erstebank-hu.com Open in urlscan Pro
176.124.220.133  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
7 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.php Show response erstebank-hu.com/ecae13117d6f0584c25a9da6c8f8415e/	535 KB 536 KB	988ms 518ms	Document text/html	176.124.220.133 CLOUDASSETS
General Check archive.org Show headers Download Go to Full URL https://erstebank-hu.com/ecae13117d6f0584c25a9da6c8f8415e/login.php?user=true Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.124.220.133 , Russian Federation, ASN212441 (CLOUDASSETS, RU), Reverse DNS host-176-124-220-133.macloud.host Software Apache / Resource Hash d65fbc931a4de710fe3c89e089d722c10d15274d9ed9bd1b4ff479d24b79066f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Fri, 02 Sep 2022 06:45:59 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Server Apache Transfer-Encoding chunked X-Content-Type-Options nosniff X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	jquery.js Show response erstebank-hu.com/ecae13117d6f0584c25a9da6c8f8415e/partial/js/	266 KB 266 KB	373ms 187ms	Script application/javascript	176.124.220.133 CLOUDASSETS
General Check archive.org Show headers Download Go to Full URL https://erstebank-hu.com/ecae13117d6f0584c25a9da6c8f8415e/partial/js/jquery.js Requested by Host: erstebank-hu.com URL: https://erstebank-hu.com/ecae13117d6f0584c25a9da6c8f8415e/login.php?user=true Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.124.220.133 , Russian Federation, ASN212441 (CLOUDASSETS, RU), Reverse DNS host-176-124-220-133.macloud.host Software Apache / Resource Hash 4ef5f864f89db7feaaaa5332c0a99d76076af49fef488806541ca2561e4cb379 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://erstebank-hu.com/ecae13117d6f0584c25a9da6c8f8415e/login.php?user=true User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers Date Fri, 02 Sep 2022 06:46:00 GMT X-Content-Type-Options nosniff Last-Modified Wed, 31 Aug 2022 14:10:38 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 272155 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	login.css erstebank-hu.com/ecae13117d6f0584c25a9da6c8f8415e/partial/css/	329 KB 329 KB	372ms 195ms	Stylesheet text/css	176.124.220.133 CLOUDASSETS
General Check archive.org Show headers Download Go to Full URL https://erstebank-hu.com/ecae13117d6f0584c25a9da6c8f8415e/partial/css/login.css Requested by Host: erstebank-hu.com URL: https://erstebank-hu.com/ecae13117d6f0584c25a9da6c8f8415e/login.php?user=true Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.124.220.133 , Russian Federation, ASN212441 (CLOUDASSETS, RU), Reverse DNS host-176-124-220-133.macloud.host Software Apache / Resource Hash 92a28e1c146c84b52c03a1412336bbb101538a90d1d3defd57e3402fff634f99 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://erstebank-hu.com/ecae13117d6f0584c25a9da6c8f8415e/login.php?user=true User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers Date Fri, 02 Sep 2022 06:46:00 GMT X-Content-Type-Options nosniff Last-Modified Wed, 31 Aug 2022 14:10:38 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 336859 X-XSS-Protection 1; mode=block
GET DATA	200 OK	truncated /	93 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 221c69f422266c3ba3a458845f6ef9d9b678e15bfe6343d7507292ced5dc3e78 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	685 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash cb01050ed50446c64cbd3077f8f7825bcf070a5e1ebaf2a8441a63b020063d77 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	11 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4b8697eb07dd220b2ee9ee52c37267db8b5af22323ac601604a03cc0bb3b608d Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	177 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 5e69f28fccb728fdce3c2a06e427b7e53840f445142748f42a9a313061f206d7 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	221 KB 221 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 16c9f006767b9b0ba55ac46d03ae43012bb1c2700f1b3f1c37760f12476b973a Request headers Referer Origin https://erstebank-hu.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated / Frame AEDF	31 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 12fb008a7409fc894a2acb115fa136875d51c3680a35fba70a2699d79a4bce51 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame AEDF	344 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a0c1d664a653555f4fd9245ef9be92cabb7f355186c29a4c1fe34e5c5956d2a9 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers Content-Type image/jpeg

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Erste Bank (Banking)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			erstebank-hu.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: af50fc1a8a8108b2e43cba3ac3ea8863

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://erstebank-hu.com/ecae13117d6f0584c25a9da6c8f8415e/login.php?user=true(Line 9) Message: X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

erstebank-hu.com
176.124.220.133
12fb008a7409fc894a2acb115fa136875d51c3680a35fba70a2699d79a4bce51
16c9f006767b9b0ba55ac46d03ae43012bb1c2700f1b3f1c37760f12476b973a
221c69f422266c3ba3a458845f6ef9d9b678e15bfe6343d7507292ced5dc3e78
4b8697eb07dd220b2ee9ee52c37267db8b5af22323ac601604a03cc0bb3b608d
4ef5f864f89db7feaaaa5332c0a99d76076af49fef488806541ca2561e4cb379
5e69f28fccb728fdce3c2a06e427b7e53840f445142748f42a9a313061f206d7
92a28e1c146c84b52c03a1412336bbb101538a90d1d3defd57e3402fff634f99
a0c1d664a653555f4fd9245ef9be92cabb7f355186c29a4c1fe34e5c5956d2a9
cb01050ed50446c64cbd3077f8f7825bcf070a5e1ebaf2a8441a63b020063d77
d65fbc931a4de710fe3c89e089d722c10d15274d9ed9bd1b4ff479d24b79066f