notsmg.ru.com Open in urlscan Pro
69.49.231.74 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://notsmg.ru.com/index.html
Submission Tags: https://phish.report @phish_report Search All
Submission: On May 16 via api (May 16th 2023, 9:46:36 am UTC) from FI — Scanned from FI

Summary HTTP 15 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 5 IPs in 4 countries across 4 domains to perform 15 HTTP transactions. The main IP is 69.49.231.74, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is notsmg.ru.com.
TLS certificate: Issued by R3 on May 12th 2023. Valid for: 3 months.

This is the only time notsmg.ru.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Unicredit (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2	69.49.231.74 69.49.231.74	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
7	195.68.201.32 195.68.201.32	29080 (BULBANK-AS) (BULBANK-AS)
2	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	40.69.201.11 40.69.201.11	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	23.35.236.5 23.35.236.5	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a02:26f0:e60... 2a02:26f0:e600:58b::1015	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
15	5

2 69.49.231.74 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 69-49-231-74.webhostbox.net

notsmg.ru.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 195.68.201.32 (Bulgaria)

ASN29080 (BULBANK-AS, BG)

bulbankonline.bg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 40.69.201.11 (Dublin, Ireland) 2 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

seal.websecurity.norton.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.35.236.5 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-5.deploy.static.akamaitechnologies.com

www.norton.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:e600:58b::1015 (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)

fi.norton.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	bulbankonline.bg bulbankonline.bg	1 MB
6	norton.com 4 redirects seal.websecurity.norton.com — Cisco Umbrella Rank: 88547 www.norton.com — Cisco Umbrella Rank: 60649 fi.norton.com	1 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 231	82 KB
2	ru.com notsmg.ru.com	16 KB
15	4

	Domain	Requested by
7	bulbankonline.bg	notsmg.ru.com bulbankonline.bg
2	fi.norton.com	notsmg.ru.com
2	www.norton.com	2 redirects
2	seal.websecurity.norton.com	2 redirects
2	cdnjs.cloudflare.com	notsmg.ru.com cdnjs.cloudflare.com
2	notsmg.ru.com	bulbankonline.bg
15	6

This site contains links to these domains. Also see Links.

Domain
online.bulbank.bg
www.unicreditbulbank.bg

Subject Issuer	Validity	Valid
notsmg.ru.com R3	`2023-05-12` - `2023-08-10`	3 months	crt.sh
bulbankonline.bg DigiCert SHA2 Extended Validation Server CA	`2022-08-19` - `2023-08-24`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://notsmg.ru.com/index.html
Frame ID: 614C85F0842DBA856285E160658CF8C3
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

UniCredit Bulbank

Detected technologies

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

require.*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

15
Requests

73 %
HTTPS

33 %
IPv6

4
Domains

6
Subdomains

5
IPs

4
Countries

1602 kB
Transfer

2012 kB
Size

0
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://online.bulbank.bg/docs/BBO_security_recommendation_BG.pdf
Title: Препоръки за сигурност при работа с алтернативни канали на Банката

Search URL Search Domain Scan URL

URL: https://www.unicreditbulbank.bg/bg/pravna-informatsiya/biskvitki/
Title: Политика за прилагане на бисквитки

Search URL Search Domain Scan URL

URL: https://www.unicreditbulbank.bg/bg/tarifi-i-obshti-usloviya/tarifi-usloviya-fizicheski-litsa/#elektronni-uslugi
Title: Общи условия за Булбанк Онлайн

Search URL Search Domain Scan URL

URL: https://online.bulbank.bg/docs/Account_types_and_possibilities_for_subscription_and_operations_BG.pdf
Title: Видове сметки и възможности за работа с тях в услугата „Булбанк Онлайн”

Search URL Search Domain Scan URL

URL: https://online.bulbank.bg/docs/Online_Corporate_Request_BG.pdf
Title: Искане за ползване на Булбанк Онлайн - корпоративни клиенти

Search URL Search Domain Scan URL

URL: https://online.bulbank.bg/docs/request-new%20username%20and%20password_BG.pdf
Title: Искане за преиздаване на потребителско име и парола

Search URL Search Domain Scan URL

URL: https://online.bulbank.bg/docs/request-deregistration%20QES%20or%20cancelation%20certificate_BG.pdf
Title: Искане за анулиране на цифров сертификат или отрегистриране на КЕП

