176.121.14.53 Open in urlscan Pro
176.121.14.53 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://176.121.14.53/save/other/uni/
Submission: On July 16 via manual (July 16th 2021, 6:09:50 pm UTC) from IT

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 1 domains to perform 18 HTTP transactions. The main IP is 176.121.14.53, located in Ukraine and belongs to FLOWSPEC-AS, UA. The main domain is 176.121.14.53.

This is the only time 176.121.14.53 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Unicredit (Banking)

Domain & IP information

	IP Address	AS Autonomous System
17	176.121.14.53 176.121.14.53	210138 (FLOWSPEC-AS) (FLOWSPEC-AS)
1 2	80.84.98.66 80.84.98.66	12428 (UNICREDIT...) (UNICREDIT-AS-MI-)
18	2

17 176.121.14.53 (Ukraine)

ASN210138 (FLOWSPEC-AS, UA)

176.121.14.53	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 80.84.98.66 (Milan, Italy) 1 redirects

ASN12428 (UNICREDIT-AS-MI-, IT)

at-assets.ucgstatic.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	ucgstatic.eu 1 redirects at-assets.ucgstatic.eu	313 KB
18	1

	Domain	Requested by
2	at-assets.ucgstatic.eu	1 redirects 176.121.14.53
18	1

This site contains no links.

Subject Issuer	Validity	Valid
at-assets.ucgstatic.eu Actalis Organization Validated Server CA G3	`2020-10-06` - `2021-10-06`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://176.121.14.53/save/other/uni/
Frame ID: B49D087CE7110A36F6B806808D37C55E
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

18
Requests

6 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

2
Countries

793 kB
Transfer

1302 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

http://at-assets.ucgstatic.eu/content/gimb_at/de/login/login/jcr:content/content_parsys/bordercontainer/wcm/verticalbanner/img.img.png/1611663892931.png HTTP 301
https://at-assets.ucgstatic.eu/content/gimb_at/de/login/login/jcr:content/content_parsys/bordercontainer/wcm/verticalbanner/img.img.png/1611663892931.png

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
176.121.14.53/save/other/uni/ 25 KB
6 KB 130ms
110ms Document
text/html 176.121.14.53
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://176.121.14.53/save/other/uni/
Protocol: HTTP/1.1
Server: 176.121.14.53 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 6f329bdf64a823c9505595e0f84d53af9bb9860026e50c7e7e308fc9d588f5b4

Request headers

Host: 176.121.14.53
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 18:09:15 GMT
Server: Apache/2.4.18 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5907
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK head_at_login.css
176.121.14.53/save/other/uni/index_files/ 578 KB
94 KB 85ms
85ms Stylesheet
text/css 176.121.14.53
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
Requested by: Host: 176.121.14.53
URL: http://176.121.14.53/save/other/uni/
Protocol: HTTP/1.1
Server: 176.121.14.53 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: ef6f5a625583916b62c288e3f340643ee7ed71731c25c7687520d9fb37dc3a48

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 176.121.14.53
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://176.121.14.53/save/other/uni/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://176.121.14.53/save/other/uni/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 18:09:15 GMT
Content-Encoding: gzip
Last-Modified: Sun, 21 Feb 2021 19:56:30 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "908d8-5bbde14d21780-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99

GET
H/1.1 200
OK 121-icon01.png
176.121.14.53/save/other/uni/index_files/ 924 B
1 KB 130ms
110ms Image
image/png 176.121.14.53
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://176.121.14.53/save/other/uni/index_files/121-icon01.png
Requested by: Host: 176.121.14.53
URL: http://176.121.14.53/save/other/uni/
Protocol: HTTP/1.1
Server: 176.121.14.53 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 705a4996f7b4dbd5bc22eec596d9b6480563938c73dec3f7f57ad31403b9e790

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 176.121.14.53
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://176.121.14.53/save/other/uni/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://176.121.14.53/save/other/uni/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 18:09:15 GMT
Last-Modified: Sun, 21 Feb 2021 19:56:26 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "39c-5bbde14950e80"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 924

