vr-sms.xyz Open in urlscan Pro
2606:4700:3034::ac43:a4e9  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response vr-sms.xyz/	3 KB 2 KB	533ms 507ms	Document text/html	2606:4700:3034::ac43:a4e9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vr-sms.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:a4e9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.6.40 Resource Hash 6f613daca446eb9360904cd1894af1842544f79a6f7aaa761c064f2e0814a9eb Request headers :method GET :authority vr-sms.xyz :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 10 Dec 2020 15:18:14 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=d59c94891bb1216e7315cf389e72281c91607613493; expires=Sat, 09-Jan-21 15:18:13 GMT; path=/; domain=.vr-sms.xyz; HttpOnly; SameSite=Lax PHPSESSID=ro1gbd7etcb44miumgna9ht703; path=/ x-powered-by PHP/5.6.40 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache cf-cache-status DYNAMIC cf-request-id 06eed4494b00009784e39e3000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4CLlLLoPcGkAreyRjf8FQlNjHfhjKufX1hXeWGKaXpdtKlQNwR%2BBwys1J7XMy14MyJCy%2FIYq8%2FbnTp4AkpErYTQueh1dUcomvL3caTzC0lQoVfA8m3Aa"}],"group":"cf-nel","max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 5ff7efeedbbb9784-FRA content-encoding br
GET H2	200	SNDr9SRY6orQ6F2Zz2psj.css vr-sms.xyz/	11 KB 3 KB	464ms 463ms	Stylesheet text/css	2606:4700:3034::ac43:a4e9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vr-sms.xyz/SNDr9SRY6orQ6F2Zz2psj.css Requested by Host: vr-sms.xyz URL: https://vr-sms.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:a4e9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.6.40 Resource Hash 9595a9d366f3541776bac6dcd5150493b286cc0620f3971cb4b9829c4a0f5555 Request headers Referer https://vr-sms.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Thu, 10 Dec 2020 15:18:14 GMT content-encoding br cf-cache-status BYPASS nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/5.6.40 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=aAeWwLfGeQcKq5BT1U3P0wZ6uaAb%2BfZkc9aGxG8etHyFBa%2FqdOujDN15%2BMYOLszarzXSpWPPGuiLphL%2B2oGu89r2AR9aGj7wAfAlWE%2FhpqNftDBHN7f0"}],"group":"cf-nel","max_age":604800} content-type text/css;charset=UTF-8 cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-ray 5ff7eff21eab9784-FRA cf-request-id 06eed44b4a00009784f1be8000000001 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	SGrIYcitY6DwbLrbFOwZ.png vr-sms.xyz/	4 KB 5 KB	470ms 470ms	Image image/png	2606:4700:3034::ac43:a4e9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vr-sms.xyz/SGrIYcitY6DwbLrbFOwZ.png Requested by Host: vr-sms.xyz URL: https://vr-sms.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:a4e9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.6.40 Resource Hash 8228666f7b7248efbb90277106bc381310060a5c7e2975264f75925c8d2d43ed Request headers Referer https://vr-sms.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma cache date Thu, 10 Dec 2020 15:18:14 GMT cf-cache-status MISS nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/5.6.40 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Hk4AjfhgM%2BtjR6n1m879xTWXtx9c9YM2OLykeXt70ZtZnHmkowVzPVCPRjSAoKyCmiX1LzLzelo4ihKdmYbIu%2FV3Dmt9ksjWrP%2FxSnJrgGdGmPwqzCnx"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 5ff7eff21ead9784-FRA cf-request-id 06eed44b4f00009784ff83d000000001 expires Thu, 10 Dec 2020 16:18:14 GMT
GET H2	200	S7UZUnlksQUdUYuBnHI.jpg vr-sms.xyz/	76 KB 76 KB	456ms 456ms	Image image/jpeg	2606:4700:3034::ac43:a4e9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vr-sms.xyz/S7UZUnlksQUdUYuBnHI.jpg Requested by Host: vr-sms.xyz URL: https://vr-sms.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:a4e9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.6.40 Resource Hash 0392b2010148a814539651ab0b337ad59c7d65c20e612dd0b25ad3fa41f88053 Request headers Referer https://vr-sms.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma cache date Thu, 10 Dec 2020 15:18:14 GMT cf-cache-status MISS nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/5.6.40 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=c1iU7qiLKxLWKZG6y9IlTuxU0J0DWdCvEFH0t2H4LnRTJSW9A0AvFE9XdDH1rlbLzQQSCTgOhRob4CVPGnLnJgQznYBaP9I2rpOMAkM0OPUReaw8Nfrz"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control max-age=14400 cf-ray 5ff7eff21eae9784-FRA cf-request-id 06eed44b4b000097840c375000000001 expires Thu, 10 Dec 2020 16:18:14 GMT
