13.jtyh.erlenhof-zucht.de
Open in
urlscan Pro
116.202.19.95
Malicious Activity!
Public Scan
Submission: On July 01 via manual from US
Summary
This is the only time 13.jtyh.erlenhof-zucht.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Banking (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 116.202.19.95 116.202.19.95 | 24940 (HETZNER-AS) (HETZNER-AS) | |
2 | 209.197.3.15 209.197.3.15 | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
1 | 2a00:1450:400... 2a00:1450:4001:808::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
4 | 2606:4700:30:... 2606:4700:30::681c:11e9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 2a02:26f0:6c0... 2a02:26f0:6c00:187::3c9a | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 192.0.50.124 192.0.50.124 | 62659 (Q2HOLDINGS) (Q2HOLDINGS - Q2 Software) | |
1 | 69.89.129.19 69.89.129.19 | 22976 (FIRST-CIT...) (FIRST-CITIZENS-01 - First Citizens Bank) | |
1 | 2a00:1450:400... 2a00:1450:4001:81d::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
31 | 9 |
ASN24940 (HETZNER-AS, DE)
PTR: static.95.19.202.116.clients.your-server.de
13.jtyh.erlenhof-zucht.de | |
116.202.19.95 |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net
maxcdn.bootstrapcdn.com |
ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.kurashix.com |
ASN22976 (FIRST-CITIZENS-01 - First Citizens Bank, US)
PTR: dnssectest.first-citizens-bank.bank
www.firstcitizens.com |
ASN15169 (GOOGLE - Google LLC, US)
encrypted-tbn0.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
kurashix.com
www.kurashix.com |
640 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
29 KB |
1 |
gstatic.com
encrypted-tbn0.gstatic.com |
7 KB |
1 |
firstcitizens.com
www.firstcitizens.com |
25 KB |
1 |
cbnm.com
www.cbnm.com |
122 KB |
1 |
pdffiller.com
www.pdffiller.com |
1 KB |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
1 |
erlenhof-zucht.de
13.jtyh.erlenhof-zucht.de |
6 KB |
0 |
histats.com
Failed
s10.histats.com Failed |
|
0 |
texascitizensbank.com
Failed
texascitizensbank.com Failed |
|
0 |
cbkamericus.com
Failed
www.cbkamericus.com Failed |
|
0 |
biztreeapps.com
Failed
preview-templates.biztreeapps.com Failed |
|
0 |
citizensbank.com
Failed
www.citizensbank.com Failed |
|
0 |
onlinebankdirectory.com
Failed
www.onlinebankdirectory.com Failed |
|
0 |
online-banking.org
Failed
online-banking.org Failed |
|
31 | 15 |
Domain | Requested by | |
---|---|---|
4 | www.kurashix.com |
13.jtyh.erlenhof-zucht.de
|
2 | maxcdn.bootstrapcdn.com |
13.jtyh.erlenhof-zucht.de
|
1 | encrypted-tbn0.gstatic.com |
13.jtyh.erlenhof-zucht.de
|
1 | www.firstcitizens.com |
13.jtyh.erlenhof-zucht.de
|
1 | www.cbnm.com |
13.jtyh.erlenhof-zucht.de
|
1 | www.pdffiller.com |
13.jtyh.erlenhof-zucht.de
|
1 | ajax.googleapis.com |
13.jtyh.erlenhof-zucht.de
|
1 | 13.jtyh.erlenhof-zucht.de | |
0 | s10.histats.com Failed |
13.jtyh.erlenhof-zucht.de
|
0 | texascitizensbank.com Failed |
13.jtyh.erlenhof-zucht.de
|
0 | www.cbkamericus.com Failed |
13.jtyh.erlenhof-zucht.de
|
0 | preview-templates.biztreeapps.com Failed |
13.jtyh.erlenhof-zucht.de
|
0 | www.citizensbank.com Failed |
13.jtyh.erlenhof-zucht.de
|
0 | www.onlinebankdirectory.com Failed |
13.jtyh.erlenhof-zucht.de
|
0 | online-banking.org Failed |
13.jtyh.erlenhof-zucht.de
|
31 | 15 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA |
2018-10-03 - 2019-10-12 |
a year | crt.sh |
*.googleapis.com Google Internet Authority G3 |
2019-06-11 - 2019-09-03 |
3 months | crt.sh |
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh | |
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-06-26 - 2020-06-25 |
a year | crt.sh |
*.pdffiller.com DigiCert ECC Secure Server CA |
2018-06-19 - 2019-09-18 |
a year | crt.sh |
www.cbnm.com DigiCert SHA2 Secure Server CA |
2019-05-21 - 2021-08-19 |
2 years | crt.sh |
www.firstcitizens.com DigiCert SHA2 Extended Validation Server CA |
2018-02-16 - 2020-02-17 |
2 years | crt.sh |
*.google.com Google Internet Authority G3 |
2019-06-11 - 2019-09-03 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html
Frame ID: 69A5E494DF33C769F57F37FEB4186DD8
Requests: 31 HTTP requests in this frame
Screenshot
Detected technologies
WordPress (CMS) ExpandDetected patterns
- html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
- script /\/wp-(?:content|includes)\//i