GET
H/1.1 200
OK BAMofUC-logo-flat.svg
176.121.14.53/save/other/uni/index_files/ 9 KB
9 KB 64ms
64ms Image
image/svg+xml 176.121.14.53
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://176.121.14.53/save/other/uni/index_files/BAMofUC-logo-flat.svg
Requested by: Host: 176.121.14.53
URL: http://176.121.14.53/save/other/uni/
Protocol: HTTP/1.1
Server: 176.121.14.53 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 7fc3a16cb09317b1f27cba314c45d43bdc1c8c659c3864a029060c7a57f4bc15

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 176.121.14.53
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://176.121.14.53/save/other/uni/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://176.121.14.53/save/other/uni/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 18:09:15 GMT
Last-Modified: Sun, 21 Feb 2021 19:56:32 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "23d1-5bbde14f09c00"
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 9169

GET
H/1.1 200
OK login-common.css
176.121.14.53/save/other/uni/index_files/ 284 B
562 B 127ms
108ms Stylesheet
text/css 176.121.14.53
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://176.121.14.53/save/other/uni/index_files/login-common.css
Requested by: Host: 176.121.14.53
URL: http://176.121.14.53/save/other/uni/
Protocol: HTTP/1.1
Server: 176.121.14.53 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: f1f25ad9f8e560d4435186484b1f6a64984cfe527a7edc0ce221539cd08adb50

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 176.121.14.53
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://176.121.14.53/save/other/uni/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://176.121.14.53/save/other/uni/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 18:09:15 GMT
Content-Encoding: gzip
Last-Modified: Sun, 21 Feb 2021 19:56:30 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "11c-5bbde14d21780-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 226

GET
H/1.1 200
OK login.css
176.121.14.53/save/other/uni/index_files/ 10 KB
3 KB 131ms
112ms Stylesheet
text/css 176.121.14.53
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://176.121.14.53/save/other/uni/index_files/login.css
Requested by: Host: 176.121.14.53
URL: http://176.121.14.53/save/other/uni/
Protocol: HTTP/1.1
Server: 176.121.14.53 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 52233e04b02bc65a0829b831984a21aa78be101de2d33e837435890c6239a952

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 176.121.14.53
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://176.121.14.53/save/other/uni/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://176.121.14.53/save/other/uni/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 18:09:15 GMT
Content-Encoding: gzip
Last-Modified: Sun, 21 Feb 2021 19:56:28 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "279d-5bbde14b39300-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 2458

GET
H/1.1 200
OK dkStep.css
176.121.14.53/save/other/uni/index_files/ 2 KB
875 B 128ms
108ms Stylesheet
text/css 176.121.14.53
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://176.121.14.53/save/other/uni/index_files/dkStep.css
Requested by: Host: 176.121.14.53
URL: http://176.121.14.53/save/other/uni/
Protocol: HTTP/1.1
Server: 176.121.14.53 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 1e3ee0e0a80fa4ee97e7dfc365a431d2f83ef471193e7460d76dd27357f9e55b

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 176.121.14.53
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://176.121.14.53/save/other/uni/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://176.121.14.53/save/other/uni/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 18:09:15 GMT
Content-Encoding: gzip
Last-Modified: Sun, 21 Feb 2021 19:56:24 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "75b-5bbde14768a00-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 539

GET
H/1.1 200
OK managelanguage.css
176.121.14.53/save/other/uni/index_files/ 3 KB
1 KB 129ms
109ms Stylesheet
text/css 176.121.14.53
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://176.121.14.53/save/other/uni/index_files/managelanguage.css
Requested by: Host: 176.121.14.53
URL: http://176.121.14.53/save/other/uni/
Protocol: HTTP/1.1
Server: 176.121.14.53 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: a3dd9710fe95bc29d47926850d50692442a6843fb9458a4769794c799ef05a57

