otpinternet-login.xyz Open in urlscan Pro
2606:4700:3037::ac43:aeb8 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://otpinternet-login.xyz/
Effective URL:
https://otpinternet-login.xyz/
Submission Tags: @phish_report
Submission: On January 15 via api (January 15th 2024, 6:26:32 am UTC) from FI — Scanned from FI

Summary HTTP 6 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 2 domains to perform 6 HTTP transactions. The main IP is 2606:4700:3037::ac43:aeb8, located in United States and belongs to CLOUDFLARENET, US. The main domain is otpinternet-login.xyz.
TLS certificate: Issued by GTS CA 1P5 on January 14th 2024. Valid for: 3 months.

This is the only time otpinternet-login.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 4 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3035::6815:503c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:303... 2606:4700:3037::ac43:aeb8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:600... 2a04:4e42:600::649	54113 (FASTLY) (FASTLY)
6	4

1 2606:4700:3035::6815:503c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

otpinternet-login.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3037::ac43:aeb8 (United States)

ASN13335 (CLOUDFLARENET, US)

otpinternet-login.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	otpinternet-login.xyz 1 redirects otpinternet-login.xyz	4 MB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 760	31 KB
6	2

	Domain	Requested by
6	otpinternet-login.xyz	1 redirects otpinternet-login.xyz
1	code.jquery.com	otpinternet-login.xyz
6	2

This site contains links to these domains. Also see Links.

Domain
internetbank.otpbank.hu
www.otpbank.hu
play.google.com
itunes.apple.com

Subject Issuer	Validity	Valid
otpinternet-login.xyz GTS CA 1P5	`2024-01-14` - `2024-04-13`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://otpinternet-login.xyz/
Frame ID: 470358B2198F7799300BE4D1366FD157
Requests: 21 HTTP requests in this frame

Frame: data://truncated
Frame ID: 4BCAB672213859E47E39D0B4E46AB929
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Új internet- és mobilbank – OTP Bank

Page URL History Show full URLs

http://otpinternet-login.xyz/ HTTP 301
https://otpinternet-login.xyz/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

4
IPs

1
Countries

5030 kB
Transfer

9598 kB
Size

1
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://internetbank.otpbank.hu/auth/bejelentkezes

Search URL Search Domain Scan URL

URL: https://www.otpbank.hu/portal/hu/OTPdirekt/Belepes?a=enableDirektLogin
Title: OTPdirekt internetbank

Search URL Search Domain Scan URL

URL: https://internetbank.otpbank.hu/auth/elfelejtett-jelszo
Title: Elfelejtettem a jelszavam

Search URL Search Domain Scan URL

URL: https://internetbank.otpbank.hu/auth/regisztracio
Title: Regisztrálok az új OTP InternetBankba

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=hu.otpbank.mobile
Title: Get it on: Google Play

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/id1403268557
Title: Download on the App Store

Search URL Search Domain Scan URL

URL: https://www.otpbank.hu/portal/hu/Kapcsolat
Title: Kapcsolatba lépni

Search URL Search Domain Scan URL

URL: https://www.otpbank.hu/portal/hu/Kondiciok
Title: Feltételek, Megjegyzés

Search URL Search Domain Scan URL

URL: https://www.otpbank.hu/portal/hu/JogiEtikaiNyilatkozat
Title: Jogi információk

