www.despacitotour.com Open in urlscan Pro
31.11.34.123 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8
Effective URL:
http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
Submission: On September 14 via manual (September 14th 2023, 6:32:33 am UTC) from IT — Scanned from IT

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 15 HTTP transactions. The main IP is 31.11.34.123, located in Arezzo, Italy and belongs to ARUBA-ASN, IT. The main domain is www.despacitotour.com.

This is the only time www.despacitotour.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PostNord AB (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
2 14	31.11.34.123 31.11.34.123	31034 (ARUBA-ASN) (ARUBA-ASN)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	4

14 31.11.34.123 (Arezzo, Italy) 2 redirects

ASN31034 (ARUBA-ASN, IT)
PTR: websn3s113.aruba.it

despacitotour.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.despacitotour.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	despacitotour.com 2 redirects despacitotour.com www.despacitotour.com	268 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1171	12 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 419	34 KB
15	3

	Domain	Requested by
13	www.despacitotour.com	1 redirects www.despacitotour.com
1	maxcdn.bootstrapcdn.com	www.despacitotour.com
1	ajax.googleapis.com	www.despacitotour.com
1	despacitotour.com	1 redirects
15	4

This site contains no links.

Subject Issuer	Validity	Valid
upload.video.google.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
Frame ID: C70BEBE36AF4F2CB2DD2BFC2386940ED
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PostNord

Page URL History Show full URLs

http://despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8 HTTP 301
http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8 HTTP 301
http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

7 %
HTTPS

67 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

314 kB
Transfer

667 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8 HTTP 301
http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8 HTTP 301
http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
Redirect Chain

http://despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8
http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8
http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/

13 KB
13 KB

262ms
261ms

Document
text/html

31.11.34.123
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
Protocol: HTTP/1.1
Server: 31.11.34.123 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn3s113.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: ed5d378eba9e2bfb95d14968add94c0555fd743315e7a6b1052e4a6aaaf5b3fd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

Content-Length: 13176
Content-Type: text/html; charset=UTF-8
Date: Thu, 14 Sep 2023 06:32:27 GMT
Server: Microsoft-IIS/8.5
X-Aruba-Cache: NA
X-Aruba2-Cache: NA
X-Powered-By: ASP.NET

Redirect headers

Content-Length: 238
Content-Type: text/html; charset=UTF-8
Date: Thu, 14 Sep 2023 06:32:27 GMT
Location: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
Server: Microsoft-IIS/8.5
X-Aruba-Cache: NA
X-Aruba2-Cache: NA
X-Powered-By: ASP.NET

GET
H/1.1 200
OK bootstrap.min.css
www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/src/ 152 KB
23 KB 91ms
72ms Stylesheet
text/css 31.11.34.123
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/src/bootstrap.min.css
Requested by: Host: www.despacitotour.com
URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
Protocol: HTTP/1.1
Server: 31.11.34.123 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn3s113.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: d509cb9938f42afa415b52da70d88ca9337c814eb336f161f2d5be12370d7259

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Date: Thu, 14 Sep 2023 06:32:27 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Sep 2023 03:07:58 GMT
Server: Microsoft-IIS/8.5
ETag: "03bb9a9b8e6d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
X-Aruba-Cache: NA
Content-Type: text/css
X-Aruba2-Cache: NA
Accept-Ranges: bytes
Content-Length: 23276

GET
H/1.1 200
OK font-awesome.min.css
www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/src/ 30 KB
7 KB 204ms
182ms Stylesheet
text/css 31.11.34.123
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/src/font-awesome.min.css
Requested by: Host: www.despacitotour.com
URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
Protocol: HTTP/1.1
Server: 31.11.34.123 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn3s113.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Date: Thu, 14 Sep 2023 06:32:27 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Sep 2023 03:07:58 GMT
Server: Microsoft-IIS/8.5
ETag: "03bb9a9b8e6d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
X-Aruba-Cache: NA
Content-Type: text/css
X-Aruba2-Cache: NA
Accept-Ranges: bytes
Content-Length: 6995

GET
H/1.1 200
OK creditCardValidator.js Show response
www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/src/ 5 KB
2 KB 188ms
165ms Script
application/javascript 31.11.34.123
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/src/creditCardValidator.js
Requested by: Host: www.despacitotour.com
URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
Protocol: HTTP/1.1
Server: 31.11.34.123 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn3s113.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: dff81136fd39f062791cd1c48d6b6588b5061e58f34ec375497bffcf1c3ff95c

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Date: Thu, 14 Sep 2023 06:32:27 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Sep 2023 03:07:58 GMT
Server: Microsoft-IIS/8.5
ETag: "03bb9a9b8e6d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
X-Aruba-Cache: NA
Content-Type: application/javascript
X-Aruba2-Cache: NA
Accept-Ranges: bytes
Content-Length: 1447

