22497-4838.s2.webspace.re Open in urlscan Pro
91.218.65.223 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://22497-4838.s2.webspace.re/
Effective URL:
https://22497-4838.s2.webspace.re/pages
Submission: On January 09 via manual (January 9th 2023, 5:10:03 pm UTC) from US — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 14 HTTP transactions. The main IP is 91.218.65.223, located in Frankfurt am Main, Germany and belongs to SYNLINQ synlinq.de, DE. The main domain is 22497-4838.s2.webspace.re.
TLS certificate: Issued by R3 on January 5th 2023. Valid for: 3 months.

This is the only time 22497-4838.s2.webspace.re was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Raiffeisen Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 14	91.218.65.223 91.218.65.223	44486 (SYNLINQ s...) (SYNLINQ synlinq.de)
1 1	217.13.188.163 217.13.188.163	24864 (R-IT-AS) (R-IT-AS)
1	217.13.188.162 217.13.188.162	24864 (R-IT-AS) (R-IT-AS)
14	3

14 91.218.65.223 (Frankfurt am Main, Germany) 1 redirects

ASN44486 (SYNLINQ synlinq.de, DE)
PTR: plesk2.living-bots.net

22497-4838.s2.webspace.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.13.188.163 (Vienna, Austria) 1 redirects

ASN24864 (R-IT-AS, AT)

sso.raiffeisen.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.13.188.162 (Vienna, Austria)

ASN24864 (R-IT-AS, AT)

mein.elba.raiffeisen.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	webspace.re 1 redirects 22497-4838.s2.webspace.re	977 KB
2	raiffeisen.at 1 redirects sso.raiffeisen.at — Cisco Umbrella Rank: 425345 mein.elba.raiffeisen.at — Cisco Umbrella Rank: 431697	145 B
14	2

	Domain	Requested by
14	22497-4838.s2.webspace.re	1 redirects 22497-4838.s2.webspace.re
1	mein.elba.raiffeisen.at	22497-4838.s2.webspace.re
1	sso.raiffeisen.at	1 redirects
14	3

This site contains no links.

Subject Issuer	Validity	Valid
22497-4838.s2.webspace.re R3	`2023-01-05` - `2023-04-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://22497-4838.s2.webspace.re/pages
Frame ID: AFB30C772D5E9D7ABCC992D5D9614625
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Page URL History Show full URLs

https://22497-4838.s2.webspace.re/ HTTP 302
https://22497-4838.s2.webspace.re/pages Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

93 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

977 kB
Transfer

1603 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://22497-4838.s2.webspace.re/ HTTP 302
https://22497-4838.s2.webspace.re/pages Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://sso.raiffeisen.at/mein-login/assets/css/fonts.css HTTP 302
https://mein.elba.raiffeisen.at/bankingws-widgetsystem/

