605da716ea7651a6b359c9f8.trk.mailchef.4dem.it Open in urlscan Pro
34.147.46.37 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/ttn.php?p=b3643401f830b1960ed3c88497a31d31/8atc/7n6s/rs/1nz0/200l/rs/rs/rs//https://605da716ea76...
Effective URL:
https://605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/wbs1.php?p=8atc%2F7n6s%2Frs%2F1nz0%2F200l%2Frs%2Frs&utm_source=4Dem&utm_medium=Email-Marketing-4...
Submission Tags: phishing malicious Search All
Submission: On September 13 via api (September 13th 2023, 7:40:55 am UTC) from NL — Scanned from IT

Summary HTTP 3 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 3 HTTP transactions. The main IP is 34.147.46.37, located in Groningen, Netherlands and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is 605da716ea7651a6b359c9f8.trk.mailchef.4dem.it.
TLS certificate: Issued by R3 on August 19th 2023. Valid for: 3 months.

This is the only time 605da716ea7651a6b359c9f8.trk.mailchef.4dem.it was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1 4	34.147.46.37 34.147.46.37		396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	1

4 34.147.46.37 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 37.46.147.34.bc.googleusercontent.com

605da716ea7651a6b359c9f8.trk.mailchef.4dem.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.4img.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	4img.it cdn.4img.it	67 KB
2	4dem.it 1 redirects 605da716ea7651a6b359c9f8.trk.mailchef.4dem.it	4 KB
3	2

	Domain	Requested by
2	cdn.4img.it	605da716ea7651a6b359c9f8.trk.mailchef.4dem.it
2	605da716ea7651a6b359c9f8.trk.mailchef.4dem.it	1 redirects
3	2

This site contains links to these domains. Also see Links.

Domain
www.uil.it
youtu.be

Subject Issuer	Validity	Valid
*.trk.mailchef.4dem.it R3	`2023-08-19` - `2023-11-17`	3 months	crt.sh
*.4img.it R3	`2023-07-20` - `2023-10-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/wbs1.php?p=8atc%2F7n6s%2Frs%2F1nz0%2F200l%2Frs%2Frs&utm_source=4Dem&utm_medium=Email-Marketing-4Dem&utm_campaign=FREEBACK&utm_content=Subscriber%2376724
Frame ID: 7B5DA410FF50F1E80751375A91B193CA
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

La UIL ti dà il benvenuto nel circuito FREEBACK.

Page URL History Show full URLs

https://605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/ttn.php?p=b3643401f830b1960ed3c88497a31d31/8atc/7n6s/rs/1nz0/200l/rs/rs/rs//... HTTP 302
https://605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/wbs1.php?p=8atc%2F7n6s%2Frs%2F1nz0%2F200l%2Frs%2Frs&utm_source=4Dem&utm_medi... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

