urlscan.io logo urlscan.io
SecurityTrails logo

eikmeier-transport.de Open in urlscan Pro
85.13.147.203  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bit.ly/2HDvsDe
Effective URL: https://eikmeier-transport.de/best/schwab/schwab.com/
Submission: On January 28 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 8 HTTP transactions. The main IP is 85.13.147.203, located in Germany and belongs to NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE. The main domain is eikmeier-transport.de.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 2nd 2019. Valid for: 3 months.
This is the only time eikmeier-transport.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Charles Schwab (Financial)

Domain & IP information

IP Address AS Autonomous System
1 1 67.199.248.11 395224 (BITLY-AS)
3 85.13.147.203 34788 (NMM-AS D)
3 104.111.246.198 16625 (AKAMAI-AS)
8 3
Apex Domain
Subdomains		 Transfer
3 schwabcdn.com
client.schwabcdn.com
169 KB
3 eikmeier-transport.de
eikmeier-transport.de
79 KB
1 bit.ly
bit.ly
446 B
8 3
Domain Requested by
3 client.schwabcdn.com eikmeier-transport.de
3 eikmeier-transport.de eikmeier-transport.de
1 bit.ly 1 redirects
8 3
Subject Issuer Validity Valid
eikmeier-transport.de
Let's Encrypt Authority X3		 2019-01-02 -
2019-04-02		 3 months crt.sh
static.schwabcdn.com
DigiCert SHA2 Extended Validation Server CA		 2018-03-20 -
2019-03-16		 a year crt.sh

This page contains 1 frames:

Primary Page: https://eikmeier-transport.de/best/schwab/schwab.com/
Frame ID: BFD0C18973BFBF1EEC08170027F210A9
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://bit.ly/2HDvsDe HTTP 301
    https://eikmeier-transport.de/best/schwab/schwab.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • env /^s_(?:account|objectID|code|INST)$/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

8
Requests

75 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

248 kB
Transfer

753 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bit.ly/2HDvsDe HTTP 301
    https://eikmeier-transport.de/best/schwab/schwab.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
eikmeier-transport.de/best/schwab/schwab.com/
Redirect Chain
  • https://bit.ly/2HDvsDe
  • https://eikmeier-transport.de/best/schwab/schwab.com/
210 KB
59 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eikmeier-transport.de/best/schwab/schwab.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.13.147.203 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE),
Reverse DNS
dd29510.kasserver.com
Software
Apache /
Resource Hash
abcfdae8de4fb0c6f8c52aa0385dde0f374452b1cc3fef31d3481fa61a2166bf

Request headers

:method
GET
:authority
eikmeier-transport.de
:scheme
https
:path
/best/schwab/schwab.com/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
date
Mon, 28 Jan 2019 19:49:52 GMT
server
Apache
last-modified
Thu, 24 Dec 2015 00:31:08 GMT
etag
"34611-52799f46fcb00-gzip"
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html

Redirect headers

Server
nginx
Date
Mon, 28 Jan 2019 19:49:52 GMT
Content-Type
text/html; charset=utf-8
Content-Length
140
Connection
keep-alive
Cache-Control
private, max-age=90
Content-Security-Policy
referrer always;
Location
https://eikmeier-transport.de/best/schwab/schwab.com/
Referrer-Policy
unsafe-url
Set-Cookie
_bit=j0sjNQ-146e55494232cc1fb8-00G; Domain=bit.ly; Expires=Sat, 27 Jul 2019 19:49:52 GMT
loginbase.js
client.schwabcdn.com/scripts/merge/ 		173 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://client.schwabcdn.com/scripts/merge/loginbase.js?v=15.21
Requested by
Host: eikmeier-transport.de
URL: https://eikmeier-transport.de/best/schwab/schwab.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.246.198 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-246-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
bc9c4b73c7050050ca5b21889e22cc317fe7b7b9495a3736a08c4fdc208356b5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://eikmeier-transport.de/best/schwab/schwab.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Thu, 10 Jan 2019 18:15:06 GMT
ETag
"0f1c96910a9d41:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Date
Mon, 28 Jan 2019 19:49:52 GMT
Connection
keep-alive, Transfer-Encoding
Accept-Ranges
bytes
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
basestyle.css
client.schwabcdn.com/cssmerged/ 		319 KB
66 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://client.schwabcdn.com/cssmerged/basestyle.css?v=15.21
Requested by
Host: eikmeier-transport.de
URL: https://eikmeier-transport.de/best/schwab/schwab.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.246.198 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-246-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d41ecf565dd092658ab6019c593799052408906b72810b0eafe0bd8a1ec2af1c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://eikmeier-transport.de/best/schwab/schwab.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Thu, 10 Jan 2019 18:15:08 GMT
ETag
"01efb6a10a9d41:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Date
Mon, 28 Jan 2019 19:49:52 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
67362
X-XSS-Protection
1; mode=block
sch-logo.png
client.schwabcdn.com/images/ 		31 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://client.schwabcdn.com/images/sch-logo.png?v=14.9
Requested by
Host: eikmeier-transport.de
URL: https://eikmeier-transport.de/best/schwab/schwab.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.246.198 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-246-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
340c8144527d33b72feafe06c90fd99ca176e7b6a49ea0b50d35c4e20f3da1f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://eikmeier-transport.de/best/schwab/schwab.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Last-Modified
Thu, 10 Jan 2019 18:13:38 GMT
ETag
"035563510a9d41:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Date
Mon, 28 Jan 2019 19:49:52 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
32046
X-XSS-Protection
1; mode=block
sch-logo.png
eikmeier-transport.de/images/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eikmeier-transport.de/images/sch-logo.png?v=14.9
Requested by
Host: eikmeier-transport.de
URL: https://eikmeier-transport.de/best/schwab/schwab.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.13.147.203 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE),
Reverse DNS
dd29510.kasserver.com
Software
Apache /
Resource Hash
e51ed9e457aa70685a9ef1144471d21b60d9eb6bc3627b01aef2965ede6b6579

