volksbahk.info Open in urlscan Pro
23.19.227.80 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://goqozqzhqv.torrent159.com/vr?q=2624888728
Effective URL:
https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2
Submission: On August 24 via api (August 24th 2022, 6:52:26 pm UTC) from BE — Scanned from DE

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 17 HTTP transactions. The main IP is 23.19.227.80, located in New York, United States and belongs to LEASEWEB-USA-NYC, US. The main domain is volksbahk.info.
TLS certificate: Issued by R3 on August 24th 2022. Valid for: 3 months.

This is the only time volksbahk.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Volksbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 2	176.113.115.170 176.113.115.170	57678 (REDBYTES-AS) (REDBYTES-AS)
1 18	23.19.227.80 23.19.227.80	396362 (LEASEWEB-...) (LEASEWEB-USA-NYC)
17	1

2 176.113.115.170 (Russian Federation) 2 redirects

ASN57678 (REDBYTES-AS, RU)

goqozqzhqv.torrent159.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 23.19.227.80 (New York, United States) 1 redirects

ASN396362 (LEASEWEB-USA-NYC, US)

volksbahk.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	volksbahk.info 1 redirects volksbahk.info	1 MB
2	torrent159.com 2 redirects goqozqzhqv.torrent159.com	623 B
17	2

	Domain	Requested by
18	volksbahk.info	1 redirects volksbahk.info
2	goqozqzhqv.torrent159.com	2 redirects
17	2

This site contains no links.

Subject Issuer	Validity	Valid
volksbahk.info R3	`2022-08-24` - `2022-11-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2
Frame ID: CE8AE1884BAE8C97CB664FD21D773C54
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Anmelden - Volksbank

Page URL History Show full URLs

http://goqozqzhqv.torrent159.com/vr?q=2624888728 HTTP 302
http://goqozqzhqv.torrent159.com/rlogin.php?page=u2 HTTP 302
https://volksbahk.info/rlogin.php?page=u2 HTTP 302
https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

