www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com Open in urlscan Pro
176.121.14.62 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/
Submission: On March 11 via api (March 11th 2022, 12:06:25 pm UTC) from JP — Scanned from JP

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 19 HTTP transactions. The main IP is 176.121.14.62, located in Ukraine and belongs to FLOWSPEC-AS, UA. The main domain is www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com.

This is the only time www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BAWAG P.S.K. (Banking)

Domain & IP information

	IP Address		AS Autonomous System
19	176.121.14.62 176.121.14.62		210138 (FLOWSPEC-AS) (FLOWSPEC-AS)
19	1

19 176.121.14.62 (Ukraine)

ASN210138 (FLOWSPEC-AS, UA)

www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	id-nna81sfh2ubbauu1vgzuaig71jvah78.com www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com	197 KB
19	1

	Domain	Requested by
19	www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com	www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com
19	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/
Frame ID: A8D1060108BF626C68114B6659496A27
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

eBanking | BAWAG P.S.K. Online Banking

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

197 kB
Transfer

302 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/	8 KB 2 KB	641ms 476ms	Document text/html	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `0109bbb63c0f82bed469d63f133423be893820b5ff012eead3003c806666cb3d` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Response headers Server nginx/1.10.3 Date Fri, 11 Mar 2022 12:06:00 GMT Content-Type text/html; charset=UTF-8 Content-Length 2164 Connection keep-alive Vary Accept-Encoding Content-Encoding gzip
GET H/1.1	200 OK	jquery.min.js Show response www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/bower_components/jquery/dist/	85 KB 30 KB	442ms 442ms	Script application/javascript	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/bower_components/jquery/dist/jquery.min.js Requested by Host: www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com URL: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 11 Mar 2022 12:06:00 GMT Content-Encoding gzip Last-Modified Tue, 22 May 2018 17:57:18 GMT Server nginx/1.10.3 ETag "15283-56ccf262bfb80-gzip" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 30138
GET H/1.1	200 OK	ua-parser.min.js Show response www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/bower_components/ua-parser-js/dist/	17 KB 6 KB	769ms 603ms	Script application/javascript	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/bower_components/ua-parser-js/dist/ua-parser.min.js Requested by Host: www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com URL: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 11 Mar 2022 12:06:00 GMT Content-Encoding gzip Last-Modified Tue, 22 May 2018 17:57:20 GMT Server nginx/1.10.3 ETag "4298-56ccf264a8000-gzip" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 6063
GET H/1.1	200 OK	font-awesome.min.css www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/bower_components/font-awesome/css/	30 KB 7 KB	836ms 671ms	Stylesheet text/css	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/bower_components/font-awesome/css/font-awesome.min.css Requested by Host: www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com URL: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 11 Mar 2022 12:06:00 GMT Content-Encoding gzip Last-Modified Tue, 22 May 2018 17:57:18 GMT Server nginx/1.10.3 ETag "7918-56ccf262bfb80-gzip" Vary Accept-Encoding Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 7053
GET H/1.1	200 OK	css.css www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/form/	0 238 B	599ms 435ms	Stylesheet text/css	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/form/css.css Requested by Host: www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com URL: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 11 Mar 2022 12:06:00 GMT Last-Modified Tue, 22 May 2018 17:57:22 GMT Server nginx/1.10.3 ETag "0-56ccf26690480" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 0
GET H/1.1	200 OK	index.css www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/	10 KB 3 KB	846ms 681ms	Stylesheet text/css	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/index.css Requested by Host: www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com URL: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `f597bf489614c13accdc28f6407cc679da963da699f508874fb330fa1988718f` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 11 Mar 2022 12:06:00 GMT Content-Encoding gzip Last-Modified Tue, 22 May 2018 17:57:20 GMT Server nginx/1.10.3 ETag "2886-56ccf264a8000-gzip" Vary Accept-Encoding Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 2432
GET H/1.1	200 OK	bawag_ebanking_logo_de.gif www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/	2 KB 2 KB	440ms 439ms	Image image/gif	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Show image Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/bawag_ebanking_logo_de.gif Requested by Host: www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com URL: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `1ff7504c16daf2d34a784b611556b922f7adcc5f5eae1b58c41d81c827742b5c` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 11 Mar 2022 12:06:01 GMT Last-Modified Tue, 22 May 2018 17:57:20 GMT Server nginx/1.10.3 ETag "8a6-56ccf264a8000" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 2214
GET H/1.1	200 OK	icon_karte_approved.gif www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/	1 KB 2 KB	433ms 432ms	Image image/gif	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Show image Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/icon_karte_approved.gif Requested by Host: www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com URL: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `f4d8e679d4b360282d5b9c0e578e2f30fd6939df399bfc0d1c80504e1b67b2be` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 11 Mar 2022 12:06:01 GMT Last-Modified Tue, 22 May 2018 17:57:20 GMT Server nginx/1.10.3 ETag "566-56ccf264a8000" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 1382
GET H/1.1	200 OK	important_icon.png www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/	1 KB 2 KB	497ms 461ms	Image image/png	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Show image Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/important_icon.png Requested by Host: www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com URL: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `cf61215ca4a5c69c1225fc2e5e70ab84a498a4c6ba3c7b48c3a16a6f5f34f650` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 11 Mar 2022 12:06:01 GMT Last-Modified Tue, 22 May 2018 17:57:20 GMT Server nginx/1.10.3 ETag "52f-56ccf264a8000" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 1327
GET H/1.1	200 OK	info_icon.png www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/	1 KB 1 KB	450ms 439ms	Image image/png	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Show image Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/info_icon.png Requested by Host: www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com URL: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `f4deb3dd818172554ec3a7f0d4883dbe5b0d21cd33982c33c7ae1483b49d7982` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 11 Mar 2022 12:06:01 GMT Last-Modified Tue, 22 May 2018 17:57:20 GMT Server nginx/1.10.3 ETag "457-56ccf264a8000" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 1111
