erstechilo.hopto.org Open in urlscan Pro
5.44.42.71 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://lokola.xyz/
Effective URL:
https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
Submission: On March 01 via manual (March 1st 2023, 6:23:54 am UTC) from CZ — Scanned from CA

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 4 countries across 4 domains to perform 20 HTTP transactions. The main IP is 5.44.42.71, located in Dubai, United Arab Emirates and belongs to GIR-AS, RU. The main domain is erstechilo.hopto.org.
TLS certificate: Issued by R3 on February 28th 2023. Valid for: 3 months.

This is the only time erstechilo.hopto.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Erste Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	81.19.140.23 81.19.140.23	207713 (GIR-AS) (GIR-AS)
1 17	5.44.42.71 5.44.42.71	207713 (GIR-AS) (GIR-AS)
1	195.228.30.122 195.228.30.122	5483 (MAGYAR-TE...) (MAGYAR-TELEKOM-MAIN-AS Magyar Telekom Nyrt.)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3a	20446 (STACKPATH...) (STACKPATH-CDN)
20	5

1 81.19.140.23 (Toronto, Canada)

ASN207713 (GIR-AS, RU)
PTR: 4SER-1677539516.ip-ptr.tech

lokola.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 5.44.42.71 (Dubai, United Arab Emirates) 1 redirects

ASN207713 (GIR-AS, RU)
PTR: 4SER-1677592997.ip-ptr.tech

erstechilo.hopto.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.228.30.122 (Hungary)

ASN5483 (MAGYAR-TELEKOM-MAIN-AS Magyar Telekom Nyrt., HU)

login.erstebank.hu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	hopto.org 1 redirects erstechilo.hopto.org	70 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 693	30 KB
1	erstebank.hu login.erstebank.hu www.erstebank.hu Failed	200 KB
1	lokola.xyz lokola.xyz	279 B
20	4

	Domain	Requested by
17	erstechilo.hopto.org	1 redirects erstechilo.hopto.org
1	code.jquery.com	erstechilo.hopto.org
1	login.erstebank.hu	erstechilo.hopto.org
1	lokola.xyz
0	www.erstebank.hu Failed	erstechilo.hopto.org
20	5

This site contains no links.

Subject Issuer	Validity	Valid
lokola.xyz R3	`2023-02-27` - `2023-05-28`	3 months	crt.sh
erstechilo.hopto.org R3	`2023-02-28` - `2023-05-29`	3 months	crt.sh
login.erstebank.hu NETLOCK Trust Qualified EV CA 3	`2023-02-11` - `2023-11-15`	9 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
Frame ID: E5D300E1C02D099FD66BA00A5EE5F4F8
Requests: 21 HTTP requests in this frame

Frame: https://www.erstebank.hu/hu/george-login-en
Frame ID: C33F42B232E78D649C5BFA0884AECED5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://erstechilo.hopto.org/ErsteBank/index.php?r=app HTTP 302
https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

require.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

95 %
HTTPS

25 %
IPv6

4
Domains

5
Subdomains

5
IPs

4
Countries

301 kB
Transfer

681 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://erstechilo.hopto.org/ErsteBank/index.php?r=app HTTP 302
https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 /
lokola.xyz/ 0
279 B 409ms
301ms Document
text/html 81.19.140.23
GIR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://lokola.xyz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.19.140.23 Toronto, Canada, ASN207713 (GIR-AS, RU),
Reverse DNS: 4SER-1677539516.ip-ptr.tech
Software: nginx / PHP/8.0.28 PleskLin
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 01 Mar 2023 06:23:48 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
refresh: 0;url=https://erstechilo.hopto.org/ErsteBank/index.php?r=app
server: nginx
x-powered-by: PHP/8.0.28 PleskLin

GET
H/1.1

200
OK

Primary Request Z7lASo.php Show response
erstechilo.hopto.org/ErsteBank/clients/
Redirect Chain

https://erstechilo.hopto.org/ErsteBank/index.php?r=app
https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification

24 KB
12 KB

2054ms
2054ms

Document
text/html

5.44.42.71
GIR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.44.42.71 Dubai, United Arab Emirates, ASN207713 (GIR-AS, RU),
Reverse DNS: 4SER-1677592997.ip-ptr.tech
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 46ea42042613bbc228d66be6cf660e01a7d0e68271240434789255ee28a0eec6

