urlz.fr
Open in
urlscan Pro
2606:4700:3038::6815:ead6
Malicious Activity!
Public Scan
Submission: On March 29 via manual from DE — Scanned from FR
Summary
This is the only time urlz.fr was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Volksbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2606:4700:303... 2606:4700:3038::6815:ead6 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
16 | 77.222.61.25 77.222.61.25 | 44112 (SWEB-AS) (SWEB-AS) | |
1 | 2a00:1450:400... 2a00:1450:4001:827::2008 | 15169 (GOOGLE) (GOOGLE) | |
6 12 | 151.139.128.11 151.139.128.11 | 20446 (STACKPATH...) (STACKPATH-CDN) | |
1 | 2606:4700:10:... 2606:4700:10::6816:30e3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
30 | 6 |
ASN44112 (SWEB-AS, RU)
PTR: vh289.sweb.ru
vrbnk0000t.temp.swtest.ru |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
swtest.ru
vrbnk0000t.temp.swtest.ru |
293 KB |
12 |
themoneytizer.com
6 redirects
ads.themoneytizer.com — Cisco Umbrella Rank: 25926 |
62 KB |
2 |
urlz.fr
urlz.fr — Cisco Umbrella Rank: 381218 |
8 KB |
1 |
adxcore.com
ad.adxcore.com — Cisco Umbrella Rank: 266032 |
2 KB |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 132 |
37 KB |
30 | 5 |
Domain | Requested by | |
---|---|---|
16 | vrbnk0000t.temp.swtest.ru |
urlz.fr
vrbnk0000t.temp.swtest.ru |
12 | ads.themoneytizer.com |
6 redirects
urlz.fr
|
2 | urlz.fr |
urlz.fr
|
1 | ad.adxcore.com |
urlz.fr
|
1 | www.googletagmanager.com |
urlz.fr
|
30 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.google-analytics.com GTS CA 1C3 |
2022-03-17 - 2022-06-09 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-07-07 - 2022-07-06 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
http://urlz.fr/hO8Q
Frame ID: 437328278A25FEB7D13EEE86D07AADA4
Requests: 10 HTTP requests in this frame
Frame:
http://vrbnk0000t.temp.swtest.ru/Login.php
Frame ID: 86AD8113A4CCF4343ECBE16BC3AD68D9
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
Portal für Privatkunden - Volksbank RaiffeisenbankDetected technologies
Advert Stream (Advertising Networks) ExpandDetected patterns
- (?:ad\.advertstream\.com|adxcore\.com)
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- http://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=6 HTTP 302
- https://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=6
- http://ads.themoneytizer.com/s/gen.js?type=6 HTTP 302
- https://ads.themoneytizer.com/s/gen.js?type=6
- http://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=28 HTTP 302
- https://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=28
- http://ads.themoneytizer.com/s/gen.js?type=28 HTTP 302
- https://ads.themoneytizer.com/s/gen.js?type=28
- http://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=1 HTTP 302
- https://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=1
- http://ads.themoneytizer.com/s/gen.js?type=1 HTTP 302
- https://ads.themoneytizer.com/s/gen.js?type=1
30 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
hO8Q
urlz.fr/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rocket-loader.min.js
urlz.fr/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ |
12 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Login.php
vrbnk0000t.temp.swtest.ru/ Frame 86AD |
157 KB 40 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
95 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
requestform.js
ads.themoneytizer.com/s/ Redirect Chain
|
110 KB 17 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gen.js
ads.themoneytizer.com/s/ Redirect Chain
|
4 KB 2 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
requestform.js
ads.themoneytizer.com/s/ Redirect Chain
|
117 KB 18 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gen.js
ads.themoneytizer.com/s/ Redirect Chain
|
4 KB 2 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
requestform.js
ads.themoneytizer.com/s/ Redirect Chain
|
117 KB 18 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gen.js
ads.themoneytizer.com/s/ Redirect Chain
|
4 KB 2 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
ad.adxcore.com/a/init/ |
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
vr021___-webfont.woff2
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
vr051___-webfont.woff2
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
