ummamiexpress.com
Open in
urlscan Pro
162.241.42.211
Malicious Activity!
Public Scan
Submission Tags: @jcybersec_
Submission: On June 29 via api from GB
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 31st 2020. Valid for: 3 months.
This is the only time ummamiexpress.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Unicredit (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 162.241.42.211 162.241.42.211 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
3 | 195.68.201.32 195.68.201.32 | 29080 (BULBANK-AS) (BULBANK-AS) | |
2 | 104.111.249.240 104.111.249.240 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
10 | 4 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: vpsco.winketing.com
ummamiexpress.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-249-240.deploy.static.akamaitechnologies.com
seal.websecurity.norton.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
bulbankonline.bg
bulbankonline.bg |
585 KB |
2 |
norton.com
seal.websecurity.norton.com |
458 B |
1 |
ummamiexpress.com
ummamiexpress.com |
5 KB |
10 | 3 |
Domain | Requested by | |
---|---|---|
3 | bulbankonline.bg |
ummamiexpress.com
|
2 | seal.websecurity.norton.com |
ummamiexpress.com
|
1 | ummamiexpress.com | |
10 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
online.bulbank.bg |
www.unicreditbulbank.bg |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ummamiexpress.com cPanel, Inc. Certification Authority |
2020-05-31 - 2020-08-29 |
3 months | crt.sh |
bulbankonline.bg DigiCert SHA2 Extended Validation Server CA |
2019-08-26 - 2021-08-25 |
2 years | crt.sh |
seal.websecurity.norton.com DigiCert SHA2 Extended Validation Server CA |
2020-03-23 - 2022-04-03 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/login.html?link=https://bulbankonline.bg/en-US/none/Login/Index?s=390
Frame ID: 67C743B1070CBF8FC64751B104E1B11A
Requests: 10 HTTP requests in this frame
10 Outgoing links
These are links going to different origins than the main page.
Title: Recommendations for safe use of alternative channels of banking
Search URL Search Domain Scan URL
Title: Cookies policy
Search URL Search Domain Scan URL
Title: Bulbank Online General Conditions
Search URL Search Domain Scan URL
Title: Account types and possibilities for subscription and operations in Bulbank Online
Search URL Search Domain Scan URL
Title: Bulbank Online Application Form - corporate customers
Search URL Search Domain Scan URL
Title: Request for new username and password
Search URL Search Domain Scan URL
Title: Request for QES deregistration or certificate cancelation
Search URL Search Domain Scan URL
Title: Confidentiality
Search URL Search Domain Scan URL
Title: Rights of use
Search URL Search Domain Scan URL
Title: FAQ
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.html
ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/ |
24 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.min.css
bulbankonline.bg//Content/css/ |
421 KB 77 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
getseal
seal.websecurity.norton.com/ |
13 B 217 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
getseal
seal.websecurity.norton.com/ |
43 B 241 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
unicredit-bulbank-logo.svg
bulbankonline.bg/Content/img/ |
6 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg-login.jpg
bulbankonline.bg/Content/img/ |
501 KB 502 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Material-Design-Iconic-Font.woff2
bulbankonline.bg//Content/icons/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
UniCredit%20CY-Regular.ttf
bulbankonline.bg/Content/fonts/UniCreditCY/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Material-Design-Iconic-Font.woff
bulbankonline.bg//Content/icons/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Material-Design-Iconic-Font.ttf
bulbankonline.bg//Content/icons/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- bulbankonline.bg
- URL
- https://bulbankonline.bg//Content/icons/Material-Design-Iconic-Font.woff2?v=2.2.0
- Domain
- bulbankonline.bg
- URL
- https://bulbankonline.bg/Content/fonts/UniCreditCY/UniCredit%20CY-Regular.ttf
- Domain
- bulbankonline.bg
- URL
- https://bulbankonline.bg//Content/icons/Material-Design-Iconic-Font.woff?v=2.2.0
- Domain
- bulbankonline.bg
- URL
- https://bulbankonline.bg//Content/icons/Material-Design-Iconic-Font.ttf?v=2.2.0
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Unicredit (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bulbankonline.bg
seal.websecurity.norton.com
ummamiexpress.com
bulbankonline.bg
104.111.249.240
162.241.42.211
195.68.201.32
2341d64aadfd89d9d21788c4e5c309e83209bd6406b167f7181050d77add46cd
4eb09a51a556a15dcdd4423c223c4a8d0d6430cf9336fca4984a3654328c974f
51441f51f8fb9a7a820cbd086c4b8ec1fedfca249e1f04c1661bc499d4ad2296
5ea0d9dbd04e1e9d895c49545da879f5520a1c9b41ceaa9cd991482ffe2f1c76
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
bb807cd3b9903a753407ec9d82c403490bad87e9b707458b7d0e7f165277cd2c