lcs-cards-nl.unipronetwork.com.br
Open in
urlscan Pro
185.254.198.218
Malicious Activity!
Public Scan
Submitted URL: https://t.co/Gvwn5AflPZ
Effective URL: https://lcs-cards-nl.unipronetwork.com.br/nu/a1b2c3/eac91a3675bcc4d667c3e421b96047ce/login/
Submission: On September 22 via manual from NL — Scanned from NL
Effective URL: https://lcs-cards-nl.unipronetwork.com.br/nu/a1b2c3/eac91a3675bcc4d667c3e421b96047ce/login/
Submission: On September 22 via manual from NL — Scanned from NL
Summary
This website contacted 5 IPs
in 3 countries
across 5 domains to perform 18 HTTP transactions.
The main IP is 185.254.198.218, located in
New York, United States and
belongs to YURTEH-AS, UA.
The main domain is lcs-cards-nl.unipronetwork.com.br.
TLS certificate: Issued by R3 on September 21st 2022. Valid for: 3 months.
This is the only time lcs-cards-nl.unipronetwork.com.br was scanned on urlscan.io!
TLS certificate: Issued by R3 on September 21st 2022. Valid for: 3 months.
This is the only time lcs-cards-nl.unipronetwork.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: International Card Services (Financial)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 104.244.42.69 104.244.42.69 | 13414 (TWITTER) (TWITTER) | |
| 1 1 | 45.126.58.78 45.126.58.78 | 132647 (IDNIC-PAN...) (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia) | |
| 1 | 46.4.247.90 46.4.247.90 | 24940 (HETZNER-AS) (HETZNER-AS) | |
| 1 | 88.99.53.105 88.99.53.105 | 24940 (HETZNER-AS) (HETZNER-AS) | |
| 3 15 | 185.254.198.218 185.254.198.218 | 30860 (YURTEH-AS) (YURTEH-AS) | |
| 18 | 5 |
1
45.126.58.78
(Indonesia)
ASN132647 (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia, ID)
ASN132647 (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia, ID)
| s.id |
1
46.4.247.90
(Germany)
ASN24940 (HETZNER-AS, DE)
PTR: static.90.247.4.46.clients.your-server.de
ASN24940 (HETZNER-AS, DE)
PTR: static.90.247.4.46.clients.your-server.de
| ahangrooz.ir |
1
88.99.53.105
(Nuremberg, Germany)
ASN24940 (HETZNER-AS, DE)
PTR: sln.crystalregistry.com
ASN24940 (HETZNER-AS, DE)
PTR: sln.crystalregistry.com
| preminfotech.in |
15
185.254.198.218
(New York, United States)
ASN30860 (YURTEH-AS, UA)
PTR: mice.opoitor.org.uk
ASN30860 (YURTEH-AS, UA)
PTR: mice.opoitor.org.uk
| lcs-cards-nl.unipronetwork.com.br |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 15 |
unipronetwork.com.br
3 redirects
lcs-cards-nl.unipronetwork.com.br |
118 KB |
| 1 |
preminfotech.in
preminfotech.in |
218 B |
| 1 |
ahangrooz.ir
ahangrooz.ir |
354 B |
| 1 |
s.id
1 redirects
s.id — Cisco Umbrella Rank: 187681 |
167 B |
| 1 |
t.co
t.co — Cisco Umbrella Rank: 489 |
500 B |
| 18 | 5 |
| Domain | Requested by | |
|---|---|---|
| 15 | lcs-cards-nl.unipronetwork.com.br |
3 redirects
lcs-cards-nl.unipronetwork.com.br
|
| 1 | preminfotech.in | |
| 1 | ahangrooz.ir |
t.co
|
| 1 | s.id | 1 redirects |
| 1 | t.co | |
| 18 | 5 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-03-07 - 2023-03-06 |
a year | crt.sh |
| *.ahangrooz.ir R3 |
2022-09-06 - 2022-12-05 |
3 months | crt.sh |
| preminfotech.in cPanel, Inc. Certification Authority |
2022-09-12 - 2022-12-11 |
3 months | crt.sh |
| lcs-cards-nl.unipronetwork.com.br R3 |
2022-09-21 - 2022-12-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://lcs-cards-nl.unipronetwork.com.br/nu/a1b2c3/eac91a3675bcc4d667c3e421b96047ce/login/
Frame ID: 17019FAEE762D22D11063D838A8F81F8
Requests: 18 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://t.co/Gvwn5AflPZ Page URL
-
https://s.id/1itAN
HTTP 301
https://ahangrooz.ir/cron/temp/web/its.php Page URL
- https://preminfotech.in/webfonts/its.php Page URL
-
https://lcs-cards-nl.unipronetwork.com.br/nu
HTTP 301
https://lcs-cards-nl.unipronetwork.com.br/nu/ Page URL
-
https://lcs-cards-nl.unipronetwork.com.br/nu/a1b2c3/eac91a3675bcc4d667c3e421b96047ce
HTTP 301
https://lcs-cards-nl.unipronetwork.com.br/nu/a1b2c3/eac91a3675bcc4d667c3e421b96047ce/ HTTP 302
https://lcs-cards-nl.unipronetwork.com.br/nu/a1b2c3/eac91a3675bcc4d667c3e421b96047ce/login/ Page URL
Detected technologies
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://t.co/Gvwn5AflPZ Page URL
-
https://s.id/1itAN
HTTP 301
https://ahangrooz.ir/cron/temp/web/its.php Page URL
- https://preminfotech.in/webfonts/its.php Page URL
-
https://lcs-cards-nl.unipronetwork.com.br/nu
HTTP 301
https://lcs-cards-nl.unipronetwork.com.br/nu/ Page URL
-
https://lcs-cards-nl.unipronetwork.com.br/nu/a1b2c3/eac91a3675bcc4d667c3e421b96047ce