Search URL Search Domain Scan URL

URL: https://www.unicreditbulbank.bg/bg/pravna-informatsiya/poveritelnost/
Title: Поверителност

Search URL Search Domain Scan URL

URL: https://www.unicreditbulbank.bg/bg/pravna-informatsiya/usloviya-za-polzvane/
Title: Права на ползване

Search URL Search Domain Scan URL

URL: https://online.bulbank.bg/docs/FAQ_BG.pdf
Title: Често задавани въпроси

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://seal.websecurity.norton.com/getseal?host_name=bulbankonline.bg&size=M&use_flash=YES&use_%0Atransparent=YES&lang=en HTTP 301
https://www.norton.com/?host_name=bulbankonline.bg&size=M&use_flash=YES&use_%0Atransparent=YES&lang=en HTTP 301
https://fi.norton.com/?host_name=bulbankonline.bg&size=M&use_flash=YES&use_%0Atransparent=YES&lang=en

Request Chain 6

https://seal.websecurity.norton.com/getseal?at=0&sealid=1&dn=bulbankonline.bg&lang=en&tpt=transparent HTTP 301
https://www.norton.com/?at=0&sealid=1&dn=bulbankonline.bg&lang=en&tpt=transparent HTTP 301
https://fi.norton.com/?at=0&sealid=1&dn=bulbankonline.bg&lang=en&tpt=transparent

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request index.html Show response
notsmg.ru.com/ 16 KB
16 KB 555ms
182ms Document
text/html 69.49.231.74
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://notsmg.ru.com/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.49.231.74 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 69-49-231-74.webhostbox.net
Software: Apache /
Resource Hash: ae37e0a4ddeb4654185c14e99f131cd7dc3c7da50f8667e1120a41eb2d768ea7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 16416
Content-Type: text/html
Date: Tue, 16 May 2023 09:46:28 GMT
Keep-Alive: timeout=5, max=100
Last-Modified: Fri, 12 May 2023 11:58:51 GMT
Server: Apache

GET
H/1.1 200
OK style.min.css
bulbankonline.bg/Content/css/ 477 KB
86 KB 494ms
140ms Stylesheet
text/css 195.68.201.32
BULBANK-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://bulbankonline.bg/Content/css/style.min.css

Requested by

Host: notsmg.ru.com
URL: https://notsmg.ru.com/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

195.68.201.32 , Bulgaria, ASN29080 (BULBANK-AS, BG),

Reverse DNS

Software

Resource Hash

db40a2210136553a9e96cde3287b8ec66665393d7f82163b043cffa69b92ddba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security	max-age= 31999999; includeSubDomains
X-Frame-Options	sameorigin

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://notsmg.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security: max-age= 31999999; includeSubDomains
Content-Encoding: gzip
Date: Tue, 16 May 2023 09:46:28 GMT
Last-Modified: Wed, 19 Apr 2023 07:41:19 GMT
ETag: "4374e4549272d91:0"
ntCoent-Length: 488298
X-Frame-Options: sameorigin
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=28800, must-revalidate
Accept-Ranges: bytes

GET
H/1.1 200
OK require.js Show response
bulbankonline.bg/Scripts/libs/ 17 KB
18 KB 503ms
143ms Script
application/javascript 195.68.201.32
BULBANK-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://bulbankonline.bg/Scripts/libs/require.js

Requested by

Host: notsmg.ru.com
URL: https://notsmg.ru.com/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

195.68.201.32 , Bulgaria, ASN29080 (BULBANK-AS, BG),

Reverse DNS

Software

Resource Hash

4948c3fe4b57cd92118ec7b89deb99ff0eb2586a02c5f454df21c1ecfc144c81

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security	max-age= 31999999; includeSubDomains
X-Frame-Options	sameorigin

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://notsmg.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security: max-age= 31999999; includeSubDomains
Date: Tue, 16 May 2023 09:46:28 GMT
Last-Modified: Wed, 19 Apr 2023 07:29:25 GMT
ETag: "bd82cdaa9072d91:0"
X-Frame-Options: sameorigin
Content-Type: application/javascript
Cache-Control: max-age=28800, must-revalidate
Accept-Ranges: bytes
Content-Length: 17695

