fedemarra.xoom.it Open in urlscan Pro
213.209.30.176 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://fedemarra.xoom.it/
Submission: On August 23 via automatic, source openphish (August 23rd 2021, 1:09:43 am UTC)

Summary HTTP 26 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 4 countries across 6 domains to perform 26 HTTP transactions. The main IP is 213.209.30.176, located in Assago, Italy and belongs to MATRIX-AS, IT. The main domain is fedemarra.xoom.it.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 19th 2020. Valid for: a year.

This is the only time fedemarra.xoom.it was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1	213.209.30.176 213.209.30.176	8660 (MATRIX-AS) (MATRIX-AS)
3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 3	34.247.137.95 34.247.137.95	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:219... 2600:9000:2190:f800:2:42d9:3100:93a1	16509 (AMAZON-02) (AMAZON-02)
2	13.224.102.101 13.224.102.101	16509 (AMAZON-02) (AMAZON-02)
1	13.224.102.68 13.224.102.68	16509 (AMAZON-02) (AMAZON-02)
1	185.54.150.20 185.54.150.20	60164 (WEBTREKK-AS) (WEBTREKK-AS)
1 2	13.224.102.122 13.224.102.122	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:21f... 2600:9000:21f3:fa00:1d:667e:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
26	10

1 213.209.30.176 (Assago, Italy)

ASN8660 (MATRIX-AS, IT)

fedemarra.xoom.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.247.137.95 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-247-137-95.eu-west-1.compute.amazonaws.com

secure-it.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2190:f800:2:42d9:3100:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.102.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-102-101.zrh50.r.cloudfront.net

i.plug.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.102.68 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-102-68.zrh50.r.cloudfront.net

bee.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.54.150.20 (Germany)

ASN60164 (WEBTREKK-AS, DE)

italiaonline01.wt-eu02.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.102.122 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-102-122.zrh50.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:fa00:1d:667e:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

ym3qld67rrnewlmnqxktwzgskycwh1629680968.nuid.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	imrworldwide.com 1 redirects secure-it.imrworldwide.com cdn-gl.imrworldwide.com bee.imrworldwide.com ym3qld67rrnewlmnqxktwzgskycwh1629680968.nuid.imrworldwide.com	71 KB
3	facebook.com www.facebook.com Failed	67 KB
2	scorecardresearch.com 1 redirects sb.scorecardresearch.com	841 B
2	plug.it i.plug.it	13 KB
1	wt-eu02.net italiaonline01.wt-eu02.net	901 B
1	xoom.it fedemarra.xoom.it	29 KB
26	6

	Domain	Requested by
4	cdn-gl.imrworldwide.com	fedemarra.xoom.it secure-it.imrworldwide.com cdn-gl.imrworldwide.com
3	secure-it.imrworldwide.com	1 redirects fedemarra.xoom.it
3	www.facebook.com	fedemarra.xoom.it
2	sb.scorecardresearch.com	1 redirects fedemarra.xoom.it
2	i.plug.it	fedemarra.xoom.it
1	ym3qld67rrnewlmnqxktwzgskycwh1629680968.nuid.imrworldwide.com	fedemarra.xoom.it
1	italiaonline01.wt-eu02.net	fedemarra.xoom.it
1	bee.imrworldwide.com	secure-it.imrworldwide.com
1	fedemarra.xoom.it
26	9

This site contains no links.

Subject Issuer	Validity	Valid
*.xoom.it Sectigo RSA Domain Validation Secure Server CA	`2020-10-19` - `2021-10-19`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-20` - `2021-10-18`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-28` - `2022-02-01`	a year	crt.sh
*.plug.it Sectigo RSA Domain Validation Secure Server CA	`2020-12-15` - `2022-01-15`	a year	crt.sh
*.wt-eu02.net Sectigo RSA Domain Validation Secure Server CA	`2020-12-28` - `2022-01-28`	a year	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
*.nuid.imrworldwide.com Amazon	`2021-06-11` - `2022-07-10`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://fedemarra.xoom.it/
Frame ID: EA05CB6445E09E7F03B870553F08DD62
Requests: 24 HTTP requests in this frame

Frame: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Frame ID: FD815570C6FEA0FEAE471FEA9BE6262B
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

