gohealthy.com.ua
Open in
urlscan Pro
2606:4700:30::6812:22a4
Malicious Activity!
Public Scan
Effective URL: https://gohealthy.com.ua//wp-admin/user/cache/
Submission Tags: 6239073
Submission: On October 14 via api from US
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on March 27th 2019. Valid for: a year.
This is the only time gohealthy.com.ua was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BAWAG P.S.K. (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 62.14.255.157 62.14.255.157 | 12479 (UNI2-AS) (UNI2-AS) | |
1 | 2606:4700:30:... 2606:4700:30::6812:22a4 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
14 | 194.107.107.204 194.107.107.204 | 52220 (BAWAG-AT-AS) (BAWAG-AT-AS) | |
16 | 3 |
ASN12479 (UNI2-AS, ES)
PTR: 157.255.14.62.static.jazztel.es
elderlydriving.demos.bcn.grupoica.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
gohealthy.com.ua |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
bawagpsk.com
ebanking.bawagpsk.com |
232 KB |
1 |
gohealthy.com.ua
gohealthy.com.ua |
3 KB |
1 |
grupoica.com
elderlydriving.demos.bcn.grupoica.com |
357 B |
16 | 3 |
Domain | Requested by | |
---|---|---|
14 | ebanking.bawagpsk.com |
gohealthy.com.ua
|
1 | gohealthy.com.ua | |
1 | elderlydriving.demos.bcn.grupoica.com | |
16 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.bawagpsk.com |
demo-ebanking.bawagpsk.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-03-27 - 2020-03-27 |
a year | crt.sh |
ebanking.bawagpsk.com DigiCert SHA2 Extended Validation Server CA |
2019-03-05 - 2020-03-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://gohealthy.com.ua//wp-admin/user/cache/
Frame ID: DFE8EC655F0906AA29235EA41541B5A0
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://elderlydriving.demos.bcn.grupoica.com/orange/ Page URL
- https://gohealthy.com.ua//wp-admin/user/cache/ Page URL
Detected technologies
Ubuntu (Operating Systems) ExpandDetected patterns
- headers server /Ubuntu/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
13 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Verfüger gesperrt
Search URL Search Domain Scan URL
Title: Pin vergessen
Search URL Search Domain Scan URL
Title: Aktuelle Warnungen Neueste vom 14.03.2019 Vielzahl an Phishing Mails im Umlauf
Search URL Search Domain Scan URL
Title: Sicherheitsregeln
Search URL Search Domain Scan URL
Title: eBanking Demo
Search URL Search Domain Scan URL
Title: Anmeldung / Erste Schritte
Search URL Search Domain Scan URL
Title: Erstanmeldung der Signaturkarte
Search URL Search Domain Scan URL
Title: Impressum
Search URL Search Domain Scan URL
Title: AGB
Search URL Search Domain Scan URL
Title: Datenschutz
Search URL Search Domain Scan URL
Title: Nutzungsbedingungen
Search URL Search Domain Scan URL
Title: Barrierefrei
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://elderlydriving.demos.bcn.grupoica.com/orange/ Page URL
- https://gohealthy.com.ua//wp-admin/user/cache/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
elderlydriving.demos.bcn.grupoica.com/orange/ |
91 B 357 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
gohealthy.com.ua//wp-admin/user/cache/ |
11 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login2.css
ebanking.bawagpsk.com/InternetBanking/css/ |
9 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tooltip.css
ebanking.bawagpsk.com/InternetBanking/css/ |
3 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bawag_ebanking_logo_de.gif
ebanking.bawagpsk.com/InternetBanking/content_images/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_karte_approved.gif
ebanking.bawagpsk.com/InternetBanking/css_images/login2/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
important_icon.png
ebanking.bawagpsk.com/InternetBanking/css_images/login2/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
info_icon.png
ebanking.bawagpsk.com/InternetBanking/css_images/login2/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
phone_icon.png
ebanking.bawagpsk.com/InternetBanking/css_images/login2/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MAKO19058AB_ebanking_Login.jpg
ebanking.bawagpsk.com/InternetBanking/info/bawag/bild/ |
186 KB 186 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
question_icon.png
ebanking.bawagpsk.com/InternetBanking/css_images/login2/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chevron_icon.png
ebanking.bawagpsk.com/InternetBanking/css_images/login2/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_wai.png
ebanking.bawagpsk.com/InternetBanking/css_images/login2/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_color_yellow.png
ebanking.bawagpsk.com/InternetBanking/css_images/login2/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_color_blue.png
ebanking.bawagpsk.com/InternetBanking/css_images/login2/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_color_red.png
ebanking.bawagpsk.com/InternetBanking/css_images/login2/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BAWAG P.S.K. (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
gohealthy.com.ua/ | Name: PHPSESSID Value: ab36ec4334ebb9c9f026958854688c1a |
|
.gohealthy.com.ua/ | Name: __cfduid Value: d0aa3293d38c4591bb538cc8ab3f2dad61571039490 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ebanking.bawagpsk.com
elderlydriving.demos.bcn.grupoica.com
gohealthy.com.ua
194.107.107.204
2606:4700:30::6812:22a4
62.14.255.157
07d4a6c87dea5b48ca1dc0c6d35cb99674f088884b53954f7310d85cf26c1963
1ff7504c16daf2d34a784b611556b922f7adcc5f5eae1b58c41d81c827742b5c
2154cb7ff608980de400c7c4101f315c4b02066ff61efe86810f769bc235e867
23293f3c3e0c25475403d731ab9764c240256c6956c26adcb5a7995221c4a082
4552da35c2b04619df857822c5249854e21211984aecd0c443b810b5d93028f8
5bd9927be2a90450016a04a566f2e3467ebb967803616bdfd47a173396c60e02
8be108da8be55b55bce887b339271a74421bf049af931564464eeba60b71c757
acbfecd34d006963ec250ff9af21cdc4f939af72785b2481c5cd07ab64d0277e
c7873d90a340e02457db5aec37ee58fddda6e33e4cd346ce6bb61a2fce771034
cf61215ca4a5c69c1225fc2e5e70ab84a498a4c6ba3c7b48c3a16a6f5f34f650
dd0a334ed68480714349b7b248abae9311919b27291fcd7589d8c754cf572bb7
dfe8e4af1a03fc5c9de018dd39a2fc7ea6a0d4505074899f649e2a30b93a6963
e011026f31943494769a0c29bcc2482ef11ffaaf34029da3bf1ebec9427aa767
e3065138183922cf28e8df4c94674c7ca82ecf9832cee6eac6dbed8cc3f572ee
f4d8e679d4b360282d5b9c0e578e2f30fd6939df399bfc0d1c80504e1b67b2be
f4deb3dd818172554ec3a7f0d4883dbe5b0d21cd33982c33c7ae1483b49d7982