id-portale-gruppocreval.com Open in urlscan Pro
198.54.114.222 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://id-portale-gruppocreval.com/
Effective URL:
https://id-portale-gruppocreval.com/index
Submission: On July 06 via manual (July 6th 2021, 2:49:21 pm UTC) from IT

Summary HTTP 17 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 17 HTTP transactions. The main IP is 198.54.114.222, located in United States and belongs to NAMECHEAP-NET, US. The main domain is id-portale-gruppocreval.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 6th 2021. Valid for: a year.

This is the only time id-portale-gruppocreval.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Creval (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 11	198.54.114.222 198.54.114.222	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1	23.23.104.250 23.23.104.250	14618 (AMAZON-AES) (AMAZON-AES)
6	185.95.241.20 185.95.241.20	28791 (ASN-CREVA...) (ASN-CREVAL societa del Gruppo Credito Valtellinese)
17	3

11 198.54.114.222 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: server215-1.web-hosting.com

id-portale-gruppocreval.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.23.104.250 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-23-104-250.compute-1.amazonaws.com

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.95.241.20 (Tirano, Italy)

ASN28791 (ASN-CREVAL societa del Gruppo Credito Valtellinese, IT)

www.creval.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	id-portale-gruppocreval.com 1 redirects id-portale-gruppocreval.com	393 KB
6	creval.it www.creval.it	136 KB
1	ipify.org api.ipify.org	266 B
17	3

	Domain	Requested by
11	id-portale-gruppocreval.com	1 redirects id-portale-gruppocreval.com
6	www.creval.it	id-portale-gruppocreval.com
1	api.ipify.org	id-portale-gruppocreval.com
17	3

This site contains links to these domains. Also see Links.

Domain
www.creval.it

Subject Issuer	Validity	Valid
id-portale-gruppocreval.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-06` - `2022-07-06`	a year	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2021-01-19` - `2022-02-19`	a year	crt.sh
*.creval.it GeoTrust RSA CA 2018	`2020-02-06` - `2022-05-07`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://id-portale-gruppocreval.com/index
Frame ID: 1C0F598619B3AB5084BE5A32549B3959
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://id-portale-gruppocreval.com/ HTTP 302
https://id-portale-gruppocreval.com/index Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

529 kB
Transfer

1305 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.creval.it/bancaperta#/
Title: Creval

Search URL Search Domain Scan URL

URL: https://www.creval.it/bancaperta
Title:

