22432-4798.s1.webspace.re Open in urlscan Pro
45.88.108.231 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://22432-4798.s1.webspace.re/NetBhu/login.php
Effective URL:
https://22432-4798.s1.webspace.re/NetBhu/login.php
Submission: On December 30 via api (December 30th 2022, 10:30:09 pm UTC) from CH — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 18 HTTP transactions. The main IP is 45.88.108.231, located in Germany and belongs to SYNLINQ synlinq.de, DE. The main domain is 22432-4798.s1.webspace.re.
TLS certificate: Issued by R3 on December 29th 2022. Valid for: 3 months.

This is the only time 22432-4798.s1.webspace.re was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: MKB Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 19	45.88.108.231 45.88.108.231		44486 (SYNLINQ s...) (SYNLINQ synlinq.de)
18	1

19 45.88.108.231 (Germany) 1 redirects

ASN44486 (SYNLINQ synlinq.de, DE)
PTR: plesk1.living-bots.net

22432-4798.s1.webspace.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	webspace.re 1 redirects 22432-4798.s1.webspace.re	450 KB
18	1

	Domain	Requested by
19	22432-4798.s1.webspace.re	1 redirects 22432-4798.s1.webspace.re
18	1

This site contains no links.

Subject Issuer	Validity	Valid
22432-4798.s1.webspace.re R3	`2022-12-29` - `2023-03-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://22432-4798.s1.webspace.re/NetBhu/login.php
Frame ID: 63AD0D77D0F421AF83FF35B721233FE7
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Belepes|NetBMKNETLOGOMKB Internetbank logoFacebookLinkedinYoutubeQR icon oneQR icon twoQR icon threePersonal Banking iconBusiness or Corporate Banking icon

Page URL History Show full URLs

http://22432-4798.s1.webspace.re/NetBhu/login.php HTTP 301
https://22432-4798.s1.webspace.re/NetBhu/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

