meine.postbank.de.id98173.xyz Open in urlscan Pro
176.121.14.62 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://meine.postbank.de.id98173.xyz/cb/
Effective URL:
http://meine.postbank.de.id98173.xyz/cb/login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd
Submission: On March 15 via manual (March 15th 2022, 12:22:47 pm UTC) from DE — Scanned from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 176.121.14.62, located in Ukraine and belongs to FLOWSPEC-AS, UA. The main domain is meine.postbank.de.id98173.xyz.

This is the only time meine.postbank.de.id98173.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Commerzbank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 9	176.121.14.62 176.121.14.62		210138 (FLOWSPEC-AS) (FLOWSPEC-AS)
10	2

9 176.121.14.62 (Ukraine) 1 redirects

ASN210138 (FLOWSPEC-AS, UA)

meine.postbank.de.id98173.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	id98173.xyz 1 redirects meine.postbank.de.id98173.xyz	381 KB
0	shell.com Failed shell.com Failed
10	2

	Domain	Requested by
9	meine.postbank.de.id98173.xyz	1 redirects meine.postbank.de.id98173.xyz
0	shell.com Failed	meine.postbank.de.id98173.xyz
10	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://meine.postbank.de.id98173.xyz/cb/login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd
Frame ID: 49270312CFBFFDBE4197AEF9BC6A8649
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Anmeldung zum Online Banking - Commerzbank

Page URL History Show full URLs

http://meine.postbank.de.id98173.xyz/cb/ HTTP 302
http://meine.postbank.de.id98173.xyz/cb/login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

10
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

397 kB
Transfer

1088 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://meine.postbank.de.id98173.xyz/cb/ HTTP 302
http://meine.postbank.de.id98173.xyz/cb/login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

http://meine.postbank.de.id98173.xyz/portal/media/system/fonts/icons_woff.woff HTTP 302
https://shell.com/

Request Chain 8

http://meine.postbank.de.id98173.xyz/portal/media/system/fonts/icons_ttf.ttf HTTP 302
https://shell.com/