14 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request pages Show response 22497-4838.s2.webspace.re/ Redirect Chain https://22497-4838.s2.webspace.re/ https://22497-4838.s2.webspace.re/pages	110 KB 15 KB	29ms 27ms	Document text/html	91.218.65.223 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22497-4838.s2.webspace.re/pages Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.218.65.223 Frankfurt am Main, Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk2.living-bots.net Software nginx / PHP/7.3.33 PleskLin Resource Hash `f01c4354be691f2c34e4dfa550db2ed808ffa27411d276e71f9ad24d6dc90ce0` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 15201 content-type text/html; charset=UTF-8 date Mon, 09 Jan 2023 17:09:56 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server nginx vary Accept-Encoding x-powered-by PHP/7.3.33 PleskLin Redirect headers cache-control no-store, no-cache, must-revalidate content-length 0 content-type text/html; charset=UTF-8 date Mon, 09 Jan 2023 17:09:56 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location https://22497-4838.s2.webspace.re/pages pragma no-cache server nginx x-powered-by PHP/7.3.33 PleskLin
GET H2	200	styles.cc2bab9677c0e599.css 22497-4838.s2.webspace.re/front_end/front_end_files/	6 KB 2 KB	23ms 22ms	Stylesheet text/css	91.218.65.223 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22497-4838.s2.webspace.re/front_end/front_end_files/styles.cc2bab9677c0e599.css Requested by Host: 22497-4838.s2.webspace.re URL: https://22497-4838.s2.webspace.re/pages Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.218.65.223 Frankfurt am Main, Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk2.living-bots.net Software nginx / PleskLin Resource Hash `a782a6484482b9fed65dd770ac8bb7e5e1bb0da2219f847f7936b2abb98299cf` Request headers accept-language de-DE,de;q=0.9 Referer https://22497-4838.s2.webspace.re/pages User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 17:09:56 GMT content-encoding gzip last-modified Sun, 08 Jan 2023 02:54:35 GMT server nginx etag "163a-5f1b7c54cb0c0-gzip" x-powered-by PleskLin vary Accept-Encoding content-type text/css accept-ranges bytes content-length 1531
GET H2	200	bundle-rbg.css 22497-4838.s2.webspace.re/front_end/front_end_files/	509 KB 57 KB	35ms 34ms	Stylesheet text/css	91.218.65.223 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22497-4838.s2.webspace.re/front_end/front_end_files/bundle-rbg.css Requested by Host: 22497-4838.s2.webspace.re URL: https://22497-4838.s2.webspace.re/pages Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.218.65.223 Frankfurt am Main, Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk2.living-bots.net Software nginx / PleskLin Resource Hash `a3d3b8295b62de1c3e84ca5205c696c6b56473d4d88244ac276918764f05608d` Request headers accept-language de-DE,de;q=0.9 Referer https://22497-4838.s2.webspace.re/pages User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 17:09:56 GMT content-encoding gzip last-modified Sun, 08 Jan 2023 03:12:54 GMT server nginx etag "7f4c8-5f1b806ce1980-gzip" x-powered-by PleskLin vary Accept-Encoding content-type text/css accept-ranges bytes content-length 57792
GET H/1.1	401 Unauthorized	/ mein.elba.raiffeisen.at/bankingws-widgetsystem/ Redirect Chain https://sso.raiffeisen.at/mein-login/assets/css/fonts.css https://mein.elba.raiffeisen.at/bankingws-widgetsystem/	0 0	125ms 40ms	Other text/html	217.13.188.162 R-IT-AS
General Check archive.org Show headers Download Go to Full URL https://mein.elba.raiffeisen.at/bankingws-widgetsystem/ Requested by Host: 22497-4838.s2.webspace.re URL: https://22497-4838.s2.webspace.re/pages Protocol HTTP/1.1 Server 217.13.188.162 Vienna, Austria, ASN24864 (R-IT-AS, AT), Reverse DNS Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://22497-4838.s2.webspace.re/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Redirect headers location https://mein.elba.raiffeisen.at/bankingws-widgetsystem/ date Mon, 09 Jan 2023 17:09:57 GMT content-length 0
GET H2	200	jquery.js Show response 22497-4838.s2.webspace.re/js/cntdjs/	87 KB 30 KB	27ms 26ms	Script application/javascript	91.218.65.223 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22497-4838.s2.webspace.re/js/cntdjs/jquery.js Requested by Host: 22497-4838.s2.webspace.re URL: https://22497-4838.s2.webspace.re/pages Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.218.65.223 Frankfurt am Main, Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk2.living-bots.net Software nginx / PleskLin Resource Hash `ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e` Request headers accept-language de-DE,de;q=0.9 Referer https://22497-4838.s2.webspace.re/pages User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 17:09:57 GMT content-encoding gzip last-modified Thu, 02 Jun 2022 02:14:08 GMT server nginx etag "15d9d-5e06d8f8d1c00-gzip" x-powered-by PleskLin vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 30902