26
Requests

62 %
HTTPS

33 %
IPv6

6
Domains

9
Subdomains

10
IPs

4
Countries

196 kB
Transfer

486 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

https://secure-it.imrworldwide.com/v60.js HTTP 301
https://cdn-gl.imrworldwide.com/v60.js

Request Chain 19

https://sb.scorecardresearch.com/b?c1=2&c2=33012141&ns__t=1629680967899&ns_c=UTF-8&c7=https%3A%2F%2Ffedemarra.xoom.it%2F&c8=Ti%20diamo%20il%20benvenuto%20su%20Facebook%3A%20accedi%2C%20iscriviti%20o%20scopri%20maggiori%20informazioni HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=33012141&ns__t=1629680967899&ns_c=UTF-8&c7=https%3A%2F%2Ffedemarra.xoom.it%2F&c8=Ti%20diamo%20il%20benvenuto%20su%20Facebook%3A%20accedi%2C%20iscriviti%20o%20scopri%20maggiori%20informazioni

26 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
fedemarra.xoom.it/ 111 KB
29 KB 262ms
55ms Document
text/html 213.209.30.176
MATRIX-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://fedemarra.xoom.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.209.30.176 Assago, Italy, ASN8660 (MATRIX-AS, IT),

Reverse DNS

Software

Apache /

Resource Hash

75b5d6b2722e7c914bdea5990a82ac2be3bf35d80d7fa32f890d3b4b5621bef2

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Host: fedemarra.xoom.it
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 23 Aug 2021 01:09:27 GMT
Server: Apache
Vary: Host,Accept-Encoding
Accept-Ranges: bytes
Content-Encoding: gzip
X-XSS-Protection: 1; mode=block
Content-Length: 29598
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

GET Bta5wLl0f1N.css
www.facebook.com/rsrc.php/v3/y7/r/ 0
0

GET KhewayGXJG-.css
www.facebook.com/rsrc.php/v3/yG/r/ 0
0

GET o7nH4aQJOSt.css
www.facebook.com/rsrc.php/v3/yv/r/ 0
0

GET fnIAAt_-hVO.css
www.facebook.com/rsrc.php/v3/yD/r/ 0
0

GET
H2 200 lZ86cv9aR90.css
www.facebook.com/rsrc.php/v3/yu/r/ 40 KB
26 KB 64ms
49ms Stylesheet
text/css 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3/yu/r/lZ86cv9aR90.css

Requested by

Host: fedemarra.xoom.it
URL: https://fedemarra.xoom.it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1439c1be01bb64ee1637aa31db97be05ca4b34c415750168aa44b3a0c30965ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://fedemarra.xoom.it
Referer: https://fedemarra.xoom.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 01:09:27 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 7wy0Q6fd+RfBVOOTm5N2jg==
content-security-policy-report-only: default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/;font-src data: *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;frame-src *.facebook.com fbsbx.com;worker-src blob:;report-uri https://www.facebook.com/csp/reporting/?m=c;
cross-origin-resource-policy: cross-origin
content-length: 26000
x-fb-rlafr: 0
x-fb-debug: XFYy9V74QKawpKx61F1ozdDIuy2oWz8hTJUsBPOOio37ytTMy09dEuq+uc3UR9iWPFZoCkRtTzO+sP7AFgIOUg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Tue, 23 Aug 2022 01:09:27 GMT

GET FN2DY2ouyq1.js
www.facebook.com/rsrc.php/v3/yK/r/ 0
0

GET
H2 200 pyNVUg5EM0j.png
www.facebook.com/rsrc.php/v3/yx/r/ 40 KB
40 KB 18ms
7ms Image
image/png 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/rsrc.php/v3/yx/r/pyNVUg5EM0j.png

Requested by

Host: fedemarra.xoom.it
URL: https://fedemarra.xoom.it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1f57d04ab0c6b3017f7872df33372ee34489ecdb2fa48b447e538f2fc98e2598

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fedemarra.xoom.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fb-debug: ST5kmT5ZjOe2WdLVJIAUEoHXOl1nIN2yW64TEKMjpbIwccdBLMv41cTUvvGm2/BAcjw51SHbI4KZwdfEnLgkdw==
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: S1VK4NLJO8R/oxw5iOoCag==
date: Wed, 18 Aug 2021 21:39:57 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 40521
x-fb-rlafr: 0
expires: Thu, 18 Aug 2022 21:39:57 GMT