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 176.121.14.53
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://176.121.14.53/save/other/uni/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://176.121.14.53/save/other/uni/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 18:09:15 GMT
Content-Encoding: gzip
Last-Modified: Sun, 21 Feb 2021 19:56:28 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "b68-5bbde14b39300-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 843

GET
H/1.1 200
OK sprite-common.png
176.121.14.53/save/other/uni/img/ 22 KB
22 KB 65ms
65ms Image
image/png 176.121.14.53
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://176.121.14.53/save/other/uni/img/sprite-common.png
Requested by: Host: 176.121.14.53
URL: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
Protocol: HTTP/1.1
Server: 176.121.14.53 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 9ba28c18fb75f3a6fcee96df6421c475570a4161b0c59637b878d7b4520169c3

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 176.121.14.53
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 18:09:15 GMT
Last-Modified: Sun, 21 Feb 2021 19:56:22 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "58ad-5bbde14580580"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 22701

GET
H/1.1 200
OK unicredit-light.otf
176.121.14.53/save/other/uni/fonts/ 102 KB
103 KB 64ms
64ms Font
application/font-sfnt 176.121.14.53
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://176.121.14.53/save/other/uni/fonts/unicredit-light.otf
Requested by: Host: 176.121.14.53
URL: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
Protocol: HTTP/1.1
Server: 176.121.14.53 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: d91ea6df371995153328efe12017133994e9e25881f620ee00942462251cfeaa

Request headers

Pragma: no-cache
Origin: http://176.121.14.53
Accept-Encoding: gzip, deflate
Host: 176.121.14.53
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
Connection: keep-alive
Cache-Control: no-cache
Origin: http://176.121.14.53
Referer: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 18:09:15 GMT
Last-Modified: Sun, 21 Feb 2021 19:56:08 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "19930-5bbde13826600"
Content-Type: application/font-sfnt
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 104752

GET
H/1.1 200
OK ico-infologin.png
176.121.14.53/save/other/uni/img/ 2 KB
2 KB 64ms
64ms Image
image/png 176.121.14.53
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://176.121.14.53/save/other/uni/img/ico-infologin.png
Requested by: Host: 176.121.14.53
URL: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
Protocol: HTTP/1.1
Server: 176.121.14.53 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: e41c557c2dcc8f98c3bb29c83a23b4cf79b4606e9fe6e692331e128ccecc51f6

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 176.121.14.53
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 18:09:15 GMT
Last-Modified: Sun, 21 Feb 2021 19:56:22 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "647-5bbde14580580"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1607

GET
H/1.1 200
OK sprite-lang-at.png
176.121.14.53/save/other/uni/index_files/img/ 2 KB
2 KB 65ms
65ms Image
image/png 176.121.14.53
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://176.121.14.53/save/other/uni/index_files/img/sprite-lang-at.png
Requested by: Host: 176.121.14.53
URL: http://176.121.14.53/save/other/uni/index_files/managelanguage.css
Protocol: HTTP/1.1
Server: 176.121.14.53 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 14fcf0f22a5e48daed3bf981ac816103c8c68bfbd16ab8bbd5c38352d702c4d9

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 176.121.14.53
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://176.121.14.53/save/other/uni/index_files/managelanguage.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://176.121.14.53/save/other/uni/index_files/managelanguage.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 18:09:15 GMT
Last-Modified: Sun, 21 Feb 2021 19:56:32 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "834-5bbde14f09c00"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2100

GET
H/1.1 200
OK sprite-lang-en.png
176.121.14.53/save/other/uni/index_files/img/ 5 KB
5 KB 64ms
64ms Image
image/png 176.121.14.53
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://176.121.14.53/save/other/uni/index_files/img/sprite-lang-en.png
Requested by: Host: 176.121.14.53
URL: http://176.121.14.53/save/other/uni/index_files/managelanguage.css
Protocol: HTTP/1.1
Server: 176.121.14.53 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: e556970daffaaa792d747bc5a7ed2d7d256913abddc89c37ab259e786873e4af