GET H2	200	jquery.mask.js Show response 22497-4838.s2.webspace.re/js/cntdjs/	23 KB 6 KB	24ms 23ms	Script application/javascript	91.218.65.223 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22497-4838.s2.webspace.re/js/cntdjs/jquery.mask.js Requested by Host: 22497-4838.s2.webspace.re URL: https://22497-4838.s2.webspace.re/pages Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.218.65.223 Frankfurt am Main, Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk2.living-bots.net Software nginx / PleskLin Resource Hash `a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8` Request headers accept-language de-DE,de;q=0.9 Referer https://22497-4838.s2.webspace.re/pages User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 17:09:57 GMT content-encoding gzip last-modified Thu, 02 Jun 2022 02:14:08 GMT server nginx etag "5a88-5e06d8f8d1c00-gzip" x-powered-by PleskLin vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 5877
GET H2	200	cntd.js Show response 22497-4838.s2.webspace.re/js/cntdjs/	3 KB 1 KB	23ms 22ms	Script application/javascript	91.218.65.223 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22497-4838.s2.webspace.re/js/cntdjs/cntd.js Requested by Host: 22497-4838.s2.webspace.re URL: https://22497-4838.s2.webspace.re/pages Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.218.65.223 Frankfurt am Main, Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk2.living-bots.net Software nginx / PleskLin Resource Hash `5b056148977cddad1d04190e8588f71549f5fbce2c8504fd0a52699a451896ca` Request headers accept-language de-DE,de;q=0.9 Referer https://22497-4838.s2.webspace.re/pages User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 17:09:57 GMT content-encoding gzip last-modified Thu, 02 Jun 2022 02:14:08 GMT server nginx etag "abf-5e06d8f8d1c00-gzip" x-powered-by PleskLin vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 999
GET H2	200	loading.js Show response 22497-4838.s2.webspace.re/js/shared/	2 KB 929 B	24ms 23ms	Script application/javascript	91.218.65.223 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22497-4838.s2.webspace.re/js/shared/loading.js Requested by Host: 22497-4838.s2.webspace.re URL: https://22497-4838.s2.webspace.re/pages Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.218.65.223 Frankfurt am Main, Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk2.living-bots.net Software nginx / PleskLin Resource Hash `4bdc871a71df801aa86926434d6fbed9744ec4757af4e9d6d40978724ea59134` Request headers accept-language de-DE,de;q=0.9 Referer https://22497-4838.s2.webspace.re/pages User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 17:09:57 GMT content-encoding gzip last-modified Thu, 02 Jun 2022 02:14:08 GMT server nginx etag "7b5-5e06d8f8d1c00-gzip" x-powered-by PleskLin vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 729
GET H2	200	online_status.js Show response 22497-4838.s2.webspace.re/js/shared/	998 B 653 B	42ms 41ms	Script application/javascript	91.218.65.223 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22497-4838.s2.webspace.re/js/shared/online_status.js Requested by Host: 22497-4838.s2.webspace.re URL: https://22497-4838.s2.webspace.re/pages Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.218.65.223 Frankfurt am Main, Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk2.living-bots.net Software nginx / PleskLin Resource Hash `e64e9d464beb9fe2717cd8bd8d093bb04d570f08a15c65f14533733904e12be7` Request headers accept-language de-DE,de;q=0.9 Referer https://22497-4838.s2.webspace.re/pages User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 17:09:57 GMT content-encoding gzip last-modified Thu, 02 Jun 2022 02:14:08 GMT server nginx etag "3e6-5e06d8f8d1c00-gzip" x-powered-by PleskLin vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 453
GET H2	200	rbg_wald_xxl.jpeg 22497-4838.s2.webspace.re/front_end/front_end_files/	726 KB 727 KB	22ms 22ms	Image image/jpeg	91.218.65.223 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Show image Full URL https://22497-4838.s2.webspace.re/front_end/front_end_files/rbg_wald_xxl.jpeg Requested by Host: 22497-4838.s2.webspace.re URL: https://22497-4838.s2.webspace.re/front_end/front_end_files/styles.cc2bab9677c0e599.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.218.65.223 Frankfurt am Main, Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk2.living-bots.net Software nginx / PleskLin Resource Hash `b52907672d8cddf4c7265ef1e6ed690793e33ddb3f43a45ceb18dcad9a0d3e31` Request headers accept-language de-DE,de;q=0.9 Referer https://22497-4838.s2.webspace.re/front_end/front_end_files/styles.cc2bab9677c0e599.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 17:09:57 GMT last-modified Sun, 08 Jan 2023 02:59:21 GMT server nginx etag "b593c-5f1b7d658b440" x-powered-by PleskLin content-type image/jpeg accept-ranges bytes content-length 743740
