urlscan.io logo urlscan.io
SecurityTrails logo

slovakiapromouni.in.net Open in urlscan Pro
23.236.186.134  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://slovakiapromouni.in.net/UniCredit/login.php
Submission Tags: @phish_report
Submission: On October 23 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 23.236.186.134, located in Buffalo, United States and belongs to SERVER-MANIA, CA. The main domain is slovakiapromouni.in.net.
TLS certificate: Issued by R10 on October 23rd 2024. Valid for: 3 months.
This is the only time slovakiapromouni.in.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Unicredit (Banking)

Domain & IP information

IP Address AS Autonomous System
4 23.236.186.134 55286 (SERVER-MANIA)
2 172.67.184.158 13335 (CLOUDFLAR...)
1 95.100.135.233 20940 (AKAMAI-ASN1)
7 3
Apex Domain
Subdomains		 Transfer
4 in.net
slovakiapromouni.in.net
371 KB
2 cdnfonts.com
fonts.cdnfonts.com — Cisco Umbrella Rank: 8059
199 KB
1 unicreditbanking.eu
hu.unicreditbanking.eu
857 B
7 3
Domain Requested by
4 slovakiapromouni.in.net slovakiapromouni.in.net
2 fonts.cdnfonts.com slovakiapromouni.in.net
fonts.cdnfonts.com
1 hu.unicreditbanking.eu
7 3

This site contains no links.

Subject Issuer Validity Valid
slovakiapromouni.in.net
R10		 2024-10-23 -
2025-01-21		 3 months crt.sh
cdnfonts.com
WE1		 2024-09-20 -
2024-12-19		 3 months crt.sh
unicreditbanking.eu
Actalis Organization Validated Server CA G3		 2023-12-07 -
2024-12-07		 a year crt.sh

This page contains 1 frames:

Primary Page: https://slovakiapromouni.in.net/UniCredit/login.php
Frame ID: 0E1F6CE0F23E640845989F07749AE38F
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

My UniCredit Banking

Detected technologies

Overall confidence: 100%
Detected patterns
  • /etc/designs/
Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

571 kB
Transfer

570 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.php
slovakiapromouni.in.net/UniCredit/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://slovakiapromouni.in.net/UniCredit/login.php?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.236.186.134 Buffalo, United States, ASN55286 (SERVER-MANIA, CA),
Reverse DNS
darkhost.pro
Software
nginx / PHP/7.2.24
Resource Hash
979ad58e7851f57b634a24adac54dddc2a5d553e2ef69abc7c8d3bd4d2a1bd58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
date
Wed, 23 Oct 2024 07:33:47 GMT
server
nginx
strict-transport-security
max-age=31536000;
x-powered-by
PHP/7.2.24
login-page.css
slovakiapromouni.in.net/UniCredit/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://slovakiapromouni.in.net/UniCredit/css/login-page.css
Requested by
Host: slovakiapromouni.in.net
URL: https://slovakiapromouni.in.net/UniCredit/login.php?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.236.186.134 Buffalo, United States, ASN55286 (SERVER-MANIA, CA),
Reverse DNS
darkhost.pro
Software
nginx /
Resource Hash
9198df71cfbfb353d906e3f5b651d1a7412d99c3a0d5550d880db25f7fa0b1c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://slovakiapromouni.in.net/UniCredit/login.php?

Response headers

strict-transport-security
max-age=31536000;
etag
"66e89366-7fa"
accept-ranges
bytes
content-length
2042
date
Wed, 23 Oct 2024 07:33:47 GMT
content-type
text/css
last-modified
Mon, 16 Sep 2024 20:21:58 GMT
server
nginx
logo_uc.png
slovakiapromouni.in.net/UniCredit/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://slovakiapromouni.in.net/UniCredit/images/logo_uc.png
Requested by
Host: slovakiapromouni.in.net
URL: https://slovakiapromouni.in.net/UniCredit/login.php?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.236.186.134 Buffalo, United States, ASN55286 (SERVER-MANIA, CA),
Reverse DNS
darkhost.pro
Software
nginx /
Resource Hash
807e575b3390b8e07a59b8fbd6140eb2909929d461e8ab5a5510c78375ff6ef3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://slovakiapromouni.in.net/UniCredit/login.php?

Response headers

strict-transport-security
max-age=31536000;
etag
"66e8889a-e79"
accept-ranges
bytes
content-length
3705
date
Wed, 23 Oct 2024 07:33:47 GMT
content-type
image/png
last-modified
Mon, 16 Sep 2024 19:35:54 GMT
server
nginx
prooom.png
slovakiapromouni.in.net/UniCredit/images/ 		362 KB
363 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://slovakiapromouni.in.net/UniCredit/images/prooom.png
Requested by
Host: slovakiapromouni.in.net
URL: https://slovakiapromouni.in.net/UniCredit/login.php?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.236.186.134 Buffalo, United States, ASN55286 (SERVER-MANIA, CA),
Reverse DNS
darkhost.pro
Software
nginx /
Resource Hash
47a0295f43b42a1968233fc825294546ffff7495c6f695dc4d409ac32dba7f82
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://slovakiapromouni.in.net/UniCredit/login.php?