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 176.121.14.53
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://176.121.14.53/save/other/uni/index_files/managelanguage.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://176.121.14.53/save/other/uni/index_files/managelanguage.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 18:09:15 GMT
Last-Modified: Sun, 21 Feb 2021 19:56:32 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "145a-5bbde14f09c00"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 5210

GET
H/1.1

200
OK

1611663892931.png
at-assets.ucgstatic.eu/content/gimb_at/de/login/login/jcr:content/content_parsys/bordercontainer/wcm/verticalbanner/img.img.png/
Redirect Chain

http://at-assets.ucgstatic.eu/content/gimb_at/de/login/login/jcr:content/content_parsys/bordercontainer/wcm/verticalbanner/img.img.png/1611663892931.png
https://at-assets.ucgstatic.eu/content/gimb_at/de/login/login/jcr:content/content_parsys/bordercontainer/wcm/verticalbanner/img.img.png/1611663892931.png

312 KB
312 KB

258ms
73ms

Image
image/png

80.84.98.66
UNICREDIT-AS-MI-

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://at-assets.ucgstatic.eu/content/gimb_at/de/login/login/jcr:content/content_parsys/bordercontainer/wcm/verticalbanner/img.img.png/1611663892931.png

Requested by

Host: 176.121.14.53
URL: http://176.121.14.53/save/other/uni/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),

Reverse DNS

Software

Resource Hash

73a32ffade982991a10b16ce7a404f2716993a80090c505736481d7c179e9e1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://176.121.14.53/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 18:09:29 GMT
ETag: "4de7a"
X-Frame-Options: SAMEORIGIN
Connection: Keep-Alive
Content-Type: image/png
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=76
Content-Length: 319098
VTS-H2: FP FD FR
Expires: Sun, 15 Aug 2021 18:09:29 GMT

Redirect headers

Location: https://at-assets.ucgstatic.eu/content/gimb_at/de/login/login/jcr:content/content_parsys/bordercontainer/wcm/verticalbanner/img.img.png/1611663892931.png
Date: Fri, 16 Jul 2021 18:09:28 GMT
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 361
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK footer_spriteAT.png
176.121.14.53/save/other/uni/img/ 3 KB
3 KB 65ms
65ms Image
image/png 176.121.14.53
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://176.121.14.53/save/other/uni/img/footer_spriteAT.png
Requested by: Host: 176.121.14.53
URL: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
Protocol: HTTP/1.1
Server: 176.121.14.53 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 03f64a4e3a0b274988a9573bff90344401b3c58bfff26eec0090f57a397a97ea

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 176.121.14.53
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 18:09:15 GMT
Last-Modified: Sun, 21 Feb 2021 19:56:22 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "a06-5bbde14580580"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2566

GET
H/1.1 200
OK IconWerk2-mono-v05.woff
176.121.14.53/save/other/uni/fonts/ 14 KB
14 KB 122ms
64ms Font
application/font-woff 176.121.14.53
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://176.121.14.53/save/other/uni/fonts/IconWerk2-mono-v05.woff
Requested by: Host: 176.121.14.53
URL: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
Protocol: HTTP/1.1
Server: 176.121.14.53 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 18b1c0abd01d9dd86722431ca611b9e4aa23025948fa2c9a39efd20de667f2c6

Request headers

Pragma: no-cache
Origin: http://176.121.14.53
Accept-Encoding: gzip, deflate
Host: 176.121.14.53
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
Connection: keep-alive
Cache-Control: no-cache
Origin: http://176.121.14.53
Referer: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 18:09:15 GMT
Last-Modified: Sun, 21 Feb 2021 19:56:14 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "3844-5bbde13ddf380"
Content-Type: application/font-woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 14404

GET
H/1.1 200
OK unicredit-regular.otf
176.121.14.53/save/other/uni/fonts/ 98 KB
98 KB 126ms
64ms Font
application/font-sfnt 176.121.14.53
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://176.121.14.53/save/other/uni/fonts/unicredit-regular.otf
Requested by: Host: 176.121.14.53
URL: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
Protocol: HTTP/1.1
Server: 176.121.14.53 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: fb3eee259238bb8f097a10f92ad30df49fe02fa3889ee4ee64407514840383a5

