s-alert.info Open in urlscan Pro
91.92.251.79 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://s-alert.info/
Effective URL:
http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/
Submission: On May 16 via api (May 16th 2024, 2:12:57 am UTC) from US — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 18 HTTP transactions. The main IP is 91.92.251.79, located in Bulgaria and belongs to LIMENET, US. The main domain is s-alert.info.

This is the only time s-alert.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sparkasse (Banking)

Domain & IP information

	IP Address		AS Autonomous System
2 20	91.92.251.79 91.92.251.79		394711 (LIMENET) (LIMENET)
18	2

20 91.92.251.79 (Bulgaria) 2 redirects

ASN394711 (LIMENET, US)

s-alert.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
91.92.251.79	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	s-alert.info 2 redirects s-alert.info	3 MB
18	1

	Domain	Requested by
18	s-alert.info	2 redirects s-alert.info
18	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/
Frame ID: 2E26ACBF495A4DDBBEDBC29E955412C6
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Spаrkаsse: Prоdukte und Serviсes | Spаrkаsse.de

Page URL History Show full URLs

http://s-alert.info/ HTTP 307
https://s-alert.info/ HTTP 307
http://s-alert.info/ Page URL
http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e HTTP 301
http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/ HTTP 302
http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/ Page URL

Detected technologies

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

\bangular.{0,32}\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

2861 kB
Transfer

3516 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://s-alert.info/ HTTP 307
https://s-alert.info/ HTTP 307
http://s-alert.info/ Page URL
http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e HTTP 301
http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/ HTTP 302
http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://s-alert.info/ HTTP 307
https://s-alert.info/ HTTP 307
http://s-alert.info/

