pdf-pagamento-della-fattura.web.app Open in urlscan Pro
2620:0:890::100 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pdf-pagamento-della-fattura.web.app/?w=p.gelato%40inail.it&data=05%7C01%7Cioc%40inail.it%7C85a0bb7e560e460f000508dab1f9cb1b%7C418322...
Submission Tags: falconsandbox
Submission: On October 20 via api (October 20th 2022, 5:16:46 am UTC) from US — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 5 domains to perform 8 HTTP transactions. The main IP is 2620:0:890::100, located in United States and belongs to FASTLY, US. The main domain is pdf-pagamento-della-fattura.web.app.
TLS certificate: Issued by GTS CA 1D4 on October 19th 2022. Valid for: 3 months.

This is the only time pdf-pagamento-della-fattura.web.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Adobe (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2	2620:0:890::100 2620:0:890::100	54113 (FASTLY) (FASTLY)
2	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	143.204.203.34 143.204.203.34	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:214... 2600:9000:214f:9c00:6:4afb:9140:93a1	16509 (AMAZON-02) (AMAZON-02)
8	5

2 2620:0:890::100 (United States)

ASN54113 (FASTLY, US)

pdf-pagamento-della-fattura.web.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.203.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-203-34.fra53.r.cloudfront.net

static.adobelogin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:9c00:6:4afb:9140:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.mcauto-images-production.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 216	36 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 394	53 KB
2	web.app pdf-pagamento-della-fattura.web.app	3 KB
1	sendgrid.net cdn.mcauto-images-production.sendgrid.net — Cisco Umbrella Rank: 21272	42 KB
1	adobelogin.com static.adobelogin.com — Cisco Umbrella Rank: 32547	4 KB
8	5

	Domain	Requested by
2	cdnjs.cloudflare.com	pdf-pagamento-della-fattura.web.app
2	cdn.jsdelivr.net	pdf-pagamento-della-fattura.web.app
2	pdf-pagamento-della-fattura.web.app	pdf-pagamento-della-fattura.web.app
1	cdn.mcauto-images-production.sendgrid.net	pdf-pagamento-della-fattura.web.app
1	static.adobelogin.com	pdf-pagamento-della-fattura.web.app
8	5

This site contains no links.

Subject Issuer	Validity	Valid
web.app GTS CA 1D4	`2022-10-19` - `2023-01-17`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
static.adobelogin.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-06` - `2023-07-07`	a year	crt.sh
cdn.mcauto-images-production.sendgrid.net Amazon	`2022-05-19` - `2023-06-17`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://pdf-pagamento-della-fattura.web.app/?w=p.gelato%40inail.it&data=05%7C01%7Cioc%40inail.it%7C85a0bb7e560e460f000508dab1f9cb1b%7C418322d35401446f99969e2e03ee3a5e%7C0%7C0%7C638017984952741686%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV
Frame ID: 41E6E3520F135FC81F4F77558A079BA9
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PDF ONLINE

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

8
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

5
IPs

1
Countries

137 kB
Transfer

432 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
pdf-pagamento-della-fattura.web.app/ 4 KB
2 KB 236ms
102ms Document
text/html 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://pdf-pagamento-della-fattura.web.app/?w=p.gelato%40inail.it&data=05%7C01%7Cioc%40inail.it%7C85a0bb7e560e460f000508dab1f9cb1b%7C418322d35401446f99969e2e03ee3a5e%7C0%7C0%7C638017984952741686%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6ec0a7c90cd3c73fc4f7b4c5d098a3cd6546e13c0f9101ccdf7ef255d7dc7c08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=3600
content-encoding: br
content-length: 1267
content-type: text/html; charset=utf-8
date: Thu, 20 Oct 2022 05:16:42 GMT
etag: "5e7b23a07cda9b8affe4ae1411002a75eeefcfc22866e79b01ec3a38b8890076-br"
last-modified: Wed, 19 Oct 2022 06:23:12 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-muc13941-MUC
x-timer: S1666243002.962253,VS0,VE57