Search URL Search Domain Scan URL

URL: https://www.creval.it/
Title: Vai a Creval.it

Search URL Search Domain Scan URL

URL: https://www.creval.it/bancaperta#/BloccoCarte
Title: Blocca la tua carta

Search URL Search Domain Scan URL

URL: https://www.creval.it/bancaperta#/Bancaperta/Auth/pass/login/
Title: Login

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://id-portale-gruppocreval.com/ HTTP 302
https://id-portale-gruppocreval.com/index Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index Show response id-portale-gruppocreval.com/ Redirect Chain https://id-portale-gruppocreval.com/ https://id-portale-gruppocreval.com/index	49 KB 8 KB	181ms 180ms	Document text/html	198.54.114.222 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://id-portale-gruppocreval.com/index Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.114.222 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server215-1.web-hosting.com Software Apache / Express, Phusion Passenger Resource Hash `d7c0c6bcac0513618ccbed1aac15b17cfa4915ae283b6cce63664924fbc8ef6a` Request headers :method GET :authority id-portale-gruppocreval.com :scheme https :path /index pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Jul 2021 14:48:59 GMT server Apache x-powered-by Express, Phusion Passenger status 200 OK accept-ranges none vary Accept-Encoding content-encoding gzip content-length 8344 content-type text/html; charset=utf-8 Redirect headers date Tue, 06 Jul 2021 14:48:59 GMT server Apache x-powered-by Express, Phusion Passenger vary Accept location /index content-length 56 status 302 Found content-type text/html; charset=utf-8
GET H2	200	cssFontsBundle.css id-portale-gruppocreval.com/login_files/	79 KB 37 KB	169ms 168ms	Stylesheet text/css	198.54.114.222 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://id-portale-gruppocreval.com/login_files/cssFontsBundle.css Requested by Host: id-portale-gruppocreval.com URL: https://id-portale-gruppocreval.com/index Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.114.222 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server215-1.web-hosting.com Software Apache / Express, Phusion Passenger Resource Hash `1e6edb47f2d573cb5fede69caae463c3e88a3b18479926c330a2d52cb66a1a2d` Request headers :path /login_files/cssFontsBundle.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority id-portale-gruppocreval.com referer https://id-portale-gruppocreval.com/index :scheme https sec-fetch-site same-origin :method GET Referer https://id-portale-gruppocreval.com/index User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Jul 2021 14:48:59 GMT content-encoding gzip last-modified Tue, 06 Jul 2021 13:54:20 GMT server Apache x-powered-by Express, Phusion Passenger vary Accept-Encoding content-type text/css; charset=UTF-8 status 200 OK cache-control public, max-age=0 accept-ranges bytes none
GET H2	200	externalcss.css id-portale-gruppocreval.com/login_files/	297 KB 41 KB	621ms 620ms	Stylesheet text/css	198.54.114.222 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://id-portale-gruppocreval.com/login_files/externalcss.css Requested by Host: id-portale-gruppocreval.com URL: https://id-portale-gruppocreval.com/index Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.114.222 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server215-1.web-hosting.com Software Apache / Express, Phusion Passenger Resource Hash `631bbd6522e4bceef24fdda20ae03a440543f7c66801db28ebca1e76144cf20c` Request headers :path /login_files/externalcss.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority id-portale-gruppocreval.com referer https://id-portale-gruppocreval.com/index :scheme https sec-fetch-site same-origin :method GET Referer https://id-portale-gruppocreval.com/index User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Jul 2021 14:48:59 GMT content-encoding gzip last-modified Tue, 06 Jul 2021 13:54:23 GMT server Apache x-powered-by Express, Phusion Passenger vary Accept-Encoding content-type text/css; charset=UTF-8 status 200 OK cache-control public, max-age=0 accept-ranges bytes none content-length 41767
GET H2	200	jquery-latest.min.js Show response id-portale-gruppocreval.com/cdn/	94 KB 33 KB	469ms 469ms	Script application/javascript	198.54.114.222 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://id-portale-gruppocreval.com/cdn/jquery-latest.min.js Requested by Host: id-portale-gruppocreval.com URL: https://id-portale-gruppocreval.com/index Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.114.222 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server215-1.web-hosting.com Software Apache / Express, Phusion Passenger Resource Hash `540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441` Request headers :path /cdn/jquery-latest.min.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority id-portale-gruppocreval.com referer https://id-portale-gruppocreval.com/index :scheme https sec-fetch-site same-origin :method GET Referer https://id-portale-gruppocreval.com/index User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Jul 2021 14:48:59 GMT content-encoding gzip etag W/"1762a-17a7c18c461-gzip" last-modified Tue, 06 Jul 2021 13:53:55 GMT server Apache x-powered-by Express, Phusion Passenger vary Accept-Encoding content-type application/javascript; charset=UTF-8 status 200 OK cache-control public, max-age=0 accept-ranges bytes content-length 33225
