urlscan.io logo urlscan.io
SecurityTrails logo

raiffeisen-vob1.xyz Open in urlscan Pro
2606:4700:3034::6815:4b0c  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://vibaklein.com/vabo1
Effective URL: https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
Submission: On June 07 via manual from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 8 HTTP transactions. The main IP is 2606:4700:3034::6815:4b0c, located in United States and belongs to CLOUDFLARENET, US. The main domain is raiffeisen-vob1.xyz.
TLS certificate: Issued by R3 on June 2nd 2021. Valid for: 3 months.
This is the only time raiffeisen-vob1.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Volksbank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 7 2606:4700:303... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
8 2
Apex Domain
Subdomains		 Transfer
7 raiffeisen-vob1.xyz
raiffeisen-vob1.xyz
107 KB
2 cloudflare.com
cdnjs.cloudflare.com
31 KB
1 vibaklein.com
vibaklein.com
620 B
8 3
Domain Requested by
7 raiffeisen-vob1.xyz 1 redirects raiffeisen-vob1.xyz
2 cdnjs.cloudflare.com raiffeisen-vob1.xyz
1 vibaklein.com 1 redirects
8 3

This site contains no links.

Subject Issuer Validity Valid
*.raiffeisen-vob1.xyz
R3		 2021-06-02 -
2021-08-31		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-10-21 -
2021-10-20		 a year crt.sh

This page contains 1 frames:

Primary Page: https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
Frame ID: 56F8557A5AAA36D091263847A029FF5A
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://vibaklein.com/vabo1 HTTP 307
    https://raiffeisen-vob1.xyz/?s=motpvojtxr3ujyj2mi3bv8etub6nl17s HTTP 302
    https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdsh... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

8
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

137 kB
Transfer

380 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://vibaklein.com/vabo1 HTTP 307
    https://raiffeisen-vob1.xyz/?s=motpvojtxr3ujyj2mi3bv8etub6nl17s HTTP 302
    https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
raiffeisen-vob1.xyz/login/
Redirect Chain
  • https://vibaklein.com/vabo1
  • https://raiffeisen-vob1.xyz/?s=motpvojtxr3ujyj2mi3bv8etub6nl17s
  • https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:4b0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a21b24f68ca3571ba8217a72dd1171ab363b3a4a19a6b0f1ec267a345f2ea868

Request headers

:method
GET
:authority
raiffeisen-vob1.xyz
:scheme
https
:path
/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
PHPSESSID=p125v17usve8vlcqnc86fb6ro9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 07 Jun 2021 06:32:15 GMT
content-type
text/html; charset=UTF-8
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
vary
Accept-Encoding
cf-cache-status
DYNAMIC
cf-request-id
0a86c51213000016ea800a3000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=eVmADZvkWpmaW8A4DjnfqSUlWcDl%2FTVh81dXIjjpkjzTNBUov9Tb8tf3sg9JZO4ADU104J0ODt5khNfbO83YLW0Q4l9aMFH4UUKwFfpsiJiOav57Hsodu%2ByrUN8UCiDCTxgG%2F8W9q0y%2FkhiUcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
65b7d7968b0f16ea-FRA
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

date
Mon, 07 Jun 2021 06:32:15 GMT
content-type
text/html; charset=UTF-8
set-cookie
PHPSESSID=p125v17usve8vlcqnc86fb6ro9; path=/
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
location
https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
cf-cache-status
DYNAMIC
cf-request-id
0a86c5112e0000dfff4d2cb000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=E4xKrHa6SgBXLjwiEDi4Lmuak9twh81S757dnGgsbVFWXOl38t3MBGtseK%2FLHmaopHy3IwiUU8QTsqVkUXfnb2BIEqHkbNxD%2Bm%2F1TjzKOQlwN1pJgbGNsm5TuD4FsKxvrMT4smYdRAwIezavrw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
65b7d7950e30dfff-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
c3R5bGUuY3NzLXAxMjV2MTd1c3ZlOHZsY3FuYzg2ZmI2cm85
raiffeisen-vob1.xyz/assets/css/style/ 		190 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://raiffeisen-vob1.xyz/assets/css/style/c3R5bGUuY3NzLXAxMjV2MTd1c3ZlOHZsY3FuYzg2ZmI2cm85
Requested by
Host: raiffeisen-vob1.xyz
URL: https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:4b0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c61d61ea681e1095275ee0e1aedeafbd2c09fad8c371334df23d39effa47c0b6

