www.ecom-sella.com Open in urlscan Pro
67.195.197.75 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/
Effective URL:
https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/
Submission: On June 05 via automatic, source openphish (June 5th 2019, 3:04:37 pm UTC)

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 67.195.197.75, located in United States and belongs to YAHOO-3 - Oath Holdings Inc., US. The main domain is www.ecom-sella.com.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G2 on June 4th 2019. Valid for: a year.

This is the only time www.ecom-sella.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banca Sella (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 13	67.195.197.75 67.195.197.75	26101 (YAHOO-3) (YAHOO-3 - Oath Holdings Inc.)
1	213.218.53.1 213.218.53.1	21451 (SELLA-AS) (SELLA-AS)
1	34.234.4.38 34.234.4.38	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
14	3

13 67.195.197.75 (United States) 1 redirects

ASN26101 (YAHOO-3 - Oath Holdings Inc., US)
PTR: p9ats-i.geo.vip.bf1.yahoo.com

www.ecom-sella.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.218.53.1 (Mathi, Italy)

ASN21451 (SELLA-AS, IT)

ecomm.sella.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.234.4.38 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-234-4-38.compute-1.amazonaws.com

np.lexity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	ecom-sella.com 1 redirects www.ecom-sella.com	81 KB
1	lexity.com np.lexity.com	4 KB
1	sella.it ecomm.sella.it	307 B
14	3

	Domain	Requested by
13	www.ecom-sella.com	1 redirects www.ecom-sella.com
1	np.lexity.com	www.ecom-sella.com
1	ecomm.sella.it	www.ecom-sella.com
14	3

This site contains no links.

Subject Issuer	Validity	Valid
ecom-sella.com Encryption Everywhere DV TLS CA - G2	`2019-06-04` - `2020-06-03`	a year	crt.sh
ecomm.sella.it DigiCert SHA2 Extended Validation Server CA	`2019-01-08` - `2021-01-12`	2 years	crt.sh
*.lexity.com DigiCert SHA2 High Assurance Server CA	`2019-01-24` - `2019-07-23`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/
Frame ID: 6D6F248C81D4DB693A16AD3A04B04B52
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ HTTP 301
https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ Page URL

Detected technologies

Apache Traffic Server (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /ATS\/?([\d.]+)?/i