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/css/ 190 KB
29 KB 90ms
34ms Stylesheet
text/css 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/css/bootstrap.min.css

Requested by

Host: pdf-pagamento-della-fattura.web.app
URL: https://pdf-pagamento-della-fattura.web.app/?w=p.gelato%40inail.it&data=05%7C01%7Cioc%40inail.it%7C85a0bb7e560e460f000508dab1f9cb1b%7C418322d35401446f99969e2e03ee3a5e%7C0%7C0%7C638017984952741686%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed959b654022f7bae48ab9380dc129e065833e45a944c70d684c971ac3578cb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pdf-pagamento-della-fattura.web.app/
Origin: https://pdf-pagamento-della-fattura.web.app
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 05:16:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 7996595
x-jsd-version: 5.2.0
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19167-FRA, cache-iad-kiad7000134-IAD
x-jsd-version-type: version
server: cloudflare
etag: W/"2f88b-Yz6bIW1g1A6raHMXUTTpNbVU+JE"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KSC%2FyNRJ8zMp4XNLBYhL69uvqB22ver3Fh2xeumIoP%2FSq2Y1mwm%2F5jKfrpAcm0K5wNG0aA0w71QOBQhtk9JAZH0Lywd7TmbugQy6qwuU%2Benuq99uoLmctvKo35hVAT2oN7mTh6VLfDEDwTV%2Fmo0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 75cf486b39236921-FRA

GET
H2 200 4x_817cf14a2f3fcff4ee6d4e35c5026779.png
static.adobelogin.com/clients/virgoweb-2020/ 3 KB
4 KB 105ms
22ms Image
image/png 143.204.203.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adobelogin.com/clients/virgoweb-2020/4x_817cf14a2f3fcff4ee6d4e35c5026779.png
Requested by: Host: pdf-pagamento-della-fattura.web.app
URL: https://pdf-pagamento-della-fattura.web.app/?w=p.gelato%40inail.it&data=05%7C01%7Cioc%40inail.it%7C85a0bb7e560e460f000508dab1f9cb1b%7C418322d35401446f99969e2e03ee3a5e%7C0%7C0%7C638017984952741686%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.203.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-203-34.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bf2c42990195a30809f22c5097c932f55e458d68220a542d1260a62e07fd23c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pdf-pagamento-della-fattura.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: null
date: Thu, 20 Oct 2022 04:39:00 GMT
via: 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
last-modified: Thu, 10 Jun 2021 12:31:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 2792
etag: "25bd761418173f99a652f875fae7e82c"
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 3484
x-amz-cf-id: JT7BgdnplBYMCteXnsvh9VDN6182R023wXRxDNscfDK6vDvyVo792w==

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/ 88 KB
28 KB 84ms
36ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://pdf-pagamento-della-fattura.web.app
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 05:16:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 4702326
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27990
last-modified: Fri, 26 Aug 2022 18:34:13 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "63091225-6d56"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xlRQFeZvDY4HI8KkyK%2F65gLBMWbnyu%2BeLU%2BoY8ROZCfo6Jv5aiwHSoWNEv2BM9UsSHXOpwzAu0laCZbj2H0dhQqn3lT7JiILtQ0SPCXbAwfBW6QkIoeWIt8OCuiET87AFDaNSW2AosPC7YWWJJNUFNBr"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 75cf486b4c806939-FRA
expires: Tue, 10 Oct 2023 05:16:42 GMT

GET
H2 200 bootstrap.bundle.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/js/ 78 KB
24 KB 72ms
33ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/js/bootstrap.bundle.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0c09020adb6f602b16d48374166b9e38ca92383a81650b6a9097c43cc43f31f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pdf-pagamento-della-fattura.web.app/
Origin: https://pdf-pagamento-della-fattura.web.app
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 05:16:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 7995914
x-jsd-version: 5.2.0
content-encoding: br
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19126-FRA, cache-itm18840-ITM
x-jsd-version-type: version
server: cloudflare
etag: W/"137ae-xmO6oFGFa2TXRmKalh4ju/D7r4w"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=glbOWTn%2B8T10dfzZsPqUFbSFab21jsAzP%2FXxn1pRf1WS%2FBLzjOpftapKqUybxywCpgvLlaBHX45CBD1qFsvtQBax7txq%2Fhnts7%2BNCIYkiD4o0ObnnyfCQrW8sxAXssqLJ3v5todvwXw%2B9LF%2FkXo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 75cf486b39276921-FRA

