globalcivilconsult.com Open in urlscan Pro
157.90.223.104  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request session_index Show response globalcivilconsult.com/vystarbnkorg/login/ses/	13 KB 13 KB	665ms 652ms	Document text/html	157.90.223.104 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://globalcivilconsult.com/vystarbnkorg/login/ses/session_index Protocol HTTP/1.1 Server 157.90.223.104 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.104.223.90.157.clients.your-server.de Software Apache / Resource Hash 012abedb46f4ad698f97c2f984f835903a01e2afd925a625cb022a3cd89a2da0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Mon, 09 May 2022 14:10:25 GMT Keep-Alive timeout=5, max=150 Server Apache Transfer-Encoding chunked X-Content-Type-Options nosniff X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	jQueryMobile.min.css globalcivilconsult.com/vystarbnkorg/login/ses/files/	69 KB 69 KB	99ms 98ms	Stylesheet text/css	157.90.223.104 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://globalcivilconsult.com/vystarbnkorg/login/ses/files/jQueryMobile.min.css Requested by Host: globalcivilconsult.com URL: http://globalcivilconsult.com/vystarbnkorg/login/ses/session_index Protocol HTTP/1.1 Server 157.90.223.104 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.104.223.90.157.clients.your-server.de Software Apache / Resource Hash 7364b1852cf03e1500e4ad9f2bfdd175abd0be1a415177d085438fbe87c4c71c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer http://globalcivilconsult.com/vystarbnkorg/login/ses/session_index User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Mon, 09 May 2022 14:10:26 GMT X-Content-Type-Options nosniff Last-Modified Sat, 12 Feb 2022 16:17:40 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=149 Content-Length 70697 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	Themeroller.min.css globalcivilconsult.com/vystarbnkorg/login/ses/files/	47 KB 48 KB	105ms 97ms	Stylesheet text/css	157.90.223.104 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://globalcivilconsult.com/vystarbnkorg/login/ses/files/Themeroller.min.css Requested by Host: globalcivilconsult.com URL: http://globalcivilconsult.com/vystarbnkorg/login/ses/session_index Protocol HTTP/1.1 Server 157.90.223.104 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.104.223.90.157.clients.your-server.de Software Apache / Resource Hash cbcfed9106ec2b84bda6356de485b01802e976b3cb6de39d1600068a15722e7e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer http://globalcivilconsult.com/vystarbnkorg/login/ses/session_index User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Mon, 09 May 2022 14:10:26 GMT X-Content-Type-Options nosniff Last-Modified Sat, 12 Feb 2022 16:17:30 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=150 Content-Length 48549 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	Core.min.css globalcivilconsult.com/vystarbnkorg/login/ses/files/	66 KB 66 KB	120ms 113ms	Stylesheet text/css	157.90.223.104 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://globalcivilconsult.com/vystarbnkorg/login/ses/files/Core.min.css Requested by Host: globalcivilconsult.com URL: http://globalcivilconsult.com/vystarbnkorg/login/ses/session_index Protocol HTTP/1.1 Server 157.90.223.104 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.104.223.90.157.clients.your-server.de Software Apache / Resource Hash 039e134b9f856d3f76a929df28a71c68724535d39243a31568a1fa886af29d4f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer http://globalcivilconsult.com/vystarbnkorg/login/ses/session_index User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Mon, 09 May 2022 14:10:26 GMT X-Content-Type-Options nosniff Last-Modified Sat, 12 Feb 2022 16:17:36 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=150 Content-Length 67255 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	media.vs.touch.css globalcivilconsult.com/vystarbnkorg/login/ses/files/	17 KB 17 KB	148ms 141ms	Stylesheet text/css	157.90.223.104 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://globalcivilconsult.com/vystarbnkorg/login/ses/files/media.vs.touch.css Requested by Host: globalcivilconsult.com URL: http://globalcivilconsult.com/vystarbnkorg/login/ses/session_index Protocol HTTP/1.1 Server 157.90.223.104 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.104.223.90.157.clients.your-server.de Software Apache / Resource Hash dbb72ddab73623da5af3233de372fad8f89d8e1858982933eff9ed007aacd432 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer http://globalcivilconsult.com/vystarbnkorg/login/ses/session_index User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Mon, 09 May 2022 14:10:26 GMT X-Content-Type-Options nosniff Last-Modified Sat, 12 Feb 2022 16:28:26 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=150 Content-Length 17315 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	style.vs.touch.css globalcivilconsult.com/vystarbnkorg/login/ses/files/	12 KB 12 KB	131ms 124ms	Stylesheet text/css	157.90.223.104 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://globalcivilconsult.com/vystarbnkorg/login/ses/files/style.vs.touch.css Requested by Host: globalcivilconsult.com URL: http://globalcivilconsult.com/vystarbnkorg/login/ses/session_index Protocol HTTP/1.1 Server 157.90.223.104 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.104.223.90.157.clients.your-server.de Software Apache / Resource Hash a9f99926757857ba33236ed1dad2c2bc57b8e85a3f16130bc411fea7258b754b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer http://globalcivilconsult.com/vystarbnkorg/login/ses/session_index User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Mon, 09 May 2022 14:10:26 GMT X-Content-Type-Options nosniff Last-Modified Sat, 12 Feb 2022 16:17:54 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=150 Content-Length 12120 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	Registration.min.css