18 HTTP transactions
6 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response s-alert.info/ Redirect Chain http://s-alert.info/ https://s-alert.info/ http://s-alert.info/	694 B 720 B	45ms 45ms	Document text/html	91.92.251.79 LIMENET
General Check archive.org Show headers Download Go to Full URL http://s-alert.info/ Protocol HTTP/1.1 Server 91.92.251.79 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache/2.4.52 (Ubuntu) / Resource Hash `4cba4930b9d394ff1b8856b35a44b75a381a2d093e461fe072f609023665aff7` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Connection Keep-Alive Content-Encoding gzip Content-Length 447 Content-Type text/html; charset=UTF-8 Date Thu, 16 May 2024 02:12:52 GMT Keep-Alive timeout=5, max=100 Server Apache/2.4.52 (Ubuntu) Vary Accept-Encoding Redirect headers Location http://s-alert.info/ Non-Authoritative-Reason HttpsUpgrades
GET H/1.1	404 Not Found	favicon.ico s-alert.info/	274 B 490 B	15ms 15ms	Other text/html	91.92.251.79 LIMENET
General Check archive.org Show headers Download Go to Full URL http://s-alert.info/favicon.ico Protocol HTTP/1.1 Server 91.92.251.79 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache/2.4.52 (Ubuntu) / Resource Hash `ae20821ac61ebcca5a8c9b9bd071e684bd8e1d850f9f1331875f361256718330` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer http://s-alert.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Date Thu, 16 May 2024 02:12:52 GMT Server Apache/2.4.52 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 274 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	Primary Request / Show response s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/ Redirect Chain http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e? http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/? http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/?	797 KB 398 KB	1034ms 1034ms	Document text/html	91.92.251.79 LIMENET
General Check archive.org Show headers Download Go to Full URL http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? Requested by Host: s-alert.info URL: http://s-alert.info/ Protocol HTTP/1.1 Server 91.92.251.79 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache/2.4.52 (Ubuntu) / Resource Hash `34fec139cf89aa9e0d3fdaafe174bd1fb5ccf85c349553793cd790bd177c21fa` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer http://s-alert.info/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Thu, 16 May 2024 02:12:53 GMT Expires 0 Keep-Alive timeout=5, max=96 Pragma no-cache Server Apache/2.4.52 (Ubuntu) Transfer-Encoding chunked Vary Accept-Encoding Redirect headers Connection Keep-Alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Thu, 16 May 2024 02:12:53 GMT Keep-Alive timeout=5, max=97 Server Apache/2.4.52 (Ubuntu) location start/?
GET H/1.1	200 OK	jquery.min.js Show response s-alert.info/bower_components/jquery/dist/	85 KB 30 KB	68ms 55ms	Script text/javascript	91.92.251.79 LIMENET
General Check archive.org Show headers Download Go to Full URL http://s-alert.info/bower_components/jquery/dist/jquery.min.js Requested by Host: s-alert.info URL: http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? Protocol HTTP/1.1 Server 91.92.251.79 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache/2.4.52 (Ubuntu) / Resource Hash `87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Date Thu, 16 May 2024 02:12:54 GMT Content-Encoding gzip Last-Modified Sun, 12 Mar 2023 22:47:56 GMT Server Apache/2.4.52 (Ubuntu) ETag "15283-5f6bbc90ddf00-gzip" Vary Accept-Encoding Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 30138
GET H/1.1	200 OK	ua-parser.min.js Show response s-alert.info/bower_components/ua-parser-js/dist/	17 KB 6 KB	53ms 40ms	Script text/javascript	91.92.251.79 LIMENET
General Check archive.org Show headers Download Go to Full URL http://s-alert.info/bower_components/ua-parser-js/dist/ua-parser.min.js Requested by Host: s-alert.info URL: http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? Protocol HTTP/1.1 Server 91.92.251.79 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache/2.4.52 (Ubuntu) / Resource Hash `0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Date Thu, 16 May 2024 02:12:54 GMT Content-Encoding gzip Last-Modified Sun, 12 Mar 2023 22:47:58 GMT Server Apache/2.4.52 (Ubuntu) ETag "4298-5f6bbc92c6380-gzip" Vary Accept-Encoding Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 6063
GET H/1.1	200 OK	font-awesome.min.css s-alert.info/bower_components/font-awesome/css/	30 KB 7 KB	41ms 29ms	Stylesheet text/css	91.92.251.79 LIMENET
General Check archive.org Show headers Download Go to Full URL http://s-alert.info/bower_components/font-awesome/css/font-awesome.min.css Requested by Host: s-alert.info URL: http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? Protocol HTTP/1.1 Server 91.92.251.79 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache/2.4.52 (Ubuntu) / Resource Hash `799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Date Thu, 16 May 2024 02:12:54 GMT Content-Encoding gzip Last-Modified Sun, 12 Mar 2023 22:48:00 GMT Server Apache/2.4.52 (Ubuntu) ETag "7918-5f6bbc94ae800-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 7053
GET H/1.1	200 OK	core_form.js Show response s-alert.info/core/form/	27 KB 9 KB	54ms 23ms	Script text/javascript	91.92.251.79 LIMENET