GET
H2 200 jquery.validate.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.5/ 24 KB
8 KB 83ms
35ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.5/jquery.validate.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

270524b0d27afd1d3b6622d1a176c678daed94564c143297e217a63e21ce9820

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pdf-pagamento-della-fattura.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 05:16:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 9071752
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7032
last-modified: Fri, 01 Jul 2022 15:30:23 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "62bf130f-1b78"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZkQymFm9vkG5T9c091hNIWWsHDNqX8BAlaWuHfTmNB9e14YS01A1WpoVuNsGTu6B7xk%2FbonQdQxBURJSM2ExvTvG2WwLKo4dMnQgi%2BplYdsqszAzZ7gc%2F0EMCul4He3L9fnRRW7y3yTBGkAVkS0OpNTe"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 75cf486b3ad4691b-FRA
expires: Tue, 10 Oct 2023 05:16:42 GMT

GET
H2 200 index.js Show response
pdf-pagamento-della-fattura.web.app/ 4 KB
1 KB 46ms
45ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://pdf-pagamento-della-fattura.web.app/index.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8d1f9d1b356371a86587ce39318b55eef4ee5dceb0e13e61b5ce7f8c147e3dc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pdf-pagamento-della-fattura.web.app/?w=p.gelato%40inail.it&data=05%7C01%7Cioc%40inail.it%7C85a0bb7e560e460f000508dab1f9cb1b%7C418322d35401446f99969e2e03ee3a5e%7C0%7C0%7C638017984952741686%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-served-by: cache-muc13941-MUC
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Thu, 20 Oct 2022 05:16:42 GMT
last-modified: Wed, 19 Oct 2022 06:23:12 GMT
x-timer: S1666243002.085439,VS0,VE1
etag: "765e4f143aa67951af7cc6c013f43c6281e6af8515239e90fb409385ec67894d-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 948
x-cache-hits: 1

GET
H2 200 1366x768.jpg
cdn.mcauto-images-production.sendgrid.net/32724a092ad701f7/c6e2282d-8a53-44c8-9b7c-262b2479f731/ 41 KB
42 KB 107ms
26ms Image
binary/octet-stream 2600:9000:214f:9c00:6:4afb:9140:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mcauto-images-production.sendgrid.net/32724a092ad701f7/c6e2282d-8a53-44c8-9b7c-262b2479f731/1366x768.jpg
Requested by: Host: pdf-pagamento-della-fattura.web.app
URL: https://pdf-pagamento-della-fattura.web.app/?w=p.gelato%40inail.it&data=05%7C01%7Cioc%40inail.it%7C85a0bb7e560e460f000508dab1f9cb1b%7C418322d35401446f99969e2e03ee3a5e%7C0%7C0%7C638017984952741686%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:9c00:6:4afb:9140:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e61d76a5ce6532cc01241cdb4028157ed3c5f3a3d45cb0f0e01f3a961d3a7c01

