urlscan.io logo urlscan.io
SecurityTrails logo

clicaweb.com Open in urlscan Pro
81.88.52.162  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://clicaweb.com/kon
Effective URL: https://clicaweb.com/kon/Active92.php
Submission: On November 07 via api from US — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 8 HTTP transactions. The main IP is 81.88.52.162, located in Italy and belongs to REGISTER-AS, IT. The main domain is clicaweb.com.
TLS certificate: Issued by R3 on September 18th 2023. Valid for: 3 months.
This is the only time clicaweb.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Viseca (Financial)

Domain & IP information

IP Address AS Autonomous System
1 3 81.88.52.162 39729 (REGISTER-AS)
1 217.111.139.8 ()
1 192.229.220.206 ()
8 4
Apex Domain
Subdomains		 Transfer
3 clicaweb.com
clicaweb.com
65 KB
1 dribbble.com
cdn.dribbble.com
70 KB
1 one-digitalservice.ch
one-digitalservice.ch Failed
2 KB
0 cloudflare.com Failed
cdnjs.cloudflare.com Failed
8 4
Domain Requested by
3 clicaweb.com 1 redirects
1 cdn.dribbble.com clicaweb.com
1 one-digitalservice.ch clicaweb.com
0 cdnjs.cloudflare.com Failed clicaweb.com
8 4

This site contains no links.

Subject Issuer Validity Valid
www.clicaweb.com
R3		 2023-09-18 -
2023-12-17		 3 months crt.sh
one-digitalservice.ch
DigiCert TLS RSA SHA256 2020 CA1		 2023-07-17 -
2024-08-16		 a year crt.sh
*.dribbble.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-03-18 -
2024-04-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://clicaweb.com/kon/Active92.php
Frame ID: 3583FE280945233D8C16B445E3C71710
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

8
Requests

50 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

1
Countries

136 kB
Transfer

135 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://clicaweb.com/kon HTTP 301
  • https://clicaweb.com/kon/

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
clicaweb.com/kon/
Redirect Chain
  • https://clicaweb.com/kon
  • https://clicaweb.com/kon/
0
187 B 		Document
General
Check archive.org
Download Go to
Full URL
https://clicaweb.com/kon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
81.88.52.162 , Italy, ASN39729 (REGISTER-AS, IT),
Reverse DNS
lhcp3162.webapps.net
Software
Apache / PHP/7.3.33
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
de-CH,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 07 Nov 2023 05:47:04 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
refresh
3;url=Active92.php
server
Apache
x-powered-by
PHP/7.3.33

Redirect headers

content-length
233
content-type
text/html; charset=iso-8859-1
date
Tue, 07 Nov 2023 05:47:04 GMT
location
https://clicaweb.com/kon/
server
Apache
Primary Request Active92.php
clicaweb.com/kon/ 		64 KB
64 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://clicaweb.com/kon/Active92.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
81.88.52.162 , Italy, ASN39729 (REGISTER-AS, IT),
Reverse DNS
lhcp3162.webapps.net
Software
Apache / PHP/7.3.33
Resource Hash
36607cbe3073907d0a37b1cad63285124d9793f2e204f9d30f35f2e7c4d2ed72

Request headers

Referer
https://clicaweb.com/kon/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
de-CH,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-type
text/html; charset=UTF-8
date
Tue, 07 Nov 2023 05:47:07 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
Apache
x-powered-by
PHP/7.3.33
style.css
one-digitalservice.ch/login/css/ 		0
0
ispin.css
one-digitalservice.ch/login/css/ 		0
0
jquery.mask.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ 		0
0
one.svg
one-digitalservice.ch/login/images/ 		0
0
one-small.svg
one-digitalservice.ch/login/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://one-digitalservice.ch/login/images/one-small.svg
Requested by
Host: clicaweb.com
URL: https://clicaweb.com/kon/Active92.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
217.111.139.8 -, , ASN (),
Reverse DNS
Software
Apache /
Resource Hash
8b1ac825153c2c2e7321901e800fdaf9ca16e65aaf28d362698400ac3642b18b
Security Headers
Name Value
Strict-Transport-Security max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://clicaweb.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Tue, 07 Nov 2023 05:47:09 GMT
Strict-Transport-Security
max-age=16070400
X-Content-Type-Options
nosniff
Last-Modified
Mon, 20 Jul 2020 13:02:38 GMT
Server
Apache
ETag
W/"1334-1595250158000"
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=500
Content-Length
1334
X-XSS-Protection
1; mode=block
13539-sign-for-error-or-explanation-alert.gif
cdn.dribbble.com/users/251873/screenshots/9288094/ 		70 KB
70 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.dribbble.com/users/251873/screenshots/9288094/13539-sign-for-error-or-explanation-alert.gif
Requested by
Host: clicaweb.com
URL: https://clicaweb.com/kon/Active92.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.220.206 -, , ASN (),
Reverse DNS
Software
ECAcc (frc/4CE4) /
Resource Hash
56a0acab710b61892ebd25df8067eb339b65117c4db12cbd06ef3c7f780fe0ab

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://clicaweb.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 07 Nov 2023 05:47:09 GMT
via
1.1 2b0c54ffe9876882253b010d44184bdc.cloudfront.net (CloudFront)
x-amz-version-id
uKN4vz70l4r02EVFKNtZbevBYhl1sLij
age
52462221
x-amz-cf-pop
IAD89-P2
x-cache
HIT
content-length
71350
last-modified
Sun, 05 Jan 2020 04:37:47 GMT
server
ECAcc (frc/4CE4)
etag
"5ebc1d2f0d8214f3404464430523b575"
access-control-allow-methods
GET, POST, PUT, HEAD
content-type
image/gif
access-control-allow-origin
https://dribbble.com
cache-control
max-age=315576000
access-control-allow-credentials
true
accept-ranges
bytes
x-amz-cf-id
JiSH046-e9waJ3hx5nGbJmm7Q-zeS7HpbUgeVxj9YycvfvV-t3SOJQ==
expires
Thu, 04 Sep 2031 08:06:59 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
one-digitalservice.ch
URL
https://one-digitalservice.ch/login/css/style.css
Domain
one-digitalservice.ch
URL
https://one-digitalservice.ch/login/css/ispin.css
Domain
cdnjs.cloudflare.com
URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js
Domain
one-digitalservice.ch
URL
https://one-digitalservice.ch/login/images/one.svg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Viseca (Financial)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

1 Cookies

Domain/Path Name / Value
clicaweb.com/ Name: PHPSESSID
Value: c6640c417984982395c4d565c5216679

6 Console Messages

Source Level URL
Text
javascript warning URL: https://clicaweb.com/kon/Active92.php(Line 2)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://clicaweb.com/kon/Active92.php(Line 2)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://one-digitalservice.ch/login/css/style.css
Message:
Failed to load resource: net::ERR_CONNECTION_RESET
network error URL: https://one-digitalservice.ch/login/css/ispin.css
Message:
Failed to load resource: net::ERR_CONNECTION_RESET
network error URL: https://one-digitalservice.ch/login/images/one.svg
Message:
Failed to load resource: net::ERR_CONNECTION_RESET
network error URL: https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js
Message:
Failed to load resource: net::ERR_CONNECTION_CLOSED