urlscan.io logo urlscan.io
SecurityTrails logo

mailchi.mp Open in urlscan Pro
2.17.189.147  Public Scan

Go To Rescan Add Verdict Report
URL: https://mailchi.mp/1f9e94e15ca3/attenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale
Submission: On April 09 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 9 domains to perform 19 HTTP transactions. The main IP is 2.17.189.147, located in European Union and belongs to AKAMAI-AS - Akamai Technologies, Inc., US. The main domain is mailchi.mp.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 5th 2018. Valid for: 3 months.
This is the only time mailchi.mp was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2.17.189.147 16625 (AKAMAI-AS)
1 216.58.205.234 15169 (GOOGLE)
1 172.217.16.202 15169 (GOOGLE)
3 23.8.1.238 20940 (AKAMAI-ASN1)
3 13.32.159.74 16509 (AMAZON-02)
4 13.32.221.65 16509 (AMAZON-02)
1 2 216.58.205.238 15169 (GOOGLE)
5 216.58.205.227 15169 (GOOGLE)
1 1 173.194.76.156 15169 (GOOGLE)
1 1 216.58.205.228 15169 (GOOGLE)
19 8
1    2.17.189.147 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
mailchi.mp
1    216.58.205.234 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s24-in-f234.1e100.net
fonts.googleapis.com
1    172.217.16.202 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s08-in-f202.1e100.net
ajax.googleapis.com
3    23.8.1.238 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-8-1-238.deploy.static.akamaitechnologies.com
us14.campaign-archive.com
3    13.32.159.74 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-159-74.fra56.r.cloudfront.net
gallery.mailchimp.com
4    13.32.221.65 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-221-65.fra56.r.cloudfront.net
cdn-images.mailchimp.com
2    216.58.205.238 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s24-in-f14.1e100.net
www.google-analytics.com
5    216.58.205.227 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s24-in-f3.1e100.net
fonts.gstatic.com
www.google.com.ua
1    173.194.76.156 (Portage, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: ws-in-f156.1e100.net
stats.g.doubleclick.net
1    216.58.205.228 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s24-in-f4.1e100.net
www.google.com
Domain Requested by
4 fonts.gstatic.com ajax.googleapis.com
4 cdn-images.mailchimp.com mailchi.mp
ajax.googleapis.com
3 gallery.mailchimp.com mailchi.mp
3 us14.campaign-archive.com mailchi.mp
2 www.google-analytics.com 1 redirects mailchi.mp
1 www.google.com.ua mailchi.mp
1 www.google.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 ajax.googleapis.com mailchi.mp
1 fonts.googleapis.com mailchi.mp
1 mailchi.mp
19 11
Subject Issuer Validity Valid
mailchi.mp
Let's Encrypt Authority X3		 2018-04-05 -
2018-07-04		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://mailchi.mp/1f9e94e15ca3/attenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale
Frame ID: C6EA592EA13A9ADFDF0EBFB9B18442D3
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

19
Requests

5 %
HTTPS

0 %
IPv6

9
Domains

11
Subdomains

8
IPs

3
Countries

475 kB
Transfer

625 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17
  • https://www.google-analytics.com/r/collect?v=1&_v=j66&a=1137613665&t=pageview&_s=1&dl=https%3A%2F%2Fmailchi.mp%2F1f9e94e15ca3%2Fattenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale&dh=.campaign-archive.com&ul=en-us&de=UTF-8&dt=Attenzione%20al%20trojan%20URSNIF%20-%20Il%20virus%20con%20ingegneria%20sociale&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEBAAAAB~&jid=567403774&gjid=759425755&cid=655339428.1523281760&tid=UA-329148-88&_gid=706698792.1523281760&_r=1&z=1292268077 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-329148-88&cid=655339428.1523281760&jid=567403774&_gid=706698792.1523281760&gjid=759425755&_v=j66&z=1292268077 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-329148-88&cid=655339428.1523281760&jid=567403774&_v=j66&z=1292268077 HTTP 302
  • https://www.google.com.ua/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-329148-88&cid=655339428.1523281760&jid=567403774&_v=j66&z=1292268077&slf_rd=1&random=1685299764

