volksbank-raiffeisenbank.banking-service.xyz Open in urlscan Pro
172.67.209.186 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://is.gd/tomPqy?=https://VOLKSBANK.de/Datenabgleich/2024/start/w9d89rhw3n8ht4iwghtbug87
Effective URL:
https://volksbank-raiffeisenbank.banking-service.xyz/login/ZxdxyivEgBuDWOOsB&pgwxirkcpOzVBwWOeSJgO=UiIcKngSvMJZ-aXWbdIuhtiZo&rrBLwkcweI=geHXViFavVSIB...
Submission: On May 16 via manual (May 16th 2024, 5:54:08 am UTC) from DE — Scanned from DE

Summary HTTP 20 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 5 domains to perform 20 HTTP transactions. The main IP is 172.67.209.186, located in United States and belongs to CLOUDFLARENET, US. The main domain is volksbank-raiffeisenbank.banking-service.xyz.
TLS certificate: Issued by GTS CA 1P5 on April 26th 2024. Valid for: 3 months.

This is the only time volksbank-raiffeisenbank.banking-service.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Volksbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:20:... 2606:4700:20::6819:ea35	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	104.21.5.149 104.21.5.149	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	172.67.156.184 172.67.156.184	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 20	172.67.209.186 172.67.209.186	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	2

1 2606:4700:20::6819:ea35 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

is.gd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.5.149 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

qlinkxyz.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.156.184 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

massgainer.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 172.67.209.186 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

volksbank-raiffeisenbank.banking-service.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	banking-service.xyz 2 redirects volksbank-raiffeisenbank.banking-service.xyz	266 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 237	31 KB
1	massgainer.xyz 1 redirects massgainer.xyz	526 B
1	qlinkxyz.xyz 1 redirects qlinkxyz.xyz	435 B
1	is.gd 1 redirects is.gd — Cisco Umbrella Rank: 137213	332 B
20	5

	Domain	Requested by
20	volksbank-raiffeisenbank.banking-service.xyz	2 redirects volksbank-raiffeisenbank.banking-service.xyz
2	cdnjs.cloudflare.com	volksbank-raiffeisenbank.banking-service.xyz
1	massgainer.xyz	1 redirects
1	qlinkxyz.xyz	1 redirects
1	is.gd	1 redirects
20	5

This site contains links to these domains. Also see Links.

Domain
www.schwaebisch-hall.de
www.union-investment.de
www.ruv.de
www.easycredit.de
www.dzbank.de
www.dz-privatbank.com
www.vr-smart-finanz.de
www.dzhyp.de
www.muenchenerhyp.de

Subject Issuer	Validity	Valid
banking-service.xyz GTS CA 1P5	`2024-04-26` - `2024-07-25`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://volksbank-raiffeisenbank.banking-service.xyz/login/ZxdxyivEgBuDWOOsB&pgwxirkcpOzVBwWOeSJgO=UiIcKngSvMJZ-aXWbdIuhtiZo&rrBLwkcweI=geHXViFavVSIBSDHNXbNE
Frame ID: 2599B2274CE3D7C958D6E9F7ADB2FF67
Requests: 18 HTTP requests in this frame

Frame: https://volksbank-raiffeisenbank.banking-service.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js
Frame ID: 9BF96091970F31CE6405B26840AD7649
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Anmelden

Page URL History Show full URLs

https://is.gd/tomPqy?=https://VOLKSBANK.de/Datenabgleich/2024/start/w9d89rhw3n8ht4iwghtbug87 HTTP 301
https://qlinkxyz.xyz/fTYigQat HTTP 302
https://massgainer.xyz/sommer HTTP 307
https://volksbank-raiffeisenbank.banking-service.xyz/?s=gq8c7i2ru8vtlnuwp9lq2ddxj0617nza HTTP 302
https://volksbank-raiffeisenbank.banking-service.xyz/login/ZxdxyivEgBuDWOOsB&pgwxirkcpOzVBwWOeSJgO=UiIcKngSvMJZ-aXWbdIuhtiZo&rrBL... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