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

85 kB
Transfer

85 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ HTTP 301
https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ Redirect Chain http://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/	17 KB 17 KB	648ms 647ms	Document text/html	67.195.197.75 Oath Holdings Inc.
General Check archive.org Show headers Download Go to Full URL https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 67.195.197.75 , United States, ASN26101 (YAHOO-3 - Oath Holdings Inc., US), Reverse DNS p9ats-i.geo.vip.bf1.yahoo.com Software ATS/7.1.2 / Resource Hash `b60891683a77c7d51559ed6c50cc255dbd9ba52fead5a271384cbe3fe3144535` Request headers Host www.ecom-sella.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate, br Cookie BX=2fh3me1effmfi&b=3&s=t8; PHPSESSID=0df585d1ffd9e1434fa501182ac33e79 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 05 Jun 2019 15:04:20 GMT P3P policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Content-Type text/html; charset=UTF-8 Age 2 Transfer-Encoding chunked Connection keep-alive Server ATS/7.1.2 Redirect headers Date Wed, 05 Jun 2019 15:04:20 GMT Connection keep-alive Server ATS/7.1.2 Cache-Control no-store Location https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ Content-Type text/html Content-Language en Content-Length 207
GET H/1.1	200 OK	jquery-ui.css www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/	28 KB 28 KB	129ms 128ms	Stylesheet text/css	67.195.197.75 Oath Holdings Inc.
General Check archive.org Show headers Download Go to Full URL https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/jquery-ui.css Requested by Host: www.ecom-sella.com URL: https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 67.195.197.75 , United States, ASN26101 (YAHOO-3 - Oath Holdings Inc., US), Reverse DNS p9ats-i.geo.vip.bf1.yahoo.com Software ATS/7.1.2 / Resource Hash `cd9d50c2ed2435774cb02b8f38f4292f40a3a54fb87a5a88b0819b6a1c1c6c32` Request headers Referer https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 05 Jun 2019 15:04:21 GMT Last-Modified Wed, 05 Jun 2019 12:14:58 GMT Server ATS/7.1.2 Age 0 P3P policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Connection keep-alive Accept-Ranges bytes Content-Type text/css Content-Length 28195
GET H/1.1	200 OK	osp.js Show response www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/	3 KB 3 KB	441ms 202ms	Script application/x-javascript	67.195.197.75 Oath Holdings Inc.
General Check archive.org Show headers Download Go to Full URL https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/osp.js Requested by Host: www.ecom-sella.com URL: https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 67.195.197.75 , United States, ASN26101 (YAHOO-3 - Oath Holdings Inc., US), Reverse DNS p9ats-i.geo.vip.bf1.yahoo.com Software ATS/7.1.2 / Resource Hash `3e4f14e97b2e0b57670a79102e1ca94da829d4b02863a5c16c057a01acd81906` Request headers Referer https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 05 Jun 2019 15:04:21 GMT Last-Modified Wed, 05 Jun 2019 12:14:58 GMT Server ATS/7.1.2 Age 0 P3P policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Connection keep-alive Accept-Ranges bytes Content-Type application/x-javascript Content-Length 2939
GET H/1.1	200 OK	dyf.css www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/	16 KB 17 KB	299ms 202ms	Stylesheet text/css	67.195.197.75 Oath Holdings Inc.
General Check archive.org Show headers Download Go to Full URL https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/dyf.css Requested by Host: www.ecom-sella.com URL: https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 67.195.197.75 , United States, ASN26101 (YAHOO-3 - Oath Holdings Inc., US), Reverse DNS p9ats-i.geo.vip.bf1.yahoo.com Software ATS/7.1.2 / Resource Hash `499c82ca6d88e978791ad761998f039d8132424d98ff78fb8bc47bb9b898e438` Request headers Referer https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 05 Jun 2019 15:04:21 GMT Last-Modified Wed, 05 Jun 2019 12:14:58 GMT Server ATS/7.1.2 Age 0 P3P policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Connection keep-alive Accept-Ranges bytes Content-Type text/css Content-Length 16542
GET H/1.1	200 OK	checkBrowser.css www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/	3 KB 3 KB	435ms 202ms	Stylesheet text/css	67.195.197.75 Oath Holdings Inc.
General Check archive.org Show headers Download Go to Full URL https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/checkBrowser.css Requested by Host: www.ecom-sella.com URL: https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 67.195.197.75 , United States, ASN26101 (YAHOO-3 - Oath Holdings Inc., US), Reverse DNS p9ats-i.geo.vip.bf1.yahoo.com Software ATS/7.1.2 / Resource Hash `377bbde16c41beb713154c2c290c5e4fad31dc9ecd5872ea863461143f1aa84b` Request headers Referer https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 05 Jun 2019 15:04:21 GMT Last-Modified Wed, 05 Jun 2019 12:14:58 GMT Server ATS/7.1.2 Age 0 P3P policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Connection keep-alive Accept-Ranges bytes Content-Type text/css Content-Length 2600
GET H/1.1	200 OK	LOGO_BSE_PAGAM.svg www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/	3 KB 4 KB	437ms 138ms	Image image/svg+xml	67.195.197.75 Oath Holdings Inc.
General Check archive.org Show headers Download Go to Show image Full URL https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/LOGO_BSE_PAGAM.svg Requested by Host: www.ecom-sella.com URL: https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 67.195.197.75 , United States, ASN26101 (YAHOO-3 - Oath Holdings Inc., US), Reverse DNS p9ats-i.geo.vip.bf1.yahoo.com Software ATS/7.1.2 / Resource Hash `b7df3f607e2704502e16154beb52a35346a937ab5ccd276ccb288f0c5a7aad66` Request headers Referer https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 05 Jun 2019 15:04:21 GMT Last-Modified Wed, 05 Jun 2019 12:14:58 GMT Server ATS/7.1.2 Age 0 P3P policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Connection keep-alive Accept-Ranges bytes Content-Type image/svg+xml Content-Length 3567
GET H/1.1	200 OK	language_italian.svg www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/	752 B 1 KB	703ms 268ms	Image image/svg+xml	67.195.197.75 Oath Holdings Inc.
General Check archive.org Show headers Download Go to Show image Full URL https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/language_italian.svg Requested by Host: www.ecom-sella.com URL: https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 67.195.197.75 , United States, ASN26101 (YAHOO-3 - Oath Holdings Inc., US), Reverse DNS p9ats-i.geo.vip.bf1.yahoo.com Software ATS/7.1.2 / Resource Hash `893899185a057e264b6b13635054edd3ae805c6abc2767a7ab79b361edc8f9c8` Request headers Referer https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 05 Jun 2019 15:04:22 GMT Last-Modified Wed, 05 Jun 2019 12:14:58 GMT Server ATS/7.1.2 Age 0 P3P policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Connection keep-alive Accept-Ranges bytes Content-Type image/svg+xml Content-Length 752