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://otpinternet-login.xyz/ HTTP 301
https://otpinternet-login.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
16 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / otpinternet-login.xyz/ Redirect Chain http://otpinternet-login.xyz/ https://otpinternet-login.xyz/	8 MB 4 MB	209ms 140ms	Document text/html	2606:4700:3037::ac43:aeb8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://otpinternet-login.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:aeb8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 accept-language fi-FI,fi;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 845c0c13e81070fa-HEL content-encoding br content-type text/html; charset=utf-8 date Mon, 15 Jan 2024 06:26:26 GMT last-modified Sun, 14 Jan 2024 16:22:53 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9wWSsyMgz8uC12JjsbV8dIikUIk6E4dUTpqcMV3PzwNLdCKfv5qLrCf5HCZva8dTKwFmLfw0nK1A9F%2BsPGNK0my267%2FvBzVr3ICWzDAJSKWAw5%2FL5%2B3uc%2FJd%2BWyWsEJira2e%2FcNnQzPwJ%2FJj50Y6mV7wi6M%3D"}],"group":"cf-nel","max_age":604800} server cloudflare Redirect headers CF-RAY 845c0c132d27b807-RIX Cache-Control max-age=3600 Connection keep-alive Date Mon, 15 Jan 2024 06:26:26 GMT Expires Mon, 15 Jan 2024 07:26:26 GMT Location https://otpinternet-login.xyz/ NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ps5epjYiElftpO7FOd%2B4w9h7ofmRHivmxKkQq5PMBIIUYPeDfHjcl0ciK7XKslM8ifinReiwFFW9Af2%2FytZVtANwqHP61LqfH3HBtDFV%2F8FdzbLSu6pgJhX4bG4heaUQAWbcSQQgIbQNFvkXBpIyzYGlSWc%3D"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Vary Accept-Encoding alt-svc h3=":443"; ma=86400
GET H2	200	jquery-3.6.4.min.js Show response code.jquery.com/	88 KB 31 KB	105ms 30ms	Script application/javascript	2a04:4e42:600::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.4.min.js Requested by Host: otpinternet-login.xyz URL: https://otpinternet-login.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash `a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af` Request headers accept-language fi-FI,fi;q=0.9 Referer https://otpinternet-login.xyz/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers date Mon, 15 Jan 2024 06:26:26 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 10499379 x-cache HIT, HIT content-length 31011 x-served-by cache-lga21953-LGA, cache-hel1410022-HEL last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1705299987.768444,VS0,VE0 etag W/"28feccc0-15ec3" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 138, 44520
GET H2	200	main.js Show response otpinternet-login.xyz/static/js/	5 KB 2 KB	141ms 140ms	Script text/javascript	2606:4700:3037::ac43:aeb8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://otpinternet-login.xyz/static/js/main.js Requested by Host: otpinternet-login.xyz URL: https://otpinternet-login.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:aeb8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `07996835ec1026d40edde253915c1acef1ccc565bb928fd35b2ae91a30b4835f` Request headers accept-language fi-FI,fi;q=0.9 Referer https://otpinternet-login.xyz/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers date Mon, 15 Jan 2024 06:26:26 GMT content-encoding br cf-cache-status REVALIDATED last-modified Sat, 13 Jan 2024 10:03:22 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yMHIz6C1NsmJQgnvyTkBew8E4PPu7cLn1SEaCJimLl2nfbY%2By%2BSi1eRjWP5IVWInJqO13ves0Clm4IYvm42Yj9PSiDawheoYSFLSCGz5rAoLAdiX5X5W%2BomEcCuzvhuDaMQJhWQC%2FUwnKGPiDaTWVN1ENJ8%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript; charset=utf-8 cache-control max-age=14400 cf-ray 845c0c14d9b970fa-HEL alt-svc h3=":443"; ma=86400
GET H2	200	chat.js Show response otpinternet-login.xyz/static/js/	2 KB 1 KB	101ms 101ms	Script text/javascript	2606:4700:3037::ac43:aeb8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://otpinternet-login.xyz/static/js/chat.js Requested by Host: otpinternet-login.xyz URL: https://otpinternet-login.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:aeb8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a1033c6b0ac1e96fa5e639cc2b14a0096e8a62aa14925078ac4e08b42c4aaaa3` Request headers accept-language fi-FI,fi;q=0.9 Referer https://otpinternet-login.xyz/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers date Mon, 15 Jan 2024 06:26:26 GMT content-encoding br cf-cache-status REVALIDATED last-modified Fri, 12 Jan 2024 21:17:08 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VUnTH1g6lVyYC18kFjTFE%2BC%2BCjbGU0Jxz%2BaCibmWkqgSuDPL%2FvMtvoF79nh%2FcRITJFWOy3RnK3GFJ4X5XqqSiax3rQMaax2JkrY8TcVBq4P3AExjbfPFp3kof38iXtYuCOSDJUGEeF2yvpxaKxjONzEWUs8%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript; charset=utf-8 cache-control max-age=14400 cf-ray 845c0c14d9bb70fa-HEL alt-svc h3=":443"; ma=86400