GET H2	200	struttura.css id-portale-gruppocreval.com/login_files/	447 KB 67 KB	770ms 770ms	Stylesheet text/css	198.54.114.222 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://id-portale-gruppocreval.com/login_files/struttura.css Requested by Host: id-portale-gruppocreval.com URL: https://id-portale-gruppocreval.com/index Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.114.222 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server215-1.web-hosting.com Software Apache / Express, Phusion Passenger Resource Hash `74047b209b998a46c9d16f944f6c48e07dddddeba4faca2d74ecde20262b33c1` Request headers :path /login_files/struttura.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority id-portale-gruppocreval.com referer https://id-portale-gruppocreval.com/index :scheme https sec-fetch-site same-origin :method GET Referer https://id-portale-gruppocreval.com/index User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Jul 2021 14:48:59 GMT content-encoding gzip etag W/"6fdd0-17a7c1991b1-gzip" last-modified Tue, 06 Jul 2021 13:54:48 GMT server Apache x-powered-by Express, Phusion Passenger vary Accept-Encoding content-type text/css; charset=UTF-8 status 200 OK cache-control public, max-age=0 accept-ranges bytes
GET H2	200	avatar-male.png id-portale-gruppocreval.com/login_files/	1 KB 2 KB	164ms 163ms	Image image/png	198.54.114.222 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://id-portale-gruppocreval.com/login_files/avatar-male.png Requested by Host: id-portale-gruppocreval.com URL: https://id-portale-gruppocreval.com/index Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.114.222 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server215-1.web-hosting.com Software Apache / Express, Phusion Passenger Resource Hash `7bcd678a8f915c50681ff5a8dccc301bb231ce441317c00eec960ea821333acf` Request headers :path /login_files/avatar-male.png pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority id-portale-gruppocreval.com referer https://id-portale-gruppocreval.com/index :scheme https sec-fetch-site same-origin :method GET Referer https://id-portale-gruppocreval.com/index User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Jul 2021 14:49:00 GMT etag W/"5b0-17a7c191977" last-modified Tue, 06 Jul 2021 13:54:17 GMT server Apache x-powered-by Express, Phusion Passenger content-type image/png status 200 OK cache-control public, max-age=0 accept-ranges bytes content-length 1456
GET H2	200	ScaVideoBancaperta.jpg id-portale-gruppocreval.com/login_files/	80 KB 80 KB	163ms 163ms	Image image/jpeg	198.54.114.222 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://id-portale-gruppocreval.com/login_files/ScaVideoBancaperta.jpg Requested by Host: id-portale-gruppocreval.com URL: https://id-portale-gruppocreval.com/index Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.114.222 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server215-1.web-hosting.com Software Apache / Express, Phusion Passenger Resource Hash `f0b98720126e9e215d86e1534599f9e04ecaf59092100918e32e5e96dcc76bd0` Request headers :path /login_files/ScaVideoBancaperta.jpg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority id-portale-gruppocreval.com referer https://id-portale-gruppocreval.com/index :scheme https sec-fetch-site same-origin :method GET Referer https://id-portale-gruppocreval.com/index User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Jul 2021 14:49:00 GMT etag W/"14017-17a7c198b2f" last-modified Tue, 06 Jul 2021 13:54:46 GMT server Apache x-powered-by Express, Phusion Passenger content-type image/jpeg status 200 OK cache-control public, max-age=0 accept-ranges bytes content-length 81943
GET H/1.1	200 OK	/ Show response api.ipify.org/	22 B 266 B	429ms 119ms	XHR application/json	23.23.104.250 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/?format=json Requested by Host: id-portale-gruppocreval.com URL: https://id-portale-gruppocreval.com/cdn/jquery-latest.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.23.104.250 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-23-104-250.compute-1.amazonaws.com Software Cowboy / Resource Hash `f669a7bc4831dac7164bae603e2ef563a1f3e5b6b96d1b530b96fa50790b97aa` Request headers Accept application/json, text/javascript, /; q=0.01 Referer https://id-portale-gruppocreval.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 06 Jul 2021 14:49:01 GMT Via 1.1 vegur Server Cowboy Vary Origin Content-Type application/json Access-Control-Allow-Origin https://id-portale-gruppocreval.com Connection keep-alive Content-Length 22
GET H/1.1	200 OK	bg-desktop.jpg www.creval.it/Bancaperta/content/gruppi/A/images/	36 KB 37 KB	115ms 25ms	Image image/jpeg	185.95.241.20 ASN-CREVAL societ...
