www.cistite-iuv.it
Open in
urlscan Pro
46.37.24.221
Malicious Activity!
Public Scan
Effective URL: https://www.cistite-iuv.it/w/site-seguro/passo1.php?nGnJ/6dVH9NdIcCtm/yfEtAeWq7DfY0QFFWTemH79lU//PtdbjgvwiBtusFDGYvW5QSEm6B...
Submission Tags: 7292205
Submission: On September 14 via api from NL — Scanned from DE
Summary
TLS certificate: Issued by R3 on September 4th 2021. Valid for: 3 months.
This is the only time www.cistite-iuv.it was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Caixa (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.221.250.95 54.221.250.95 | 14618 (AMAZON-AES) (AMAZON-AES) | |
15 | 46.37.24.221 46.37.24.221 | 31034 (ARUBA-ASN) (ARUBA-ASN) | |
4 | 2a00:1450:400... 2a00:1450:4007:807::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4007:80e::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:3b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
3 | 2a00:1450:400... 2a00:1450:4007:815::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4007:81a::200e | 15169 (GOOGLE) (GOOGLE) | |
26 | 7 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-221-250-95.compute-1.amazonaws.com
rebrand.ly |
ASN31034 (ARUBA-ASN, IT)
PTR: srv06.koalacode.com
www.cistite-iuv.it |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
cistite-iuv.it
www.cistite-iuv.it |
108 KB |
4 |
googleapis.com
fonts.googleapis.com |
2 KB |
3 |
gstatic.com
fonts.gstatic.com |
149 KB |
1 |
google-analytics.com
www.google-analytics.com |
370 B |
1 |
jquery.com
code.jquery.com |
79 KB |
1 |
googletagmanager.com
www.googletagmanager.com |
51 KB |
1 |
rebrand.ly
1 redirects
rebrand.ly |
289 B |
0 |
contadorsite.com
Failed
aux01.contadorsite.com Failed |
|
26 | 8 |
Domain | Requested by | |
---|---|---|
15 | www.cistite-iuv.it |
www.cistite-iuv.it
|
4 | fonts.googleapis.com |
www.cistite-iuv.it
|
3 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | www.google-analytics.com |
www.googletagmanager.com
|
1 | code.jquery.com |
www.cistite-iuv.it
|
1 | www.googletagmanager.com |
www.cistite-iuv.it
|
1 | rebrand.ly | 1 redirects |
0 | aux01.contadorsite.com Failed |
www.cistite-iuv.it
|
26 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cistite-iuv.it R3 |
2021-09-04 - 2021-12-03 |
3 months | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-08-23 - 2021-11-15 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2021-08-23 - 2021-11-15 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-08-23 - 2021-11-15 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.cistite-iuv.it/w/site-seguro/passo1.php?nGnJ/6dVH9NdIcCtm/yfEtAeWq7DfY0QFFWTemH79lU//PtdbjgvwiBtusFDGYvW5QSEm6BwAqJR8NUrnzbF9N-
Frame ID: FD602FDB293D5DA5E5BCC195E34C6E74
Requests: 26 HTTP requests in this frame
Screenshot
Page Title
I-.nt _er.net--_--:-Banking ::::....cAIXAPage URL History Show full URLs
-
https://rebrand.ly/432qykp
HTTP 301
https://www.cistite-iuv.it/w/ Page URL
- https://www.cistite-iuv.it/w/site-seguro/passo1.php?nGnJ/6dVH9NdIcCtm/yfEtAeWq7DfY0QFFWTemH79lU//Ptdbjg... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Google Analytics (Analytics) Expand
Detected patterns
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
- jquery[.-]([\d.]*\d)[^/]*\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://rebrand.ly/432qykp
HTTP 301
https://www.cistite-iuv.it/w/ Page URL
- https://www.cistite-iuv.it/w/site-seguro/passo1.php?nGnJ/6dVH9NdIcCtm/yfEtAeWq7DfY0QFFWTemH79lU//PtdbjgvwiBtusFDGYvW5QSEm6BwAqJR8NUrnzbF9N- Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://rebrand.ly/432qykp HTTP 301
- https://www.cistite-iuv.it/w/
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
www.cistite-iuv.it/w/ Redirect Chain
|
914 B 476 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
hitv4.php
aux01.contadorsite.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
passo1.php
www.cistite-iuv.it/w/site-seguro/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon
fonts.googleapis.com/ |
569 B 438 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style_login.css
www.cistite-iuv.it/w/site-seguro/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
www.cistite-iuv.it/w/site-seguro/Arquivos1/ |