1359 kB
Transfer

1355 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://goqozqzhqv.torrent159.com/vr?q=2624888728 HTTP 302
http://goqozqzhqv.torrent159.com/rlogin.php?page=u2 HTTP 302
https://volksbahk.info/rlogin.php?page=u2 HTTP 302
https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request postcode.php Show response volksbahk.info/services_auth/auth-ui/ Redirect Chain http://goqozqzhqv.torrent159.com/vr?q=2624888728 http://goqozqzhqv.torrent159.com/rlogin.php?page=u2 https://volksbahk.info/rlogin.php?page=u2 https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2	911 KB 912 KB	2044ms 2043ms	Document text/html	23.19.227.80 LEASEWEB-USA-NYC
General Check archive.org Show headers Download Go to Full URL https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.19.227.80 New York, United States, ASN396362 (LEASEWEB-USA-NYC, US), Reverse DNS Software nginx/1.20.1 / PHP/5.4.16 Resource Hash `f76bfc47f2b6df31a45dd756a04b015272423a8685acd17432063374cfdef23b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Type text/html; charset=utf-8 Date Wed, 24 Aug 2022 18:52:20 GMT Server nginx/1.20.1 Transfer-Encoding chunked X-Powered-By PHP/5.4.16 Redirect headers Connection keep-alive Content-Length 108 Content-Type text/html; charset=utf-8 Date Wed, 24 Aug 2022 18:52:18 GMT Server nginx/1.20.1 X-Powered-By PHP/5.4.16 location services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2
GET H/1.1	200 OK	styles.css volksbahk.info/services_auth/auth-ui/index_files/	31 KB 32 KB	648ms 449ms	Stylesheet text/css	23.19.227.80 LEASEWEB-USA-NYC
General Check archive.org Show headers Download Go to Full URL https://volksbahk.info/services_auth/auth-ui/index_files/styles.css Requested by Host: volksbahk.info URL: https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.19.227.80 New York, United States, ASN396362 (LEASEWEB-USA-NYC, US), Reverse DNS Software nginx/1.20.1 / Resource Hash `a86a9983fccbe3bbe93093b302023ebfa2564f9c7dd2adc1d8d65e3cc12fe13f` Request headers accept-language de-DE,de;q=0.9 Referer https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Date Wed, 24 Aug 2022 18:52:20 GMT Last-Modified Tue, 16 Aug 2022 07:46:03 GMT Server nginx/1.20.1 ETag "7d0c-5e656f0b4693f" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 32012
GET H/1.1	200 OK	jquery-1.12.2.min.js Show response volksbahk.info/services_auth/auth-ui/	95 KB 95 KB	669ms 463ms	Script application/javascript	23.19.227.80 LEASEWEB-USA-NYC
General Check archive.org Show headers Download Go to Full URL https://volksbahk.info/services_auth/auth-ui/jquery-1.12.2.min.js Requested by Host: volksbahk.info URL: https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.19.227.80 New York, United States, ASN396362 (LEASEWEB-USA-NYC, US), Reverse DNS Software nginx/1.20.1 / Resource Hash `95914789b5f3307a3718679e867d61b9d4c03f749cd2e2970570331d7d6c8ed9` Request headers accept-language de-DE,de;q=0.9 Referer https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Date Wed, 24 Aug 2022 18:52:20 GMT Last-Modified Tue, 16 Aug 2022 07:46:03 GMT Server nginx/1.20.1 ETag "17bdc-5e656f0b2a41e" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 97244
GET H/1.1	200 OK	Frankfurt.png volksbahk.info/services_auth/auth-ui/logo/	5 KB 6 KB	278ms 278ms	Image image/png	23.19.227.80 LEASEWEB-USA-NYC
General Check archive.org Show headers Download Go to Show image Full URL https://volksbahk.info/services_auth/auth-ui/logo/Frankfurt.png Requested by Host: volksbahk.info URL: https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.19.227.80 New York, United States, ASN396362 (LEASEWEB-USA-NYC, US), Reverse DNS Software nginx/1.20.1 / Resource Hash `22e82e5cec68877db1f1395e4dfa4f5440adcf830566db9dbd790eb27489d892` Request headers accept-language de-DE,de;q=0.9 Referer https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Date Wed, 24 Aug 2022 18:52:21 GMT Last-Modified Tue, 16 Aug 2022 07:46:03 GMT Server nginx/1.20.1 ETag "1588-5e656f0b39e1e" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 5512
GET H/1.1	200 OK	ukraine_flag_548_348.jpg volksbahk.info/services_auth/auth-ui/index_files/	24 KB 24 KB	377ms 375ms	Image image/jpeg	23.19.227.80 LEASEWEB-USA-NYC
General Check archive.org Show headers Download Go to Show image Full URL https://volksbahk.info/services_auth/auth-ui/index_files/ukraine_flag_548_348.jpg Requested by Host: volksbahk.info URL: https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.19.227.80 New York, United States, ASN396362 (LEASEWEB-USA-NYC, US), Reverse DNS Software nginx/1.20.1 / Resource Hash `a105545eba0d05192b8328cded8239f5755a4027c5e227d50fe75f30ef6d8380` Request headers accept-language de-DE,de;q=0.9 Referer https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Date Wed, 24 Aug 2022 18:52:21 GMT Last-Modified Tue, 16 Aug 2022 07:46:03 GMT Server nginx/1.20.1 ETag "5f34-5e656f0b4693f" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 24372
GET H/1.1	200 OK	SchwaebischHall.png volksbahk.info/services_auth/auth-ui/index_files/	4 KB 4 KB	331ms 279ms	Image image/png	23.19.227.80 LEASEWEB-USA-NYC
