id-portale-gruppocreval.com
Open in
urlscan Pro
198.54.114.222
Malicious Activity!
Public Scan
Effective URL: https://id-portale-gruppocreval.com/index
Submission: On July 06 via manual from IT
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 6th 2021. Valid for: a year.
This is the only time id-portale-gruppocreval.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Creval (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 11 | 198.54.114.222 198.54.114.222 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 23.23.104.250 23.23.104.250 | 14618 (AMAZON-AES) (AMAZON-AES) | |
6 | 185.95.241.20 185.95.241.20 | 28791 (ASN-CREVA...) (ASN-CREVAL societa del Gruppo Credito Valtellinese) | |
17 | 3 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server215-1.web-hosting.com
id-portale-gruppocreval.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-23-23-104-250.compute-1.amazonaws.com
api.ipify.org |
ASN28791 (ASN-CREVAL societa del Gruppo Credito Valtellinese, IT)
www.creval.it |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
id-portale-gruppocreval.com
1 redirects
id-portale-gruppocreval.com |
393 KB |
6 |
creval.it
www.creval.it |
136 KB |
1 |
ipify.org
api.ipify.org |
266 B |
17 | 3 |
Domain | Requested by | |
---|---|---|
11 | id-portale-gruppocreval.com |
1 redirects
id-portale-gruppocreval.com
|
6 | www.creval.it |
id-portale-gruppocreval.com
|
1 | api.ipify.org |
id-portale-gruppocreval.com
|
17 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.creval.it |
Subject Issuer | Validity | Valid | |
---|---|---|---|
id-portale-gruppocreval.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-06 - 2022-07-06 |
a year | crt.sh |
*.ipify.org Sectigo RSA Domain Validation Secure Server CA |
2021-01-19 - 2022-02-19 |
a year | crt.sh |
*.creval.it GeoTrust RSA CA 2018 |
2020-02-06 - 2022-05-07 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://id-portale-gruppocreval.com/index
Frame ID: 1C0F598619B3AB5084BE5A32549B3959
Requests: 17 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://id-portale-gruppocreval.com/
HTTP 302
https://id-portale-gruppocreval.com/index Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Creval
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Vai a Creval.it
Search URL Search Domain Scan URL
Title: Blocca la tua carta
Search URL Search Domain Scan URL
Title: Login
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://id-portale-gruppocreval.com/
HTTP 302
https://id-portale-gruppocreval.com/index Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index
id-portale-gruppocreval.com/ Redirect Chain
|
49 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cssFontsBundle.css
id-portale-gruppocreval.com/login_files/ |
79 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
externalcss.css
id-portale-gruppocreval.com/login_files/ |
297 KB 41 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-latest.min.js
id-portale-gruppocreval.com/cdn/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
struttura.css
id-portale-gruppocreval.com/login_files/ |
447 KB 67 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
avatar-male.png
id-portale-gruppocreval.com/login_files/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ScaVideoBancaperta.jpg
id-portale-gruppocreval.com/login_files/ |
80 KB 80 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api.ipify.org/ |
22 B 266 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg-desktop.jpg
www.creval.it/Bancaperta/content/gruppi/A/images/ |
36 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
www.creval.it/Bancaperta/content/gruppi/A/images/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bariol_bold.woff
id-portale-gruppocreval.com/login_files/content/fonts/bariol/ |
68 KB 69 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite-icone-common-light.png
www.creval.it/Bancaperta/content/gruppi/A/images/ |
27 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social-icons.png
www.creval.it/Bancaperta/content/gruppi/A/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite-icone-impostazioni-light.png
www.creval.it/Bancaperta/content/gruppi/A/images/ |
46 KB 47 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite.png
www.creval.it/Bancaperta/content/gruppi/A/images/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bariol_regular.woff
id-portale-gruppocreval.com/login_files/content/fonts/bariol/ |
38 KB 39 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
glyphicons-halflings-regular.woff2
id-portale-gruppocreval.com/login_files/content/fonts/glyphicons-halflings/ |
18 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Creval (Banking)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| getMobileOperatingSystem0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.ipify.org
id-portale-gruppocreval.com
www.creval.it
185.95.241.20
198.54.114.222
23.23.104.250
1e6edb47f2d573cb5fede69caae463c3e88a3b18479926c330a2d52cb66a1a2d
4c20a433bdc35ad3b418c9b54bfbd07e5b026bd6169bb3a00433cdb8c0a48b91
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
5b93e4b2ec733e15c6c61a02684777b6b15d6437b58bb8908a4e291f6aeaa9bb
631bbd6522e4bceef24fdda20ae03a440543f7c66801db28ebca1e76144cf20c
6cdd4285a744254c33082598175774508c638c7491569087b3c4b884f3d8f780
74047b209b998a46c9d16f944f6c48e07dddddeba4faca2d74ecde20262b33c1
7bcd678a8f915c50681ff5a8dccc301bb231ce441317c00eec960ea821333acf
89e94c5911474ea02c12e50f215e6ee6b589b69058c5b110259fbd5338e8f751
b17e93dca7c050557c9268feb4b1ccb81f26ac05b0aaf7bd0368ed71242fb3d3
b69a5f8feca8100f961635ba6919d00b067956d0289a41c9cc0830da2525d1b1
d7c0c6bcac0513618ccbed1aac15b17cfa4915ae283b6cce63664924fbc8ef6a
ebe5a806c23b8a6a30b7eef33a53a38653af72299748ca2a0cb302ba0048440e
eeeae5e569dfbedb28511bde16037be362a0489f8f5e0b5b0b9947df3bf48d81
f0b98720126e9e215d86e1534599f9e04ecaf59092100918e32e5e96dcc76bd0
f669a7bc4831dac7164bae603e2ef563a1f3e5b6b96d1b530b96fa50790b97aa
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c