urlscan.io logo urlscan.io
SecurityTrails logo

shivacosmetics.ir Open in urlscan Pro
195.201.55.153  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ketodietrecpies.xyz/wp-admin/redirect.php
Effective URL: https://shivacosmetics.ir/wp-content/themes/server/Service/login/
Submission: On December 14 via manual from BG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 30 HTTP transactions. The main IP is 195.201.55.153, located in Germany and belongs to HETZNER-AS, DE. The main domain is shivacosmetics.ir.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 6th 2020. Valid for: 3 months.
This is the only time shivacosmetics.ir was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Raiffeisen Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 38.107.221.235 393398 (ASN-DIS)
2 15 195.201.55.153 24940 (HETZNER-AS)
8 194.48.206.22 44396 (RBB-)
1 2a00:1450:400... 15169 (GOOGLE)
30 4
Apex Domain
Subdomains		 Transfer
15 shivacosmetics.ir
shivacosmetics.ir
217 KB
8 rbb.bg
online.rbb.bg
253 KB
1 youtube.com
www.youtube.com
1 ketodietrecpies.xyz
ketodietrecpies.xyz
236 B
30 4
Domain Requested by
15 shivacosmetics.ir 2 redirects shivacosmetics.ir
8 online.rbb.bg shivacosmetics.ir
online.rbb.bg
1 www.youtube.com shivacosmetics.ir
1 ketodietrecpies.xyz 1 redirects
30 4
Subject Issuer Validity Valid
shivacosmetics.ir
Let's Encrypt Authority X3		 2020-11-06 -
2021-02-04		 3 months crt.sh
online.rbb.bg
Sectigo RSA Extended Validation Secure Server CA		 2020-04-15 -
2022-04-15		 2 years crt.sh
*.google.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://shivacosmetics.ir/wp-content/themes/server/Service/login/
Frame ID: E31C84C60601C7E0E19F618A0106D72A
Requests: 29 HTTP requests in this frame

Frame: https://www.youtube.com/embed/1Wh2xI03Tgs
Frame ID: A3C69BC41F4CA9A5AE9630F4F928AE9C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://ketodietrecpies.xyz/wp-admin/redirect.php HTTP 302
    https://shivacosmetics.ir/wp-content/themes/server/Service/ HTTP 302
    https://shivacosmetics.ir/wp-content/themes/server/Service/login HTTP 301
    https://shivacosmetics.ir/wp-content/themes/server/Service/login/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • script /require.*\.js/i

Page Statistics

30
Requests

73 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

470 kB
Transfer

1011 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ketodietrecpies.xyz/wp-admin/redirect.php HTTP 302
    https://shivacosmetics.ir/wp-content/themes/server/Service/ HTTP 302
    https://shivacosmetics.ir/wp-content/themes/server/Service/login HTTP 301
    https://shivacosmetics.ir/wp-content/themes/server/Service/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
shivacosmetics.ir/wp-content/themes/server/Service/login/
Redirect Chain
  • https://ketodietrecpies.xyz/wp-admin/redirect.php
  • https://shivacosmetics.ir/wp-content/themes/server/Service/
  • https://shivacosmetics.ir/wp-content/themes/server/Service/login
  • https://shivacosmetics.ir/wp-content/themes/server/Service/login/
39 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://shivacosmetics.ir/wp-content/themes/server/Service/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.201.55.153 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.153.55.201.195.clients.your-server.de
Software
/
Resource Hash
d1529a1f54d9a4661d8640fa54b2ecfeb901ed0561586832094570f892f483ac

Request headers

:method
GET
:authority
shivacosmetics.ir
:scheme
https
:path
/wp-content/themes/server/Service/login/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type
text/html
last-modified
Fri, 11 Dec 2020 11:31:05 GMT
accept-ranges
bytes
content-encoding
br
vary
Accept-Encoding
content-length
6554
date
Mon, 14 Dec 2020 06:23:33 GMT