General Check archive.org Show headers Download Go to Show image Full URL https://www.creval.it/Bancaperta/content/gruppi/A/images/bg-desktop.jpg?_v=20191203 Requested by Host: id-portale-gruppocreval.com URL: https://id-portale-gruppocreval.com/login_files/struttura.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.95.241.20 Tirano, Italy, ASN28791 (ASN-CREVAL societa del Gruppo Credito Valtellinese, IT), Reverse DNS Software / Resource Hash `4c20a433bdc35ad3b418c9b54bfbd07e5b026bd6169bb3a00433cdb8c0a48b91` Request headers Referer https://id-portale-gruppocreval.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 06 Jul 2021 14:49:01 GMT Last-Modified Wed, 02 Oct 2019 13:59:49 GMT ETag "eee17a82979d51:0" Vary Accept-Encoding Content-Type image/jpeg Transfer-Encoding chunked Server-Timing dtRpid;desc="-1029045856" Accept-Ranges bytes
GET H/1.1	200 OK	logo.png www.creval.it/Bancaperta/content/gruppi/A/images/	4 KB 5 KB	116ms 23ms	Image image/png	185.95.241.20 ASN-CREVAL societ...
General Check archive.org Show headers Download Go to Show image Full URL https://www.creval.it/Bancaperta/content/gruppi/A/images/logo.png?_v=20191203 Requested by Host: id-portale-gruppocreval.com URL: https://id-portale-gruppocreval.com/login_files/struttura.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.95.241.20 Tirano, Italy, ASN28791 (ASN-CREVAL societa del Gruppo Credito Valtellinese, IT), Reverse DNS Software / Resource Hash `6cdd4285a744254c33082598175774508c638c7491569087b3c4b884f3d8f780` Request headers Referer https://id-portale-gruppocreval.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 06 Jul 2021 14:49:01 GMT Last-Modified Wed, 02 Oct 2019 13:59:49 GMT ETag "7bd5da82979d51:0" Vary Accept-Encoding Content-Type image/png Transfer-Encoding chunked Server-Timing dtRpid;desc="385138166" Accept-Ranges bytes
GET H2	200	bariol_bold.woff id-portale-gruppocreval.com/login_files/content/fonts/bariol/	68 KB 69 KB	169ms 169ms	Font font/woff	198.54.114.222 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://id-portale-gruppocreval.com/login_files/content/fonts/bariol/bariol_bold.woff Requested by Host: id-portale-gruppocreval.com URL: https://id-portale-gruppocreval.com/login_files/cssFontsBundle.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.114.222 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server215-1.web-hosting.com Software Apache / Express, Phusion Passenger Resource Hash `b69a5f8feca8100f961635ba6919d00b067956d0289a41c9cc0830da2525d1b1` Request headers :path /login_files/content/fonts/bariol/bariol_bold.woff pragma no-cache origin https://id-portale-gruppocreval.com accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept / cache-control no-cache sec-fetch-dest font :authority id-portale-gruppocreval.com referer https://id-portale-gruppocreval.com/login_files/cssFontsBundle.css :scheme https sec-fetch-site same-origin :method GET Origin https://id-portale-gruppocreval.com Referer https://id-portale-gruppocreval.com/login_files/cssFontsBundle.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Jul 2021 14:49:00 GMT etag W/"11174-17a7c19d943" last-modified Tue, 06 Jul 2021 13:55:06 GMT server Apache x-powered-by Express, Phusion Passenger content-type font/woff status 200 OK cache-control public, max-age=0 accept-ranges bytes content-length 70004
GET H/1.1	200 OK	sprite-icone-common-light.png www.creval.it/Bancaperta/content/gruppi/A/images/	27 KB 28 KB	113ms 26ms	Image image/png	185.95.241.20 ASN-CREVAL societ...
General Check archive.org Show headers Download Go to Show image Full URL https://www.creval.it/Bancaperta/content/gruppi/A/images/sprite-icone-common-light.png?_v=20191203 Requested by Host: id-portale-gruppocreval.com URL: https://id-portale-gruppocreval.com/login_files/struttura.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.95.241.20 Tirano, Italy, ASN28791 (ASN-CREVAL societa del Gruppo Credito Valtellinese, IT), Reverse DNS Software / Resource Hash `89e94c5911474ea02c12e50f215e6ee6b589b69058c5b110259fbd5338e8f751` Request headers Referer https://id-portale-gruppocreval.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 06 Jul 2021 14:49:01 GMT Last-Modified Mon, 01 Mar 2021 11:53:55 GMT ETag "8ea25a8e91ed71:0" Vary Accept-Encoding Content-Type image/png Transfer-Encoding chunked Server-Timing dtRpid;desc="-1122702227" Accept-Ranges bytes
GET H/1.1	200 OK	social-icons.png www.creval.it/Bancaperta/content/gruppi/A/images/	3 KB 3 KB	109ms 22ms	Image image/png	185.95.241.20 ASN-CREVAL societ...
General Check archive.org Show headers Download Go to Show image Full URL https://www.creval.it/Bancaperta/content/gruppi/A/images/social-icons.png?_v=20191203 Requested by Host: id-portale-gruppocreval.com URL: https://id-portale-gruppocreval.com/login_files/struttura.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.95.241.20 Tirano, Italy, ASN28791 (ASN-CREVAL societa del Gruppo Credito Valtellinese, IT), Reverse DNS Software / Resource Hash `eeeae5e569dfbedb28511bde16037be362a0489f8f5e0b5b0b9947df3bf48d81` Request headers Referer https://id-portale-gruppocreval.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 06 Jul 2021 14:49:01 GMT Last-Modified Mon, 24 Feb 2020 13:08:29 GMT ETag "b578c48113ebd51:0" Vary Accept-Encoding Content-Type image/png Transfer-Encoding chunked Server-Timing dtRpid;desc="2137011234" Accept-Ranges bytes