General Check archive.org Show headers Download Go to Full URL http://s-alert.info/core/form/core_form.js Requested by Host: s-alert.info URL: http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? Protocol HTTP/1.1 Server 91.92.251.79 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache/2.4.52 (Ubuntu) / Resource Hash `60ae75a4d25202ca382c7bb3597baa483eb07a72f2097be469a36a6628b50b5b` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Date Thu, 16 May 2024 02:12:54 GMT Content-Encoding gzip Last-Modified Mon, 06 May 2024 13:01:46 GMT Server Apache/2.4.52 (Ubuntu) ETag "6a8e-617c8abf32280-gzip" Vary Accept-Encoding Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 9256
GET H/1.1	200 OK	core_token.js Show response s-alert.info/core/token/	18 KB 2 KB	46ms 14ms	Script text/javascript	91.92.251.79 LIMENET
General Check archive.org Show headers Download Go to Full URL http://s-alert.info/core/token/core_token.js Requested by Host: s-alert.info URL: http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? Protocol HTTP/1.1 Server 91.92.251.79 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache/2.4.52 (Ubuntu) / Resource Hash `d5eff191c37d42ba26b50e329e73c2a4c760c714926d199644c34f66d606aceb` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Date Thu, 16 May 2024 02:12:54 GMT Content-Encoding gzip Last-Modified Sun, 05 May 2024 22:13:22 GMT Server Apache/2.4.52 (Ubuntu) ETag "46d4-617bc42c8a480-gzip" Vary Accept-Encoding Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1731
GET H/1.1	200 OK	angular.min.js Show response s-alert.info/bower_components/angular/	165 KB 58 KB	75ms 33ms	Script text/javascript	91.92.251.79 LIMENET
General Check archive.org Show headers Download Go to Full URL http://s-alert.info/bower_components/angular/angular.min.js Requested by Host: s-alert.info URL: http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? Protocol HTTP/1.1 Server 91.92.251.79 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache/2.4.52 (Ubuntu) / Resource Hash `35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Date Thu, 16 May 2024 02:12:54 GMT Content-Encoding gzip Last-Modified Sun, 12 Mar 2023 22:47:54 GMT Server Apache/2.4.52 (Ubuntu) ETag "2937c-5f6bbc8ef5a80-gzip" Vary Accept-Encoding Transfer-Encoding chunked Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99
GET H/1.1	200 OK	core_form.css s-alert.info/core/form/	3 KB 1 KB	29ms 17ms	Stylesheet text/css	91.92.251.79 LIMENET
General Check archive.org Show headers Download Go to Full URL http://s-alert.info/core/form/core_form.css Requested by Host: s-alert.info URL: http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? Protocol HTTP/1.1 Server 91.92.251.79 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache/2.4.52 (Ubuntu) / Resource Hash `95a67f669086a2f8cc5daa6b55f863675c6a534f6579534c017e1642360a8076` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Date Thu, 16 May 2024 02:12:54 GMT Content-Encoding gzip Last-Modified Sun, 12 Mar 2023 22:48:54 GMT Server Apache/2.4.52 (Ubuntu) ETag "b6a-5f6bbcc82e180-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 742
GET H/1.1	200 OK	css.css s-alert.info/start/form/	312 B 554 B	31ms 19ms	Stylesheet text/css	91.92.251.79 LIMENET
General Check archive.org Show headers Download Go to Full URL http://s-alert.info/start/form/css.css Requested by Host: s-alert.info URL: http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? Protocol HTTP/1.1 Server 91.92.251.79 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache/2.4.52 (Ubuntu) / Resource Hash `fb1222b67da98c2951812af040299c4679c2e0d88948f487fb2d6cef2a101819` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Date Thu, 16 May 2024 02:12:54 GMT Content-Encoding gzip Last-Modified Sun, 12 Mar 2023 22:52:06 GMT Server Apache/2.4.52 (Ubuntu) ETag "138-5f6bbd7f49180-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 218
GET H/1.1	200 OK	form.js Show response s-alert.info/start/form/	3 KB 1 KB	15ms 14ms	Script text/javascript	91.92.251.79 LIMENET
General Check archive.org Show headers Download Go to Full URL http://s-alert.info/start/form/form.js?v=66456ba69c4e4 Requested by Host: s-alert.info URL: http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? Protocol HTTP/1.1 Server 91.92.251.79 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache/2.4.52 (Ubuntu) / Resource Hash `907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Date Thu, 16 May 2024 02:12:54 GMT Content-Encoding gzip Last-Modified Sun, 12 Mar 2023 22:52:06 GMT Server Apache/2.4.52 (Ubuntu) ETag "bf7-5f6bbd7f49180-gzip" Vary Accept-Encoding Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 709
GET H/1.1	200 OK	ng.js Show response s-alert.info/start/ng/	7 KB 2 KB	15ms 15ms	Script text/javascript	91.92.251.79 LIMENET
General Check archive.org Show headers Download Go to Full URL http://s-alert.info/start/ng/ng.js?v=66456ba69c4ec Requested by Host: s-alert.info URL: http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? Protocol HTTP/1.1 Server 91.92.251.79 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache/2.4.52 (Ubuntu) / Resource Hash `ac526a5f29c6c5f6b588aad7399009664b09d48405e4721d7746ea3d2dec44e1` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Date Thu, 16 May 2024 02:12:54 GMT Content-Encoding gzip Last-Modified Sun, 12 Mar 2023 22:52:08 GMT Server Apache/2.4.52 (Ubuntu) ETag "1a49-5f6bbd8131600-gzip" Vary Accept-Encoding Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1701
GET H/1.1	200 OK	token.js Show response s-alert.info/start/token/	1 KB 871 B	14ms 13ms	Script text/javascript	91.92.251.79 LIMENET
General Check archive.org Show headers Download Go to Full URL http://s-alert.info/start/token/token.js?v=66456ba69c4ed Requested by Host: s-alert.info URL: http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? Protocol HTTP/1.1 Server 91.92.251.79 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache/2.4.52 (Ubuntu) / Resource Hash `87eb5b13400c1ac4be75ec2a0dc621e3fcb0e0996dc2e674699d275255c73229` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Date Thu, 16 May 2024 02:12:54 GMT Content-Encoding gzip Last-Modified Sun, 12 Mar 2023 22:52:04 GMT Server Apache/2.4.52 (Ubuntu) ETag "509-5f6bbd7d60d00-gzip" Vary Accept-Encoding Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 529