Redirect headers

content-type
text/html
content-length
706
date
Mon, 14 Dec 2020 06:23:32 GMT
location
https://shivacosmetics.ir/wp-content/themes/server/Service/login/
smartbanner.min.css
online.rbb.bg/Content/css/smartbanner/ 		12 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://online.rbb.bg/Content/css/smartbanner/smartbanner.min.css
Requested by
Host: shivacosmetics.ir
URL: https://shivacosmetics.ir/wp-content/themes/server/Service/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.48.206.22 , Bulgaria, ASN44396 (RBB-, BG),
Reverse DNS
online.rbb.bg
Software
/
Resource Hash
1af1054fde4c9fa4ab8cd305fb5d88dda8124e214556b1338bfbb0a5b762cb75
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://shivacosmetics.ir/wp-content/themes/server/Service/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000;includeSubDomains
content-encoding
gzip
vary
Accept-Encoding
last-modified
Tue, 17 Nov 2020 15:51:24 GMT
server
etag
"0e65580f9bcd61:0"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=1200
date
Mon, 14 Dec 2020 06:26:21 GMT
accept-ranges
bytes
content-length
3900
style.min.css
online.rbb.bg/Content/css/ 		562 KB
67 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://online.rbb.bg/Content/css/style.min.css
Requested by
Host: shivacosmetics.ir
URL: https://shivacosmetics.ir/wp-content/themes/server/Service/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.48.206.22 , Bulgaria, ASN44396 (RBB-, BG),
Reverse DNS
online.rbb.bg
Software
/
Resource Hash
12b4a84e5b4fc77c321d7ff75037fed758c893d9f8ed541969eaa3d5e3e3c248
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://shivacosmetics.ir/wp-content/themes/server/Service/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000;includeSubDomains
content-encoding
gzip
vary
Accept-Encoding
last-modified
Thu, 03 Dec 2020 12:55:24 GMT
server
etag
"0c6b19073c9d61:0"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=1200
date
Mon, 14 Dec 2020 06:26:21 GMT
accept-ranges
bytes
content-length
68026
require.js
shivacosmetics.ir/Scripts/libs/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://shivacosmetics.ir/Scripts/libs/require.js
Requested by
Host: shivacosmetics.ir
URL: https://shivacosmetics.ir/wp-content/themes/server/Service/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.201.55.153 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.153.55.201.195.clients.your-server.de
Software
/
Resource Hash

Request headers

Referer
https://shivacosmetics.ir/wp-content/themes/server/Service/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Dec 2020 06:23:34 GMT
cache-control
no-cache, must-revalidate, max-age=0
content-type
text/html; charset=UTF-8
content-encoding
br
link
<https://shivacosmetics.ir/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
expires
Wed, 11 Jan 1984 05:00:00 GMT
promise.js
shivacosmetics.ir/Scripts/libs/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://shivacosmetics.ir/Scripts/libs/promise.js
Requested by
Host: shivacosmetics.ir
URL: https://shivacosmetics.ir/wp-content/themes/server/Service/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.201.55.153 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.153.55.201.195.clients.your-server.de
Software
/
Resource Hash

Request headers

Referer
https://shivacosmetics.ir/wp-content/themes/server/Service/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Dec 2020 06:23:34 GMT
cache-control
no-cache, must-revalidate, max-age=0
content-type
text/html; charset=UTF-8
content-encoding
br
link
<https://shivacosmetics.ir/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
expires
Wed, 11 Jan 1984 05:00:00 GMT
smartbanner.min.js
shivacosmetics.ir/Scripts/libs/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://shivacosmetics.ir/Scripts/libs/smartbanner.min.js
Requested by
Host: shivacosmetics.ir
URL: https://shivacosmetics.ir/wp-content/themes/server/Service/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.201.55.153 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.153.55.201.195.clients.your-server.de
Software
/
Resource Hash