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set attenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale
mailchi.mp/1f9e94e15ca3/ 		73 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mailchi.mp/1f9e94e15ca3/attenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.17.189.147 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software
openresty /
Resource Hash
8aeea3b969d1b345f0e40283e83abbb8f9d35287b36dbc292e70ddd8ac781fbb

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
mailchi.mp
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Connection
keep-alive
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 09 Apr 2018 13:49:20 GMT
Content-Encoding
gzip
Server
openresty
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Connection
keep-alive
Set-Cookie
_AVESTA_ENVIRONMENT=prod; path=/
Content-Location
https://us14.campaign-archive.com/?u=78c57ebe7447d31287f69f8e1&id=3b852a40e8
Content-Length
11123
X-UA-Compatible
IE=edge,chrome=1
css
fonts.googleapis.com/ 		10 KB
934 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,400i,700,700i
Requested by
Host: mailchi.mp
URL: https://mailchi.mp/1f9e94e15ca3/attenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale
Protocol
SPDY
Server
216.58.205.234 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s24-in-f234.1e100.net
Software
ESF /
Resource Hash
3e80336866d121116d015d8762f3ffd3bb19244ea1485c8f832a2e41081b3458
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://mailchi.mp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Mon, 09 Apr 2018 13:49:20 GMT
content-encoding
gzip
last-modified
Mon, 09 Apr 2018 13:49:20 GMT
server
ESF
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
status
200
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
alt-svc
hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
x-xss-protection
1; mode=block
expires
Mon, 09 Apr 2018 13:49:20 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.4.2/ 		70 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
Requested by
Host: mailchi.mp
URL: https://mailchi.mp/1f9e94e15ca3/attenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale
Protocol
SPDY
Server
172.217.16.202 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s08-in-f202.1e100.net
Software
sffe /
Resource Hash
e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://mailchi.mp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Fri, 23 Feb 2018 11:22:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3896786
status
200
alt-svc
hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
content-length
24715
x-xss-protection
1; mode=block
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 23 Feb 2019 11:22:54 GMT
archivebar-desktop.css
us14.campaign-archive.com/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://us14.campaign-archive.com/css/archivebar-desktop.css
Requested by
Host: mailchi.mp
URL: https://mailchi.mp/1f9e94e15ca3/attenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale
Protocol
HTTP/1.1
Server
23.8.1.238 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-1-238.deploy.static.akamaitechnologies.com
Software
openresty /
Resource Hash
f5757a2fa0f0ae8f63c1c38afe86ff1987e183801a8059d65c450c220d0422bf

Request headers

Referer
https://mailchi.mp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 09 Apr 2018 13:49:20 GMT
Content-Encoding
gzip
Last-Modified
Tue, 30 May 2017 13:11:16 GMT
Server
openresty
ETag
"1829-550bd89e3c500"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1741
archivebar-desktop-plugins.js
us14.campaign-archive.com/js/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://us14.campaign-archive.com/js/archivebar-desktop-plugins.js
Requested by
Host: mailchi.mp
URL: https://mailchi.mp/1f9e94e15ca3/attenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale
Protocol
HTTP/1.1
Server
23.8.1.238 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-1-238.deploy.static.akamaitechnologies.com
Software
openresty /
Resource Hash
fca3552203128521932e8efb0113fecac13722a10b47c879d547b59c6c81d127

Request headers

Referer
https://mailchi.mp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 09 Apr 2018 13:49:20 GMT
Content-Encoding
gzip
Last-Modified
Tue, 06 Dec 2016 15:09:58 GMT
Server
openresty
ETag
"2f58-542fecc2a3d80"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3474
fancyzoom.mc.js
us14.campaign-archive.com/js/mailchimp/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://us14.campaign-archive.com/js/mailchimp/fancyzoom.mc.js
Requested by
Host: mailchi.mp
URL: https://mailchi.mp/1f9e94e15ca3/attenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale
Protocol
HTTP/1.1
Server
23.8.1.238 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-1-238.deploy.static.akamaitechnologies.com
Software
openresty /
Resource Hash
482ff52aa178d39f5b1082c74b40f7a4470f3039ee8df5624e38e04389f564b3

