urlscan.io logo urlscan.io
SecurityTrails logo

www.stazionebricolor.com Open in urlscan Pro
2a02:c207:2006:7827::1  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://kanbsonedesser.blogspot.com/
Effective URL: http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/Login?view=login&appIdKey=fcd00c0656cc490&cou...
Submission: On May 28 via api from BE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 8 HTTP transactions. The main IP is 2a02:c207:2006:7827::1, located in Germany and belongs to CONTABO, DE. The main domain is www.stazionebricolor.com.
This is the only time www.stazionebricolor.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Chase (Banking)

Domain & IP information

IP Address AS Autonomous System
1 2a00:1450:400... 15169 (GOOGLE)
7 2a02:c207:200... 51167 (CONTABO)
8 2
Domain Requested by
7 www.stazionebricolor.com kanbsonedesser.blogspot.com
www.stazionebricolor.com
1 kanbsonedesser.blogspot.com
8 2

This site contains no links.

Subject Issuer Validity Valid
misc-sni.blogspot.com
GTS CA 1C3		 2021-05-03 -
2021-07-26		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/Login?view=login&appIdKey=fcd00c0656cc490&country=
Frame ID: 49A4E6DF0D36FE3202C82F2F848B6EBA
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://kanbsonedesser.blogspot.com/ Page URL
  2. http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/index.php Page URL
  3. http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/Login?view=login&appIdKey... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /^https?:\/\/[^/]+\.blogspot\.com/i
Overall confidence: 100%
Detected patterns
  • url /^https?:\/\/[^/]+\.blogspot\.com/i
Overall confidence: 100%
Detected patterns
  • headers server /GSE/i
Overall confidence: 100%
Detected patterns
  • headers server /GSE/i

Page Statistics

8
Requests

13 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

861 kB
Transfer

924 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://kanbsonedesser.blogspot.com/ Page URL
  2. http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/index.php Page URL
  3. http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/Login?view=login&appIdKey=fcd00c0656cc490&country= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
kanbsonedesser.blogspot.com/ 		70 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kanbsonedesser.blogspot.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
kanbsonedesser.blogspot.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-security-policy-report-only
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.blogger.com/cspreport
content-type
text/html; charset=UTF-8
expires
Fri, 28 May 2021 11:01:40 GMT
date
Fri, 28 May 2021 11:01:40 GMT
cache-control
private, max-age=0
last-modified
Fri, 28 May 2021 02:32:30 GMT
etag
W/"b95b69589de72b16e48bf39832cbeaf1429efa9ef914333ee0cc37f189179d44"
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
15225
server
GSE
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Cookie set index.php
www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/ 		160 B
604 B 		Document
General
Check archive.org
Download Go to
Full URL
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/index.php
Requested by
Host: kanbsonedesser.blogspot.com
URL: https://kanbsonedesser.blogspot.com/
Protocol
HTTP/1.1
Server
2a02:c207:2006:7827::1 , Germany, ASN51167 (CONTABO, DE),
Reverse DNS
Software
nginx / PHP/5.6.40 PleskLin
Resource Hash

Request headers

Host
www.stazionebricolor.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
nginx
Date
Fri, 28 May 2021 11:01:39 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
156
Connection
keep-alive
X-Powered-By
PHP/5.6.40 PleskLin
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
PHPSESSID=i5e640tajqe2tm8u42ma1i06h0; path=/
Vary
Accept-Encoding
Content-Encoding
gzip
Primary Request Login
www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/ 		13 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/Login?view=login&appIdKey=fcd00c0656cc490&country=
Requested by
Host: www.stazionebricolor.com
URL: http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/index.php
Protocol
HTTP/1.1
Server
2a02:c207:2006:7827::1 , Germany, ASN51167 (CONTABO, DE),
Reverse DNS
Software
nginx / PHP/5.6.40 PleskLin
Resource Hash
065d9226c60bc8c5422bfd4ec1e95f5e55faecf4b7f4aaf45e2a940f154d75b4

Request headers

Host
www.stazionebricolor.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/index.php
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
PHPSESSID=i5e640tajqe2tm8u42ma1i06h0
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/index.php

Response headers

Server
nginx
Date
Fri, 28 May 2021 11:01:39 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
3033
Connection
keep-alive
X-Powered-By
PHP/5.6.40 PleskLin
Vary
Accept-Encoding
Content-Encoding
gzip
blue-ui.css
www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/style/ 		498 KB
499 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/style/blue-ui.css
Requested by
Host: www.stazionebricolor.com
URL: http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/Login?view=login&appIdKey=fcd00c0656cc490&country=
Protocol
HTTP/1.1
Server
2a02:c207:2006:7827::1 , Germany, ASN51167 (CONTABO, DE),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
695c5bb90c6e796f1404142ba0a091ecd12f264126002baa94dc449699ee6bde

