echem.lk Open in urlscan Pro
172.104.175.82 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s.free.fr/acLnZcjX
Effective URL:
https://echem.lk/wp-content/uploads/prodect/postbb/
Submission: On December 23 via manual (December 23rd 2022, 9:54:46 am UTC) from DE — Scanned from DE

Summary HTTP 12 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 5 IPs in 4 countries across 5 domains to perform 12 HTTP transactions. The main IP is 172.104.175.82, located in Singapore and belongs to LINODE-AP Linode, LLC, US. The main domain is echem.lk.
TLS certificate: Issued by R3 on November 9th 2022. Valid for: 3 months.

This is the only time echem.lk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Postbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
3 3	2a01:e0c:1:15... 2a01:e0c:1:1599::29	12322 (PROXAD) (PROXAD)
1 2	87.236.16.207 87.236.16.207	198610 (BEGET-AS) (BEGET-AS)
1	192.185.211.152 192.185.211.152	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
5	172.104.175.82 172.104.175.82	63949 (LINODE-AP...) (LINODE-AP Linode)
3	2600:9000:230... 2600:9000:2304:6000:15:e39e:8900:93a1	16509 (AMAZON-02) (AMAZON-02)
12	5

3 2a01:e0c:1:1599::29 (France) 3 redirects

ASN12322 (PROXAD, FR)

s.free.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 87.236.16.207 (Russian Federation) 1 redirects

ASN198610 (BEGET-AS, RU)
PTR: ssl.picard.beget.com

mg-kadastr.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.185.211.152 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: br14-ip06.hostgator.com.br

videnteluiza.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.104.175.82 (Singapore)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: 172-104-175-82.ip.linodeusercontent.com

echem.lk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2304:6000:15:e39e:8900:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.postbank.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	echem.lk echem.lk	152 KB
3	postbank.de meine.postbank.de Failed www.postbank.de — Cisco Umbrella Rank: 265261	246 KB
3	free.fr 3 redirects s.free.fr	656 B
2	mg-kadastr.ru 1 redirects mg-kadastr.ru	722 B
1	videnteluiza.com.br videnteluiza.com.br	288 B
12	5

	Domain	Requested by
5	echem.lk	echem.lk
3	www.postbank.de	echem.lk
3	s.free.fr	3 redirects
2	mg-kadastr.ru	1 redirects
1	videnteluiza.com.br
0	meine.postbank.de Failed	echem.lk
12	6

This site contains links to these domains. Also see Links.

Domain
www.postbank.de

Subject Issuer	Validity	Valid
maejadedoamor.com.br R3	`2022-11-23` - `2023-02-21`	3 months	crt.sh
echem.lk R3	`2022-11-09` - `2023-02-07`	3 months	crt.sh
postbank.de DigiCert EV RSA CA G2	`2022-09-15` - `2023-09-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://echem.lk/wp-content/uploads/prodect/postbb/
Frame ID: A0CB5EF66201221AB1C5DB9A6BA773CC
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login - Postbank Banking & Brokerage

Page URL History Show full URLs

https://s.free.fr/acLnZcjX HTTP 301
http://mg-kadastr.ru/zan HTTP 301
http://mg-kadastr.ru/zan/ Page URL
https://s.free.fr/7gHzigMh HTTP 301
https://videnteluiza.com.br/work/apps/ Page URL
https://s.free.fr/6wnLZ2dz HTTP 301
https://echem.lk/wp-content/uploads/prodect/postbb/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Page Statistics

12
Requests

75 %
HTTPS

40 %
IPv6

5
Domains

6
Subdomains

5
IPs

4
Countries

399 kB
Transfer

771 kB
Size

2
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.postbank.de/

Search URL Search Domain Scan URL

URL: https://www.postbank.de/privatkunden/produkte/wertpapiere-sparen/wertpapiere/amundi-etf-aktion.html?kid=pk_wp_amundi.drkiob5teaser.login
Title: Zur ETF-Aktion

Search URL Search Domain Scan URL

URL: https://www.postbank.de/privatkunden/services/banking-und-brokerage/postbank-id.html
Title: Weitere Informationen

