evaluare.ugal.ro Open in urlscan Pro
193.231.148.242 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://szabist.edu.pk/wp-admin/user/discoverlkre33232/
Effective URL:
https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25
Submission: On August 03 via manual (August 3rd 2023, 8:26:28 am UTC) from IN — Scanned from DE

Summary HTTP 14 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 14 HTTP transactions. The main IP is 193.231.148.242, located in Romania and belongs to ROEDUNET, RO. The main domain is evaluare.ugal.ro.
TLS certificate: Issued by GEANT OV RSA CA 4 on October 12th 2022. Valid for: a year.

This is the only time evaluare.ugal.ro was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Discover (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1	111.68.108.200 111.68.108.200	45773 (HECPERN-A...) (HECPERN-AS-PK PERN AS Content Servie Provider)
3 7	193.231.148.242 193.231.148.242	2614 (ROEDUNET) (ROEDUNET)
7	95.100.67.106 95.100.67.106	16625 (AKAMAI-AS) (AKAMAI-AS)
14	4

1 111.68.108.200 (Karachi, Pakistan)

ASN45773 (HECPERN-AS-PK PERN AS Content Servie Provider, Islamabad, Pakistan, PK)
PTR: szabist.edu.pk

szabist.edu.pk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 193.231.148.242 (Romania) 3 redirects

ASN2614 (ROEDUNET, RO)
PTR: hosting-3.ugal.ro

evaluare.ugal.ro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 95.100.67.106 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-67-106.deploy.static.akamaitechnologies.com

portal.discover.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	discover.com portal.discover.com — Cisco Umbrella Rank: 45590	227 KB
7	ugal.ro 3 redirects evaluare.ugal.ro	20 KB
1	szabist.edu.pk szabist.edu.pk	504 B
14	3

	Domain	Requested by
7	portal.discover.com	evaluare.ugal.ro portal.discover.com
7	evaluare.ugal.ro	3 redirects evaluare.ugal.ro
1	szabist.edu.pk
14	3

This site contains links to these domains. Also see Links.

Domain
www.fdic.gov

Subject Issuer	Validity	Valid
www.szabist.edu.pk R3	`2023-08-03` - `2023-11-01`	3 months	crt.sh
evaluare.ugal.ro GEANT OV RSA CA 4	`2022-10-12` - `2023-10-12`	a year	crt.sh
www.discovercard.com DigiCert EV RSA CA G2	`2023-03-15` - `2024-04-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25
Frame ID: DF9BBA377769AE6FD8977FEC36E0F5F5
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Credit Card Login | Discover Card

Page URL History Show full URLs

https://szabist.edu.pk/wp-admin/user/discoverlkre33232/ Page URL
https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/ HTTP 302
https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+ HTTP 301
https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/ HTTP 302
https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.21... Page URL

Page Statistics

14
Requests

86 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

246 kB
Transfer

624 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.fdic.gov/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://szabist.edu.pk/wp-admin/user/discoverlkre33232/ Page URL
https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/ HTTP 302
https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+ HTTP 301
https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/ HTTP 302
https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
szabist.edu.pk/wp-admin/user/discoverlkre33232/ 381 B
504 B 1119ms
501ms Document
text/html 111.68.108.200
HECPERN-AS-PK PER...

General

Check archive.org

Show headers Download Go to

Full URL: https://szabist.edu.pk/wp-admin/user/discoverlkre33232/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.68.108.200 Karachi, Pakistan, ASN45773 (HECPERN-AS-PK PERN AS Content Servie Provider, Islamabad, Pakistan, PK),
Reverse DNS: szabist.edu.pk
Software: Microsoft-IIS/10.0 / PHP/8.0.23 ASP.NET
Resource Hash: 87478721b18a6a424b873867b453fa09d7580d5ca61dabb7bba921c5d19f5364

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 381
content-type: text/html; charset=UTF-8
date: Thu, 03 Aug 2023 08:26:23 GMT
server: Microsoft-IIS/10.0
x-powered-by: PHP/8.0.23 ASP.NET

GET
H/1.1

200
OK

Primary Request sisclog.htm Show response
evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/
Redirect Chain

https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/
https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+
https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/
https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25

33 KB
6 KB

61ms
61ms

Document
text/html

193.231.148.242
ROEDUNET

General

Check archive.org

Show headers Download Go to

Full URL: https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 193.231.148.242 , Romania, ASN2614 (ROEDUNET, RO),
Reverse DNS: hosting-3.ugal.ro
Software: Apache /
Resource Hash: d2f61046f3cd361d3bd18d4219753a0c3a6298fe33e61386b14b23ec18fb64d8

Request headers

Referer: https://szabist.edu.pk/wp-admin/user/discoverlkre33232/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 6131
Content-Type: text/html
Date: Thu, 03 Aug 2023 08:26:23 GMT
ETag: "83fc-601eeec9fbe00-gzip"
Keep-Alive: timeout=5, max=97
Last-Modified: Wed, 02 Aug 2023 11:25:44 GMT
Server: Apache
Vary: Accept-Encoding