HTTP 301
https://lcs-cards-nl.unipronetwork.com.br/nu/a1b2c3/eac91a3675bcc4d667c3e421b96047ce/ HTTP 302
https://lcs-cards-nl.unipronetwork.com.br/nu/a1b2c3/eac91a3675bcc4d667c3e421b96047ce/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://s.id/1itAN HTTP 301
- https://ahangrooz.ir/cron/temp/web/its.php
- https://lcs-cards-nl.unipronetwork.com.br/nu HTTP 301
- https://lcs-cards-nl.unipronetwork.com.br/nu/
18 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Gvwn5AflPZ
t.co/ |
209 B 500 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
its.php
ahangrooz.ir/cron/temp/web/ Redirect Chain
|
141 B 354 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
its.php
preminfotech.in/webfonts/ |
145 B 218 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
lcs-cards-nl.unipronetwork.com.br/nu/ Redirect Chain
|
729 B 726 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
/
lcs-cards-nl.unipronetwork.com.br/nu/a1b2c3/eac91a3675bcc4d667c3e421b96047ce/login/ Redirect Chain
|
36 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.min.js
lcs-cards-nl.unipronetwork.com.br/nu/bower_components/jquery/dist/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ua-parser.min.js
lcs-cards-nl.unipronetwork.com.br/nu/bower_components/ua-parser-js/dist/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
font-awesome.min.css
lcs-cards-nl.unipronetwork.com.br/nu/bower_components/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
core_form.js
lcs-cards-nl.unipronetwork.com.br/nu/core/form/ |
37 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
core_token.js
lcs-cards-nl.unipronetwork.com.br/nu/core/token/ |
11 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
core_form.css
lcs-cards-nl.unipronetwork.com.br/nu/core/form/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
css.css
lcs-cards-nl.unipronetwork.com.br/nu/login/form/ |
240 B 479 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main-ics.css
lcs-cards-nl.unipronetwork.com.br/nu/login/ |
235 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
styles.css
lcs-cards-nl.unipronetwork.com.br/nu/login/ |
323 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
index.css
lcs-cards-nl.unipronetwork.com.br/nu/login/ |
25 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
extra-veilig-inloggen.png
lcs-cards-nl.unipronetwork.com.br/nu/login/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
form.js
lcs-cards-nl.unipronetwork.com.br/nu/login/form/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
token.js
lcs-cards-nl.unipronetwork.com.br/nu/login/token/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- lcs-cards-nl.unipronetwork.com.br
- URL
- https://lcs-cards-nl.unipronetwork.com.br/nu/login/extra-veilig-inloggen.png
- Domain
- lcs-cards-nl.unipronetwork.com.br
- URL
- https://lcs-cards-nl.unipronetwork.com.br/nu/login/form/form.js?v=632bf129caf52
- Domain
- lcs-cards-nl.unipronetwork.com.br
- URL
- https://lcs-cards-nl.unipronetwork.com.br/nu/login/token/token.js?v=632bf129cafca
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: International Card Services (Financial)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| lcs-cards-nl.unipronetwork.com.br/nu | Name: real Value: OK |
|
| .t.co/ | Name: muc Value: ebc7014c-8e10-4023-9f78-26eec0a50eec |
|
| lcs-cards-nl.unipronetwork.com.br/ | Name: bid Value: eac91a3675bcc4d667c3e421b96047ce |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=0 |
| X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ahangrooz.ir
lcs-cards-nl.unipronetwork.com.br
preminfotech.in
s.id
t.co
lcs-cards-nl.unipronetwork.com.br
104.244.42.69
185.254.198.218
45.126.58.78
46.4.247.90
88.99.53.105
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
4b51fcd3fdccbee0393d0d570ddabb37c78721a1b56c0c77e5370fbb43e5044a
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7d6b83b85d4c035952d581a985ea8a299424a80d0ef8f2278b29d7aaf03dfe36
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8dedb9495bccb70bb502c07d42965e19da6d750ef8e08f09cd1ff23cd55ee682
9a89f93741be2c8120232fd0df597c2f986526ee85f88aa2c9eeb9995bfa5a1a
b57f252ec669c4cc3199fe1ad9302173cd9614019a1d800593085b2a25a60bf6
bc09c0ebd0c1893c33b04746dc54848a7b6aceedaa4d9af891b0cd5fb7c73893
c0648b1e1fe36873fab0f8213099611c076d454dec1d5ca310217bda341e7c28
d152c2f8e00c22d7ca80d7a77bb6944c6af4240dc2fd62a51dfb47fa228ddc78
f1b51bae28db4d3bee5513409c8f944b43c41a2a894f12ed52ef86373bae6c0b