GET H/1.1	206 Partial Content	a.mp4 s-alert.info/start/	2 MB 2 MB	14ms 13ms	Media video/mp4	91.92.251.79 LIMENET
General Check archive.org Show headers Download Go to Full URL http://s-alert.info/start/a.mp4 Requested by Host: s-alert.info URL: http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? Protocol HTTP/1.1 Server 91.92.251.79 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache/2.4.52 (Ubuntu) / Resource Hash `c57e00b7aec3f76bafdbcc59d969c25288823ca8671e788360000a96e16a6ef8` Request headers Referer http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? Accept-Encoding identity;q=1, ;q=0 Accept-Language* de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Range bytes=0- Response headers Date Thu, 16 May 2024 02:12:54 GMT Last-Modified Wed, 01 May 2024 12:14:46 GMT Server Apache/2.4.52 (Ubuntu) ETag "1a78ef-617636ea87980" Content-Type video/mp4 Content-Range bytes 0-1734894/1734895 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1734895
GET H/1.1	200 OK	newloader.gif s-alert.info/start/form/	544 KB 544 KB	13ms 13ms	Image image/gif	91.92.251.79 LIMENET
General Check archive.org Show headers Download Go to Show image Full URL http://s-alert.info/start/form/newloader.gif Requested by Host: s-alert.info URL: http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? Protocol HTTP/1.1 Server 91.92.251.79 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache/2.4.52 (Ubuntu) / Resource Hash `32bfc673211421c1a5a33acc98291840183582f11d15490954b42a81d79d4630` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Date Thu, 16 May 2024 02:12:54 GMT Last-Modified Sun, 12 Mar 2023 22:52:06 GMT Server Apache/2.4.52 (Ubuntu) ETag "88042-5f6bbd7f49180" Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 557122
GET DATA	200 OK	truncated /	6 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c58c160312c1440f186616809d4e592e320c754ad81c01f462785300c20300bc` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer http://s-alert.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	gate.php Show response 91.92.251.79/uadmin/	57 B 259 B	104ms 91ms	Script application/javascript	91.92.251.79 LIMENET
General Check archive.org Show headers Download Go to Full URL http://91.92.251.79/uadmin/gate.php?pl=token&link=uni.it&bid=dee2113637c5303088567fb54ec9e30e&callback=jQuery32106392329072437988_1715825574674&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1715825574675 Requested by Host: s-alert.info URL: http://s-alert.info/bower_components/jquery/dist/jquery.min.js Protocol HTTP/1.1 Server 91.92.251.79 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache/2.4.52 (Ubuntu) / Resource Hash `8fc11a45819a11a1fecbec35b68dfb607a4d17a92020618d974d40b2d7d00062` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer http://s-alert.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Date Thu, 16 May 2024 02:12:54 GMT Server Apache/2.4.52 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 57 Content-Type application/javascript
GET H/1.1	200 OK	gate.php Show response 91.92.251.79/uadmin/	57 B 259 B	57ms 44ms	Script application/javascript	91.92.251.79 LIMENET
General Check archive.org Show headers Download Go to Full URL http://91.92.251.79/uadmin/gate.php?pl=token&link=uni.it&bid=dee2113637c5303088567fb54ec9e30e&callback=jQuery32106392329072437988_1715825574676&data=%7B%22mes%22%3A%22User%20on%20start%20page%22%7D&_=1715825574677 Requested by Host: s-alert.info URL: http://s-alert.info/bower_components/jquery/dist/jquery.min.js Protocol HTTP/1.1 Server 91.92.251.79 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache/2.4.52 (Ubuntu) / Resource Hash `6c1e15567a4ded04122a39bdc5f77ce1c537a113730980eb925c9ea1d0b43e1b` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer http://s-alert.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Date Thu, 16 May 2024 02:12:54 GMT Server Apache/2.4.52 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 57 Content-Type application/javascript
GET DATA	200 OK	truncated /	15 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b0806659e4a12b2665227e54911485706ed7f288c7cef9e55add4b4d917d3092` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer http://s-alert.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	31 KB 31 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a1526819ed10b3c4d9a1f6e956e673b47f295e58ac66e27391777e58e870331d` Request headers Referer http://s-alert.info/ Origin http://s-alert.info Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	24 KB 24 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `372882d973bb4af9445e2c4283b653db5701d2e21496c09229997093f4774fda` Request headers Referer http://s-alert.info/ Origin http://s-alert.info Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	23 KB 23 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ec3c703a5c513a5d8bc6c16a50f0e926ae46ed0dae8a3071366a71df2a3f9e87` Request headers Referer http://s-alert.info/ Origin http://s-alert.info Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	26 KB 26 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f242ffcd6fdfa46d721c369cc0f25e42c7e20721308100a03b9e4057b424e985` Request headers Referer http://s-alert.info/ Origin http://s-alert.info Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Content-Type font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sparkasse (Banking)

