www.test.alghuraifi.org
Open in
urlscan Pro
162.241.217.210
Malicious Activity!
Public Scan
Effective URL: https://www.test.alghuraifi.org/hb/hb/login-b.php
Submission: On October 27 via manual from NL — Scanned from DE
Summary
TLS certificate: Issued by R3 on August 31st 2021. Valid for: 3 months.
This is the only time www.test.alghuraifi.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ING Group (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 81.169.145.162 81.169.145.162 | 6724 (STRATO ST...) (STRATO STRATO AG) | |
2 | 162.241.217.210 162.241.217.210 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
2 | 2 |
ASN6724 (STRATO STRATO AG, DE)
PTR: wa2.rzone.de
home7856k.hebamme-stine.de |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5511.bluehost.com
www.test.alghuraifi.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
alghuraifi.org
www.test.alghuraifi.org |
1 MB |
1 |
hebamme-stine.de
1 redirects
home7856k.hebamme-stine.de |
284 B |
2 | 2 |
Domain | Requested by | |
---|---|---|
2 | www.test.alghuraifi.org |
www.test.alghuraifi.org
|
1 | home7856k.hebamme-stine.de | 1 redirects |
2 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
ing.ro |
www.homebank.ro |
www.ing.ro |
www.facebook.com |
www.instagram.com |
twitter.com |
www.youtube.com |
www.ing.jobs |
www.anpc.gov.ro |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.test.alghuraifi.org R3 |
2021-08-31 - 2021-11-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.test.alghuraifi.org/hb/hb/login-b.php
Frame ID: B3806B93442A2B5273336558C5B0171D
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
ING Home'Bank - prin internet banking gestionezi rapid baniiPage URL History Show full URLs
-
http://home7856k.hebamme-stine.de/
HTTP 301
https://www.test.alghuraifi.org/hb/hb/login-b.php Page URL
Page Statistics
23 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Activează-l acum!
Search URL Search Domain Scan URL
Title: Serviciu securizat cu 3 niveluri de securitate
Search URL Search Domain Scan URL
Title: Relaţii cu clienţii
Search URL Search Domain Scan URL
Title: Securitate
Search URL Search Domain Scan URL
Title: Sucursale şi ATM-uri
Search URL Search Domain Scan URL
Title: Taxe şi comisioane
Search URL Search Domain Scan URL
Title: Curs valutar
Search URL Search Domain Scan URL
Title: Tabel Cut off time
Search URL Search Domain Scan URL
Title: Reclamaţii şi petiţii
Search URL Search Domain Scan URL
Title: Documente contractuale
Search URL Search Domain Scan URL
Title: /ingromania
Search URL Search Domain Scan URL
Title: /ingromania
Search URL Search Domain Scan URL
Title: /ING Romania
Search URL Search Domain Scan URL
Title: /ING Romania
Search URL Search Domain Scan URL
Title: Rate şi dobânzi
Search URL Search Domain Scan URL
Title: Cariere
Search URL Search Domain Scan URL
Title: Relaţii cu media
Search URL Search Domain Scan URL
Title: ANPC
Search URL Search Domain Scan URL
Title: Confidenţialitate
Search URL Search Domain Scan URL
Title: MiFID
Search URL Search Domain Scan URL
Title: Promoţii
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://home7856k.hebamme-stine.de/
HTTP 301
https://www.test.alghuraifi.org/hb/hb/login-b.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
2 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login-b.php
www.test.alghuraifi.org/hb/hb/ Redirect Chain
|
1 MB 737 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-b.php
www.test.alghuraifi.org/hb/hb/ |
1 MB 734 KB |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
29 KB 29 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
905 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
196 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
30 KB 30 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
8 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
55 KB 55 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 3 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ING Group (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| savepage_ShadowLoader0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
60 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
home7856k.hebamme-stine.de
www.test.alghuraifi.org
162.241.217.210
81.169.145.162
061502dc7afa31effc647970e0ad46b4c0abe78085556d3ccdf5ffd21a8e6aaa
1114f3821b29756a2e3d9c49d9e30a0f394749cb0e324485c40f3b24fcc424ff
20b74c733a7a3424e81a6b1e7326089c8d18f82e32743da0d997b4592ff47c03
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
3ecd0ca89f4e10d74aace7ca2dc9a7d3ee2439146d590b50c54bd095fce79f29
6727c4e528fb3ba23d5d083a2663b5a02ce76b9a028467e9e5b97382ac4f06ae
740f75d95ec2429f6f51f3dbc35d5e7347639e2c43ce46e970ea3f4462fb43e8
ab02247e8bc27cb2fd1ccd393fdf5780bb96444de2854947eb3cf8b8f4de516f
bda493e7bf82c322bdb5c7e577b149cf4e4fca4709dd8eba7e2c9174fe90e9f8
cfc96894aa37b05cdefee837cd9e04f879aed2a3d71ff87f266926a92e8329a4
f1cef453c5438cc06dbbf8eb00eae59282e27e5103d63c48bbdadbc609fcf9e8
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155
f8a612bc01431507ffadb91f3cfd90d4356d198f413f759337eaa33ea01c6f75