access.apcoa.it Open in urlscan Pro
185.2.4.138 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/uWyRXYxRxw
Effective URL:
https://access.apcoa.it/includes/re/evPostcode.php?sslchannel=true&sessionid=AMnmGy1iQVrHNGZ6oqvgFZADE4YeOFqprOL8mMqcIRU...
Submission: On June 27 via manual (June 27th 2024, 7:21:11 am UTC) from GB — Scanned from GB

Summary HTTP 27 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 3 countries across 5 domains to perform 27 HTTP transactions. The main IP is 185.2.4.138, located in Italy and belongs to REGISTER_UK-AS, IT. The main domain is access.apcoa.it.
TLS certificate: Issued by R11 on June 24th 2024. Valid for: 3 months.

This is the only time access.apcoa.it was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Hermes (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	93.184.221.165 93.184.221.165	15133 (EDGECAST) (EDGECAST)
2 2	81.88.53.88 81.88.53.88	39729 (REGISTER-AS) (REGISTER-AS)
2 2	67.20.76.77 67.20.76.77	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
2 2	162.241.217.153 162.241.217.153	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
2 28	185.2.4.138 185.2.4.138	203461 (REGISTER_...) (REGISTER_UK-AS)
27	2

1 93.184.221.165 (London, United Kingdom)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 81.88.53.88 (Italy) 2 redirects

ASN39729 (REGISTER-AS, IT)
PTR: lhcp3338.webapps.net

joanbrunetmauri.cat	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.20.76.77 (United States) 2 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: host2009.hostmonster.com

www.rinox.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.241.217.153 (United States) 2 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5492.bluehost.com

lso.plo.mybluehost.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 185.2.4.138 (Italy) 2 redirects

ASN203461 (REGISTER_UK-AS, IT)
PTR: lhcp1138.webapps.net

access.apcoa.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
28	apcoa.it 2 redirects access.apcoa.it	606 KB
2	mybluehost.me 2 redirects lso.plo.mybluehost.me	390 B
2	rinox.in 2 redirects www.rinox.in	392 B
2	joanbrunetmauri.cat 2 redirects joanbrunetmauri.cat	344 B
1	t.co t.co — Cisco Umbrella Rank: 726	593 B
27	5

	Domain	Requested by
28	access.apcoa.it	2 redirects t.co access.apcoa.it
2	lso.plo.mybluehost.me	2 redirects
2	www.rinox.in	2 redirects
2	joanbrunetmauri.cat	2 redirects
1	t.co
27	5

This site contains no links.

Subject Issuer	Validity	Valid
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
www.access.apcoa.it R11	`2024-06-24` - `2024-09-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://access.apcoa.it/includes/re/evPostcode.php?sslchannel=true&sessionid=AMnmGy1iQVrHNGZ6oqvgFZADE4YeOFqprOL8mMqcIRUwyTCWk8cZ8NDNRB1Ggs5HgQQCDgPm8JSHCvDXEQWMDAAvbCbs4gal70YLhN7pwZ69vK79A4VeEvJQ7Uicbtxitv
Frame ID: 60ED674A74CC5BC47485C1781E6C2279
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Parcel Tracking UK | Track My Parcel | Evri

Page URL History Show full URLs

https://t.co/uWyRXYxRxw Page URL
https://joanbrunetmauri.cat/wp-content/uploads/2024/03/re/antibotdavid HTTP 301
https://joanbrunetmauri.cat/wp-content/uploads/2024/03/re/antibotdavid/ HTTP 302
https://www.rinox.in/wp-content/uploads/2024/e/antibotdavid HTTP 301
https://www.rinox.in/wp-content/uploads/2024/e/antibotdavid/ HTTP 302
https://lso.plo.mybluehost.me/wp-content/uploads/2024/06/re/antibotdavid HTTP 301
https://lso.plo.mybluehost.me/wp-content/uploads/2024/06/re/antibotdavid/ HTTP 302
https://access.apcoa.it/includes/re HTTP 301
https://access.apcoa.it/includes/re/ HTTP 302
https://access.apcoa.it/includes/re/evPostcode.php?sslchannel=true&sessionid=AMnmGy1iQVrHNGZ6oqvgFZA... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<div [^>]*id="__nuxt"

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

27
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

2
IPs

3
Countries

606 kB
Transfer

788 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/uWyRXYxRxw Page URL
https://joanbrunetmauri.cat/wp-content/uploads/2024/03/re/antibotdavid HTTP 301
https://joanbrunetmauri.cat/wp-content/uploads/2024/03/re/antibotdavid/ HTTP 302
https://www.rinox.in/wp-content/uploads/2024/e/antibotdavid HTTP 301
https://www.rinox.in/wp-content/uploads/2024/e/antibotdavid/ HTTP 302
https://lso.plo.mybluehost.me/wp-content/uploads/2024/06/re/antibotdavid HTTP 301
https://lso.plo.mybluehost.me/wp-content/uploads/2024/06/re/antibotdavid/ HTTP 302
https://access.apcoa.it/includes/re HTTP 301
https://access.apcoa.it/includes/re/ HTTP 302
https://access.apcoa.it/includes/re/evPostcode.php?sslchannel=true&sessionid=AMnmGy1iQVrHNGZ6oqvgFZADE4YeOFqprOL8mMqcIRUwyTCWk8cZ8NDNRB1Ggs5HgQQCDgPm8JSHCvDXEQWMDAAvbCbs4gal70YLhN7pwZ69vK79A4VeEvJQ7Uicbtxitv Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 uWyRXYxRxw
t.co/ 370 B
593 B 292ms
149ms Document
text/html 93.184.221.165
EDGECAST

General

Domain/Path	Expires	Name / Value
.t.co/	1970-01-21 07:08:07	Name: muc Value: fa90efd2-a9b4-4b29-bc7a-949cf3c2fc2c
joanbrunetmauri.cat/	1969-12-31 23:59:59	Name: PHPSESSID Value: 0bo2ki42ovoudtda0c3i3bm25p
www.rinox.in/	1969-12-31 23:59:59	Name: PHPSESSID Value: fe0f608d1bbf24f45d7e9218a7c8f7e5
lso.plo.mybluehost.me/	1969-12-31 23:59:59	Name: PHPSESSID Value: 4b55699e4c8623cce31f374a8e2a5cf9
access.apcoa.it/	1969-12-31 23:59:59	Name: PHPSESSID Value: fq7vopmnerckrsef6epn564i63

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

access.apcoa.it Open in urlscan Pro 185.2.4.138 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

27 Requests

100 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

2 IPs

3 Countries

606 kBTransfer

788 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

access.apcoa.it Open in urlscan Pro
185.2.4.138 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

27
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

2
IPs

3
Countries

606 kB
Transfer

788 kB
Size

5
Cookies

27 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!