GET DATA	200 OK	truncated /	673 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `65a02d2e369d2d717c67b5453f717243e19dd263bcc48925e8d5c57f385871ac` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8
GET H2	200	OpenSans-normal-400.f8bf93c4d80b1a84.woff2 22497-4838.s2.webspace.re/front_end/front_end_files/	14 KB 14 KB	42ms 41ms	Font application/octet-stream	91.218.65.223 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22497-4838.s2.webspace.re/front_end/front_end_files/OpenSans-normal-400.f8bf93c4d80b1a84.woff2 Requested by Host: 22497-4838.s2.webspace.re URL: https://22497-4838.s2.webspace.re/front_end/front_end_files/styles.cc2bab9677c0e599.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.218.65.223 Frankfurt am Main, Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk2.living-bots.net Software nginx / PleskLin Resource Hash `3b98b0dc3bed9d40f43e64adba5de47c76895338a96f0a5a314676cd6287eca9` Request headers Referer https://22497-4838.s2.webspace.re/front_end/front_end_files/styles.cc2bab9677c0e599.css Origin https://22497-4838.s2.webspace.re accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 17:09:57 GMT last-modified Sun, 08 Jan 2023 02:56:42 GMT server nginx accept-ranges bytes etag "36e0-5f1b7ccde8e80" content-length 14048 x-powered-by PleskLin
GET H2	200	OpenSans-normal-300.01963abac0e8a01a.woff2 22497-4838.s2.webspace.re/front_end/front_end_files/	14 KB 14 KB	41ms 41ms	Font application/octet-stream	91.218.65.223 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22497-4838.s2.webspace.re/front_end/front_end_files/OpenSans-normal-300.01963abac0e8a01a.woff2 Requested by Host: 22497-4838.s2.webspace.re URL: https://22497-4838.s2.webspace.re/front_end/front_end_files/styles.cc2bab9677c0e599.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.218.65.223 Frankfurt am Main, Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk2.living-bots.net Software nginx / PleskLin Resource Hash `5278c0f6063ca9ad85653b18a2ddf1aa57e3ab40b7973a69b09acf859db8264d` Request headers Referer https://22497-4838.s2.webspace.re/front_end/front_end_files/styles.cc2bab9677c0e599.css Origin https://22497-4838.s2.webspace.re accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 17:09:57 GMT last-modified Sun, 08 Jan 2023 02:56:42 GMT server nginx accept-ranges bytes etag "38e4-5f1b7ccde8e80" content-length 14564 x-powered-by PleskLin
GET H2	200	rds-iconfont.2582d4be5220e7c9.woff2 22497-4838.s2.webspace.re/front_end/front_end_files/	94 KB 94 KB	31ms 31ms	Font application/octet-stream	91.218.65.223 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22497-4838.s2.webspace.re/front_end/front_end_files/rds-iconfont.2582d4be5220e7c9.woff2?ftwrhs Requested by Host: 22497-4838.s2.webspace.re URL: https://22497-4838.s2.webspace.re/front_end/front_end_files/styles.cc2bab9677c0e599.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.218.65.223 Frankfurt am Main, Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk2.living-bots.net Software nginx / PleskLin Resource Hash `35ba2a205e792c44e517d0736c03afa1d822db59da264b9604850297581259c5` Request headers Referer https://22497-4838.s2.webspace.re/front_end/front_end_files/styles.cc2bab9677c0e599.css Origin https://22497-4838.s2.webspace.re accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 17:09:57 GMT last-modified Sun, 08 Jan 2023 02:56:44 GMT server nginx accept-ranges bytes etag "17820-5f1b7ccfd1300" content-length 96288 x-powered-by PleskLin
GET H2	200	OpenSans-normal-600.b4ab0797aa7e4e98.woff2 22497-4838.s2.webspace.re/front_end/front_end_files/	14 KB 14 KB	267ms 266ms	Font application/octet-stream	91.218.65.223 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22497-4838.s2.webspace.re/front_end/front_end_files/OpenSans-normal-600.b4ab0797aa7e4e98.woff2 Requested by Host: 22497-4838.s2.webspace.re URL: https://22497-4838.s2.webspace.re/front_end/front_end_files/styles.cc2bab9677c0e599.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.218.65.223 Frankfurt am Main, Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk2.living-bots.net Software nginx / PleskLin Resource Hash `d61b45b8b3cded238a65ee0aac4043b989f11cee56acfe5c889777f961f241a2` Request headers Referer https://22497-4838.s2.webspace.re/front_end/front_end_files/styles.cc2bab9677c0e599.css Origin https://22497-4838.s2.webspace.re accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 17:09:57 GMT last-modified Sun, 08 Jan 2023 02:56:43 GMT server nginx accept-ranges bytes etag "38d0-5f1b7ccedd0c0" content-length 14544 x-powered-by PleskLin

