raiffeisen-vob1.xyz
Open in
urlscan Pro
2606:4700:3034::6815:4b0c
Malicious Activity!
Public Scan
Effective URL: https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
Submission: On June 07 via manual from DE
Summary
TLS certificate: Issued by R3 on June 2nd 2021. Valid for: 3 months.
This is the only time raiffeisen-vob1.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Volksbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3036::6815:2642 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 7 | 2606:4700:303... 2606:4700:3034::6815:4b0c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6810:125e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
raiffeisen-vob1.xyz
1 redirects
raiffeisen-vob1.xyz |
107 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com |
31 KB |
1 |
vibaklein.com
1 redirects
vibaklein.com |
620 B |
8 | 3 |
Domain | Requested by | |
---|---|---|
7 | raiffeisen-vob1.xyz |
1 redirects
raiffeisen-vob1.xyz
|
2 | cdnjs.cloudflare.com |
raiffeisen-vob1.xyz
|
1 | vibaklein.com | 1 redirects |
8 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.raiffeisen-vob1.xyz R3 |
2021-06-02 - 2021-08-31 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-21 - 2021-10-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
Frame ID: 56F8557A5AAA36D091263847A029FF5A
Requests: 8 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://vibaklein.com/vabo1
HTTP 307
https://raiffeisen-vob1.xyz/?s=motpvojtxr3ujyj2mi3bv8etub6nl17s HTTP 302
https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdsh... Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://vibaklein.com/vabo1
HTTP 307
https://raiffeisen-vob1.xyz/?s=motpvojtxr3ujyj2mi3bv8etub6nl17s HTTP 302
https://raiffeisen-vob1.xyz/login/DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3-29 |
Primary Request
DpJMuLamGHX&sfTWnYeVfKTHBb=LyaHQvTQOQe-KeZnryMPEkSjSSAjLgKIhr&NXqwHdshFIajQiIJ=MQlycFFIlMY
raiffeisen-vob1.xyz/login/ Redirect Chain
|
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
c3R5bGUuY3NzLXAxMjV2MTd1c3ZlOHZsY3FuYzg2ZmI2cm85
raiffeisen-vob1.xyz/assets/css/style/ |
190 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
echtzeit.jpg
raiffeisen-vob1.xyz/images/ |
65 KB 65 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/ |
86 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.15/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
c2l0ZS5qcy1wMTI1djE3dXN2ZTh2bGNxbmM4NmZiNnJvOQ
raiffeisen-vob1.xyz/assets/js/site/ |
13 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
logo.png
raiffeisen-vob1.xyz/images/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
help.svg
raiffeisen-vob1.xyz/images/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Volksbank (Banking)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| $jscomp function| U2l0ZS1wMTI1djE3dXN2ZTh2bGNxbmM4NmZiNnJvOQ object| c2l0ZS1wMTI1djE3dXN2ZTh2bGNxbmM4NmZiNnJvOQ1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
raiffeisen-vob1.xyz/ | Name: PHPSESSID Value: p125v17usve8vlcqnc86fb6ro9 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
raiffeisen-vob1.xyz
vibaklein.com
2606:4700:3034::6815:4b0c
2606:4700:3036::6815:2642
2606:4700::6810:125e
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
3153a9788efda3e43dfaafdab7157fa9c5666ca4587a64184e751ee5c9984f17
484e193247ff1d9817990f0a936e75dc76ed69859cf8f1c854dff331fda44da8
902d505be7f62ed937943900e4a9548f7e79c564a6749f9c81bd7017114d208c
a21b24f68ca3571ba8217a72dd1171ab363b3a4a19a6b0f1ec267a345f2ea868
bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e
c61d61ea681e1095275ee0e1aedeafbd2c09fad8c371334df23d39effa47c0b6
f925f4c3b3aef454d845b98490601cb26f391720bfe36879a466b02c74b61e95