ra-iu.org Open in urlscan Pro
212.18.231.212  Malicious Activity! Public Scan

6 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response ra-iu.org/-/at/	310 KB 311 KB	1059ms 977ms	Document text/html	212.18.231.212 DIMENOC
General Check archive.org Show headers Download Go to Full URL https://ra-iu.org/-/at/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 212.18.231.212 , United Kingdom, ASN33182 (DIMENOC, US), Reverse DNS 212-18-231-212.static.hostdime.com Software Apache / Resource Hash 339be72db81295f2bb41587b1e71968b3a5c8a3ce04ef10156368356f621774e Request headers Host ra-iu.org Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Response headers Date Fri, 03 Apr 2020 09:13:39 GMT Server Apache Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Set-Cookie PHPSESSID=5ta2untmafhunrjpisib493o45; path=/ Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	MrzQfuEGGBFphCI.css login.sparkasse.at/	159 B 1 KB	154ms 26ms	Stylesheet text/css	213.150.6.28 IT-AUSTRIA Vienna
General Check archive.org Show headers Download Go to Full URL https://login.sparkasse.at/MrzQfuEGGBFphCI.css Requested by Host: ra-iu.org URL: https://ra-iu.org/-/at/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 213.150.6.28 Vienna, Austria, ASN12895 (IT-AUSTRIA Vienna, Austria, AT), Reverse DNS login.sparkasse.at Software / Resource Hash f256c63b4a59058870ab784ea550c690a7c641cfcca3ee42519baec43416408f Request headers Referer https://ra-iu.org/-/at/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers Cache-Control private, max-age=86400 Content-Length 159 Content-Type text/css
GET H/1.1	200	lib.css login.sparkasse.at/sts/styles/	92 KB 20 KB	182ms 53ms	Stylesheet text/css	213.150.6.28 IT-AUSTRIA Vienna
General Check archive.org Show headers Download Go to Full URL https://login.sparkasse.at/sts/styles/lib.css Requested by Host: ra-iu.org URL: https://ra-iu.org/-/at/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 213.150.6.28 Vienna, Austria, ASN12895 (IT-AUSTRIA Vienna, Austria, AT), Reverse DNS login.sparkasse.at Software Apache / Resource Hash 2ef681aee9a74dbdb418977f24a8b0c06e8af55f5331df472fce382249f5a161 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://ra-iu.org/-/at/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers Date Fri, 03 Apr 2020 16:18:36 GMT Content-Encoding br X-Content-Type-Options nosniff Transfer-Encoding chunked Connection Keep-Alive X-XSS-Protection 1; mode=block Last-Modified Tue, 25 Feb 2020 13:23:46 GMT Server Apache X-Frame-Options DENY ETag W/"94195-1582637026000-br" Vary Accept-Encoding Strict-Transport-Security max-age=31536000 Content-Type text/css Accept-Ranges bytes Keep-Alive timeout=60, max=100 Expires Fri, 03 Apr 2020 18:23:37 GMT
GET H/1.1	200 OK	7374732f6f617574682f617574686f72697a65.js Show response login.sparkasse.at/KfE1bB30fy/	30 KB 30 KB	129ms 47ms	Script text/javascript	213.150.6.28 IT-AUSTRIA Vienna
General Check archive.org Show headers Download Go to Full URL https://login.sparkasse.at/KfE1bB30fy/7374732f6f617574682f617574686f72697a65.js Requested by Host: ra-iu.org URL: https://ra-iu.org/-/at/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 213.150.6.28 Vienna, Austria, ASN12895 (IT-AUSTRIA Vienna, Austria, AT), Reverse DNS login.sparkasse.at Software / Resource Hash 18e4f2542bfff1c404b947dde42cf6e52f0c670c431fb298077b67b9d6683e20 Request headers Referer https://ra-iu.org/-/at/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Pragma no-cache Cache-Control no-cache Content-Length 31048 Content-Type text/javascript
GET H/1.1	200 OK	0819247478ab180049e95fdbc301d15b2a0f416a1eb5610e1990f46ce427bb42.js Show response login.sparkasse.at/9ig6dOujn/	0 1 KB	109ms 26ms	Script text/javascript	213.150.6.28 IT-AUSTRIA Vienna
General Check archive.org Show headers Download Go to Full URL https://login.sparkasse.at/9ig6dOujn/0819247478ab180049e95fdbc301d15b2a0f416a1eb5610e1990f46ce427bb42.js Requested by Host: ra-iu.org URL: https://ra-iu.org/-/at/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 213.150.6.28 Vienna, Austria, ASN12895 (IT-AUSTRIA Vienna, Austria, AT), Reverse DNS login.sparkasse.at Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://ra-iu.org/-/at/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Pragma no-cache Cache-Control no-cache Content-Length 0 Content-Type text/javascript
