urlscan.io logo urlscan.io
SecurityTrails logo

gumter.ci Open in urlscan Pro
75.119.133.125  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://techzara.org/solar
Effective URL: https://gumter.ci/mps/
Submission: On February 26 via api from EE — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 75.119.133.125, located in Düsseldorf, Germany and belongs to CONTABO, DE. The main domain is gumter.ci.
TLS certificate: Issued by R3 on January 5th 2024. Valid for: 3 months.
This is the only time gumter.ci was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banca Monte dei Paschi (Banking)

Domain & IP information

IP Address AS Autonomous System
1 2 138.197.65.170 14061 (DIGITALOC...)
1 75.119.133.125 51167 (CONTABO)
2 3
Apex Domain
Subdomains		 Transfer
2 techzara.org
techzara.org
719 B
1 gumter.ci
gumter.ci
76 KB
2 2
Domain Requested by
2 techzara.org 1 redirects
1 gumter.ci
2 2

This site contains links to these domains. Also see Links.

Domain
aziendaonline.mps.it
www.carteaziende.mps.it
www.mps.it
intranet.gruppomps.it
wof.mps.it
Subject Issuer Validity Valid
techzara.org
R3		 2024-01-10 -
2024-04-09		 3 months crt.sh
gumter.ci
R3		 2024-01-05 -
2024-04-04		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://gumter.ci/mps/
Frame ID: CA7B438286D2FEB932FD2AA794616984
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Banca MPS

Page URL History Show full URLs

  1. https://techzara.org/solar HTTP 301
    https://techzara.org/solar/ Page URL
  2. https://gumter.ci/mps/ Page URL

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

77 kB
Transfer

98 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://techzara.org/solar HTTP 301
    https://techzara.org/solar/ Page URL
  2. https://gumter.ci/mps/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://techzara.org/solar HTTP 301
  • https://techzara.org/solar/

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
techzara.org/solar/
Redirect Chain
  • https://techzara.org/solar
  • https://techzara.org/solar/
71 B
455 B 		Document
General
Check archive.org
Download Go to
Full URL
https://techzara.org/solar/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.197.65.170 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
techzara.org
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
7e9e70284cd83a8d0fc5e084989d98e4a1616b054c156579a70f90a09d529363

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
it-IT,it;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
89
Content-Type
text/html
Date
Mon, 26 Feb 2024 08:35:08 GMT
ETag
"47-6123022646940-gzip"
Keep-Alive
timeout=5, max=99
Last-Modified
Sun, 25 Feb 2024 07:56:45 GMT
Server
Apache/2.4.29 (Ubuntu)
Vary
Accept-Encoding

Redirect headers

Connection
Keep-Alive
Content-Length
314
Content-Type
text/html; charset=iso-8859-1
Date
Mon, 26 Feb 2024 08:35:08 GMT
Keep-Alive
timeout=5, max=100
Location
https://techzara.org/solar/
Server
Apache/2.4.29 (Ubuntu)
Primary Request /
gumter.ci/mps/ 		76 KB
76 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gumter.ci/mps/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
75.119.133.125 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
host.jeberge.com
Software
Apache /
Resource Hash
d1aa15f827d7172116a552163ea6f19738eeaa7cca815e842ddbb764c64f91cc

Request headers

Referer
https://techzara.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
it-IT,it;q=0.9

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Mon, 26 Feb 2024 08:35:09 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Transfer-Encoding
chunked
truncated
/ 		11 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0a0c6433b58c72136375414d6f7a6a511932eeaac396f7c0991a2b953fa2eaaa

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/jpeg
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d46dda2fab1d8fe763cec3ef41291116c4df2667bdb89448b37fbc342249924a

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ 		999 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9c9b26055379437522e81d6ad02ec43de51199f7ee3ad2fb8a7f6ab3a44efccf

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0723be3bac2e41d6d7aa267af24f45a7240d74ead82a130765f83fc6fbf19723

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
11fda756daabdaa65f100e3296fe54d09440bfe68fb8f0b162230d3f9e91eb05

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/ 		946 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
85e61a4c5a8e573ee32eacc27bcf252692440a103548ead79ed85cb7d3765924

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banca Monte dei Paschi (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

0 Cookies