Response headers

strict-transport-security
max-age=31536000;
etag
"6717912e-5a7e8"
accept-ranges
bytes
content-length
370664
date
Wed, 23 Oct 2024 07:33:47 GMT
content-type
image/png
last-modified
Tue, 22 Oct 2024 11:49:02 GMT
server
nginx
pt-sans-2
fonts.cdnfonts.com/css/ 		2 KB
1012 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.cdnfonts.com/css/pt-sans-2
Requested by
Host: slovakiapromouni.in.net
URL: https://slovakiapromouni.in.net/UniCredit/css/login-page.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.184.158 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2654bd8691d6d310ac2742d8680eb6aefb4b7cfc8c31fa664fc15e4e1d9c12cd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://slovakiapromouni.in.net/

Response headers

content-encoding
zstd
cf-bgj
minify
cf-cache-status
HIT
age
99289
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LlRUrB0J5aURDH7cFRSxboGWor8lSHB79Hl5tBzOEiQ%2FGh5ehMTzLwzTZrV6oii%2BYTk5S%2BNVj6lsX1BPllA8RBAKY%2Bm%2FPpliIyzgbBBmASgnuK6af%2Blr828wRZoGK4GgcPEubDA%3D"}],"group":"cf-nel","max_age":604800}
cf-polished
origSize=2345
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=65324&sent=9&recv=7&lost=0&retrans=0&sent_bytes=4080&recv_bytes=4276&delivery_rate=51108&cwnd=12000&unsent_bytes=0&cid=055758cfdde39d98&ts=83&x=1", cfExtPri, cfHdrFlush;dur=0
date
Wed, 23 Oct 2024 07:33:47 GMT
content-type
text/css;charset=UTF-8
vary
Accept-Encoding
last-modified
Tue, 22 Oct 2024 03:58:58 GMT
priority
u=0,i=?0
cache-control
max-age=2678400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8d700a7aea365b31-VIE
access-control-allow-origin
*
server
cloudflare
PTS55F.woff
fonts.cdnfonts.com/s/19834/ 		197 KB
198 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.cdnfonts.com/s/19834/PTS55F.woff
Requested by
Host: fonts.cdnfonts.com
URL: https://fonts.cdnfonts.com/css/pt-sans-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.184.158 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
524ae03f14e8636c276d8ca319f07ee570cc3bd7b205191a429eb2656935b2b0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://slovakiapromouni.in.net
Referer
https://fonts.cdnfonts.com/css/pt-sans-2

Response headers

cf-cache-status
MISS
etag
"31370-5d73bbbfa7d74"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q3pYRW%2B6AF0MRCQzgGsj%2FLzujmC5WHqV1B7L3Sei%2BI1NpPfan1fY5nSC5G921AZLQS3TPfe188Ne4rxuBt40W9bgiHiepp8saqzzF%2BpS5g2aSZe%2BHGO2njdot3EY6Fm6bUJLuN0%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=68939&sent=10&recv=9&lost=0&retrans=0&sent_bytes=4102&recv_bytes=4390&delivery_rate=8919&cwnd=12000&unsent_bytes=0&cid=91a1542e57913e26&ts=148&x=1", cfExtPri, cfHdrFlush;dur=0
date
Wed, 23 Oct 2024 07:33:47 GMT
content-type
font/woff
last-modified
Sat, 05 Feb 2022 02:00:40 GMT
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
max-age=2678400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8d700a7bfec75b5d-VIE
accept-ranges
bytes
access-control-allow-origin
*
content-length
201584
server
cloudflare
favicon.ico
hu.unicreditbanking.eu/cms/!root!/etc/designs/cee2020-ib-core/static/images/ 		1 KB
857 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hu.unicreditbanking.eu/cms/!root!/etc/designs/cee2020-ib-core/static/images/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.135.233 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-100-135-233.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a0005055d249e647028b9e9c3e8fcdf6142214c366e113d43b73339125b4b921
Security Headers
Name Value
Strict-Transport-Security max-age=31622400; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://slovakiapromouni.in.net/

Response headers

strict-transport-security
max-age=31622400; includeSubDomains
cache-control
max-age=3600, must-revalidate
x-cache-detail
"environment variable 'no-cache' is set" from hu.unicreditbanking.eu
content-encoding
gzip
access-control-allow-origin
https://hu.unicreditbanking.eu
content-length
557
x-xss-protection
1
date
Wed, 23 Oct 2024 07:33:48 GMT
content-disposition
inline; filename="favicon.ico"
content-type
image/avif;charset=UTF-8
vary
Accept-Encoding
x-frame-options
SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Unicredit (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000;