450 kB
Transfer

772 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://22432-4798.s1.webspace.re/NetBhu/login.php HTTP 301
https://22432-4798.s1.webspace.re/NetBhu/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request login.php Show response 22432-4798.s1.webspace.re/NetBhu/ Redirect Chain http://22432-4798.s1.webspace.re/NetBhu/login.php https://22432-4798.s1.webspace.re/NetBhu/login.php	34 KB 13 KB	608ms 566ms	Document text/html	45.88.108.231 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22432-4798.s1.webspace.re/NetBhu/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.88.108.231 , Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk1.living-bots.net Software nginx / PHP/7.3.33 PleskLin Resource Hash `a3a495738c7191f5d3648fdfeadc811889a2ed1af3a8d7ab10b671de9e92c28b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding gzip content-length 13281 content-type text/html; charset=UTF-8 date Fri, 30 Dec 2022 22:30:03 GMT server nginx vary Accept-Encoding x-powered-by PHP/7.3.33 PleskLin Redirect headers Connection keep-alive Content-Length 162 Content-Type text/html Date Fri, 30 Dec 2022 22:30:02 GMT Location https://22432-4798.s1.webspace.re/NetBhu/login.php Server nginx
GET H2	200	fnty.css 22432-4798.s1.webspace.re/NetBhu/1/	114 KB 17 KB	34ms 33ms	Stylesheet text/css	45.88.108.231 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22432-4798.s1.webspace.re/NetBhu/1/fnty.css Requested by Host: 22432-4798.s1.webspace.re URL: https://22432-4798.s1.webspace.re/NetBhu/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.88.108.231 , Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk1.living-bots.net Software nginx / PleskLin Resource Hash `2fcd15641284a62bc503fef5a6e6239de2b68f6e3d7b5cc3b6567ee90acd6ea9` Request headers accept-language de-DE,de;q=0.9 Referer https://22432-4798.s1.webspace.re/NetBhu/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:30:03 GMT content-encoding br last-modified Thu, 02 Jun 2022 16:41:16 GMT server nginx etag W/"6298e82c-1c678" x-powered-by PleskLin content-type text/css
GET H2	200	completesk.css 22432-4798.s1.webspace.re/NetBhu/1/	65 KB 10 KB	25ms 24ms	Stylesheet text/css	45.88.108.231 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22432-4798.s1.webspace.re/NetBhu/1/completesk.css Requested by Host: 22432-4798.s1.webspace.re URL: https://22432-4798.s1.webspace.re/NetBhu/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.88.108.231 , Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk1.living-bots.net Software nginx / PleskLin Resource Hash `46112103dc78f566f1d76261af2714fae87abbd52068d9add2e9d0cfc7d3765d` Request headers accept-language de-DE,de;q=0.9 Referer https://22432-4798.s1.webspace.re/NetBhu/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:30:03 GMT content-encoding br last-modified Thu, 02 Jun 2022 16:41:16 GMT server nginx etag W/"6298e82c-1051b" x-powered-by PleskLin content-type text/css
GET H2	200	tvchannel.css 22432-4798.s1.webspace.re/NetBhu/1/	2 KB 674 B	47ms 46ms	Stylesheet text/css	45.88.108.231 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22432-4798.s1.webspace.re/NetBhu/1/tvchannel.css Requested by Host: 22432-4798.s1.webspace.re URL: https://22432-4798.s1.webspace.re/NetBhu/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.88.108.231 , Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk1.living-bots.net Software nginx / PleskLin Resource Hash `650130cef7869061f4324e65b6b79d56e96a867a49ac2ada445e02549535a7b6` Request headers accept-language de-DE,de;q=0.9 Referer https://22432-4798.s1.webspace.re/NetBhu/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:30:03 GMT content-encoding br last-modified Thu, 02 Jun 2022 16:41:16 GMT server nginx etag W/"6298e82c-909" x-powered-by PleskLin content-type text/css
GET H2	200	agharowa.css 22432-4798.s1.webspace.re/NetBhu/1/	31 KB 5 KB	45ms 45ms	Stylesheet text/css	45.88.108.231 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22432-4798.s1.webspace.re/NetBhu/1/agharowa.css Requested by Host: 22432-4798.s1.webspace.re URL: https://22432-4798.s1.webspace.re/NetBhu/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.88.108.231 , Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk1.living-bots.net Software nginx / PleskLin Resource Hash `1dc3ba634a07c47568bfaa14d149c0c33d6c9b606e33adbe7bdeea65951fe0c7` Request headers accept-language de-DE,de;q=0.9 Referer https://22432-4798.s1.webspace.re/NetBhu/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:30:03 GMT content-encoding br last-modified Thu, 02 Jun 2022 16:41:16 GMT server nginx etag W/"6298e82c-7b8b" x-powered-by PleskLin content-type text/css
GET H2	200	agbede.css 22432-4798.s1.webspace.re/NetBhu/1/	145 KB 23 KB	53ms 53ms	Stylesheet text/css	45.88.108.231 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22432-4798.s1.webspace.re/NetBhu/1/agbede.css Requested by Host: 22432-4798.s1.webspace.re URL: https://22432-4798.s1.webspace.re/NetBhu/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.88.108.231 , Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk1.living-bots.net Software nginx / PleskLin Resource Hash `92f315bef53a5c3e44c2839f3142d7369954ff0dce6152bc65592f24ed91685b` Request headers accept-language de-DE,de;q=0.9 Referer https://22432-4798.s1.webspace.re/NetBhu/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:30:03 GMT content-encoding br last-modified Thu, 02 Jun 2022 16:41:16 GMT server nginx etag W/"6298e82c-24346" x-powered-by PleskLin content-type text/css
