![](/screenshots/b4f31f6f-1102-4df3-a91a-6f670c071f95.png)
srv082.doctorhoster.com
Open in
urlscan Pro
92.204.162.165
Malicious Activity!
Public Scan
Submission: On February 22 via api from EE — Scanned from CH
Summary
TLS certificate: Issued by R3 on February 13th 2024. Valid for: 3 months.
This is the only time srv082.doctorhoster.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Schweizerische Bundesbahnen (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 92.204.162.165 92.204.162.165 | 29066 (VELIANET-...) (VELIANET-AS velia.net Internetdienste GmbH) | |
2 | 2 |
ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE)
PTR: srv082.doctorhoster.com
srv082.doctorhoster.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
doctorhoster.com
srv082.doctorhoster.com |
4 MB |
2 | 1 |
Domain | Requested by | |
---|---|---|
1 | srv082.doctorhoster.com | |
2 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.sbb.ch |
login.swisspass.ch |
www.swisspass.ch |
www.onetrust.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
srv082.doctorhoster.com R3 |
2024-02-13 - 2024-05-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://srv082.doctorhoster.com/~martsbyh/xs/
Frame ID: 860684AC7FC20C19F5925582A5185931
Requests: 10 HTTP requests in this frame
6 Outgoing links
These are links going to different origins than the main page.
Title: Zurück zu SBB.ch
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Passwort vergessen?
Search URL Search Domain Scan URL
Title: Jetzt registrieren
Search URL Search Domain Scan URL
Title: Datenschutzerklärung
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
2 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
srv082.doctorhoster.com/~martsbyh/xs/ |
6 MB 4 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 14 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 14 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
137 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
272 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 7 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Schweizerische Bundesbahnen (Transportation)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| savepage_ShadowLoader0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
srv082.doctorhoster.com
92.204.162.165
5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
74930854752cd0603909fad6462a2776a5587080305eb41e7e36cf2b8b291f42
78a4a776506b173ae79fd021d0e9003c7d653ca204ea1d69bea4d553f92f787d
8c6a5dc163115fa86582734510a28061e3f7746033d5d5ddba3224bcdba1ffa8
966a89b8080879ba41c6b9f15c5efb58182c33a0d2d1e08748beb554b28b4997
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07
d45fd2cc05090e4b504f361216b1032409ed3cdf9904f50ce56e8a6b0f3c006e
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909
e42fe383c86ab1185425bf334a44f9a311dd06d8ccf9e409d05b45dbe0bc48c6
f766c7457c6ec463eaa85778aa47261344f1772e0b7cf1987ad212f889f472f5