GET
H2 200 GsNJNwuI-UM.gif
www.facebook.com/rsrc.php/v3/yb/r/ 522 B
874 B 17ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/rsrc.php/v3/yb/r/GsNJNwuI-UM.gif

Requested by

Host: fedemarra.xoom.it
URL: https://fedemarra.xoom.it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7f4fbb61e5a1226b421109d4bfeb68b371b240bb6a0131c54581b777cb649908

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fedemarra.xoom.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fb-debug: IPWXNRZ0BkACcQCSGUU2yrIHb9NoTMsi2vw39HJood1ANJUs8u4jSdzyxm5z+CIq2fMO2GUw4q5KrGPmB7F1bA==
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: cH2zTAVPHVXw/aQfDhS/Bg==
date: Thu, 12 Aug 2021 02:15:41 GMT
content-type: image/gif
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
priority: u=3,i
timing-allow-origin: *
content-length: 522
x-fb-rlafr: 0
expires: Fri, 12 Aug 2022 02:15:41 GMT

GET
H2

200

v60.js Show response
cdn-gl.imrworldwide.com/
Redirect Chain

https://secure-it.imrworldwide.com/v60.js
https://cdn-gl.imrworldwide.com/v60.js

21 KB
7 KB

45ms
11ms

Script
application/javascript

2600:9000:2190:f800:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/v60.js
Requested by: Host: fedemarra.xoom.it
URL: https://fedemarra.xoom.it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:f800:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 75481bc06d1b02e50fd1cc921a7838e3af6caa9b8c0745b50182ebf29f195e20

Request headers

Referer: https://fedemarra.xoom.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: .KrDWJ6YcsmnfI6j8sx8eWw9CjCealBE
content-encoding: gzip
etag: W/"cc7339d315e5ab16597dd66d153a0e7e"
last-modified: Mon, 12 Oct 2020 13:35:53 GMT
server: AmazonS3
age: 65414
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 d7147e532e5cf73689fcb39fa760bcf3.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Sun, 22 Aug 2021 06:59:14 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: d4lXZUGsuPqPYR3oeGxfByKy1ioau-A6GorF2WSOaWR0xbpeK8IdYQ==

Redirect headers

location: https://cdn-gl.imrworldwide.com:443/v60.js
date: Mon, 23 Aug 2021 01:09:27 GMT
server: awselb/2.0
content-length: 134
content-type: text/html

GET
H2 200 tracking_xoomer-virgilio-it.min.js Show response
i.plug.it/iplug/js/lib/iol/analytics/data/xoomer-virgilio-it/ 758 B
604 B 97ms
15ms Script
application/javascript 13.224.102.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://i.plug.it/iplug/js/lib/iol/analytics/data/xoomer-virgilio-it/tracking_xoomer-virgilio-it.min.js
Requested by: Host: fedemarra.xoom.it
URL: https://fedemarra.xoom.it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.102.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-101.zrh50.r.cloudfront.net
Software: nginx /
Resource Hash: 9cc4508d21fd909584e9e83382daa7c1e55f9358e00f876a771627f0a63c5c2a

Request headers

Referer: https://fedemarra.xoom.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 00:22:26 GMT
via: 1.1 4e0fd86f7afa735e772d6f7fe5e91f5b.cloudfront.net (CloudFront)
server: nginx
age: 2821
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=1200
x-amz-cf-pop: ZRH50-C1
content-encoding: br
x-amz-cf-id: 57kIzsWuPgYqEbHq9vB0tIaTLQOy3p8zG2pNgibIVkhVvXxmFwQGqg==

GET
H2 200 IOL.Analytics.Tracking.min.js Show response
i.plug.it/iplug/js/lib/iol/analytics/engine/ 42 KB
13 KB 96ms
15ms Script
application/javascript 13.224.102.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://i.plug.it/iplug/js/lib/iol/analytics/engine/IOL.Analytics.Tracking.min.js
Requested by: Host: fedemarra.xoom.it
URL: https://fedemarra.xoom.it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.102.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-101.zrh50.r.cloudfront.net
Software: nginx /
Resource Hash: 71e916b74ee47c8d8b43582ef0d4fe1afc0273654af0efd8841d360a62e000e6

