giresunsedefotel.com
Open in
urlscan Pro
78.135.65.20
Malicious Activity!
Public Scan
Submission: On October 20 via automatic, source openphish
Summary
This is the only time giresunsedefotel.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Regions Bank (Banking)Domain & IP information
ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)
PTR: rcp01.hosting.sh.com.tr
giresunsedefotel.com |
ASN19905 (NEUSTAR-AS6, US)
PTR: login.regions.com
login.regions.com |
ASN10801 (REGIONS-ASN-1, US)
PTR: onlinebanking.regions.com
onlinebanking.regions.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
nexus.ensighten.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN13335 (CLOUDFLARENET, US)
znebdjzidehxpwsol-regions.siteintercept.qualtrics.com | |
siteintercept.qualtrics.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-235-219.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-9-100.eu-west-3.compute.amazonaws.com
metrics.regions.com |
ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-16-186-82.deploy.static.akamaitechnologies.com
fast.regions.demdex.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
regions.com
login.regions.com onlinebanking.regions.com metrics.regions.com |
219 KB |
6 |
demdex.net
2 redirects
dpm.demdex.net fast.regions.demdex.net |
5 KB |
5 |
ensighten.com
nexus.ensighten.com |
65 KB |
3 |
google-analytics.com
www.google-analytics.com |
18 KB |
2 |
everesttech.net
2 redirects
cm.everesttech.net |
748 B |
2 |
qualtrics.com
znebdjzidehxpwsol-regions.siteintercept.qualtrics.com siteintercept.qualtrics.com |
17 KB |
1 |
google.de
www.google.de |
106 B |
1 |
google.com
www.google.com |
106 B |
1 |
doubleclick.net
stats.g.doubleclick.net |
90 B |
1 |
googletagmanager.com
www.googletagmanager.com |
37 KB |
1 |
giresunsedefotel.com
giresunsedefotel.com |
3 KB |
28 | 11 |
Domain | Requested by | |
---|---|---|
5 | dpm.demdex.net |
2 redirects
giresunsedefotel.com
|
5 | nexus.ensighten.com |
giresunsedefotel.com
nexus.ensighten.com |
5 | login.regions.com |
giresunsedefotel.com
login.regions.com |
3 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
2 | cm.everesttech.net | 2 redirects |
1 | fast.regions.demdex.net |
giresunsedefotel.com
|
1 | metrics.regions.com |
giresunsedefotel.com
|
1 | siteintercept.qualtrics.com |
znebdjzidehxpwsol-regions.siteintercept.qualtrics.com
|
1 | www.google.de | |
1 | www.google.com | |
1 | stats.g.doubleclick.net |
www.google-analytics.com
|
1 | znebdjzidehxpwsol-regions.siteintercept.qualtrics.com |
nexus.ensighten.com
|
1 | www.googletagmanager.com |
nexus.ensighten.com
|
1 | onlinebanking.regions.com |
giresunsedefotel.com
|
1 | giresunsedefotel.com | |
28 | 15 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
login.regions.com Sectigo RSA Extended Validation Secure Server CA |
2020-04-22 - 2021-04-22 |
a year | crt.sh |
onlinebanking.regions.com Sectigo RSA Extended Validation Secure Server CA |
2020-04-22 - 2021-04-22 |
a year | crt.sh |
nexus.ensighten.com DigiCert SHA2 Secure Server CA |
2020-09-09 - 2021-10-11 |
a year | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-09-22 - 2020-12-15 |
3 months | crt.sh |
*.qualtrics.com DigiCert SHA2 Secure Server CA |
2018-10-08 - 2021-01-06 |
2 years | crt.sh |
*.g.doubleclick.net GTS CA 1O1 |
2020-10-06 - 2020-12-29 |
3 months | crt.sh |
www.google.com GTS CA 1O1 |
2020-09-22 - 2020-12-15 |
3 months | crt.sh |
www.google.de GTS CA 1O1 |
2020-09-22 - 2020-12-15 |
3 months | crt.sh |
*.demdex.net DigiCert SHA2 High Assurance Server CA |
2018-01-09 - 2021-02-12 |
3 years | crt.sh |
This page contains 2 frames:
Primary Page:
http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
Frame ID: 45E88659758AF4DD43AED872D850F441
Requests: 27 HTTP requests in this frame
Frame:
http://fast.regions.demdex.net/dest5.html?d_nsid=undefined
Frame ID: 420BE91B9BD59C54B8C4CB9D527CFE95
Requests: 1 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 22- http://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1603156518924 HTTP 302
- http://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1603156518924
- http://cm.everesttech.net/cm/dd?d_uuid=32348918259236550090195528400182601414 HTTP 302
- https://cm.everesttech.net/cm/dd?d_uuid=32348918259236550090195528400182601414 HTTP 302
- https://dpm.demdex.net/ibs:dpid=411&dpuuid=X446JwAABlamXS3- HTTP 302
- https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=X446JwAABlamXS3-
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
action.php
giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/ |
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
com-regions.min.css
login.regions.com//Themes/RegionsBootstrap/ |
243 KB 49 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
com-regions.min.js
login.regions.com//Scripts/RegionsBootstrap/ |
265 KB 93 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
regions-logo-no-r.svg
login.regions.com//Themes/RegionsBootstrap/Images/ |
5 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
equal-housing-lender.svg
login.regions.com//Themes/RegionsBootstrap/Images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
member-fdic.svg
login.regions.com//Themes/RegionsBootstrap/Images/ |
6 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
global-overlays.js
onlinebanking.regions.com/custom/Assets/Scripts/ |
202 KB 68 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Bootstrap.js