Request headers

:path
/assets/css/style/c3R5bGUuY3NzLXAxMjV2MTd1c3ZlOHZsY3FuYzg2ZmI2cm85
pragma
no-cache
cookie
PHPSESSID=p125v17usve8vlcqnc86fb6ro9
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
raiffeisen-vob1.xyz
referer
https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Jun 2021 06:32:15 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=310fZObIavzLFOJATLFsbaNXxen72dwE%2Fr7AJXFeiFd9Yi2w6XUziV2nr4abkV3FNXQRjsuydiHvf9ijRwizT%2BtUTn43Y0Yg1zA4hdNM97aflk%2FVXNDz8YG39HXuy0Y31FHsJrWdVU5XBCn%2BIw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css;charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
cf-ray
65b7d797fe1916ea-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0a86c512f8000016eab4b81000000001
expires
Thu, 19 Nov 1981 08:52:00 GMT
echtzeit.jpg
raiffeisen-vob1.xyz/images/ 		65 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raiffeisen-vob1.xyz/images/echtzeit.jpg?UkydDREUHEVZ
Requested by
Host: raiffeisen-vob1.xyz
URL: https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:4b0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f925f4c3b3aef454d845b98490601cb26f391720bfe36879a466b02c74b61e95

Request headers

:path
/images/echtzeit.jpg?UkydDREUHEVZ
pragma
no-cache
cookie
PHPSESSID=p125v17usve8vlcqnc86fb6ro9
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
raiffeisen-vob1.xyz
referer
https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 07 Jun 2021 06:32:15 GMT
cf-cache-status
MISS
nel
{"report_to":"cf-nel","max_age":604800}
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
66338
cf-request-id
0a86c512f8000016eac0819000000001
last-modified
Tue, 09 Jul 2019 18:44:25 GMT
server
cloudflare
etag
"10322-58d43f3227440"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=rKi3lVLGszeZFrQ6rc3CLBr3jIcvYOin%2FCWV6%2BaJ4pADP6XDODzBZSBS7U1beDGt6zNHCRe3veoH%2FhgKpvwDNHMJZSx4o2MocQ7aPxwYBlHjDe%2Fqxi9w8MU2Uf8RGQJk4qoFDBC%2Fzu%2FvubZ%2F3g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
65b7d797fe1c16ea-FRA
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/ 		86 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
Requested by
Host: raiffeisen-vob1.xyz
URL: https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://raiffeisen-vob1.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 07 Jun 2021 06:32:15 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
5911692
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
27748
cf-request-id
0a86c512fb00002bf64f117000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-15851"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=cW%2FlxawP7yoyHm%2Fpb2XjM5AYUGr6tG4cBSYx3ah0YKIx5DbzB3R%2BdParJC1vT77vevMMnkn5rPGi1j%2FX9y8HmeZcHgsuaiRoKi9vMOOcWTR%2FyN9yjVuRM1T0%2FoMwe%2Bordv3AfzGQVwXBiGF3EA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
65b7d797fe992bf6-FRA
expires
Sat, 28 May 2022 06:32:15 GMT
jquery.mask.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.15/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.15/jquery.mask.min.js
Requested by
Host: raiffeisen-vob1.xyz
URL: https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://raiffeisen-vob1.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 07 Jun 2021 06:32:15 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6599566
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
3038
cf-request-id
0a86c512fa00002bf6aa2c9000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec3-1ff9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gjpgDK%2BR6rge0dW34zKk7NVpjXBX9YbnRZvnV%2BntlKTz%2FEbR6LG6qFCYGkke0%2FK44lw8r8w7oaBWH8wcUzs%2BTU9BvwY9q2TaWMAfF1lR0s62bFIm94UU%2B7zE4MjpRZtHplG13BYknaq%2BSbuW9w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
65b7d797fe9b2bf6-FRA
expires
Sat, 28 May 2022 06:32:15 GMT
c2l0ZS5qcy1wMTI1djE3dXN2ZTh2bGNxbmM4NmZiNnJvOQ
raiffeisen-vob1.xyz/assets/js/site/ 		13 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://raiffeisen-vob1.xyz/assets/js/site/c2l0ZS5qcy1wMTI1djE3dXN2ZTh2bGNxbmM4NmZiNnJvOQ
Requested by
Host: raiffeisen-vob1.xyz
URL: https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:4b0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3153a9788efda3e43dfaafdab7157fa9c5666ca4587a64184e751ee5c9984f17

