center-bankos.sactivities.com Open in urlscan Pro
212.83.160.175 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ushort.site/fQRz8
Effective URL:
https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/myaccount/signin/?country.x=DE&locale.x=en_DE
Submission: On February 03 via manual (February 3rd 2019, 1:10:47 am UTC) from US

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 6 domains to perform 11 HTTP transactions. The main IP is 212.83.160.175, located in Paris, France and belongs to AS12876, FR. The main domain is center-bankos.sactivities.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 29th 2019. Valid for: 3 months.

This is the only time center-bankos.sactivities.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1	34.202.169.48 34.202.169.48	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:81e::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:825::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	92.51.161.100 92.51.161.100	8972 (GD-EMEA-D...) (GD-EMEA-DC-SXB1)
2	192.185.5.138 192.185.5.138	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer)
6 9	212.83.160.175 212.83.160.175	12876 (AS12876) (AS12876)
11	7

1 34.202.169.48 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-202-169-48.compute-1.amazonaws.com

ushort.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:825::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.51.161.100 (Höst, Germany)

ASN8972 (GD-EMEA-DC-SXB1, DE)
PTR: lvps92-51-161-100.dedicated.hosteurope.de

vhs.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.185.5.138 (Houston, United States)

ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)

fotokyte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 212.83.160.175 (Paris, France) 6 redirects

ASN12876 (AS12876, FR)
PTR: 212-83-160-175.rev.poneytelecom.eu

center-bankos.sactivities.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	sactivities.com 6 redirects center-bankos.sactivities.com	38 KB
2	fotokyte.com fotokyte.com	1 KB
2	google-analytics.com www.google-analytics.com	17 KB
1	vhs.link vhs.link	446 B
1	googletagmanager.com www.googletagmanager.com	26 KB
1	ushort.site ushort.site	1 KB
11	6

	Domain	Requested by
9	center-bankos.sactivities.com	6 redirects center-bankos.sactivities.com
2	fotokyte.com	ushort.site fotokyte.com
2	www.google-analytics.com	www.googletagmanager.com
1	vhs.link	ushort.site
1	www.googletagmanager.com	ushort.site
1	ushort.site
11	6

This site contains no links.

Subject Issuer	Validity	Valid
*.google-analytics.com Google Internet Authority G3	`2019-01-15` - `2019-04-09`	3 months	crt.sh
vhs.link RapidSSL RSA CA 2018	`2018-08-20` - `2019-08-20`	a year	crt.sh
fotokyte.com Let's Encrypt Authority X3	`2018-12-09` - `2019-03-09`	3 months	crt.sh
center-bankos.sactivities.com Let's Encrypt Authority X3	`2019-01-29` - `2019-04-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/myaccount/signin/?country.x=DE&locale.x=en_DE
Frame ID: 5DC7CC5B1F30AF8A7EA4C1C4121EBFEE
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://ushort.site/fQRz8 Page URL
https://vhs.link/7fQRz8 Page URL
https://fotokyte.com/wp-clape.php Page URL
https://center-bankos.sactivities.com/sig HTTP 301
https://center-bankos.sactivities.com/sig/ HTTP 302
https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419 HTTP 301
https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/ HTTP 302
https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/myaccount/identity/INC/antibot7.php HTTP 302
https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/indexx.php HTTP 302
https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/myaccount/signin/?country.x=DE&local... Page URL

Detected technologies

Erlang (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /Cowboy/i

Cowboy (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

headers server /Cowboy/i

Page Statistics

11
Requests

82 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

7
IPs

4
Countries

82 kB
Transfer

226 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ushort.site/fQRz8 Page URL
https://vhs.link/7fQRz8 Page URL
https://fotokyte.com/wp-clape.php Page URL
https://center-bankos.sactivities.com/sig HTTP 301
https://center-bankos.sactivities.com/sig/ HTTP 302
https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419 HTTP 301
https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/ HTTP 302
https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/myaccount/identity/INC/antibot7.php HTTP 302
https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/indexx.php HTTP 302
https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/myaccount/signin/?country.x=DE&locale.x=en_DE Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK fQRz8 Show response
ushort.site/ 795 B
1 KB 427ms
117ms Document
text/html 34.202.169.48
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

http://ushort.site/fQRz8

Protocol

HTTP/1.1

Server

34.202.169.48 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-34-202-169-48.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

d26b54f024ff4062b3e9d462430f6b3482b405c59aeeb2f3204990dada890662

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: ushort.site
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Server: Cowboy
Date: Sun, 03 Feb 2019 01:10:31 GMT
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Etag: W/"d26b54f024ff4062b3e9d462430f6b34"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: 2ac4b92d-d85b-4fc4-93c9-131c0dd216a6
X-Runtime: 0.005334
Transfer-Encoding: chunked
Via: 1.1 vegur