Request headers

Referer: https://lokola.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 12242
Content-Type: text/html; charset=UTF-8
Date: Wed, 01 Mar 2023 06:23:49 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=99
Pragma: no-cache
Server: Apache/2.4.18 (Ubuntu)
Vary: Accept-Encoding

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Wed, 01 Mar 2023 06:23:49 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Location: clients/Z7lASo.php?verification#_
Pragma: no-cache
Server: Apache/2.4.18 (Ubuntu)

GET
H/1.1 404
Not Found ruxitagentjs_ICA2Vfjqru_10231211201155045.js
erstechilo.hopto.org/sso/ 0
0 640ms
211ms Script
text/html 5.44.42.71
GIR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://erstechilo.hopto.org/sso/ruxitagentjs_ICA2Vfjqru_10231211201155045.js
Requested by: Host: erstechilo.hopto.org
URL: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.44.42.71 Dubai, United Arab Emirates, ASN207713 (GIR-AS, RU),
Reverse DNS: 4SER-1677592997.ip-ptr.tech
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 06:23:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 283
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found main.js
erstechilo.hopto.org/ErsteBank/clients/ 0
0 644ms
213ms Script
text/html 5.44.42.71
GIR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://erstechilo.hopto.org/ErsteBank/clients/main.js?v=13.5.0-SAMAM_v6.7.24.0
Requested by: Host: erstechilo.hopto.org
URL: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.44.42.71 Dubai, United Arab Emirates, ASN207713 (GIR-AS, RU),
Reverse DNS: 4SER-1677592997.ip-ptr.tech
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 06:23:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 283
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found AppConfiguration.js
erstechilo.hopto.org/ErsteBank/clients/config/ 0
0 210ms
209ms Script
text/html 5.44.42.71
GIR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://erstechilo.hopto.org/ErsteBank/clients/config/AppConfiguration.js?v=13.5.0-SAMAM_v6.7.24.0
Requested by: Host: erstechilo.hopto.org
URL: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.44.42.71 Dubai, United Arab Emirates, ASN207713 (GIR-AS, RU),
Reverse DNS: 4SER-1677592997.ip-ptr.tech
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 06:23:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 283
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found ThemeConfiguration.js
erstechilo.hopto.org/ErsteBank/clients/config/ 0
0 210ms
210ms Script
text/html 5.44.42.71
GIR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://erstechilo.hopto.org/ErsteBank/clients/config/ThemeConfiguration.js?v=13.5.0-SAMAM_v6.7.24.0
Requested by: Host: erstechilo.hopto.org
URL: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.44.42.71 Dubai, United Arab Emirates, ASN207713 (GIR-AS, RU),
Reverse DNS: 4SER-1677592997.ip-ptr.tech
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 06:23:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 283
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK bootstrap.min.css
erstechilo.hopto.org/ErsteBank/clients/george/css/ 158 KB
21 KB 431ms
220ms Stylesheet
text/css 5.44.42.71
GIR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://erstechilo.hopto.org/ErsteBank/clients/george/css/bootstrap.min.css?v=13.5.0-SAMAM_v6.7.24.0
Requested by: Host: erstechilo.hopto.org
URL: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.44.42.71 Dubai, United Arab Emirates, ASN207713 (GIR-AS, RU),
Reverse DNS: 4SER-1677592997.ip-ptr.tech
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: db5bd855f43dccd056953e442ad88e2e99a9dfd1dca243f89ba492da96bc67f6

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 06:23:51 GMT
Content-Encoding: gzip
Last-Modified: Thu, 28 Jul 2022 17:02:54 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "278c8-5e4e081244b80-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 21459

GET
H/1.1 200
OK inter.css
erstechilo.hopto.org/ErsteBank/clients/george/css/ 6 KB
1 KB 627ms
208ms Stylesheet
text/css 5.44.42.71
GIR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://erstechilo.hopto.org/ErsteBank/clients/george/css/inter.css?v=13.5.0-SAMAM_v6.7.24.0
Requested by: Host: erstechilo.hopto.org
URL: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.44.42.71 Dubai, United Arab Emirates, ASN207713 (GIR-AS, RU),
Reverse DNS: 4SER-1677592997.ip-ptr.tech
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: f2184b65d973bceb7298c079fe46cb9cad62c9067a5f3b13e016c3b1eb35304b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 06:23:52 GMT
Content-Encoding: gzip
Last-Modified: Thu, 28 Jul 2022 17:02:54 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "17e1-5e4e081244b80-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 753