GET H/1.1	200	Doppel-Logo_o_Claim.svg login.sparkasse.at/sts/images/logos/	6 KB 3 KB	126ms 46ms	Image image/svg+xml	213.150.6.28 IT-AUSTRIA Vienna
General Check archive.org Show headers Download Go to Show image Full URL https://login.sparkasse.at/sts/images/logos/Doppel-Logo_o_Claim.svg Requested by Host: ra-iu.org URL: https://ra-iu.org/-/at/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 213.150.6.28 Vienna, Austria, ASN12895 (IT-AUSTRIA Vienna, Austria, AT), Reverse DNS login.sparkasse.at Software Apache / Resource Hash b8bb52fdbcbdc0b034daee432a3eb2f3232cb0ba16a3eb527bae55cdbc4aaa96 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://ra-iu.org/-/at/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 03 Apr 2020 16:18:36 GMT Content-Encoding br X-Content-Type-Options nosniff Connection Keep-Alive Content-Length 2008 X-XSS-Protection 1; mode=block Last-Modified Tue, 25 Feb 2020 13:23:46 GMT Server Apache X-Frame-Options DENY ETag W/"6025-1582637026000-br" Vary Accept-Encoding Strict-Transport-Security max-age=31536000 Content-Type image/svg+xml Accept-Ranges bytes Keep-Alive timeout=60, max=100 Expires Fri, 03 Apr 2020 18:23:37 GMT
GET H/1.1	200	George-symbol.svg login.sparkasse.at/sts/images/clients/	915 B 1 KB	133ms 52ms	Image image/svg+xml	213.150.6.28 IT-AUSTRIA Vienna
General Check archive.org Show headers Download Go to Show image Full URL https://login.sparkasse.at/sts/images/clients/George-symbol.svg Requested by Host: ra-iu.org URL: https://ra-iu.org/-/at/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 213.150.6.28 Vienna, Austria, ASN12895 (IT-AUSTRIA Vienna, Austria, AT), Reverse DNS login.sparkasse.at Software Apache / Resource Hash 04cf169a10f64a9ce6b5650e37e047651690b18b238e1f431636aa292d6fb600 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://ra-iu.org/-/at/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 03 Apr 2020 16:18:37 GMT Content-Encoding br X-Content-Type-Options nosniff Connection Keep-Alive Content-Length 442 X-XSS-Protection 1; mode=block Last-Modified Tue, 25 Feb 2020 13:23:46 GMT Server Apache X-Frame-Options DENY ETag W/"915-1582637026000-br" Vary Accept-Encoding Strict-Transport-Security max-age=31536000 Content-Type image/svg+xml Accept-Ranges bytes Keep-Alive timeout=60, max=100 Expires Fri, 03 Apr 2020 18:23:37 GMT
GET H/1.1	200	bankcard.gif login.sparkasse.at/sts/images/	49 KB 50 KB	41ms 40ms	Image image/gif	213.150.6.28 IT-AUSTRIA Vienna
General Check archive.org Show headers Download Go to Show image Full URL https://login.sparkasse.at/sts/images/bankcard.gif Requested by Host: ra-iu.org URL: https://ra-iu.org/-/at/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 213.150.6.28 Vienna, Austria, ASN12895 (IT-AUSTRIA Vienna, Austria, AT), Reverse DNS login.sparkasse.at Software Apache / Resource Hash b0f484443bd01c61cebbfb1c3abe4a253e3a0c314150025521712fefc3284224 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://ra-iu.org/-/at/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 03 Apr 2020 16:18:36 GMT Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Last-Modified Tue, 25 Feb 2020 13:23:48 GMT Server Apache ETag W/"50328-1582637028000" X-Frame-Options DENY Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=60, max=99 Content-Length 50328 X-XSS-Protection 1; mode=block Expires Fri, 03 Apr 2020 18:23:37 GMT
GET DATA	200 OK	truncated /	68 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash fcefa276f4f9af1acd48ef626f2c53be9990253a7498d22bae50689baa834af7 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	900 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ac46b34d79ab1942b00cfcf903cf75e0e2ed9f354ed493a2cf7d5fa0d85c569b Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	9 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 48c24fd8fb19b02949a64918eb768e58dbe70210ad7de1f7f78dfc0052dfde82 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/svg+xml
GET		erstewf-bold-webfont.woff login.sparkasse.at/sts/styles/DST_ErsteWeb/	0 0
GET		erstewf-book-webfont.woff login.sparkasse.at/sts/styles/DST_ErsteWeb/	0 0
GET		erstewf-bold-webfont.ttf login.sparkasse.at/sts/styles/DST_ErsteWeb/	0 0
GET		erstewf-book-webfont.ttf login.sparkasse.at/sts/styles/DST_ErsteWeb/	0 0
GET		/ login.sparkasse.at/Q2wS57y/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