GET
H/1.1 200
OK jquery.min.js Show response
www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/src/ 85 KB
30 KB 213ms
190ms Script
application/javascript 31.11.34.123
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/src/jquery.min.js
Requested by: Host: www.despacitotour.com
URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
Protocol: HTTP/1.1
Server: 31.11.34.123 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn3s113.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Date: Thu, 14 Sep 2023 06:32:27 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Sep 2023 03:07:58 GMT
Server: Microsoft-IIS/8.5
ETag: "03bb9a9b8e6d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
X-Aruba-Cache: NA
Content-Type: application/javascript
X-Aruba2-Cache: NA
Accept-Ranges: bytes
Content-Length: 30230

GET
H/1.1 200
OK popper.min.js Show response
www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/src/ 21 KB
8 KB 210ms
188ms Script
application/javascript 31.11.34.123
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/src/popper.min.js
Requested by: Host: www.despacitotour.com
URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
Protocol: HTTP/1.1
Server: 31.11.34.123 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn3s113.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 03f5c3670a8445c0af75a1b934be176f6c1cde339fbe76b1062cc51e590bca98

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Date: Thu, 14 Sep 2023 06:32:27 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Sep 2023 03:07:58 GMT
Server: Microsoft-IIS/8.5
ETag: "03bb9a9b8e6d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
X-Aruba-Cache: NA
Content-Type: application/javascript
X-Aruba2-Cache: NA
Accept-Ranges: bytes
Content-Length: 7526

GET
H/1.1 200
OK bootstrap.min.js Show response
www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/src/ 57 KB
15 KB 212ms
190ms Script
application/javascript 31.11.34.123
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/src/bootstrap.min.js
Requested by: Host: www.despacitotour.com
URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
Protocol: HTTP/1.1
Server: 31.11.34.123 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn3s113.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 3bcd802e9f77849e7c1e93c87279fbbb04d45949d2be79b03566ceacde29b158

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Date: Thu, 14 Sep 2023 06:32:27 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Sep 2023 03:07:58 GMT
Server: Microsoft-IIS/8.5
ETag: "03bb9a9b8e6d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
X-Aruba-Cache: NA
Content-Type: application/javascript
X-Aruba2-Cache: NA
Accept-Ranges: bytes
Content-Length: 15443

GET
H/1.1 200
OK pn-blue.svg
www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/src/ 2 KB
2 KB 44ms
44ms Image
image/svg+xml 31.11.34.123
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/src/pn-blue.svg
Requested by: Host: www.despacitotour.com
URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
Protocol: HTTP/1.1
Server: 31.11.34.123 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn3s113.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: f0db1480de6f84e05f04a26ca83480a1abcbc779da03c4ad9c06dadb578a98c9

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Date: Thu, 14 Sep 2023 06:32:27 GMT
Last-Modified: Thu, 14 Sep 2023 03:07:58 GMT
Server: Microsoft-IIS/8.5
ETag: "1a7947aab8e6d91:0"
X-Powered-By: ASP.NET
X-Aruba-Cache: NA
Content-Type: image/svg+xml
X-Aruba2-Cache: NA
Accept-Ranges: bytes
Content-Length: 1645

GET
H/1.1 200
OK uSHMClk.jpg
www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/src/ 46 KB
46 KB 52ms
51ms Image
image/jpeg 31.11.34.123
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/src/uSHMClk.jpg
Requested by: Host: www.despacitotour.com
URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
Protocol: HTTP/1.1
Server: 31.11.34.123 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn3s113.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 9e7b1e70327a9422d64b9ec894b9cdd15b8c05983078d297cd21c058c841a754

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Date: Thu, 14 Sep 2023 06:32:27 GMT
Last-Modified: Thu, 14 Sep 2023 03:07:58 GMT
Server: Microsoft-IIS/8.5
ETag: "25a54eaab8e6d91:0"
X-Powered-By: ASP.NET
X-Aruba-Cache: NA
Content-Type: image/jpeg
X-Aruba2-Cache: NA
Accept-Ranges: bytes
Content-Length: 46806

GET
H/1.1 200
OK ship.jpg
www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/src/ 116 KB
117 KB 52ms
52ms Image
image/jpeg 31.11.34.123
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/src/ship.jpg
Requested by: Host: www.despacitotour.com
URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
Protocol: HTTP/1.1
Server: 31.11.34.123 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn3s113.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: aa588e5b7c3849f4812327fe7f0d6e21732061e658f66b45bf2a3829f50346c9

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Date: Thu, 14 Sep 2023 06:32:27 GMT
Last-Modified: Thu, 14 Sep 2023 03:07:58 GMT
Server: Microsoft-IIS/8.5
ETag: "7b454daab8e6d91:0"
X-Powered-By: ASP.NET
X-Aruba-Cache: NA
Content-Type: image/jpeg
X-Aruba2-Cache: NA
Accept-Ranges: bytes
Content-Length: 119211