Request headers

Referer
https://shivacosmetics.ir/wp-content/themes/server/Service/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Dec 2020 06:23:34 GMT
cache-control
no-cache, must-revalidate, max-age=0
content-type
text/html; charset=UTF-8
content-encoding
br
link
<https://shivacosmetics.ir/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
expires
Wed, 11 Jan 1984 05:00:00 GMT
fb.png
shivacosmetics.ir/Content/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://shivacosmetics.ir/Content/images/fb.png
Requested by
Host: shivacosmetics.ir
URL: https://shivacosmetics.ir/wp-content/themes/server/Service/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.201.55.153 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.153.55.201.195.clients.your-server.de
Software
/
Resource Hash
a3c0b11feb56f6a527e29ba429aa72931ca92f8dfab7108bbaae8b9ec5043658

Request headers

Referer
https://shivacosmetics.ir/wp-content/themes/server/Service/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Dec 2020 06:23:34 GMT
cache-control
no-cache, must-revalidate, max-age=0
content-type
text/html; charset=UTF-8
content-encoding
br
link
<https://shivacosmetics.ir/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
expires
Wed, 11 Jan 1984 05:00:00 GMT
youtube.png
shivacosmetics.ir/Content/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://shivacosmetics.ir/Content/images/youtube.png
Requested by
Host: shivacosmetics.ir
URL: https://shivacosmetics.ir/wp-content/themes/server/Service/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.201.55.153 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.153.55.201.195.clients.your-server.de
Software
/
Resource Hash
b2213c86b768fe44b2a48629814a7fffcce9bcf157baad30e0c4461a53f42c79

Request headers

Referer
https://shivacosmetics.ir/wp-content/themes/server/Service/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Dec 2020 06:23:34 GMT
cache-control
no-cache, must-revalidate, max-age=0
content-type
text/html; charset=UTF-8
content-encoding
br
link
<https://shivacosmetics.ir/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
expires
Wed, 11 Jan 1984 05:00:00 GMT
linkedin.png
shivacosmetics.ir/Content/images/ 		64 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://shivacosmetics.ir/Content/images/linkedin.png
Requested by
Host: shivacosmetics.ir
URL: https://shivacosmetics.ir/wp-content/themes/server/Service/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.201.55.153 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.153.55.201.195.clients.your-server.de
Software
/
Resource Hash
9a589e9ea06b3bf115a2ba3c69534751c2f8081f3b91a64527d3e0e7104b36b5

Request headers

Referer
https://shivacosmetics.ir/wp-content/themes/server/Service/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Dec 2020 06:23:35 GMT
cache-control
no-cache, must-revalidate, max-age=0
content-type
text/html; charset=UTF-8
content-encoding
br
link
<https://shivacosmetics.ir/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
expires
Wed, 11 Jan 1984 05:00:00 GMT
twitter.png
shivacosmetics.ir/Content/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://shivacosmetics.ir/Content/images/twitter.png
Requested by
Host: shivacosmetics.ir
URL: https://shivacosmetics.ir/wp-content/themes/server/Service/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.201.55.153 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.153.55.201.195.clients.your-server.de
Software
/
Resource Hash
b2213c86b768fe44b2a48629814a7fffcce9bcf157baad30e0c4461a53f42c79

Request headers

Referer
https://shivacosmetics.ir/wp-content/themes/server/Service/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Dec 2020 06:23:35 GMT
cache-control
no-cache, must-revalidate, max-age=0
content-type
text/html; charset=UTF-8
content-encoding
br
link
<https://shivacosmetics.ir/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
expires
Wed, 11 Jan 1984 05:00:00 GMT
instagram.png
shivacosmetics.ir/Content/images/ 		64 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://shivacosmetics.ir/Content/images/instagram.png
Requested by
Host: shivacosmetics.ir
URL: https://shivacosmetics.ir/wp-content/themes/server/Service/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.201.55.153 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.153.55.201.195.clients.your-server.de
Software
/
Resource Hash
bdfaddcf9ae3a5588c34eec97ba71ac8634059190847c29a11f08bba2a331a34

