sridurgatmt.com Open in urlscan Pro
166.62.29.42 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://sridurgatmt.com/im/
Submission: On September 28 via api (September 28th 2023, 7:33:13 pm UTC) from JP — Scanned from SG

Summary HTTP 14 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 14 HTTP transactions. The main IP is 166.62.29.42, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is sridurgatmt.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on October 17th 2022. Valid for: a year.

This is the only time sridurgatmt.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banca di Imola (Banking)

Domain & IP information

	IP Address	AS Autonomous System
11	166.62.29.42 166.62.29.42	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
1	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
1 2	23.32.29.104 23.32.29.104	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	193.41.84.67 193.41.84.67	15981 (CSEBO-NET) (CSEBO-NET)
14	4

11 166.62.29.42 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: 42.29.62.166.host.secureserver.net

sridurgatmt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::649 (Ascension Island)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.32.29.104 (United States) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-32-29-104.deploy.static.akamaitechnologies.com

img1.wsimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img6.wsimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.41.84.67 (Italy)

ASN15981 (CSEBO-NET, IT)
PTR: procurement.csebo.it

www.bancadiimola.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	sridurgatmt.com sridurgatmt.com	275 KB
2	wsimg.com 1 redirects img1.wsimg.com — Cisco Umbrella Rank: 15785 img6.wsimg.com — Cisco Umbrella Rank: 20777	12 KB
1	bancadiimola.it www.bancadiimola.it
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1243	32 KB
14	4

	Domain	Requested by
11	sridurgatmt.com	sridurgatmt.com
1	www.bancadiimola.it	sridurgatmt.com
1	img6.wsimg.com	sridurgatmt.com
1	img1.wsimg.com	1 redirects
1	code.jquery.com	sridurgatmt.com
14	5

This site contains links to these domains. Also see Links.

Domain
www.bancadiimola.it

Subject Issuer	Validity	Valid
sridurgatmt.com Go Daddy Secure Certificate Authority - G2	`2022-10-17` - `2023-10-17`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
COMODO RSA Extended Validation Secure Server CA	`2022-11-29` - `2023-12-30`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://sridurgatmt.com/im/
Frame ID: 997FCEFDBCD88AFEDB0783366836F222
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Portale

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

93 %
HTTPS

25 %
IPv6

4
Domains

5
Subdomains

4
IPs

3
Countries

319 kB
Transfer

1422 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bancadiimola.it/ita/Privati/Internet-Banking/Nuovo-Internet-Banking
Title: SCOPRI DI PIU' >

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 302
https://img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
sridurgatmt.com/im/ 76 KB
8 KB 61ms
38ms Document
text/html 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://sridurgatmt.com/im/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: 1c07629365944477370b8ae1837276eb3599a15c36f62d7cac635b6f20ffe6df

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

accept-ranges: bytes
content-encoding: br
content-length: 8396
content-type: text/html
date: Thu, 28 Sep 2023 19:33:08 GMT
etag: "c7c1dcb-12db7-6062f702582c0-br"
last-modified: Mon, 25 Sep 2023 14:04:35 GMT
server: Apache
vary: Accept-Encoding

GET
H2 200 iconfont.86842429c76dcde3.css
sridurgatmt.com/im/apps/pib2/05080brand0/ 8 KB
2 KB 11ms
9ms Stylesheet
text/css 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://sridurgatmt.com/im/apps/pib2/05080brand0/iconfont.86842429c76dcde3.css
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/im/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: fd41d05d0ff5e2d9e1168954b724e3aa48bd56de6632667dd2d3ff61c1ebb919

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/im/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:33:08 GMT
content-encoding: br
last-modified: Mon, 25 Sep 2023 14:04:35 GMT
server: Apache
etag: "c7c1ddb-1f55-6062f702582c0-br"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 1553

