private.unicred.it.contservizi.privati.dati.societari.bancaprossima.index534tergdfgeswe5y654534.siasatgostar.ir
195.24.66.190
Malicious Activity!
Effective URL: http://private.unicred.it.contservizi.privati.dati.societari.bancaprossima.index534tergdfgeswe5y654534.siasatgostar.ir/utyhrfgdfrsdeafg/index.php
Submission: On September 12 via automatic , source phishtank
Summary
The main IP is 195.24.66.190, located in Russian Federation and belongs to RU-CENTER, RU. The main domain is private.unicred.it.contservizi.privati.dati.societari.bancaprossima.index534tergdfgeswe5y654534.siasatgostar.ir.
This is the first time this domain was scanned on urlscan.io!
Verdict: Malicious (Score: 55/100) Show Details
-
urlscan - Score: 100
phishingPhishing against Unicredit (Banking)
-
phishtank
- Score: 10 (URL submitted from phishtank)
- phishing
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 35 | 195.24.66.190 195.24.66.190 | 48287 (RU-CENTER) (RU-CENTER) | |
3 | 188.120.240.88 188.120.240.88 | 29182 (THEFIRST-AS) (THEFIRST-AS) | |
35 | 3 |
Domain Subdomains |
Transfer | |
---|---|---|
34 |
siasatgostar.ir
2 redirects
|
2 MB |
3 |
240.88
|
780 B |
1 |
66.190
1 redirects
|
364 B |
35 | 3 |
Domain | Requested by | |
---|---|---|
34 | private.unicred.it.contservizi.privati.dati.societari.bancaprossima.index534tergdfgeswe5y654534.siasatgostar.ir |
2 redirects
private.unicred.it.contservizi.privati.dati.societari.bancaprossima.index534tergdfgeswe5y654534.siasatgostar.ir
|
3 | 188.120.240.88 |
private.unicred.it.contservizi.privati.dati.societari.bancaprossima.index534tergdfgeswe5y654534.siasatgostar.ir
|
1 | 195.24.66.190 | 1 redirects |
35 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
Subject / Issuer | Validity | Valid |
---|---|---|
1970-01-01 - 1970-01-01 |
a few seconds |
Screenshot

Detected technologies

Detected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i

Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Stats
0
Requests
0
Ad-blocked
0
Malicious
0
%
HTTPS
0
%
IPv6
0
Domains
0
Subdomains
0
IPs
0
Countries
0
kB
Transfer
0
kB
Size
0
Cookies
0 Outgoing links
These are links going to different origins than the main page. For each link, only the first name is shown.
35 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
![]() /utyhrfgdfrsdeafg Redirect Chain
|
721 B 740 B |
Document text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
?
/utyhrfgdfrsdeafg/cd8558b6a2ce42d871f1aac1cf3bd39f/login Redirect Chain
|
48 KB 8 KB |
Document text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
/utyhrfgdfrsdeafg/bower_components/jquery/dist |
85 KB 30 KB |
Script application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ua-parser.min.js
/utyhrfgdfrsdeafg/bower_components/ua-parser-js/dist |
17 KB 6 KB |
Script application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
/utyhrfgdfrsdeafg/bower_components/font-awesome/css |
30 KB 7 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
/utyhrfgdfrsdeafg/login/form |
424 B 683 B |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
etc01.png
/utyhrfgdfrsdeafg/login |
924 B 1 KB |
Image image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.css
/utyhrfgdfrsdeafg/login |
143 KB 21 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-families.css
/utyhrfgdfrsdeafg/login |
2 KB 631 B |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font_public.css
/utyhrfgdfrsdeafg/login |
38 KB 21 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font_extra.css
/utyhrfgdfrsdeafg/login |
47 KB 20 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font_mutui.css
/utyhrfgdfrsdeafg/login |
2 KB 757 B |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font_multicolor.css
/utyhrfgdfrsdeafg/login |
41 KB 14 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font_mono.css
/utyhrfgdfrsdeafg/login |
21 KB 11 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
/utyhrfgdfrsdeafg/login |
367 KB 58 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.css
/utyhrfgdfrsdeafg/login |
330 KB 62 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-common.min.301020181138.css
/utyhrfgdfrsdeafg/login |
322 B 581 B |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.min.301020181138.css