Request headers

Referer
https://shivacosmetics.ir/wp-content/themes/server/Service/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Dec 2020 06:23:35 GMT
cache-control
no-cache, must-revalidate, max-age=0
content-type
text/html; charset=UTF-8
content-encoding
br
link
<https://shivacosmetics.ir/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
expires
Wed, 11 Jan 1984 05:00:00 GMT
viber.png
shivacosmetics.ir/Content/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://shivacosmetics.ir/Content/images/viber.png
Requested by
Host: shivacosmetics.ir
URL: https://shivacosmetics.ir/wp-content/themes/server/Service/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.201.55.153 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.153.55.201.195.clients.your-server.de
Software
/
Resource Hash
a3c0b11feb56f6a527e29ba429aa72931ca92f8dfab7108bbaae8b9ec5043658

Request headers

Referer
https://shivacosmetics.ir/wp-content/themes/server/Service/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Dec 2020 06:23:35 GMT
cache-control
no-cache, must-revalidate, max-age=0
content-type
text/html; charset=UTF-8
content-encoding
br
link
<https://shivacosmetics.ir/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
expires
Wed, 11 Jan 1984 05:00:00 GMT
rbb-blog.png
shivacosmetics.ir/Content/images/ 		64 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://shivacosmetics.ir/Content/images/rbb-blog.png
Requested by
Host: shivacosmetics.ir
URL: https://shivacosmetics.ir/wp-content/themes/server/Service/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.201.55.153 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.153.55.201.195.clients.your-server.de
Software
/
Resource Hash
530d61154c6a4cae4e260eb0888e52dfd0ee81acdf42270aa29fdb4e510ae193

Request headers

Referer
https://shivacosmetics.ir/wp-content/themes/server/Service/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Dec 2020 06:23:36 GMT
cache-control
no-cache, must-revalidate, max-age=0
content-type
text/html; charset=UTF-8
content-encoding
br
link
<https://shivacosmetics.ir/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
expires
Wed, 11 Jan 1984 05:00:00 GMT
promise.js
shivacosmetics.ir/Scripts/libs/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://shivacosmetics.ir/Scripts/libs/promise.js
Requested by
Host: shivacosmetics.ir
URL: https://shivacosmetics.ir/wp-content/themes/server/Service/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.201.55.153 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.153.55.201.195.clients.your-server.de
Software
/
Resource Hash

Request headers

Referer
https://shivacosmetics.ir/wp-content/themes/server/Service/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Dec 2020 06:23:34 GMT
cache-control
no-cache, must-revalidate, max-age=0
content-type
text/html; charset=UTF-8
content-encoding
br
link
<https://shivacosmetics.ir/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
expires
Wed, 11 Jan 1984 05:00:00 GMT
smartbanner.min.js
shivacosmetics.ir/Scripts/libs/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://shivacosmetics.ir/Scripts/libs/smartbanner.min.js
Requested by
Host: shivacosmetics.ir
URL: https://shivacosmetics.ir/wp-content/themes/server/Service/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.201.55.153 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.153.55.201.195.clients.your-server.de
Software
/
Resource Hash

Request headers

Referer
https://shivacosmetics.ir/wp-content/themes/server/Service/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Dec 2020 06:23:35 GMT
cache-control
no-cache, must-revalidate, max-age=0
content-type
text/html; charset=UTF-8
content-encoding
br
link
<https://shivacosmetics.ir/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
expires
Wed, 11 Jan 1984 05:00:00 GMT
1Wh2xI03Tgs
www.youtube.com/embed/ Frame A3C6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/1Wh2xI03Tgs
Requested by
Host: shivacosmetics.ir
URL: https://shivacosmetics.ir/wp-content/themes/server/Service/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.youtube.com
:scheme
https
:path
/embed/1Wh2xI03Tgs
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://shivacosmetics.ir/wp-content/themes/server/Service/login/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://shivacosmetics.ir/wp-content/themes/server/Service/login/