GET
H2 200 fonts.e48d692aa102e613.css
sridurgatmt.com/im/apps/pib2/05080brand0/ 401 B
208 B 9ms
8ms Stylesheet
text/css 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://sridurgatmt.com/im/apps/pib2/05080brand0/fonts.e48d692aa102e613.css
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/im/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: 436934dedf27713f53c99c28e0c30df873a919c394f89decf095ce42a4560715

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/im/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:33:08 GMT
content-encoding: br
last-modified: Mon, 25 Sep 2023 14:04:35 GMT
server: Apache
etag: "c7c1ddd-191-6062f702582c0-br"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 152

GET
H2 200 palette.6174373cc711c51f.css
sridurgatmt.com/im/apps/pib2/05080brand0/ 60 KB
7 KB 21ms
19ms Stylesheet
text/css 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://sridurgatmt.com/im/apps/pib2/05080brand0/palette.6174373cc711c51f.css
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/im/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: d4cb705dfa070c1911272412ebcac8b79d1465815d15f334e5f8bebc61d0762d

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/im/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:33:08 GMT
content-encoding: br
last-modified: Mon, 25 Sep 2023 14:04:35 GMT
server: Apache
etag: "c7c1de0-ee5f-6062f702582c0-br"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 7584

GET
H2 200 typography.86ee5add774707db.css
sridurgatmt.com/im/apps/pib2/05080brand0/ 105 B
141 B 8ms
7ms Stylesheet
text/css 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://sridurgatmt.com/im/apps/pib2/05080brand0/typography.86ee5add774707db.css
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/im/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: 2de17661bbaca097802f6f53c16be976d48b40c51617cf3fd99e3b07b4eea8da

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/im/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:33:08 GMT
content-encoding: br
last-modified: Mon, 25 Sep 2023 14:04:35 GMT
server: Apache
etag: "c7c1de3-69-6062f702582c0-br"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 78

GET
H2 200 styles.4d5a4c6d1c8b1bc7.css
sridurgatmt.com/im/apps/pib2/05080brand0/ 586 KB
49 KB 65ms
64ms Stylesheet
text/css 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://sridurgatmt.com/im/apps/pib2/05080brand0/styles.4d5a4c6d1c8b1bc7.css
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/im/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: 875b859adcbdc52336904daea351c16c93806c3cf8cb91c3e6fe086acb4a801b

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/im/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:33:08 GMT
content-encoding: br
last-modified: Mon, 25 Sep 2023 14:04:35 GMT
server: Apache
etag: "c7c1de1-9296d-6062f702582c0-br"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes

GET
H2 200 public-light-theme-header-logo.png
sridurgatmt.com/im/apps/pib2/05080brand0/assets/ 9 KB
9 KB 9ms
9ms Image
image/png 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sridurgatmt.com/im/apps/pib2/05080brand0/assets/public-light-theme-header-logo.png
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/im/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: f9a21b24fbec77647c7b183d30ca1d3358ce943e7f35743fdf4fb1a33967f924

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/im/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:33:08 GMT
last-modified: Mon, 25 Sep 2023 14:04:35 GMT
server: Apache
accept-ranges: bytes
etag: "c7c1de7-25ab-6062f702582c0"
content-length: 9643
content-type: image/png

GET
H2 200 jquery-1.9.1.min.js Show response
code.jquery.com/ 90 KB
32 KB 567ms
178ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.9.1.min.js
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/im/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:33:08 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 1127390
x-cache: HIT, HIT
content-length: 32772
x-served-by: cache-lga13625-LGA, cache-maa10226-MAA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1695929589.880430,VS0,VE0
etag: W/"28feccc0-169d5"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 23, 4963870

GET
H2

200

tccl.min.js Show response
img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/
Redirect Chain

https://img1.wsimg.com/traffic-assets/js/tccl.min.js
https://img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js

45 KB
12 KB

30ms
24ms

Script
application/javascript

23.32.29.104
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/im/
Protocol: H2
Server: 23.32.29.104 , United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-32-29-104.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d10c120206d25caa3deafc45a0ed90f2a6ce5290402c4502a68d95bcaeaa898b

