53rdhomepages.dynvpn.de Open in urlscan Pro
193.31.30.127  Malicious Activity! Public Scan

URL: https://53rdhomepages.dynvpn.de/
Submission: On June 02 via manual from US — Scanned from US

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 193.31.30.127, located in London, United Kingdom and belongs to CLOUVIDER Clouvider - Global ASN, GB. The main domain is 53rdhomepages.dynvpn.de.
TLS certificate: Issued by R3 on June 2nd 2022. Valid for: 3 months.
This is the only time 53rdhomepages.dynvpn.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fifth Third Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
2 193.31.30.127 62240 (CLOUVIDER...)
2 104.127.188.145 16625 (AKAMAI-AS)
4 2
Apex Domain
Subdomains
Transfer
2 53.com
www.53.com — Cisco Umbrella Rank: 67541
7 KB
2 dynvpn.de
53rdhomepages.dynvpn.de
5 KB
4 2
Domain Requested by
2 www.53.com 53rdhomepages.dynvpn.de
2 53rdhomepages.dynvpn.de 53rdhomepages.dynvpn.de
4 2

This site contains links to these domains. Also see Links.

Domain
www.53.com
locations.53.com
onlinebanking.53.com
ir.53.com
Subject Issuer Validity Valid
53rdhomepages.dynvpn.de
R3
2022-06-02 -
2022-08-31
3 months crt.sh
www.53.com
DigiCert Global CA G2
2022-01-06 -
2023-01-19
a year crt.sh

This page contains 1 frames:

Primary Page: https://53rdhomepages.dynvpn.de/
Frame ID: 38E7C6D059DE24DF78BC68B48D4D5B58
Requests: 4 HTTP requests in this frame

Screenshot


Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

12 kB
Transfer

30 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
53rdhomepages.dynvpn.de/
21 KB
4 KB
Document
General
Full URL
https://53rdhomepages.dynvpn.de/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
193.31.30.127 London, United Kingdom, ASN62240 (CLOUVIDER Clouvider - Global ASN, GB),
Reverse DNS
vps.wanliservice.fr
Software
nginx /
Resource Hash
d51279c9991cbab8c8ba527745cbf50615755e254bd5eac984e249d8aaf49e02

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
3758
Content-Type
text/html
Date
Thu, 02 Jun 2022 15:11:30 GMT
ETag
"55d0-5e0778e7db6a7-gzip"
Last-Modified
Thu, 02 Jun 2022 14:09:39 GMT
Server
nginx
Vary
Accept-Encoding
logo.svg
www.53.com/content/dam/fifth-third/brand/
5 KB
3 KB
Image
General
Full URL
https://www.53.com/content/dam/fifth-third/brand/logo.svg
Requested by
Host: 53rdhomepages.dynvpn.de
URL: https://53rdhomepages.dynvpn.de/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.127.188.145 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-127-188-145.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
617518a4c1f153f1cbcb09ac14a8b3f4be01fb80dd86159b6b02bbee52622ed3
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://53rdhomepages.dynvpn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';form-action 'self';
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Disposition
attachment; filename="logo.svg"
Connection
keep-alive
Vary
Accept-Encoding,User-Agent
Content-Length
1744
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 04 Sep 2018 23:12:25 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Thu, 02 Jun 2022 15:11:30 GMT
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
image/svg+xml
Cache-Control
no-cache="set-cookie"
ETag
"130b-57513ca744840-gzip"
Accept-Ranges
bytes
1440x565-ftblue-other.jpg
53rdhomepages.dynvpn.de/content/dam/fifth-third/heroes/
1 KB
1 KB
Image
General
Full URL
https://53rdhomepages.dynvpn.de/content/dam/fifth-third/heroes/1440x565-ftblue-other.jpg
Requested by
Host: 53rdhomepages.dynvpn.de
URL: https://53rdhomepages.dynvpn.de/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
193.31.30.127 London, United Kingdom, ASN62240 (CLOUVIDER Clouvider - Global ASN, GB),
Reverse DNS
vps.wanliservice.fr
Software
nginx /
Resource Hash
d25ebf589ba09d0f8d1ef0076140f5859f7504b4554399f9ca7a7d060764a586

Request headers

accept-language
en-US,en;q=0.9
Referer
https://53rdhomepages.dynvpn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Thu, 02 Jun 2022 15:11:30 GMT
Content-Encoding
gzip
Last-Modified
Thu, 02 Jun 2022 14:06:07 GMT
Server
nginx
ETag
W/"5a4-5e07781cdbe2c"
Vary
Accept-Encoding
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
equal_housing_logo.png
www.53.com/content/dam/fifth-third/brand/icons/
3 KB
4 KB
Image
General
Full URL
https://www.53.com/content/dam/fifth-third/brand/icons/equal_housing_logo.png
Requested by
Host: 53rdhomepages.dynvpn.de
URL: https://53rdhomepages.dynvpn.de/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.127.188.145 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-127-188-145.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c9874fdc3addc2b1da577088ec110c30e79e6afd4e89a20ac6ecff47cf1b3f45
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://53rdhomepages.dynvpn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';form-action 'self';
X-Content-Type-Options
nosniff
Last-Modified
Tue, 04 Sep 2018 23:11:35 GMT
Server
Apache
ETag
"ac6-57513c77957c0"
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
no-cache="set-cookie"
Date
Thu, 02 Jun 2022 15:11:30 GMT
Content-Disposition
attachment
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Accept-Ranges
bytes
Content-Length
2758
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fifth Third Bank (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation

2 Cookies

Domain/Path Name / Value
www.53.com/ Name: AWSELBCORS
Value: B503ED2F1EF9700649607026C911227B888706CD196272746263C81503A2C5E0BBACC163E1108C2659BC8362CBDCFA565726522413B95728EB3D3DE59F5523CCDEE54936BD
.www.53.com/ Name: akaalb_ALB_www_53_com
Value: ~op=LBM_www_53_com:Adobe|~rv=89~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=4c9a5ff49e0d74710a77319debcf01dd

1 Console Messages

Source Level URL
Text
network error URL: https://53rdhomepages.dynvpn.de/content/dam/fifth-third/heroes/1440x565-ftblue-other.jpg
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)