internationalhsbc.eu

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 176.223.129.96, located in Wrocław, Poland and belongs to RACKRAY UAB Rakrejus, LT. The main domain is internationalhsbc.eu.

This is the only time internationalhsbc.eu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Banking (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	178.175.148.169 178.175.148.169	43289 (TRABIA) (TRABIA)
1 8	176.223.129.96 176.223.129.96	62282 (RACKRAY U...) (RACKRAY UAB Rakrejus)
7	1

1 178.175.148.169 (Chisinau, Moldova) 1 redirects

ASN43289 (TRABIA, MD)
PTR: 178-175-148-169.static.as43289.net

www.logon.hsbc-offshore.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 176.223.129.96 (Wrocław, Poland) 1 redirects

ASN62282 (RACKRAY UAB Rakrejus, LT)
PTR: gov.officepc.systems

internationalhsbc.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	internationalhsbc.eu 1 redirects internationalhsbc.eu	38 KB
1	hsbc-offshore.eu 1 redirects www.logon.hsbc-offshore.eu	260 B
7	2

	Domain	Requested by
8	internationalhsbc.eu	1 redirects internationalhsbc.eu
1	www.logon.hsbc-offshore.eu	1 redirects
7	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 2 frames:

Primary Page: http://internationalhsbc.eu/en/secured/
Frame ID: 504E68440F48CAFED9C286D4C5B498CD
Requests: 1 HTTP requests in this frame

Frame: http://internationalhsbc.eu/en/secured/ib/
Frame ID: 914378BDCA638AABD3CB66ADC53129AF
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.logon.hsbc-offshore.eu/ HTTP 301
http://internationalhsbc.eu/en/secured/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

7
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

37 kB
Transfer

36 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.logon.hsbc-offshore.eu/ HTTP 301
http://internationalhsbc.eu/en/secured/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://internationalhsbc.eu/en/secured/ib HTTP 301
http://internationalhsbc.eu/en/secured/ib/