Search URL Search Domain Scan URL

URL: https://www.postbank.de/privatkunden/services/sicherheit/aktuelle-hinweise.html
Title: Informieren Sie sich jetzt

Search URL Search Domain Scan URL

URL: https://www.postbank.de/iob5_das_ist_neu
Title: Das ist neu

Search URL Search Domain Scan URL

URL: https://www.postbank.de/iob5_feedback
Title: Feedback

Search URL Search Domain Scan URL

URL: https://www.postbank.de/iob5_terminvereinbarung
Title: Terminvereinbarung

Search URL Search Domain Scan URL

URL: https://www.postbank.de/iob5_kontakt
Title: Kontakt

Search URL Search Domain Scan URL

URL: https://www.postbank.de/iob5_impressum
Title: Impressum

Search URL Search Domain Scan URL

URL: https://www.postbank.de/iob5_rechtshinweise
Title: Rechtshinweise

Search URL Search Domain Scan URL

URL: https://www.postbank.de/iob5_datenschutzhinweise
Title: Datenschutzhinweise

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s.free.fr/acLnZcjX HTTP 301
http://mg-kadastr.ru/zan HTTP 301
http://mg-kadastr.ru/zan/ Page URL
https://s.free.fr/7gHzigMh HTTP 301
https://videnteluiza.com.br/work/apps/ Page URL
https://s.free.fr/6wnLZ2dz HTTP 301
https://echem.lk/wp-content/uploads/prodect/postbb/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://s.free.fr/acLnZcjX HTTP 301
http://mg-kadastr.ru/zan HTTP 301
http://mg-kadastr.ru/zan/

Request Chain 1

https://s.free.fr/7gHzigMh HTTP 301
https://videnteluiza.com.br/work/apps/

12 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
mg-kadastr.ru/zan/
Redirect Chain

https://s.free.fr/acLnZcjX
http://mg-kadastr.ru/zan
http://mg-kadastr.ru/zan/

72 B
468 B

544ms
543ms

Document
text/html

87.236.16.207
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://mg-kadastr.ru/zan/
Protocol: HTTP/1.1
Server: 87.236.16.207 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.picard.beget.com
Software: nginx-reuseport/1.21.1 / PHP/7.4.33
Resource Hash: 10417d7bead4f23567e7d727778fa91e68a9e12c00a3ad307decd74b563da358

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 72
Content-Type: text/html; charset=UTF-8
Date: Fri, 23 Dec 2022 09:54:40 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=30
Pragma: no-cache
Server: nginx-reuseport/1.21.1
X-Powered-By: PHP/7.4.33

Redirect headers

Connection: keep-alive
Content-Length: 310
Content-Type: text/html; charset=iso-8859-1
Date: Fri, 23 Dec 2022 09:54:40 GMT
Keep-Alive: timeout=30
Location: http://mg-kadastr.ru/zan/
Server: nginx-reuseport/1.21.1

GET
H2

200

/ Show response
videnteluiza.com.br/work/apps/
Redirect Chain

https://s.free.fr/7gHzigMh
https://videnteluiza.com.br/work/apps/

72 B
288 B

1235ms
730ms

Document
text/html

192.185.211.152
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://videnteluiza.com.br/work/apps/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.211.152 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: br14-ip06.hostgator.com.br
Software: Apache /
Resource Hash: 2f8ed23741df28e1c4bfd50225a54b729d674e016c884cf458f8007071be5e6e

Request headers

Referer: http://mg-kadastr.ru/zan/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 87
content-type: text/html; charset=UTF-8
date: Fri, 23 Dec 2022 09:54:41 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
vary: Accept-Encoding

Redirect headers

Connection: keep-alive
Content-Length: 64
Content-Type: application/json
Date: Fri, 23 Dec 2022 09:54:41 GMT
Location: https://videnteluiza.com.br/work/apps/
Server: nginx/1.10.3