GET
H/1.1 200
OK gds-main.min.css
erstechilo.hopto.org/ErsteBank/clients/george/css/ 175 KB
20 KB 640ms
218ms Stylesheet
text/css 5.44.42.71
GIR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://erstechilo.hopto.org/ErsteBank/clients/george/css/gds-main.min.css?v=13.5.0-SAMAM_v6.7.24.0
Requested by: Host: erstechilo.hopto.org
URL: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.44.42.71 Dubai, United Arab Emirates, ASN207713 (GIR-AS, RU),
Reverse DNS: 4SER-1677592997.ip-ptr.tech
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: c34279ccec1a6dcd60207ad677232d168b33b2f85f5b325bf75dec1a6bf0e0b2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 06:23:52 GMT
Content-Encoding: gzip
Last-Modified: Thu, 28 Jul 2022 17:02:54 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "2ba11-5e4e081244b80-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 19865

GET
H/1.1 200
OK erste.css
erstechilo.hopto.org/ErsteBank/clients/george/css/ 10 KB
3 KB 636ms
212ms Stylesheet
text/css 5.44.42.71
GIR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://erstechilo.hopto.org/ErsteBank/clients/george/css/erste.css?v=13.5.0-SAMAM_v6.7.24.0
Requested by: Host: erstechilo.hopto.org
URL: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.44.42.71 Dubai, United Arab Emirates, ASN207713 (GIR-AS, RU),
Reverse DNS: 4SER-1677592997.ip-ptr.tech
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: c106d75c0453b6193ecfd1deed556305daf888aba544a5e6f8d8e25d1e0a7662

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 06:23:52 GMT
Content-Encoding: gzip
Last-Modified: Thu, 28 Jul 2022 17:02:54 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "28dd-5e4e081244b80-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 2410

GET
H/1.1 404
Not Found Footer.js
erstechilo.hopto.org/ErsteBank/clients/org/forgerock/openam/ui/common/components/ 0
0 210ms
210ms Script
text/html 5.44.42.71
GIR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://erstechilo.hopto.org/ErsteBank/clients/org/forgerock/openam/ui/common/components/Footer.js?v=13.5.0-SAMAM_v6.7.24.0
Requested by: Host: erstechilo.hopto.org
URL: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.44.42.71 Dubai, United Arab Emirates, ASN207713 (GIR-AS, RU),
Reverse DNS: 4SER-1677592997.ip-ptr.tech
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 06:23:53 GMT
Server: Apache/2.4.18 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Length: 283
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found LoginHeader.js
erstechilo.hopto.org/ErsteBank/clients/org/forgerock/commons/ui/common/components/ 0
0 210ms
209ms Script
text/html 5.44.42.71
GIR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://erstechilo.hopto.org/ErsteBank/clients/org/forgerock/commons/ui/common/components/LoginHeader.js?v=13.5.0-SAMAM_v6.7.24.0
Requested by: Host: erstechilo.hopto.org
URL: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.44.42.71 Dubai, United Arab Emirates, ASN207713 (GIR-AS, RU),
Reverse DNS: 4SER-1677592997.ip-ptr.tech
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 06:23:53 GMT
Server: Apache/2.4.18 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=95
Content-Length: 283
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK Tu5H61YgEIqFpQ5.js Show response
login.erstebank.hu/4pH4ceZF7SgigWv/ 200 KB
200 KB 1091ms
306ms Script
text/javascript 195.228.30.122
MAGYAR-TELEKOM-MA...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.erstebank.hu/4pH4ceZF7SgigWv/Tu5H61YgEIqFpQ5.js

Requested by

Host: erstechilo.hopto.org
URL: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification

Protocol

HTTP/1.1

Security

TLS 1.3, , CHACHA20_POLY1305

Server

195.228.30.122 , Hungary, ASN5483 (MAGYAR-TELEKOM-MAIN-AS Magyar Telekom Nyrt., HU),