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 76 KB
26 KB 57ms
56ms Script
application/javascript 2a00:1450:4001:81e::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PH4ZQ49

Requested by

Host: ushort.site
URL: http://ushort.site/fQRz8

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81e::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

061cec462ac3f45f7cbe94c5eb88f1ec518ea36a597fbcb0bc46105d91068cc5

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ushort.site/fQRz8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 03 Feb 2019 01:10:31 GMT
content-encoding: br
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 26199
x-xss-protection: 1; mode=block
expires: Sun, 03 Feb 2019 01:10:31 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:825::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PH4ZQ49

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:825::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://ushort.site/fQRz8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Jan 2019 20:01:45 GMT
server: Golfe2
age: 4884
date: Sat, 02 Feb 2019 23:49:07 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 17543
expires: Sun, 03 Feb 2019 01:49:07 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
109 B 13ms
13ms Image
image/gif 2a00:1450:4001:825::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j73&a=787845456&t=pageview&_s=1&dl=http%3A%2F%2Fushort.site%2FfQRz8&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAAB~&jid=354096766&gjid=1698766269&cid=137823154.1549156231&tid=UA-96563022-1&_gid=245411548.1549156231&_r=1&gtm=2wg1d1PH4ZQ49&z=1196352930

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:825::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://ushort.site/fQRz8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 03 Feb 2019 01:10:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 7fQRz8 Show response
vhs.link/ 214 B
446 B 306ms
120ms Document
text/html 92.51.161.100
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: https://vhs.link/7fQRz8
Requested by: Host: ushort.site
URL: http://ushort.site/fQRz8
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.51.161.100 Höst, Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS: lvps92-51-161-100.dedicated.hosteurope.de
Software: Apache / PHP/7.2.14 PleskLin
Resource Hash: 792a31029b41588c7ea455fedad71b7163da6988b9d35f7a3ead48c8fc01bfa3

Request headers

Host: vhs.link
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://ushort.site/fQRz8
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://ushort.site/fQRz8

Response headers

Date: Sun, 03 Feb 2019 01:10:33 GMT
Server: Apache
X-Powered-By: PHP/7.2.14 PleskLin
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 160
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H2 200 wp-clape.php Show response
fotokyte.com/ 1 KB
645 B 748ms
373ms Document
text/html 192.185.5.138
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL: https://fotokyte.com/wp-clape.php
Requested by: Host: ushort.site
URL: http://ushort.site/fQRz8
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.185.5.138 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
Software: nginx/1.14.1 /
Resource Hash: 51ad2e158b161468721233c65c42735ce3a7d06871acc20253294561590962b0

Request headers

:method: GET
:authority: fotokyte.com
:scheme: https
:path: /wp-clape.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
server: nginx/1.14.1
date: Sun, 03 Feb 2019 01:10:34 GMT
content-type: text/html
content-encoding: gzip

GET
H2 404 ok.svg
fotokyte.com/ 694 B
694 B 136ms
136ms Image
text/html 192.185.5.138
Unified Layer

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fotokyte.com/ok.svg
Requested by: Host: fotokyte.com
URL: https://fotokyte.com/wp-clape.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.185.5.138 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
Software: nginx/1.14.1 /
Resource Hash: 9ce5b6c5199d4b403b72abc48def99165a81da60dbe87547147131c04c639041

Request headers

:path: /ok.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: fotokyte.com
referer: https://fotokyte.com/wp-clape.php
:scheme: https
:method: GET
Referer: https://fotokyte.com/wp-clape.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 404
date: Sun, 03 Feb 2019 01:10:34 GMT
content-encoding: gzip
last-modified: Wed, 10 Oct 2018 06:54:36 GMT
server: nginx/1.14.1
content-type: text/html

GET
H/1.1

200
OK

Primary Request / Show response
center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/myaccount/signin/
Redirect Chain

https://center-bankos.sactivities.com/sig
https://center-bankos.sactivities.com/sig/
https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419
https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/
https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/myaccount/identity/INC/antibot7.php
https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/indexx.php
https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/myaccount/signin/?country.x=DE&locale.x=en_DE

7 KB
3 KB

382ms
382ms

Document
text/html

212.83.160.175
AS12876

General

Check archive.org

Show headers Download Go to

Full URL: https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/myaccount/signin/?country.x=DE&locale.x=en_DE
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.83.160.175 Paris, France, ASN12876 (AS12876, FR),
Reverse DNS: 212-83-160-175.rev.poneytelecom.eu
Software: Apache /
Resource Hash: 5760bb0c35249e82111f7e4346bde92de04cc4cfce00d8da42a357cd647cc233