GET H2	404	bbcustommessage-web-skin.css 22432-4798.s1.webspace.re/NetBhu/1/	0 0	46ms 46ms	Stylesheet text/html	45.88.108.231 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22432-4798.s1.webspace.re/NetBhu/1/bbcustommessage-web-skin.css Requested by Host: 22432-4798.s1.webspace.re URL: https://22432-4798.s1.webspace.re/NetBhu/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.88.108.231 , Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk1.living-bots.net Software nginx / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://22432-4798.s1.webspace.re/NetBhu/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:30:03 GMT content-encoding br last-modified Thu, 29 Dec 2022 13:46:06 GMT server nginx etag W/"40b-5f0f7b4e8f9d0" content-type text/html
GET H2	200	app_store.svg 22432-4798.s1.webspace.re/NetBhu/1/	14 KB 14 KB	36ms 35ms	Image image/svg+xml	45.88.108.231 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Show image Full URL https://22432-4798.s1.webspace.re/NetBhu/1/app_store.svg Requested by Host: 22432-4798.s1.webspace.re URL: https://22432-4798.s1.webspace.re/NetBhu/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.88.108.231 , Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk1.living-bots.net Software nginx / PleskLin Resource Hash `69549eaf67ac1808260235965d746722c05ddf9857c3669e9fc134cc470f96d3` Request headers accept-language de-DE,de;q=0.9 Referer https://22432-4798.s1.webspace.re/NetBhu/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:30:03 GMT last-modified Thu, 02 Jun 2022 16:41:16 GMT server nginx etag "6298e82c-395d" x-powered-by PleskLin content-type image/svg+xml accept-ranges bytes content-length 14685
GET H2	200	google_play.svg 22432-4798.s1.webspace.re/NetBhu/1/	17 KB 18 KB	36ms 35ms	Image image/svg+xml	45.88.108.231 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Show image Full URL https://22432-4798.s1.webspace.re/NetBhu/1/google_play.svg Requested by Host: 22432-4798.s1.webspace.re URL: https://22432-4798.s1.webspace.re/NetBhu/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.88.108.231 , Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk1.living-bots.net Software nginx / PleskLin Resource Hash `ac12f6652fa9f1fffecc6510dbe11cae0d42ea0c58ac1f1986a8e73a786424c7` Request headers accept-language de-DE,de;q=0.9 Referer https://22432-4798.s1.webspace.re/NetBhu/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:30:03 GMT last-modified Thu, 02 Jun 2022 16:41:16 GMT server nginx etag "6298e82c-45b3" x-powered-by PleskLin content-type image/svg+xml accept-ranges bytes content-length 17843
GET H2	200	kperere.png 22432-4798.s1.webspace.re/NetBhu/1/	109 KB 109 KB	36ms 35ms	Image image/png	45.88.108.231 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Show image Full URL https://22432-4798.s1.webspace.re/NetBhu/1/kperere.png Requested by Host: 22432-4798.s1.webspace.re URL: https://22432-4798.s1.webspace.re/NetBhu/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.88.108.231 , Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk1.living-bots.net Software nginx / PleskLin Resource Hash `b8161d36e9c952fe3d3be771c9c63226913989c0fc320c2ccef261e1098194ec` Request headers accept-language de-DE,de;q=0.9 Referer https://22432-4798.s1.webspace.re/NetBhu/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:30:03 GMT last-modified Thu, 02 Jun 2022 16:41:16 GMT server nginx etag "6298e82c-1b4d9" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 111833
GET H2	200	pic0147.png 22432-4798.s1.webspace.re/NetBhu/1/	239 KB 239 KB	27ms 26ms	Image image/png	45.88.108.231 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Show image Full URL https://22432-4798.s1.webspace.re/NetBhu/1/pic0147.png Requested by Host: 22432-4798.s1.webspace.re URL: https://22432-4798.s1.webspace.re/NetBhu/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.88.108.231 , Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk1.living-bots.net Software nginx / PleskLin Resource Hash `fc12733e917f5be70c6071c68fbb2359f8b990bd19d78cd2d9e8bbcc6078ca1f` Request headers accept-language de-DE,de;q=0.9 Referer https://22432-4798.s1.webspace.re/NetBhu/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:30:03 GMT last-modified Mon, 20 Apr 2020 09:25:44 GMT server nginx etag "5e9d6a98-3bbbc" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 244668
GET H2	404	opensans400.woff 22432-4798.s1.webspace.re/NetBhu/fonts/	0 0	45ms 45ms	Font text/html	45.88.108.231 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22432-4798.s1.webspace.re/NetBhu/fonts/opensans400.woff Requested by Host: 22432-4798.s1.webspace.re URL: https://22432-4798.s1.webspace.re/NetBhu/1/agbede.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.88.108.231 , Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk1.living-bots.net Software nginx / Resource Hash Request headers Referer https://22432-4798.s1.webspace.re/NetBhu/1/agbede.css Origin https://22432-4798.s1.webspace.re accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:30:03 GMT content-encoding br last-modified Thu, 29 Dec 2022 13:46:06 GMT server nginx etag W/"40b-5f0f7b4e8f9d0" content-type text/html