GET H2	200	track.php Show response log.hitsteps.net/	40 KB 10 KB	83ms 41ms	Script text/javascript	172.64.207.32 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://log.hitsteps.net/track.php?code=c1af30703a7909661486789fa4a9e11b Requested by Host: vr-sms.xyz URL: https://vr-sms.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.207.32 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.11 Resource Hash 95de8b8e27482bb74828ce6ca0c3516cd6fc7283bf0efea4a50bce7c8193d7cf Request headers Referer https://vr-sms.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 10 Dec 2020 15:18:14 GMT content-encoding br cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} x-powered-by PHP/7.4.11 p3p CP="CAO PSA OUR" cf-request-id 06eed44d4d0000ee5cd513a000000001 pragma no-cache last-modified Thu, 10 Dec 2020 15:18:14 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding,User-Agent report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DnB%2BydddDbVyPZoLr92MnqeFVHs0SBpidiqfs45JTpftqjSsp7b7O8xbzw%2BOIa22OXSn05uu%2FoWWxP%2BqZ6Y6EK4smUtHbSqPyc0vWifIn3W7"}],"group":"cf-nel","max_age":604800} content-type text/javascript;charset=UTF-8 access-control-allow-origin * cache-control max-age=3600, s-max-age=84600 cf-ray 5ff7eff54b07ee5c-CDG expires Tue, 03 Jul 2001 06:00:00 GMT
GET H2	200	SzL33gHpc6NZIyiKzuMOax.png vr-sms.xyz/	416 B 714 B	448ms 448ms	Image image/png	2606:4700:3034::ac43:a4e9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vr-sms.xyz/SzL33gHpc6NZIyiKzuMOax.png Requested by Host: vr-sms.xyz URL: https://vr-sms.xyz/SNDr9SRY6orQ6F2Zz2psj.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:a4e9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.6.40 Resource Hash c5b872fa66fc0c05f349cb4ca2b9efe201c9b786810ce403379093639f8be0dd Request headers Referer https://vr-sms.xyz/SNDr9SRY6orQ6F2Zz2psj.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma cache date Thu, 10 Dec 2020 15:18:15 GMT cf-cache-status MISS nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/5.6.40 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2Bk8BLhjjJgnWaNp2g3zjiTyrPGqny25Wm8kQ0g9KoGkxHTVEgnqxChvn5yOS7arNyvGpPstTJjrQlF33Nq9nXFjaeU8c9jlhz%2FbgQGGMhDPTfcl1JKWZ"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 5ff7eff4f8839784-FRA cf-request-id 06eed44d1f00009784d9bd1000000001 expires Thu, 10 Dec 2020 16:18:14 GMT
GET H2	200	SacRf4PJE8g3XHvFOMG.png vr-sms.xyz/	199 B 470 B	459ms 458ms	Image image/png	2606:4700:3034::ac43:a4e9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vr-sms.xyz/SacRf4PJE8g3XHvFOMG.png Requested by Host: vr-sms.xyz URL: https://vr-sms.xyz/SNDr9SRY6orQ6F2Zz2psj.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:a4e9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.6.40 Resource Hash 77045e6ba6dd51a001227df5fba513f06957554157546bdf634e2de04073ae3c Request headers Referer https://vr-sms.xyz/SNDr9SRY6orQ6F2Zz2psj.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma cache date Thu, 10 Dec 2020 15:18:15 GMT cf-cache-status MISS nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/5.6.40 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yXFlBXFM5kLAMno0DXTarYezpFaOMBPP6h6UmG1gvx3gVMqEAtesifB77arQDEQmcPzd%2BWXvgIr6AK6fzBonB5Ub5KpCmntNKtmcJFlHlmFA3oSD3aQu"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 5ff7eff508909784-FRA cf-request-id 06eed44d2700009784d382a000000001 expires Thu, 10 Dec 2020 16:18:14 GMT