General Check archive.org Show headers Download Go to Show image Full URL https://volksbahk.info/services_auth/auth-ui/index_files/SchwaebischHall.png Requested by Host: volksbahk.info URL: https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.19.227.80 New York, United States, ASN396362 (LEASEWEB-USA-NYC, US), Reverse DNS Software nginx/1.20.1 / Resource Hash `7b80565005aab705788b217adbb52b163ae2efdf99fe81ee9d89f91e415e34af` Request headers accept-language de-DE,de;q=0.9 Referer https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Date Wed, 24 Aug 2022 18:52:21 GMT Last-Modified Tue, 16 Aug 2022 07:46:03 GMT Server nginx/1.20.1 ETag "10cf-5e656f0b59dd7" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 4303
GET H/1.1	200 OK	UnionInvestment.png volksbahk.info/services_auth/auth-ui/index_files/	6 KB 6 KB	943ms 289ms	Image image/png	23.19.227.80 LEASEWEB-USA-NYC
General Check archive.org Show headers Download Go to Show image Full URL https://volksbahk.info/services_auth/auth-ui/index_files/UnionInvestment.png Requested by Host: volksbahk.info URL: https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.19.227.80 New York, United States, ASN396362 (LEASEWEB-USA-NYC, US), Reverse DNS Software nginx/1.20.1 / Resource Hash `93a42951ec0bae1d49c6c94e2bcac1a728591b5aee96a698aeb95c569aa4ce47` Request headers accept-language de-DE,de;q=0.9 Referer https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Date Wed, 24 Aug 2022 18:52:22 GMT Last-Modified Tue, 16 Aug 2022 07:46:03 GMT Server nginx/1.20.1 ETag "17fe-5e656f0b59dd7" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 6142
GET H/1.1	200 OK	RundV.png volksbahk.info/services_auth/auth-ui/index_files/	5 KB 5 KB	935ms 278ms	Image image/png	23.19.227.80 LEASEWEB-USA-NYC
General Check archive.org Show headers Download Go to Show image Full URL https://volksbahk.info/services_auth/auth-ui/index_files/RundV.png Requested by Host: volksbahk.info URL: https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.19.227.80 New York, United States, ASN396362 (LEASEWEB-USA-NYC, US), Reverse DNS Software nginx/1.20.1 / Resource Hash `33891c62b6270b0139750f3be423eb7c4807121d5ce7d54699a97ff5ada20bfb` Request headers accept-language de-DE,de;q=0.9 Referer https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Date Wed, 24 Aug 2022 18:52:22 GMT Last-Modified Tue, 16 Aug 2022 07:46:03 GMT Server nginx/1.20.1 ETag "1335-5e656f0b5b547" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 4917
GET H/1.1	200 OK	DZBANK_Initiativbank.png volksbahk.info/services_auth/auth-ui/index_files/	16 KB 17 KB	978ms 369ms	Image image/png	23.19.227.80 LEASEWEB-USA-NYC
General Check archive.org Show headers Download Go to Show image Full URL https://volksbahk.info/services_auth/auth-ui/index_files/DZBANK_Initiativbank.png Requested by Host: volksbahk.info URL: https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.19.227.80 New York, United States, ASN396362 (LEASEWEB-USA-NYC, US), Reverse DNS Software nginx/1.20.1 / Resource Hash `60154e6e2f54fa24a52d92b99146a39d81151578f6a3a4bd533bf8c43d676b6c` Request headers accept-language de-DE,de;q=0.9 Referer https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Date Wed, 24 Aug 2022 18:52:22 GMT Last-Modified Tue, 16 Aug 2022 07:46:03 GMT Server nginx/1.20.1 ETag "4194-5e656f0b5b547" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 16788
GET H/1.1	200 OK	DZPrivatbank.png volksbahk.info/services_auth/auth-ui/index_files/	3 KB 3 KB	545ms 277ms	Image image/png	23.19.227.80 LEASEWEB-USA-NYC
General Check archive.org Show headers Download Go to Show image Full URL https://volksbahk.info/services_auth/auth-ui/index_files/DZPrivatbank.png Requested by Host: volksbahk.info URL: https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.19.227.80 New York, United States, ASN396362 (LEASEWEB-USA-NYC, US), Reverse DNS Software nginx/1.20.1 / Resource Hash `bc5bcd93361b2057348129acae6936f5ef20d5b31cebb08a03abdf23a4cb5168` Request headers accept-language de-DE,de;q=0.9 Referer https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Date Wed, 24 Aug 2022 18:52:21 GMT Last-Modified Tue, 16 Aug 2022 07:46:03 GMT Server nginx/1.20.1 ETag "c12-5e656f0b50967" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 3090
GET H/1.1	200 OK	VR_Smart_Finanz.png volksbahk.info/services_auth/auth-ui/index_files/	4 KB 4 KB	385ms 284ms	Image image/png	23.19.227.80 LEASEWEB-USA-NYC
General Check archive.org Show headers Download Go to Show image Full URL https://volksbahk.info/services_auth/auth-ui/index_files/VR_Smart_Finanz.png Requested by Host: volksbahk.info URL: https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.19.227.80 New York, United States, ASN396362 (LEASEWEB-USA-NYC, US), Reverse DNS Software nginx/1.20.1 / Resource Hash `3097e43e3a9b2002798fa0cee854002a72f17f43103a9ea7b4dedef610a0f5d6` Request headers accept-language de-DE,de;q=0.9 Referer https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Date Wed, 24 Aug 2022 18:52:21 GMT Last-Modified Tue, 16 Aug 2022 07:46:03 GMT Server nginx/1.20.1 ETag "e8f-5e656f0b5b547" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 3727
GET H/1.1	200 OK	DGHYP.png volksbahk.info/services_auth/auth-ui/index_files/	2 KB 2 KB	672ms 286ms	Image image/png	23.19.227.80 LEASEWEB-USA-NYC
General Check archive.org Show headers Download Go to Show image Full URL https://volksbahk.info/services_auth/auth-ui/index_files/DGHYP.png Requested by Host: volksbahk.info URL: https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.19.227.80 New York, United States, ASN396362 (LEASEWEB-USA-NYC, US), Reverse DNS Software nginx/1.20.1 / Resource Hash `193c842a2509cf7f02ae53bcfe06eef90e653f86af7b973bce4059eae10e92f6` Request headers accept-language de-DE,de;q=0.9 Referer https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Date Wed, 24 Aug 2022 18:52:21 GMT Last-Modified Tue, 16 Aug 2022 07:46:03 GMT Server nginx/1.20.1 ETag "75b-5e656f0b4693f" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 1883