GET H2	404	icon_info.png 22432-4798.s1.webspace.re/NetBhu/images/default/infoicon/	1 KB 1 KB	45ms 44ms	Image text/html	45.88.108.231 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Show image Full URL https://22432-4798.s1.webspace.re/NetBhu/images/default/infoicon/icon_info.png Requested by Host: 22432-4798.s1.webspace.re URL: https://22432-4798.s1.webspace.re/NetBhu/1/completesk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.88.108.231 , Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk1.living-bots.net Software nginx / Resource Hash `e5f30e53384214fbcac45b13bfefe79c64700e432dc8a3da1bf71cec3a990283` Request headers accept-language de-DE,de;q=0.9 Referer https://22432-4798.s1.webspace.re/NetBhu/1/completesk.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:30:03 GMT content-encoding br last-modified Thu, 29 Dec 2022 13:46:06 GMT server nginx etag W/"40b-5f0f7b4e8f9d0" content-type text/html
GET H2	404	opensans600.woff 22432-4798.s1.webspace.re/NetBhu/fonts/	0 0	44ms 44ms	Font text/html	45.88.108.231 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22432-4798.s1.webspace.re/NetBhu/fonts/opensans600.woff Requested by Host: 22432-4798.s1.webspace.re URL: https://22432-4798.s1.webspace.re/NetBhu/1/agbede.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.88.108.231 , Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk1.living-bots.net Software nginx / Resource Hash Request headers Referer https://22432-4798.s1.webspace.re/NetBhu/1/agbede.css Origin https://22432-4798.s1.webspace.re accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:30:03 GMT content-encoding br last-modified Thu, 29 Dec 2022 13:46:06 GMT server nginx etag W/"40b-5f0f7b4e8f9d0" content-type text/html
GET H2	404	opensans400.woff2 22432-4798.s1.webspace.re/NetBhu/fonts/	0 0	22ms 21ms	Font text/html	45.88.108.231 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22432-4798.s1.webspace.re/NetBhu/fonts/opensans400.woff2 Requested by Host: 22432-4798.s1.webspace.re URL: https://22432-4798.s1.webspace.re/NetBhu/1/agbede.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.88.108.231 , Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk1.living-bots.net Software nginx / Resource Hash Request headers Referer https://22432-4798.s1.webspace.re/NetBhu/1/agbede.css Origin https://22432-4798.s1.webspace.re accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:30:03 GMT content-encoding br last-modified Thu, 29 Dec 2022 13:46:06 GMT server nginx etag W/"40b-5f0f7b4e8f9d0" content-type text/html
GET H2	404	opensans600.woff2 22432-4798.s1.webspace.re/NetBhu/fonts/	0 0	21ms 21ms	Font text/html	45.88.108.231 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22432-4798.s1.webspace.re/NetBhu/fonts/opensans600.woff2 Requested by Host: 22432-4798.s1.webspace.re URL: https://22432-4798.s1.webspace.re/NetBhu/1/agbede.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.88.108.231 , Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk1.living-bots.net Software nginx / Resource Hash Request headers Referer https://22432-4798.s1.webspace.re/NetBhu/1/agbede.css Origin https://22432-4798.s1.webspace.re accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:30:03 GMT content-encoding br last-modified Thu, 29 Dec 2022 13:46:06 GMT server nginx etag W/"40b-5f0f7b4e8f9d0" content-type text/html
GET H2	404	opensans400.ttf 22432-4798.s1.webspace.re/NetBhu/fonts/	0 0	21ms 21ms	Font text/html	45.88.108.231 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22432-4798.s1.webspace.re/NetBhu/fonts/opensans400.ttf Requested by Host: 22432-4798.s1.webspace.re URL: https://22432-4798.s1.webspace.re/NetBhu/1/agbede.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.88.108.231 , Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk1.living-bots.net Software nginx / Resource Hash Request headers Referer https://22432-4798.s1.webspace.re/NetBhu/1/agbede.css Origin https://22432-4798.s1.webspace.re accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:30:03 GMT content-encoding br last-modified Thu, 29 Dec 2022 13:46:06 GMT server nginx etag W/"40b-5f0f7b4e8f9d0" content-type text/html
GET H2	404	opensans600.ttf 22432-4798.s1.webspace.re/NetBhu/fonts/	0 0	22ms 22ms	Font text/html	45.88.108.231 SYNLINQ synlinq.de
General Check archive.org Show headers Download Go to Full URL https://22432-4798.s1.webspace.re/NetBhu/fonts/opensans600.ttf Requested by Host: 22432-4798.s1.webspace.re URL: https://22432-4798.s1.webspace.re/NetBhu/1/agbede.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.88.108.231 , Germany, ASN44486 (SYNLINQ synlinq.de, DE), Reverse DNS plesk1.living-bots.net Software nginx / Resource Hash Request headers Referer https://22432-4798.s1.webspace.re/NetBhu/1/agbede.css Origin https://22432-4798.s1.webspace.re accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:30:03 GMT content-encoding br last-modified Thu, 29 Dec 2022 13:46:06 GMT server nginx etag W/"40b-5f0f7b4e8f9d0" content-type text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: MKB Bank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://22432-4798.s1.webspace.re/NetBhu/1/bbcustommessage-web-skin.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://22432-4798.s1.webspace.re/NetBhu/fonts/opensans400.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://22432-4798.s1.webspace.re/NetBhu/images/default/infoicon/icon_info.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://22432-4798.s1.webspace.re/NetBhu/fonts/opensans600.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://22432-4798.s1.webspace.re/NetBhu/fonts/opensans400.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://22432-4798.s1.webspace.re/NetBhu/fonts/opensans600.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://22432-4798.s1.webspace.re/NetBhu/fonts/opensans400.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://22432-4798.s1.webspace.re/NetBhu/fonts/opensans600.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

