urlscan.io logo urlscan.io
SecurityTrails logo

univia.866626589-unicaja.vicentebarrera.es Open in urlscan Pro
20.0.65.40  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/fcFG4A2dp8
Effective URL: http://univia.866626589-unicaja.vicentebarrera.es/login/pages/login.php?id=unicaja
Submission: On July 01 via manual from ES — Scanned from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 3 HTTP transactions. The main IP is 20.0.65.40, located in London, United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is univia.866626589-unicaja.vicentebarrera.es.
This is the only time univia.866626589-unicaja.vicentebarrera.es was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Unicaja Banco (Banking)

Domain & IP information

IP Address AS Autonomous System
1 104.244.42.5 13414 (TWITTER)
1 2607:f1c0:100... 8560 (IONOS-AS ...)
1 2 20.0.65.40 8075 (MICROSOFT...)
3 4
Apex Domain
Subdomains		 Transfer
2 vicentebarrera.es
univia.866626589-unicaja.vicentebarrera.es
740 KB
1 firstcommunitysanantonio.org
firstcommunitysanantonio.org
362 B
1 t.co
t.co — Cisco Umbrella Rank: 455
593 B
3 3
Domain Requested by
2 univia.866626589-unicaja.vicentebarrera.es 1 redirects
1 firstcommunitysanantonio.org t.co
1 t.co
3 3

This site contains links to these domains. Also see Links.

Domain
univia.unicajabanco.es
www.unicajabanco.es
Subject Issuer Validity Valid
t.co
DigiCert TLS RSA SHA256 2020 CA1		 2021-12-13 -
2022-12-12		 a year crt.sh

This page contains 1 frames:

Primary Page: http://univia.866626589-unicaja.vicentebarrera.es/login/pages/login.php?id=unicaja
Frame ID: 2A76218AA66DA8445C072B836F62CBCA
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Banca Digital

Page URL History Show full URLs

  1. https://t.co/fcFG4A2dp8 Page URL
  2. http://firstcommunitysanantonio.org/uni3.php Page URL
  3. http://univia.866626589-unicaja.vicentebarrera.es/login/pages/ HTTP 302
    http://univia.866626589-unicaja.vicentebarrera.es/login/pages/login.php?id=unicaja Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

3
Requests

33 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

850 kB
Transfer

1142 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/fcFG4A2dp8 Page URL
  2. http://firstcommunitysanantonio.org/uni3.php Page URL
  3. http://univia.866626589-unicaja.vicentebarrera.es/login/pages/ HTTP 302
    http://univia.866626589-unicaja.vicentebarrera.es/login/pages/login.php?id=unicaja Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
fcFG4A2dp8
t.co/ 		326 B
593 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/fcFG4A2dp8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
Security Headers
Name Value
Content-Security-Policy referrer always;
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

cache-control
private,max-age=300
content-encoding
gzip
content-length
209
content-security-policy
referrer always;
content-type
text/html; charset=utf-8
date
Fri, 01 Jul 2022 06:49:54 GMT
expires
Fri, 01 Jul 2022 06:54:54 GMT
referrer-policy
unsafe-url
server
tsa_f
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
7479f8b6a0aa66ffe2ea9e04134f3fb0fda4454f1eade2276b0bfa00f7a65df3
x-response-time
108
x-xss-protection
0
uni3.php
firstcommunitysanantonio.org/ 		106 B
362 B 		Document
General
Check archive.org
Download Go to
Full URL
http://firstcommunitysanantonio.org/uni3.php
Requested by
Host: t.co
URL: https://t.co/fcFG4A2dp8
Protocol
HTTP/1.1
Server
2607:f1c0:100f:f000::26e , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache / PHP/7.4.30
Resource Hash
4bbacffe2c69e0d978fc3c4ad216964a650703a6138ba1ae5d34471f24782303

Request headers

Referer
https://t.co/fcFG4A2dp8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 01 Jul 2022 06:49:54 GMT
Keep-Alive
timeout=15
Server
Apache
Transfer-Encoding
chunked
X-Powered-By
PHP/7.4.30
Primary Request login.php
univia.866626589-unicaja.vicentebarrera.es/login/pages/
Redirect Chain
  • http://univia.866626589-unicaja.vicentebarrera.es/login/pages/
  • http://univia.866626589-unicaja.vicentebarrera.es/login/pages/login.php?id=unicaja
739 KB
739 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://univia.866626589-unicaja.vicentebarrera.es/login/pages/login.php?id=unicaja
Protocol
HTTP/1.1
Server
20.0.65.40 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.0 / PHP/5.6.31
Resource Hash
af43a785b196e313bd68a60d8296e289b7a796c3517a2bc84e4c955703fd0539

Request headers

Referer
http://firstcommunitysanantonio.org/uni3.php
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

Content-Length
756918
Content-Type
text/html; charset=UTF-8
Date
Fri, 01 Jul 2022 06:49:55 GMT
Server
Microsoft-IIS/8.0
X-Powered-By
PHP/5.6.31

Redirect headers

Content-Length
143
Content-Type
text/html; charset=UTF-8
Date
Fri, 01 Jul 2022 06:49:55 GMT
Location
login.php?id=unicaja
Server
Microsoft-IIS/8.0
X-Powered-By
PHP/5.6.31
truncated
/ 		293 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
000bd923afd32f1f0bd7fc0b6a1f678abadcc312132cb4c97fa7da3ea51667c7

Request headers

accept-language
es-ES,es;q=0.9
Referer
http://univia.866626589-unicaja.vicentebarrera.es/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
67ec87431686763cfb0bd91cb8579dcc48439390e871a491b486f962e9739698

Request headers

Referer
http://univia.866626589-unicaja.vicentebarrera.es/
Origin
http://univia.866626589-unicaja.vicentebarrera.es
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4850faf26ff351b712c9a457ef24a8bfd74ab4ace46108b4047190c709638c3e

Request headers

Referer
http://univia.866626589-unicaja.vicentebarrera.es/
Origin
http://univia.866626589-unicaja.vicentebarrera.es
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e37b7f948df8b020411395910ad99029037352f2d8db439cdd454013bf7da464

Request headers

Referer
http://univia.866626589-unicaja.vicentebarrera.es/
Origin
http://univia.866626589-unicaja.vicentebarrera.es
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7ba073042bda286924f05982fea46aa04e326f3c769adf6f6620175c4fb41afa

Request headers

Referer
http://univia.866626589-unicaja.vicentebarrera.es/
Origin
http://univia.866626589-unicaja.vicentebarrera.es
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c7176067ccc6baba737795a5d0222200407eb1018a867d46cfcc3b285399ee49

Request headers

Referer
http://univia.866626589-unicaja.vicentebarrera.es/
Origin
http://univia.866626589-unicaja.vicentebarrera.es
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
application/font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Unicaja Banco (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| savepage_ShadowLoader

1 Cookies

Domain/Path Name / Value
.t.co/ Name: muc
Value: f20cb576-23e8-4136-93b3-26976895414e

1 Console Messages

Source Level URL
Text
security error URL: https://t.co/fcFG4A2dp8
Message:
Unrecognized Content-Security-Policy directive 'referrer'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy referrer always;
Strict-Transport-Security max-age=0
X-Xss-Protection 0