GET
H/1.1 200
OK promise.js Show response
bulbankonline.bg/Scripts/libs/ 6 KB
7 KB 493ms
131ms Script
application/javascript 195.68.201.32
BULBANK-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://bulbankonline.bg/Scripts/libs/promise.js

Requested by

Host: notsmg.ru.com
URL: https://notsmg.ru.com/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

195.68.201.32 , Bulgaria, ASN29080 (BULBANK-AS, BG),

Reverse DNS

Software

Resource Hash

9fbbf200dbf021f29455b9d6d7f30684651c947c2a4efb2d25c899ba8aa0305b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security	max-age= 31999999; includeSubDomains
X-Frame-Options	sameorigin

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://notsmg.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security: max-age= 31999999; includeSubDomains
Date: Tue, 16 May 2023 09:46:28 GMT
Last-Modified: Wed, 19 Apr 2023 07:29:25 GMT
ETag: "17e5cfaa9072d91:0"
X-Frame-Options: sameorigin
Content-Type: application/javascript
Cache-Control: max-age=28800, must-revalidate
Accept-Ranges: bytes
Content-Length: 6235

GET
H/1.1 200
OK commonSRI.js Show response
bulbankonline.bg/Scripts/ 143 KB
144 KB 502ms
140ms Script
application/javascript 195.68.201.32
BULBANK-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://bulbankonline.bg/Scripts/commonSRI.js

Requested by

Host: notsmg.ru.com
URL: https://notsmg.ru.com/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

195.68.201.32 , Bulgaria, ASN29080 (BULBANK-AS, BG),

Reverse DNS

Software

Resource Hash

f0e244f0836e23b516e7f411d8a1452b77279d450903ef1777a2082e963a5545

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security	max-age= 31999999; includeSubDomains
X-Frame-Options	sameorigin

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://notsmg.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security: max-age= 31999999; includeSubDomains
Date: Tue, 16 May 2023 09:46:28 GMT
Last-Modified: Wed, 19 Apr 2023 08:16:03 GMT
ETag: "7461be2e9772d91:0"
X-Frame-Options: sameorigin
Content-Type: application/javascript
Cache-Control: max-age=28800, must-revalidate
Accept-Ranges: bytes
Content-Length: 146481

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 209ms
72ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: notsmg.ru.com
URL: https://notsmg.ru.com/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://notsmg.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 09:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 386670
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5631
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VYH0ZWuiClokTO43BNBKRzqBnwd%2BC3pKmK%2F0Fg1lj9HIyqOXXu3WapcDxLJEFB7HRhiX5CSgMmZHxDmxxtAcBmib8XFvDJ9f1GFHAkKB3DNXDv%2B2mVLsKojaqag2Q%2FcQo4nx%2FLfnrAO17Z8iSIHVppLE"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7c82b19d28d6b523-OSL
expires: Sun, 05 May 2024 09:46:29 GMT

GET
H2

200

/ Show response
fi.norton.com/
Redirect Chain

https://seal.websecurity.norton.com/getseal?host_name=bulbankonline.bg&size=M&use_flash=YES&use_%0Atransparent=YES&lang=en
https://www.norton.com/?host_name=bulbankonline.bg&size=M&use_flash=YES&use_%0Atransparent=YES&lang=en
https://fi.norton.com/?host_name=bulbankonline.bg&size=M&use_flash=YES&use_%0Atransparent=YES&lang=en

0
0

361ms
103ms

Script
text/html

2a02:26f0:e600:58b::1015
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://fi.norton.com/?host_name=bulbankonline.bg&size=M&use_flash=YES&use_%0Atransparent=YES&lang=en
Requested by: Host: notsmg.ru.com
URL: https://notsmg.ru.com/index.html
Protocol: H2
Server: 2a02:26f0:e600:58b::1015 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://notsmg.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Tue, 16 May 2023 09:46:30 GMT
Server: AkamaiGHost
Location: https://fi.norton.com/?host_name=bulbankonline.bg&size=M&use_flash=YES&use_%0Atransparent=YES&lang=en
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Expires: Tue, 16 May 2023 09:46:30 GMT