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: sTnOEJpl_Bn63xNm3Yru0HbQaHbS55CR
content-encoding: br
date: Thu, 28 Sep 2023 19:33:08 GMT
x-amz-request-id: 1K08MGCFGNYAVXZF
x-amz-server-side-encryption: AES256
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1695929588598_387980644_2721600493_11_1029_3_0_182";dur=1
content-length: 11347
x-amz-id-2: CZXoeAWpc5+jb36BYR8uyZbNJRBFREbz0Nre0fU34nQWMlUclaRIk+VX09Y65a5zNWYS93IKD+k=
last-modified: Mon, 17 Apr 2023 05:04:44 GMT
etag: "5c3e20ad749ddb088afc84b1b7ff009e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

Redirect headers

location: https://img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js
access-control-allow-origin: *
date: Thu, 28 Sep 2023 19:33:08 GMT
cache-control: max-age=1800
timing-allow-origin: *
content-length: 0
expires: Thu, 28 Sep 2023 20:03:08 GMT

GET
H/1.1 200
OK loginBanner1.jpg
www.bancadiimola.it/upload/carira/PIB2/desktop/ 185 KB
0 3953ms
286ms Image
image/jpeg 193.41.84.67
CSEBO-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancadiimola.it/upload/carira/PIB2/desktop/loginBanner1.jpg

Requested by

Host: sridurgatmt.com
URL: https://sridurgatmt.com/im/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.41.84.67 , Italy, ASN15981 (CSEBO-NET, IT),

Reverse DNS

procurement.csebo.it

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Thu, 28 Sep 2023 19:33:12 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Sep 2022 15:26:37 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: no-transform
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 194957
Expires: Sat, 28 Oct 2023 19:33:12 GMT

GET
H2 200 public-light-theme-footer-logo.png
sridurgatmt.com/im/apps/pib2/05080brand0/assets/ 15 KB
15 KB 24ms
23ms Image
image/png 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sridurgatmt.com/im/apps/pib2/05080brand0/assets/public-light-theme-footer-logo.png
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/im/apps/pib2/05080brand0/styles.4d5a4c6d1c8b1bc7.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: b9fe456bcc85257f3d90cf8cfaa1dd95b242b3f62b939266afcd2420d044826d

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/im/apps/pib2/05080brand0/styles.4d5a4c6d1c8b1bc7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:33:08 GMT
last-modified: Mon, 25 Sep 2023 14:04:35 GMT
server: Apache
accept-ranges: bytes
etag: "c7c1de6-3a75-6062f702582c0"
content-length: 14965
content-type: image/png

GET
H2 200 Roboto-Bold.8840acc77623e354.ttf
sridurgatmt.com/im/apps/pib2/05080brand0/ 163 KB
82 KB 81ms
80ms Font
font/ttf 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://sridurgatmt.com/im/apps/pib2/05080brand0/Roboto-Bold.8840acc77623e354.ttf
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/im/apps/pib2/05080brand0/fonts.e48d692aa102e613.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: baf44ce81636cc927fc27768437e5da853bac699e8aaf832d042f0dfed29b4b4

Request headers

Referer: https://sridurgatmt.com/im/apps/pib2/05080brand0/fonts.e48d692aa102e613.css
Origin: https://sridurgatmt.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:33:08 GMT
content-encoding: br
last-modified: Mon, 25 Sep 2023 14:04:35 GMT
server: Apache
etag: "c7c1de4-28da8-6062f702582c0-br"
vary: Accept-Encoding
content-type: font/ttf
accept-ranges: bytes
content-length: 84163

GET
H2 200 iconfont.ace2fed6d4773adb.woff2
sridurgatmt.com/im/apps/pib2/05080brand0/ 20 KB
20 KB 28ms
27ms Font
font/woff2 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://sridurgatmt.com/im/apps/pib2/05080brand0/iconfont.ace2fed6d4773adb.woff2?t=1684503916828
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/im/apps/pib2/05080brand0/iconfont.86842429c76dcde3.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: f53b58dbd84c330c9681e4ed45bac069c403be7f6fa735fbbb8b5029fbfe590a

