bimconsultance.com
Open in
urlscan Pro
109.234.162.145
Malicious Activity!
Public Scan
Effective URL: https://bimconsultance.com/MyApp/web/
Submission: On January 06 via api from US
Summary
TLS certificate: Issued by R3 on December 28th 2020. Valid for: 3 months.
This is the only time bimconsultance.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nexi (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 185.241.64.172 185.241.64.172 | 204760 (MOM) (MOM) | |
12 | 109.234.162.145 109.234.162.145 | 50474 (O2SWITCH) (O2SWITCH) | |
1 | 13.224.94.105 13.224.94.105 | 16509 (AMAZON-02) (AMAZON-02) | |
13 | 2 |
ASN16509 (AMAZON-02, US)
PTR: server-13-224-94-105.zrh50.r.cloudfront.net
vars.hotjar.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
bimconsultance.com
bimconsultance.com |
1 MB |
1 |
hotjar.com
vars.hotjar.com |
|
1 |
lorogiovanni.it
1 redirects
www.lorogiovanni.it |
139 B |
13 | 3 |
Domain | Requested by | |
---|---|---|
12 | bimconsultance.com |
bimconsultance.com
|
1 | vars.hotjar.com |
bimconsultance.com
|
1 | www.lorogiovanni.it | 1 redirects |
13 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
bimconsultance.com R3 |
2020-12-28 - 2021-03-28 |
3 months | crt.sh |
*.hotjar.com Amazon |
2020-12-25 - 2022-01-23 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://bimconsultance.com/MyApp/web/
Frame ID: 97E1D5C688A52AE53DDAAFE437CB6051
Requests: 12 HTTP requests in this frame
Frame:
https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: DF662C7A6BA16A530F2AB145B8F58488
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://www.lorogiovanni.it/app//
HTTP 301
https://bimconsultance.com/MyApp/web/ Page URL
Detected technologies
Google Tag Manager (Tag Managers) ExpandDetected patterns
- html /<!-- (?:End )?Google Tag Manager -->/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.lorogiovanni.it/app//
HTTP 301
https://bimconsultance.com/MyApp/web/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
bimconsultance.com/MyApp/web/ Redirect Chain
|
19 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
bimconsultance.com/MyApp/web/cs/ |
567 KB 61 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.css
bimconsultance.com/MyApp/web/cs/ |
567 KB 61 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
bimconsultance.com/MyApp/web/cs/ |
18 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.svg
bimconsultance.com/MyApp/web/imgs/ |
1 KB 860 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app_store.svg
bimconsultance.com/MyApp/web/imgs/ |
15 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
google_play.svg
bimconsultance.com/MyApp/web/imgs/ |
25 KB 18 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
bimconsultance.com/MyApp/web/ |
19 KB 5 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
placeholder_login_portale_privati.png
bimconsultance.com/MyApp/web/imgs/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame DF66 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
karbon-regular-webfont.woff
bimconsultance.com/MyApp/web/fonts/ |
24 KB 24 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
karbon-medium-webfont.woff
bimconsultance.com/MyApp/web/fonts/ |
24 KB 25 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
karbon-semibold-webfont.woff
bimconsultance.com/MyApp/web/fonts/ |
24 KB 25 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nexi (Banking)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bimconsultance.com/ | Name: PHPSESSID Value: 19e5998323a3e9c0eed7f811f5a10b8f |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bimconsultance.com
vars.hotjar.com
www.lorogiovanni.it
109.234.162.145
13.224.94.105
185.241.64.172
0696904b24ea3bdaf9ee857ded71391ccd44d40b84334571a5c5e71f93b4a0c6
4061275193aa1a5245941f7768b307219fc0f86f44dc1cf4d293168b93a72259
50c8f8cf3eb1f7a201882f9edf2adfffc6e581e1b82dff0036aafd0a753e2e3c
5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27
6b3318b8b2f4b3a58a85ffab1b3330ecc46f177dd1daf18dfe4e1844048f0855
861a4758d8d84ee664daa9cebfccf9aa3ab671f213484cb1f5e9ce586670a89b
ade827343407a2a81168acb91cabc1ed7d83de7010966dd1b7f06f4e0344b9e6
c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc
d9517be72e3b464aea0ae729e8ed5f96e9c53d35c2d52ecab845a590af02e026
ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340