guta.at
Open in
urlscan Pro
116.202.170.214
Malicious Activity!
Public Scan
Submitted URL: http://ikiztarim.com/wp-content/themes/Divi/core/core/
Effective URL: https://guta.at/wp-content/plugins/ohbgdec/Reservas24/
Submission: On December 07 via automatic, source openphish — Scanned from DE
Effective URL: https://guta.at/wp-content/plugins/ohbgdec/Reservas24/
Submission: On December 07 via automatic, source openphish — Scanned from DE
Summary
This website contacted 3 IPs
in 2 countries
across 3 domains to perform 32 HTTP transactions.
The main IP is 116.202.170.214, located in
Germany and
belongs to HETZNER-AS, DE.
The main domain is guta.at.
TLS certificate: Issued by R3 on November 26th 2022. Valid for: 3 months.
This is the only time guta.at was scanned on urlscan.io!
TLS certificate: Issued by R3 on November 26th 2022. Valid for: 3 months.
This is the only time guta.at was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banreservas (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 2 | 93.115.79.186 93.115.79.186 | 51559 (NETINTERN...) (NETINTERNET Netinternet Bilisim Teknolojileri AS) | |
| 28 | 116.202.170.214 116.202.170.214 | 24940 (HETZNER-AS) (HETZNER-AS) | |
| 32 | 3 |
2
93.115.79.186
(Turkey)
ASN51559 (NETINTERNET Netinternet Bilisim Teknolojileri AS, TR)
ASN51559 (NETINTERNET Netinternet Bilisim Teknolojileri AS, TR)
| ikiztarim.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 28 |
guta.at
guta.at |
360 KB |
| 2 |
ikiztarim.com
1 redirects
ikiztarim.com |
462 B |
| 0 |
banreservas.com.do
Failed
content.banreservas.com.do Failed |
|
| 32 | 3 |
| Domain | Requested by | |
|---|---|---|
| 28 | guta.at |
guta.at
|
| 2 | ikiztarim.com | 1 redirects |
| 0 | content.banreservas.com.do Failed |
guta.at
|
| 32 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.banreservas.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| ikiztarim.com R3 |
2022-12-06 - 2023-03-06 |
3 months | crt.sh |
| guta.at R3 |
2022-11-26 - 2023-02-24 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://guta.at/wp-content/plugins/ohbgdec/Reservas24/
Frame ID: 91110922393FCE80ECA26F6198D316F5
Requests: 29 HTTP requests in this frame
Frame:
https://content.banreservas.com.do/fp/check.js;CIS3SID=6F0E3E6F72366AA649850DC20A302D01?org_id=nit3rhl5&session_id=fdb5669f-5e8c-4270-bc36-92f9a4a15299&nonce=4529076c969a45df&jb=37392426687167773557696666677771246a7b6d3f556b666c6d757b253230313024627b60753f436a70676f6d266a7b6035436a706f656727303239383a
Frame ID: 19B73A29D2F1F01A72E075B418E91BF9
Requests: 3 HTTP requests in this frame
Screenshot
Page Title
BanreservasPage URL History Show full URLs
-
http://ikiztarim.com/wp-content/themes/Divi/core/core/
HTTP 301
https://ikiztarim.com/wp-content/themes/Divi/core/core/ Page URL
- https://guta.at/wp-content/plugins/ohbgdec/Reservas24/ Page URL
Detected technologies
WordPress
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /wp-(?:content|includes)/
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery-ui[.-]([\d.]*\d)[^/]*\.js
- jquery-ui.*\.js
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
URL: http://www.banreservas.com/
Title: Banreservas.com
Title: Banreservas.com
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://ikiztarim.com/wp-content/themes/Divi/core/core/
HTTP 301
https://ikiztarim.com/wp-content/themes/Divi/core/core/ Page URL
- https://guta.at/wp-content/plugins/ohbgdec/Reservas24/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://ikiztarim.com/wp-content/themes/Divi/core/core/ HTTP 301
- https://ikiztarim.com/wp-content/themes/Divi/core/core/
32 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
/
ikiztarim.com/wp-content/themes/Divi/core/core/ Redirect Chain
|
102 B 235 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
/
guta.at/wp-content/plugins/ohbgdec/Reservas24/ |
40 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-ui-1.8.9.custom.css
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
54 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dropkickddl.css
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Login.css
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