login.sparkasse.at

URL

https://login.sparkasse.at/sts/styles/DST_ErsteWeb/erstewf-bold-webfont.woff

Domain

login.sparkasse.at

URL

https://login.sparkasse.at/sts/styles/DST_ErsteWeb/erstewf-book-webfont.woff

Domain

login.sparkasse.at

URL

https://login.sparkasse.at/sts/styles/DST_ErsteWeb/erstewf-bold-webfont.ttf

Domain

login.sparkasse.at

URL

https://login.sparkasse.at/sts/styles/DST_ErsteWeb/erstewf-book-webfont.ttf

Domain

login.sparkasse.at

URL

https://login.sparkasse.at/Q2wS57y/?m=040ef8927a1d1fcfc0872c4b448635ecb6d39b376bbd5dc06800541852dc1e327d9ba653646cd7e9da05032f236fb46f0a6ba77680ba4c63a0e28d60b3147ab1c3d6cd02b99281e3ef5e6bf35ebe4b86460cd53b6f8b2c14dc19488323ea0aa10e3f4ea64735ae0c21b6265400c6

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sparkasse (Banking)

124 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| keepalive function| setupKeepaliveInterval number| FLIP_ICON_HEIGHT undefined| myWindow function| sumNumbers function| doRwd function| calcCol2Height function| calcVisibleWhiteboxHeight function| centerpage function| confirmmsg function| windowtracker function| $ function| jQuery function| Arcfour function| ARC4init function| ARC4next function| prng_newstate number| rng_psize undefined| rng_state object| rng_pool number| rng_pptr function| rng_seed_int function| rng_seed_time number| t object| ua undefined| z function| rng_get_byte function| rng_get_bytes function| SecureRandom number| dbits number| canary boolean| j_lm function| BigInteger function| nbi function| am1 function| am2 function| am3 number| BI_FP string| BI_RM object| BI_RC number| rr number| vv function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| parseBigInt function| linebrk function| byte2Hex function| pkcs1pad2 function| RSAKey function| RSASetPublic function| RSADoPublic function| RSAEncrypt object| reWhiteSpace function| Utf8Encode function| htmlToJsConversion function| nbalert function| setFldFocus function| isWhiteSpace function| isEmpty function| doDisableSpecifiedForm function| doSubmitAndDisable function| jsxEncrypt function| encodeToHex object| STS function| setFocus function| displayError function| checkUser function| checkPwd number| totalEncryptAttempts function| disableInputField function| disableInputFields function| validateMac function| encodeForHtmlAttribute function| validateMacRetry function| submitCredentials function| submitSecret function| submitCancelLoginForm undefined| ie9rgb4 boolean| NGMF string| anti_fraud object| JS boolean| rEbn boolean| bLauNCTx boolean| Tpimob object| input object| username

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ra-iu.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: 5ta2untmafhunrjpisib493o45

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login.sparkasse.at
ra-iu.org
login.sparkasse.at
212.18.231.212
213.150.6.28
04cf169a10f64a9ce6b5650e37e047651690b18b238e1f431636aa292d6fb600
18e4f2542bfff1c404b947dde42cf6e52f0c670c431fb298077b67b9d6683e20
2ef681aee9a74dbdb418977f24a8b0c06e8af55f5331df472fce382249f5a161
339be72db81295f2bb41587b1e71968b3a5c8a3ce04ef10156368356f621774e
48c24fd8fb19b02949a64918eb768e58dbe70210ad7de1f7f78dfc0052dfde82
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
ac46b34d79ab1942b00cfcf903cf75e0e2ed9f354ed493a2cf7d5fa0d85c569b
b0f484443bd01c61cebbfb1c3abe4a253e3a0c314150025521712fefc3284224
b8bb52fdbcbdc0b034daee432a3eb2f3232cb0ba16a3eb527bae55cdbc4aaa96
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f256c63b4a59058870ab784ea550c690a7c641cfcca3ee42519baec43416408f
fcefa276f4f9af1acd48ef626f2c53be9990253a7498d22bae50689baa834af7