gh-reisinger.at - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 84.116.32.65, located in Austria and belongs to LGI-UPC formerly known as UPC Broadband Holding B.V., AT. The main domain is gh-reisinger.at.

This is the only time gh-reisinger.at was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Dropbox (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2	84.116.32.65 84.116.32.65	6830 (LGI-UPC f...) (LGI-UPC formerly known as UPC Broadband Holding B.V.)
1	104.20.13.105 104.20.13.105	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	151.101.112.193 151.101.112.193	54113 (FASTLY) (FASTLY - Fastly)
5	3

2 84.116.32.65 (Austria)

ASN6830 (LGI-UPC formerly known as UPC Broadband Holding B.V., AT)
PTR: 84-116-32-65.static.webhosting.upc.biz

gh-reisinger.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.13.105 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

i.prntscr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.112.193 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	imgur.com i.imgur.com	57 KB
2	gh-reisinger.at gh-reisinger.at	4 KB
1	prntscr.com i.prntscr.com	14 KB
5	3

	Domain	Requested by
2	i.imgur.com	gh-reisinger.at
2	gh-reisinger.at	gh-reisinger.at
1	i.prntscr.com	gh-reisinger.at
5	3

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://gh-reisinger.at/baba/dropbox/
Frame ID: 4B0D78CBB0EC6EF23F058E5096E2B9E6
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

