www.edatabook.com
Open in
urlscan Pro
103.145.50.153
Malicious Activity!
Public Scan
Effective URL: https://www.edatabook.com/bper/auth/clients/login.php?verification
Submission: On August 01 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on June 13th 2023. Valid for: 3 months.
This is the only time www.edatabook.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BPER Banca (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 103.145.50.153 103.145.50.153 | 141004 (QTIME-AS-...) (QTIME-AS-AP QTIME BUSINESSES PRIVATE LIMITED) | |
2 | 2 |
ASN141004 (QTIME-AS-AP QTIME BUSINESSES PRIVATE LIMITED, IN)
PTR: vps.banksloan.com
www.edatabook.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
edatabook.com
1 redirects
www.edatabook.com |
2 MB |
2 | 1 |
Domain | Requested by | |
---|---|---|
3 | www.edatabook.com |
1 redirects
www.edatabook.com
|
2 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
homebanking.bpergroup.net |
www.bper.it |
Subject Issuer | Validity | Valid | |
---|---|---|---|
edatabook.com R3 |
2023-06-13 - 2023-09-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.edatabook.com/bper/auth/clients/login.php?verification
Frame ID: 74DEF7251587C02FF14CAC562B1191F7
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
LoginPage URL History Show full URLs
- https://www.edatabook.com/bper/ Page URL
-
https://www.edatabook.com/bper/auth/index.php?pwd=UEh0cFFyRkA
HTTP 302
https://www.edatabook.com/bper/auth/clients/login.php?verification Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
11 Outgoing links
These are links going to different origins than the main page.
Title: È il tuo primo accesso?
Search URL Search Domain Scan URL
Title: Scopri di più
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: D.Lgs. 231/01
Search URL Search Domain Scan URL
Title: Trasparenza
Search URL Search Domain Scan URL
Title: Note legali
Search URL Search Domain Scan URL
Title: AML
Search URL Search Domain Scan URL
Title: Cookie policy
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www.edatabook.com/bper/ Page URL
-
https://www.edatabook.com/bper/auth/index.php?pwd=UEh0cFFyRkA
HTTP 302
https://www.edatabook.com/bper/auth/clients/login.php?verification Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
2 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
www.edatabook.com/bper/ |
74 B 323 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
www.edatabook.com/bper/auth/clients/ Redirect Chain
|
4 MB 2 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
12 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
13 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
118 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
88 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
684 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
885 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
693 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
140 KB 140 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
81 KB 81 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
143 KB 143 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
91 KB 91 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
142 KB 142 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
140 KB 140 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 3 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BPER Banca (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| savepage_ShadowLoader1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.edatabook.com/ | Name: PHPSESSID Value: 7mblqusnkpkjji3p8u5sj1fi7t |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.edatabook.com
103.145.50.153
02c4d3b380dbd48f28aa31ae66172cdfbaac8ff940e3ebc9cfef7d853b73ea61
03b99f1b7c7d616204ee60056eee3d6b2d4153365131d606978ccbfc30404082
0f64c1547d33c0d5a6ec2bea1296da06f8d1b876ff4b3bdc6e5151a1ca0c702c
10a396cf83a1f0fa5ae02c199215e1b8e32fdb313f3d5e24c3e61a56f01e3eb5
311167b08911270f63af4fc478295e4da13b546eba9d38a8146a23bd2bcdb313
5a81fd5d88908220d70c5c8af65732d0f63d1de0b5e413f658392b245c6402e7
5cf0b493d5ec70c7eb8b5c8458e95f34ee79697dcde1320810f197a59841f38d
60db760f7d5fd9c6b680ac00f719128ebd9fa9a30168e0d98f92ae7a66e4a5a5
65c5f92b8c9b015ff9f30794e92f74863b2230a489f99d5f2eee31cc3caacc35
6d7257d5d026cee2c8d3a673ed80ba236122bed9bf8504ca5cb846985e99c81a
76e69830b8d2953df45a0acfd2b6290a5f817145f048fce5620d15fc93ef7bb0
92fa835eeba17c1cecced2b77b8442e56c64b849b38c9c45198abcc6f92da365
9d8d90b0d6790c92d58efb1cdb5074ab053686472b2c72bbf6c0b904330dd370
a779ad318a4da0e360b8540a7db4a9353398d5eb877b6b86bd0e5e831ff855b9
bf996a693d8c7b587ecb289bea2789e2141ab78c1ac33e5d1dbb7a7e2d83c69f
c145e601056fb95cf4535f1c2d063aa04d0b85270aedc33de3c5c0cb87fc0caa
c8a05f8286d745f6c593a532f7df92bb742c778b30083f1233e17df9478c9170
cff4895f0f3bb9572b58947952cc8ea899933769b4cefe951caf630315ab39bd
f2e5d114edc565e7c290a9941bf9989c6113936537c397137400314e4098c745