srv082.doctorhoster.com Open in urlscan Pro
92.204.162.165 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://srv082.doctorhoster.com/~martsbyh/xs/
Submission: On February 22 via api (February 22nd 2024, 1:55:11 pm UTC) from EE — Scanned from CH

Summary HTTP 2 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 2 HTTP transactions. The main IP is 92.204.162.165, located in Strasbourg, France and belongs to VELIANET-AS velia.net Internetdienste GmbH, DE. The main domain is srv082.doctorhoster.com.
TLS certificate: Issued by R3 on February 13th 2024. Valid for: 3 months.

This is the only time srv082.doctorhoster.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Schweizerische Bundesbahnen (Transportation)

Domain & IP information

	IP Address		AS Autonomous System
1	92.204.162.165 92.204.162.165		29066 (VELIANET-...) (VELIANET-AS velia.net Internetdienste GmbH)
2	2

1 92.204.162.165 (Strasbourg, France)

ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE)
PTR: srv082.doctorhoster.com

srv082.doctorhoster.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	doctorhoster.com srv082.doctorhoster.com	4 MB
2	1

	Domain	Requested by
1	srv082.doctorhoster.com
2	1

This site contains links to these domains. Also see Links.

Domain
www.sbb.ch
login.swisspass.ch
www.swisspass.ch
www.onetrust.com

Subject Issuer	Validity	Valid
srv082.doctorhoster.com R3	`2024-02-13` - `2024-05-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://srv082.doctorhoster.com/~martsbyh/xs/
Frame ID: 860684AC7FC20C19F5925582A5185931
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Back ButtonFilter Button

Page Statistics

2
Requests

50 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

4586 kB
Transfer

6630 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.sbb.ch/de/kaufen/pages/swisspass/redirect.xhtml
Title: Zurück zu SBB.ch

Search URL Search Domain Scan URL

URL: https://login.swisspass.ch/home

Search URL Search Domain Scan URL

URL: https://login.swisspass.ch/v3/pw-reset?lang=de&provider=sbbkn2&callback=oevlogin&param=5Nq6KmkLFmbeY5shAgp8vMA5gV1FAr
Title: Passwort vergessen?

Search URL Search Domain Scan URL

URL: https://login.swisspass.ch/v3/register?lang=de&provider=sbbkn2&callback=oevlogin&param=5Nq6KmkLFmbeY5shAgp8vMA5gV1FAr
Title: Jetzt registrieren

Search URL Search Domain Scan URL

URL: https://www.swisspass.ch/datenschutz
Title: Datenschutzerklärung

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
8 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response srv082.doctorhoster.com/~martsbyh/xs/	6 MB 4 MB	795ms 707ms	Document text/html	92.204.162.165 VELIANET-AS velia...
General Check archive.org Show headers Download Go to Full URL https://srv082.doctorhoster.com/~martsbyh/xs/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 92.204.162.165 Strasbourg, France, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE), Reverse DNS srv082.doctorhoster.com Software / PHP/7.4.33 Resource Hash `74930854752cd0603909fad6462a2776a5587080305eb41e7e36cf2b8b291f42` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 accept-language de-CH,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-encoding gzip content-type text/html; charset=UTF-8 date Thu, 22 Feb 2024 13:55:06 GMT vary Accept-Encoding x-powered-by PHP/7.4.33
GET DATA	200 OK	truncated /	14 KB 14 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf` Request headers Referer Origin https://srv082.doctorhoster.com accept-language de-CH,de;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type application/font-woff2
GET DATA	200 OK	truncated /	14 KB 14 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `966a89b8080879ba41c6b9f15c5efb58182c33a0d2d1e08748beb554b28b4997` Request headers Referer Origin https://srv082.doctorhoster.com accept-language de-CH,de;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type application/font-woff2
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d45fd2cc05090e4b504f361216b1032409ed3cdf9904f50ce56e8a6b0f3c006e` Request headers accept-language de-CH,de;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	137 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07` Request headers accept-language de-CH,de;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	7 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909` Request headers accept-language de-CH,de;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	272 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f766c7457c6ec463eaa85778aa47261344f1772e0b7cf1987ad212f889f472f5` Request headers accept-language de-CH,de;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	7 KB 7 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `78a4a776506b173ae79fd021d0e9003c7d653ca204ea1d69bea4d553f92f787d` Request headers Referer Origin https://srv082.doctorhoster.com accept-language de-CH,de;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e42fe383c86ab1185425bf334a44f9a311dd06d8ccf9e409d05b45dbe0bc48c6` Request headers accept-language de-CH,de;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	5 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d` Request headers accept-language de-CH,de;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Schweizerische Bundesbahnen (Transportation)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| savepage_ShadowLoader

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

srv082.doctorhoster.com
92.204.162.165
5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
74930854752cd0603909fad6462a2776a5587080305eb41e7e36cf2b8b291f42
78a4a776506b173ae79fd021d0e9003c7d653ca204ea1d69bea4d553f92f787d
8c6a5dc163115fa86582734510a28061e3f7746033d5d5ddba3224bcdba1ffa8
966a89b8080879ba41c6b9f15c5efb58182c33a0d2d1e08748beb554b28b4997
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07
d45fd2cc05090e4b504f361216b1032409ed3cdf9904f50ce56e8a6b0f3c006e
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909
e42fe383c86ab1185425bf334a44f9a311dd06d8ccf9e409d05b45dbe0bc48c6
f766c7457c6ec463eaa85778aa47261344f1772e0b7cf1987ad212f889f472f5

srv082.doctorhoster.com Open in urlscan Pro 92.204.162.165 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

2 Requests

50 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

4586 kBTransfer

6630 kBSize

0 Cookies

6 Outgoing links

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

srv082.doctorhoster.com Open in urlscan Pro
92.204.162.165 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

50 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

4586 kB
Transfer

6630 kB
Size

0
Cookies

2 HTTP transactions
8 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!