GET H/1.1	200 OK	MnchenerHyp.png volksbahk.info/services_auth/auth-ui/index_files/	6 KB 6 KB	504ms 282ms	Image image/png	23.19.227.80 LEASEWEB-USA-NYC
General Check archive.org Show headers Download Go to Show image Full URL https://volksbahk.info/services_auth/auth-ui/index_files/MnchenerHyp.png Requested by Host: volksbahk.info URL: https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.19.227.80 New York, United States, ASN396362 (LEASEWEB-USA-NYC, US), Reverse DNS Software nginx/1.20.1 / Resource Hash `f00e05e6fcb48cbf33e15e7393b71041234246e48727fc225310c153cfa6cc31` Request headers accept-language de-DE,de;q=0.9 Referer https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Date Wed, 24 Aug 2022 18:52:21 GMT Last-Modified Tue, 16 Aug 2022 07:46:03 GMT Server nginx/1.20.1 ETag "16ae-5e656f0b5633f" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 5806
GET H/1.1	200 OK	FrutigerVR-Bold_hinted.woff2 volksbahk.info/services_auth/auth-ui/fonts/	24 KB 24 KB	565ms 459ms	Font application/octet-stream	23.19.227.80 LEASEWEB-USA-NYC
General Check archive.org Show headers Download Go to Full URL https://volksbahk.info/services_auth/auth-ui/fonts/FrutigerVR-Bold_hinted.woff2 Requested by Host: volksbahk.info URL: https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.19.227.80 New York, United States, ASN396362 (LEASEWEB-USA-NYC, US), Reverse DNS Software nginx/1.20.1 / Resource Hash `c825e9b517a70daf14196922b7c35578f62e5facea44a808acf4dadda1456b85` Request headers Referer https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Origin https://volksbahk.info accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Date Wed, 24 Aug 2022 18:52:21 GMT Last-Modified Tue, 16 Aug 2022 07:46:03 GMT Server nginx/1.20.1 Connection keep-alive Accept-Ranges bytes ETag "6004-5e656f0b2cf16" Content-Length 24580
GET H/1.1	200 OK	FrutigerVR-Regular_hinted.woff2 volksbahk.info/services_auth/auth-ui/fonts/	24 KB 24 KB	567ms 454ms	Font application/octet-stream	23.19.227.80 LEASEWEB-USA-NYC
General Check archive.org Show headers Download Go to Full URL https://volksbahk.info/services_auth/auth-ui/fonts/FrutigerVR-Regular_hinted.woff2 Requested by Host: volksbahk.info URL: https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.19.227.80 New York, United States, ASN396362 (LEASEWEB-USA-NYC, US), Reverse DNS Software nginx/1.20.1 / Resource Hash `af04aec736c43b3a1e44614897ae314d3f624fcdc15f6d9749600963b20e4eff` Request headers Referer https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Origin https://volksbahk.info accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Date Wed, 24 Aug 2022 18:52:21 GMT Last-Modified Tue, 16 Aug 2022 07:46:03 GMT Server nginx/1.20.1 Connection keep-alive Accept-Ranges bytes ETag "6020-5e656f0b353e6" Content-Length 24608
GET H/1.1	200 OK	kf-icons.woff volksbahk.info/services_auth/auth-ui/fonts/	195 KB 195 KB	592ms 491ms	Font application/font-woff	23.19.227.80 LEASEWEB-USA-NYC
General Check archive.org Show headers Download Go to Full URL https://volksbahk.info/services_auth/auth-ui/fonts/kf-icons.woff Requested by Host: volksbahk.info URL: https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.19.227.80 New York, United States, ASN396362 (LEASEWEB-USA-NYC, US), Reverse DNS Software nginx/1.20.1 / Resource Hash `cac9d473a22e9459b05aebf639e15e68521111d7cafa2e30f3b77fd753f8b5e9` Request headers Referer https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 Origin https://volksbahk.info accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Date Wed, 24 Aug 2022 18:52:21 GMT Last-Modified Tue, 16 Aug 2022 07:46:03 GMT Server nginx/1.20.1 ETag "30b34-5e656f0b2ee56" Content-Type application/font-woff Connection keep-alive Accept-Ranges bytes Content-Length 199476
POST H/1.1	200 OK	ajax.php Show response volksbahk.info/privatkunden/center/ajax/	0 355 B	812ms 311ms	XHR text/html	23.19.227.80 LEASEWEB-USA-NYC
General Check archive.org Show headers Download Go to Full URL https://volksbahk.info/privatkunden/center/ajax/ajax.php?id=f025836ecca611ecaebeb178 Requested by Host: volksbahk.info URL: https://volksbahk.info/services_auth/auth-ui/jquery-1.12.2.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.19.227.80 New York, United States, ASN396362 (LEASEWEB-USA-NYC, US), Reverse DNS Software nginx/1.20.1 / PHP/5.4.16 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept / Referer https://volksbahk.info/services_auth/auth-ui/postcode.php?id=f025836ecca611ecaebeb178&page=u2 X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Pragma no-cache Date Wed, 24 Aug 2022 18:52:22 GMT Server nginx/1.20.1 X-Powered-By PHP/5.4.16 Content-Type text/html; charset=utf-8 Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Length 0 Expires Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Volksbank (Banking)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			volksbahk.info/services_auth/auth-ui	1970-01-20 15:05:27	Name: uid Value: 516411814
			volksbahk.info/	1969-12-31 23:59:59	Name: PHPSESSID Value: af0tra1e03gpfu11muk20lesc4

