sunmats.it
Open in
urlscan Pro
46.252.155.27
Malicious Activity!
Public Scan
URL:
http://sunmats.it/area/swedrftgg/excilefiless/index.php?ref
Submission: On November 05 via manual from IT
Submission: On November 05 via manual from IT
Summary
This website contacted 4 IPs
in 3 countries
across 3 domains to perform 9 HTTP transactions.
The main IP is 46.252.155.27, located in
Italy and
belongs to ASSUPERNOVA, IT.
The main domain is sunmats.it.
This is the only time sunmats.it was scanned on urlscan.io!
This is the only time sunmats.it was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Excel / PDF download (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 6 | 46.252.155.27 46.252.155.27 | 60087 (ASSUPERNOVA) (ASSUPERNOVA) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:820::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:81b::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:2b | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
| 9 | 4 |
1
2a00:1450:4001:820::200a
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE - Google LLC, US)
ASN15169 (GOOGLE - Google LLC, US)
| fonts.googleapis.com |
1
2a00:1450:4001:81b::200a
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE - Google LLC, US)
ASN15169 (GOOGLE - Google LLC, US)
| ajax.googleapis.com |
1
2001:4de0:ac19::1:b:2b
(Netherlands)
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
| code.jquery.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 6 |
sunmats.it
sunmats.it |
548 KB |
| 2 |
googleapis.com
fonts.googleapis.com ajax.googleapis.com |
34 KB |
| 1 |
jquery.com
code.jquery.com |
29 KB |
| 9 | 3 |
| Domain | Requested by | |
|---|---|---|
| 6 | sunmats.it |
sunmats.it
ajax.googleapis.com |
| 1 | code.jquery.com |
sunmats.it
|
| 1 | ajax.googleapis.com |
sunmats.it
|
| 1 | fonts.googleapis.com |
sunmats.it
|
| 9 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://sunmats.it/area/swedrftgg/excilefiless/index.php?ref
Frame ID: 0E7E9AABBDA67B65F15DFB9AEE8A843B
Requests: 9 HTTP requests in this frame
Screenshot
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- url /\.php(?:$|\?)/i
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Google Font API
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
index.php
sunmats.it/area/swedrftgg/excilefiless/ |
8 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
css
fonts.googleapis.com/ |
8 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.7.1/ |
92 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-2.1.3.min.js
code.jquery.com/ |
82 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
progress_spinner_color_20dp_4x.gif
sunmats.it/area/swedrftgg/excilefiless/ |
66 KB 66 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
BG.jpg
sunmats.it/area/swedrftgg/excilefiless/ |
242 KB 242 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
asb.png
sunmats.it/area/swedrftgg/excilefiless/ |
58 KB 59 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
aI3V9.gif
sunmats.it/area/swedrftgg/excilefiless/ |
162 KB 163 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
asdd.png
sunmats.it/area/swedrftgg/excilefiless/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Excel / PDF download (Online)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
code.jquery.com
fonts.googleapis.com
sunmats.it
2001:4de0:ac19::1:b:2b
2a00:1450:4001:81b::200a
2a00:1450:4001:820::200a
46.252.155.27
21fa88b5a80eeff428d2dcca7474c51853257f1dadd2085a01009aa5daa9b1c3
303961398d1a175ad761fc6f671f47a282a2f1f679b4db52997941da36a9a618
6428906cd83afaf4cd4079de51674ebd67182993a642c090e854b0b853bf4c10
6ad6f0c3ffa3e24a6516868aeec34331d183280280e4565d901bc33c47cd02ac
77dcae4054a9fc2890e0a6939149143a0aa5888c360905e48fa459f8aa28d5bd
7cd27e209c40684c76278d8eee3006d19d0f1c41ec38b82250fa87d3344d2619
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3
eae9dc35611388265d6587a2b15eaa1452273485900f233fad1508b86e48aeec