22432-4798.s1.webspace.re
45.88.108.231
1dc3ba634a07c47568bfaa14d149c0c33d6c9b606e33adbe7bdeea65951fe0c7
2fcd15641284a62bc503fef5a6e6239de2b68f6e3d7b5cc3b6567ee90acd6ea9
46112103dc78f566f1d76261af2714fae87abbd52068d9add2e9d0cfc7d3765d
650130cef7869061f4324e65b6b79d56e96a867a49ac2ada445e02549535a7b6
69549eaf67ac1808260235965d746722c05ddf9857c3669e9fc134cc470f96d3
92f315bef53a5c3e44c2839f3142d7369954ff0dce6152bc65592f24ed91685b
a3a495738c7191f5d3648fdfeadc811889a2ed1af3a8d7ab10b671de9e92c28b
ac12f6652fa9f1fffecc6510dbe11cae0d42ea0c58ac1f1986a8e73a786424c7
b8161d36e9c952fe3d3be771c9c63226913989c0fc320c2ccef261e1098194ec
e5f30e53384214fbcac45b13bfefe79c64700e432dc8a3da1bf71cec3a990283
fc12733e917f5be70c6071c68fbb2359f8b990bd19d78cd2d9e8bbcc6078ca1f

22432-4798.s1.webspace.re Open in urlscan Pro 45.88.108.231 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

450 kBTransfer

772 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

8 Console Messages

Indicators

22432-4798.s1.webspace.re Open in urlscan Pro
45.88.108.231 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

450 kB
Transfer

772 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!