ams-shared-12.hostwindsdns.com
Open in
urlscan Pro
192.236.178.103
Malicious Activity!
Public Scan
Effective URL: http://ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/index.php?error_login=verf%C3%83%C2%83%C3%82%C2%83%C3%83%C2%82%C3%82%C2%BCgern...
Submission Tags: 6629008
Submission: On June 14 via api from NL
Summary
This is the only time ams-shared-12.hostwindsdns.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Raiffeisen Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
24 | 192.236.178.103 192.236.178.103 | 54290 (HOSTWINDS) (HOSTWINDS) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:2b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 | 2606:4700:303... 2606:4700:3038::681f:7ba | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
26 | 3 |
ASN54290 (HOSTWINDS, US)
PTR: ams-shared-12.hostwindsdns.com
ams-shared-12.hostwindsdns.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
24 |
hostwindsdns.com
ams-shared-12.hostwindsdns.com |
3 MB |
1 |
jqueryscript.net
www.jqueryscript.net |
1 KB |
1 |
jquery.com
code.jquery.com |
33 KB |
26 | 3 |
Domain | Requested by | |
---|---|---|
24 | ams-shared-12.hostwindsdns.com |
ams-shared-12.hostwindsdns.com
|
1 | www.jqueryscript.net |
ams-shared-12.hostwindsdns.com
|
1 | code.jquery.com |
ams-shared-12.hostwindsdns.com
|
26 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
sso.raiffeisen.at |
banking.raiffeisen.at |
raiffeisen.at |
Subject Issuer | Validity | Valid | |
---|---|---|---|
jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2020-01-30 - 2020-10-09 |
8 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/index.php?error_login=verf%C3%83%C2%83%C3%82%C2%83%C3%83%C2%82%C3%82%C2%BCgernummer%20ung%C3%83%C2%83%C3%82%C2%83%C3%83%C2%82%C3%82%C2%BCltig.
Frame ID: 3BD4F017D755B5CB3E1DB84183126D6E
Requests: 26 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
AngularJS (JavaScript Frameworks) Expand
Detected patterns
- script /angular.*\.js/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Ruxit (Analytics) Expand
Detected patterns
- script /ruxitagentjs/i
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Title: Zum Hauptinhalt
Search URL Search Domain Scan URL
Title: Hier anfordern
Search URL Search Domain Scan URL
Title: Hotline
Search URL Search Domain Scan URL
Title: Häufige Fragen (FAQ)
Search URL Search Domain Scan URL
Title: Demo
Search URL Search Domain Scan URL
Title: Impressum
Search URL Search Domain Scan URL
Title: Nutzungsbedingungen
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
index.php
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/ |
38 KB 38 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ruxitagentjs_ICA2fghjoqrux_10179191120132458.js
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/files/ |
155 KB 155 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
libs-551eb8c838.js
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/files/ |
2 MB 2 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
scripts-c9262a7eb9.js
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/files/ |
115 KB 115 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
scripts-ea8df22a7e.js
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/files/ |
115 KB 115 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bundles-metadata-0b0b603407.js
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/files/ |
494 B 772 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
libs-f423ea7dec.css
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/files/ |
20 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
angular_i18n_de-9aad3d0e38.js
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/files/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rbg.css
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/files/ |
333 KB 334 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
translations_de_rbg.js
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/files/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
translations_de_rbg-libs.js
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/files/ |
40 KB 40 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wa.js
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/files/ |
6 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
default-kunde.svg
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/assets/images/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.12.4.min.js
code.jquery.com/ |
95 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