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 95 KB
34 KB 85ms
25ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: www.despacitotour.com
URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://www.despacitotour.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

date: Wed, 13 Sep 2023 21:17:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33305
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33951
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Sep 2024 21:17:23 GMT

GET
H/1.1 200
OK bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ 36 KB
12 KB 43ms
27ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js

Requested by

Host: www.despacitotour.com
URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/

Protocol

HTTP/1.1

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://www.despacitotour.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Date: Thu, 14 Sep 2023 06:32:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
CDN-EdgeStorageId: 755
Age: 19235128
Transfer-Encoding: chunked
CDN-CachedAt: 12/13/2021 20:18:53
CDN-PullZone: 252412
cross-origin-resource-policy: cross-origin
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Mon, 25 Jan 2021 22:04:00 GMT
CDN-ProxyVer: 1.02
CDN-RequestPullCode: 200
Server: cloudflare
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
CDN-Cache: HIT
CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
Cache-Control: public, max-age=31919000
CDN-RequestId: 48135f30fbfcba704628453df5764d8f
timing-allow-origin: *
CDN-RequestCountryCode: DE
CDN-Status: 200
CF-RAY: 806697cb6f48839d-MXP
CDN-RequestPullSuccess: True

GET
H/1.1 200
OK jquery.payform.min.js Show response
www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/assets/js/ 8 KB
3 KB 83ms
83ms Script
application/javascript 31.11.34.123
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/assets/js/jquery.payform.min.js
Requested by: Host: www.despacitotour.com
URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
Protocol: HTTP/1.1
Server: 31.11.34.123 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn3s113.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 5314c05004534b7ad529b2ed9f83c58eca0004ff24a5b876ffb09b4b4aacb4d0

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Date: Thu, 14 Sep 2023 06:32:27 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Sep 2023 03:07:58 GMT
Server: Microsoft-IIS/8.5
ETag: "03bb9a9b8e6d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
X-Aruba-Cache: NA
Content-Type: application/javascript
X-Aruba2-Cache: NA
Accept-Ranges: bytes
Content-Length: 2693

GET
H/1.1 200
OK script.js Show response
www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/assets/js/ 2 KB
2 KB 47ms
46ms Script
application/javascript 31.11.34.123
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/assets/js/script.js
Requested by: Host: www.despacitotour.com
URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
Protocol: HTTP/1.1
Server: 31.11.34.123 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn3s113.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 0c6229b990f01328e91bbfba00d9317e197c7a85e5682466a14b3ba034b575f3

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Date: Thu, 14 Sep 2023 06:32:27 GMT
Last-Modified: Thu, 14 Sep 2023 03:07:58 GMT
Server: Microsoft-IIS/8.5
ETag: "afb2bba9b8e6d91:0"
X-Powered-By: ASP.NET
X-Aruba-Cache: NA
Content-Type: application/javascript
X-Aruba2-Cache: NA
Accept-Ranges: bytes
Content-Length: 2031

GET fontawesome-webfont.woff2
www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/fonts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.despacitotour.com
URL: http://www.despacitotour.com/wp-includes/js/bruger/f32b30c2a289bfca2c9857ffc5871ac8/fonts/fontawesome-webfont.woff2?v=4.7.0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PostNord AB (Transportation)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
despacitotour.com
maxcdn.bootstrapcdn.com
www.despacitotour.com
www.despacitotour.com
2606:4700::6812:bcf
2a00:1450:4001:828::200a
31.11.34.123
03f5c3670a8445c0af75a1b934be176f6c1cde339fbe76b1062cc51e590bca98
0c6229b990f01328e91bbfba00d9317e197c7a85e5682466a14b3ba034b575f3
3bcd802e9f77849e7c1e93c87279fbbb04d45949d2be79b03566ceacde29b158
5314c05004534b7ad529b2ed9f83c58eca0004ff24a5b876ffb09b4b4aacb4d0
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c
9e7b1e70327a9422d64b9ec894b9cdd15b8c05983078d297cd21c058c841a754
aa588e5b7c3849f4812327fe7f0d6e21732061e658f66b45bf2a3829f50346c9
d509cb9938f42afa415b52da70d88ca9337c814eb336f161f2d5be12370d7259
dff81136fd39f062791cd1c48d6b6588b5061e58f34ec375497bffcf1c3ff95c
ed5d378eba9e2bfb95d14968add94c0555fd743315e7a6b1052e4a6aaaf5b3fd
f0db1480de6f84e05f04a26ca83480a1abcbc779da03c4ad9c06dadb578a98c9

www.despacitotour.com Open in urlscan Pro 31.11.34.123 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

7 %HTTPS

67 %IPv6

3 Domains

4 Subdomains

4 IPs

3 Countries

314 kBTransfer

667 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

www.despacitotour.com Open in urlscan Pro
31.11.34.123 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

7 %
HTTPS

67 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

314 kB
Transfer

667 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!