Request headers

Referer
https://mailchi.mp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 09 Apr 2018 13:49:20 GMT
Content-Encoding
gzip
Last-Modified
Tue, 06 Dec 2016 15:09:58 GMT
Server
openresty
ETag
"17ea-542fecc2a3d80"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1913
8dddaced-f1b0-4f4d-8637-321c1b0f2028.jpg
gallery.mailchimp.com/78c57ebe7447d31287f69f8e1/images/ 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gallery.mailchimp.com/78c57ebe7447d31287f69f8e1/images/8dddaced-f1b0-4f4d-8637-321c1b0f2028.jpg
Requested by
Host: mailchi.mp
URL: https://mailchi.mp/1f9e94e15ca3/attenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale
Protocol
HTTP/1.1
Server
13.32.159.74 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-32-159-74.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f68884287f8060d6d72243b8eaf3476c40809adbd772bba1a2e541e6d746e7dc

Request headers

Referer
https://mailchi.mp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 09 Apr 2018 13:16:23 GMT
Via
1.1 5e6663e1b6bfcd319fbf11ba3c6a1259.cloudfront.net (CloudFront)
Last-Modified
Mon, 09 Apr 2018 13:16:22 GMT
Server
AmazonS3
Age
1978
ETag
"852618cfc794cdf3f9eabb5ebe39cbfa"
X-Cache
Hit from cloudfront
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
26889
X-Amz-Cf-Id
pwdPRj2_d9ehaQvWmDWLciIZ9agIJTxyCwmFhAFjcmUNkSsq-qO8EQ==
6533beb2-90d7-4da3-872d-fc51b228d50e.jpg
gallery.mailchimp.com/78c57ebe7447d31287f69f8e1/images/ 		284 KB
284 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gallery.mailchimp.com/78c57ebe7447d31287f69f8e1/images/6533beb2-90d7-4da3-872d-fc51b228d50e.jpg
Requested by
Host: mailchi.mp
URL: https://mailchi.mp/1f9e94e15ca3/attenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale
Protocol
HTTP/1.1
Server
13.32.159.74 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-32-159-74.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
33a60bc69de2ae6fc6c105cb7044bad31bdd6ba9087563b1b2e5a9ccbe80484d

Request headers

Referer
https://mailchi.mp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 09 Apr 2018 12:58:43 GMT
Via
1.1 e430a35037c484cf19f375480cabfca3.cloudfront.net (CloudFront)
Last-Modified
Mon, 09 Apr 2018 12:58:41 GMT
Server
AmazonS3
Age
3038
ETag
"cc5be530ee4db092e62022adbadb663e"
X-Cache
Hit from cloudfront
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
290837
X-Amz-Cf-Id
uSIvXPvbhTz5m7jFxS1LtWBeRCJbJaNGKTIly73rgfH085FVAQ6lZw==
a5c04b46-42ae-48ae-a30c-3dbcd68fea8e.png
gallery.mailchimp.com/78c57ebe7447d31287f69f8e1/images/ 		60 KB
60 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gallery.mailchimp.com/78c57ebe7447d31287f69f8e1/images/a5c04b46-42ae-48ae-a30c-3dbcd68fea8e.png
Requested by
Host: mailchi.mp
URL: https://mailchi.mp/1f9e94e15ca3/attenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale
Protocol
HTTP/1.1
Server
13.32.159.74 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-32-159-74.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1cdfae740af1a72b00f719a95285a001fea33547902decad8be922b6dea831fe