Response headers

expires
Tue, 27 Apr 1971 19:44:06 GMT
content-type
text/html; charset=utf-8
strict-transport-security
max-age=31536000
content-length
20628
x-content-type-options
nosniff
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cache-control
no-cache
date
Mon, 14 Dec 2020 06:23:35 GMT
server
YouTube Frontend Proxy
x-xss-protection
0
set-cookie
VISITOR_INFO1_LIVE=z-_S3bQM_iQ; path=/; domain=.youtube.com; secure; expires=Sat, 12-Jun-2021 06:23:35 GMT; httponly; samesite=None YSC=Al0MRkxjeJM; path=/; domain=.youtube.com; secure; httponly; samesite=None VISITOR_INFO1_LIVE=z-_S3bQM_iQ; path=/; domain=.youtube.com; secure; expires=Sat, 12-Jun-2021 06:23:35 GMT; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Mon, 14-Dec-2020 06:53:35 GMT
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
bg-body.png
online.rbb.bg/Content/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://online.rbb.bg/Content/images/bg-body.png
Requested by
Host: online.rbb.bg
URL: https://online.rbb.bg/Content/css/style.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.48.206.22 , Bulgaria, ASN44396 (RBB-, BG),
Reverse DNS
online.rbb.bg
Software
/
Resource Hash
ba74790b1e9670ae6429a7cf9f8949d51e042dfa3d2a43f34e779ee3954330eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://online.rbb.bg/Content/css/style.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000;includeSubDomains
last-modified
Tue, 17 Nov 2020 15:51:24 GMT
server
etag
"0e65580f9bcd61:0"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=1200
date
Mon, 14 Dec 2020 06:26:23 GMT
accept-ranges
bytes
content-length
3536
logo-rbb-white-bg.svg
online.rbb.bg/Content/svg/ 		10 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://online.rbb.bg/Content/svg/logo-rbb-white-bg.svg
Requested by
Host: online.rbb.bg
URL: https://online.rbb.bg/Content/css/style.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.48.206.22 , Bulgaria, ASN44396 (RBB-, BG),
Reverse DNS
online.rbb.bg
Software
/
Resource Hash
89dff036ab45ec3efd6e551ab3679501670c50882bcb04e3aefbc787983773b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://online.rbb.bg/Content/css/style.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000;includeSubDomains
content-encoding
gzip
vary
Accept-Encoding
last-modified
Tue, 17 Nov 2020 15:51:24 GMT
server
etag
"0e65580f9bcd61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=1200
date
Mon, 14 Dec 2020 06:26:23 GMT
accept-ranges
bytes
content-length
4191
RBB_1920x500_2.jpg
online.rbb.bg/Content/images/ 		159 KB
159 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://online.rbb.bg/Content/images/RBB_1920x500_2.jpg
Requested by
Host: online.rbb.bg
URL: https://online.rbb.bg/Content/css/style.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.48.206.22 , Bulgaria, ASN44396 (RBB-, BG),
Reverse DNS
online.rbb.bg
Software
/
Resource Hash
fb6d9913fdfd75348edf598b959631ab33d4cdfc3bd531939170811e722f71f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://online.rbb.bg/Content/css/style.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000;includeSubDomains
last-modified
Tue, 17 Nov 2020 15:51:24 GMT
server
etag
"0e65580f9bcd61:0"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=1200
date
Mon, 14 Dec 2020 06:26:23 GMT
accept-ranges
bytes
content-length
162763
326381_1_0.woff
online.rbb.bg/Content/fonts/webfonts/ 		0
0
FuturaPT-Medium.woff
online.rbb.bg/Content/fonts/webfonts/ 		0
0
326381_0_0.woff
online.rbb.bg/Content/fonts/webfonts/ 		0
0
iconset-rbb.ttf
online.rbb.bg/Content/fonts/iconset-rbb// 		0
0
mobileApp.png
