138.68.82.121 Open in urlscan Pro
138.68.82.121  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://t.co/I3lxL0SXaH Page URL
2. https://www.bergamoartefiera.it/orng.php Page URL
3. http://138.68.82.121/BB-vo/ Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	I3lxL0SXaH t.co/	275 B 514 B	213ms 153ms	Document text/html	104.244.42.197 Twitter Inc.
General Check archive.org Show headers Download Go to Full URL https://t.co/I3lxL0SXaH Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.244.42.197 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US), Reverse DNS Software tsa_f / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=0 X-Xss-Protection 1; mode=block; report=https://twitter.com/i/xss_report Request headers :method GET :authority t.co :scheme https :path /I3lxL0SXaH pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 200 cache-control private,max-age=300 content-encoding gzip content-length 183 content-type text/html; charset=utf-8 date Fri, 26 Apr 2019 18:45:46 GMT expires Fri, 26 Apr 2019 18:50:46 GMT server tsa_f set-cookie muc=d3856d34-0a71-4895-93ca-331d7648c146; Max-Age=63072000; Expires=Sun, 25 Apr 2021 18:45:46 GMT; Domain=t.co strict-transport-security max-age=0 vary Origin x-connection-hash 24c8fe2914157e2806b149d07f019880 x-response-time 126 x-xss-protection 1; mode=block; report=https://twitter.com/i/xss_report
GET H/1.1	200 OK	orng.php www.bergamoartefiera.it/	89 B 395 B	716ms 545ms	Document text/html	185.2.4.138 REGISTER_UK-AS
General Check archive.org Show headers Download Go to Full URL https://www.bergamoartefiera.it/orng.php Requested by Host: t.co URL: https://t.co/I3lxL0SXaH Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 185.2.4.138 , Italy, ASN203461 (REGISTER_UK-AS, GB), Reverse DNS lhcp1138.webapps.net Software Apache / PHP/5.6.40 Resource Hash Request headers Host www.bergamoartefiera.it Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Referer https://t.co/I3lxL0SXaH Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://t.co/I3lxL0SXaH Response headers Date Fri, 26 Apr 2019 18:45:46 GMT Server Apache X-Powered-By PHP/5.6.40 Vary Accept-Encoding,User-Agent Content-Encoding gzip Referrer-Policy Content-Length 103 Keep-Alive timeout=5, max=150 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	Primary Request / Show response 138.68.82.121/BB-vo/	5 KB 2 KB	28ms 14ms	Document text/html	138.68.82.121 DigitalOcean
General Check archive.org Show headers Download Go to Full URL http://138.68.82.121/BB-vo/ Protocol HTTP/1.1 Server 138.68.82.121 Frankfurt, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS smtp.newamesssgfre.com Software Apache/2.4.7 (Ubuntu) / Resource Hash 9817247628379b281e5c16e6ce3968e433d6ccb3eae72681ad26a4b94df9bccc Request headers Host 138.68.82.121 Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 26 Apr 2019 18:45:45 GMT Server Apache/2.4.7 (Ubuntu) Last-Modified Fri, 26 Apr 2019 15:26:45 GMT ETag "1328-587708ffaa216-gzip" Accept-Ranges bytes Vary Accept-Encoding Content-Encoding gzip Content-Length 1375 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	styles.css 138.68.82.121/BB-vo/css/	19 KB 4 KB	20ms 17ms	Stylesheet text/css	138.68.82.121 DigitalOcean
General Check archive.org Show headers Download Go to Full URL http://138.68.82.121/BB-vo/css/styles.css Requested by Host: 138.68.82.121 URL: http://138.68.82.121/BB-vo/ Protocol HTTP/1.1 Server 138.68.82.121 Frankfurt, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS smtp.newamesssgfre.com Software Apache/2.4.7 (Ubuntu) / Resource Hash 1bc0200e6c59d549b9c6819f4e75cb4024547a40345392f5ca0f31461e4a4f2d Request headers Referer http://138.68.82.121/BB-vo/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 26 Apr 2019 18:45:45 GMT Content-Encoding gzip Last-Modified Fri, 26 Apr 2019 15:26:47 GMT Server Apache/2.4.7 (Ubuntu) ETag "4d79-5877090241376-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 3970
