secure350.servconfig.com Open in urlscan Pro
213.165.242.55  Malicious Activity! Public Scan

13 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
6 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response secure350.servconfig.com/~a373525/box/	2 MB 2 MB	170ms 26ms	Document text/html	213.165.242.55 INMOTION
General Check archive.org Show headers Download Go to Full URL https://secure350.servconfig.com/~a373525/box/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 213.165.242.55 , United States, ASN22611 (INMOTION, US), Reverse DNS amsres350.servconfig.com Software Apache / Resource Hash 07d6126a6cf6fd69aa3604dab020b277f4f1d470007865bf8d2dbfcae2f8711e Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes content-length 2030438 content-type text/html date Thu, 30 May 2024 14:11:39 GMT last-modified Wed, 29 May 2024 06:04:58 GMT server Apache
GET DATA	200 OK	truncated /	243 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 8c477933a91763dd80d66840a72f9b25bee4250bc4adb2ec15932d5f6a473ecf Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	7 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 12164efcaf829ad24ff7a8367cdcd40dde1d4c23d437d28d791617a8827d7115 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	25 KB 25 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash be4beee7d867a4c4702b8ab281d1d11884a6b7ae9a5e74aac6b141000cb248de Request headers Referer Origin https://secure350.servconfig.com Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	25 KB 25 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 55cb206a77ff71092c309352fcb5927a389382ae678bab55f85ab13ed6239d31 Request headers Referer Origin https://secure350.servconfig.com Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	247 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 02e6dbdfca6b937ecdfc58243416e028997733e6df871ce833fee5c10c96657b Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers Content-Type image/jpeg
GET H2	200	saved_resource.html Show response secure350.servconfig.com/~a373525/box/Postbank%20Banking%20&%20Brokerage.._files/ Frame 54F4	483 B 537 B	19ms 18ms	Document text/html	213.165.242.55 INMOTION
General Check archive.org Show headers Download Go to Full URL https://secure350.servconfig.com/~a373525/box/Postbank%20Banking%20&%20Brokerage.._files/saved_resource.html Requested by Host: secure350.servconfig.com URL: https://secure350.servconfig.com/~a373525/box/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 213.165.242.55 , United States, ASN22611 (INMOTION, US), Reverse DNS amsres350.servconfig.com Software Apache / Resource Hash 817881650ee0edc8d2f2de7be553daf45fd424c92b580da50bafe12dab611866 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://secure350.servconfig.com/~a373525/box/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes content-length 483 content-type text/html date Thu, 30 May 2024 14:11:39 GMT last-modified Thu, 04 Jan 2024 07:49:36 GMT server Apache
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 3ab65524380fa9267bbcf2d4df64def918baeeaf4df69a2d58026d2149b68d96 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Postbank (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| savepage_ShadowLoader

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

secure350.servconfig.com
213.165.242.55
02e6dbdfca6b937ecdfc58243416e028997733e6df871ce833fee5c10c96657b
07d6126a6cf6fd69aa3604dab020b277f4f1d470007865bf8d2dbfcae2f8711e
12164efcaf829ad24ff7a8367cdcd40dde1d4c23d437d28d791617a8827d7115
3ab65524380fa9267bbcf2d4df64def918baeeaf4df69a2d58026d2149b68d96
55cb206a77ff71092c309352fcb5927a389382ae678bab55f85ab13ed6239d31
817881650ee0edc8d2f2de7be553daf45fd424c92b580da50bafe12dab611866
8c477933a91763dd80d66840a72f9b25bee4250bc4adb2ec15932d5f6a473ecf
be4beee7d867a4c4702b8ab281d1d11884a6b7ae9a5e74aac6b141000cb248de