![](/screenshots/51b37130-6793-4e29-a2b9-9c94e428e280.png)
sitta.org
Open in
urlscan Pro
184.168.139.1
Malicious Activity!
Public Scan
Effective URL: http://sitta.org/newsitta/modules/heel/job/uhc/
Submission: On October 15 via manual from US
Summary
This is the only time sitta.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UnitedHealth Group (Healthcare)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 95.142.253.44 95.142.253.44 | 39816 (VOLTA-AS) (VOLTA-AS) | |
11 | 184.168.139.1 184.168.139.1 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
5 | 2606:4700::68... 2606:4700::6811:4f6b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
17 | 3 |
ASN39816 (VOLTA-AS, PL)
PTR: 95-142-253-44.metrolink.pl
www.pkm.gda.pl |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: p3nlhg182c1182.shr.prod.phx3.secureserver.net
sitta.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
sitta.org
sitta.org |
123 KB |
5 |
cloudflare.com
cdnjs.cloudflare.com |
89 KB |
1 |
gda.pl
www.pkm.gda.pl |
567 B |
17 | 3 |
Domain | Requested by | |
---|---|---|
11 | sitta.org |
sitta.org
|
5 | cdnjs.cloudflare.com |
sitta.org
|
1 | www.pkm.gda.pl | |
17 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cdnjs.cloudflare.com DigiCert ECC Secure Server CA |
2020-08-12 - 2022-08-17 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://sitta.org/newsitta/modules/heel/job/uhc/
Frame ID: 501275E11C9C601710EAD7450FEFF74F
Requests: 17 HTTP requests in this frame
Screenshot
![](/screenshots/51b37130-6793-4e29-a2b9-9c94e428e280.png)
Page URL History Show full URLs
- http://www.pkm.gda.pl/modules/mude/ Page URL
- http://sitta.org/newsitta/modules/heel/job/uhc/ Page URL
Detected technologies
![](/vendor/wappa/icons/Debian.png)
Detected patterns
- headers server /Debian/i
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://www.pkm.gda.pl/modules/mude/ Page URL
- http://sitta.org/newsitta/modules/heel/job/uhc/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
www.pkm.gda.pl/modules/mude/ |
314 B 567 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
sitta.org/newsitta/modules/heel/job/uhc/ |
39 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
App-UHOne.css
sitta.org/newsitta/modules/heel/job/uhc/assets/files/ |
527 KB 62 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/ |
256 KB 64 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.validate.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/ |
45 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
additional-methods.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/ |
38 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.maskedinput.js
cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/ |
10 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.payment.js
cdnjs.cloudflare.com/ajax/libs/jquery.payment/1.3.2/ |
17 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ajax-loader.gif
sitta.org/newsitta/modules/heel/job/uhc/assets/files/ |
8 KB 9 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
a.jfif
sitta.org/newsitta/modules/heel/job/uhc/assets/files/ |
30 KB 30 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FileAttachment.svg
sitta.org/newsitta/modules/heel/job/uhc/assets/files/ |
691 B 963 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
a.png
sitta.org/newsitta/modules/heel/job/uhc/assets/files/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
comodo_secure_seal_113x59_transp.png
sitta.org/newsitta/modules/heel/job/uhc/assets/files/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
UHCSans-Medium.woff
sitta.org/newsitta/modules/heel/job/uhc/fonts/UHCfonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
UHCSans-Regular.woff
sitta.org/newsitta/modules/heel/job/uhc/fonts/UHCfonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
UHCSans-Medium.ttf
sitta.org/newsitta/modules/heel/job/uhc/fonts/UHCfonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
UHCSans-Regular.ttf
sitta.org/newsitta/modules/heel/job/uhc/fonts/UHCfonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UnitedHealth Group (Healthcare)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| $ function| jQuery function| ForwardValues function| movetoNext0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
sitta.org
www.pkm.gda.pl
184.168.139.1
2606:4700::6811:4f6b
95.142.253.44
1d95e0e21c160558eb3d2bacd76779048cb600cc04e15264e0835f4f86b4b375
24c94b4ab339a9c7c23474bcef3443422d2b99b5d8d2d7d3911296c3ffef4cf2
2aecc3e7494318d2398eafe2a6de21c03a52264ddf86c7934758ddbda06864bb
3c9b6207b502891d16f29e370ff22a36091d5b39f2641434f215056c1dffe5ba
60499c4335239d51fa6ef40bd909ba8e62a2a468b16b74f0fd9fadac1eee4bbf
61d0a490839296c0c000ad4319b72461bf138de5e97623158665ede3daf09636
6d946fe6362153bf44e6e81fc4514aa011f2aed3028457a661eb9509b2d3aa71
705beaae11c07177f4e5948f20640c6f9a1552f1602ac51f83b5e181edd5d511
78f27c3d7cb5d766466703adc7f7ad7706b7fb05514eec39be0aa253449bd0f8
7ef14a1e070a6a2ec9ff44ccf5e923cb2a460c5861a3db8a9ae1e21557d27020
9801a648d331baef84577c7fa5a18bdfff5fdf682ed9d1d3a8e36b976e5e2d38
ab0b7b542e351cb3cbebeabc7c9bf9a4c0cb821d9d93307002e6a1b3c84f1699
d8c95fcdd1ff338e621f55dee7f021596d651f80d8d9fb6dae6bfb60fafbb58d