hotel-harmonia.am Open in urlscan Pro
46.19.96.204  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.html Show response hotel-harmonia.am/img/prodect/wlaiam/app/	10 KB 3 KB	472ms 81ms	Document text/html	46.19.96.204 GNC-ALFA GNC Alfa...
General Check archive.org Show headers Download Go to Full URL https://hotel-harmonia.am/img/prodect/wlaiam/app/login.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 46.19.96.204 Aralez, Armenia, ASN49800 (GNC-ALFA GNC Alfa CJSC Rostelecom Armenia, AM), Reverse DNS cloudhosting.rtarmenia.am Software Apache / Resource Hash cb2cbb2e8c3867d23d72f90b255085ccacc5a7b19bfac5939862c5c73f80bc79 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Connection close Content-Encoding gzip Content-Length 3089 Content-Type text/html Date Thu, 09 Jun 2022 09:52:09 GMT Last-Modified Tue, 24 Aug 2021 01:29:25 GMT Server Apache Vary Accept-Encoding,User-Agent
GET H2	200	ruxitagentjs_ICA2SVfhjqrux_10217210531114014.js Show response www.volksbank-eg.de/banking-private/	229 KB 87 KB	494ms 33ms	Script text/javascript	194.149.253.8 ATRUVIA
General Check archive.org Show headers Download Go to Full URL https://www.volksbank-eg.de/banking-private/ruxitagentjs_ICA2SVfhjqrux_10217210531114014.js Requested by Host: hotel-harmonia.am URL: https://hotel-harmonia.am/img/prodect/wlaiam/app/login.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.253.8 , Germany, ASN15590 (ATRUVIA, DE), Reverse DNS wie-schalke-bist-du.de Software / Resource Hash 8c21af9a187281098072e86024acb1cac3cfc36f19e159b8499fec9cfbac4326 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://hotel-harmonia.am/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Thu, 09 Jun 2022 09:49:24 GMT content-encoding gzip last-modified Wed, 03 Mar 2010 07:01:40 GMT age 166 vary Accept-Encoding content-type text/javascript;charset=utf-8 cache-control public, max-age=31536000, immutable strict-transport-security max-age=31536000 content-length 88309 expires Fri, 09 Jun 2023 09:49:25 GMT
GET H2	200	xbf-styles.css www.volksbank-eg.de/banking-private/resource/	144 KB 29 KB	592ms 131ms	Stylesheet text/css	194.149.253.8 ATRUVIA
General Check archive.org Show headers Download Go to Full URL https://www.volksbank-eg.de/banking-private/resource/xbf-styles.css?rzbk=4501&rzid=XC&style=bvr2014 Requested by Host: hotel-harmonia.am URL: https://hotel-harmonia.am/img/prodect/wlaiam/app/login.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.253.8 , Germany, ASN15590 (ATRUVIA, DE), Reverse DNS wie-schalke-bist-du.de Software / Resource Hash d2496faa50133b73f264401638c1ff3e4833f52c60ecf570c1eccdccd238d50e Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://hotel-harmonia.am/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Thu, 09 Jun 2022 08:12:56 GMT content-encoding gzip x-content-type-options nosniff age 5954 vary Accept-Encoding content-type text/css x-oneagent-js-injection true cache-control max-age=10800 strict-transport-security max-age=31536000 accept-charset UTF-8 content-length 29263 x-xss-protection 1; mode=block expires Thu, 09 Jun 2022 11:12:56 GMT
GET H/1.1	200 OK	navigationResponsive.css hotel-harmonia.am/img/prodect/wlaiam/app/	57 KB 57 KB	80ms 80ms	Stylesheet text/css	46.19.96.204 GNC-ALFA GNC Alfa...
General Check archive.org Show headers Download Go to Full URL https://hotel-harmonia.am/img/prodect/wlaiam/app/navigationResponsive.css?rzbk=4501&rzid=XC&style=bvr2014 Requested by Host: hotel-harmonia.am URL: https://hotel-harmonia.am/img/prodect/wlaiam/app/login.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 46.19.96.204 Aralez, Armenia, ASN49800 (GNC-ALFA GNC Alfa CJSC Rostelecom Armenia, AM), Reverse DNS cloudhosting.rtarmenia.am Software Apache / Resource Hash 82e39b8ccec454316ddef677c72f6bb0aa36f6d6d3387a59a6953d0353b1543b Request headers accept-language de-DE,de;q=0.9 Referer https://hotel-harmonia.am/img/prodect/wlaiam/app/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Thu, 09 Jun 2022 09:52:10 GMT Last-Modified Sat, 14 Aug 2021 13:25:12 GMT Server Apache Vary User-Agent Content-Type text/css Connection close Accept-Ranges bytes Content-Length 58058
GET H/1.1	200 OK	indiv.css hotel-harmonia.am/img/prodect/wlaiam/app/	219 B 441 B	243ms 81ms	Stylesheet text/css	46.19.96.204 GNC-ALFA GNC Alfa...