GET H/1.1	200 OK	sprite-icone-impostazioni-light.png www.creval.it/Bancaperta/content/gruppi/A/images/	46 KB 47 KB	113ms 25ms	Image image/png	185.95.241.20 ASN-CREVAL societ...
General Check archive.org Show headers Download Go to Show image Full URL https://www.creval.it/Bancaperta/content/gruppi/A/images/sprite-icone-impostazioni-light.png?_v=20191203 Requested by Host: id-portale-gruppocreval.com URL: https://id-portale-gruppocreval.com/login_files/struttura.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.95.241.20 Tirano, Italy, ASN28791 (ASN-CREVAL societa del Gruppo Credito Valtellinese, IT), Reverse DNS Software / Resource Hash `ebe5a806c23b8a6a30b7eef33a53a38653af72299748ca2a0cb302ba0048440e` Request headers Referer https://id-portale-gruppocreval.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 06 Jul 2021 14:49:01 GMT Last-Modified Wed, 02 Oct 2019 13:59:49 GMT ETag "7b501ea82979d51:0" Vary Accept-Encoding Content-Type image/png Transfer-Encoding chunked Server-Timing dtRpid;desc="1203382164" Accept-Ranges bytes
GET H/1.1	200 OK	sprite.png www.creval.it/Bancaperta/content/gruppi/A/images/	16 KB 17 KB	116ms 29ms	Image image/png	185.95.241.20 ASN-CREVAL societ...
General Check archive.org Show headers Download Go to Show image Full URL https://www.creval.it/Bancaperta/content/gruppi/A/images/sprite.png?_v=20191203 Requested by Host: id-portale-gruppocreval.com URL: https://id-portale-gruppocreval.com/login_files/struttura.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.95.241.20 Tirano, Italy, ASN28791 (ASN-CREVAL societa del Gruppo Credito Valtellinese, IT), Reverse DNS Software / Resource Hash `b17e93dca7c050557c9268feb4b1ccb81f26ac05b0aaf7bd0368ed71242fb3d3` Request headers Referer https://id-portale-gruppocreval.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 06 Jul 2021 14:49:01 GMT Last-Modified Wed, 02 Oct 2019 13:59:49 GMT ETag "c12c13a82979d51:0" Vary Accept-Encoding Content-Type image/png Transfer-Encoding chunked Server-Timing dtRpid;desc="-196308659" Accept-Ranges bytes
GET H2	200	bariol_regular.woff id-portale-gruppocreval.com/login_files/content/fonts/bariol/	38 KB 39 KB	278ms 277ms	Font font/woff	198.54.114.222 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://id-portale-gruppocreval.com/login_files/content/fonts/bariol/bariol_regular.woff Requested by Host: id-portale-gruppocreval.com URL: https://id-portale-gruppocreval.com/login_files/cssFontsBundle.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.114.222 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server215-1.web-hosting.com Software Apache / Express, Phusion Passenger Resource Hash `5b93e4b2ec733e15c6c61a02684777b6b15d6437b58bb8908a4e291f6aeaa9bb` Request headers :path /login_files/content/fonts/bariol/bariol_regular.woff pragma no-cache origin https://id-portale-gruppocreval.com accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept / cache-control no-cache sec-fetch-dest font :authority id-portale-gruppocreval.com referer https://id-portale-gruppocreval.com/login_files/cssFontsBundle.css :scheme https sec-fetch-site same-origin :method GET Origin https://id-portale-gruppocreval.com Referer https://id-portale-gruppocreval.com/login_files/cssFontsBundle.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Jul 2021 14:49:00 GMT etag W/"9964-17a7c19e013" last-modified Tue, 06 Jul 2021 13:55:08 GMT server Apache x-powered-by Express, Phusion Passenger content-type font/woff status 200 OK cache-control public, max-age=0 accept-ranges bytes content-length 39268
GET H2	200	glyphicons-halflings-regular.woff2 id-portale-gruppocreval.com/login_files/content/fonts/glyphicons-halflings/	18 KB 18 KB	302ms 302ms	Font font/woff2	198.54.114.222 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://id-portale-gruppocreval.com/login_files/content/fonts/glyphicons-halflings/glyphicons-halflings-regular.woff2 Requested by Host: id-portale-gruppocreval.com URL: https://id-portale-gruppocreval.com/login_files/cssFontsBundle.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.114.222 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server215-1.web-hosting.com Software Apache / Express, Phusion Passenger Resource Hash `fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c` Request headers :path /login_files/content/fonts/glyphicons-halflings/glyphicons-halflings-regular.woff2 pragma no-cache origin https://id-portale-gruppocreval.com accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept / cache-control no-cache sec-fetch-dest font :authority id-portale-gruppocreval.com referer https://id-portale-gruppocreval.com/login_files/cssFontsBundle.css :scheme https sec-fetch-site same-origin :method GET Origin https://id-portale-gruppocreval.com Referer https://id-portale-gruppocreval.com/login_files/cssFontsBundle.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Jul 2021 14:49:00 GMT etag W/"466c-17a7c19f579" last-modified Tue, 06 Jul 2021 13:55:13 GMT server Apache x-powered-by Express, Phusion Passenger content-type font/woff2 status 200 OK cache-control public, max-age=0 accept-ranges bytes content-length 18028