409 B 683 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vr.css
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
648 KB 96 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-vr.svg
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
11 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
kampagne-zuversicht-bvr-1600x550.jpg
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kampagne-zuversicht-bvr-stoerer.png
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
82 KB 83 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
apple-pay-mastercard-1600x550-2.jpg
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
unwetterkatastrophe-bvr-1600x550.jpg
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
9 KB 10 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
unwetterkatastrophe-bvr-stoerer.png
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
29 KB 29 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
schwaebisch-hall.png
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
1009 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
union-investment.png
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
r-v.png
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
easy-credit.png
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dz-bank.png
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
969 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dz-privatbank.png
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vr-smart-finanz.png
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer-brands-dz-hyp.png
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
891 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
muenchener-hyp.png
vrbnk0000t.temp.swtest.ru/style/ Frame 86AD |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- vrbnk0000t.temp.swtest.ru
- URL
- http://vrbnk0000t.temp.swtest.ru/style/vr021___-webfont.woff2
- Domain
- vrbnk0000t.temp.swtest.ru
- URL
- http://vrbnk0000t.temp.swtest.ru/style/vr051___-webfont.woff2
- Domain
- vrbnk0000t.temp.swtest.ru
- URL
- http://vrbnk0000t.temp.swtest.ru/style/kampagne-zuversicht-bvr-1600x550.jpg
- Domain
- vrbnk0000t.temp.swtest.ru
- URL
- http://vrbnk0000t.temp.swtest.ru/style/apple-pay-mastercard-1600x550-2.jpg
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Volksbank (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| structuredClone object| oncontextlost object| oncontextrestored object| __cfQR0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ad.adxcore.com
ads.themoneytizer.com
urlz.fr
vrbnk0000t.temp.swtest.ru
www.googletagmanager.com
vrbnk0000t.temp.swtest.ru
151.139.128.11
2606:4700:10::6816:30e3
2606:4700:3038::6815:ead6
2a00:1450:4001:827::2008
77.222.61.25
07602c282af342c14e9e273a2e2a076691dfb31d6f545655d93407d57a5197b1
12f8ff0cdb3c7d09b2fd5a0bbad514318283c15fcbbb224bb7fd6d5225b95c50
21da0d5e35a3dbe9f020686f4e0389c01fe3a8d7d2f892ea100f7969b58a0e6f
2509ee988f99f9602749a74d5be09de52f0d0da0d91792c9225d7c5f885994cb
336563a08e742fa552e455b6a981b8a5a4893f55ccbe156a8cd32400a1e85590
359cd9f710ebfa3c48a36b951207cf31e31ec57ac51a5a30b5cfc050a86136cb
3b0b1a81e628f8f1e65cf42231b3206acb63c91d3e1023565684d5b67daf3795
50db2e9001bec00e6d3694302f49ad3ac15ddf8430f6d1f09f2e95d4fd293659
56d9b5ca65d66f2848a6101725462beff731f56f977434a8fb0a5a51a3db671d
5735845630edf16424bffe3a1bfb8909d86da623c5fb56c3111e01bff1d8738e
63c6df19c6ecf63f60d07b9851a8fb9fea860bbe15faa1adc7e39020639293ce
7b44b377da55d29f0ce55d46bd39e0b6238d708780201010001d735adcce5191
7d2b3e8a1d6b172ea7936a53c5a937dcb7bc22b5bd5be45c048c4af9fca56d66
9bd7b25907ab8820da95d54b5b42106a16bbde71bb833107b2831c0bf642522d
9c26f7da50967fc6a97bed5aa2e483e22666530c5474469c59834ebc371e4669
9d624a34abafa8aecfc4a275a095251b8614c3381cd869e23b75304a72634162
9e8c63b62a891105bd80727fb009b5f57174cd5d93e352b72918a63d02bc0c4a
a98221c9155dc607127fe88bbcbc7d88296b084a56661ff27f627e7913dc5c8f
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d536c83caeb8fecf09c5e4ba72092956cf3f43416b9144826265e1f9b9a95fe0
dc4af140924081d5079f67a7d106c06cddedb3c9b725df91d184c7c2462c424c
ea5f3822559658e5d38c8ca89ad2cb67246c10d9ce97a37ce0f86cd541da8e02
ee2c214d2fab6deccda9e13828ef031e3a07d011bf9496a618e37fbaea2404d7
f0e0f6db9042e443dbdab0dcada5450fd3b3230e3eed4ba9060133bf097f827f