Request headers

:path
/assets/js/site/c2l0ZS5qcy1wMTI1djE3dXN2ZTh2bGNxbmM4NmZiNnJvOQ
pragma
no-cache
cookie
PHPSESSID=p125v17usve8vlcqnc86fb6ro9
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
raiffeisen-vob1.xyz
referer
https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Jun 2021 06:32:15 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=FZLkqFyZD7Lxtq7BA2HdAoC4jLfH17xFcLcBomqt4BP%2B43HChudzKsPXUhwMp7PPWMvXA8OMm5Mxr%2FaV%2FwsSrbfLY8xRguz0U6moF00Lr4bXae6lICVrfueK78uYvwk4dJQKJnCRSudS6cWjkw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript;charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
cf-ray
65b7d797fe2016ea-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0a86c512f9000016ead537c000000001
expires
Thu, 19 Nov 1981 08:52:00 GMT
logo.png
raiffeisen-vob1.xyz/images/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raiffeisen-vob1.xyz/images/logo.png?fUEBcTApQFPc
Requested by
Host: raiffeisen-vob1.xyz
URL: https://raiffeisen-vob1.xyz/assets/css/style/c3R5bGUuY3NzLXAxMjV2MTd1c3ZlOHZsY3FuYzg2ZmI2cm85
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:4b0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
484e193247ff1d9817990f0a936e75dc76ed69859cf8f1c854dff331fda44da8

Request headers

:path
/images/logo.png?fUEBcTApQFPc
pragma
no-cache
cookie
PHPSESSID=p125v17usve8vlcqnc86fb6ro9
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
raiffeisen-vob1.xyz
referer
https://raiffeisen-vob1.xyz/assets/css/style/c3R5bGUuY3NzLXAxMjV2MTd1c3ZlOHZsY3FuYzg2ZmI2cm85
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://raiffeisen-vob1.xyz/assets/css/style/c3R5bGUuY3NzLXAxMjV2MTd1c3ZlOHZsY3FuYzg2ZmI2cm85
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 07 Jun 2021 06:32:15 GMT
cf-cache-status
MISS
nel
{"report_to":"cf-nel","max_age":604800}
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
11628
cf-request-id
0a86c5141e000016eac3b9e000000001
last-modified
Tue, 09 Jul 2019 18:44:25 GMT
server
cloudflare
etag
"2d6c-58d43f3227440"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=CNe3fbFFRTwrinM1%2BRNMdgNLCCn7N8fe8EGsY9b5UfaS2MEeJw8lSspITsw5mImKvrr7N91uCdO16hw3%2B0YKwqwFhALSXJvWt%2BRZyn6gNeT23p5MI1zC6Li18a3L7HEfTtIOHtJIFXAnBUTbZA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
65b7d799c94416ea-FRA
help.svg
raiffeisen-vob1.xyz/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raiffeisen-vob1.xyz/images/help.svg?oxoVMbsDPSzk
Requested by
Host: raiffeisen-vob1.xyz
URL: https://raiffeisen-vob1.xyz/assets/css/style/c3R5bGUuY3NzLXAxMjV2MTd1c3ZlOHZsY3FuYzg2ZmI2cm85
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:4b0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
902d505be7f62ed937943900e4a9548f7e79c564a6749f9c81bd7017114d208c

Request headers

:path
/images/help.svg?oxoVMbsDPSzk
pragma
no-cache
cookie
PHPSESSID=p125v17usve8vlcqnc86fb6ro9
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
raiffeisen-vob1.xyz
referer
https://raiffeisen-vob1.xyz/assets/css/style/c3R5bGUuY3NzLXAxMjV2MTd1c3ZlOHZsY3FuYzg2ZmI2cm85
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://raiffeisen-vob1.xyz/assets/css/style/c3R5bGUuY3NzLXAxMjV2MTd1c3ZlOHZsY3FuYzg2ZmI2cm85
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 07 Jun 2021 06:32:15 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 09 Jul 2019 18:44:25 GMT
server
cloudflare
etag
W/"4b5-58d43f3227440"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=YdaS8MTq0HQOiuNh3XG9aVnBYR%2Bzny16PPDu1Jx2n237T2e6Fhz92PUftBSZ3PGXkkRp7qtVHSnSpD06T1NKlzl1yK4IS1CuxSI8jTcmbSzzy0VTvE17su3oivMjVKI0yMm42mhOw842ioA5mw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
65b7d799c94616ea-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0a86c5141f000016eaec967000000001

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Volksbank (Banking)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| $jscomp function| U2l0ZS1wMTI1djE3dXN2ZTh2bGNxbmM4NmZiNnJvOQ object| c2l0ZS1wMTI1djE3dXN2ZTh2bGNxbmM4NmZiNnJvOQ

1 Cookies

Domain/Path Name / Value
raiffeisen-vob1.xyz/ Name: PHPSESSID
Value: p125v17usve8vlcqnc86fb6ro9