urlscan.io logo urlscan.io
SecurityTrails logo

univia.1777387013-unicaja.vicentebarrera.es Open in urlscan Pro
20.0.65.40  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/rd0HV5WHra
Effective URL: http://univia.1777387013-unicaja.vicentebarrera.es/login/pages/login.php?id=unicaja
Submission: On July 01 via manual from ES — Scanned from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 3 HTTP transactions. The main IP is 20.0.65.40, located in London, United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is univia.1777387013-unicaja.vicentebarrera.es.
This is the only time univia.1777387013-unicaja.vicentebarrera.es was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Unicaja Banco (Banking)

Domain & IP information

IP Address AS Autonomous System
1 104.244.42.5 13414 (TWITTER)
1 2607:f1c0:100... 8560 (IONOS-AS ...)
1 2 20.0.65.40 8075 (MICROSOFT...)
3 4
Apex Domain
Subdomains		 Transfer
2 vicentebarrera.es
univia.1777387013-unicaja.vicentebarrera.es
740 KB
1 guerraelectric.com
guerraelectric.com
362 B
1 t.co
t.co — Cisco Umbrella Rank: 455
585 B
3 3
Domain Requested by
2 univia.1777387013-unicaja.vicentebarrera.es 1 redirects
1 guerraelectric.com t.co
1 t.co
3 3

This site contains links to these domains. Also see Links.

Domain
univia.unicajabanco.es
www.unicajabanco.es
Subject Issuer Validity Valid
t.co
DigiCert TLS RSA SHA256 2020 CA1		 2021-12-13 -
2022-12-12		 a year crt.sh

This page contains 1 frames:

Primary Page: http://univia.1777387013-unicaja.vicentebarrera.es/login/pages/login.php?id=unicaja
Frame ID: F38B43E05BC10A015D672FF8918A4AA2
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Banca Digital

Page URL History Show full URLs

  1. https://t.co/rd0HV5WHra Page URL
  2. http://guerraelectric.com/uni2.php Page URL
  3. http://univia.1777387013-unicaja.vicentebarrera.es/login/pages/ HTTP 302
    http://univia.1777387013-unicaja.vicentebarrera.es/login/pages/login.php?id=unicaja Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

3
Requests

33 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

850 kB
Transfer

1142 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/rd0HV5WHra Page URL
  2. http://guerraelectric.com/uni2.php Page URL
  3. http://univia.1777387013-unicaja.vicentebarrera.es/login/pages/ HTTP 302
    http://univia.1777387013-unicaja.vicentebarrera.es/login/pages/login.php?id=unicaja Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
rd0HV5WHra
t.co/ 		296 B
585 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/rd0HV5WHra
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
Security Headers
Name Value
Content-Security-Policy referrer always;
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

cache-control
private,max-age=300
content-encoding
gzip
content-length
200
content-security-policy
referrer always;
content-type
text/html; charset=utf-8
date
Fri, 01 Jul 2022 08:29:39 GMT
expires
Fri, 01 Jul 2022 08:34:39 GMT
referrer-policy
unsafe-url
server
tsa_f
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
541838af0dd8cbacad1398864ad1ea10493d98a108d1b173e31daeff54b994f7
x-response-time
114
x-xss-protection
0
uni2.php
guerraelectric.com/ 		107 B
362 B 		Document
General
Check archive.org
Download Go to
Full URL
http://guerraelectric.com/uni2.php
Requested by
Host: t.co
URL: https://t.co/rd0HV5WHra
Protocol
HTTP/1.1
Server
2607:f1c0:100f:f000::26e , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache / PHP/7.4.30
Resource Hash
568cbb5fb5f7a130da64b3b4d34eccfcce992156a20afbb87498bdd44130f5c8

Request headers

Referer
https://t.co/rd0HV5WHra
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 01 Jul 2022 08:29:39 GMT
Keep-Alive
timeout=15
Server
Apache
Transfer-Encoding
chunked
X-Powered-By
PHP/7.4.30
Primary Request login.php
univia.1777387013-unicaja.vicentebarrera.es/login/pages/
Redirect Chain
  • http://univia.1777387013-unicaja.vicentebarrera.es/login/pages/
  • http://univia.1777387013-unicaja.vicentebarrera.es/login/pages/login.php?id=unicaja
739 KB
739 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://univia.1777387013-unicaja.vicentebarrera.es/login/pages/login.php?id=unicaja
Protocol
HTTP/1.1
Server
20.0.65.40 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.0 / PHP/5.6.31
Resource Hash
af43a785b196e313bd68a60d8296e289b7a796c3517a2bc84e4c955703fd0539

Request headers

Referer
http://guerraelectric.com/uni2.php
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

Content-Length
756918
Content-Type
text/html; charset=UTF-8
Date
Fri, 01 Jul 2022 08:29:39 GMT
Server
Microsoft-IIS/8.0
X-Powered-By
PHP/5.6.31

Redirect headers

Content-Length
143
Content-Type
text/html; charset=UTF-8
Date
Fri, 01 Jul 2022 08:29:39 GMT
Location
login.php?id=unicaja
Server
Microsoft-IIS/8.0
X-Powered-By
PHP/5.6.31
truncated
/ 		293 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
000bd923afd32f1f0bd7fc0b6a1f678abadcc312132cb4c97fa7da3ea51667c7

Request headers

accept-language
es-ES,es;q=0.9
Referer
http://univia.1777387013-unicaja.vicentebarrera.es/
User-Agent
Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
67ec87431686763cfb0bd91cb8579dcc48439390e871a491b486f962e9739698

Request headers

Referer
http://univia.1777387013-unicaja.vicentebarrera.es/
Origin
http://univia.1777387013-unicaja.vicentebarrera.es
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4850faf26ff351b712c9a457ef24a8bfd74ab4ace46108b4047190c709638c3e

Request headers

Referer
http://univia.1777387013-unicaja.vicentebarrera.es/
Origin
http://univia.1777387013-unicaja.vicentebarrera.es
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e37b7f948df8b020411395910ad99029037352f2d8db439cdd454013bf7da464

Request headers

Referer
http://univia.1777387013-unicaja.vicentebarrera.es/
Origin
http://univia.1777387013-unicaja.vicentebarrera.es
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7ba073042bda286924f05982fea46aa04e326f3c769adf6f6620175c4fb41afa

Request headers

Referer
http://univia.1777387013-unicaja.vicentebarrera.es/
Origin
http://univia.1777387013-unicaja.vicentebarrera.es
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c7176067ccc6baba737795a5d0222200407eb1018a867d46cfcc3b285399ee49

Request headers

Referer
http://univia.1777387013-unicaja.vicentebarrera.es/
Origin
http://univia.1777387013-unicaja.vicentebarrera.es
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type
application/font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Unicaja Banco (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| savepage_ShadowLoader

1 Cookies

Domain/Path Name / Value
.t.co/ Name: muc
Value: 7336c9e0-eacf-4d79-b515-c7a7c0a93d98

1 Console Messages

Source Level URL
Text
security error URL: https://t.co/rd0HV5WHra
Message:
Unrecognized Content-Security-Policy directive 'referrer'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy referrer always;
Strict-Transport-Security max-age=0
X-Xss-Protection 0