GET H/1.1	200 OK	icon_arrowhead_progressBar_finished.svg www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/	2 KB 3 KB	127ms 126ms	Image image/svg+xml	67.195.197.75 Oath Holdings Inc.
General Check archive.org Show headers Download Go to Show image Full URL https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/icon_arrowhead_progressBar_finished.svg Requested by Host: www.ecom-sella.com URL: https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 67.195.197.75 , United States, ASN26101 (YAHOO-3 - Oath Holdings Inc., US), Reverse DNS p9ats-i.geo.vip.bf1.yahoo.com Software ATS/7.1.2 / Resource Hash `80052e087c7689485037572a21818f76c1132d3f447b76e619a07bb6e77431d3` Request headers Referer https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 05 Jun 2019 15:04:21 GMT Last-Modified Wed, 05 Jun 2019 12:14:58 GMT Server ATS/7.1.2 Age 0 P3P policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Connection keep-alive Accept-Ranges bytes Content-Type image/svg+xml Content-Length 2123
GET H/1.1	200 OK	icon_arrowhead_progressBar_now.svg www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/	2 KB 3 KB	210ms 210ms	Image image/svg+xml	67.195.197.75 Oath Holdings Inc.
General Check archive.org Show headers Download Go to Show image Full URL https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/icon_arrowhead_progressBar_now.svg Requested by Host: www.ecom-sella.com URL: https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 67.195.197.75 , United States, ASN26101 (YAHOO-3 - Oath Holdings Inc., US), Reverse DNS p9ats-i.geo.vip.bf1.yahoo.com Software ATS/7.1.2 / Resource Hash `78968380547ed62f00c1d115f573b73fd7c928bc3c418dbc2ea0934406edf912` Request headers Referer https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 05 Jun 2019 15:04:22 GMT Last-Modified Wed, 05 Jun 2019 12:14:58 GMT Server ATS/7.1.2 Age 0 P3P policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Connection keep-alive Accept-Ranges bytes Content-Type image/svg+xml Content-Length 2134
GET H/1.1	200 OK	icon_arrowhead_progressBar_next.svg www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/	2 KB 3 KB	253ms 136ms	Image image/svg+xml	67.195.197.75 Oath Holdings Inc.
General Check archive.org Show headers Download Go to Show image Full URL https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/icon_arrowhead_progressBar_next.svg Requested by Host: www.ecom-sella.com URL: https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 67.195.197.75 , United States, ASN26101 (YAHOO-3 - Oath Holdings Inc., US), Reverse DNS p9ats-i.geo.vip.bf1.yahoo.com Software ATS/7.1.2 / Resource Hash `55cc680096c147031170a3f5bc174ae7c721d8ec9c4a4495c1cff47ecd2fa9ab` Request headers Referer https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 05 Jun 2019 15:04:22 GMT Last-Modified Wed, 05 Jun 2019 12:14:58 GMT Server ATS/7.1.2 Age 0 P3P policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Connection keep-alive Accept-Ranges bytes Content-Type image/svg+xml Content-Length 2135
GET H/1.1	200 OK	spacer.gif ecomm.sella.it/pagam/images/pagam2002/	43 B 307 B	204ms 46ms	Image image/gif	213.218.53.1 SELLA-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ecomm.sella.it/pagam/images/pagam2002/spacer.gif Requested by Host: www.ecom-sella.com URL: https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 213.218.53.1 Mathi, Italy, ASN21451 (SELLA-AS, IT), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87` Request headers Referer https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 05 Jun 2019 15:04:22 GMT ETag "0d0d8bf3616d51:0" Last-Modified Wed, 29 May 2019 15:54:08 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET p3p CP="ALL IND" Accept-Ranges bytes Content-Type image/gif Content-Length 43
GET H/1.1	404 Not Found	icon_arrowhead_main.svg www.ecom-sella.com/it/pagam/swiftPayment/images/	73 B 73 B	335ms 129ms	Image text/html	67.195.197.75 Oath Holdings Inc.
General Check archive.org Show headers Download Go to Show image Full URL https://www.ecom-sella.com/it/pagam/swiftPayment/images/icon_arrowhead_main.svg Requested by Host: www.ecom-sella.com URL: https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 67.195.197.75 , United States, ASN26101 (YAHOO-3 - Oath Holdings Inc., US), Reverse DNS p9ats-i.geo.vip.bf1.yahoo.com Software ATS/7.1.2 / Resource Hash `3d2e986f8fda4fdc4f902fe5f0e68a9dfb63cf292ca442350bf095792adc188d` Request headers Referer https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/dyf.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 05 Jun 2019 15:04:22 GMT Server ATS/7.1.2 Connection keep-alive Age 0 P3P policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Transfer-Encoding chunked Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	icon_arrowhead_back.svg www.ecom-sella.com/it/pagam/swiftPayment/images/	73 B 73 B	377ms 127ms	Image text/html	67.195.197.75 Oath Holdings Inc.
General Check archive.org Show headers Download Go to Show image Full URL https://www.ecom-sella.com/it/pagam/swiftPayment/images/icon_arrowhead_back.svg Requested by Host: www.ecom-sella.com URL: https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 67.195.197.75 , United States, ASN26101 (YAHOO-3 - Oath Holdings Inc., US), Reverse DNS p9ats-i.geo.vip.bf1.yahoo.com Software ATS/7.1.2 / Resource Hash `3d2e986f8fda4fdc4f902fe5f0e68a9dfb63cf292ca442350bf095792adc188d` Request headers Referer https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/css/dyf.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 05 Jun 2019 15:04:22 GMT Server ATS/7.1.2 Connection keep-alive Age 0 P3P policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Transfer-Encoding chunked Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	c2a563409d462baef16b8bdff9ae6725 Show response np.lexity.com/embed/YW/	9 KB 4 KB	107ms 107ms	Script text/plain	34.234.4.38 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://np.lexity.com/embed/YW/c2a563409d462baef16b8bdff9ae6725?id=437b8eb3795b Requested by Host: www.ecom-sella.com URL: https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.234.4.38 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-34-234-4-38.compute-1.amazonaws.com Software / Resource Hash `c32297b537b1bc57610cdb591dfa54aa76e666383a194e4aa0a92500ad2273e4` Request headers Referer https://www.ecom-sella.com/it/pagam/swiftPayment/sesStep=InsD&reqTypeBuy=864/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 05 Jun 2019 15:04:22 GMT content-encoding gzip Connection keep-alive Content-Length 3704