/utyhrfgdfrsdeafg/login |
12 KB 3 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
trasparenza.png
/utyhrfgdfrsdeafg/login |
4 KB 5 KB |
Image image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1497278182294.png
/utyhrfgdfrsdeafg/login |
658 B 918 B |
Image image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1497278182294_001.png
/utyhrfgdfrsdeafg/login |
1 KB 2 KB |
Image image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
form.js?v=5d7a73699d59c
/utyhrfgdfrsdeafg/login/form |
10 KB 3 KB |
Script application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
token.js?v=5d7a73699d5e5
/utyhrfgdfrsdeafg/login/token |
13 KB 2 KB |
Script application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1840x450_overlaysmartvoucher.jpg
/utyhrfgdfrsdeafg/login |
513 KB 514 KB |
Image image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1840x450_overlay_matrimonio.jpg
/utyhrfgdfrsdeafg/login |
363 KB 363 KB |
Image image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
subitocasa_1840x450_1808_hb.jpg
/utyhrfgdfrsdeafg/login |
482 KB 482 KB |
Image image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite-common.png
/utyhrfgdfrsdeafg/login |
22 KB 22 KB |
Image image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
unicredit-light.otf
/utyhrfgdfrsdeafg/login |
102 KB 103 KB |
Font application/vnd.oasis.opendocument.formula-template |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-sprite.png
/utyhrfgdfrsdeafg/login |
4 KB 4 KB |
Image image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
unicredit-medium.otf
/utyhrfgdfrsdeafg/login |
114 KB 115 KB |
Font application/vnd.oasis.opendocument.formula-template |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
unicredit-regular.otf
/utyhrfgdfrsdeafg/login |
98 KB 98 KB |
Font application/vnd.oasis.opendocument.formula-template |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
data:truncated
data:truncated |
26 KB 26 KB |
Font application/x-font-ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
data:truncated
data:truncated |
15 KB 15 KB |
Font application/x-font-ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
data:truncated
data:truncated |
13 KB 13 KB |
Font application/x-font-ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
unicredit-bold.otf
/utyhrfgdfrsdeafg/login |
111 KB 111 KB |
Font application/vnd.oasis.opendocument.formula-template |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
data:truncated
data:truncated |
26 KB 26 KB |
Font application/x-font-ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gate.php?pl=token&link=uni.it&bid=cd8558b6a2ce42d871f1aac1cf3bd39f&callback=jQuery32106619732918934342_1568306025812&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1568306025813
188.120.240.88/uadmin |
57 B 260 B |
Script application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gate.php?pl=token&link=uni.it&bid=cd8558b6a2ce42d871f1aac1cf3bd39f&callback=jQuery32106619732918934342_1568306025814&data=%7B%22mes%22%3A%22User%20on%20Login%20page%22%7D&_=1568306025815
188.120.240.88/uadmin |
57 B 260 B |
Script application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gate.php?pl=token&link=uni.it&bid=cd8558b6a2ce42d871f1aac1cf3bd39f&callback=jQuery32106619732918934342_1568306025812&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1568306025816
188.120.240.88/uadmin |
57 B 260 B |
Script application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Redirect requests
There were HTTP redirects (301, 302) for the following requests:
Request 0- http://195.24.66.190/
- http://private.unicred.it.contservizi.privati.dati.societari.bancaprossima.index534tergdfgeswe5y654534.siasatgostar.ir/utyhrfgdfrsdeafg/index.php
- http://private.unicred.it.contservizi.privati.dati.societari.bancaprossima.index534tergdfgeswe5y654534.siasatgostar.ir/utyhrfgdfrsdeafg/cd8558b6a2ce42d871f1aac1cf3bd39f?
- http://private.unicred.it.contservizi.privati.dati.societari.bancaprossima.index534tergdfgeswe5y654534.siasatgostar.ir/utyhrfgdfrsdeafg/cd8558b6a2ce42d871f1aac1cf3bd39f/?
- http://private.unicred.it.contservizi.privati.dati.societari.bancaprossima.index534tergdfgeswe5y654534.siasatgostar.ir/utyhrfgdfrsdeafg/cd8558b6a2ce42d871f1aac1cf3bd39f/login/?