globalcivilconsult.com/vystarbnkorg/login/ses/files/	19 KB 19 KB	142ms 133ms	Stylesheet text/css	157.90.223.104 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://globalcivilconsult.com/vystarbnkorg/login/ses/files/Registration.min.css Requested by Host: globalcivilconsult.com URL: http://globalcivilconsult.com/vystarbnkorg/login/ses/session_index Protocol HTTP/1.1 Server 157.90.223.104 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.104.223.90.157.clients.your-server.de Software Apache / Resource Hash 6f84bd2fb3b6eea3564e247fd8ac594b70759370188fc8cec99a36c4a3168a7d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer http://globalcivilconsult.com/vystarbnkorg/login/ses/session_index User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Mon, 09 May 2022 14:10:26 GMT X-Content-Type-Options nosniff Last-Modified Sun, 20 Feb 2022 16:36:30 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=150 Content-Length 19321 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	logo.png globalcivilconsult.com/vystarbnkorg/login/ses/files/	9 KB 9 KB	99ms 99ms	Image image/png	157.90.223.104 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://globalcivilconsult.com/vystarbnkorg/login/ses/files/logo.png Requested by Host: globalcivilconsult.com URL: http://globalcivilconsult.com/vystarbnkorg/login/ses/session_index Protocol HTTP/1.1 Server 157.90.223.104 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.104.223.90.157.clients.your-server.de Software Apache / Resource Hash 2fcf8c434487b487fe936839597f007f0faacc245ec28b957d2d1a81bb3d2110 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer http://globalcivilconsult.com/vystarbnkorg/login/ses/session_index User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Mon, 09 May 2022 14:10:26 GMT X-Content-Type-Options nosniff Last-Modified Sat, 12 Feb 2022 16:18:02 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=148 Content-Length 8802 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	background.png globalcivilconsult.com/vystarbnkorg/login/ses/files/	8 KB 8 KB	88ms 88ms	Image image/png	157.90.223.104 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://globalcivilconsult.com/vystarbnkorg/login/ses/files/background.png Requested by Host: globalcivilconsult.com URL: http://globalcivilconsult.com/vystarbnkorg/login/ses/files/media.vs.touch.css Protocol HTTP/1.1 Server 157.90.223.104 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.104.223.90.157.clients.your-server.de Software Apache / Resource Hash b2f19a4b552759f7ddd45909282d10114774d7de767afc01f7a85ce6a499b016 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer http://globalcivilconsult.com/vystarbnkorg/login/ses/files/media.vs.touch.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Mon, 09 May 2022 14:10:26 GMT X-Content-Type-Options nosniff Last-Modified Sat, 12 Feb 2022 16:18:04 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=149 Content-Length 8360 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	icons-36-white.png globalcivilconsult.com/vystarbnkorg/login/ses/files/	4 KB 4 KB	90ms 90ms	Image image/png	157.90.223.104 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://globalcivilconsult.com/vystarbnkorg/login/ses/files/icons-36-white.png Requested by Host: globalcivilconsult.com URL: http://globalcivilconsult.com/vystarbnkorg/login/ses/files/media.vs.touch.css Protocol HTTP/1.1 Server 157.90.223.104 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.104.223.90.157.clients.your-server.de Software Apache / Resource Hash ebed7c7172e03719d0e21b48f6ebc5e54344edb8c3543c25cb06b99b5475d434 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer http://globalcivilconsult.com/vystarbnkorg/login/ses/files/media.vs.touch.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Mon, 09 May 2022 14:10:26 GMT X-Content-Type-Options nosniff Last-Modified Sat, 12 Feb 2022 16:18:12 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=149 Content-Length 3861 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	icons-18-white.png globalcivilconsult.com/vystarbnkorg/login/ses/files/	2 KB 2 KB	89ms 88ms	Image image/png	157.90.223.104 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://globalcivilconsult.com/vystarbnkorg/login/ses/files/icons-18-white.png Requested by Host: globalcivilconsult.com URL: http://globalcivilconsult.com/vystarbnkorg/login/ses/files/media.vs.touch.css Protocol HTTP/1.1 Server 157.90.223.104 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.104.223.90.157.clients.your-server.de Software Apache / Resource Hash adf87a014a01854adce433560ffeb164570052b9c0b50f38915f8338d93cd5ba Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer http://globalcivilconsult.com/vystarbnkorg/login/ses/files/media.vs.touch.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Mon, 09 May 2022 14:10:26 GMT X-Content-Type-Options nosniff Last-Modified Sat, 12 Feb 2022 16:18:16 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=149 Content-Length 1988 X-XSS-Protection 1; mode=block

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: VyStar Credit Union (Financial)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

globalcivilconsult.com
157.90.223.104
012abedb46f4ad698f97c2f984f835903a01e2afd925a625cb022a3cd89a2da0
039e134b9f856d3f76a929df28a71c68724535d39243a31568a1fa886af29d4f
2fcf8c434487b487fe936839597f007f0faacc245ec28b957d2d1a81bb3d2110
6f84bd2fb3b6eea3564e247fd8ac594b70759370188fc8cec99a36c4a3168a7d
7364b1852cf03e1500e4ad9f2bfdd175abd0be1a415177d085438fbe87c4c71c
a9f99926757857ba33236ed1dad2c2bc57b8e85a3f16130bc411fea7258b754b
adf87a014a01854adce433560ffeb164570052b9c0b50f38915f8338d93cd5ba
b2f19a4b552759f7ddd45909282d10114774d7de767afc01f7a85ce6a499b016
cbcfed9106ec2b84bda6356de485b01802e976b3cb6de39d1600068a15722e7e
dbb72ddab73623da5af3233de372fad8f89d8e1858982933eff9ed007aacd432
ebed7c7172e03719d0e21b48f6ebc5e54344edb8c3543c25cb06b99b5475d434