Request headers

Referer
https://mailchi.mp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 09 Apr 2018 13:00:12 GMT
Via
1.1 3c2476383ec2dd20b3b952b944a0f17d.cloudfront.net (CloudFront)
Last-Modified
Mon, 09 Apr 2018 13:00:11 GMT
Server
AmazonS3
Age
2949
ETag
"618f183d56c5bb1ec00e775f865d8567"
X-Cache
Hit from cloudfront
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
61468
X-Amz-Cf-Id
ID77dWRZXheV9gSENqd7YS5gZayoPlR52pzc3pa7447QZz30RiX2_A==
color-facebook-48.png
cdn-images.mailchimp.com/icons/social-block-v2/ 		732 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-images.mailchimp.com/icons/social-block-v2/color-facebook-48.png
Requested by
Host: mailchi.mp
URL: https://mailchi.mp/1f9e94e15ca3/attenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale
Protocol
HTTP/1.1
Server
13.32.221.65 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-32-221-65.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
19f0a438462bd40f22e7f4a4e9b342f95b83487c7e69938212ac738a3d0580f0

Request headers

Referer
https://mailchi.mp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 08 Aug 2017 23:53:02 GMT
Via
1.1 170fdbe261f5e85186a08817806feba2.cloudfront.net (CloudFront)
Last-Modified
Thu, 26 Jun 2014 21:01:10 GMT
Server
AmazonS3
Age
47754
ETag
"9f0b508cb53dffb53d7724969c7cfa36"
X-Cache
Hit from cloudfront
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
732
X-Amz-Cf-Id
mNlRga8lcFG47rAn1nSqKZGd7BIBjrFUSAHwTwm1nZTjyWTeI9jQRQ==
color-link-48.png
cdn-images.mailchimp.com/icons/social-block-v2/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-images.mailchimp.com/icons/social-block-v2/color-link-48.png
Requested by
Host: mailchi.mp
URL: https://mailchi.mp/1f9e94e15ca3/attenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale
Protocol
HTTP/1.1
Server
13.32.221.65 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-32-221-65.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cd01f2b180c14ddb22611e0b602cac5a21e41000ec1372e1928cb0d7ebb33d76

Request headers

Referer
https://mailchi.mp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 08 Aug 2017 23:52:53 GMT
Via
1.1 3c2476383ec2dd20b3b952b944a0f17d.cloudfront.net (CloudFront)
Last-Modified
Fri, 27 Jun 2014 13:38:17 GMT
Server
AmazonS3
Age
31764
ETag
"6eaf7bb1fef477b12ed53951e6837ad9"
X-Cache
Hit from cloudfront
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1151
X-Amz-Cf-Id
3sTRy02TV9OEYnTjXZqtswMAIBv54PVmauSipLljD7Vg8WLd2soB-A==
MC_MonkeyReward_15.png
cdn-images.mailchimp.com/monkey_rewards/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-images.mailchimp.com/monkey_rewards/MC_MonkeyReward_15.png
Requested by
Host: mailchi.mp
URL: https://mailchi.mp/1f9e94e15ca3/attenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale
Protocol
HTTP/1.1
Server
13.32.221.65 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-32-221-65.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a6e85aaeabefc184393b15c6dabbc4616d8cbff5e0ffb43ddbe3254bd82045e0

Request headers

Referer
https://mailchi.mp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 08 Aug 2017 23:52:46 GMT
Via
1.1 fab3f75b4ee7d58be154b12ee77e06eb.cloudfront.net (CloudFront)
Last-Modified
Fri, 06 Dec 2013 14:09:02 GMT
Server
AmazonS3
Age
33428
ETag
"143f611d77795e8c43b8e65b632510ac"
X-Cache
Hit from cloudfront
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4068
X-Amz-Cf-Id
MFPJWx4vJVY1W4IYTjZocPGZR-4JCTIEmPBDyGLYx-bOdLF21gGm_A==
analytics.js
www.google-analytics.com/ 		35 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: mailchi.mp
URL: https://mailchi.mp/1f9e94e15ca3/attenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale
Protocol
SPDY
Server
216.58.205.238 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s24-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
f8ef655ef916e39713ede9c6db56d7ca5618bd82cf5ac991dcd013f05e0fdfc7
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://mailchi.mp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 13 Nov 2017 20:19:12 GMT
server
Golfe2
age
3318
date
Mon, 09 Apr 2018 12:54:02 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
content-length
14597
expires
Mon, 09 Apr 2018 14:54:02 GMT
awesomebar-sprite.png
cdn-images.mailchimp.com/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-images.mailchimp.com/awesomebar-sprite.png
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
Protocol
HTTP/1.1
Server
13.32.221.65 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-32-221-65.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e7df3ca83c43e7c1602a5df22ce6f44135e6b06de295fd045b00a4996f745d5e