Request headers

Referer: https://sridurgatmt.com/im/apps/pib2/05080brand0/iconfont.86842429c76dcde3.css
Origin: https://sridurgatmt.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:33:08 GMT
content-encoding: br
last-modified: Mon, 25 Sep 2023 14:04:35 GMT
server: Apache
etag: "c7c1dde-5074-6062f702582c0-br"
vary: Accept-Encoding
content-type: font/woff2
accept-ranges: bytes
content-length: 20593

GET
H2 200 Roboto-Regular.298c1099d7ff5993.ttf
sridurgatmt.com/im/apps/pib2/05080brand0/ 164 KB
82 KB 68ms
67ms Font
font/ttf 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://sridurgatmt.com/im/apps/pib2/05080brand0/Roboto-Regular.298c1099d7ff5993.ttf
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/im/apps/pib2/05080brand0/fonts.e48d692aa102e613.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: 319cff6e7a31f0f2a41c475dca42890aa5d19fe16017e2290f8c1d4e14f76481

Request headers

Referer: https://sridurgatmt.com/im/apps/pib2/05080brand0/fonts.e48d692aa102e613.css
Origin: https://sridurgatmt.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:33:08 GMT
content-encoding: br
last-modified: Mon, 25 Sep 2023 14:04:35 GMT
server: Apache
etag: "c7c1de2-29144-6062f702582c0-br"
vary: Accept-Encoding
content-type: font/ttf
accept-ranges: bytes
content-length: 83378

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banca di Imola (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.sridurgatmt.com/	1970-01-20 23:51:05	Name: _tccl_visitor Value: 8ae9fd12-118d-5c0f-bc5d-9f03e5f601cd
			.sridurgatmt.com/	1970-01-20 15:05:31	Name: _tccl_visit Value: 8ae9fd12-118d-5c0f-bc5d-9f03e5f601cd

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
img1.wsimg.com
img6.wsimg.com
sridurgatmt.com
www.bancadiimola.it
166.62.29.42
193.41.84.67
23.32.29.104
2a04:4e42:400::649
1c07629365944477370b8ae1837276eb3599a15c36f62d7cac635b6f20ffe6df
2de17661bbaca097802f6f53c16be976d48b40c51617cf3fd99e3b07b4eea8da
319cff6e7a31f0f2a41c475dca42890aa5d19fe16017e2290f8c1d4e14f76481
436934dedf27713f53c99c28e0c30df873a919c394f89decf095ce42a4560715
875b859adcbdc52336904daea351c16c93806c3cf8cb91c3e6fe086acb4a801b
b9fe456bcc85257f3d90cf8cfaa1dd95b242b3f62b939266afcd2420d044826d
baf44ce81636cc927fc27768437e5da853bac699e8aaf832d042f0dfed29b4b4
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
d10c120206d25caa3deafc45a0ed90f2a6ce5290402c4502a68d95bcaeaa898b
d4cb705dfa070c1911272412ebcac8b79d1465815d15f334e5f8bebc61d0762d
f53b58dbd84c330c9681e4ed45bac069c403be7f6fa735fbbb8b5029fbfe590a
f9a21b24fbec77647c7b183d30ca1d3358ce943e7f35743fdf4fb1a33967f924
fd41d05d0ff5e2d9e1168954b724e3aa48bd56de6632667dd2d3ff61c1ebb919

sridurgatmt.com Open in urlscan Pro 166.62.29.42 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

14 Requests

93 %HTTPS

25 %IPv6

4 Domains

5 Subdomains

4 IPs

3 Countries

319 kBTransfer

1422 kBSize

2 Cookies

1 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

2 Cookies

Indicators

sridurgatmt.com Open in urlscan Pro
166.62.29.42 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

93 %
HTTPS

25 %
IPv6

4
Domains

5
Subdomains

4
IPs

3
Countries

319 kB
Transfer

1422 kB
Size

2
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!