10 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login_pk.php Show response meine.postbank.de.id98173.xyz/cb/ Redirect Chain http://meine.postbank.de.id98173.xyz/cb/ http://meine.postbank.de.id98173.xyz/cb/login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd	11 KB 4 KB	277ms 276ms	Document text/html	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://meine.postbank.de.id98173.xyz/cb/login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `71e95757025de90e9e5093d6ad8c66ec787fdc3525971fcc2377942d8f04fa27` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Server nginx/1.10.3 Date Tue, 15 Mar 2022 12:22:22 GMT Content-Type text/html; charset=UTF-8 Content-Length 3303 Connection keep-alive Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Vary Accept-Encoding Content-Encoding gzip Redirect headers Server nginx/1.10.3 Date Tue, 15 Mar 2022 12:22:21 GMT Content-Type text/html; charset=UTF-8 Content-Length 0 Connection keep-alive Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Location login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd
GET H/1.1	200 OK	tJdCpYM7SGe20sBJgYtX.css meine.postbank.de.id98173.xyz/cb/src/css/	381 KB 115 KB	268ms 267ms	Stylesheet text/css	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://meine.postbank.de.id98173.xyz/cb/src/css/tJdCpYM7SGe20sBJgYtX.css Requested by Host: meine.postbank.de.id98173.xyz URL: http://meine.postbank.de.id98173.xyz/cb/login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `37029498cede60fe98173c612d3b41877740516fe8cdde316a8e43eb80cc28c0` Request headers Accept-Language de-DE,de;q=0.9 Referer http://meine.postbank.de.id98173.xyz/cb/login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Tue, 15 Mar 2022 12:22:22 GMT Content-Encoding gzip Last-Modified Sat, 26 Nov 2016 23:54:28 GMT Server nginx/1.10.3 ETag "5f4ce-5423cf5829500-gzip" Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive Accept-Ranges bytes
GET H/1.1	200 OK	eXEMAagyc9A6IDGQYnxk.css meine.postbank.de.id98173.xyz/cb/src/css/	397 KB 116 KB	327ms 277ms	Stylesheet text/css	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://meine.postbank.de.id98173.xyz/cb/src/css/eXEMAagyc9A6IDGQYnxk.css Requested by Host: meine.postbank.de.id98173.xyz URL: http://meine.postbank.de.id98173.xyz/cb/login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `303ab70f60742854a5aa23682e17cd05f9e93bac543aecc351c953f37f36a79c` Request headers Accept-Language de-DE,de;q=0.9 Referer http://meine.postbank.de.id98173.xyz/cb/login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Tue, 15 Mar 2022 12:22:22 GMT Content-Encoding gzip Last-Modified Sat, 26 Nov 2016 23:54:28 GMT Server nginx/1.10.3 ETag "6320a-5423cf5829500-gzip" Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive Accept-Ranges bytes
GET H/1.1	200 OK	KLSH9j2z1n0ZoPmJ9Aii.css meine.postbank.de.id98173.xyz/cb/src/css/	2 KB 973 B	271ms 221ms	Stylesheet text/css	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://meine.postbank.de.id98173.xyz/cb/src/css/KLSH9j2z1n0ZoPmJ9Aii.css Requested by Host: meine.postbank.de.id98173.xyz URL: http://meine.postbank.de.id98173.xyz/cb/login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `615e9d2fb7a23014dbb2dd4414147fd07fa9caa925ae4a749ba4df4dc7911563` Request headers Accept-Language de-DE,de;q=0.9 Referer http://meine.postbank.de.id98173.xyz/cb/login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Tue, 15 Mar 2022 12:22:22 GMT Content-Encoding gzip Last-Modified Sat, 26 Nov 2016 23:54:28 GMT Server nginx/1.10.3 ETag "93f-5423cf5829500-gzip" Vary Accept-Encoding Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 679
GET H/1.1	200 OK	EB83Vkm5YXkNloOPt5mJ.css meine.postbank.de.id98173.xyz/cb/src/css/	227 KB 91 KB	321ms 271ms	Stylesheet text/css	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://meine.postbank.de.id98173.xyz/cb/src/css/EB83Vkm5YXkNloOPt5mJ.css Requested by Host: meine.postbank.de.id98173.xyz URL: http://meine.postbank.de.id98173.xyz/cb/login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `cd6b884b7d3fbcbb7e38a6f82ed7f6f8d0ec401c0ce38b91ced696cc8f485f79` Request headers Accept-Language de-DE,de;q=0.9 Referer http://meine.postbank.de.id98173.xyz/cb/login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Tue, 15 Mar 2022 12:22:22 GMT Content-Encoding gzip Last-Modified Sat, 26 Nov 2016 23:54:28 GMT Server nginx/1.10.3 ETag "38a89-5423cf5829500-gzip" Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive Accept-Ranges bytes
GET H/1.1	200 OK	logo_big_svg.svg meine.postbank.de.id98173.xyz/cb/src/img/	17 KB 17 KB	322ms 271ms	Image image/svg+xml	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Show image Full URL http://meine.postbank.de.id98173.xyz/cb/src/img/logo_big_svg.svg Requested by Host: meine.postbank.de.id98173.xyz URL: http://meine.postbank.de.id98173.xyz/cb/login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `d28263b118f646cc7c098e5b8c09f994fe27585f541a90f02423b9246621c0d2` Request headers Accept-Language de-DE,de;q=0.9 Referer http://meine.postbank.de.id98173.xyz/cb/login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Tue, 15 Mar 2022 12:22:22 GMT Last-Modified Sat, 19 Nov 2016 14:41:46 GMT Server nginx/1.10.3 ETag "42a8-541a86c02fe80" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 17064
GET H/1.1	200 OK	bg_metanav_gif.gif meine.postbank.de.id98173.xyz/cb/src/img/	1 KB 1 KB	220ms 220ms	Image image/gif	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Show image Full URL http://meine.postbank.de.id98173.xyz/cb/src/img/bg_metanav_gif.gif Requested by Host: meine.postbank.de.id98173.xyz URL: http://meine.postbank.de.id98173.xyz/cb/src/css/eXEMAagyc9A6IDGQYnxk.css Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `ae247f0ee2d331e7f89a54b2d683589de735b83bda69b00b29bf728e1cc31e75` Request headers Accept-Language de-DE,de;q=0.9 Referer http://meine.postbank.de.id98173.xyz/cb/src/css/eXEMAagyc9A6IDGQYnxk.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Tue, 15 Mar 2022 12:22:22 GMT Last-Modified Sat, 19 Nov 2016 14:55:38 GMT Server nginx/1.10.3 ETag "464-541a89d9a4e80" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 1124
GET		/ shell.com/ Redirect Chain http://meine.postbank.de.id98173.xyz/portal/media/system/fonts/icons_woff.woff https://shell.com/	0 0