GET H2	200	SAHbqqkEcTozWyLNOQDyuL.png vr-sms.xyz/	206 B 481 B	457ms 457ms	Image image/png	2606:4700:3034::ac43:a4e9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vr-sms.xyz/SAHbqqkEcTozWyLNOQDyuL.png Requested by Host: vr-sms.xyz URL: https://vr-sms.xyz/SNDr9SRY6orQ6F2Zz2psj.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:a4e9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.6.40 Resource Hash c756a9cf8914499689ca9b70f08d482c5121c6712ec2544c14c83bf97a18c4d8 Request headers Referer https://vr-sms.xyz/SNDr9SRY6orQ6F2Zz2psj.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma cache date Thu, 10 Dec 2020 15:18:15 GMT cf-cache-status MISS nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/5.6.40 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=q1Ns5RMR304InX%2FH3vC9wirZvkm%2B1%2FpKdKXrp1Xaz1K2ojiEpWf34mY3NxoVvUOeKOUhGdby83UvQLkefD0CZdt01a0s%2B1EA9XIjuEphNPzlYXjaPzCP"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 5ff7eff508919784-FRA cf-request-id 06eed44d2800009784de847000000001 expires Thu, 10 Dec 2020 16:18:14 GMT
GET H2	200	gather.php log.hitsteps.net/	53 B 449 B	55ms 55ms	Image image/gif	172.64.207.32 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://log.hitsteps.net/gather.php?sid=86370&ui=ndvugfv1l6&aid=73575&u=https%3A//vr-sms.xyz/&et=1&ti=eBanking%20Private%20Edition%20-%20Volksbank&touchpoints=0&sh=1200&sw=1600&sc=24&wsh=1200&wsw=1600&p=&l=en-US&c=Linux%20x86_64&t=60&ja=1&fv=&MySearch=&uniqueid=&integrity=&ipname=&gdpr=2&Tag=&label=&iTag=&iPage=&utm_source=&src=&jv=0&ca=1&uidn=&hitc=&rev=&goal=&timing=1007&dm=vr-sms.xyz&v=0.043022008139002255 Requested by Host: vr-sms.xyz URL: https://vr-sms.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.207.32 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.11 Resource Hash b9c67e8b95c5c41a5b442d4891698911eff0e414d31dae718a5d31d34d173825 Request headers Referer https://vr-sms.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 10 Dec 2020 15:18:14 GMT cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} x-powered-by PHP/7.4.11 p3p CP="CAO PSA OUR" cf-request-id 06eed44d810000ee5cd8a3f000000001 pragma no-cache last-modified Thu, 10 Dec 2020 15:18:14 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary User-Agent report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nBl5eWrk7C46yPR7go3WpzUi9T0oqD78KfXhQRKXDFMm6CvnJ%2B1gwzrLaYE%2FuMg6TE5%2FUYjXqAf4nIVWZGpz78h2tyqlJEnHK5sjMGgonetd"}],"group":"cf-nel","max_age":604800} content-type image/gif access-control-allow-origin * cache-control no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 cf-ray 5ff7eff59ba5ee5c-CDG expires Tue, 03 Jul 2001 06:00:00 GMT
GET H2	200	png.php Show response log.hitsteps.net/	294 B 519 B	38ms 38ms	Script text/javascript	172.64.207.32 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://log.hitsteps.net/png.php?idle=0&aid=73575&sid=86370&temp_uid=ndvugfv1l6&lang=auto&bat=100//Adapter//00%3A00//---&aplg=not%20found Requested by Host: log.hitsteps.net URL: https://log.hitsteps.net/track.php?code=c1af30703a7909661486789fa4a9e11b Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.207.32 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.11 Resource Hash 92cedc4a98d0d2f737f76314549dbcd3af502daaab543e55871793479bf2cb75 Request headers Referer https://vr-sms.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 10 Dec 2020 15:18:15 GMT content-encoding br cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} x-powered-by PHP/7.4.11 p3p CP="CAO PSA OUR" cf-request-id 06eed451690000ee5cc7277000000001 pragma no-cache last-modified Thu, 10 Dec 2020 15:18:15 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding,User-Agent report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CO6mtt3tpY9Xsfy9cuRAwpoE0O9mxogh1j25agyU0DPEhlsJXerf4DqEh0rpJJ2LG9nzZL2tXDt63R5gFPgS8khB586LXsxNn8MTezd3sC7o"}],"group":"cf-nel","max_age":604800} content-type text/javascript;charset=UTF-8 access-control-allow-origin * cache-control no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 cf-ray 5ff7effbd9b5ee5c-CDG expires Tue, 03 Jul 2001 06:00:00 GMT