50 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
s-alert.info/	1969-12-31 23:59:59	Name: real Value: OK
s-alert.info/	1970-01-20 21:20:17	Name: bid Value: dee2113637c5303088567fb54ec9e30e
s-alert.info/	1969-12-31 23:59:59	Name: lng Value: de

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://s-alert.info/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)
other	error	URL: http://s-alert.info/a1b2c3/dee2113637c5303088567fb54ec9e30e/start/?(Line 35) Message: This element does not support attachShadow

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

s-alert.info
91.92.251.79
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
32bfc673211421c1a5a33acc98291840183582f11d15490954b42a81d79d4630
34fec139cf89aa9e0d3fdaafe174bd1fb5ccf85c349553793cd790bd177c21fa
35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27
372882d973bb4af9445e2c4283b653db5701d2e21496c09229997093f4774fda
4cba4930b9d394ff1b8856b35a44b75a381a2d093e461fe072f609023665aff7
60ae75a4d25202ca382c7bb3597baa483eb07a72f2097be469a36a6628b50b5b
6c1e15567a4ded04122a39bdc5f77ce1c537a113730980eb925c9ea1d0b43e1b
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
87eb5b13400c1ac4be75ec2a0dc621e3fcb0e0996dc2e674699d275255c73229
8fc11a45819a11a1fecbec35b68dfb607a4d17a92020618d974d40b2d7d00062
907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f
95a67f669086a2f8cc5daa6b55f863675c6a534f6579534c017e1642360a8076
a1526819ed10b3c4d9a1f6e956e673b47f295e58ac66e27391777e58e870331d
ac526a5f29c6c5f6b588aad7399009664b09d48405e4721d7746ea3d2dec44e1
ae20821ac61ebcca5a8c9b9bd071e684bd8e1d850f9f1331875f361256718330
b0806659e4a12b2665227e54911485706ed7f288c7cef9e55add4b4d917d3092
c57e00b7aec3f76bafdbcc59d969c25288823ca8671e788360000a96e16a6ef8
c58c160312c1440f186616809d4e592e320c754ad81c01f462785300c20300bc
d5eff191c37d42ba26b50e329e73c2a4c760c714926d199644c34f66d606aceb
ec3c703a5c513a5d8bc6c16a50f0e926ae46ed0dae8a3071366a71df2a3f9e87
f242ffcd6fdfa46d721c369cc0f25e42c7e20721308100a03b9e4057b424e985
fb1222b67da98c2951812af040299c4679c2e0d88948f487fb2d6cef2a101819

s-alert.info Open in urlscan Pro 91.92.251.79 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

2861 kBTransfer

3516 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

50 JavaScript Global Variables

3 Cookies

2 Console Messages

Indicators

s-alert.info Open in urlscan Pro
91.92.251.79 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

2861 kB
Transfer

3516 kB
Size

3
Cookies

18 HTTP transactions
6 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!