GET
H/1.1

200
OK

Primary Request / Show response
echem.lk/wp-content/uploads/prodect/postbb/
Redirect Chain

https://s.free.fr/6wnLZ2dz
https://echem.lk/wp-content/uploads/prodect/postbb/

434 KB
59 KB

1551ms
1013ms

Document
text/html

172.104.175.82
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://echem.lk/wp-content/uploads/prodect/postbb/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.175.82 , Singapore, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: 172-104-175-82.ip.linodeusercontent.com
Software: nginx/1.22.1 /
Resource Hash: 019d8c04cd9aa213514beefb06271ea34a22c8fc7369720b654ad8fad697c84f

Request headers

Referer: https://videnteluiza.com.br/work/apps/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: br
Content-Type: text/html; charset=UTF-8
Date: Fri, 23 Dec 2022 09:54:43 GMT
Server: nginx/1.22.1
Transfer-Encoding: chunked

Redirect headers

Connection: keep-alive
Content-Length: 77
Content-Type: application/json
Date: Fri, 23 Dec 2022 09:54:42 GMT
Location: https://echem.lk/wp-content/uploads/prodect/postbb/
Server: nginx/1.10.3

GET logo.svg
meine.postbank.de/bundles/@pbs/patternlib_pb/lib/runtime/assets/images/ 0
0

GET logo-claim.svg
meine.postbank.de/bundles/@pbs/patternlib_pb/lib/runtime/assets/images/ 0
0

GET
H/1.1 200
OK info.png
echem.lk/wp-content/uploads/prodect/postbb/ 974 B
1 KB 183ms
182ms Image
image/png 172.104.175.82
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://echem.lk/wp-content/uploads/prodect/postbb/info.png
Requested by: Host: echem.lk
URL: https://echem.lk/wp-content/uploads/prodect/postbb/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.175.82 , Singapore, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: 172-104-175-82.ip.linodeusercontent.com
Software: nginx/1.22.1 /
Resource Hash: 9138fd329fa6dc68ee7973ff2048042396ff8fa418f4a5ae736eaeee4b443e06

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://echem.lk/wp-content/uploads/prodect/postbb/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 09:54:44 GMT
Last-Modified: Wed, 30 Mar 2022 16:44:30 GMT
Server: nginx/1.22.1
ETag: "624488ee-3ce"
Content-Type: image/png
Cache-Control: max-age=7776000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 974
Expires: Thu, 23 Mar 2023 09:54:44 GMT

GET
H/1.1 200
OK q.png
echem.lk/wp-content/uploads/prodect/postbb/ 2 KB
2 KB 178ms
177ms Image
image/png 172.104.175.82
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://echem.lk/wp-content/uploads/prodect/postbb/q.png
Requested by: Host: echem.lk
URL: https://echem.lk/wp-content/uploads/prodect/postbb/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.175.82 , Singapore, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: 172-104-175-82.ip.linodeusercontent.com
Software: nginx/1.22.1 /
Resource Hash: 8585fbb474eab0cfeab726efe23bfdb22420133d829d384f6110e9a91def26f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://echem.lk/wp-content/uploads/prodect/postbb/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 09:54:44 GMT
Last-Modified: Wed, 30 Mar 2022 16:53:30 GMT
Server: nginx/1.22.1
ETag: "62448b0a-7ba"
Content-Type: image/png
Cache-Control: max-age=7776000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1978
Expires: Thu, 23 Mar 2023 09:54:44 GMT

GET
H2 200 etf-aktion-amundi-login.jpg
www.postbank.de/dam/postbank/bilder/iob5/ 116 KB
117 KB 172ms
101ms Image
image/jpeg 2600:9000:2304:6000:15:e39e:8900:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.postbank.de/dam/postbank/bilder/iob5/etf-aktion-amundi-login.jpg

Requested by

Host: echem.lk
URL: https://echem.lk/wp-content/uploads/prodect/postbb/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2304:6000:15:e39e:8900:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