- headers link /rel="https:\/\/api\.w\.org\/"/i
PHP (Programming Languages) Expand
Detected patterns
- html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
- script /\/wp-(?:content|includes)\//i
- headers link /rel="https:\/\/api\.w\.org\/"/i
MySQL (Databases) Expand
Detected patterns
- html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
- script /\/wp-(?:content|includes)\//i
- headers link /rel="https:\/\/api\.w\.org\/"/i
Bootstrap (Web Frameworks) Expand
Detected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
- script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
FancyBox (JavaScript Libraries) Expand
Detected patterns
- script /jquery\.fancybox(?:\.pack|\.min)?\.js(?:\?v=([\d.]+))?$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
- script /jquery\.fancybox(?:\.pack|\.min)?\.js(?:\?v=([\d.]+))?$/i
Page Statistics
11 Outgoing links
These are links going to different origins than the main page.
Title: Source
Search URL Search Domain Scan URL
Title: Source
Search URL Search Domain Scan URL
Title: Source
Search URL Search Domain Scan URL
Title: Source
Search URL Search Domain Scan URL
Title: Source
Search URL Search Domain Scan URL
Title: Source
Search URL Search Domain Scan URL
Title: Source
Search URL Search Domain Scan URL
Title: Source
Search URL Search Domain Scan URL
Title: Source
Search URL Search Domain Scan URL
Title: Source
Search URL Search Domain Scan URL
Title: Source
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
31 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
wiring-instructions-citizens-bank.html
13.jtyh.erlenhof-zucht.de/vfe/ |
26 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.1.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ |
36 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
116.202.19.95/wp-content/themes/gn/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.mousewheel.pack.js
116.202.19.95/wp-content/themes/gn/images/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fancybox.css
116.202.19.95/wp-content/themes/gn/images/source/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fancybox.pack.js
116.202.19.95/wp-content/themes/gn/images/source/ |
23 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fancybox-buttons.css
116.202.19.95/wp-content/themes/gn/images/source/helpers/ |
2 KB 1019 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fancybox-buttons.js
116.202.19.95/wp-content/themes/gn/images/source/helpers/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fancybox-media.js
116.202.19.95/wp-content/themes/gn/images/source/helpers/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fancybox-thumbs.css
116.202.19.95/wp-content/themes/gn/images/source/helpers/ |
735 B 584 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fancybox-thumbs.js
116.202.19.95/wp-content/themes/gn/images/source/helpers/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wiring-instructions-citizens-bank-wiring-diagram-services-citizens-bank-beneficiary-form.jpg
www.kurashix.com/wp-content/uploads/2018/10/ |
293 KB 293 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
citzens-check.jpg
online-banking.org/wp-content/uploads/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
routing-number-icon.png
online-banking.org/wp-content/uploads/2014/10/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
literature-citizens-bank-beneficiary-form-630x380.png
www.kurashix.com/wp-content/uploads/2018/10/ |
135 KB 135 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wiring-instructions-citizens-bank-wiring-diagram-services-citizens-bank-beneficiary-form-630x380.jpg
www.kurashix.com/wp-content/uploads/2018/10/ |
34 KB 34 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
reporting-trust-and-estate-distributions-to-foreign-beneficiaries-citizens-bank-beneficiary-form-630x380.png
www.kurashix.com/wp-content/uploads/2018/10/ |
177 KB 177 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
421566637.png
www.pdffiller.com/preview/421/566/ |
830 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile-deposit.jpg
www.cbnm.com/sites/www.cbnm.com/themes/composerv1/images/ |
122 KB 122 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
cit-logo-120x120.jpeg
www.onlinebankdirectory.com/wp-content/uploads/2017/04/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CitizensBankRoutingNumber_mob2.jpg
