ccea.com.py
Open in
urlscan Pro
162.214.98.234
Malicious Activity!
Public Scan
Submission: On October 26 via manual from IT
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 21st 2020. Valid for: 3 months.
This is the only time ccea.com.py was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nexi (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 16 | 162.214.98.234 162.214.98.234 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
15 | 1 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: ns41.serverpy.com
ccea.com.py |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
ccea.com.py
1 redirects
ccea.com.py |
2 MB |
15 | 1 |
Domain | Requested by | |
---|---|---|
16 | ccea.com.py |
1 redirects
ccea.com.py
|
15 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ccea.com.py cPanel, Inc. Certification Authority |
2020-10-21 - 2021-01-19 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify/
Frame ID: 710CA713400997CBC8628C9795EE08C4
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify
HTTP 301
https://ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify
HTTP 301
https://ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify/ Redirect Chain
|
308 KB 35 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clientlib-node-style.css
ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify/css/ |
555 KB 555 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loghi-logo--light-double.svg
ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify/images/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icons-app_store.svg
ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify/images/ |
15 KB 16 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icons-google_play.svg
ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify/images/ |
25 KB 25 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nexi-it-style.css
ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify/css/ |
18 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
svg-icon-close.svg
ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify/images/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
svg-icon-phone.svg
ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify/images/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
svg-icon-close-white.svg
ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify/images/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
svg-icon-phone-warning-white.svg
ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify/images/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
svg-ico-down-blue.svg
ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify/images/ |
898 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
placeholder_login_portale_privati.png
ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify/images/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fonts-karbon-regular-webfont.woff
ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify/fonts/ |
24 KB 24 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fonts-karbon-medium-webfont.woff
ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify/fonts/ |
24 KB 25 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fonts-karbon-semibold-webfont.woff
ccea.com.py/nexi-verifica-servizio-richiesta-aggiornare-cliente-nexipay/nexi2sms/Verify/fonts/ |
24 KB 25 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nexi (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ccea.com.py
162.214.98.234
0696904b24ea3bdaf9ee857ded71391ccd44d40b84334571a5c5e71f93b4a0c6
32cde70fcb4ed6949904cec5ef9065adce2196b3e8216bb5874019a9efe96edd
4061275193aa1a5245941f7768b307219fc0f86f44dc1cf4d293168b93a72259
5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27
7e6f9ccce4ea514b53fb258d72b5682c74d1e81ef9148d3c406fbd03cfd56919
861a4758d8d84ee664daa9cebfccf9aa3ab671f213484cb1f5e9ce586670a89b
ade827343407a2a81168acb91cabc1ed7d83de7010966dd1b7f06f4e0344b9e6
b0e6eb3384c56d76fd219c9ecf11037dedd5e68742dda797f3ca7e47f62a205a
c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc
c8e1f312e86564f3d293bb04806f55d4296cc3342321655bb738d7d61eeeef22
d5ded7a91066c885b90252eb9849575a6c2f2e9c87d8748c496af886b731d3f8
da8f1e05131e5d66162cb55a41649268c58aa6c1acac46b996fcacfc99916edb
ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340
eea81fad825553e55c0d8a2e32f271a92b4d87f387f32e3ae0ca926ea3a24a51
f1926ee7a205ed96afdd1b8a74d845d21a64dadb6ef76e672558e5b84b58274c