Request headers

Referer
https://us14.campaign-archive.com/css/archivebar-desktop.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Wed, 09 Aug 2017 07:14:58 GMT
Via
1.1 9f4017bef2e790d377578f1a7821f0ea.cloudfront.net (CloudFront)
Last-Modified
Fri, 22 Jun 2012 19:56:07 GMT
Server
AmazonS3
Age
48501
ETag
"22313a9b5ebfee32f60cfca56e01ff9f"
X-Cache
Hit from cloudfront
Content-Type
image/png
x-amz-meta-s3fox-filesize
1835
x-amz-meta-s3fox-modifiedtime
1340394950000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1835
X-Amz-Cf-Id
fVmuq3TBIih0yRMIb86Mbh0sVm8Q-gSjsECQ1-TdBgmJ0r8F5YNmyQ==
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v15/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
Protocol
SPDY
Server
216.58.205.227 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s24-in-f3.1e100.net
Software
sffe /
Resource Hash
8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:400,400i,700,700i
Origin
https://mailchi.mp

Response headers

date
Tue, 20 Mar 2018 08:29:52 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Oct 2017 21:49:46 GMT
server
sffe
age
1747168
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
content-length
8892
x-xss-protection
1; mode=block
expires
Wed, 20 Mar 2019 08:29:52 GMT
memnYaGs126MiZpBA-UFUKWiUNhrIqOxjaPX.woff2
fonts.gstatic.com/s/opensans/v15/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v15/memnYaGs126MiZpBA-UFUKWiUNhrIqOxjaPX.woff2
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
Protocol
SPDY
Server
216.58.205.227 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s24-in-f3.1e100.net
Software
sffe /
Resource Hash
41a1032e508250c01a613cfba4db03f302600c43ca5986780c4d8df9f591881c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:400,400i,700,700i
Origin
https://mailchi.mp

Response headers

date
Mon, 12 Feb 2018 16:08:23 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Oct 2017 21:49:48 GMT
server
sffe
age
4830057
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
content-length
9148
x-xss-protection
1; mode=block
expires
Tue, 12 Feb 2019 16:08:23 GMT
mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v15/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
Protocol
SPDY
Server
216.58.205.227 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s24-in-f3.1e100.net
Software
sffe /
Resource Hash
fe32c9921874b35b87acb0a3b558784ca7b9fed91ed34c1d2a68b6566c9d09be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:400,400i,700,700i
Origin
https://mailchi.mp

Response headers

date
Mon, 12 Feb 2018 17:57:46 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Oct 2017 21:49:39 GMT
server
sffe
age
4823494
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
content-length
8800
x-xss-protection
1; mode=block
expires
Tue, 12 Feb 2019 17:57:46 GMT
mem6YaGs126MiZpBA-UFUK0Zdc1GAK6b.woff2
fonts.gstatic.com/s/opensans/v15/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v15/mem6YaGs126MiZpBA-UFUK0Zdc1GAK6b.woff2
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
Protocol
SPDY
Server
216.58.205.227 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s24-in-f3.1e100.net
Software
sffe /
Resource Hash
349c9eaeb1ddfca43b899f7479defefa32bb049c49f25c9ccaa6432cf0ffab95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:400,400i,700,700i
Origin
https://mailchi.mp

