![](/screenshots/6ece7465-6ab0-49a5-b276-484a8142b302.png)
de.masaixola.com
Open in
urlscan Pro
54.39.97.212
Malicious Activity!
Public Scan
Effective URL: https://de.masaixola.com/auth/trxm/clients/login.php?verification
Submission: On June 16 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by R3 on June 16th 2023. Valid for: 3 months.
This is the only time de.masaixola.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Deutsche Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 4 | 2606:4700:303... 2606:4700:3036::ac43:a5b4 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 54.39.97.212 54.39.97.212 | 16276 (OVH) (OVH) | |
1 | 2a00:1450:400... 2a00:1450:4001:82b::200a | 15169 (GOOGLE) (GOOGLE) | |
3 | 4 |
ASN13335 (CLOUDFLARENET, US)
047390774365251379337447.atlantis-re.co.uk |
ASN16276 (OVH, FR)
PTR: vps-5a027a58.vps.ovh.ca
de.masaixola.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
atlantis-re.co.uk
3 redirects
047390774365251379337447.atlantis-re.co.uk |
2 KB |
2 |
masaixola.com
1 redirects
de.masaixola.com |
141 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 422 |
30 KB |
3 | 3 |
Domain | Requested by | |
---|---|---|
4 | 047390774365251379337447.atlantis-re.co.uk | 3 redirects |
2 | de.masaixola.com |
1 redirects
047390774365251379337447.atlantis-re.co.uk
|
1 | ajax.googleapis.com |
de.masaixola.com
|
3 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
atlantis-re.co.uk GTS CA 1P5 |
2023-06-15 - 2023-09-13 |
3 months | crt.sh |
masaixola.com R3 |
2023-06-16 - 2023-09-14 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-05-22 - 2023-08-14 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://de.masaixola.com/auth/trxm/clients/login.php?verification
Frame ID: 2F2FA83EBC6C00DDDB23755865E0F198
Requests: 12 HTTP requests in this frame
Screenshot
![](/screenshots/6ece7465-6ab0-49a5-b276-484a8142b302.png)
Page Title
Onlinebanking und Brokerage der Deutschen BankPage URL History Show full URLs
-
https://047390774365251379337447.atlantis-re.co.uk/db
HTTP 301
http://047390774365251379337447.atlantis-re.co.uk/db/ HTTP 301
https://047390774365251379337447.atlantis-re.co.uk/db/ HTTP 302
https://047390774365251379337447.atlantis-re.co.uk/db/indexx.php Page URL
-
https://de.masaixola.com/auth/trxm/index.php?pwd=VUVoMGNGRnlSa0E
HTTP 302
https://de.masaixola.com/auth/trxm/clients/login.php?verification Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://047390774365251379337447.atlantis-re.co.uk/db
HTTP 301
http://047390774365251379337447.atlantis-re.co.uk/db/ HTTP 301
https://047390774365251379337447.atlantis-re.co.uk/db/ HTTP 302
https://047390774365251379337447.atlantis-re.co.uk/db/indexx.php Page URL
-
https://de.masaixola.com/auth/trxm/index.php?pwd=VUVoMGNGRnlSa0E
HTTP 302
https://de.masaixola.com/auth/trxm/clients/login.php?verification Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://047390774365251379337447.atlantis-re.co.uk/db HTTP 301
- http://047390774365251379337447.atlantis-re.co.uk/db/ HTTP 301
- https://047390774365251379337447.atlantis-re.co.uk/db/ HTTP 302
- https://047390774365251379337447.atlantis-re.co.uk/db/indexx.php
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
indexx.php
047390774365251379337447.atlantis-re.co.uk/db/ Redirect Chain
|
142 B 646 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
login.php
de.masaixola.com/auth/trxm/clients/ Redirect Chain
|
602 KB 141 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ |
82 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
356 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
24 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
542 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
397 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
893 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
57 KB 57 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Deutsche Bank (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
de.masaixola.com/ | Name: PHPSESSID Value: 8hecvo7ng8db17r9jq3jtjrooe |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
047390774365251379337447.atlantis-re.co.uk
ajax.googleapis.com
de.masaixola.com
2606:4700:3036::ac43:a5b4
2a00:1450:4001:82b::200a
54.39.97.212
04dc44d70bab5f51ac523dd363d6dbeb91c227ca4617d2498ed4856468a57903
102d5e9253625aeb5d47ad0350763b534b95a92a240f353e8bd9bb43ef1722c2
2ced565ab5a60bcb5497bda8b3f86caec986656cd15a6022df830318efdbb070
6d8e151c9a4662eed5ed30c64a2ae9feaa84748d92286849c9093b68724634bd
7274c97d9d713e6c4a515d61678edb6a3cb6e61d855276a64f37d41c3e25e354
7c2bceb05d1e6ffbad84c59a08f4943d37a1323fe48573d7ad9afc5121cbc95f
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
8ce2ea1dbc286ea779b56f1643b4f52af93aa180645cce1e4a8be99b973cc619
c0310ab7647fe10856bd7f0b0614e1cbce195abc9916d665a5eba3e70b1e711c
e5fa586c418c08dce89bb46bfa91597e880cdb2cd405a7da519bafb1c2ff5ae1
ecc8da0dd6bd47d07f6a571fac2cd1e6c1a639bd1dc21ebf7e1b799be2b59271