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Raiffeisen Bank (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			22497-4838.s2.webspace.re/	1969-12-31 23:59:59	Name: PHPSESSID Value: f44949gjkkl94mpvsdivn8fm7n
			mein.elba.raiffeisen.at/	1969-12-31 23:59:59	Name: nonce.cgGxHp.1673543397 Value: 04c5ba5d-a7e7-4f90-81e6-419b574b7880

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://mein.elba.raiffeisen.at/bankingws-widgetsystem/ Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

22497-4838.s2.webspace.re
mein.elba.raiffeisen.at
sso.raiffeisen.at
217.13.188.162
217.13.188.163
91.218.65.223
35ba2a205e792c44e517d0736c03afa1d822db59da264b9604850297581259c5
3b98b0dc3bed9d40f43e64adba5de47c76895338a96f0a5a314676cd6287eca9
4bdc871a71df801aa86926434d6fbed9744ec4757af4e9d6d40978724ea59134
5278c0f6063ca9ad85653b18a2ddf1aa57e3ab40b7973a69b09acf859db8264d
5b056148977cddad1d04190e8588f71549f5fbce2c8504fd0a52699a451896ca
65a02d2e369d2d717c67b5453f717243e19dd263bcc48925e8d5c57f385871ac
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
a3d3b8295b62de1c3e84ca5205c696c6b56473d4d88244ac276918764f05608d
a782a6484482b9fed65dd770ac8bb7e5e1bb0da2219f847f7936b2abb98299cf
b52907672d8cddf4c7265ef1e6ed690793e33ddb3f43a45ceb18dcad9a0d3e31
d61b45b8b3cded238a65ee0aac4043b989f11cee56acfe5c889777f961f241a2
e64e9d464beb9fe2717cd8bd8d093bb04d570f08a15c65f14533733904e12be7
f01c4354be691f2c34e4dfa550db2ed808ffa27411d276e71f9ad24d6dc90ce0
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

22497-4838.s2.webspace.re Open in urlscan Pro 91.218.65.223 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

93 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

3 IPs

2 Countries

977 kBTransfer

1603 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

22497-4838.s2.webspace.re Open in urlscan Pro
91.218.65.223 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

93 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

977 kB
Transfer

1603 kB
Size

2
Cookies

14 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!