Reverse DNS

Software

gunicorn /

Resource Hash

a1ef5f97bcb4d936d99e8d777f75837b643f4f7175681a80966c3a44ee758677

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://erstechilo.hopto.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 06:23:52 GMT
x-correlation-id: 0A652205:8EA6_0A6B2084:1F6B_63FEEF78_6566E1F:0009
strict-transport-security: max-age=31536000; includeSubDomains; preload;
server: gunicorn
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=1800
access-control-allow-headers: Content-Type,Authorization
content-length: 204797

GET
H/1.1 200
OK flag-en.png
erstechilo.hopto.org/ErsteBank/clients/george/images/ 685 B
969 B 214ms
213ms Image
image/png 5.44.42.71
GIR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://erstechilo.hopto.org/ErsteBank/clients/george/images/flag-en.png
Requested by: Host: erstechilo.hopto.org
URL: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.44.42.71 Dubai, United Arab Emirates, ASN207713 (GIR-AS, RU),
Reverse DNS: 4SER-1677592997.ip-ptr.tech
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: cb01050ed50446c64cbd3077f8f7825bcf070a5e1ebaf2a8441a63b020063d77

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 06:23:53 GMT
Last-Modified: Thu, 28 Jul 2022 17:02:54 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "2ad-5e4e081244b80"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 685

GET
H/1.1 200
OK flag-hu.png
erstechilo.hopto.org/ErsteBank/clients/george/images/ 177 B
460 B 213ms
212ms Image
image/png 5.44.42.71
GIR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://erstechilo.hopto.org/ErsteBank/clients/george/images/flag-hu.png
Requested by: Host: erstechilo.hopto.org
URL: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.44.42.71 Dubai, United Arab Emirates, ASN207713 (GIR-AS, RU),
Reverse DNS: 4SER-1677592997.ip-ptr.tech
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 5e69f28fccb728fdce3c2a06e427b7e53840f445142748f42a9a313061f206d7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 06:23:53 GMT
Last-Modified: Thu, 28 Jul 2022 17:02:54 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "b1-5e4e081244b80"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 177

GET
H/1.1 200
OK e-logo.png
erstechilo.hopto.org/ErsteBank/clients/george/images/ 11 KB
11 KB 213ms
212ms Image
image/png 5.44.42.71
GIR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://erstechilo.hopto.org/ErsteBank/clients/george/images/e-logo.png
Requested by: Host: erstechilo.hopto.org
URL: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.44.42.71 Dubai, United Arab Emirates, ASN207713 (GIR-AS, RU),
Reverse DNS: 4SER-1677592997.ip-ptr.tech
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 4b8697eb07dd220b2ee9ee52c37267db8b5af22323ac601604a03cc0bb3b608d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 06:23:53 GMT
Last-Modified: Thu, 28 Jul 2022 17:02:54 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "2c22-5e4e081244b80"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 11298

GET
H2 200 jquery-3.5.1.min.js Show response
code.jquery.com/ 87 KB
30 KB 86ms
26ms Script
application/javascript 2001:4de0:ac18::1:a:3a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.5.1.min.js
Requested by: Host: erstechilo.hopto.org
URL: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://erstechilo.hopto.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 06:23:52 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-15d84"
vary: Accept-Encoding
x-hw: 1677651832.dop208.dc2.t,1677651832.cds217.dc2.hn,1677651832.cds057.dc2.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30879

GET
H/1.1 404
Not Found requirejs-2.1.14-min.js
erstechilo.hopto.org/ErsteBank/clients/libs/ 0
0 211ms
210ms Script
text/html 5.44.42.71
GIR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://erstechilo.hopto.org/ErsteBank/clients/libs/requirejs-2.1.14-min.js
Requested by: Host: erstechilo.hopto.org
URL: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.44.42.71 Dubai, United Arab Emirates, ASN207713 (GIR-AS, RU),
Reverse DNS: 4SER-1677592997.ip-ptr.tech
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://erstechilo.hopto.org/ErsteBank/clients/Z7lASo.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 06:23:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 283
Content-Type: text/html; charset=iso-8859-1

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4973399d46d6dac884587d6e0ba2b2fceb8fd0993c90f723730e1554bf090d7a

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/gif

GET george-login-en
www.erstebank.hu/hu/ Frame C33F 0
0

GET
DATA 200
OK truncated
/ 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2e5d7aa86d39af73f6e081f366ad9ed221435b7c1703b29d8e0731f5ba4090f9