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Thu, 03 Aug 2023 08:26:23 GMT
Keep-Alive: timeout=5, max=98
Location: sisclog.htm?ip=217.114.218.25
Server: Apache

GET
H/1.1 200
OK common.min.css
portal.discover.com/global/public/css/ 241 KB
38 KB 211ms
64ms Stylesheet
text/css 95.100.67.106
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://portal.discover.com/global/public/css/common.min.css?rel=5837fg78rt

Requested by

Host: evaluare.ugal.ro
URL: https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.67.106 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-67-106.deploy.static.akamaitechnologies.com

Software

Resource Hash

2db69f6449c7af1fea4eb4e443260844c42a6f246e9f85e9ac42884488bb78c4

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://evaluare.ugal.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 08 Oct 2020 12:08:25 GMT
Date: Thu, 03 Aug 2023 08:26:24 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 38029
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK at-top-v2-public.min.js Show response
portal.discover.com/global/public/scripts/ 142 KB
45 KB 222ms
54ms Script
application/javascript 95.100.67.106
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://portal.discover.com/global/public/scripts/at-top-v2-public.min.js?ver=6745124a56

Requested by

Host: evaluare.ugal.ro
URL: https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.67.106 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-67-106.deploy.static.akamaitechnologies.com

Software

Resource Hash

7cf5c6cb2fe80643a79bc224ebac820a3fed07e1fab03673678aa51f56c05288

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://evaluare.ugal.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 26 Jul 2023 05:45:32 GMT
Date: Thu, 03 Aug 2023 08:26:24 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 45069
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found login-logout.min.css
evaluare.ugal.ro/portal.discover.com/applications/login-logout/css/ 0
0 51ms
51ms Stylesheet
text/html 193.231.148.242
ROEDUNET

General

Check archive.org

Show headers Download Go to

Full URL: https://evaluare.ugal.ro/portal.discover.com/applications/login-logout/css/login-logout.min.css?rel=5689ert5679
Requested by: Host: evaluare.ugal.ro
URL: https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 193.231.148.242 , Romania, ASN2614 (ROEDUNET, RO),
Reverse DNS: hosting-3.ugal.ro
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 03 Aug 2023 08:26:23 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK discover-logo.png
portal.discover.com/global/images/ 3 KB
4 KB 39ms
38ms Image
image/png 95.100.67.106
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://portal.discover.com/global/images/discover-logo.png

Requested by

Host: evaluare.ugal.ro
URL: https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.67.106 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-67-106.deploy.static.akamaitechnologies.com

Software

Resource Hash

90ff61e1180bef924c563843bba2edc5f5e726c8f7495e896d99765aadb72d74

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://evaluare.ugal.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Date: Thu, 03 Aug 2023 08:26:24 GMT
Last-Modified: Tue, 12 Dec 2017 07:27:45 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3212
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK icon-spyglass.png
portal.discover.com/global/images/ 443 B
925 B 70ms
70ms Image
image/png 95.100.67.106
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://portal.discover.com/global/images/icon-spyglass.png

Requested by

Host: evaluare.ugal.ro
URL: https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.67.106 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-67-106.deploy.static.akamaitechnologies.com

Software

Resource Hash

2c368b494568114802e37bb3940d7f2763cb4a5e1424403460cb3710442d6125

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://evaluare.ugal.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Date: Thu, 03 Aug 2023 08:26:24 GMT
Last-Modified: Tue, 12 Dec 2017 07:27:53 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 443
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Site_marketing_LRG_at.jpg
portal.discover.com/applications/login-logout/images/ 49 KB
50 KB 46ms
42ms Image
image/jpeg 95.100.67.106
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://portal.discover.com/applications/login-logout/images/Site_marketing_LRG_at.jpg

Requested by

Host: evaluare.ugal.ro
URL: https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.67.106 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-67-106.deploy.static.akamaitechnologies.com

Software

Resource Hash

9407c28cd67bb26799629f4dd6c069ca85cda2c40d3c37145f916b155dafa137

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://evaluare.ugal.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Date: Thu, 03 Aug 2023 08:26:24 GMT
Last-Modified: Mon, 22 May 2023 06:48:03 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 50503
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Site_marketing_SML_at.png
portal.discover.com/applications/login-logout/images/ 32 KB
32 KB 87ms
35ms Image
image/png 95.100.67.106
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://portal.discover.com/applications/login-logout/images/Site_marketing_SML_at.png

Requested by

Host: evaluare.ugal.ro
URL: https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.67.106 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-67-106.deploy.static.akamaitechnologies.com

Software

Resource Hash

0a1d0cc413f2522b27f1b4ec61179cc2c8d33eb76c510b544b82328099e0ab29

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://evaluare.ugal.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Date: Thu, 03 Aug 2023 08:26:24 GMT
Last-Modified: Mon, 22 May 2023 06:48:03 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 32504
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK sisclog.htm Show response
evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/ 33 KB
6 KB 100ms
61ms Script
text/html 193.231.148.242
ROEDUNET