Request headers

:path
/images/sch-logo.png?v=14.9
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
eikmeier-transport.de
referer
https://eikmeier-transport.de/best/schwab/schwab.com/
:scheme
https
:method
GET
Referer
https://eikmeier-transport.de/best/schwab/schwab.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
404
date
Mon, 28 Jan 2019 19:49:52 GMT
cache-control
no-cache, must-revalidate, max-age=0
expires
Wed, 11 Jan 1984 05:00:00 GMT
server
Apache
link
<https://eikmeier-transport.de/wp-json/>; rel="https://api.w.org/"
content-type
text/html; charset=UTF-8
login-banner_12-08-15.png
eikmeier-transport.de/secure/file/TM-DEFAULT-IMAGES/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eikmeier-transport.de/secure/file/TM-DEFAULT-IMAGES/login-banner_12-08-15.png
Requested by
Host: eikmeier-transport.de
URL: https://eikmeier-transport.de/best/schwab/schwab.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.13.147.203 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE),
Reverse DNS
dd29510.kasserver.com
Software
Apache /
Resource Hash
6bed87849e9ebd99a669306cd7dadd3e66b72cb76b8f263bb68a16715a0a41e9

Request headers

:path
/secure/file/TM-DEFAULT-IMAGES/login-banner_12-08-15.png
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
eikmeier-transport.de
referer
https://eikmeier-transport.de/best/schwab/schwab.com/
:scheme
https
:method
GET
Referer
https://eikmeier-transport.de/best/schwab/schwab.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
404
date
Mon, 28 Jan 2019 19:49:53 GMT
cache-control
no-cache, must-revalidate, max-age=0
expires
Wed, 11 Jan 1984 05:00:00 GMT
server
Apache
link
<https://eikmeier-transport.de/wp-json/>; rel="https://api.w.org/"
content-type
text/html; charset=UTF-8
Schwab-Icon-Font-v0-4.woff
client.schwabcdn.com/font/ 		0
0
Schwab-Icon-Font-v0-4.ttf
client.schwabcdn.com/font/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
client.schwabcdn.com
URL
https://client.schwabcdn.com/font/Schwab-Icon-Font-v0-4.woff?g44vd4
Domain
client.schwabcdn.com
URL
https://client.schwabcdn.com/font/Schwab-Icon-Font-v0-4.ttf?g44vd4

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Charles Schwab (Financial)