nexus.ensighten.com/regions/regions-olb/ |
29 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
source-sans-pro-700-webfont.woff
login.regions.com//Themes/RegionsBootstrap/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
source-sans-pro-regular-webfont.woff
login.regions.com//Themes/RegionsBootstrap/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
serverComponent.php
nexus.ensighten.com/regions/regions-olb/ |
279 B 516 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aaed6ca3a40617bbda790c79347c4690.js
nexus.ensighten.com/regions/regions-olb/code/ |
162 KB 56 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
e.gif
nexus.ensighten.com/error/ |
0 193 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
e.gif
nexus.ensighten.com/error/ |
0 193 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
94 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
znebdjzidehxpwsol-regions.siteintercept.qualtrics.com/WRSiteInterceptEngine/ |
54 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
45 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3-Q050 |
collect
www.google-analytics.com/j/ |
2 B 68 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
collect
www.google-analytics.com/ |
35 B 63 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
4 B 90 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.com/ads/ |
42 B 106 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ |
42 B 106 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
Targeting.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ |
2 KB 972 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rd
dpm.demdex.net/id/ Redirect Chain
|
110 B 746 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
metrics.regions.com/ |
48 B 899 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
dpm.demdex.net/ |
3 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dest5.html
fast.regions.demdex.net/ Frame 420B |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
demconf.jpg
dpm.demdex.net/ Redirect Chain
|
42 B 915 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- login.regions.com
- URL
- https://login.regions.com//Themes/RegionsBootstrap/fonts/source-sans-pro-700-webfont.woff
- Domain
- login.regions.com
- URL
- https://login.regions.com//Themes/RegionsBootstrap/fonts/source-sans-pro-regular-webfont.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Regions Bank (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
15 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.giresunsedefotel.com/ | Name: AMCV_DB9639725BD2FC5B0A495C65%40AdobeOrg Value: 1585540135%7CMCMID%7C26596800184309691000773238218632242859%7CMCAID%7CNONE%7CMCOPTOUT-1603163719s%7CNONE%7CMCAAMLH-1603761319%7C6%7CMCAAMB-1603761319%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCSYNCSOP%7C411-18563%7CvVersion%7C4.4.0 |
|
.giresunsedefotel.com/ | Name: s_ds_s Value: First%20Visit |
|
.giresunsedefotel.com/ | Name: s_ds Value: 1603156519350 |
|
.giresunsedefotel.com/ | Name: s_nr Value: 1603156519349-New |
|
.giresunsedefotel.com/ | Name: _gat_gtag_UA_108294743_4 Value: 1 |
|
.giresunsedefotel.com/ | Name: s_ppv Value: olb%257Clogs%257C%2C100%2C100%2C1200 |
|
giresunsedefotel.com/ | Name: PHPSESSID Value: 896npetggr7uqnsqi7vvs7egc2 |
|
.giresunsedefotel.com/ | Name: s_cm Value: Typed%2FBookmarkedTyped%2FBookmarkedundefined |
|
.giresunsedefotel.com/ | Name: s_dl Value: 1 |
|
.giresunsedefotel.com/ | Name: s_lang Value: en |
|
.giresunsedefotel.com/ | Name: _ga Value: GA1.2.954419106.1603156519 |
|
.giresunsedefotel.com/ | Name: AMCVS_DB9639725BD2FC5B0A495C65%40AdobeOrg Value: 1 |
|
.giresunsedefotel.com/ | Name: s_tp Value: 1200 |
|
.giresunsedefotel.com/ | Name: gpv_pn Value: olb%7Clogs%7C |
|
.giresunsedefotel.com/ | Name: _gid Value: GA1.2.1576081125.1603156519 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cm.everesttech.net
dpm.demdex.net
fast.regions.demdex.net
giresunsedefotel.com
login.regions.com
metrics.regions.com
nexus.ensighten.com
onlinebanking.regions.com
siteintercept.qualtrics.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
znebdjzidehxpwsol-regions.siteintercept.qualtrics.com
login.regions.com
104.17.208.240
15.236.9.100
18.195.42.228
2.16.186.82
205.255.100.240
205.255.100.241
2a00:1450:4001:806::2008
2a00:1450:4001:808::200e
2a00:1450:4001:818::2003
2a00:1450:4001:819::2004
2a00:1450:4001:824::200e
2a00:1450:400c:c04::9a
52.208.235.219
66.117.28.86
78.135.65.20
0284cbd99e83b978e2686bbd7f8aeeac32fa57214303ff6bc953415b2d282f78
4b70df8131a18cd31f6abe166cae5a6a9d446b8fa4dbc5a6fd67ad5c92fb9413
556759f99ac7b77f3bcf1a7727022eee53b35c6f7dbbc8f9ae4757bb8304ff5e
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
76db26474f1c86e01017673b074ae36aa0d75a1d19a4a4e89e437da1e66b31d2
771151f2b2c470cce74d21f580b2b1daf178f9932eeaee79e2e94b2428b53e99
7718b1406ee9b1ca22aeaed294ae6416af5411ee9c3ba97dc7092cad30ac868b
7e40f1ed6603371cc5b77ae7234e41aa317be5ed443188a37a999e97af56aede
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8b69a3707a2ef4a748dd6c9923a1fa17d1ed5d32eee6e60240540217cf30b324
912f72af9fe61099bc2452960df7b72ee662d5c3e6188ab246767de1fe367913
9562f0b0d20b48deb112d1c7e183b5fddd4d5bfaf45ddb7e3e93cafa0289d7d2
a8d84cf15c4f9000bf6cb2b90158126965f8aeba625274241c172b26ff10c4d2
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4bc94279e093f25720c2867e7a08dbfaaa140636f11eab5ac4e204a93a3751e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629