GET DATA	200 OK	truncated /	17 KB 17 KB		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8e0cac4821c935482392023f91f3c6814b9c2337ec4dabadf995b5fb95f61a75` Request headers Referer http://meine.postbank.de.id98173.xyz/ Origin http://meine.postbank.de.id98173.xyz Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Content-Type application/x-font-woff
GET		/ shell.com/ Redirect Chain http://meine.postbank.de.id98173.xyz/portal/media/system/fonts/icons_ttf.ttf https://shell.com/	0 0

GET H/1.1	200 OK	icons_woff.woff meine.postbank.de.id98173.xyz/cb/src/css/	36 KB 36 KB	219ms 219ms	Font application/font-woff	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://meine.postbank.de.id98173.xyz/cb/src/css/icons_woff.woff Requested by Host: meine.postbank.de.id98173.xyz URL: http://meine.postbank.de.id98173.xyz/cb/src/css/tJdCpYM7SGe20sBJgYtX.css Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `3d7409b8a77b69c365c5cd5f0770468a606fdfd0b2d590ea91146dcc88fe1b81` Request headers Referer http://meine.postbank.de.id98173.xyz/cb/src/css/tJdCpYM7SGe20sBJgYtX.css Origin http://meine.postbank.de.id98173.xyz Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Tue, 15 Mar 2022 12:22:23 GMT Last-Modified Sat, 19 Nov 2016 14:53:46 GMT Server nginx/1.10.3 ETag "8f00-541a896ed5280" Content-Type application/font-woff Connection keep-alive Accept-Ranges bytes Content-Length 36608

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: shell.com
URL: https://shell.com/

Domain: shell.com
URL: https://shell.com/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Commerzbank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			meine.postbank.de.id98173.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: eu3uj66e2vkaib76evprfpfe17

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: http://meine.postbank.de.id98173.xyz/cb/login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd Message: Access to font at 'https://shell.com/' (redirected from 'http://meine.postbank.de.id98173.xyz/portal/media/system/fonts/icons_woff.woff') from origin 'http://meine.postbank.de.id98173.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://shell.com/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://meine.postbank.de.id98173.xyz/cb/login_pk.php?lp=RBGy2tUYCi7EwW9nFvrQcOHdVT45DI&pk?=jK97uA01cLlHp38R2Xgd Message: Access to font at 'https://shell.com/' (redirected from 'http://meine.postbank.de.id98173.xyz/portal/media/system/fonts/icons_ttf.ttf') from origin 'http://meine.postbank.de.id98173.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://shell.com/ Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

meine.postbank.de.id98173.xyz
shell.com
shell.com
176.121.14.62
303ab70f60742854a5aa23682e17cd05f9e93bac543aecc351c953f37f36a79c
37029498cede60fe98173c612d3b41877740516fe8cdde316a8e43eb80cc28c0
3d7409b8a77b69c365c5cd5f0770468a606fdfd0b2d590ea91146dcc88fe1b81
615e9d2fb7a23014dbb2dd4414147fd07fa9caa925ae4a749ba4df4dc7911563
71e95757025de90e9e5093d6ad8c66ec787fdc3525971fcc2377942d8f04fa27
8e0cac4821c935482392023f91f3c6814b9c2337ec4dabadf995b5fb95f61a75
ae247f0ee2d331e7f89a54b2d683589de735b83bda69b00b29bf728e1cc31e75
cd6b884b7d3fbcbb7e38a6f82ed7f6f8d0ec401c0ce38b91ced696cc8f485f79
d28263b118f646cc7c098e5b8c09f994fe27585f541a90f02423b9246621c0d2

meine.postbank.de.id98173.xyz Open in urlscan Pro 176.121.14.62 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

397 kBTransfer

1088 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

4 Console Messages

Indicators

meine.postbank.de.id98173.xyz Open in urlscan Pro
176.121.14.62 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

397 kB
Transfer

1088 kB
Size

1
Cookies

10 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!