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banca Sella (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.ecom-sella.com/	1970-01-19 18:48:25	Name: BX Value: 10qma89effmfm&b=3&s=np

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ecomm.sella.it
np.lexity.com
www.ecom-sella.com
213.218.53.1
34.234.4.38
67.195.197.75
377bbde16c41beb713154c2c290c5e4fad31dc9ecd5872ea863461143f1aa84b
3d2e986f8fda4fdc4f902fe5f0e68a9dfb63cf292ca442350bf095792adc188d
3e4f14e97b2e0b57670a79102e1ca94da829d4b02863a5c16c057a01acd81906
499c82ca6d88e978791ad761998f039d8132424d98ff78fb8bc47bb9b898e438
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55cc680096c147031170a3f5bc174ae7c721d8ec9c4a4495c1cff47ecd2fa9ab
78968380547ed62f00c1d115f573b73fd7c928bc3c418dbc2ea0934406edf912
80052e087c7689485037572a21818f76c1132d3f447b76e619a07bb6e77431d3
893899185a057e264b6b13635054edd3ae805c6abc2767a7ab79b361edc8f9c8
b60891683a77c7d51559ed6c50cc255dbd9ba52fead5a271384cbe3fe3144535
b7df3f607e2704502e16154beb52a35346a937ab5ccd276ccb288f0c5a7aad66
c32297b537b1bc57610cdb591dfa54aa76e666383a194e4aa0a92500ad2273e4
cd9d50c2ed2435774cb02b8f38f4292f40a3a54fb87a5a88b0819b6a1c1c6c32

www.ecom-sella.com Open in urlscan Pro 67.195.197.75 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

85 kBTransfer

85 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

1 Cookies

Indicators

www.ecom-sella.com Open in urlscan Pro
67.195.197.75 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

85 kB
Transfer

85 kB
Size

1
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!