71 kB
Transfer

82 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.uil.it/uilconvenzioni/

Search URL Search Domain Scan URL

URL: https://youtu.be/iorIpoo-1wk
Title: Guarda il VIDEO

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/ttn.php?p=b3643401f830b1960ed3c88497a31d31/8atc/7n6s/rs/1nz0/200l/rs/rs/rs//https://605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/wbs1.php?p=8atc/7n6s/rs/1nz0/200l/rs/rs HTTP 302
https://605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/wbs1.php?p=8atc%2F7n6s%2Frs%2F1nz0%2F200l%2Frs%2Frs&utm_source=4Dem&utm_medium=Email-Marketing-4Dem&utm_campaign=FREEBACK&utm_content=Subscriber%2376724 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request wbs1.php Show response 605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/ Redirect Chain https://605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/ttn.php?p=b3643401f830b1960ed3c88497a31d31/8atc/7n6s/rs/1nz0/200l/rs/rs/rs//https://605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/wbs1.php?p=8a... https://605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/wbs1.php?p=8atc%2F7n6s%2Frs%2F1nz0%2F200l%2Frs%2Frs&utm_source=4Dem&utm_medium=Email-Marketing-4Dem&utm_campaign=FREEBACK&utm_content=Subscribe...	16 KB 4 KB	2197ms 2196ms	Document text/html	34.147.46.37 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/wbs1.php?p=8atc%2F7n6s%2Frs%2F1nz0%2F200l%2Frs%2Frs&utm_source=4Dem&utm_medium=Email-Marketing-4Dem&utm_campaign=FREEBACK&utm_content=Subscriber%2376724 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.147.46.37 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 37.46.147.34.bc.googleusercontent.com Software envoy / Resource Hash `30f89e792a9225325f0efc4ab6f262f472a2c7ba1f32c6b898654ef3782e5682` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers access-control-allow-origin * content-encoding gzip content-type text/html; charset=UTF-8 date Wed, 13 Sep 2023 07:40:51 GMT server envoy x-envoy-upstream-service-time 2156 Redirect headers access-control-allow-origin * content-encoding gzip content-type text/html; charset=UTF-8 date Wed, 13 Sep 2023 07:40:49 GMT location https://605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/wbs1.php?p=8atc%2F7n6s%2Frs%2F1nz0%2F200l%2Frs%2Frs&utm_source=4Dem&utm_medium=Email-Marketing-4Dem&utm_campaign=FREEBACK&utm_content=Subscriber%2376724 server envoy vary Accept-Encoding x-envoy-upstream-service-time 1963
GET H2	200	logo_UILconvenzioni_New.png cdn.4img.it/605da716ea7651a6b359c9f8-17cbbae9-30d1-4406-ac71-5be643259f0d/	37 KB 37 KB	165ms 68ms	Image image/png	34.147.46.37 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.4img.it/605da716ea7651a6b359c9f8-17cbbae9-30d1-4406-ac71-5be643259f0d/logo_UILconvenzioni_New.png Requested by Host: 605da716ea7651a6b359c9f8.trk.mailchef.4dem.it URL: https://605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/wbs1.php?p=8atc%2F7n6s%2Frs%2F1nz0%2F200l%2Frs%2Frs&utm_source=4Dem&utm_medium=Email-Marketing-4Dem&utm_campaign=FREEBACK&utm_content=Subscriber%2376724 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.147.46.37 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 37.46.147.34.bc.googleusercontent.com Software envoy / Resource Hash `fff07cbe0fa0661360a8ffca1d6af58aef5f60fab86a1b5d987a50e4acb6a2cc` Request headers accept-language it-IT,it;q=0.9 Referer https://605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers date Wed, 13 Sep 2023 07:40:51 GMT server envoy x-cache-status STALE content-description File Transfer content-type image/png content-transfer-encoding binary x-envoy-upstream-service-time 3 content-disposition inline; filename=logo_UILconvenzioni_New.png content-length 37687
GET H2	200	FreeBack2.jpg cdn.4img.it/605da716ea7651a6b359c9f8-e603b302-3b07-47d6-be01-142a6f282540/	30 KB 30 KB	211ms 114ms	Image image/jpeg	34.147.46.37 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.4img.it/605da716ea7651a6b359c9f8-e603b302-3b07-47d6-be01-142a6f282540/FreeBack2.jpg Requested by Host: 605da716ea7651a6b359c9f8.trk.mailchef.4dem.it URL: https://605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/wbs1.php?p=8atc%2F7n6s%2Frs%2F1nz0%2F200l%2Frs%2Frs&utm_source=4Dem&utm_medium=Email-Marketing-4Dem&utm_campaign=FREEBACK&utm_content=Subscriber%2376724 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.147.46.37 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 37.46.147.34.bc.googleusercontent.com Software envoy / Resource Hash `411d2a5bb27551554adcc7096c2fcc2919fa04c5b59992d44ca4485c03c6c815` Request headers accept-language it-IT,it;q=0.9 Referer https://605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers date Wed, 13 Sep 2023 07:40:51 GMT server envoy x-cache-status MISS content-description File Transfer content-type image/jpeg content-transfer-encoding binary x-envoy-upstream-service-time 58 content-disposition inline; filename=FreeBack2.jpg content-length 30567

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			605da716ea7651a6b359c9f8.trk.mailchef.4dem.it/	1969-12-31 23:59:59	Name: PHPSESSID Value: g25u28maq6893t65vf5nqok2q5

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

605da716ea7651a6b359c9f8.trk.mailchef.4dem.it
cdn.4img.it
34.147.46.37
30f89e792a9225325f0efc4ab6f262f472a2c7ba1f32c6b898654ef3782e5682
411d2a5bb27551554adcc7096c2fcc2919fa04c5b59992d44ca4485c03c6c815
fff07cbe0fa0661360a8ffca1d6af58aef5f60fab86a1b5d987a50e4acb6a2cc

605da716ea7651a6b359c9f8.trk.mailchef.4dem.it Open in urlscan Pro 34.147.46.37 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

3 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

1 Countries

71 kBTransfer

82 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

1 Cookies

Indicators

605da716ea7651a6b359c9f8.trk.mailchef.4dem.it Open in urlscan Pro
34.147.46.37 Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

71 kB
Transfer

82 kB
Size

1
Cookies

3 HTTP transactions
0 data transactions