Request headers

Referer: https://fedemarra.xoom.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 01:06:17 GMT
via: 1.1 4e0fd86f7afa735e772d6f7fe5e91f5b.cloudfront.net (CloudFront)
server: nginx
age: 190
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=1200
x-amz-cf-pop: ZRH50-C1
content-encoding: br
x-amz-cf-id: xYQj91DEbUsyFGrL8PAwOQ7giP0m_NSRKVdyjHN_8hjaovcs2l3wnw==

GET
DATA 200
OK truncated
/ 15 KB
15 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9a67fc4a7b9baa639b319f162a9a17f982d7e1b653aa12b08ec7a2ab74275773

Request headers

Origin: https://fedemarra.xoom.it
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: font/opentype

GET injection.js
i.plug.it/iplug/js/lib/mtx/xoom/ 0
0

GET v60.js
secure-it.imrworldwide.com/ 0
0

GET tracking_xoom-virgilio-it.min.js
i.plug.it/iplug/js/lib/iol/analytics/data/xoom-virgilio-it/ 0
0

GET IOL.Analytics.Tracking.min.js
i.plug.it/iplug/js/lib/iol/analytics/engine/ 0
0

GET injection.js
i.plug.it/iplug/js/lib/mtx/xoom/ 0
0

GET
H2 200 match Show response
bee.imrworldwide.com/v1/clients/ 88 B
565 B 60ms
15ms XHR
application/json 13.224.102.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bee.imrworldwide.com/v1/clients/match?client_id=matrix-it&url=https://fedemarra.xoom.it/

Requested by

Host: secure-it.imrworldwide.com
URL: https://secure-it.imrworldwide.com/v60.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.102.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-102-68.zrh50.r.cloudfront.net

Software

Resource Hash

01b85e82aeeed7fa25c00844d6344e0aa440acf8714cd94a2cfc4d27c3129993

Security Headers

Name	Value
Strict-Transport-Security	max-age=25920000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fedemarra.xoom.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 11:52:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47844
x-cache: Hit from cloudfront
vary: Accept-Encoding
content-length: 101
x-xss-protection: 1; mode=block
access-control-allow-origin: *
x-frame-options: DENY
strict-transport-security: max-age=25920000; includeSubDomains
content-type: application/json; charset=utf-8
via: 1.1 eb7b239aed47669f8a7b6ac95bc8aff1.cloudfront.net (CloudFront)
cache-control: max-age=3600
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: f1F0g6E44zM4vrFe5afEFym_CyCJVm1YOcsVVOj0t0gOFpkBuVxCGw==

GET
H/1.1 200 wt
italiaonline01.wt-eu02.net/215973748390194/ 43 B
901 B 156ms
37ms Image
image/gif 185.54.150.20
WEBTREKK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://italiaonline01.wt-eu02.net/215973748390194/wt?p=433,virgilio.web.community.xoom.xoomer,1,1600x1200,24,1,1629680967898,0,1600x1200,0&pu=https%3A%2F%2Ffedemarra.xoom.it%2F&la=en&tz=2&cg1=virgilio&cg2=web&cg3=community&cg4=xoom&cg5=xoomer&cg7=virgilio.web.community.xoom.xoomer&cp1=no-referrer&cp2=no-referrer&cp4=no-refresh&cp7=utf-8&cp9=1.3.04&cp10=20191212115643&cp11=Ti%20diamo%20il%20benvenuto%20su%20Facebook%3A%20accedi%2C%20iscriviti%20o%20scopri%20maggiori%20informazioni&cp12=web&cp25=https%3A&cp26=fedemarra.xoom.it&cp103=https%3A%2F%2Ffedemarra.xoom.it%2F
Requested by: Host: fedemarra.xoom.it
URL: https://fedemarra.xoom.it/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.54.150.20 , Germany, ASN60164 (WEBTREKK-AS, DE),
Reverse DNS
Software: c4ca4238 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://fedemarra.xoom.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 01:09:27 GMT
Last-Modified: Mon, 23 Aug 2021 01:09:28 GMT
Server: c4ca4238
X-Robots-Tag: noindex, nofollow, noarchive
P3P: policyref="https://q3.webtrekk.net/w3c/p3p.xml", CP="NOI DSP IND COM NAV INT"
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, private, post-check=0, pre-check=0
Connection: keep-alive
Content-Type: image/gif;charset=UTF-8
Keep-Alive: timeout=30
Content-Length: 43
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=33012141&ns__t=1629680967899&ns_c=UTF-8&c7=https%3A%2F%2Ffedemarra.xoom.it%2F&c8=Ti%20diamo%20il%20benvenuto%20su%20Facebook%3A%20accedi%2C%20iscriviti%20...
https://sb.scorecardresearch.com/b2?c1=2&c2=33012141&ns__t=1629680967899&ns_c=UTF-8&c7=https%3A%2F%2Ffedemarra.xoom.it%2F&c8=Ti%20diamo%20il%20benvenuto%20su%20Facebook%3A%20accedi%2C%20iscriviti%2...