GET
H2

200

/
fi.norton.com/
Redirect Chain

https://seal.websecurity.norton.com/getseal?at=0&sealid=1&dn=bulbankonline.bg&lang=en&tpt=transparent
https://www.norton.com/?at=0&sealid=1&dn=bulbankonline.bg&lang=en&tpt=transparent
https://fi.norton.com/?at=0&sealid=1&dn=bulbankonline.bg&lang=en&tpt=transparent

0
0

312ms
174ms

Image
text/html

2a02:26f0:e600:58b::1015
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fi.norton.com/?at=0&sealid=1&dn=bulbankonline.bg&lang=en&tpt=transparent
Requested by: Host: notsmg.ru.com
URL: https://notsmg.ru.com/index.html
Protocol: H2
Server: 2a02:26f0:e600:58b::1015 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://notsmg.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Tue, 16 May 2023 09:46:30 GMT
Server: AkamaiGHost
Location: https://fi.norton.com/?at=0&sealid=1&dn=bulbankonline.bg&lang=en&tpt=transparent
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Expires: Tue, 16 May 2023 09:46:30 GMT

GET
H/1.1 200
OK unicredit-bulbank-logo.svg
bulbankonline.bg/Content/img/ 6 KB
7 KB 121ms
120ms Image
image/svg+xml 195.68.201.32
BULBANK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bulbankonline.bg/Content/img/unicredit-bulbank-logo.svg

Requested by

Host: bulbankonline.bg
URL: https://bulbankonline.bg/Content/css/style.min.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

195.68.201.32 , Bulgaria, ASN29080 (BULBANK-AS, BG),

Reverse DNS

Software

Resource Hash

51441f51f8fb9a7a820cbd086c4b8ec1fedfca249e1f04c1661bc499d4ad2296

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security	max-age= 31999999; includeSubDomains
X-Frame-Options	sameorigin

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://bulbankonline.bg/Content/css/style.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security: max-age= 31999999; includeSubDomains
Date: Tue, 16 May 2023 09:46:29 GMT
Last-Modified: Wed, 19 Apr 2023 07:29:19 GMT
ETag: "41d351a79072d91:0"
X-Frame-Options: sameorigin
Content-Type: image/svg+xml
Cache-Control: max-age=86400, must-revalidate
Accept-Ranges: bytes
Content-Length: 6337

GET
H/1.1 200
OK bg-login.jpg
bulbankonline.bg/Content/img/ 1 MB
1 MB 128ms
128ms Image
image/jpeg 195.68.201.32
BULBANK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bulbankonline.bg/Content/img/bg-login.jpg

Requested by

Host: bulbankonline.bg
URL: https://bulbankonline.bg/Content/css/style.min.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

195.68.201.32 , Bulgaria, ASN29080 (BULBANK-AS, BG),

Reverse DNS

Software

Resource Hash

aec256e80e7a50322ff297926ddfa03b2b4a886782af15809392125061e7a33a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security	max-age= 31999999; includeSubDomains
X-Frame-Options	sameorigin

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://bulbankonline.bg/Content/css/style.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security: max-age= 31999999; includeSubDomains
Date: Tue, 16 May 2023 09:46:29 GMT
Last-Modified: Tue, 04 Apr 2023 14:27:04 GMT
ETag: "422e2087167d91:0"
X-Frame-Options: sameorigin
Content-Type: image/jpeg
Cache-Control: max-age=86400, must-revalidate
Accept-Ranges: bytes
Content-Length: 1270659

GET
H3 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 75 KB
76 KB 149ms
78ms Font
application/octet-stream 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Origin: https://notsmg.ru.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 09:46:30 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 544086
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-12d68"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KtMbub%2BOwId6miWXHs%2FM4X2%2BjxZUZsmwBet3sghP%2FqxnVcURBoEYYR1KYjpPQyY%2BGTmj6VTdzbdWCUDILTg%2B2EYXmmqr8nZeo5ZE89%2FQq72kaU%2BKs5H44dqqxnyyE2gkn2dkD3X%2Fo%2FKhYBt1%2FR4DuDu8"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7c82b1a278cefab4-OSL
expires: Sun, 05 May 2024 09:46:30 GMT