online.rbb.bg/Content/images/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://online.rbb.bg/Content/images/mobileApp.png
Requested by
Host: online.rbb.bg
URL: https://online.rbb.bg/Content/css/style.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.48.206.22 , Bulgaria, ASN44396 (RBB-, BG),
Reverse DNS
online.rbb.bg
Software
/
Resource Hash
b2b769bc93904f1ed851dd0c266c5a14ae9fca670ec9cc39fa00065286fb1ae4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://online.rbb.bg/Content/css/style.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000;includeSubDomains
last-modified
Tue, 17 Nov 2020 15:51:24 GMT
server
etag
"0e65580f9bcd61:0"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=1200
date
Mon, 14 Dec 2020 06:26:23 GMT
accept-ranges
bytes
content-length
9051
app-store-bg.png
online.rbb.bg/Content/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://online.rbb.bg/Content/images/app-store-bg.png
Requested by
Host: online.rbb.bg
URL: https://online.rbb.bg/Content/css/style.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.48.206.22 , Bulgaria, ASN44396 (RBB-, BG),
Reverse DNS
online.rbb.bg
Software
/
Resource Hash
5c95c6c1193ef4afdf14770fe02d2f008be731d477b38ad44e3a497241984696
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://online.rbb.bg/Content/css/style.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000;includeSubDomains
last-modified
Tue, 17 Nov 2020 15:51:24 GMT
server
etag
"0e65580f9bcd61:0"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=1200
date
Mon, 14 Dec 2020 06:26:23 GMT
accept-ranges
bytes
content-length
3127
google-play-bg.png
online.rbb.bg/Content/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://online.rbb.bg/Content/images/google-play-bg.png
Requested by
Host: online.rbb.bg
URL: https://online.rbb.bg/Content/css/style.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.48.206.22 , Bulgaria, ASN44396 (RBB-, BG),
Reverse DNS
online.rbb.bg
Software
/
Resource Hash
c84158c02aa08b902be924e5b9b81fd349cd09510aa72710c70a6d55ac931fcd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://online.rbb.bg/Content/css/style.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000;includeSubDomains
last-modified
Tue, 17 Nov 2020 15:51:24 GMT
server
etag
"0e65580f9bcd61:0"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=1200
date
Mon, 14 Dec 2020 06:26:23 GMT
accept-ranges
bytes
content-length
3783
326381_1_0.ttf
online.rbb.bg/Content/fonts/webfonts/ 		0
0
326381_0_0.ttf
online.rbb.bg/Content/fonts/webfonts/ 		0
0
FuturaPT-Medium.ttf
online.rbb.bg/Content/fonts/webfonts/ 		0
0
iconset-rbb.woff
online.rbb.bg/Content/fonts/iconset-rbb// 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
online.rbb.bg
URL
https://online.rbb.bg/Content/fonts/webfonts/326381_1_0.woff
Domain
online.rbb.bg
URL
https://online.rbb.bg/Content/fonts/webfonts/FuturaPT-Medium.woff
Domain
online.rbb.bg
URL
https://online.rbb.bg/Content/fonts/webfonts/326381_0_0.woff
Domain
online.rbb.bg
URL
https://online.rbb.bg/Content/fonts/iconset-rbb//iconset-rbb.ttf?wxo579
Domain
online.rbb.bg
URL
https://online.rbb.bg/Content/fonts/webfonts/326381_1_0.ttf
Domain
online.rbb.bg
URL
https://online.rbb.bg/Content/fonts/webfonts/326381_0_0.ttf
Domain
online.rbb.bg
URL
https://online.rbb.bg/Content/fonts/webfonts/FuturaPT-Medium.ttf
Domain
online.rbb.bg
URL
https://online.rbb.bg/Content/fonts/iconset-rbb//iconset-rbb.woff?wxo579

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Raiffeisen Bank (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

2 Cookies

Domain/Path Name / Value
.youtube.com/ Name: YSC
Value: Al0MRkxjeJM
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: z-_S3bQM_iQ