64 B
329 B

23ms
23ms

Image
image/gif

13.224.102.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=33012141&ns__t=1629680967899&ns_c=UTF-8&c7=https%3A%2F%2Ffedemarra.xoom.it%2F&c8=Ti%20diamo%20il%20benvenuto%20su%20Facebook%3A%20accedi%2C%20iscriviti%20o%20scopri%20maggiori%20informazioni
Requested by: Host: fedemarra.xoom.it
URL: https://fedemarra.xoom.it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.102.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-122.zrh50.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Referer: https://fedemarra.xoom.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 01:09:27 GMT
via: 1.1 af287426c130b47dba79bf825f91ebbb.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: 0gBb2V08Fc3Ka7MqoRYLDhKUIRdR13ezmACi6R5neRJWhC68ofC7Rg==

Redirect headers

date: Mon, 23 Aug 2021 01:09:27 GMT
via: 1.1 af287426c130b47dba79bf825f91ebbb.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=2&c2=33012141&ns__t=1629680967899&ns_c=UTF-8&c7=https%3A%2F%2Ffedemarra.xoom.it%2F&c8=Ti%20diamo%20il%20benvenuto%20su%20Facebook%3A%20accedi%2C%20iscriviti%20o%20scopri%20maggiori%20informazioni
content-length: 256
x-amz-cf-id: c-24ho3r4iEs8MHmjN6XDyv8OgSTmQHPlFVrK9ebKBD0LX2kmyKw4A==

GET
H2 200 config250.js Show response
cdn-gl.imrworldwide.com/conf/ 12 KB
5 KB 12ms
11ms Script
application/javascript 2600:9000:2190:f800:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/conf/config250.js
Requested by: Host: secure-it.imrworldwide.com
URL: https://secure-it.imrworldwide.com/v60.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:f800:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3c33f61204ddd3f622f936029a876e1fc8d450cb46f9a789f3ae60cdcccd5959

Request headers

Referer: https://fedemarra.xoom.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: jsnQnEbl1aSPjAi41_KaWw3aStSB34Oo
content-encoding: gzip
etag: W/"4ff9c57a95ec07c82c08aa40973e8577"
last-modified: Sun, 22 Aug 2021 23:20:31 GMT
server: AmazonS3
age: 1119
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 d7147e532e5cf73689fcb39fa760bcf3.cloudfront.net (CloudFront)
cache-control: max-age=86400,s-maxage=86400
date: Mon, 23 Aug 2021 00:50:49 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: DOv4PgnQYJ_EWeykqU-5ElxonqPcYOw7ST1FWJMlenszZdtdBPVQ1A==

GET
H2 200 nlsSDK600.bundle.min.js Show response
cdn-gl.imrworldwide.com/novms/js/2/ 192 KB
54 KB 14ms
13ms Script
application/javascript 2600:9000:2190:f800:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/conf/config250.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:f800:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 397e6540378a195608cbd601f809c0c96b3ae9253fffeaf070769a8272838ad7