GET H2	200	chat.css otpinternet-login.xyz/static/css/	4 KB 1 KB	142ms 141ms	Stylesheet text/css	2606:4700:3037::ac43:aeb8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://otpinternet-login.xyz/static/css/chat.css Requested by Host: otpinternet-login.xyz URL: https://otpinternet-login.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:aeb8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `55f2cd77ce30d0c626870f2340258d17338c5dcf51590d76d4e9ab02865352bc` Request headers accept-language fi-FI,fi;q=0.9 Referer https://otpinternet-login.xyz/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers date Mon, 15 Jan 2024 06:26:26 GMT content-encoding br cf-cache-status REVALIDATED last-modified Fri, 12 Jan 2024 16:38:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t4u61ZLgW5bEbHw43k0kurOVoR0QsLMvaLTrHZgvdw9JFLxTRQS41bXSQfohuRQKoBDp1X8PAy5uagkDr%2F3IFEi8HAnf75vM2OkKVWDjlWbbx9u%2FHDDIU5VxAiroe682NehjyKwhT7VUSDap1FX2SpoIzg4%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 cache-control max-age=14400 cf-ray 845c0c14d9b770fa-HEL alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated /	107 KB 107 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bc36a0eee0bf0000f32c3b59ea6e639636cbea8ec747675b7201bf31bb92d0e7` Request headers Referer Origin https://otpinternet-login.xyz accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	418 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `847ae3fc07a309823d4dbfc8294a7abff2779392a67f59fe8d0fe22ba0cb3d6c` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	129 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `51a828e7b455161fa0bb00a35c7a1763c1b83fb1effe2f70663b30e47b71a584` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	17 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a18e2e10e5659c343e1a1b8f8dc0ea8f6f5d0bdca0c27c446517c72a378f9f20` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	22 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f36a37a55d481fc67474576bd57e1616845618e2d7dc3c44c3a05bd513f5fa65` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	10 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `eb160cf0c587f4746479eaaf74e4ee6a65399b5931148a85ba4785383f330f35` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	226 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2a1c2d0ce7881c42fe2e1d9114ca25a74f79b870fb9622974b27309828a497f9` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	41 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a87cba1d08bc5397e7f459b9339b2427c42d824e223839840731f0a2cdd42f69` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	106 KB 106 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a2431e5b3f94c2bd49b264ed0c0c0417652ecb91658262a11f9a26fe55c8cd5d` Request headers Referer Origin https://otpinternet-login.xyz accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	106 KB 106 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6a8dc80f61e0245ed84ef82932d68e164d618739d0a0feb1120f11f70d96497d` Request headers Referer Origin https://otpinternet-login.xyz accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	100 KB 100 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `139000322132870bde1770327d5c33099918141ea9cbb29e544a3dd03a25883d` Request headers Referer Origin https://otpinternet-login.xyz accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	11 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1a6733bbc1a0433da8696cbef37266a32e1782142e242f5a38bdae707a55682e` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	11 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d3701bda03d86a02f98f953ce4a37303a68a1e0d70a0ed225e7d85229e9447af` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	6 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9db0b35cea2aed60d1621c66ec197456bfb887c3808294087289c67d51d8b50d` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bd200e43b7ec1eaa61b7a9b9bb8c332f8a1fe439f107fb82d7a22b014644bda8` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET H3	404	loader.gif otpinternet-login.xyz/static/img/	0 457 B	140ms 140ms	Image text/plain	2606:4700:3037::ac43:aeb8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://otpinternet-login.xyz/static/img/loader.gif Requested by Host: otpinternet-login.xyz URL: https://otpinternet-login.xyz/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:aeb8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language fi-FI,fi;q=0.9 Referer https://otpinternet-login.xyz/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers date Mon, 15 Jan 2024 06:26:27 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iwuk670JiB%2FGLChxvajoA8Xf8zY9GeHxKNUgqh0WF%2FgjNlh3GZDwbpONRYfqkGQjDCpFgL9x0%2FuSYEk84yZhqrnG6nRqds6TzwL%2Bx7LpUUhpPINqyGsyNzh0FZUXuPaaj6AjQJ0bMlo8pQe1pHuS632rHOY%3D"}],"group":"cf-nel","max_age":604800} cache-control max-age=14400 cf-ray 845c0c17f8e74e15-HEL alt-svc h3=":443"; ma=86400 content-length 0
GET DATA	200 OK	truncated Show response / Frame 4BCA	129 KB 129 KB		Document image/svg+xml
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `51a828e7b455161fa0bb00a35c7a1763c1b83fb1effe2f70663b30e47b71a584` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 accept-language fi-FI,fi;q=0.9 Response headers Content-Type image/svg+xml