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.stazionebricolor.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/Login?view=login&appIdKey=fcd00c0656cc490&country=
Cookie
PHPSESSID=i5e640tajqe2tm8u42ma1i06h0
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/Login?view=login&appIdKey=fcd00c0656cc490&country=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 28 May 2021 11:01:39 GMT
ETag
"606f8a84-7c8cb"
Last-Modified
Thu, 08 Apr 2021 22:58:12 GMT
Server
nginx
X-Powered-By
PleskLin
Content-Type
text/css
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
510155
Expires
Fri, 04 Jun 2021 11:01:39 GMT
logon.css
www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/style/ 		113 KB
113 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/style/logon.css
Requested by
Host: www.stazionebricolor.com
URL: http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/Login?view=login&appIdKey=fcd00c0656cc490&country=
Protocol
HTTP/1.1
Server
2a02:c207:2006:7827::1 , Germany, ASN51167 (CONTABO, DE),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
3fd08ab663e4f6f00ae7d99fd1b5952ea972caffc18e05a39e107aeacb5fb9ec

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.stazionebricolor.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/Login?view=login&appIdKey=fcd00c0656cc490&country=
Cookie
PHPSESSID=i5e640tajqe2tm8u42ma1i06h0
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/Login?view=login&appIdKey=fcd00c0656cc490&country=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 28 May 2021 11:01:39 GMT
ETag
"606f893c-1c2be"
Last-Modified
Thu, 08 Apr 2021 22:52:44 GMT
Server
nginx
X-Powered-By
PleskLin
Content-Type
text/css
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
115390
Expires
Fri, 04 Jun 2021 11:01:39 GMT
background.desktop.night.4.jpeg
www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/style/ 		160 KB
160 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/style/background.desktop.night.4.jpeg
Requested by
Host: www.stazionebricolor.com
URL: http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/Login?view=login&appIdKey=fcd00c0656cc490&country=
Protocol
HTTP/1.1
Server
2a02:c207:2006:7827::1 , Germany, ASN51167 (CONTABO, DE),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
ef85a34565c1a5a1c8cdb5543f029447fbd0c3e97fdb2a7dbad555124f1f911c

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.stazionebricolor.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/Login?view=login&appIdKey=fcd00c0656cc490&country=
Cookie
PHPSESSID=i5e640tajqe2tm8u42ma1i06h0
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/Login?view=login&appIdKey=fcd00c0656cc490&country=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 28 May 2021 11:01:39 GMT
ETag
"606f8bc8-27e91"
Last-Modified
Thu, 08 Apr 2021 23:03:36 GMT
Server
nginx
X-Powered-By
PleskLin
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
163473
Expires
Sun, 27 Jun 2021 11:01:39 GMT
wordmark-white.svg
www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/style/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/style/wordmark-white.svg
Requested by
Host: www.stazionebricolor.com
URL: http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/style/logon.css
Protocol
HTTP/1.1
Server
2a02:c207:2006:7827::1 , Germany, ASN51167 (CONTABO, DE),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.stazionebricolor.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/style/logon.css
Cookie
PHPSESSID=i5e640tajqe2tm8u42ma1i06h0
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/style/logon.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 28 May 2021 11:01:40 GMT
ETag
"606f890e-581"
Last-Modified
Thu, 08 Apr 2021 22:51:58 GMT
Server
nginx
X-Powered-By
PleskLin
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1409
Expires
Sat, 28 May 2022 11:01:40 GMT
dcefont.woff
www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/style/ 		69 KB
69 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/style/dcefont.woff
Requested by
Host: www.stazionebricolor.com
URL: http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/style/blue-ui.css
Protocol
HTTP/1.1
Server
2a02:c207:2006:7827::1 , Germany, ASN51167 (CONTABO, DE),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
6ea71f4189e78297e3d1834c586a10dd39826ed8361cb1268b847cef45e03cb1

Request headers

Pragma
no-cache
Origin
http://www.stazionebricolor.com
Accept-Encoding
gzip, deflate
Host
www.stazionebricolor.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
*/*
Referer
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/style/blue-ui.css
Cookie
PHPSESSID=i5e640tajqe2tm8u42ma1i06h0
Connection
keep-alive
Cache-Control
no-cache
Origin
http://www.stazionebricolor.com
Referer
http://www.stazionebricolor.com//modules/smartprestashopthemeadmin/upload/homes/CH/style/blue-ui.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 28 May 2021 11:01:40 GMT
ETag
"606f8a3e-11298"
Last-Modified
Thu, 08 Apr 2021 22:57:02 GMT
Server
nginx
X-Powered-By
PleskLin
Content-Type
application/x-font-woff
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
70296
Expires
Sat, 28 May 2022 11:01:40 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Chase (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated

1 Cookies

Domain/Path Name / Value
www.stazionebricolor.com/ Name: PHPSESSID
Value: i5e640tajqe2tm8u42ma1i06h0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block