Request headers

Pragma: no-cache
Origin: http://176.121.14.53
Accept-Encoding: gzip, deflate
Host: 176.121.14.53
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
Connection: keep-alive
Cache-Control: no-cache
Origin: http://176.121.14.53
Referer: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 18:09:15 GMT
Last-Modified: Sun, 21 Feb 2021 19:56:12 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "186c0-5bbde13bf6f00"
Content-Type: application/font-sfnt
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 100032

GET
H/1.1 200
OK unicredit-medium.otf
176.121.14.53/save/other/uni/fonts/ 114 KB
115 KB 127ms
64ms Font
application/font-sfnt 176.121.14.53
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://176.121.14.53/save/other/uni/fonts/unicredit-medium.otf
Requested by: Host: 176.121.14.53
URL: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
Protocol: HTTP/1.1
Server: 176.121.14.53 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 2ad850adfd4c44eca0fb84badbd18222af65c98d9086d5175b22d3b02f1fe67c

Request headers

Pragma: no-cache
Origin: http://176.121.14.53
Accept-Encoding: gzip, deflate
Host: 176.121.14.53
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
Connection: keep-alive
Cache-Control: no-cache
Origin: http://176.121.14.53
Referer: http://176.121.14.53/save/other/uni/index_files/head_at_login.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 18:09:15 GMT
Last-Modified: Sun, 21 Feb 2021 19:56:02 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "1c9fc-5bbde1326d880"
Content-Type: application/font-sfnt
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 117244

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Unicredit (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

at-assets.ucgstatic.eu
176.121.14.53
80.84.98.66
03f64a4e3a0b274988a9573bff90344401b3c58bfff26eec0090f57a397a97ea
14fcf0f22a5e48daed3bf981ac816103c8c68bfbd16ab8bbd5c38352d702c4d9
18b1c0abd01d9dd86722431ca611b9e4aa23025948fa2c9a39efd20de667f2c6
1e3ee0e0a80fa4ee97e7dfc365a431d2f83ef471193e7460d76dd27357f9e55b
2ad850adfd4c44eca0fb84badbd18222af65c98d9086d5175b22d3b02f1fe67c
52233e04b02bc65a0829b831984a21aa78be101de2d33e837435890c6239a952
6f329bdf64a823c9505595e0f84d53af9bb9860026e50c7e7e308fc9d588f5b4
705a4996f7b4dbd5bc22eec596d9b6480563938c73dec3f7f57ad31403b9e790
73a32ffade982991a10b16ce7a404f2716993a80090c505736481d7c179e9e1b
7fc3a16cb09317b1f27cba314c45d43bdc1c8c659c3864a029060c7a57f4bc15
9ba28c18fb75f3a6fcee96df6421c475570a4161b0c59637b878d7b4520169c3
a3dd9710fe95bc29d47926850d50692442a6843fb9458a4769794c799ef05a57
d91ea6df371995153328efe12017133994e9e25881f620ee00942462251cfeaa
e41c557c2dcc8f98c3bb29c83a23b4cf79b4606e9fe6e692331e128ccecc51f6
e556970daffaaa792d747bc5a7ed2d7d256913abddc89c37ab259e786873e4af
ef6f5a625583916b62c288e3f340643ee7ed71731c25c7687520d9fb37dc3a48
f1f25ad9f8e560d4435186484b1f6a64984cfe527a7edc0ce221539cd08adb50
fb3eee259238bb8f097a10f92ad30df49fe02fa3889ee4ee64407514840383a5

176.121.14.53 Open in urlscan Pro 176.121.14.53 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

18 Requests

6 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

2 Countries

793 kBTransfer

1302 kBSize

0 Cookies

0 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

176.121.14.53 Open in urlscan Pro
176.121.14.53 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

6 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

2
Countries

793 kB
Transfer

1302 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!