GET PT_Sans-Web-Regular.ttf
bulbankonline.bg/Content/fonts/PTSans/ 0
0

GET UniCredit%20CY-Regular.ttf
bulbankonline.bg/Content/fonts/UniCreditCY/ 0
0

GET
H/1.1 404
Not Found app.js
notsmg.ru.com/Scripts/ 0
0 182ms
182ms Script
text/html 69.49.231.74
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://notsmg.ru.com/Scripts/app.js
Requested by: Host: bulbankonline.bg
URL: https://bulbankonline.bg/Scripts/libs/require.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.49.231.74 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 69-49-231-74.webhostbox.net
Software: Apache /
Resource Hash

Request headers

Referer: https://notsmg.ru.com/index.html
Origin: https://notsmg.ru.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Tue, 16 May 2023 09:46:29 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK common.js Show response
bulbankonline.bg/Scripts/ 0
627 B 121ms
121ms Script
application/javascript 195.68.201.32
BULBANK-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://bulbankonline.bg/Scripts/common.js

Requested by

Host: bulbankonline.bg
URL: https://bulbankonline.bg/Scripts/libs/require.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

195.68.201.32 , Bulgaria, ASN29080 (BULBANK-AS, BG),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security	max-age= 31999999; includeSubDomains
X-Frame-Options	sameorigin

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://notsmg.ru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security: max-age= 31999999; includeSubDomains
Date: Tue, 16 May 2023 09:46:29 GMT
Last-Modified: Wed, 19 Apr 2023 08:16:03 GMT
ETag: "7461be2e9772d91:0"
X-Frame-Options: sameorigin
Content-Type: application/javascript
Cache-Control: max-age=28800, must-revalidate
Accept-Ranges: bytes
Content-Length: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: bulbankonline.bg
URL: https://bulbankonline.bg/Content/fonts/PTSans/PT_Sans-Web-Regular.ttf

Domain: bulbankonline.bg
URL: https://bulbankonline.bg/Content/fonts/UniCreditCY/UniCredit%20CY-Regular.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Unicredit (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| requirejs function| require function| define

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://notsmg.ru.com/Scripts/app.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: https://notsmg.ru.com/index.html Message: Access to font at 'https://bulbankonline.bg/Content/fonts/PTSans/PT_Sans-Web-Regular.ttf' from origin 'https://notsmg.ru.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bulbankonline.bg/Content/fonts/PTSans/PT_Sans-Web-Regular.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://notsmg.ru.com/index.html Message: Access to font at 'https://bulbankonline.bg/Content/fonts/UniCreditCY/UniCredit%20CY-Regular.ttf' from origin 'https://notsmg.ru.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bulbankonline.bg/Content/fonts/UniCreditCY/UniCredit%20CY-Regular.ttf Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bulbankonline.bg
cdnjs.cloudflare.com
fi.norton.com
notsmg.ru.com
seal.websecurity.norton.com
www.norton.com
bulbankonline.bg
195.68.201.32
23.35.236.5
2606:4700::6811:190e
2a02:26f0:e600:58b::1015
40.69.201.11
69.49.231.74
4948c3fe4b57cd92118ec7b89deb99ff0eb2586a02c5f454df21c1ecfc144c81
51441f51f8fb9a7a820cbd086c4b8ec1fedfca249e1f04c1661bc499d4ad2296
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
9fbbf200dbf021f29455b9d6d7f30684651c947c2a4efb2d25c899ba8aa0305b
ae37e0a4ddeb4654185c14e99f131cd7dc3c7da50f8667e1120a41eb2d768ea7
aec256e80e7a50322ff297926ddfa03b2b4a886782af15809392125061e7a33a
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
db40a2210136553a9e96cde3287b8ec66665393d7f82163b043cffa69b92ddba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0e244f0836e23b516e7f411d8a1452b77279d450903ef1777a2082e963a5545

notsmg.ru.com Open in urlscan Pro 69.49.231.74 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

15 Requests

73 %HTTPS

33 %IPv6

4 Domains

6 Subdomains

5 IPs

4 Countries

1602 kBTransfer

2012 kBSize

0 Cookies

10 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

5 Console Messages

Indicators

notsmg.ru.com Open in urlscan Pro
69.49.231.74 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

73 %
HTTPS

33 %
IPv6

4
Domains

6
Subdomains

5
IPs

4
Countries

1602 kB
Transfer

2012 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!