11151f99de80860674a82be41de717f97a0c5ae053f0f0cd362b820808eb42c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://echem.lk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-dispatcher: dispatcher2eucentral1
date: Fri, 23 Dec 2022 09:54:44 GMT
x-dispatcher-version: 1.4.25
x-content-type-options: nosniff
via: 1.1 353b8eaf90b8d7986000f2da151952bc.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-P1
x-vhost: postbank
x-cache: Miss from cloudfront
content-disposition: inline
content-length: 118978
last-modified: Tue, 15 Mar 2022 13:33:03 GMT
server: Apache
etag: "1d0c2-5da41d61541c0"
vary: Host
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-methods: GET,HEAD,OPTIONS,POST
access-control-allow-credentials: true
accept-ranges: bytes
x-amz-cf-id: LeGK0DyhRyFNLdELyoXm4CeUaKn7iKgZ3lllrVsljL3J3VDvLYbshw==

GET
H2 200 login-alte-anmeldung.jpg
www.postbank.de/dam/postbank/bilder/iob5/ 15 KB
16 KB 160ms
89ms Image
image/jpeg 2600:9000:2304:6000:15:e39e:8900:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.postbank.de/dam/postbank/bilder/iob5/login-alte-anmeldung.jpg

Requested by

Host: echem.lk
URL: https://echem.lk/wp-content/uploads/prodect/postbb/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2304:6000:15:e39e:8900:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

2afc1ff4a798ce317d694abd9ecb5dc5f7e1211f80e3864902c0f6da65746c14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://echem.lk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-dispatcher: dispatcher1eucentral1
date: Fri, 23 Dec 2022 09:54:44 GMT
x-dispatcher-version: 1.4.25
x-content-type-options: nosniff
via: 1.1 353b8eaf90b8d7986000f2da151952bc.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-P1
x-vhost: postbank
x-cache: Miss from cloudfront
content-disposition: inline
content-length: 15471
last-modified: Tue, 20 Oct 2020 14:38:35 GMT
server: Apache
etag: "3c6f-5b21b2f8a30c0"
vary: Host
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-methods: GET,HEAD,OPTIONS,POST
access-control-allow-credentials: true
accept-ranges: bytes
x-amz-cf-id: Y6VapB4nnsRf550FJVo2Z9rUEoiEtf4etq4RvdTfvA3ZrCVwcqQiUw==

GET
H2 200 sicherheitshinweis.jpg
www.postbank.de/dam/postbank/bilder/iob5/ 113 KB
114 KB 135ms
64ms Image
image/jpeg 2600:9000:2304:6000:15:e39e:8900:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.postbank.de/dam/postbank/bilder/iob5/sicherheitshinweis.jpg

Requested by

Host: echem.lk
URL: https://echem.lk/wp-content/uploads/prodect/postbb/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2304:6000:15:e39e:8900:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

b6fee381207d08fa8d029741f93662cf29622bb040a5d875bab0d68a1e93e6df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://echem.lk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-dispatcher: dispatcher2eucentral1
date: Fri, 23 Dec 2022 09:54:44 GMT
x-dispatcher-version: 1.4.25
x-content-type-options: nosniff
via: 1.1 353b8eaf90b8d7986000f2da151952bc.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-P1
x-vhost: postbank
x-cache: Miss from cloudfront
content-disposition: inline
content-length: 115626
last-modified: Wed, 06 Apr 2022 14:11:27 GMT
server: Apache
etag: "1c3aa-5dbfcefebc1c0"
vary: Host
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-methods: GET,HEAD,OPTIONS,POST
access-control-allow-credentials: true
accept-ranges: bytes
x-amz-cf-id: z7HH-sKlPZkV_iYkCmLmYfKCOHko0qdnuDJzhIpkDrr-aN3wFvultw==

GET
DATA 200
OK truncated
/ 1016 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b46a500fcaaee5c95cbe3ebeb539f6f9a7a14978387f696ab6f092838e9c920

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK FrutigerLTW02-55Roman.woff2
echem.lk/wp-content/uploads/prodect/postbb/ 48 KB
49 KB 539ms
349ms Font
font/woff2 172.104.175.82
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://echem.lk/wp-content/uploads/prodect/postbb/FrutigerLTW02-55Roman.woff2
Requested by: Host: echem.lk
URL: https://echem.lk/wp-content/uploads/prodect/postbb/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.175.82 , Singapore, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: 172-104-175-82.ip.linodeusercontent.com
Software: nginx/1.22.1 /
Resource Hash: 0392b37cafa1d3eaf5f00c2594df53bea1f7c7059180098d4185a2425d580d1c