Request headers

Host: center-bankos.sactivities.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://fotokyte.com/wp-clape.php
Accept-Encoding: gzip, deflate, br
Cookie: PHPSESSID=5KzOOKuepUXTCEa27Cg0kHThY2kjo5ThjngkMqpE-GuLMreZshg-0mzGHQ1azjQz
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fotokyte.com/wp-clape.php

Response headers

Date: Sun, 03 Feb 2019 01:10:39 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Sun, 03 Feb 2019 01:10:39 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
LOCATION: myaccount/signin/?country.x=DE&locale.x=en_DE
Content-Length: 20
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK L-Z118.css
center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/lib/css/ 13 KB
4 KB 372ms
368ms Stylesheet
text/css 212.83.160.175
AS12876

General

Check archive.org

Show headers Download Go to

Full URL: https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/lib/css/L-Z118.css
Requested by: Host: center-bankos.sactivities.com
URL: https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/myaccount/signin/?country.x=DE&locale.x=en_DE
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.83.160.175 Paris, France, ASN12876 (AS12876, FR),
Reverse DNS: 212-83-160-175.rev.poneytelecom.eu
Software: Apache /
Resource Hash: 1bcda772b32139bbd18696ba5a08fc2da9731cecf88d6b904cb953107484f55f

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: center-bankos.sactivities.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/myaccount/signin/?country.x=DE&locale.x=en_DE
Cookie: PHPSESSID=5KzOOKuepUXTCEa27Cg0kHThY2kjo5ThjngkMqpE-GuLMreZshg-0mzGHQ1azjQz
Connection: keep-alive
Cache-Control: no-cache
Referer: https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/myaccount/signin/?country.x=DE&locale.x=en_DE
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 03 Feb 2019 01:10:40 GMT
Content-Encoding: gzip
Last-Modified: Sun, 03 Feb 2019 01:10:38 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 3306

GET
H/1.1 200
OK jquery.js Show response
center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/lib/js/ 84 KB
30 KB 391ms
306ms Script
application/javascript 212.83.160.175
AS12876

General

Check archive.org

Show headers Download Go to

Full URL: https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/lib/js/jquery.js
Requested by: Host: center-bankos.sactivities.com
URL: https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/myaccount/signin/?country.x=DE&locale.x=en_DE
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.83.160.175 Paris, France, ASN12876 (AS12876, FR),
Reverse DNS: 212-83-160-175.rev.poneytelecom.eu
Software: Apache /
Resource Hash: 2a1f1370eb7b24a307312112427dfd544fb838a8bef66babc936f5e870a22e52

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: center-bankos.sactivities.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/myaccount/signin/?country.x=DE&locale.x=en_DE
Cookie: PHPSESSID=5KzOOKuepUXTCEa27Cg0kHThY2kjo5ThjngkMqpE-GuLMreZshg-0mzGHQ1azjQz
Connection: keep-alive
Cache-Control: no-cache
Referer: https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/myaccount/signin/?country.x=DE&locale.x=en_DE
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 03 Feb 2019 01:10:40 GMT
Content-Encoding: gzip
Last-Modified: Sun, 03 Feb 2019 01:10:38 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 30011

GET kl_h4aXX6987PO.svg
center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/lib/img/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: center-bankos.sactivities.com
URL: https://center-bankos.sactivities.com/sig/customer_center/customer-IDPP00C419/lib/img/kl_h4aXX6987PO.svg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

center-bankos.sactivities.com
fotokyte.com
ushort.site
vhs.link
www.google-analytics.com
www.googletagmanager.com
center-bankos.sactivities.com
192.185.5.138
212.83.160.175
2a00:1450:4001:81e::2008
2a00:1450:4001:825::200e
34.202.169.48
92.51.161.100
061cec462ac3f45f7cbe94c5eb88f1ec518ea36a597fbcb0bc46105d91068cc5
1bcda772b32139bbd18696ba5a08fc2da9731cecf88d6b904cb953107484f55f
2a1f1370eb7b24a307312112427dfd544fb838a8bef66babc936f5e870a22e52
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
51ad2e158b161468721233c65c42735ce3a7d06871acc20253294561590962b0
5760bb0c35249e82111f7e4346bde92de04cc4cfce00d8da42a357cd647cc233
792a31029b41588c7ea455fedad71b7163da6988b9d35f7a3ead48c8fc01bfa3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9ce5b6c5199d4b403b72abc48def99165a81da60dbe87547147131c04c639041
d26b54f024ff4062b3e9d462430f6b3482b405c59aeeb2f3204990dada890662

center-bankos.sactivities.com Open in urlscan Pro 212.83.160.175 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

82 %HTTPS

33 %IPv6

6 Domains

6 Subdomains

7 IPs

4 Countries

82 kBTransfer

226 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

center-bankos.sactivities.com Open in urlscan Pro
212.83.160.175 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

82 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

7
IPs

4
Countries

82 kB
Transfer

226 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!