General Check archive.org Show headers Download Go to Full URL https://hotel-harmonia.am/img/prodect/wlaiam/app/indiv.css?rzbk=4501&rzid=XC&style=bvr2014 Requested by Host: hotel-harmonia.am URL: https://hotel-harmonia.am/img/prodect/wlaiam/app/login.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 46.19.96.204 Aralez, Armenia, ASN49800 (GNC-ALFA GNC Alfa CJSC Rostelecom Armenia, AM), Reverse DNS cloudhosting.rtarmenia.am Software Apache / Resource Hash 66af37cd22a7938b564eaf7cfeb23e1cbced0a185dbea4228e5eb71bba01b5b9 Request headers accept-language de-DE,de;q=0.9 Referer https://hotel-harmonia.am/img/prodect/wlaiam/app/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Thu, 09 Jun 2022 09:52:10 GMT Last-Modified Sat, 14 Aug 2021 13:25:02 GMT Server Apache Vary User-Agent Content-Type text/css Connection close Accept-Ranges bytes Content-Length 219
GET H/1.1	200 OK	teleco.js Show response hotel-harmonia.am/img/prodect/wlaiam/app/js/	3 KB 3 KB	241ms 81ms	Script application/javascript	46.19.96.204 GNC-ALFA GNC Alfa...
General Check archive.org Show headers Download Go to Full URL https://hotel-harmonia.am/img/prodect/wlaiam/app/js/teleco.js Requested by Host: hotel-harmonia.am URL: https://hotel-harmonia.am/img/prodect/wlaiam/app/login.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 46.19.96.204 Aralez, Armenia, ASN49800 (GNC-ALFA GNC Alfa CJSC Rostelecom Armenia, AM), Reverse DNS cloudhosting.rtarmenia.am Software Apache / Resource Hash 581e2212950ffda93508ed6f2c2fbd662624c5378eb521a6d96bcd77cf5ea02a Request headers accept-language de-DE,de;q=0.9 Referer https://hotel-harmonia.am/img/prodect/wlaiam/app/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Thu, 09 Jun 2022 09:52:10 GMT Last-Modified Sun, 15 Aug 2021 12:48:22 GMT Server Apache Vary User-Agent Content-Type application/javascript Connection close Accept-Ranges bytes Content-Length 2985
GET H/1.1	200 OK	ebpe-logo hotel-harmonia.am/img/prodect/wlaiam/app/	9 KB 9 KB	241ms 80ms	Image image/jpeg	46.19.96.204 GNC-ALFA GNC Alfa...
General Check archive.org Show headers Download Go to Show image Full URL https://hotel-harmonia.am/img/prodect/wlaiam/app/ebpe-logo Requested by Host: hotel-harmonia.am URL: https://hotel-harmonia.am/img/prodect/wlaiam/app/login.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 46.19.96.204 Aralez, Armenia, ASN49800 (GNC-ALFA GNC Alfa CJSC Rostelecom Armenia, AM), Reverse DNS cloudhosting.rtarmenia.am Software Apache / Resource Hash 3effffdf461cc81281c4726265e1bb7259f08330c388ca5579d48c241cac0064 Request headers accept-language de-DE,de;q=0.9 Referer https://hotel-harmonia.am/img/prodect/wlaiam/app/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Thu, 09 Jun 2022 09:52:10 GMT Last-Modified Tue, 24 Aug 2021 00:55:02 GMT Server Apache Connection close Accept-Ranges bytes Content-Length 8720 Vary User-Agent
GET H2	200	xhtml-filler www.volksbank-eg.de/banking-private/resource/	43 B 181 B	35ms 34ms	Image image/gif	194.149.253.8 ATRUVIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-eg.de/banking-private/resource/xhtml-filler?rzbk=4501&rzid=XC&style=bvr2014 Requested by Host: hotel-harmonia.am URL: https://hotel-harmonia.am/img/prodect/wlaiam/app/login.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.253.8 , Germany, ASN15590 (ATRUVIA, DE), Reverse DNS wie-schalke-bist-du.de Software / Resource Hash 33dcafb8470734f44deceefaeb93ca1f4a82f79f8b9a15c7b7176a10b7bde15b Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://hotel-harmonia.am/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Thu, 09 Jun 2022 08:19:18 GMT x-content-type-options nosniff age 5572 strict-transport-security max-age=31536000 content-type image/gif x-oneagent-js-injection true cache-control max-age=10800 server-timing dtRpid;desc="1935927530", dtSInfo;desc="0" accept-charset UTF-8 content-length 43 x-xss-protection 1; mode=block expires Thu, 09 Jun 2022 11:19:19 GMT