GET H/1.1	200 OK	fb7b81980a1af21f4da78e4a1165607d db.onlinewebfonts.com/c/	1 KB 864 B	65ms 22ms	Stylesheet text/css	103.136.42.75 WORLDSTREAM
General Check archive.org Show headers Download Go to Full URL http://db.onlinewebfonts.com/c/fb7b81980a1af21f4da78e4a1165607d?family=CoreSansA45RegularW01-Rg Requested by Host: 138.68.82.121 URL: http://138.68.82.121/BB-vo/ Protocol HTTP/1.1 Server 103.136.42.75 -, , ASN49981 (WORLDSTREAM, NL), Reverse DNS Software nginx / PHP/5.4.45 Resource Hash 2449add3b5d19cc8162f520fb874ded374db1853045fcd4dff3c521e6c3ea94d Request headers Referer http://138.68.82.121/BB-vo/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 26 Apr 2019 18:45:47 GMT Content-Encoding gzip Server nginx X-Powered-By PHP/5.4.45 Vary Accept-Encoding, Accept-Encoding Access-Control-Allow-Methods GET,POST,OPTIONS Content-Type text/css Access-Control-Allow-Origin * Cache-Control public,max-age=86400,must-revalidate Transfer-Encoding chunked Connection keep-alive Access-Control-Allow-Headers X-Requested-With
GET H/1.1	200 OK	jquery-1.11.1.min.js Show response 138.68.82.121/BB-vo/js/	94 KB 33 KB	37ms 20ms	Script application/javascript	138.68.82.121 DigitalOcean
General Check archive.org Show headers Download Go to Full URL http://138.68.82.121/BB-vo/js/jquery-1.11.1.min.js Requested by Host: 138.68.82.121 URL: http://138.68.82.121/BB-vo/ Protocol HTTP/1.1 Server 138.68.82.121 Frankfurt, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS smtp.newamesssgfre.com Software Apache/2.4.7 (Ubuntu) / Resource Hash 91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef Request headers Referer http://138.68.82.121/BB-vo/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 26 Apr 2019 18:45:45 GMT Content-Encoding gzip Last-Modified Fri, 26 Apr 2019 15:26:57 GMT Server Apache/2.4.7 (Ubuntu) ETag "1762e-5877090bb0416-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 33234
GET H/1.1	200 OK	engine.js Show response 138.68.82.121/BB-vo/js/	1 KB 749 B	30ms 13ms	Script application/javascript	138.68.82.121 DigitalOcean
General Check archive.org Show headers Download Go to Full URL http://138.68.82.121/BB-vo/js/engine.js Requested by Host: 138.68.82.121 URL: http://138.68.82.121/BB-vo/ Protocol HTTP/1.1 Server 138.68.82.121 Frankfurt, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS smtp.newamesssgfre.com Software Apache/2.4.7 (Ubuntu) / Resource Hash ab361c7df5b28dfcdea3a47843dbb43282d2790bbb6140d52487d875c5e87cc0 Request headers Referer http://138.68.82.121/BB-vo/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 26 Apr 2019 18:45:45 GMT Content-Encoding gzip Last-Modified Fri, 26 Apr 2019 15:26:49 GMT Server Apache/2.4.7 (Ubuntu) ETag "445-5877090428856-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 400
GET H/1.1	200 OK	background.png 138.68.82.121/BB-vo/css/img/	53 KB 53 KB	14ms 13ms	Image image/png	138.68.82.121 DigitalOcean
General Check archive.org Show headers Download Go to Show image Full URL http://138.68.82.121/BB-vo/css/img/background.png Requested by Host: 138.68.82.121 URL: http://138.68.82.121/BB-vo/ Protocol HTTP/1.1 Server 138.68.82.121 Frankfurt, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS smtp.newamesssgfre.com Software Apache/2.4.7 (Ubuntu) / Resource Hash 101e672bba5e4f941c2d03df6f69c814eb7754dfc1ef287f8f5db07dce08b622 Request headers Referer http://138.68.82.121/BB-vo/css/styles.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 26 Apr 2019 18:45:45 GMT Last-Modified Fri, 26 Apr 2019 15:27:01 GMT Server Apache/2.4.7 (Ubuntu) ETag "d490-5877090faacf6" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 54416