222 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| tempArr function| SelectedPositionChange function| AddFootNoteRow function| AddTableData function| GetQuantityValue function| SetDivElementHeight function| SetHeaderAndDataTableWidth function| LoadPositions function| truncate function| GetCashRow function| GetResourceText function| CheckRestrictedStock function| ShowFootNotes function| ShowEmptyPositionMessage function| ShowServiceErrorMessage function| HideAllPanel function| AddErrorTable function| GetSuperScriptNumber function| LoadPositionData function| GetSuperScriptId function| addEvent function| Autocomplete function| autoSelect function| hideDrp function| FirmNameOnFocus function| FirmNameOnBlur function| fnReadMsg function| AutocompleteLimit object| woms boolean| flagDiv function| showHideData function| ResizeIframe function| CallIntermediatePage function| checkAccBrokPanelStatus function| AutoComplete_GetLeft function| AutoComplete_GetTop function| expandCollapsePnl function| showTab function| expandCollapsePnlsAndLinks function| expandCollapsePnls function| expandCollapsePnlsInsideIFrame function| expandCollapsePnlsOnLoad function| printit function| openPop function| openEmailBounce function| openPopSMWin function| loadTransparentIFrame function| setIFramePos function| showDivIframe function| hideDiv function| womGo function| womAdd function| handleDocumentClick function| getCookieVal function| PopupPrintScript function| hideSelectAccount function| AdjustQlinksLength function| setQLinksOnWindowResize function| setQLinksPos function| PrintPreviewScript function| clearMutualFund string| ie_var string| moz_var string| dataDir string| resource_key undefined| sl_DataDir undefined| sl_Resx function| setDataDir_txt function| setDataDir_lnk function| CreateEvents function| AttachEvents function| SetAdvanceSearchURL function| AttachOnWindowLoad function| CalQuote function| OpenSuperBond function| fnSubmitEnter undefined| SBwin function| openPopup function| isValidUrl function| JSAlert undefined| prevTooltip function| getWindowWidth function| mouseX function| mouseY function| tooltip boolean| hasSubmitted function| CheckContinue function| getCookieIndex function| setCookieIndex function| setCookie function| trim function| BeginTransaction function| EndTransaction function| getTransactionStatus function| setControlsState function| enableDisableControls function| HideOrDisplayBody function| MarketStorm function| MarginDetailsDefaultView function| ChangeMarginDetails function| BindPositionsDropdown function| PositionOnChange function| hideQuickLinks function| changeAccount function| Redirect function| saToolTip function| ShowSpinner function| HideError function| closeAccountSelector function| highlightRow function| unHighlightRow function| checkAccBrokPanelStatusPanel function| showHideDataPanel function| expandCollapsePanelLink function| SetCursorLast function| StringBuffer function| getOverlayScript function| OverlayUpdateEmail function| DCDoWebAnalyticsLevel3Links string| capsKeyPress object| capLockNs function| $ function| jQuery string| chineselogin undefined| loginIdMandatory undefined| passwordMandatory undefined| InvalidLoginId undefined| InvalidLoginPassword function| CheckSSN function| RemoveUnwantedFromSSN function| isNumeric function| callDelay function| displaySSNDisc function| SetRbaHiddenFieldValue function| ValidateData function| DisplayError string| pnlError string| currentPassword string| newPassword string| confirmPassword string| lblError undefined| objcurrentPassword undefined| objnewPassword undefined| objpnlError undefined| objlblError undefined| objverifyPassword function| ObjInitialization function| ValidateChangeTempPasswordData function| setHbxVariables function| ShowMessage function| fnSubmitForm function| fnDonotSubmitForm function| assignEnterKeyFunctions function| getQuerystring function| validatePassword string| webPageTitle undefined| exporturl string| buddyURL function| GetBuddyURL string| md5_enabled function| postwith function| createCookie function| readCookie function| get_randomTMid function| eraseCookie string| ns2 string| tmid undefined| nameValueList undefined| item33 undefined| finalCookie function| showMobile function| showReviews string| displayType undefined| txtloginObj string| __wpmExportWarning string| __wpmCloseProviderWarning string| __wpmDeleteWarning undefined| s undefined| bcon1 undefined| refUrl undefined| protocol undefined| bcon2 undefined| scatAutoHandler function| scatAutoTrackFileDownloads function| scatAutoTrackExitLinks function| s_doPlugins undefined| s_code undefined| s_objectID function| s_gi function| s_giqf undefined| _scDilObj undefined| customerID undefined| schDil undefined| aTag function| isSecure function| IframeTracking function| DcJpegTracking function| GetRefrid function| DcOnClickTracking function| mmDelayLink function| mmCreateConversionTagHolder function| mmRedirect function| mmExecutePublisherCode function| mmIframeLoadHandler function| SzOnClickTracking function| mmConversionTag function| setupFB undefined| gaoAcctType function| addImgToElem function| gaoStartFB function| gaoCompleteFB function| gaoStartTwitter function| gaoCompleteTwitter function| gaoStartYahoo function| gaoCompleteYahoo function| gaoStartGoogle function| gaoCompleteGoogle undefined| c_r undefined| c_w

0 Cookies