customA11ySelect.js
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/js/ |
17 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquerysctipttop.css
www.jqueryscript.net/css/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
demo.css
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
customA11ySelect.css
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/css/ |
3 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
OpenSans-Semibold.woff
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/assets/fonts/open-sans/Semibold/ |
68 KB 69 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
OpenSans-Regular.woff
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/assets/fonts/open-sans/Regular/ |
62 KB 62 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
drb-iconfont.woff
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/assets/fonts/drb-iconfont/ |
124 KB 125 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
demo.css
ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
config
ams-shared-12.hostwindsdns.com/~ptmjzpjr/kunde-login-ui-services/rest/meta/ |
10 KB 10 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
rb_4fa80c4f-44c4-4cda-b7a1-81e1fab8fe76
ams-shared-12.hostwindsdns.com/apm/ |
10 KB 10 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
rb_4fa80c4f-44c4-4cda-b7a1-81e1fab8fe76
ams-shared-12.hostwindsdns.com/apm/ |
10 KB 10 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Raiffeisen Bank (Banking)35 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| dT_ object| dtrum object| SourceMap function| _typeof boolean| windowIsDefined function| $ function| Inputmask function| Url function| Cookies object| log4javascript function| moment function| _ object| ES6Promise object| JSON3 function| StackFrame function| StackTraceGPS object| StackGenerator object| ErrorStackParser object| StackTrace object| _internal function| RapjsMessage function| RapjsLogContext function| Slider object| PerfectScrollbar object| Ps object| Highcharts function| sha256 function| sha224 object| showdown object| ngShowdown function| PopulateUserName object| _wa object| angular7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ams-shared-12.hostwindsdns.com/ | Name: dtPC Value: -6$338142680_906h-vXOJNOKVMNASIIVEPYUCMUXLFBBFXQUSW |
|
ams-shared-12.hostwindsdns.com/ | Name: rxVisitor Value: 1592138142687TUJPJKSIC7GM1UKHQNBKN9J93KSQTFFC |
|
ams-shared-12.hostwindsdns.com/ | Name: dtSa Value: - |
|
ams-shared-12.hostwindsdns.com/ | Name: dtLatC Value: 79 |
|
ams-shared-12.hostwindsdns.com/ | Name: dtCookie Value: -6$NCHGGAEEA2L00R1NTM1LSKA3994PANQM |
|
ams-shared-12.hostwindsdns.com/ | Name: rxvt Value: 1592139943067|1592138142689 |
|
ams-shared-12.hostwindsdns.com/ | Name: PHPSESSID Value: 4cdc0bfa11f7ab619751e70347ed8143 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ams-shared-12.hostwindsdns.com
code.jquery.com
www.jqueryscript.net
192.236.178.103
2001:4de0:ac19::1:b:2b
2606:4700:3038::681f:7ba
10db269d0e6245f3744b6628cc1833732df8e519f74986c2d7bf974322d36592
121b297c530938613a52d58e2cb0a724f3bf0a8c0d305b8419e7283a17021c7f
16fd91693457d00d3d5779ab762284d86820e27ddadfecddd0d2f680bf3923b6
1884298feb141aef339390c404abb38ffe06eef737a56c8c000e513ca975b272
20cdb6d17a6d1628e655c44546bf932b96477abd695df6753ca5073d15476fe2
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b
3b4e5921793567ae450eea2a4ed0a3a6fad9f28e25f94f5b0644e6129412a979
449fe5dbfeb0d9a83fb98f7602f07e920c73e38c98a2d6b7b9aa4d25295e6a06
524507ff7abefbdea906f2f5e97d6c51ecce92d1e29d704f7a5b4375a72addc9
58badbc642dd9309f5c8e4c59929be306c9cfa895cc039768eba03333392a18a
621d8044e16e74eb380e33b3009aec9a8b19ebf539d292ad1e4bddaab503679b
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6c2ed8fc13478bb9f816a19ab2dc95ffd83846731d0aac687c907bcaf357a33b
70073180356c061ff28f9a399683900afc385529ec7269209d8be7d9fc0bfbae
87510c5b8fb8f84f1b47ce339c3e0cc2c07cfceeca4de3132aadcbbf5a242970
a22b2cfd96446321b3d22dd527af6558b870aa1e7ed95d40d8f46b6e2d9249af
a3dffc2be04f3c3fd8c680eb6cc9291264373aa681e3a3c152673f9e2ea25a0f
a6a0a2a5b8e0ed3bedd81873d1c5c3304d48f7d7d0365876cfc2cd6283faa62a
b0390aa3e137e3e49d7d6ed5d86c208fec1dd45ff8a56836c3f86c2e32cd2d7a
b536febd680f8adcfc324dd8bdcabab14963fdcfdece374b4482e9a0965271b0
d0b99f9d744f6efcfd8628a170b72f11911a1d75c7f0c35a8cfc21ef9b86764c
d61bd69a3b53a3ded30c3d480416f8e62b5bd1b5292a006910a150f86928cc18
e8213500781ba90c79ed5c550ec5dc95b2dfe311b57894a49828362acc3e1612
fc702196410fe80f5ebd53c9172f9b562dbdc03bfb6966e098811d2e2e1df909