www.otpbank.dmedxb.com
Open in
urlscan Pro
194.169.175.127
Malicious Activity!
Public Scan
Submission: On June 11 via manual from HU — Scanned from DE
Summary
TLS certificate: Issued by R3 on June 10th 2023. Valid for: 3 months.
This is the only time www.otpbank.dmedxb.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Community Verdicts: Malicious — 1 votes Show Verdicts
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 194.169.175.127 194.169.175.127 | 211760 (AS-SUISSE) (AS-SUISSE) | |
3 | 195.228.112.223 195.228.112.223 | 211595 (OTPHU-AS) (OTPHU-AS) | |
5 | 2 |
ASN211760 (AS-SUISSE, SC)
PTR: net-194-169-175-127.cust.as211760.net
www.otpbank.dmedxb.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
otpbank.hu
www.otpbank.hu — Cisco Umbrella Rank: 237209 |
209 KB |
2 |
dmedxb.com
www.otpbank.dmedxb.com |
391 KB |
5 | 2 |
Domain | Requested by | |
---|---|---|
3 | www.otpbank.hu |
www.otpbank.dmedxb.com
|
2 | www.otpbank.dmedxb.com |
www.otpbank.dmedxb.com
|
5 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
otpbank.dmedxb.com R3 |
2023-06-10 - 2023-09-08 |
3 months | crt.sh |
www.otpbank.hu DigiCert SHA2 Extended Validation Server CA |
2022-08-16 - 2023-09-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.otpbank.dmedxb.com/
Frame ID: F88AE35B507579F8B374BEEF25B59D52
Requests: 5 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.otpbank.dmedxb.com/ |
1 MB 391 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
frame-portal.5bdaf1c4a7985e46f6df.bundle.css
www.otpbank.hu/static/portal/frame/ |
364 KB 58 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
layout.b0cb679365ec4170f1e5.bundle.css
www.otpbank.hu/static/portal/layouts/AV9PK/ |
126 KB 127 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
complaints.6829d2b0fbe74d4a59e6.bundle.css
www.otpbank.hu/static/portal/applications/ |
22 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fonts.css
www.otpbank.dmedxb.com/assets/survey/css/ |
3 KB 478 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Malicious
page.url
Submitted on
June 12th 2023, 1:13:48 pm
UTC —
From Hungary
Threats:
Brand Impersonation
Phishing
Scam
Brands:
OTP Bank
HU
Comment: The website impersonates the visual elements of the OTP Bank HU.
Also contains phishing elements after completing a survey.
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.otpbank.dmedxb.com
www.otpbank.hu
194.169.175.127
195.228.112.223
2dbeb67cf9f99b16732a9f6e9bf2d73a20f377878152048d2f094724503beaa5
55d82c07d81713a1a4f26b97df78e740d0b1c047c8fb008feaa06e809aafc620
a7b5fb13ee49d3829ae96699ba8608c745fa86a0328a963703c910a888112a5e
c3744d37cb0f489f50e8379d0c6bcdc8c75a6261124ab39a59f96886f5b4cd9d
ebb9d186d5435108053e5aeb5107ca970a9067a4747ea99a695af10ddef22c1b