Request headers

Referer: https://echem.lk/wp-content/uploads/prodect/postbb/
Origin: https://echem.lk
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 09:54:44 GMT
Last-Modified: Wed, 30 Mar 2022 16:22:56 GMT
Server: nginx/1.22.1
ETag: "624483e0-c0dc"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=7776000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 49372
Expires: Thu, 23 Mar 2023 09:54:44 GMT

GET
H/1.1 200
OK FrutigerLTW02-65Bold.woff2
echem.lk/wp-content/uploads/prodect/postbb/ 41 KB
41 KB 370ms
181ms Font
font/woff2 172.104.175.82
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://echem.lk/wp-content/uploads/prodect/postbb/FrutigerLTW02-65Bold.woff2
Requested by: Host: echem.lk
URL: https://echem.lk/wp-content/uploads/prodect/postbb/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.175.82 , Singapore, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: 172-104-175-82.ip.linodeusercontent.com
Software: nginx/1.22.1 /
Resource Hash: 33f227be2f5d1077c023bf5bfaa69f4498c74c3771d820ac23e2e2ca2a2bcd0d

Request headers

Referer: https://echem.lk/wp-content/uploads/prodect/postbb/
Origin: https://echem.lk
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 09:54:44 GMT
Last-Modified: Wed, 30 Mar 2022 16:25:00 GMT
Server: nginx/1.22.1
ETag: "6244845c-a418"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=7776000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 42008
Expires: Thu, 23 Mar 2023 09:54:44 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: meine.postbank.de
URL: https://meine.postbank.de/bundles/@pbs/patternlib_pb/lib/runtime/assets/images/logo.svg

Domain: meine.postbank.de
URL: https://meine.postbank.de/bundles/@pbs/patternlib_pb/lib/runtime/assets/images/logo-claim.svg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Postbank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			mg-kadastr.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: 22d3a5f50fe0eb90f4607c019fa2f6a0
			videnteluiza.com.br/	1969-12-31 23:59:59	Name: PHPSESSID Value: cc1b9ec96b043c9cfd28e70651555b01

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

echem.lk
meine.postbank.de
mg-kadastr.ru
s.free.fr
videnteluiza.com.br
www.postbank.de
meine.postbank.de
172.104.175.82
192.185.211.152
2600:9000:2304:6000:15:e39e:8900:93a1
2a01:e0c:1:1599::29
87.236.16.207
019d8c04cd9aa213514beefb06271ea34a22c8fc7369720b654ad8fad697c84f
0392b37cafa1d3eaf5f00c2594df53bea1f7c7059180098d4185a2425d580d1c
10417d7bead4f23567e7d727778fa91e68a9e12c00a3ad307decd74b563da358
11151f99de80860674a82be41de717f97a0c5ae053f0f0cd362b820808eb42c0
2afc1ff4a798ce317d694abd9ecb5dc5f7e1211f80e3864902c0f6da65746c14
2b46a500fcaaee5c95cbe3ebeb539f6f9a7a14978387f696ab6f092838e9c920
2f8ed23741df28e1c4bfd50225a54b729d674e016c884cf458f8007071be5e6e
33f227be2f5d1077c023bf5bfaa69f4498c74c3771d820ac23e2e2ca2a2bcd0d
8585fbb474eab0cfeab726efe23bfdb22420133d829d384f6110e9a91def26f7
9138fd329fa6dc68ee7973ff2048042396ff8fa418f4a5ae736eaeee4b443e06
b6fee381207d08fa8d029741f93662cf29622bb040a5d875bab0d68a1e93e6df

echem.lk Open in urlscan Pro 172.104.175.82 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

75 %HTTPS

40 %IPv6

5 Domains

6 Subdomains

5 IPs

4 Countries

399 kBTransfer

771 kBSize

2 Cookies

11 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

Indicators

echem.lk Open in urlscan Pro
172.104.175.82 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

75 %
HTTPS

40 %
IPv6

5
Domains

6
Subdomains

5
IPs

4
Countries

399 kB
Transfer

771 kB
Size

2
Cookies

12 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!