pst-bk.web.app
Open in
urlscan Pro
2620:0:890::100
Malicious Activity!
Public Scan
Effective URL: https://pst-bk.web.app/
Submission: On May 10 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1D4 on April 12th 2022. Valid for: 3 months.
This is the only time pst-bk.web.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Postbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 185.215.180.114 185.215.180.114 | 51167 (CONTABO) (CONTABO) | |
2 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
13 | 159.223.4.96 159.223.4.96 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2606:4700::68... 2606:4700::6810:5714 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 3 | 2606:4700::68... 2606:4700::6810:7caf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1a | 20446 (STACKPATH...) (STACKPATH-CDN) | |
22 | 8 |
ASN51167 (CONTABO, DE)
PTR: vmi748908.contaboserver.net
opencoursa.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
servehttp.com
devcloud.servehttp.com |
268 KB |
3 |
unpkg.com
2 redirects
unpkg.com — Cisco Umbrella Rank: 1250 |
4 KB |
3 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 574 |
95 KB |
2 |
web.app
pst-bk.web.app |
910 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 936 |
30 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 341 |
6 KB |
1 |
opencoursa.com
opencoursa.com |
336 B |
22 | 7 |
Domain | Requested by | |
---|---|---|
13 | devcloud.servehttp.com |
pst-bk.web.app
devcloud.servehttp.com |
3 | unpkg.com |
2 redirects
pst-bk.web.app
|
3 | cdn.jsdelivr.net |
pst-bk.web.app
|
2 | pst-bk.web.app |
cdn.jsdelivr.net
|
1 | code.jquery.com |
pst-bk.web.app
|
1 | cdnjs.cloudflare.com |
pst-bk.web.app
|
1 | opencoursa.com | |
22 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
opencoursa.com R3 |
2022-04-07 - 2022-07-06 |
3 months | crt.sh |
web.app GTS CA 1D4 |
2022-04-12 - 2022-07-11 |
3 months | crt.sh |
devcloud.servehttp.com R3 |
2022-04-19 - 2022-07-18 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-21 - 2022-09-20 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://pst-bk.web.app/
Frame ID: 4018EFDB9C826CBA355D5F7B9CE3F454
Requests: 24 HTTP requests in this frame
Screenshot
Page Title
Login - Postbank Banking & BrokeragePage URL History Show full URLs
- https://opencoursa.com/p0stbankde.asp Page URL
- https://pst-bk.web.app/ Page URL
Detected technologies
Vue.js (JavaScript Frameworks) ExpandDetected patterns
- (?:/([\d.]+))?/vue(?:\.min)?\.js
Axios (JavaScript libraries) Expand
Detected patterns
- /axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://opencoursa.com/p0stbankde.asp Page URL
- https://pst-bk.web.app/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://unpkg.com/http-vue-loader HTTP 302
- https://unpkg.com/http-vue-loader@1.4.2 HTTP 302
- https://unpkg.com/http-vue-loader@1.4.2/src/httpVueLoader.js
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
p0stbankde.asp
opencoursa.com/ |
164 B 336 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
pst-bk.web.app/ |
2 MB 910 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KhadmoPush.js
devcloud.servehttp.com/static/ |
264 KB 265 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
axios.min.js
cdnjs.cloudflare.com/ajax/libs/axios/0.24.0/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vue.js
cdn.jsdelivr.net/npm/vue/dist/ |
336 KB 91 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
httpVueLoader.js
unpkg.com/http-vue-loader@1.4.2/src/ Redirect Chain
|
11 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vue-loading.min.js
cdn.jsdelivr.net/npm/vue-loading-overlay@3.4.2/dist/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vue-loading.css
cdn.jsdelivr.net/npm/vue-loading-overlay@3/dist/ |
539 B 620 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
start
devcloud.servehttp.com/api/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
start
devcloud.servehttp.com/api/ |
163 B 542 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
612 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
15 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
50 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
svg-icon-sprite.svg
pst-bk.web.app/bundles/@pbs/patternlib_pb/lib/runtime/assets/images/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1016 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
48 KB 48 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
41 KB 41 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
ping
devcloud.servehttp.com/api/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
event
devcloud.servehttp.com/api/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
ping
devcloud.servehttp.com/api/ |
162 B 541 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
event
devcloud.servehttp.com/api/ |
19 B 399 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
ping
devcloud.servehttp.com/api/ |
162 B 539 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
ping
devcloud.servehttp.com/api/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
ping
devcloud.servehttp.com/api/ |
162 B 543 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
ping
devcloud.servehttp.com/api/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
ping
devcloud.servehttp.com/api/ |
162 B 543 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
ping
devcloud.servehttp.com/api/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Postbank (Banking)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| a0c function| a0d function| KhadmoPush_start function| KhadmoPush_validate object| KhadmoPush_helpers object| $KhadmoPush function| axios function| Vue function| httpVueLoader object| VueLoading function| $ function| jQuery object| app object| casVue0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
devcloud.servehttp.com
opencoursa.com
pst-bk.web.app
unpkg.com
159.223.4.96
185.215.180.114
2001:4de0:ac18::1:a:1a
2606:4700::6810:5714
2606:4700::6810:7caf
2606:4700::6811:190e
2620:0:890::100
0392b37cafa1d3eaf5f00c2594df53bea1f7c7059180098d4185a2425d580d1c
131d1ca390a6c78cfc5107889980dbd155184886cc0dd81400478d1330b805fe
1dba4aed649c01e3a9864ed3313c4b506525c74e107760f113b31dc044a0f452
2afc1ff4a798ce317d694abd9ecb5dc5f7e1211f80e3864902c0f6da65746c14
2b46a500fcaaee5c95cbe3ebeb539f6f9a7a14978387f696ab6f092838e9c920
2bb21743974adb08098e006cc987afaa9276f78d06b23dca4c80290c1547f2e3
33f227be2f5d1077c023bf5bfaa69f4498c74c3771d820ac23e2e2ca2a2bcd0d
44a485e43d7c032784496d17e884bdc41683d3ad3d9999287fa848a2f698ac20
45bf1038c80c2272984535dbbe5a664e933708fc1bdc6455266f3659b78c0490
545d99b57daa48a5fd7781e1ace4be2422a069625a8c71924d2a245998755df7
553fc093f4b619f0f355bf89e4d885c25eb88df06997e5a58eb3d11947e0b385
68e795c679590da889387b2a35654e30db0a7621b1813f246cba75a7546fdac7
69b75483b270421e1a89426dd59387ba090772313561c3e9fa415396a78e8936
9dc37dbcde90c602fd764a7b1d5c082781a620a40a0d8ac53bf6e6a5a17a7073
aed6ac78b8249a9c7cff0030f3b921ee9f771cb1684164f3e679e1023a4d5c69
b057ca7e51cac4b7c541abafc9261863c6f81725593b8aa16d9afa6867e6217c
b2fbd06ab6f68e23006205b0b76fbc625d1ccdd455fccd0386250fd4c2b84363
e944379cc78ff50a1acd9af21d21785c26faf1df84e4c19a587f0775cbe69455
fe5103f855975085f28d2a255145a386f30d2afe2a1b26fa9943d74b54859b7b
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e