132 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
tags.js
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
49 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DataEntry.js
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
5 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-1.10.2.min.js
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
91 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.dropkickddl.js
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
24 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
VirtualKeyboard.js
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
66 B 291 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dimmingdiv.js
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
3 KB 1014 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-ui-1.8.9.custom.min.js
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
202 KB 47 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ui-load.js
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
2 KB 670 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.maskedinput-1.3.min.js
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.placeholder.js
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
img-close.gif
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
201 B 415 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
teclado_login_minusculas.png
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
teclado_virtual_chico_ac.gif
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
439 B 654 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
teclado_virtual_chico_bc.gif
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo-banreservas.png
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fondo_Banreservas.jpg
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
35 KB 35 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
teclado_login_minus_contras.png
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
teclado_login_mayus.png
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
teclado_login_mayus_contras.png
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
teclado_login_blanco.gif
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
312 B 527 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
row-down_menuSup.png
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
129 B 343 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
requerido_ban.png
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
159 B 373 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
OpenSans.woff
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
66 KB 66 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
profilepersonas.jpg
guta.at/wp-content/plugins/ohbgdec/Reservas24/index_archivos/ |
66 KB 66 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
check.js;CIS3SID=6F0E3E6F72366AA649850DC20A302D01
content.banreservas.com.do/fp/ Frame 19B7 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
clear.png
content.banreservas.com.do/fp/ Frame 19B7 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
clear.png
content.banreservas.com.do/fp/ Frame 19B7 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- content.banreservas.com.do
- URL
- https://content.banreservas.com.do/fp/check.js;CIS3SID=6F0E3E6F72366AA649850DC20A302D01?org_id=nit3rhl5&session_id=fdb5669f-5e8c-4270-bc36-92f9a4a15299&nonce=4529076c969a45df&jb=37392426687167773557696666677771246a7b6d3f556b666c6d757b253230313024627b60753f436a70676f6d266a7b6035436a706f656727303239383a
- Domain
- content.banreservas.com.do
- URL
- https://content.banreservas.com.do/fp/clear.png?org_id=nit3rhl5&session_id=fdb5669f-5e8c-4270-bc36-92f9a4a15299&nonce=4529076c969a45df&w=29da0e514c41056e&ck=0&m=1
- Domain
- content.banreservas.com.do
- URL
- https://content.banreservas.com.do/fp/clear.png?org_id=nit3rhl5&session_id=fdb5669f-5e8c-4270-bc36-92f9a4a15299&nonce=4529076c969a45df&ck=0&m=2