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pdf-pagamento-della-fattura.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: QK.6N6LE6Teyx7CsCJNOWb2Lzftkt5Pa
date: Thu, 20 Oct 2022 04:55:42 GMT
via: 1.1 0cbb1ca51bf146be48b40804581e4466.cloudfront.net (CloudFront)
last-modified: Tue, 08 Sep 2020 13:40:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 2009
etag: "4860b3f5c2527b01beb37df985da7005"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 42147
x-amz-cf-id: 2ShzkYkqvjcCanPmlfAWICazCJp1m609lxyZhWRFlIdn-W-JSh0mfg==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Adobe (Consumer)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://pdf-pagamento-della-fattura.web.app/?w=p.gelato%40inail.it&data=05%7C01%7Cioc%40inail.it%7C85a0bb7e560e460f000508dab1f9cb1b%7C418322d35401446f99969e2e03ee3a5e%7C0%7C0%7C638017984952741686%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV Message: Error parsing 'integrity' attribute ('sha512-aVKKRRi/Q/YV+4mjoKBsE4x3H +BkegoM/em46NNlCqNTmUYADjBbeNefNxYV7giUp0VxICtqdrbqU7iVaeZNXA=='). The hash algorithm must be one of 'sha256', 'sha384', or 'sha512', followed by a '-' character.
security	error	URL: https://pdf-pagamento-della-fattura.web.app/?w=p.gelato%40inail.it&data=05%7C01%7Cioc%40inail.it%7C85a0bb7e560e460f000508dab1f9cb1b%7C418322d35401446f99969e2e03ee3a5e%7C0%7C0%7C638017984952741686%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV Message: Failed to find a valid digest in the 'integrity' attribute for resource 'https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js' with computed SHA-512 integrity 'aVKKRRi/Q/YV+4mjoKBsE4x3H+BkegoM/em46NNlCqNTmUYADjBbeNefNxYV7giUp0VxICtqdrbqU7iVaeZNXA=='. The resource has been blocked.
security	error	URL: https://pdf-pagamento-della-fattura.web.app/?w=p.gelato%40inail.it&data=05%7C01%7Cioc%40inail.it%7C85a0bb7e560e460f000508dab1f9cb1b%7C418322d35401446f99969e2e03ee3a5e%7C0%7C0%7C638017984952741686%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV Message: Error parsing 'integrity' attribute ('sha384- A3rJD856KowSb7dwlZdYEkO39Gagi7vIsF0jrRAoQmDKKtQBHUuLZ9AsSv4jD4Xa'). The digest must be a valid, base64-encoded value.
security	error	URL: https://pdf-pagamento-della-fattura.web.app/?w=p.gelato%40inail.it&data=05%7C01%7Cioc%40inail.it%7C85a0bb7e560e460f000508dab1f9cb1b%7C418322d35401446f99969e2e03ee3a5e%7C0%7C0%7C638017984952741686%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV Message: Error parsing 'integrity' attribute ('sha384- A3rJD856KowSb7dwlZdYEkO39Gagi7vIsF0jrRAoQmDKKtQBHUuLZ9AsSv4jD4Xa'). The hash algorithm must be one of 'sha256', 'sha384', or 'sha512', followed by a '-' character.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdn.mcauto-images-production.sendgrid.net
cdnjs.cloudflare.com
pdf-pagamento-della-fattura.web.app
static.adobelogin.com
143.204.203.34
2600:9000:214f:9c00:6:4afb:9140:93a1
2606:4700::6810:5614
2606:4700::6811:190e
2620:0:890::100
270524b0d27afd1d3b6622d1a176c678daed94564c143297e217a63e21ce9820
6ec0a7c90cd3c73fc4f7b4c5d098a3cd6546e13c0f9101ccdf7ef255d7dc7c08
8d1f9d1b356371a86587ce39318b55eef4ee5dceb0e13e61b5ce7f8c147e3dc3
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
bf2c42990195a30809f22c5097c932f55e458d68220a542d1260a62e07fd23c5
c0c09020adb6f602b16d48374166b9e38ca92383a81650b6a9097c43cc43f31f
e61d76a5ce6532cc01241cdb4028157ed3c5f3a3d45cb0f0e01f3a961d3a7c01
ed959b654022f7bae48ab9380dc129e065833e45a944c70d684c971ac3578cb8

pdf-pagamento-della-fattura.web.app Open in urlscan Pro 2620:0:890::100 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

80 %IPv6

5 Domains

5 Subdomains

5 IPs

1 Countries

137 kBTransfer

432 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

0 Cookies

4 Console Messages

Security Headers

Indicators

pdf-pagamento-della-fattura.web.app Open in urlscan Pro
2620:0:890::100 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

5
IPs

1
Countries

137 kB
Transfer

432 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!