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

goqozqzhqv.torrent159.com
volksbahk.info
176.113.115.170
23.19.227.80
193c842a2509cf7f02ae53bcfe06eef90e653f86af7b973bce4059eae10e92f6
22e82e5cec68877db1f1395e4dfa4f5440adcf830566db9dbd790eb27489d892
3097e43e3a9b2002798fa0cee854002a72f17f43103a9ea7b4dedef610a0f5d6
33891c62b6270b0139750f3be423eb7c4807121d5ce7d54699a97ff5ada20bfb
60154e6e2f54fa24a52d92b99146a39d81151578f6a3a4bd533bf8c43d676b6c
7b80565005aab705788b217adbb52b163ae2efdf99fe81ee9d89f91e415e34af
93a42951ec0bae1d49c6c94e2bcac1a728591b5aee96a698aeb95c569aa4ce47
95914789b5f3307a3718679e867d61b9d4c03f749cd2e2970570331d7d6c8ed9
a105545eba0d05192b8328cded8239f5755a4027c5e227d50fe75f30ef6d8380
a86a9983fccbe3bbe93093b302023ebfa2564f9c7dd2adc1d8d65e3cc12fe13f
af04aec736c43b3a1e44614897ae314d3f624fcdc15f6d9749600963b20e4eff
bc5bcd93361b2057348129acae6936f5ef20d5b31cebb08a03abdf23a4cb5168
c825e9b517a70daf14196922b7c35578f62e5facea44a808acf4dadda1456b85
cac9d473a22e9459b05aebf639e15e68521111d7cafa2e30f3b77fd753f8b5e9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f00e05e6fcb48cbf33e15e7393b71041234246e48727fc225310c153cfa6cc31
f76bfc47f2b6df31a45dd756a04b015272423a8685acd17432063374cfdef23b

volksbahk.info Open in urlscan Pro 23.19.227.80 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

1359 kBTransfer

1355 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

19 JavaScript Global Variables

2 Cookies

Indicators

volksbahk.info Open in urlscan Pro
23.19.227.80 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

1359 kB
Transfer

1355 kB
Size

2
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!