GET H/1.1	200 OK	phone_icon.png www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/	1 KB 2 KB	1287ms 443ms	Image image/png	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Show image Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/phone_icon.png Requested by Host: www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com URL: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `2154cb7ff608980de400c7c4101f315c4b02066ff61efe86810f769bc235e867` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 11 Mar 2022 12:06:02 GMT Last-Modified Tue, 22 May 2018 17:57:20 GMT Server nginx/1.10.3 ETag "576-56ccf264a8000" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 1398
GET H/1.1	200 OK	form.js Show response www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/form/	10 KB 3 KB	480ms 478ms	Script application/javascript	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/form/form.js?v=622b3b3239d4e Requested by Host: www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com URL: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `95fbccffb5df051fdec44b52cf0d0d6355366abb33d8d5b36bb436e1bc49a348` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 11 Mar 2022 12:06:01 GMT Content-Encoding gzip Last-Modified Tue, 22 May 2018 17:57:22 GMT Server nginx/1.10.3 ETag "2771-56ccf26690480-gzip" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 3037
GET H/1.1	200 OK	mako18106d_extrapolster_ebanking_login_970x490_180420_1600.jpg www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/	112 KB 113 KB	523ms 440ms	Image image/jpeg	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Show image Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/mako18106d_extrapolster_ebanking_login_970x490_180420_1600.jpg Requested by Host: www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com URL: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `33732ace184116f8dea9296f7cd8d7fba7938ceac4fedb4702ed10716c66a739` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/12a2ec4893ad0b1b68ce490e29a49b8f/login/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 11 Mar 2022 12:06:01 GMT Last-Modified Tue, 22 May 2018 17:57:20 GMT Server nginx/1.10.3 ETag "1c10d-56ccf264a8000" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 114957
GET H/1.1	200 OK	question_icon.png www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/	1 KB 1 KB	835ms 436ms	Image image/png	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Show image Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/question_icon.png Requested by Host: www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com URL: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/index.css Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `dd0a334ed68480714349b7b248abae9311919b27291fcd7589d8c754cf572bb7` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/index.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 11 Mar 2022 12:06:01 GMT Last-Modified Tue, 22 May 2018 17:57:20 GMT Server nginx/1.10.3 ETag "4af-56ccf264a8000" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 1199
GET H/1.1	200 OK	chevron_icon.png www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/	15 KB 15 KB	839ms 435ms	Image image/png	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Show image Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/chevron_icon.png Requested by Host: www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com URL: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/index.css Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `e011026f31943494769a0c29bcc2482ef11ffaaf34029da3bf1ebec9427aa767` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/index.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 11 Mar 2022 12:06:01 GMT Last-Modified Tue, 22 May 2018 17:57:20 GMT Server nginx/1.10.3 ETag "3cc7-56ccf264a8000" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 15559
GET H/1.1	200 OK	icon_wai.png www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/	2 KB 3 KB	864ms 448ms	Image image/png	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Show image Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/icon_wai.png Requested by Host: www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com URL: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/index.css Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `23293f3c3e0c25475403d731ab9764c240256c6956c26adcb5a7995221c4a082` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/index.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 11 Mar 2022 12:06:01 GMT Last-Modified Tue, 22 May 2018 17:57:20 GMT Server nginx/1.10.3 ETag "91c-56ccf264a8000" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 2332
GET H/1.1	200 OK	icon_color_yellow.png www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/	1 KB 2 KB	1217ms 430ms	Image image/png	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Show image Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/icon_color_yellow.png Requested by Host: www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com URL: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/index.css Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `acbfecd34d006963ec250ff9af21cdc4f939af72785b2481c5cd07ab64d0277e` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/index.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 11 Mar 2022 12:06:02 GMT Last-Modified Tue, 22 May 2018 17:57:20 GMT Server nginx/1.10.3 ETag "549-56ccf264a8000" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 1353
GET H/1.1	200 OK	icon_color_blue.png www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/	1 KB 2 KB	787ms 436ms	Image image/png	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Show image Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/icon_color_blue.png Requested by Host: www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com URL: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/index.css Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `4552da35c2b04619df857822c5249854e21211984aecd0c443b810b5d93028f8` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/index.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 11 Mar 2022 12:06:01 GMT Last-Modified Tue, 22 May 2018 17:57:20 GMT Server nginx/1.10.3 ETag "541-56ccf264a8000" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 1345
GET H/1.1	200 OK	icon_color_red.png www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/	1 KB 2 KB	807ms 449ms	Image image/png	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Show image Full URL http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/icon_color_red.png Requested by Host: www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com URL: http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/index.css Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `07d4a6c87dea5b48ca1dc0c6d35cb99674f088884b53954f7310d85cf26c1963` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com/psk/login/index.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 11 Mar 2022 12:06:01 GMT Last-Modified Tue, 22 May 2018 17:57:20 GMT Server nginx/1.10.3 ETag "559-56ccf264a8000" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 1369