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H/1.1 404
Not Found Inter-roman.var.woff2
erstechilo.hopto.org/ErsteBank/clients/george/font/interfont/ 0
0 207ms
207ms Font
text/html 5.44.42.71
GIR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://erstechilo.hopto.org/ErsteBank/clients/george/font/interfont/Inter-roman.var.woff2
Requested by: Host: erstechilo.hopto.org
URL: https://erstechilo.hopto.org/ErsteBank/clients/george/css/inter.css?v=13.5.0-SAMAM_v6.7.24.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.44.42.71 Dubai, United Arab Emirates, ASN207713 (GIR-AS, RU),
Reverse DNS: 4SER-1677592997.ip-ptr.tech
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash

Request headers

Referer: https://erstechilo.hopto.org/ErsteBank/clients/george/css/inter.css?v=13.5.0-SAMAM_v6.7.24.0
Origin: https://erstechilo.hopto.org
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 06:23:53 GMT
Server: Apache/2.4.18 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 283
Content-Type: text/html; charset=iso-8859-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.erstebank.hu
URL: https://www.erstebank.hu/hu/george-login-en

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Erste Bank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			lokola.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: l22p6qtqjc44d3484o672lf3qq
			erstechilo.hopto.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: ml48eqcrp9krmbq7pgcs56fu51

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://erstechilo.hopto.org/sso/ruxitagentjs_ICA2Vfjqru_10231211201155045.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://erstechilo.hopto.org/ErsteBank/clients/main.js?v=13.5.0-SAMAM_v6.7.24.0 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://erstechilo.hopto.org/ErsteBank/clients/libs/requirejs-2.1.14-min.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://erstechilo.hopto.org/ErsteBank/clients/config/AppConfiguration.js?v=13.5.0-SAMAM_v6.7.24.0 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://erstechilo.hopto.org/ErsteBank/clients/config/ThemeConfiguration.js?v=13.5.0-SAMAM_v6.7.24.0 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://erstechilo.hopto.org/ErsteBank/clients/org/forgerock/openam/ui/common/components/Footer.js?v=13.5.0-SAMAM_v6.7.24.0 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://erstechilo.hopto.org/ErsteBank/clients/org/forgerock/commons/ui/common/components/LoginHeader.js?v=13.5.0-SAMAM_v6.7.24.0 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://erstechilo.hopto.org/ErsteBank/clients/george/font/interfont/Inter-roman.var.woff2 Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
erstechilo.hopto.org
login.erstebank.hu
lokola.xyz
www.erstebank.hu
www.erstebank.hu
195.228.30.122
2001:4de0:ac18::1:a:3a
5.44.42.71
81.19.140.23
2e5d7aa86d39af73f6e081f366ad9ed221435b7c1703b29d8e0731f5ba4090f9
46ea42042613bbc228d66be6cf660e01a7d0e68271240434789255ee28a0eec6
4973399d46d6dac884587d6e0ba2b2fceb8fd0993c90f723730e1554bf090d7a
4b8697eb07dd220b2ee9ee52c37267db8b5af22323ac601604a03cc0bb3b608d
5e69f28fccb728fdce3c2a06e427b7e53840f445142748f42a9a313061f206d7
a1ef5f97bcb4d936d99e8d777f75837b643f4f7175681a80966c3a44ee758677
c106d75c0453b6193ecfd1deed556305daf888aba544a5e6f8d8e25d1e0a7662
c34279ccec1a6dcd60207ad677232d168b33b2f85f5b325bf75dec1a6bf0e0b2
cb01050ed50446c64cbd3077f8f7825bcf070a5e1ebaf2a8441a63b020063d77
db5bd855f43dccd056953e442ad88e2e99a9dfd1dca243f89ba492da96bc67f6
f2184b65d973bceb7298c079fe46cb9cad62c9067a5f3b13e016c3b1eb35304b
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

erstechilo.hopto.org Open in urlscan Pro 5.44.42.71 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

95 %HTTPS

25 %IPv6

4 Domains

5 Subdomains

5 IPs

4 Countries

301 kBTransfer

681 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

8 Console Messages

Indicators

erstechilo.hopto.org Open in urlscan Pro
5.44.42.71 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

95 %
HTTPS

25 %
IPv6

4
Domains

5
Subdomains

5
IPs

4
Countries

301 kB
Transfer

681 kB
Size

2
Cookies

20 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!