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response internationalhsbc.eu/en/secured/ Redirect Chain https://www.logon.hsbc-offshore.eu/ http://internationalhsbc.eu/en/secured/	577 B 819 B	630ms 288ms	Document text/html	176.223.129.96 RACKRAY UAB Rakrejus
General Check archive.org Show headers Download Go to Full URL http://internationalhsbc.eu/en/secured/ Protocol HTTP/1.1 Server 176.223.129.96 Wrocław, Poland, ASN62282 (RACKRAY UAB Rakrejus, LT), Reverse DNS gov.officepc.systems Software Apache / Resource Hash `e323d50c16051cd3f0a3f08e3526ed35a35329f377a8e051fff33fcb52b74c82` Request headers Host internationalhsbc.eu Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 07 May 2020 06:09:54 GMT Server Apache Last-Modified Thu, 22 Mar 2018 00:07:08 GMT Accept-Ranges bytes Content-Length 577 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html Redirect headers Date Thu, 07 May 2020 06:09:53 GMT Server Apache Location http://internationalhsbc.eu/en/secured/ Content-Length 247 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	/ Show response internationalhsbc.eu/en/secured/ib/ Frame 9143 Redirect Chain http://internationalhsbc.eu/en/secured/ib http://internationalhsbc.eu/en/secured/ib/	5 KB 5 KB	72ms 71ms	Document text/html	176.223.129.96 RACKRAY UAB Rakrejus
General Check archive.org Show headers Download Go to Full URL http://internationalhsbc.eu/en/secured/ib/ Requested by Host: internationalhsbc.eu URL: http://internationalhsbc.eu/en/secured/ Protocol HTTP/1.1 Server 176.223.129.96 Wrocław, Poland, ASN62282 (RACKRAY UAB Rakrejus, LT), Reverse DNS gov.officepc.systems Software Apache / Resource Hash `6afc257d2d76ea43082b962b28d652a4cf5211645b6773a78951254ee4d55760` Request headers Host internationalhsbc.eu Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://internationalhsbc.eu/en/secured/ Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://internationalhsbc.eu/en/secured/ Response headers Date Thu, 07 May 2020 06:09:54 GMT Server Apache Keep-Alive timeout=5, max=98 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Date Thu, 07 May 2020 06:09:54 GMT Server Apache Location http://internationalhsbc.eu/en/secured/ib/ Content-Length 250 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	style.css internationalhsbc.eu/en/secured/ib/css/ Frame 9143	1 KB 1 KB	84ms 72ms	Stylesheet text/css	176.223.129.96 RACKRAY UAB Rakrejus
General Check archive.org Show headers Download Go to Full URL http://internationalhsbc.eu/en/secured/ib/css/style.css Requested by Host: internationalhsbc.eu URL: http://internationalhsbc.eu/en/secured/ib/ Protocol HTTP/1.1 Server 176.223.129.96 Wrocław, Poland, ASN62282 (RACKRAY UAB Rakrejus, LT), Reverse DNS gov.officepc.systems Software Apache / Resource Hash `cb11c71b947aa8acd0759778f6b1c3adb2a70fc35ce6283222772488263429e2` Request headers Referer http://internationalhsbc.eu/en/secured/ib/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 07 May 2020 06:09:54 GMT Last-Modified Mon, 10 Apr 2017 11:32:36 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1246
GET H/1.1	200 OK	AL_logo.gif internationalhsbc.eu/en/secured/ib/images/ Frame 9143	4 KB 4 KB	88ms 75ms	Image image/gif	176.223.129.96 RACKRAY UAB Rakrejus
General Check archive.org Show headers Download Go to Show image Full URL http://internationalhsbc.eu/en/secured/ib/images/AL_logo.gif Requested by Host: internationalhsbc.eu URL: http://internationalhsbc.eu/en/secured/ib/ Protocol HTTP/1.1 Server 176.223.129.96 Wrocław, Poland, ASN62282 (RACKRAY UAB Rakrejus, LT), Reverse DNS gov.officepc.systems Software Apache / Resource Hash `7cf5d711b2bbc6e909fdb1db14c9fc8d5b39fdcd622213b2318d84d648ec1c13` Request headers Referer http://internationalhsbc.eu/en/secured/ib/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 07 May 2020 06:09:54 GMT Last-Modified Wed, 21 Sep 2016 19:18:06 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 4168
GET H/1.1	200 OK	tips.jpg internationalhsbc.eu/en/secured/ib/images/ Frame 9143	804 B 1 KB	45ms 44ms	Image image/jpeg	176.223.129.96 RACKRAY UAB Rakrejus
General Check archive.org Show headers Download Go to Show image Full URL http://internationalhsbc.eu/en/secured/ib/images/tips.jpg Requested by Host: internationalhsbc.eu URL: http://internationalhsbc.eu/en/secured/ib/ Protocol HTTP/1.1 Server 176.223.129.96 Wrocław, Poland, ASN62282 (RACKRAY UAB Rakrejus, LT), Reverse DNS gov.officepc.systems Software Apache / Resource Hash `42334b7772afa955e4d9dff1ea97bb0ac2f5ff6fac4f0506bc7664c376420ca2` Request headers Referer http://internationalhsbc.eu/en/secured/ib/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 07 May 2020 06:09:54 GMT Last-Modified Tue, 05 Jan 2016 01:52:58 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 804
GET H/1.1	200 OK	ad3.jpg internationalhsbc.eu/en/secured/ib/images/ Frame 9143	18 KB 18 KB	88ms 75ms	Image image/jpeg	176.223.129.96 RACKRAY UAB Rakrejus
General Check archive.org Show headers Download Go to Show image Full URL http://internationalhsbc.eu/en/secured/ib/images/ad3.jpg Requested by Host: internationalhsbc.eu URL: http://internationalhsbc.eu/en/secured/ib/ Protocol HTTP/1.1 Server 176.223.129.96 Wrocław, Poland, ASN62282 (RACKRAY UAB Rakrejus, LT), Reverse DNS gov.officepc.systems Software Apache / Resource Hash `930d6a9f48e0cf394c3bc96a44ca77917b6c22c251df1ef3a32a26ff4a498e7b` Request headers Referer http://internationalhsbc.eu/en/secured/ib/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 07 May 2020 06:09:54 GMT Last-Modified Tue, 05 Jan 2016 01:52:54 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 18072
GET H/1.1	200 OK	loginbg.jpg internationalhsbc.eu/en/secured/ib/images/ Frame 9143	7 KB 7 KB	84ms 72ms	Image image/jpeg	176.223.129.96 RACKRAY UAB Rakrejus
General Check archive.org Show headers Download Go to Show image Full URL http://internationalhsbc.eu/en/secured/ib/images/loginbg.jpg Requested by Host: internationalhsbc.eu URL: http://internationalhsbc.eu/en/secured/ib/ Protocol HTTP/1.1 Server 176.223.129.96 Wrocław, Poland, ASN62282 (RACKRAY UAB Rakrejus, LT), Reverse DNS gov.officepc.systems Software Apache / Resource Hash `5dc76a629a12589ca8231befe36ab24cb3c14a9f82a17676ea6fcc1b7017381d` Request headers Referer http://internationalhsbc.eu/en/secured/ib/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 07 May 2020 06:09:54 GMT Last-Modified Tue, 05 Jan 2016 01:52:56 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 6811

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Banking (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

internationalhsbc.eu
www.logon.hsbc-offshore.eu
176.223.129.96
178.175.148.169
42334b7772afa955e4d9dff1ea97bb0ac2f5ff6fac4f0506bc7664c376420ca2
5dc76a629a12589ca8231befe36ab24cb3c14a9f82a17676ea6fcc1b7017381d
6afc257d2d76ea43082b962b28d652a4cf5211645b6773a78951254ee4d55760
7cf5d711b2bbc6e909fdb1db14c9fc8d5b39fdcd622213b2318d84d648ec1c13
930d6a9f48e0cf394c3bc96a44ca77917b6c22c251df1ef3a32a26ff4a498e7b
cb11c71b947aa8acd0759778f6b1c3adb2a70fc35ce6283222772488263429e2
e323d50c16051cd3f0a3f08e3526ed35a35329f377a8e051fff33fcb52b74c82

internationalhsbc.eu Open in urlscan Pro 176.223.129.96 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

37 kBTransfer

36 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

internationalhsbc.eu Open in urlscan Pro
176.223.129.96 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

37 kB
Transfer

36 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!