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banreservas (Banking)92 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| oncontentvisibilityautostatechange object| td_2r function| tmx_run_page_fingerprinting object| td_4R function| tmx_post_session_params_fixed boolean| tmx_profiling_started string| dateFormat object| theForm function| __doPostBack string| getControlFunction function| roundDecimals function| addAndRoundDecimals function| numbersonly function| dateNumbersOnly function| isValidDate function| isValidDateString function| isValidNumber function| isValidEmail function| textIsValid function| checkInvalidCharacters function| validCharactersOnly function| IsMaxLength function| MinMaxPanelControl function| $ function| jQuery object| ac function| SetActiveControl boolean| isMozilla object| objDiv string| originalDivHTML string| DivID boolean| over function| Show function| displayFloatingDiv function| hiddenFloatingDiv function| MouseDown function| MouseMove function| MouseUp function| init function| DP_jQuery_1670376095742 function| WebForm_OnSubmit function| msieversionPlaceHolder function| SetSecurityThrowAjax function| removeInvalidCharacters function| GetActiveControl undefined| w undefined| h undefined| t function| ActivateVirtualKeyboard function| CleanError function| SetFocusOn function| EnableAceptButton function| ClearErrorLabel object| tecladoMin object| tecladoMay boolean| opcionMay boolean| opcionCont string| imgTecladoMinusculas string| imgTecladoMinusculasContraste string| imgTecladoMayusculas string| imgTecladoMayusculasContraste string| imgTecladoBlanco function| change function| move function| mostrarImagenOnMouseUp function| pT function| pT1 function| introducirCaracter function| borrarCaracter function| getCajaSeleccionada function| mostrarImagenOnMouseDown function| cambiarContraste function| bloqMay function| mostrarImagen function| retornarValor function| rnd function| rand object| imagenMin object| imagenMinContraste object| imagenMay object| imagenMayContraste object| imagenBlanca function| RequestHandler object| Page_Validators object| ctl00_MainHolder_RequiredFieldValidator1 boolean| Page_ValidationActive function| ValidatorOnSubmit function| ValidatorOnChange function| msieversion function| beautifySelects function| ValidatorUpdateDisplay0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
content.banreservas.com.do
guta.at
ikiztarim.com
content.banreservas.com.do
116.202.170.214
93.115.79.186
02fe54b69ccfd76f3547aa5d392fc6bbbfee4ab0b6bfeaa719924277415143e7
14a07d25823f4119e1f55c6ef5a0696f98861baf113aef76519aad93f01a32c5
1f9b864c2e2d04cb0c6b608c163caba51faf1caf4c08535991774be2b6c08463
281f28a12b924dddeefe911572731e83d3fba8bcdf338896b958f577d0acab86
2b58867f2c8c9a1dca35cc178f42b630208c76590c1cb73bc42254eacaa85534
2c3f9b32db4693468680b1885bda07ebda69ede6b0e46b0679a805624c97bf69
3420d2c0fbc881fdce8e08aea8fde6c35fcdb02dbcc9ed70b20069a12bc0a88f
34dc2cf1ce3b5bc69ca3cf07eb15e197bbc4ac63dfc84c75d4a8a1b39f313663
3881c3d4a74c024164745d229bdb1476c66d633a97b80990f5e52ba808d3f586
44f227aef363166dca90a164f040dae160809c5c25c0f9a0606e62f06b522668
4db0b654f3d83e85b669c60ae37ad734cde96c66c75397034f755512f945e508
4dda414b80b752b29f1f12999f5dcad1571c8047eb9323394c6f576fe6b0b2c8
61a4823b920795b97e512d13d5529034ddec306cd59eb89c4c31ae25b4536933
6e927845707aea6b5c108bf5d57989dd9aaf16db414255a6d703b2eb232e1516
79340410e9f583c5037194e21c1643c484ae311c051e45ce0d7b7d2ad652b6a6
79b448af451a6cbe8dfbd21b54ee10a5a23be0a51fbf38dea2d9072957470965
8975db913583172d071fb4443b4e143eca5a91a3fc12360f8669ee98a8234916
8beee4e437b132a4385907975600e02ef003c3d1a1aa5a3204912a1b62ff0453
a2a147aed818d81267d1aeef5089bdd33eecbe27e15ffe4e263e93db1592ffab
a38787d5f496d69ac6a70f8055e6525388e9b71a64497a024bc4a5c820b2dc80
a440ca95c7db487f7525bfb07db98b84ebaead6d1b04e72f3f9f7db0b4ed7db1
ae52fe55f77adfc9834bdacb41e952aded1e1622dea2e42ef35cce53d6374f15
aec295435b78ea4406db6ad2440a5fff4aa28c41325a44d7e529bdf3c8270f55
c164d7efc93f0c103774d762189760eec7fbbf7955ce4857d81b46b9b6914b3d
db54e8d36a350be5699eae4ad123fbeb5a27fac0b90d1b2add7b14dc1a782a09
dbe6f66cc201d8295c331aafe6429e46ec26640feb4b95c6d0ff142992e13a89
dd2a63cd72110e84ba59d6b102179f1aac916692ab52f6cbb4c44a217d6264f6
eaadd00e36b0883a88d7185543007365204dac0824ae186666d1ae43aed2e4f4
fe640f52967c9e03a524ce5e21369203dca41289d748d9f36d93c911cd517eaf