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan - Score: 100
Categories:Tags:
Phishing against: Unicredit (Banking)
27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| UAParser string| bid object| php_js string| el function| ask_login_proxy function| next__ function| finish__ object| cookies function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q object| loader_ function| send1 object| bider_obj object| last_respond undefined| last_operation object| respond object| CORE__ object| REST_FN__ number| bidder_timer2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
private.unicred.it.contservizi.privati.dati.societari.bancaprossima.index534tergdfgeswe5y654534.siasatgostar.ir/utyhrfgdfrsdeafg | Name: real Value: OK |
|
private.unicred.it.contservizi.privati.dati.societari.bancaprossima.index534tergdfgeswe5y654534.siasatgostar.ir/utyhrfgdfrsdeafg/cd8558b6a2ce42d871f1aac1cf3bd39f | Name: bid Value: cd8558b6a2ce42d871f1aac1cf3bd39f |
Indicators of compromise (IoCs)
This is a term in the security industry to describe indicators around an attack. This includes IPs, hashes, domains, etc.
188.120.240.88 195.24.66.190 private.unicred.it.contservizi.privati.dati.societari.bancaprossima.index534tergdfgeswe5y654534.siasatgostar.ir 188.120.240.88 195.24.66.190 03f38e8b83968270c1ddeba5e8c52cf5b8751062fd82753396aff16558426ce1 0caa580cfb101af5584b2636965829b0b8be12959bbc186c2a9b4159c0658723 0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896 1607e6c7ff7f053cedd33c115cbb2828f78bd941cfd94535f421f4704dba066f 25994608a73aba64495189d9dcff26e1ff300bd4adcc0fb7b4fd9fb29a289970 2ad850adfd4c44eca0fb84badbd18222af65c98d9086d5175b22d3b02f1fe67c 2fcf00a2595063ad2da641bdf062d9ba78947196493de35cff9db2802d9266ac 41df6e04a208213aec3450aa313c14344af73d5a80321a557ed5f3ba383b4d27 4a8f4bb92cdad151318623ae735a6e038bc20578aeb3403c6913f37d4043bb0f 55b8c1aa34bafb918f1e55d3e201af01b2d488ad7dac543615e15b1fb7018842 56f26c94a3f02e30f5149f672e901db31c782202ebb261cad84ed8b4810236e1 5926ca7d3fa05d922f3fe1de417aa230d77f586911dfdab5d1b57af272c267ce 5969ae0e1c806f324764042d06ea482ea6cdbebb0e4782f1fc191ce3cb78fb64 5a87ab40c556c444c19121d72e6bd49c39c860265e00a1dc0146e1d3a3193fd1 61db57d20d976821ee83076caf40c2e20c341e599bbafc8bed90494a9f390f07 626444656cdc40048b00ddc9eebf8bbdf38f01693bcadbc696e33bf889d6a81c 705a4996f7b4dbd5bc22eec596d9b6480563938c73dec3f7f57ad31403b9e790 76abcc1719c37018a3655c11e9b1bb8169bae1565e12c08c025f662798d3f9e2 7840a0189a3f40d335e47aa8e2c5b6e97a94881fc4e3812e654dcf7fab4a8d82 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd 8014a4c879dcbe838e833d893ca21a011362313fd11242a9a21e5b0359d4d3ed 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de 8cd5c29626a9b5581542c067a6478ca895009df8ba980f828d7047a2e30ea8be 94592c8edc66ab81c193ce386b298c8e25ea16540af28df2b703d533490959b7 964ce7211259841629af4df519a546d1bd542714bab0fe40b28388009caef7f3 9ba28c18fb75f3a6fcee96df6421c475570a4161b0c59637b878d7b4520169c3 a875bddc884735e8b7df96a69ae69535455276de2f813c227acbf23afea30259 acb942721fe035159b21f33d5a30d4f629ba467ca6f9bb87d7a2cdd41bb7a2d4 b01a132d67911824c606f6138c75960eb09ce8e4ad06c0045518603dcd2e4afc b710a27afca3155e64120e415e839ce9e9bae8cca58966345a39c4e90751d82f c453584ab3d9f150db9d72995040541ad6d4c57f16dba4920864c2d84fd1a0c3 d1fd304ce1783090c465fd5cee414c2a09b2134555742d2a51a2d397fd116ac0 d6a8220b977fa2c93709a5ba92f5eade8ccadf4a99a0b4ead91358ed9b06886f d91ea6df371995153328efe12017133994e9e25881f620ee00942462251cfeaa e3cc8cf693c37f205259e653279624abd91896141d39e873cc157e8039226229 e5433b9fa17e64ba01750d5a0da3ceec92a7e34726df5c967263a44889793d32 f1cc6117fafce6d72486f5f547a96cab28fe68b4efdc0dbea5f2ddb8a9578b16 fb3eee259238bb8f097a10f92ad30df49fe02fa3889ee4ee64407514840383a5