ra-iu.org
Open in
urlscan Pro
212.18.231.212
Malicious Activity!
Public Scan
Submission: On April 03 via manual from CZ
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 28th 2020. Valid for: 3 months.
This is the only time ra-iu.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparkasse (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 212.18.231.212 212.18.231.212 | 33182 (DIMENOC) (DIMENOC) | |
7 | 213.150.6.28 213.150.6.28 | 12895 (IT-AUSTRI...) (IT-AUSTRIA Vienna) | |
13 | 3 |
ASN33182 (DIMENOC, US)
PTR: 212-18-231-212.static.hostdime.com
ra-iu.org |
ASN12895 (IT-AUSTRIA Vienna, Austria, AT)
PTR: login.sparkasse.at
login.sparkasse.at |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
sparkasse.at
login.sparkasse.at |
106 KB |
1 |
ra-iu.org
ra-iu.org |
311 KB |
13 | 2 |
Domain | Requested by | |
---|---|---|
7 | login.sparkasse.at |
ra-iu.org
|
1 | ra-iu.org | |
13 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
login.sparkasse.at |
www.sparkasse.at |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ra-iu.org cPanel, Inc. Certification Authority |
2020-02-28 - 2020-05-28 |
3 months | crt.sh |
login.sparkasse.at DigiCert SHA2 Extended Validation Server CA |
2019-05-13 - 2020-05-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ra-iu.org/-/at/
Frame ID: A369027BB422C497AB62E27C34B313D3
Requests: 17 HTTP requests in this frame
6 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Impressum
Search URL Search Domain Scan URL
Title: Datenschutz
Search URL Search Domain Scan URL
Title: Geschäftsbedingungen
Search URL Search Domain Scan URL
Title: Service & Kontakt
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
ra-iu.org/-/at/ |
310 KB 311 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MrzQfuEGGBFphCI.css
login.sparkasse.at/ |
159 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lib.css
login.sparkasse.at/sts/styles/ |
92 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
7374732f6f617574682f617574686f72697a65.js
login.sparkasse.at/KfE1bB30fy/ |
30 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0819247478ab180049e95fdbc301d15b2a0f416a1eb5610e1990f46ce427bb42.js
login.sparkasse.at/9ig6dOujn/ |
0 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Doppel-Logo_o_Claim.svg
login.sparkasse.at/sts/images/logos/ |
6 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
George-symbol.svg
login.sparkasse.at/sts/images/clients/ |
915 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bankcard.gif
login.sparkasse.at/sts/images/ |
49 KB 50 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
68 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
900 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
erstewf-bold-webfont.woff
login.sparkasse.at/sts/styles/DST_ErsteWeb/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
erstewf-book-webfont.woff
login.sparkasse.at/sts/styles/DST_ErsteWeb/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
erstewf-bold-webfont.ttf
login.sparkasse.at/sts/styles/DST_ErsteWeb/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
erstewf-book-webfont.ttf
login.sparkasse.at/sts/styles/DST_ErsteWeb/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
login.sparkasse.at/Q2wS57y/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- login.sparkasse.at
- URL
- https://login.sparkasse.at/sts/styles/DST_ErsteWeb/erstewf-bold-webfont.woff
- Domain
- login.sparkasse.at
- URL
- https://login.sparkasse.at/sts/styles/DST_ErsteWeb/erstewf-book-webfont.woff
- Domain
- login.sparkasse.at
- URL
- https://login.sparkasse.at/sts/styles/DST_ErsteWeb/erstewf-bold-webfont.ttf
- Domain
- login.sparkasse.at
- URL
- https://login.sparkasse.at/sts/styles/DST_ErsteWeb/erstewf-book-webfont.ttf
- Domain
- login.sparkasse.at
- URL
- https://login.sparkasse.at/Q2wS57y/?m=040ef8927a1d1fcfc0872c4b448635ecb6d39b376bbd5dc06800541852dc1e327d9ba653646cd7e9da05032f236fb46f0a6ba77680ba4c63a0e28d60b3147ab1c3d6cd02b99281e3ef5e6bf35ebe4b86460cd53b6f8b2c14dc19488323ea0aa10e3f4ea64735ae0c21b6265400c6
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparkasse (Banking)124 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| keepalive function| setupKeepaliveInterval number| FLIP_ICON_HEIGHT undefined| myWindow function| sumNumbers function| doRwd function| calcCol2Height function| calcVisibleWhiteboxHeight function| centerpage function| confirmmsg function| windowtracker function| $ function| jQuery function| Arcfour function| ARC4init function| ARC4next function| prng_newstate number| rng_psize undefined| rng_state object| rng_pool number| rng_pptr function| rng_seed_int function| rng_seed_time number| t object| ua undefined| z function| rng_get_byte function| rng_get_bytes function| SecureRandom number| dbits number| canary boolean| j_lm function| BigInteger function| nbi function| am1 function| am2 function| am3 number| BI_FP string| BI_RM object| BI_RC number| rr number| vv function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| parseBigInt function| linebrk function| byte2Hex function| pkcs1pad2 function| RSAKey function| RSASetPublic function| RSADoPublic function| RSAEncrypt object| reWhiteSpace function| Utf8Encode function| htmlToJsConversion function| nbalert function| setFldFocus function| isWhiteSpace function| isEmpty function| doDisableSpecifiedForm function| doSubmitAndDisable function| jsxEncrypt function| encodeToHex object| STS function| setFocus function| displayError function| checkUser function| checkPwd number| totalEncryptAttempts function| disableInputField function| disableInputFields function| validateMac function| encodeForHtmlAttribute function| validateMacRetry function| submitCredentials function| submitSecret function| submitCancelLoginForm undefined| ie9rgb4 boolean| NGMF string| anti_fraud object| JS boolean| rEbn boolean| bLauNCTx boolean| Tpimob object| input object| username1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ra-iu.org/ | Name: PHPSESSID Value: 5ta2untmafhunrjpisib493o45 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.sparkasse.at
ra-iu.org
login.sparkasse.at
212.18.231.212
213.150.6.28
04cf169a10f64a9ce6b5650e37e047651690b18b238e1f431636aa292d6fb600
18e4f2542bfff1c404b947dde42cf6e52f0c670c431fb298077b67b9d6683e20
2ef681aee9a74dbdb418977f24a8b0c06e8af55f5331df472fce382249f5a161
339be72db81295f2bb41587b1e71968b3a5c8a3ce04ef10156368356f621774e
48c24fd8fb19b02949a64918eb768e58dbe70210ad7de1f7f78dfc0052dfde82
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
ac46b34d79ab1942b00cfcf903cf75e0e2ed9f354ed493a2cf7d5fa0d85c569b
b0f484443bd01c61cebbfb1c3abe4a253e3a0c314150025521712fefc3284224
b8bb52fdbcbdc0b034daee432a3eb2f3232cb0ba16a3eb527bae55cdbc4aaa96
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f256c63b4a59058870ab784ea550c690a7c641cfcca3ee42519baec43416408f
fcefa276f4f9af1acd48ef626f2c53be9990253a7498d22bae50689baa834af7