urlscan.io logo urlscan.io
SecurityTrails logo

egunt.unitru.edu.pe Open in urlscan Pro
190.119.49.79  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://egunt.unitru.edu.pe/Online-banking-profile_TruistOnline.html
Submission: On September 16 via manual from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 3 HTTP transactions. The main IP is 190.119.49.79, located in Lima, Peru and belongs to America Movil Peru S.A.C., PE. The main domain is egunt.unitru.edu.pe.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 20th 2024. Valid for: a year.
This is the only time egunt.unitru.edu.pe was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Truist Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 190.119.49.79 12252 (America M...)
1 195.80.159.133 29152 (DECKNET-AS)
1 104.17.25.14 13335 (CLOUDFLAR...)
3 4
Apex Domain
Subdomains		 Transfer
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 215
6 KB
1 l2.io
l2.io — Cisco Umbrella Rank: 161395
229 B
1 unitru.edu.pe
egunt.unitru.edu.pe
331 KB
3 3
Domain Requested by
1 cdnjs.cloudflare.com egunt.unitru.edu.pe
1 l2.io egunt.unitru.edu.pe
1 egunt.unitru.edu.pe
3 3

This site contains no links.

Subject Issuer Validity Valid
*.unitru.edu.pe
Sectigo RSA Domain Validation Secure Server CA		 2024-05-20 -
2025-06-19		 a year crt.sh
l2.io
R10		 2024-09-02 -
2024-12-01		 3 months crt.sh
cdnjs.cloudflare.com
WE1		 2024-07-31 -
2024-10-29		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://egunt.unitru.edu.pe/Online-banking-profile_TruistOnline.html
Frame ID: 1D33805F569D713CD4F4B849A20A3CF2
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Online banking profile | Truist Online

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

437 kB
Transfer

1615 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Online-banking-profile_TruistOnline.html
egunt.unitru.edu.pe/ 		1 MB
331 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://egunt.unitru.edu.pe/Online-banking-profile_TruistOnline.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.119.49.79 Lima, Peru, ASN12252 (America Movil Peru S.A.C., PE),
Reverse DNS
Software
Apache /
Resource Hash
76ca145d9d10e35cdcb5ec435ca6464190b663e1d03e809d837d78d02f8a82bf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
338411
Content-Type
text/html
Date
Mon, 16 Sep 2024 13:32:07 GMT
ETag
"1716ac-6221541bb0ea4-gzip"
Keep-Alive
timeout=5, max=100
Last-Modified
Sat, 14 Sep 2024 14:35:52 GMT
Server
Apache
Vary
Accept-Encoding
ip.js
l2.io/ 		25 B
229 B 		Script
General
Check archive.org
Download Go to
Full URL
https://l2.io/ip.js?var=userip
Requested by
Host: egunt.unitru.edu.pe
URL: https://egunt.unitru.edu.pe/Online-banking-profile_TruistOnline.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
195.80.159.133 , France, ASN29152 (DECKNET-AS, FR),
Reverse DNS
Software
Apache/2.4.59 (Debian) /
Resource Hash
167ee73efd3d71e82d6f18773dc63151692525dc273eb15879a3bb45fd03ee9a

Request headers

Referer
https://egunt.unitru.edu.pe/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 13:31:56 GMT
Server
Apache/2.4.59 (Debian)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
25
Content-Type
text/html; charset=UTF-8
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 		30 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: egunt.unitru.edu.pe
URL: https://egunt.unitru.edu.pe/Online-banking-profile_TruistOnline.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://egunt.unitru.edu.pe/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 16 Sep 2024 13:31:56 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
917929
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
5631
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-7918"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xRSMhdaBJVXd8h9UqMvoiHGC3NGqd1px%2FiLcXwZjdjkhUNa6U3IuhhlfSbMuqyqqfHVcflrZrCBjKg%2FrhTymj4Id0EFjfXdcS1NgB%2Bo%2Bagy%2BzhPfwsuj4XSUgpB8Ld%2FMFiNGSWox"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8c41383cafe7ac84-YYZ
expires
Sat, 06 Sep 2025 13:31:56 GMT
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f87b567095229d6c5298353136c8c7c1b268fe1b8d996b7ab29b07f7ae97ec08

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2e2e20fc9729fb0389392bde5a8fd1b4cb390dd8689ce7a1c3fe83cc91b0d52

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2574d7302123369d60192dc3ccdad6eb6399e8fb45c993ad39f52ca914ae8b92

Request headers

Referer
Origin
https://egunt.unitru.edu.pe
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
binary/octet-stream
truncated
/ 		52 KB
52 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
62ed8e63459d2d30df43d4f715cfe7b1c09f5d31c98696acc9b537e919efda39

Request headers

Referer
Origin
https://egunt.unitru.edu.pe
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
binary/octet-stream

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Truist Bank (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| savepage_ShadowLoader string| userip function| isNumber

0 Cookies

2 Console Messages

Source Level URL
Text
recommendation warning URL: https://egunt.unitru.edu.pe/Online-banking-profile_TruistOnline.html
Message:
[DOM] Found 6 elements with non-unique id #tru-core-input-1: (More info: https://goo.gl/9p2vKq) %o %o %o %o %o %o
recommendation warning URL: https://egunt.unitru.edu.pe/Online-banking-profile_TruistOnline.html
Message:
[DOM] Found 4 elements with non-unique id #tru-core-input-3: (More info: https://goo.gl/9p2vKq) %o %o %o %o