Request headers

Referer: https://fedemarra.xoom.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: WYmiUb1.Cg6z3yQT9O20r1WlJJUllnwa
content-encoding: gzip
etag: W/"bd1ffd9a8dc416cfddcde665f3111e22"
last-modified: Tue, 17 Aug 2021 13:40:58 GMT
server: AmazonS3
age: 448
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 d7147e532e5cf73689fcb39fa760bcf3.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Mon, 23 Aug 2021 01:02:00 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: wBRd911Ql9qe-E835HWmbV63abFaQ6dRXFPEsOek07NlhjZlUpsKNA==

GET
H2 200 ls.html Show response
cdn-gl.imrworldwide.com/novms/html/ Frame FD81 12 KB
4 KB 12ms
11ms Document
text/html 2600:9000:2190:f800:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:f800:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1

Request headers

:method: GET
:authority: cdn-gl.imrworldwide.com
:scheme: https
:path: /novms/html/ls.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://fedemarra.xoom.it/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://fedemarra.xoom.it/

Response headers

content-type: text/html
last-modified: Tue, 17 Aug 2021 13:40:58 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: zpOrZdUsdtFSUglONNnszp78Z80REEcP
server: AmazonS3
content-encoding: gzip
date: Mon, 23 Aug 2021 00:19:08 GMT
cache-control: max-age=86400
etag: W/"7fa83dfc7b78314b137e2eb13834daa7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d7147e532e5cf73689fcb39fa760bcf3.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: SfsDJ8rqmSz4GHLZfwOC1jam0PfoFmmr7HB71XEeov_N9WAzQS6XTg==
age: 3021

GET
H2 200 gn
secure-it.imrworldwide.com/cgi-bin/ Frame FD81 88 B
604 B 42ms
42ms Image
image/gif 34.247.137.95
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-it.imrworldwide.com/cgi-bin/gn?prd=session&c9=devid,&c13=asid,NA&sessionId=ym3qld67rrnewlmnqxktwzgskycwh1629680968&c16=sdkv,bj.6.0.0&retry=0
Requested by: Host: fedemarra.xoom.it
URL: https://fedemarra.xoom.it/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.137.95 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-137-95.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 18344242ff477e6698f24b0211d53b9194cef9905ad67c8649e8a41ce614b415

Request headers

Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 01:09:28 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-it.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 88
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 /
ym3qld67rrnewlmnqxktwzgskycwh1629680968.nuid.imrworldwide.com/ Frame FD81 35 B
349 B 73ms
12ms Image
image/gif 2600:9000:21f3:fa00:1d:667e:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ym3qld67rrnewlmnqxktwzgskycwh1629680968.nuid.imrworldwide.com/
Requested by: Host: fedemarra.xoom.it
URL: https://fedemarra.xoom.it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:fa00:1d:667e:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 01:39:07 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
last-modified: Tue, 11 Sep 2018 17:05:20 GMT
server: AmazonS3
age: 84941
etag: "c2196de8ba412c60c22ab491af7b1409"
x-cache: Hit from cloudfront
content-type: image/gif
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 35
x-amz-cf-id: meA3qOZ-2X4TVzWG3L9qsccPMBOzIi9BAnmGnBwYViK-cjdDHcYFJg==

GET
H2 200 gn
secure-it.imrworldwide.com/cgi-bin/ 44 B
368 B 44ms
43ms Image
image/gif 34.247.137.95
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-it.imrworldwide.com/cgi-bin/gn?prd=dcr&ci=it-605193&ch=it-605193_c27_0&sessionId=ym3qld67rrnewlmnqxktwzgskycwh1629680968&asn=0&prv=1&c6=vc,c27&ca=NA&c13=asid,NA&c32=segA,NA&c33=segB,NA&c34=segC,NA&c15=apn,v60Bsdk&sup=0&segment2=&segment1=&forward=1&ad=0&cr=V&c9=devid,&enc=true&c1=nuid,999&at=view&rt=text&c16=sdkv,bj.6.0.0&c27=cln,0&crs=&lat=&lon=&c29=plid,16296809680057790&c30=bldv,6.0.0.602&st=dcr&c7=osgrp,&c8=devgrp,&c10=plt,&c40=adbid,&c14=osver,NA&c26=dmap,1&dd=&hrd=&wkd=&c35=adrsid,&c36=cref1,&c37=cref2,&c11=agg,1&c12=apv,&c51=adl,0&c52=noad,0&devtypid=&pc=NA&si=https%3A%2F%2Ffedemarra.xoom.it%2F&c73=phtype,&c74=dvcnm,&uoo=&c62=sendTime,1629680970&rnd=98610
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.137.95 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-137-95.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Referer: https://fedemarra.xoom.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 01:09:30 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-it.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.facebook.com
URL: https://www.facebook.com/rsrc.php/v3/y7/r/Bta5wLl0f1N.css