Verdicts & Comments Add Verdict or Comment

Malicious task.url
Submitted on January 15th 2024, 8:57:21 am UTC — From Hungary

Threats: Phishing Brand Impersonation Scam
Comment: The website impersonates the visual elements of the OTP Bank HU. Phishing website.

Malicious page.url
Submitted on January 15th 2024, 8:57:09 am UTC — From Hungary

Threats: Brand Impersonation Phishing Scam
Comment: The website impersonates the visual elements of the OTP Bank HU. Phishing website.

Malicious page.domain
Submitted on January 15th 2024, 8:56:57 am UTC — From Hungary

Threats: Brand Impersonation Phishing Scam
Comment: The website impersonates the visual elements of the OTP Bank HU. Phishing website.

Malicious page.url
Submitted on January 15th 2024, 8:52:50 am UTC — From Hungary

Threats: Brand Impersonation Phishing Scam
Comment: The website impersonates the visual elements of the OTP Bank HU. Phishing website.

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			otpinternet-login.xyz/	1970-01-20 18:24:51	Name: user_id Value: VtIZk

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://otpinternet-login.xyz/static/img/loader.gif Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
otpinternet-login.xyz
2606:4700:3035::6815:503c
2606:4700:3037::ac43:aeb8
2a04:4e42:600::649
07996835ec1026d40edde253915c1acef1ccc565bb928fd35b2ae91a30b4835f
139000322132870bde1770327d5c33099918141ea9cbb29e544a3dd03a25883d
1a6733bbc1a0433da8696cbef37266a32e1782142e242f5a38bdae707a55682e
2a1c2d0ce7881c42fe2e1d9114ca25a74f79b870fb9622974b27309828a497f9
51a828e7b455161fa0bb00a35c7a1763c1b83fb1effe2f70663b30e47b71a584
55f2cd77ce30d0c626870f2340258d17338c5dcf51590d76d4e9ab02865352bc
6a8dc80f61e0245ed84ef82932d68e164d618739d0a0feb1120f11f70d96497d
847ae3fc07a309823d4dbfc8294a7abff2779392a67f59fe8d0fe22ba0cb3d6c
9db0b35cea2aed60d1621c66ec197456bfb887c3808294087289c67d51d8b50d
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
a1033c6b0ac1e96fa5e639cc2b14a0096e8a62aa14925078ac4e08b42c4aaaa3
a18e2e10e5659c343e1a1b8f8dc0ea8f6f5d0bdca0c27c446517c72a378f9f20
a2431e5b3f94c2bd49b264ed0c0c0417652ecb91658262a11f9a26fe55c8cd5d
a87cba1d08bc5397e7f459b9339b2427c42d824e223839840731f0a2cdd42f69
bc36a0eee0bf0000f32c3b59ea6e639636cbea8ec747675b7201bf31bb92d0e7
bd200e43b7ec1eaa61b7a9b9bb8c332f8a1fe439f107fb82d7a22b014644bda8
d3701bda03d86a02f98f953ce4a37303a68a1e0d70a0ed225e7d85229e9447af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb160cf0c587f4746479eaaf74e4ee6a65399b5931148a85ba4785383f330f35
f36a37a55d481fc67474576bd57e1616845618e2d7dc3c44c3a05bd513f5fa65

otpinternet-login.xyz Open in urlscan Pro 2606:4700:3037::ac43:aeb8 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 4 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

4 IPs

1 Countries

5030 kBTransfer

9598 kBSize

1 Cookies

9 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 16 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Malicious task.url Submitted on January 15th 2024, 8:57:21 am UTC — From Hungary

Malicious page.url Submitted on January 15th 2024, 8:57:09 am UTC — From Hungary

Malicious page.domain Submitted on January 15th 2024, 8:56:57 am UTC — From Hungary

Malicious page.url Submitted on January 15th 2024, 8:52:50 am UTC — From Hungary

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

12 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

otpinternet-login.xyz Open in urlscan Pro
2606:4700:3037::ac43:aeb8 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

4
IPs

1
Countries

5030 kB
Transfer

9598 kB
Size

1
Cookies

6 HTTP transactions
16 data transactions

Malicious task.url
Submitted on January 15th 2024, 8:57:21 am UTC — From Hungary

Malicious page.url
Submitted on January 15th 2024, 8:57:09 am UTC — From Hungary

Malicious page.domain
Submitted on January 15th 2024, 8:56:57 am UTC — From Hungary

Malicious page.url
Submitted on January 15th 2024, 8:52:50 am UTC — From Hungary

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!