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Creval (Banking)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
id-portale-gruppocreval.com
www.creval.it
185.95.241.20
198.54.114.222
23.23.104.250
1e6edb47f2d573cb5fede69caae463c3e88a3b18479926c330a2d52cb66a1a2d
4c20a433bdc35ad3b418c9b54bfbd07e5b026bd6169bb3a00433cdb8c0a48b91
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
5b93e4b2ec733e15c6c61a02684777b6b15d6437b58bb8908a4e291f6aeaa9bb
631bbd6522e4bceef24fdda20ae03a440543f7c66801db28ebca1e76144cf20c
6cdd4285a744254c33082598175774508c638c7491569087b3c4b884f3d8f780
74047b209b998a46c9d16f944f6c48e07dddddeba4faca2d74ecde20262b33c1
7bcd678a8f915c50681ff5a8dccc301bb231ce441317c00eec960ea821333acf
89e94c5911474ea02c12e50f215e6ee6b589b69058c5b110259fbd5338e8f751
b17e93dca7c050557c9268feb4b1ccb81f26ac05b0aaf7bd0368ed71242fb3d3
b69a5f8feca8100f961635ba6919d00b067956d0289a41c9cc0830da2525d1b1
d7c0c6bcac0513618ccbed1aac15b17cfa4915ae283b6cce63664924fbc8ef6a
ebe5a806c23b8a6a30b7eef33a53a38653af72299748ca2a0cb302ba0048440e
eeeae5e569dfbedb28511bde16037be362a0489f8f5e0b5b0b9947df3bf48d81
f0b98720126e9e215d86e1534599f9e04ecaf59092100918e32e5e96dcc76bd0
f669a7bc4831dac7164bae603e2ef563a1f3e5b6b96d1b530b96fa50790b97aa
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

id-portale-gruppocreval.com Open in urlscan Pro 198.54.114.222 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

529 kBTransfer

1305 kBSize

0 Cookies

5 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

0 Cookies

Indicators

id-portale-gruppocreval.com Open in urlscan Pro
198.54.114.222 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

529 kB
Transfer

1305 kB
Size

0
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!