84 KB 34 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery_mask.js
www.cistite-iuv.it/w/site-seguro/Arquivos1/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sweet1.js
www.cistite-iuv.it/w/site-seguro/js/ |
61 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
home.js
www.cistite-iuv.it/w/site-seguro/Arquivos1/ |
8 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.min.js
www.cistite-iuv.it/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.min.js
www.cistite-iuv.it/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
129 KB 51 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_caixa.png
www.cistite-iuv.it/w/site-seguro/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
form_icon.png
www.cistite-iuv.it/w/site-seguro/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pre_load.gif
www.cistite-iuv.it/w/site-seguro/img/ |
35 KB 35 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.10.1.js
code.jquery.com/ |
268 KB 79 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
1015 B 498 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
1015 B 498 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.min.js
www.cistite-iuv.it/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.min.js
www.cistite-iuv.it/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v18/ |
19 KB 20 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v102/ |
109 KB 109 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ |
20 KB 20 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
end.png
www.cistite-iuv.it/w/site-seguro/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/g/ |
0 370 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- aux01.contadorsite.com
- URL
- http://aux01.contadorsite.com/hitv4.php?digit=7seg&page=51522ae2a209b4bf9b5d41df2476c560&t=1507560471
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Caixa (Government)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery function| Sweetalert2 function| SweetAlert function| Swal function| sweetAlert function| swal function| validacpf function| mask function| FormataDado function| check_lg function| check_phone function| gtag object| dataLayer object| google_tag_manager object| google_tag_data object| gaGlobal function| onYouTubeIframeAPIReady2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.cistite-iuv.it/ | Name: _ga Value: GA1.1.314921518.1631659772 |
|
.cistite-iuv.it/ | Name: _ga_CBB7VDGQDK Value: GS1.1.1631659772.1.0.1631659773.0 |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aux01.contadorsite.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
rebrand.ly
www.cistite-iuv.it
www.google-analytics.com
www.googletagmanager.com
aux01.contadorsite.com
2001:4de0:ac18::1:a:3b
2a00:1450:4007:807::200a
2a00:1450:4007:80e::2008
2a00:1450:4007:815::2003
2a00:1450:4007:81a::200e
46.37.24.221
54.221.250.95
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1ed00d554c5423d4fa8c88bf8b8ec95554bbb787272ce36d22ff767b81422074
2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3
2b8ea5e6853a95f3e68b1ae996c958612046336c3ac8a3a89d0e5a0dfbfde010
606989890f9c25a98ddbe359c6a0fdb7643f88ed5e73ae283a46e7d768bc87cc
64a16175fd8bb9b3e969fd4c07ca02eca50ac2de2dddde64c4d6ed02ddada4c4
683bec93229eb796c1f707ed5f88fc9706d3a1bc415f5c6abfd537918bf537b4
7345baa61a620cacfb000c04a16e9491020c841ee0b60c4166b68c57af1bb688
94cc27d0ab1241a3d4fc6a1553587c078c00b00f88b3945338acdf7d2e89c45c
a5088c618e38ccdf416a61febe45458baf8b4ef7024130b122c2405d5a1cdb25
ad0143eabe9dd325f34d5120a12a19df28e63e0dae2c85fc0ab664be125e8da1
b28604c7e478ef48a7c1f3554e64d72aa69438a9ec15cea40e1cd661dc74f432
bb2328dfecce069cd6461be516080bc88f2236677453301a7a21ef35c29ab32d
c807ad254a21c8efde24ad6052aabd7095ce90626cef701e3d3a65d551fd5cdf
ca95ea29c687a7db00b9b1938418a185b54f61910c7a3035ed8207607958313d
cc916b9469c436d841450c7a1fe737b04bb466df2922ba34433e80910f1e6dba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebaded49db62a60060caa2577f2a4ec1ff68726bc40861bc65d977abeb64fa7d
ec62851842a41d85c93ec8b1db4af10509585982aed2c861fec95418a0a3f21f
ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60
feb15b09aaee2b0b50dbd68a6d04037c7c5c3efb0e5ec23a243648fb1e5abaaf