5
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

75 kB
Transfer

83 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response gh-reisinger.at/baba/dropbox/	12 KB 3 KB	163ms 145ms	Document text/html	84.116.32.65 LGI-UPC formerly ...
General Check archive.org Show headers Download Go to Full URL http://gh-reisinger.at/baba/dropbox/ Protocol HTTP/1.1 Server 84.116.32.65 , Austria, ASN6830 (LGI-UPC formerly known as UPC Broadband Holding B.V., AT), Reverse DNS 84-116-32-65.static.webhosting.upc.biz Software Apache / Resource Hash `886eaa5209eba044d2a34552fa0da17a55d6d751b78f27e61ad3771bb5bb5591` Request headers Host gh-reisinger.at Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 4B0D78CBB0EC6EF23F058E5096E2B9E6 Response headers Date Fri, 01 Jun 2018 19:16:29 GMT Server Apache X-SERVER 152 Vary Accept-Encoding Content-Encoding gzip Content-Length 2653 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	style.css gh-reisinger.at/baba/dropbox/	2 KB 806 B	23ms 22ms	Stylesheet text/css	84.116.32.65 LGI-UPC formerly ...
General Check archive.org Show headers Download Go to Full URL http://gh-reisinger.at/baba/dropbox/style.css Requested by Host: gh-reisinger.at URL: http://gh-reisinger.at/baba/dropbox/ Protocol HTTP/1.1 Server 84.116.32.65 , Austria, ASN6830 (LGI-UPC formerly known as UPC Broadband Holding B.V., AT), Reverse DNS 84-116-32-65.static.webhosting.upc.biz Software Apache / Resource Hash `8b037990f71eba9260a8f76ff859488004c8c4c8c9323399bd17527e766bd7bc` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host gh-reisinger.at User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept text/css,/;q=0.1 Referer http://gh-reisinger.at/baba/dropbox/ Connection keep-alive Cache-Control no-cache Referer http://gh-reisinger.at/baba/dropbox/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Fri, 01 Jun 2018 19:16:30 GMT Content-Encoding gzip Last-Modified Thu, 31 May 2018 11:10:24 GMT Server Apache ETag "64c-56d7e839be5f0" Vary Accept-Encoding Content-Type text/css X-SERVER 152 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 477
GET H/1.1	200 OK	050942103600425db0e7d46b22e3a80b.png i.prntscr.com/	14 KB 14 KB	116ms 103ms	Image image/png	104.20.13.105 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://i.prntscr.com/050942103600425db0e7d46b22e3a80b.png Requested by Host: gh-reisinger.at URL: http://gh-reisinger.at/baba/dropbox/ Protocol HTTP/1.1 Server 104.20.13.105 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `81236c75549d324dd0efabb94164bd8de5540543f39114d56cdccd6c86366fe7` Request headers Referer http://gh-reisinger.at/baba/dropbox/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Fri, 01 Jun 2018 19:16:30 GMT CF-Cache-Status HIT Last-Modified Sun, 28 Feb 2016 19:49:42 GMT Server cloudflare x-amz-request-id 83C63381665C2E73 ETag "8215e6d099d8e087f588c152a5372e27" Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=31536000 Connection keep-alive Accept-Ranges bytes CF-RAY 424403d804029700-FRA Content-Length 13929 x-amz-id-2 VBicYkMm/bEk/zG7t3Tuv309cTxu09oxxKs04BDlrPIp+jrT8bXYXjROtGcpHsgQnctM0YgXjcU= Expires Sat, 01 Jun 2019 19:16:30 GMT
GET H/1.1	200 OK	Sbzw0kD.png i.imgur.com/	32 KB 32 KB	15ms 8ms	Image image/png	151.101.112.193 Fastly
General Check archive.org Show headers Download Go to Show image Full URL http://i.imgur.com/Sbzw0kD.png Requested by Host: gh-reisinger.at URL: http://gh-reisinger.at/baba/dropbox/ Protocol HTTP/1.1 Server 151.101.112.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software cat factory 1.0 / Resource Hash `538a8d8f59124249c45b16e1cc715f07c786a2f36768b569f878fb5ffe74965b` Request headers Referer http://gh-reisinger.at/baba/dropbox/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Fri, 01 Jun 2018 19:16:30 GMT Age 1377388 X-Cache HIT, HIT Connection keep-alive Content-Length 32450 X-Served-By cache-iad2143-IAD, cache-hhn1538-HHN Last-Modified Sun, 28 Feb 2016 20:12:01 GMT Server cat factory 1.0 X-Timer S1527880590.101709,VS0,VE2 ETag "ff284c779d0a6b3e7c609aab0321b52c" Access-Control-Allow-Methods GET, OPTIONS Content-Type image/png Access-Control-Allow-Origin * cache-control public, max-age=31536000 Accept-Ranges bytes X-Cache-Hits 3, 1
GET H/1.1	200 OK	ZXPlvvZ.png i.imgur.com/	24 KB 25 KB	13ms 6ms	Image image/png	151.101.112.193 Fastly
General Check archive.org Show headers Download Go to Show image Full URL http://i.imgur.com/ZXPlvvZ.png Requested by Host: gh-reisinger.at URL: http://gh-reisinger.at/baba/dropbox/ Protocol HTTP/1.1 Server 151.101.112.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software cat factory 1.0 / Resource Hash `1fd171c9a281def5f02f5b7d4c48608745d56a667c7eb998215e861e7e2f2828` Request headers Referer http://gh-reisinger.at/baba/dropbox/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Fri, 01 Jun 2018 19:16:30 GMT Age 1324635 X-Cache HIT, HIT Connection keep-alive Content-Length 24813 X-Served-By cache-iad2143-IAD, cache-hhn1547-HHN Last-Modified Sun, 28 Feb 2016 20:06:02 GMT Server cat factory 1.0 X-Timer S1527880590.104661,VS0,VE0 ETag "bfa02b030486e520f49e2d62f88da9f7" Access-Control-Allow-Methods GET, OPTIONS Content-Type image/png Access-Control-Allow-Origin * cache-control public, max-age=31536000 Accept-Ranges bytes X-Cache-Hits 1, 30

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Dropbox (Consumer)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

gh-reisinger.at
i.imgur.com
i.prntscr.com
104.20.13.105
151.101.112.193
84.116.32.65
1fd171c9a281def5f02f5b7d4c48608745d56a667c7eb998215e861e7e2f2828
538a8d8f59124249c45b16e1cc715f07c786a2f36768b569f878fb5ffe74965b
81236c75549d324dd0efabb94164bd8de5540543f39114d56cdccd6c86366fe7
886eaa5209eba044d2a34552fa0da17a55d6d751b78f27e61ad3771bb5bb5591
8b037990f71eba9260a8f76ff859488004c8c4c8c9323399bd17527e766bd7bc

gh-reisinger.at Open in urlscan Pro 84.116.32.65 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

5 Requests

0 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

75 kBTransfer

83 kBSize

0 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

gh-reisinger.at Open in urlscan Pro
84.116.32.65 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

75 kB
Transfer

83 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!