www.citizensbank.com/assets/CB_resources/images/content_2_0/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
25838.png
preview-templates.biztreeapps.com/thumbnails_size/460px/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Cit_Bank_Calc_mobile_2x.png
www.citizensbank.com/assets/CB_media/images/im/CIT_BANK_CALC/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
logo.jpg
www.cbkamericus.com/design/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Savings.svg
texascitizensbank.com/wp-content/uploads/2017/08/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
transfers_hdr.png
www.firstcitizens.com/content/images/digital/ |
25 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
images
encrypted-tbn0.gstatic.com/ |
7 KB 7 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
secure-icon.png
116.202.19.95/wp-content/themes/gn/images/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
js15_as.js
s10.histats.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- online-banking.org
- URL
- https://online-banking.org/wp-content/uploads/citzens-check.jpg
- Domain
- online-banking.org
- URL
- https://online-banking.org/wp-content/uploads/2014/10/routing-number-icon.png
- Domain
- www.onlinebankdirectory.com
- URL
- http://www.onlinebankdirectory.com/wp-content/uploads/2017/04/cit-logo-120x120.jpeg
- Domain
- www.citizensbank.com
- URL
- https://www.citizensbank.com/assets/CB_resources/images/content_2_0/CitizensBankRoutingNumber_mob2.jpg
- Domain
- preview-templates.biztreeapps.com
- URL
- https://preview-templates.biztreeapps.com/thumbnails_size/460px/25838.png
- Domain
- www.citizensbank.com
- URL
- https://www.citizensbank.com/assets/CB_media/images/im/CIT_BANK_CALC/Cit_Bank_Calc_mobile_2x.png
- Domain
- www.cbkamericus.com
- URL
- https://www.cbkamericus.com/design/logo.jpg
- Domain
- texascitizensbank.com
- URL
- https://texascitizensbank.com/wp-content/uploads/2017/08/Savings.svg
- Domain
- s10.histats.com
- URL
- http://s10.histats.com/js15_as.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Banking (Banking)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery object| _Hasync0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
13.jtyh.erlenhof-zucht.de
ajax.googleapis.com
encrypted-tbn0.gstatic.com
maxcdn.bootstrapcdn.com
online-banking.org
preview-templates.biztreeapps.com
s10.histats.com
texascitizensbank.com
www.cbkamericus.com
www.cbnm.com
www.citizensbank.com
www.firstcitizens.com
www.kurashix.com
www.onlinebankdirectory.com
www.pdffiller.com
online-banking.org
preview-templates.biztreeapps.com
s10.histats.com
texascitizensbank.com
www.cbkamericus.com
www.citizensbank.com
www.onlinebankdirectory.com
116.202.19.95
192.0.50.124
209.197.3.15
2606:4700:30::681c:11e9
2a00:1450:4001:808::200a
2a00:1450:4001:81d::200e
2a02:26f0:6c00:187::3c9a
69.89.129.19
0774d7e7d48a0eb66afdc672356268aa188a9f09dfc9662d2a9c07287db47ab5
125687b1ba1701a9a06abd8511acb55e725ece00a264a10bc2a27694c5b1e145
21ed5613a9b442b053dd2dec13d6212ec4ec3599a48cc66a74f153c2f4bcdd79
24c5bc2c3e0ceee4fa47facec5f688cb9649d1d9ae91ee4582af8b6425201d6a
2e7c234508c50968929979ca4772f37a1d1b861ca514eebe34e3f6966942c497
2ea415cd4e34ee427ef9d5f07b73e43cd8feb5ca73ba42d799a7f396855b56fb
3262d61214c051fd1ddc466741e89970ef1755f2044de8ba9d6821a7adfa8841
33675f4a8b0e98d8cac9af2b3cd9374abd17070a24de91ee5c4035754c9127f5
350116180d1380c4d6a892badb35ac9e41fa80d165e822a43264ef52dda640ce
3572f5f7695aa3dd41d63fabd2410a1af75aba46bf4e6e116d0c06735b5338b0
5219a1cf0ee95c4130a134857ea3aec0a1faa46378d08d60be6f9506eb755f1b
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5512f400cac3fbb1fdfbb02989ed098f88a2af5a6e4ba3d88a039bc421ea7ffe
590f387b0eb98f9507c0697fc62872b8f4047201e2daa1c4dd3169fdc5614d43
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
9293004ffea27d33c649adfb86cc7a14bffebd27eb61e65be86f93457ba576a0
9affe5c517b86320fb70fb24812ccfbd9aa27f8078ff6024f9e58c0e2033d4ba
aba8193ed29acc214f4afc7fecf8766de16fda4d7d0f02cb2f88349cf797f9c4
d836d81acb5d5e712c55c4f7911d93513fe1d7d0336353085aa5bd0f36b6998c
e5039e2221ad6b206c213c77be0b4e477234a47dddd4c39327edabb58f11339a
f51a418aede1e4e22f87a247f4847d94eb87f9f92197ef73284924b5d39dee16
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c