GET H2	200	png.php Show response log.hitsteps.net/	294 B 529 B	42ms 42ms	Script text/javascript	172.64.207.32 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://log.hitsteps.net/png.php?idle=0&aid=73575&sid=86370&temp_uid=ndvugfv1l6&lang=auto&bat=100//Adapter//00%3A00//---&aplg=not%20found Requested by Host: log.hitsteps.net URL: https://log.hitsteps.net/track.php?code=c1af30703a7909661486789fa4a9e11b Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.207.32 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.11 Resource Hash 92cedc4a98d0d2f737f76314549dbcd3af502daaab543e55871793479bf2cb75 Request headers Referer https://vr-sms.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 10 Dec 2020 15:18:20 GMT content-encoding br cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} x-powered-by PHP/7.4.11 p3p CP="CAO PSA OUR" cf-request-id 06eed465200000ee5c7d00b000000001 pragma no-cache last-modified Thu, 10 Dec 2020 15:18:20 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding,User-Agent report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gSEm5rA%2FS%2FkGBOAq3C8RovirdaBs2cagncFTMNpAppqrzW5IXfk64Gq6a%2BV%2B2SgNTRpVxydC7kYYpbGIaWvBmjYP0ee%2BkvB14N1aC9eqFF44"}],"group":"cf-nel","max_age":604800} content-type text/javascript;charset=UTF-8 access-control-allow-origin * cache-control no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 cf-ray 5ff7f01b6967ee5c-CDG expires Tue, 03 Jul 2001 06:00:00 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Volksbank (Banking)

97 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| _hs_getqs function| _hs_setData function| _hs_getData string| ipname_temp string| _hs_uniqueid_temp number| _hs_gdpr_diag function| _hs_checkGDPR string| _hs_bat object| _hs_sysbat string| _hs_adplug string| _hs_a_uid number| _hs_navigator_touchpoints function| _hs_readAdplugin function| _hs_readBattery function| _HSTracker number| _HS_jquery_injected number| HSTracked number| ChatDiv undefined| _HS_body undefined| _HS_html undefined| _HS_dhh undefined| hstc undefined| hstcs undefined| htssc function| _hs_getParmFromHash function| getScript object| hsutube number| hsytindex object| hsutbarr object| hsplayerArray object| hitsteps number| hs_idleTime number| hs_idle number| hs_idles number| hs_timed function| _hsni_addListener function| _hsni_get_href function| _hsni_get_parent function| _hsni_get_target function| _hsni_trackAlinks function| _hsni_noIdle function| _hsni_Idle function| _hsni_mnoIdle function| hs_CheckInactivity function| onYouTubePlayerReady function| onYouTubeIframeAPIReady function| _hs_elementor_video_overlay function| _hs_hash_changed number| aid number| sid string| _hs_api_code_public string| hs_lang number| hs_enable_form number| _hs_noyoutubeapi number| _hs_heatmap_allowed number| _hs_pre_compliance string| _hs_gdpr_compliance_txt string| _hs_gdpr_btn_yes string| _hs_gdpr_btn_no function| _hs_a_giveMeRandom function| _hs_a_readCookie function| _hs_a_writeCookie function| _hs_a_setVal function| _hs_a_getVal function| _hs_bt_toTime object| prm number| nochat number| _hs_youtubeapiloaded number| hs_pingcount number| _hs_gdpr object| img string| hs_rev string| hs_goal string| mysearch string| MySearch string| tag string| Tag string| label string| IPname string| ipname string| _hs_uniqueid string| _hs_integrity string| _hs_last_full_url string| uaddress string| utitle string| uref string| new_url object| battery

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			vr-sms.xyz/	1969-12-31 23:59:59	Name: _HS_temp_id Value: ndvugfv1l6
			vr-sms.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: ro1gbd7etcb44miumgna9ht703
			.vr-sms.xyz/	1970-01-19 15:16:45	Name: __cfduid Value: d59c94891bb1216e7315cf389e72281c91607613493

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

log.hitsteps.net
vr-sms.xyz
172.64.207.32
2606:4700:3034::ac43:a4e9
0392b2010148a814539651ab0b337ad59c7d65c20e612dd0b25ad3fa41f88053
6f613daca446eb9360904cd1894af1842544f79a6f7aaa761c064f2e0814a9eb
77045e6ba6dd51a001227df5fba513f06957554157546bdf634e2de04073ae3c
8228666f7b7248efbb90277106bc381310060a5c7e2975264f75925c8d2d43ed
92cedc4a98d0d2f737f76314549dbcd3af502daaab543e55871793479bf2cb75
9595a9d366f3541776bac6dcd5150493b286cc0620f3971cb4b9829c4a0f5555
95de8b8e27482bb74828ce6ca0c3516cd6fc7283bf0efea4a50bce7c8193d7cf
b9c67e8b95c5c41a5b442d4891698911eff0e414d31dae718a5d31d34d173825
c5b872fa66fc0c05f349cb4ca2b9efe201c9b786810ce403379093639f8be0dd
c756a9cf8914499689ca9b70f08d482c5121c6712ec2544c14c83bf97a18c4d8