452872c630bb62426b3dcbda7b8a844023027b4f8e95a81ca248f0
7f68affba3f1c780f877960c7ee3e441309078b41043d35501e2eda8f7fde683
998a97492509f28f53275904ec14a6f5c7f9eedd8d6bbb46ca6f85328d0fc86c
99efd8de53dda5a5f342bf3090f71c4180080215ef8085e58b8349bfe68b19cf
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
cc15768faf1f8cfca4db5adb3d0495520d5ce7714f3c3e91b3fce8994090f614
cedb226bd7759d04b58baa1a609e1aeecc1aa5c6c3280c4db153019f426f3de0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef66889fd948ac428bbaadba8b2809d40b447a1140c3d3a122131d4b959aa803