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BAWAG P.S.K. (Banking)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com
176.121.14.62
0109bbb63c0f82bed469d63f133423be893820b5ff012eead3003c806666cb3d
07d4a6c87dea5b48ca1dc0c6d35cb99674f088884b53954f7310d85cf26c1963
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
1ff7504c16daf2d34a784b611556b922f7adcc5f5eae1b58c41d81c827742b5c
2154cb7ff608980de400c7c4101f315c4b02066ff61efe86810f769bc235e867
23293f3c3e0c25475403d731ab9764c240256c6956c26adcb5a7995221c4a082
33732ace184116f8dea9296f7cd8d7fba7938ceac4fedb4702ed10716c66a739
4552da35c2b04619df857822c5249854e21211984aecd0c443b810b5d93028f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
95fbccffb5df051fdec44b52cf0d0d6355366abb33d8d5b36bb436e1bc49a348
acbfecd34d006963ec250ff9af21cdc4f939af72785b2481c5cd07ab64d0277e
cf61215ca4a5c69c1225fc2e5e70ab84a498a4c6ba3c7b48c3a16a6f5f34f650
dd0a334ed68480714349b7b248abae9311919b27291fcd7589d8c754cf572bb7
e011026f31943494769a0c29bcc2482ef11ffaaf34029da3bf1ebec9427aa767
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f4d8e679d4b360282d5b9c0e578e2f30fd6939df399bfc0d1c80504e1b67b2be
f4deb3dd818172554ec3a7f0d4883dbe5b0d21cd33982c33c7ae1483b49d7982
f597bf489614c13accdc28f6407cc679da963da699f508874fb330fa1988718f

www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com Open in urlscan Pro 176.121.14.62 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

19 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

197 kBTransfer

302 kBSize

0 Cookies

0 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

0 Cookies

Indicators

www.id-nna81sfh2ubbauu1vgzuaig71jvah78.com Open in urlscan Pro
176.121.14.62 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

197 kB
Transfer

302 kB
Size

0
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!