vobainternsicherheitscheck.com Open in urlscan Pro
47.89.254.18 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mdch.kiev.ua/vendor/doctrine/common/lib/Doctrine/Common/Persistence/Mapping/Driver/sched.php?r=bD1odHRwczovL3...
Effective URL:
https://vobainternsicherheitscheck.com/4AM8F7L9NL
Submission: On December 30 via manual (December 30th 2021, 1:51:07 pm UTC) from IN — Scanned from DE

Summary HTTP 27 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 27 HTTP transactions. The main IP is 47.89.254.18, located in United States and belongs to CNNIC-ALIBABA-US-NET-AP Alibaba US Technology Co., Ltd., CN. The main domain is vobainternsicherheitscheck.com.
TLS certificate: Issued by R3 on December 22nd 2021. Valid for: 3 months.

This is the only time vobainternsicherheitscheck.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Volksbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	185.13.5.58 185.13.5.58	42331 (FREEHOST) (FREEHOST)
24	47.89.254.18 47.89.254.18	45102 (CNNIC-ALI...) (CNNIC-ALIBABA-US-NET-AP Alibaba US Technology Co.)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3a	20446 (HIGHWINDS3) (HIGHWINDS3)
27	4

1 185.13.5.58 (Ukraine)

ASN42331 (FREEHOST, UA)
PTR: s58.freehost.com.ua

mdch.kiev.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 47.89.254.18 (United States)

ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba US Technology Co., Ltd., CN)

vobainternsicherheitscheck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	vobainternsicherheitscheck.com vobainternsicherheitscheck.com	472 KB
1	jquery.com code.jquery.com	122 KB
1	cloudflare.com cdnjs.cloudflare.com	28 KB
1	mdch.kiev.ua mdch.kiev.ua	356 B
27	4

	Domain	Requested by
24	vobainternsicherheitscheck.com	vobainternsicherheitscheck.com
1	code.jquery.com	vobainternsicherheitscheck.com
1	cdnjs.cloudflare.com	vobainternsicherheitscheck.com
1	mdch.kiev.ua
27	4

This site contains no links.

Subject Issuer	Validity	Valid
vobainternsicherheitscheck.com R3	`2021-12-22` - `2022-03-22`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://vobainternsicherheitscheck.com/4AM8F7L9NL
Frame ID: 952F9C7FFAAC28B1B0149B4037A06535
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Portal für Privatkunden - Volksbank Raiffeisenbankline-searchtopdownprevline-menuline-loginline-closelinknextE-MailRückruf

Page URL History Show full URLs

http://mdch.kiev.ua/vendor/doctrine/common/lib/Doctrine/Common/Persistence/Mapping/Driver/sched.... Page URL
https://vobainternsicherheitscheck.com/4AM8F7L9NL Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

Page Statistics

27
Requests

96 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

623 kB
Transfer

1133 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mdch.kiev.ua/vendor/doctrine/common/lib/Doctrine/Common/Persistence/Mapping/Driver/sched.php?r=bD1odHRwczovL3ZvYmFpbnRlcm5zaWNoZXJoZWl0c2NoZWNrLmNvbS80QU04RjdMOU5M Page URL
https://vobainternsicherheitscheck.com/4AM8F7L9NL Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK sched.php
mdch.kiev.ua/vendor/doctrine/common/lib/Doctrine/Common/Persistence/Mapping/Driver/ 94 B
356 B 138ms
92ms Document
text/html 185.13.5.58
FREEHOST

General

vobainternsicherheitscheck.com Open in urlscan Pro 47.89.254.18 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

27 Requests

96 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

623 kBTransfer

1133 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

vobainternsicherheitscheck.com Open in urlscan Pro
47.89.254.18 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

27
Requests

96 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

623 kB
Transfer

1133 kB
Size

1
Cookies

27 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!