![](/screenshots/92c1e5b0-7bad-4f32-bc39-23f220e0bf07.png)
oqenbahk.es-redirect.site
Open in
urlscan Pro
2a06:98c1:3120::c
Malicious Activity!
Public Scan
Submission: On August 11 via manual from IT — Scanned from ES
Summary
This is the only time oqenbahk.es-redirect.site was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Unicredit (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 2a06:98c1:312... 2a06:98c1:3120::c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 95.101.23.58 95.101.23.58 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2.23.97.113 2.23.97.113 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
16 | 5 |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-23-58.deploy.static.akamaitechnologies.com
cz.unicreditbanking.eu |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-23-97-113.deploy.static.akamaitechnologies.com
www.unicreditbank.cz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
es-redirect.site
oqenbahk.es-redirect.site |
542 KB |
2 |
unicreditbanking.eu
cz.unicreditbanking.eu |
7 KB |
1 |
unicreditbank.cz
www.unicreditbank.cz |
59 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 267 |
31 KB |
16 | 4 |
Domain | Requested by | |
---|---|---|
12 | oqenbahk.es-redirect.site |
oqenbahk.es-redirect.site
ajax.googleapis.com |
2 | cz.unicreditbanking.eu |
oqenbahk.es-redirect.site
|
1 | www.unicreditbank.cz |
oqenbahk.es-redirect.site
|
1 | ajax.googleapis.com |
oqenbahk.es-redirect.site
|
16 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.unicreditbank.cz |
Subject Issuer | Validity | Valid | |
---|---|---|---|
upload.video.google.com GTS CA 1C3 |
2022-07-18 - 2022-10-10 |
3 months | crt.sh |
unicreditbanking.eu Actalis Organization Validated Server CA G3 |
2022-03-21 - 2023-03-21 |
a year | crt.sh |
unicredit.eu Actalis Organization Validated Server CA G3 |
2022-05-12 - 2023-05-12 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
http://oqenbahk.es-redirect.site/
Frame ID: 6B0F00AA6E795FF4940DD037607B6363
Requests: 16 HTTP requests in this frame
Frame:
http://oqenbahk.es-redirect.site/supportChatFrame/%3C%=token%%3E
Frame ID: 07DDF374800CF14FAB0D7797EC8E282B
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/92c1e5b0-7bad-4f32-bc39-23f220e0bf07.png)
Page Title
My UniCredit BankingDetected technologies
Detected patterns
- <div class="[^"]*parbase
- /etc/designs/
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Připomeňte si pravidla bezpečného chování na internetu a používání Online Bankingu
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
oqenbahk.es-redirect.site/ |
26 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ |
86 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
framework-1.10.44.2.css
oqenbahk.es-redirect.site/ |
326 KB 47 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
support_parent.css
oqenbahk.es-redirect.site/css/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cwblogincore.css
oqenbahk.es-redirect.site/ |
616 KB 91 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_uc.png
cz.unicreditbanking.eu/cms/!root!/etc/designs/cee2020-ib-core/static/images/ |
4 KB 4 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
NEW4_profile_placeholder.png
cz.unicreditbanking.eu/cms/!root!/etc/designs/cee2020-ib-core/static/images/ |
3 KB 3 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
03342_UCB_Bannery_OB_CHRANTE_SVA_DATA_460x410px_CZ_V03%20(1).jpg
www.unicreditbank.cz/content/dam/cee2020-pws-cz/cz-ucb-images/product/ob-banner/ |
58 KB 59 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
%3C%=token%%3E
oqenbahk.es-redirect.site/supportChatFrame/ Frame 07DD |
155 B 316 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
supportIcon.svg
oqenbahk.es-redirect.site/css/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
PTS55F-webfont.woff
oqenbahk.es-redirect.site/ |
150 KB 151 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fa-solid-900.woff2
oqenbahk.es-redirect.site/ |
77 KB 78 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
PTS75F-webfont.woff
oqenbahk.es-redirect.site/ |
157 KB 157 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rw-widgets.woff
oqenbahk.es-redirect.site/ |
4 KB 4 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
%3C%=token%%3E
oqenbahk.es-redirect.site/forms/ |
155 B 316 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
%3C%=token%%3E
oqenbahk.es-redirect.site/forms/ |
155 B 316 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Unicredit (Banking)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| $ function| jQuery function| loginTypo function| next function| chooseMonth function| next2 function| SendOnline function| FormControl0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cz.unicreditbanking.eu
oqenbahk.es-redirect.site
www.unicreditbank.cz
2.23.97.113
2a00:1450:4001:828::200a
2a06:98c1:3120::c
95.101.23.58
08aa3a5ee68a21d5771a70b20495b6da1c0f996c46982cd1b0447ad2db730d11
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
1742837a18fa640c298816737e848b3a8add53d792d6a808702ae58db21fd446
1a5a7622ce98664eb3c35cea8c021a71f8d6b316ab18d891d493db4d33d513c5
1af0060c9ad7bb422a3f1f6151308aff70f42abcfff819ceb5ff5c2767ba37b5
2f44b2b460baf1b00ff6c39ad3c0dee20e30f96084a13d4aabf78bc439c26057
6064f4d92ad0e3598e97062667786604a6d8e97c2ebc411b068dec3a24f8a4b2
807e575b3390b8e07a59b8fbd6140eb2909929d461e8ab5a5510c78375ff6ef3
aebc793d0064383ee6b1625bf3bb32532ec30a5c12bf9117066107d412119123
bd0c80c5139676c9bb36bfbfcd9101fd02aecbe90a84d54dff8b805c0e2ea0dc
cbf0d69aab942a435e709078118e95bb45091fb0cf55a57f44b253cbb4b0795d
d35e73edc030e667b728e2e626c782ec2b4d3b0a3044730c02b9a25dbf46be59
db9efb02624ae1915282bf97726ec48435253953571900984907c92d3d383811
e647eaca8dc1255d70d978d86d9a048525584af607cf106c8b34ce878794ffd8
efca0895b4d88b27a94249f8e7ac0083eff0a4ff3ac37c2841b3f6d7e11c1905