Domain: www.facebook.com
URL: https://www.facebook.com/rsrc.php/v3/yG/r/KhewayGXJG-.css

Domain: www.facebook.com
URL: https://www.facebook.com/rsrc.php/v3/yv/r/o7nH4aQJOSt.css

Domain: www.facebook.com
URL: https://www.facebook.com/rsrc.php/v3/yD/r/fnIAAt_-hVO.css

Domain: www.facebook.com
URL: https://www.facebook.com/rsrc.php/v3/yK/r/FN2DY2ouyq1.js

Domain: i.plug.it
URL: http://i.plug.it/iplug/js/lib/mtx/xoom/injection.js

Domain: secure-it.imrworldwide.com
URL: http://secure-it.imrworldwide.com/v60.js

Domain: i.plug.it
URL: http://i.plug.it/iplug/js/lib/iol/analytics/data/xoom-virgilio-it/tracking_xoom-virgilio-it.min.js

Domain: i.plug.it
URL: http://i.plug.it/iplug/js/lib/iol/analytics/engine/IOL.Analytics.Tracking.min.js

Domain: i.plug.it
URL: http://i.plug.it/iplug/js/lib/mtx/xoom/injection.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bee.imrworldwide.com
cdn-gl.imrworldwide.com
fedemarra.xoom.it
i.plug.it
italiaonline01.wt-eu02.net
sb.scorecardresearch.com
secure-it.imrworldwide.com
www.facebook.com
ym3qld67rrnewlmnqxktwzgskycwh1629680968.nuid.imrworldwide.com
i.plug.it
secure-it.imrworldwide.com
www.facebook.com
13.224.102.101
13.224.102.122
13.224.102.68
185.54.150.20
213.209.30.176
2600:9000:2190:f800:2:42d9:3100:93a1
2600:9000:21f3:fa00:1d:667e:2a40:93a1
2a03:2880:f11c:8183:face:b00c:0:25de
34.247.137.95
01b85e82aeeed7fa25c00844d6344e0aa440acf8714cd94a2cfc4d27c3129993
1439c1be01bb64ee1637aa31db97be05ca4b34c415750168aa44b3a0c30965ea
18344242ff477e6698f24b0211d53b9194cef9905ad67c8649e8a41ce614b415
1f57d04ab0c6b3017f7872df33372ee34489ecdb2fa48b447e538f2fc98e2598
397e6540378a195608cbd601f809c0c96b3ae9253fffeaf070769a8272838ad7
3c33f61204ddd3f622f936029a876e1fc8d450cb46f9a789f3ae60cdcccd5959
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
71e916b74ee47c8d8b43582ef0d4fe1afc0273654af0efd8841d360a62e000e6
75481bc06d1b02e50fd1cc921a7838e3af6caa9b8c0745b50182ebf29f195e20
75b5d6b2722e7c914bdea5990a82ac2be3bf35d80d7fa32f890d3b4b5621bef2
7f4fbb61e5a1226b421109d4bfeb68b371b240bb6a0131c54581b777cb649908
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
9a67fc4a7b9baa639b319f162a9a17f982d7e1b653aa12b08ec7a2ab74275773
9cc4508d21fd909584e9e83382daa7c1e55f9358e00f876a771627f0a63c5c2a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1

fedemarra.xoom.it Open in urlscan Pro 213.209.30.176 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

26 Requests

62 %HTTPS

33 %IPv6

6 Domains

9 Subdomains

10 IPs

4 Countries

196 kBTransfer

486 kBSize

0 Cookies

0 Outgoing links

Redirected requests

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

fedemarra.xoom.it Open in urlscan Pro
213.209.30.176 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

26
Requests

62 %
HTTPS

33 %
IPv6

6
Domains

9
Subdomains

10
IPs

4
Countries

196 kB
Transfer

486 kB
Size

0
Cookies

26 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!