GET H/1.1	200 OK	logo@2x.png 138.68.82.121/BB-vo/css/img/	18 KB 18 KB	17ms 13ms	Image image/png	138.68.82.121 DigitalOcean
General Check archive.org Show headers Download Go to Show image Full URL http://138.68.82.121/BB-vo/css/img/logo@2x.png Requested by Host: 138.68.82.121 URL: http://138.68.82.121/BB-vo/ Protocol HTTP/1.1 Server 138.68.82.121 Frankfurt, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS smtp.newamesssgfre.com Software Apache/2.4.7 (Ubuntu) / Resource Hash f43aa318509483d5f2c59afbe42621cba6a0f7d24d84537c03632ad7b852f2b9 Request headers Referer http://138.68.82.121/BB-vo/css/styles.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 26 Apr 2019 18:45:45 GMT Last-Modified Fri, 26 Apr 2019 15:27:07 GMT Server Apache/2.4.7 (Ubuntu) ETag "4802-5877091491b16" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 18434
GET H/1.1	200 OK	Aller.woff2 138.68.82.121/BB-vo/css/fonts/Aller/	33 KB 33 KB	15ms 14ms	Font application/octet-stream	138.68.82.121 DigitalOcean
General Check archive.org Show headers Download Go to Full URL http://138.68.82.121/BB-vo/css/fonts/Aller/Aller.woff2 Requested by Host: 138.68.82.121 URL: http://138.68.82.121/BB-vo/ Protocol HTTP/1.1 Server 138.68.82.121 Frankfurt, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS smtp.newamesssgfre.com Software Apache/2.4.7 (Ubuntu) / Resource Hash 49be62275ab1f5b74831f3cf50041fe7801702bb54f8ca080dcf494f301ca8cc Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://138.68.82.121/BB-vo/css/styles.css Origin http://138.68.82.121 Response headers Date Fri, 26 Apr 2019 18:45:45 GMT Last-Modified Fri, 26 Apr 2019 15:28:14 GMT Server Apache/2.4.7 (Ubuntu) ETag "8474-5877095469716" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 33908
GET H/1.1	200 OK	Aller-Bold.woff2 138.68.82.121/BB-vo/css/fonts/Aller/	31 KB 32 KB	27ms 13ms	Font application/octet-stream	138.68.82.121 DigitalOcean
General Check archive.org Show headers Download Go to Full URL http://138.68.82.121/BB-vo/css/fonts/Aller/Aller-Bold.woff2 Requested by Host: 138.68.82.121 URL: http://138.68.82.121/BB-vo/ Protocol HTTP/1.1 Server 138.68.82.121 Frankfurt, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS smtp.newamesssgfre.com Software Apache/2.4.7 (Ubuntu) / Resource Hash 703afdaf4301005c93cb0fcf7d49ecc8d614d7500937dee962aaf17b4b7dad80 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://138.68.82.121/BB-vo/css/styles.css Origin http://138.68.82.121 Response headers Date Fri, 26 Apr 2019 18:45:45 GMT Last-Modified Fri, 26 Apr 2019 15:27:43 GMT Server Apache/2.4.7 (Ubuntu) ETag "7da0-587709372a236" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 32160

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BBVA (Financial)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

db.onlinewebfonts.com
t.co
www.bergamoartefiera.it
103.136.42.75
104.244.42.197
138.68.82.121
185.2.4.138
101e672bba5e4f941c2d03df6f69c814eb7754dfc1ef287f8f5db07dce08b622
1bc0200e6c59d549b9c6819f4e75cb4024547a40345392f5ca0f31461e4a4f2d
2449add3b5d19cc8162f520fb874ded374db1853045fcd4dff3c521e6c3ea94d
49be62275ab1f5b74831f3cf50041fe7801702bb54f8ca080dcf494f301ca8cc
703afdaf4301005c93cb0fcf7d49ecc8d614d7500937dee962aaf17b4b7dad80
91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef
9817247628379b281e5c16e6ce3968e433d6ccb3eae72681ad26a4b94df9bccc
ab361c7df5b28dfcdea3a47843dbb43282d2790bbb6140d52487d875c5e87cc0
f43aa318509483d5f2c59afbe42621cba6a0f7d24d84537c03632ad7b852f2b9