www.sicurezzaappweb.com
Open in
urlscan Pro
199.188.200.138
Malicious Activity!
Public Scan
Submission: On October 22 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 22nd 2021. Valid for: a year.
This is the only time www.sicurezzaappweb.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BNP Paribas (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 199.188.200.138 199.188.200.138 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 2a00:1450:400... 2a00:1450:4001:831::200a | 15169 (GOOGLE) (GOOGLE) | |
3 | 2a00:1450:400... 2a00:1450:4001:80f::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 23.23.229.175 23.23.229.175 | 14618 (AMAZON-AES) (AMAZON-AES) | |
11 | 4 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server250-5.web-hosting.com
www.sicurezzaappweb.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-23-23-229-175.compute-1.amazonaws.com
api.ipify.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
sicurezzaappweb.com
www.sicurezzaappweb.com |
101 KB |
3 |
gstatic.com
fonts.gstatic.com |
66 KB |
1 |
ipify.org
api.ipify.org |
263 B |
1 |
googleapis.com
fonts.googleapis.com |
1 KB |
11 | 4 |
Domain | Requested by | |
---|---|---|
6 | www.sicurezzaappweb.com |
www.sicurezzaappweb.com
|
3 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | api.ipify.org |
www.sicurezzaappweb.com
|
1 | fonts.googleapis.com |
www.sicurezzaappweb.com
|
11 | 4 |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sicurezzaappweb.com Sectigo RSA Domain Validation Secure Server CA |
2021-10-22 - 2022-10-22 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-10-04 - 2021-12-27 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-10-04 - 2021-12-27 |
3 months | crt.sh |
*.ipify.org Sectigo RSA Domain Validation Secure Server CA |
2021-01-19 - 2022-02-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.sicurezzaappweb.com/
Frame ID: 5A0B3A1259F654123FC88BE643580341
Requests: 11 HTTP requests in this frame
2 Outgoing links
These are links going to different origins than the main page.
Title: Informazioni sulla sicurezza
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.sicurezzaappweb.com/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
www.sicurezzaappweb.com/data/ |
43 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-latest.min.js
www.sicurezzaappweb.com/cdn/ |
94 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bnl_logo_transparent.png
www.sicurezzaappweb.com/rsc/contrib/graphicaltheme/bnl-public/img/brand_block/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BNL_login.jpg
www.sicurezzaappweb.com/rsc/contrib/graphicaltheme/bnl-private/img/ |
55 KB 56 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.js
www.sicurezzaappweb.com/cdn/ |
589 B 355 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JTURjIg1_i6t8kCHKm45_ZpC3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ |
19 KB 20 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ |
23 KB 23 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ |
22 KB 23 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api.ipify.org/ |
23 B 263 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BNP Paribas (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery function| getMobileOperatingSystem0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.ipify.org
fonts.googleapis.com
fonts.gstatic.com
www.sicurezzaappweb.com
199.188.200.138
23.23.229.175
2a00:1450:4001:80f::2003
2a00:1450:4001:831::200a
13eb615165c92892fcd46e01782dd0fc52d36f236f883aad488c2cf4dcf9206e
20ab6c9f666e492e0599d1933ed3ace67c2c4b9759861129250c31c728e06386
4a75e1a8145933c88f71c021d1efb336aced9bd55871cbba1d7755f958e8c799
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
9cf59e4de6a7e10426913f624a1fd437f74b44cca07072eef92ac7e20ac720d2
b4bc250785189008647ad8c9efe491534e0cc33f3ac460905a6d708ebed923d4
b712d87afd1239b8e50e2cba4e0bc571d19c46b08b9232c67de360f6c6a99595
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
f5074f715ee09acf6984600e7f2cb12240c5225862bef29402116d4ee8ad5c98
faeb6208e6ea232eee8679854f65caae667c047556cf9fd8e3d5f6ad4bbd58d3