General

Check archive.org

Show headers Download Go to

Full URL: https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25
Requested by: Host: evaluare.ugal.ro
URL: https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 193.231.148.242 , Romania, ASN2614 (ROEDUNET, RO),
Reverse DNS: hosting-3.ugal.ro
Software: Apache /
Resource Hash: d2f61046f3cd361d3bd18d4219753a0c3a6298fe33e61386b14b23ec18fb64d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 03 Aug 2023 08:26:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Aug 2023 11:25:44 GMT
Server: Apache
ETag: "83fc-601eeec9fbe00-gzip"
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 6131

GET
H/1.1 200
OK sisclog.htm
evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/ 33 KB
6 KB 61ms
61ms Stylesheet
text/html 193.231.148.242
ROEDUNET

General

Check archive.org

Show headers Download Go to

Full URL: https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25
Requested by: Host: evaluare.ugal.ro
URL: https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 193.231.148.242 , Romania, ASN2614 (ROEDUNET, RO),
Reverse DNS: hosting-3.ugal.ro
Software: Apache /
Resource Hash: d2f61046f3cd361d3bd18d4219753a0c3a6298fe33e61386b14b23ec18fb64d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 03 Aug 2023 08:26:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Aug 2023 11:25:44 GMT
Server: Apache
ETag: "83fc-601eeec9fbe00-gzip"
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 6131

GET
H/1.1 200
OK utility-icons.png
portal.discover.com/global/images/ 57 KB
58 KB 51ms
51ms Image
image/png 95.100.67.106
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://portal.discover.com/global/images/utility-icons.png

Requested by

Host: portal.discover.com
URL: https://portal.discover.com/global/public/css/common.min.css?rel=5837fg78rt

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.67.106 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-67-106.deploy.static.akamaitechnologies.com

Software

Resource Hash

21c79af7cc321d8e83d669535265ef5df2201aad735b3f2a56c7c4267723b302

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://portal.discover.com/global/public/css/common.min.css?rel=5837fg78rt
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Date: Thu, 03 Aug 2023 08:26:24 GMT
Last-Modified: Tue, 29 Jun 2021 05:49:24 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 58699
X-XSS-Protection: 1; mode=block

GET MetaWebPro-Bold.woff
portal.discover.com/global/public/fonts/ 0
0

GET MetaWebPro-Normal.woff
portal.discover.com/global/public/fonts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: portal.discover.com
URL: https://portal.discover.com/global/public/fonts/MetaWebPro-Bold.woff

Domain: portal.discover.com
URL: https://portal.discover.com/global/public/fonts/MetaWebPro-Normal.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Discover (Financial)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| targetPageParams object| discover object| adobe

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://evaluare.ugal.ro/portal.discover.com/applications/login-logout/css/login-logout.min.css?rel=5689ert5679 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25 Message: Access to font at 'https://portal.discover.com/global/public/fonts/MetaWebPro-Normal.woff' from origin 'https://evaluare.ugal.ro' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://portal.discover.com/global/public/fonts/MetaWebPro-Normal.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://evaluare.ugal.ro/administrator/language/en-GB/newdiscovercard/_+-=+/sisclog.htm?ip=217.114.218.25 Message: Access to font at 'https://portal.discover.com/global/public/fonts/MetaWebPro-Bold.woff' from origin 'https://evaluare.ugal.ro' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://portal.discover.com/global/public/fonts/MetaWebPro-Bold.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

evaluare.ugal.ro
portal.discover.com
szabist.edu.pk
portal.discover.com
111.68.108.200
193.231.148.242
95.100.67.106
0a1d0cc413f2522b27f1b4ec61179cc2c8d33eb76c510b544b82328099e0ab29
21c79af7cc321d8e83d669535265ef5df2201aad735b3f2a56c7c4267723b302
2c368b494568114802e37bb3940d7f2763cb4a5e1424403460cb3710442d6125
2db69f6449c7af1fea4eb4e443260844c42a6f246e9f85e9ac42884488bb78c4
7cf5c6cb2fe80643a79bc224ebac820a3fed07e1fab03673678aa51f56c05288
87478721b18a6a424b873867b453fa09d7580d5ca61dabb7bba921c5d19f5364
90ff61e1180bef924c563843bba2edc5f5e726c8f7495e896d99765aadb72d74
9407c28cd67bb26799629f4dd6c069ca85cda2c40d3c37145f916b155dafa137
d2f61046f3cd361d3bd18d4219753a0c3a6298fe33e61386b14b23ec18fb64d8

evaluare.ugal.ro Open in urlscan Pro 193.231.148.242 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

14 Requests

86 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

3 Countries

246 kBTransfer

624 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

5 Console Messages

Indicators

evaluare.ugal.ro Open in urlscan Pro
193.231.148.242 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

86 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

246 kB
Transfer

624 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!