urlscan.io logo urlscan.io
SecurityTrails logo

certificare-energetica.com Open in urlscan Pro
89.40.17.17  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://certificare-energetica.com/wp-admin/smiles/mic/index.php
Submission: On October 01 via api from AU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 6 HTTP transactions. The main IP is 89.40.17.17, located in Romania and belongs to GTS-BACKBONE GTS Telecom, RO. The main domain is certificare-energetica.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 9th 2021. Valid for: 3 months.
This is the only time certificare-energetica.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Made in China (Supplychain)

Domain & IP information

IP Address AS Autonomous System
3 89.40.17.17 5606 (GTS-BACKB...)
2 88.221.221.136 20940 (AKAMAI-ASN1)
1 2.20.138.105 20940 (AKAMAI-ASN1)
6 3
Domain Requested by
3 certificare-energetica.com certificare-energetica.com
2 www.micstatic.com certificare-energetica.com
www.micstatic.com
1 login.made-in-china.com certificare-energetica.com
6 3

This site contains no links.

Subject Issuer Validity Valid
certificare-energetica.com
cPanel, Inc. Certification Authority		 2021-09-09 -
2021-12-08		 3 months crt.sh
*.micstatic.com
DigiCert SHA2 Secure Server CA		 2021-09-02 -
2022-09-02		 a year crt.sh
*.made-in-china.com
DigiCert SHA2 Secure Server CA		 2021-09-21 -
2022-09-21		 a year crt.sh

This page contains 1 frames:

Primary Page: https://certificare-energetica.com/wp-admin/smiles/mic/index.php
Frame ID: DC9D5AB425967B00C258241FC8896527
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign In | Made-in-China.com

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

134 kB
Transfer

231 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.php
certificare-energetica.com/wp-admin/smiles/mic/ 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://certificare-energetica.com/wp-admin/smiles/mic/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
89.40.17.17 , Romania, ASN5606 (GTS-BACKBONE GTS Telecom, RO),
Reverse DNS
cloudshared.nsh.ro
Software
Apache /
Resource Hash
20f2dad1cd6334a3cfcfd1f58779609692c650a896d52cb0e58961a5959cde97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
certificare-energetica.com
:scheme
https
:path
/wp-admin/smiles/mic/index.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Fri, 01 Oct 2021 01:18:00 GMT
server
Apache
x-xss-protection
1; mode=block
x-content-type-options
nosniff
x-web-hosting
NSHOST.RO - https://www.nshost.ro/
cache-control
max-age=60
expires
Fri, 01 Oct 2021 01:19:00 GMT
vary
Accept-Encoding,User-Agent
content-encoding
gzip
content-length
1618
content-type
text/html; charset=UTF-8
global_013252bf.css
www.micstatic.com/gb/css/ 		90 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.micstatic.com/gb/css/global_013252bf.css
Requested by
Host: certificare-energetica.com
URL: https://certificare-energetica.com/wp-admin/smiles/mic/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.221.221.136 Berlin, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a88-221-221-136.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
899ba7f14f24bdebbf842537173e6f48412250fa4ddf497a1f45ed3fa790af20

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://certificare-energetica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 01:18:00 GMT
content-encoding
gzip
last-modified
Thu, 15 Aug 2019 07:16:26 GMT
server
nginx
etag
"5d5506ca-1666e"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=21615719
accept-ranges
bytes
content-length
10810
expires
Wed, 08 Jun 2022 05:39:59 GMT
login.css
login.made-in-china.com/css/ 		21 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.made-in-china.com/css/login.css?t=hXwxJpnTFARY
Requested by
Host: certificare-energetica.com
URL: https://certificare-energetica.com/wp-admin/smiles/mic/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.138.105 Munich, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-20-138-105.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
5ad1330157ccb6d291a329dbcfdd06790c8580a5daefb8a720973cc309edc04c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://certificare-energetica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 01:18:00 GMT
content-encoding
gzip
last-modified
Mon, 27 Sep 2021 09:31:47 GMT
server
nginx
etag
W/"21910-1632735107000"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31535572
timing-allow-origin
*
content-length
4896
expires
Sat, 01 Oct 2022 01:10:52 GMT
ad.jpg
certificare-energetica.com/wp-admin/smiles/mic/images/ 		110 KB
111 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://certificare-energetica.com/wp-admin/smiles/mic/images/ad.jpg
Requested by
Host: certificare-energetica.com
URL: https://certificare-energetica.com/wp-admin/smiles/mic/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
89.40.17.17 , Romania, ASN5606 (GTS-BACKBONE GTS Telecom, RO),
Reverse DNS
cloudshared.nsh.ro
Software
Apache /
Resource Hash
f02d5c69d1f7b6a2fdfb1dca84060243bc6a1bac3423d87635bb904fb7b1beb1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/wp-admin/smiles/mic/images/ad.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
certificare-energetica.com
referer
https://certificare-energetica.com/wp-admin/smiles/mic/index.php
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://certificare-energetica.com/wp-admin/smiles/mic/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 01:18:01 GMT
x-content-type-options
nosniff
last-modified
Thu, 30 Sep 2021 22:13:37 GMT
server
Apache
vary
User-Agent
content-type
image/jpeg
x-web-hosting
NSHOST.RO - https://www.nshost.ro/
cache-control
max-age=86400
accept-ranges
bytes
content-length
112867
x-xss-protection
1; mode=block
expires
Sat, 02 Oct 2021 01:18:01 GMT
fb.png
certificare-energetica.com/wp-admin/smiles/mic/images/ 		459 B
526 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://certificare-energetica.com/wp-admin/smiles/mic/images/fb.png
Requested by
Host: certificare-energetica.com
URL: https://certificare-energetica.com/wp-admin/smiles/mic/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
89.40.17.17 , Romania, ASN5606 (GTS-BACKBONE GTS Telecom, RO),
Reverse DNS
cloudshared.nsh.ro
Software
Apache /
Resource Hash
c6e6f20c6c0b65b55494eacfc697850ae9af53e844f7295fa4fbdac00da0182a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/wp-admin/smiles/mic/images/fb.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
certificare-energetica.com
referer
https://certificare-energetica.com/wp-admin/smiles/mic/index.php
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://certificare-energetica.com/wp-admin/smiles/mic/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 01:18:01 GMT
x-content-type-options
nosniff
last-modified
Thu, 30 Sep 2021 22:13:46 GMT
server
Apache
vary
User-Agent
content-type
image/png
x-web-hosting
NSHOST.RO - https://www.nshost.ro/
cache-control
max-age=86400
accept-ranges
bytes
content-length
459
x-xss-protection
1; mode=block
expires
Sat, 02 Oct 2021 01:18:01 GMT
logo.png
www.micstatic.com/gb/img/logo-2019/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.micstatic.com/gb/img/logo-2019/logo.png?v=1
Requested by
Host: www.micstatic.com
URL: https://www.micstatic.com/gb/css/global_013252bf.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.221.221.136 Berlin, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a88-221-221-136.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
488ea251bdaf29ab45c94699fef89ad3368bfef0c0f24b671dcbefd4e474679d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.micstatic.com/gb/css/global_013252bf.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 01:18:00 GMT
last-modified
Thu, 24 Sep 2020 12:32:20 GMT
server
nginx
etag
"5f6c91d4-120d"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=16289009
accept-ranges
bytes
content-length
4621
expires
Thu, 07 Apr 2022 14:01:29 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Made in China (Supplychain)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block