95 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

2
IPs

2
Countries

297 kB
Transfer

1552 kB
Size

3
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.schwaebisch-hall.de/

Search URL Search Domain Scan URL

URL: https://www.union-investment.de/

Search URL Search Domain Scan URL

URL: https://www.ruv.de/

Search URL Search Domain Scan URL

URL: https://www.easycredit.de/

Search URL Search Domain Scan URL

URL: https://www.dzbank.de/

Search URL Search Domain Scan URL

URL: https://www.dz-privatbank.com/

Search URL Search Domain Scan URL

URL: https://www.vr-smart-finanz.de/

Search URL Search Domain Scan URL

URL: https://www.dzhyp.de/

Search URL Search Domain Scan URL

URL: https://www.muenchenerhyp.de/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://is.gd/tomPqy?=https://VOLKSBANK.de/Datenabgleich/2024/start/w9d89rhw3n8ht4iwghtbug87 HTTP 301
https://qlinkxyz.xyz/fTYigQat HTTP 302
https://massgainer.xyz/sommer HTTP 307
https://volksbank-raiffeisenbank.banking-service.xyz/?s=gq8c7i2ru8vtlnuwp9lq2ddxj0617nza HTTP 302
https://volksbank-raiffeisenbank.banking-service.xyz/login/ZxdxyivEgBuDWOOsB&pgwxirkcpOzVBwWOeSJgO=UiIcKngSvMJZ-aXWbdIuhtiZo&rrBLwkcweI=geHXViFavVSIBSDHNXbNE Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16

https://volksbank-raiffeisenbank.banking-service.xyz/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://volksbank-raiffeisenbank.banking-service.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request ZxdxyivEgBuDWOOsB&pgwxirkcpOzVBwWOeSJgO=UiIcKngSvMJZ-aXWbdIuhtiZo&rrBLwkcweI=geHXViFavVSIBSDHNXbNE Show response
volksbank-raiffeisenbank.banking-service.xyz/login/
Redirect Chain

https://is.gd/tomPqy?=https://VOLKSBANK.de/Datenabgleich/2024/start/w9d89rhw3n8ht4iwghtbug87
https://qlinkxyz.xyz/fTYigQat
https://massgainer.xyz/sommer
https://volksbank-raiffeisenbank.banking-service.xyz/?s=gq8c7i2ru8vtlnuwp9lq2ddxj0617nza
https://volksbank-raiffeisenbank.banking-service.xyz/login/ZxdxyivEgBuDWOOsB&pgwxirkcpOzVBwWOeSJgO=UiIcKngSvMJZ-aXWbdIuhtiZo&rrBLwkcweI=geHXViFavVSIBSDHNXbNE

1 MB
134 KB

156ms
156ms

Document
text/html

172.67.209.186
CLOUDFLARENET

General

Domain/Path	Expires	Name / Value
.is.gd/	1970-01-20 20:37:20	Name: __cf_bm Value: Mk4V0HOncbjy_xNuzm1XkTb3rtM8757F7cuYpulBTlg-1715838841-1.0.1.1-Qzk9Udmm4u5cxWLPSnRAyk2QeDm_awHVZ8tAQ8RPo4YBMHRo.bMkqAMhqGnhhEt61k79USL7SCdXP8vkfaYotA
volksbank-raiffeisenbank.banking-service.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: 56m22ps1m3ujppgcdcq756k0fa
.banking-service.xyz/	1970-01-21 05:22:54	Name: cf_clearance Value: PCF3Up77G5INrVtFdFu7jdGyE0O5U6flwW3xNRGjpQ8-1715838844-1.0.1.1-nYuIpFjN7_TuTmiHQKbaFWVQFnQHBaJlmuuUnlgeJ16VVPPdKbsLSuMk3Lh4s_vuUvkkkxq7SMcsviSvPs6yIg

volksbank-raiffeisenbank.banking-service.xyz Open in urlscan Pro 172.67.209.186 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

95 %HTTPS

20 %IPv6

5 Domains

5 Subdomains

2 IPs

2 Countries

297 kBTransfer

1552 kBSize

3 Cookies

9 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

3 Cookies

1 Console Messages

Indicators

volksbank-raiffeisenbank.banking-service.xyz Open in urlscan Pro
172.67.209.186 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

95 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

2
IPs

2
Countries

297 kB
Transfer

1552 kB
Size

3
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!