GET H2	200	ebpe-infolink www.volksbank-eg.de/banking-private/resource/	238 B 391 B	33ms 32ms	Image image/svg+xml	194.149.253.8 ATRUVIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-eg.de/banking-private/resource/ebpe-infolink?rzbk=4501&rzid=XC&style=bvr2014 Requested by Host: hotel-harmonia.am URL: https://hotel-harmonia.am/img/prodect/wlaiam/app/login.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.253.8 , Germany, ASN15590 (ATRUVIA, DE), Reverse DNS wie-schalke-bist-du.de Software / Resource Hash ece0245da35fdd267a149939344cd40f8ef0ad634dfd4244b1beb10f512a1189 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://hotel-harmonia.am/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Thu, 09 Jun 2022 09:04:16 GMT x-content-type-options nosniff age 2874 strict-transport-security max-age=31536000 content-type image/svg+xml x-oneagent-js-injection true cache-control max-age=10800 server-timing dtRpid;desc="-775179244", dtSInfo;desc="0" accept-charset UTF-8 content-length 238 x-xss-protection 1; mode=block expires Thu, 09 Jun 2022 12:04:17 GMT
GET H2	200	ips www.volksbank-eg.de/banking-private/	0 83 B	61ms 60ms	Image text/plain	194.149.253.8 ATRUVIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-eg.de/banking-private/ips?url=~687474703a2f2f7863343530312e70762d6e2e77656263656e7465722e727a2e62616e6b656e69742e64653a38302f636f6e74656e742f66343530312d312f65627065323031342f77657262756e672f6e69636874616e67656d656c6465742f6170706c657061792d6d312d63726f73736e6176692f5f6a63725f636f6e74656e742f61646e617669676174696f6e2f696d6167652e696d672e706e672f313630323037323938393833392e706e67&domainId=WERBUNG&s=302c02146de3a704aa4c93d48aa4836c80e74f87a74c433902141612cb1ce305b68c5bd7d69aa0e06e007ada4289 Requested by Host: hotel-harmonia.am URL: https://hotel-harmonia.am/img/prodect/wlaiam/app/login.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.253.8 , Germany, ASN15590 (ATRUVIA, DE), Reverse DNS wie-schalke-bist-du.de Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://hotel-harmonia.am/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Thu, 09 Jun 2022 09:52:10 GMT x-content-type-options nosniff age 0 strict-transport-security max-age=31536000 x-oneagent-js-injection true server-timing dtRpid;desc="244244645", dtSInfo;desc="0" content-length 0 x-xss-protection 1; mode=block
GET DATA	200 OK	truncated /	329 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a07e35a0a48199eb5cde940517b95ba921bb4a58e173dfea2468c5e4b5578897 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Content-Type image/svg+xml;charset=US-ASCII

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Volksbank (Banking)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| dT_ object| dtrum function| valZip function| valKonto function| valKontoerr function| valTan function| valTanerr

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hotel-harmonia.am
www.volksbank-eg.de
194.149.253.8
46.19.96.204
33dcafb8470734f44deceefaeb93ca1f4a82f79f8b9a15c7b7176a10b7bde15b
3effffdf461cc81281c4726265e1bb7259f08330c388ca5579d48c241cac0064
581e2212950ffda93508ed6f2c2fbd662624c5378eb521a6d96bcd77cf5ea02a
66af37cd22a7938b564eaf7cfeb23e1cbced0a185dbea4228e5eb71bba01b5b9
82e39b8ccec454316ddef677c72f6bb0aa36f6d6d3387a59a6953d0353b1543b
8c21af9a187281098072e86024acb1cac3cfc36f19e159b8499fec9cfbac4326
a07e35a0a48199eb5cde940517b95ba921bb4a58e173dfea2468c5e4b5578897
cb2cbb2e8c3867d23d72f90b255085ccacc5a7b19bfac5939862c5c73f80bc79
d2496faa50133b73f264401638c1ff3e4833f52c60ecf570c1eccdccd238d50e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ece0245da35fdd267a149939344cd40f8ef0ad634dfd4244b1beb10f512a1189