Response headers

date
Tue, 13 Feb 2018 15:38:47 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Oct 2017 21:49:48 GMT
server
sffe
age
4745433
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
content-length
9432
x-xss-protection
1; mode=block
expires
Wed, 13 Feb 2019 15:38:47 GMT
ga-audiences
www.google.com.ua/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j66&a=1137613665&t=pageview&_s=1&dl=https%3A%2F%2Fmailchi.mp%2F1f9e94e15ca3%2Fattenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale&dh=.campa...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-329148-88&cid=655339428.1523281760&jid=567403774&_gid=706698792.1523281760&gjid=759425755&_v=j66&z=1292268077
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-329148-88&cid=655339428.1523281760&jid=567403774&_v=j66&z=1292268077
  • https://www.google.com.ua/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-329148-88&cid=655339428.1523281760&jid=567403774&_v=j66&z=1292268077&slf_rd=1&random=1685299764
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com.ua/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-329148-88&cid=655339428.1523281760&jid=567403774&_v=j66&z=1292268077&slf_rd=1&random=1685299764
Requested by
Host: mailchi.mp
URL: https://mailchi.mp/1f9e94e15ca3/attenzione-al-trojan-ursnif-il-virus-con-ingegneria-sociale
Protocol
SPDY
Server
216.58.205.227 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s24-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://mailchi.mp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 09 Apr 2018 13:49:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 09 Apr 2018 13:49:20 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.com.ua/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-329148-88&cid=655339428.1523281760&jid=567403774&_v=j66&z=1292268077&slf_rd=1&random=1685299764
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| GoogleAnalyticsObject function| ga function| $ function| jQuery object| ZeroClipboard object| divsSeen object| currentlyVisible function| updateFacebookCommentsCount function| incrementFacebookLikeCount function| getUrlParams function| setupSocialSharingStuffs object| gaplugins object| gaGlobal object| gaData

4 Cookies

Domain/Path Name / Value
.mailchi.mp/ Name: _gid
Value: GA1.2.706698792.1523281760
.mailchi.mp/ Name: _ga
Value: GA1.2.655339428.1523281760
.mailchi.mp/ Name: _gat
Value: 1
mailchi.mp/ Name: _AVESTA_ENVIRONMENT
Value: prod

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn-images.mailchimp.com
fonts.googleapis.com
fonts.gstatic.com
gallery.mailchimp.com
mailchi.mp
stats.g.doubleclick.net
us14.campaign-archive.com
www.google-analytics.com
www.google.com
www.google.com.ua
13.32.159.74
13.32.221.65
172.217.16.202
173.194.76.156
2.17.189.147
216.58.205.227
216.58.205.228
216.58.205.234
216.58.205.238
23.8.1.238
19f0a438462bd40f22e7f4a4e9b342f95b83487c7e69938212ac738a3d0580f0
1cdfae740af1a72b00f719a95285a001fea33547902decad8be922b6dea831fe
33a60bc69de2ae6fc6c105cb7044bad31bdd6ba9087563b1b2e5a9ccbe80484d
349c9eaeb1ddfca43b899f7479defefa32bb049c49f25c9ccaa6432cf0ffab95
3e80336866d121116d015d8762f3ffd3bb19244ea1485c8f832a2e41081b3458
41a1032e508250c01a613cfba4db03f302600c43ca5986780c4d8df9f591881c
482ff52aa178d39f5b1082c74b40f7a4470f3039ee8df5624e38e04389f564b3
8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167
8aeea3b969d1b345f0e40283e83abbb8f9d35287b36dbc292e70ddd8ac781fbb
a6e85aaeabefc184393b15c6dabbc4616d8cbff5e0ffb43ddbe3254bd82045e0
cd01f2b180c14ddb22611e0b602cac5a21e41000ec1372e1928cb0d7ebb33d76
e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59
e7df3ca83c43e7c1602a5df22ce6f44135e6b06de295fd045b00a4996f745d5e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5757a2fa0f0ae8f63c1c38afe86ff1987e183801a8059d65c450c220d0422bf
f68884287f8060d6d72243b8eaf3476c40809adbd772bba1a2e541e6d746e7dc
f8ef655ef916e39713ede9c6db56d7ca5618bd82cf5ac991dcd013f05e0fdfc7
fca3552203128521932e8efb0113fecac13722a10b47c879d547b59c6c81d127
fe32c9921874b35b87acb0a3b558784ca7b9fed91ed34c1d2a68b6566c9d09be