urlscan.io logo urlscan.io
SecurityTrails logo

ziegler-hv.com Open in urlscan Pro
85.214.136.229  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://as-kranjec.com/bot.php
Effective URL: https://ziegler-hv.com/het/login/auth/login.php?CustomerService
Submission: On May 26 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 4 HTTP transactions. The main IP is 85.214.136.229, located in Germany and belongs to STRATO STRATO AG, DE. The main domain is ziegler-hv.com.
TLS certificate: Issued by R3 on May 25th 2024. Valid for: 3 months.
This is the only time ziegler-hv.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Hetzner (Online)

Domain & IP information

IP Address AS Autonomous System
2 139.177.181.5 63949 (AKAMAI-LI...)
2 85.214.136.229 6724 (STRATO ST...)
4 3
Apex Domain
Subdomains		 Transfer
2 ziegler-hv.com
ziegler-hv.com
417 KB
2 as-kranjec.com
as-kranjec.com
2 KB
4 2
Domain Requested by
2 ziegler-hv.com ziegler-hv.com
2 as-kranjec.com
4 2

This site contains links to these domains. Also see Links.

Domain
accounts.hetzner.com
www.hetzner.com
Subject Issuer Validity Valid
*.as-kranjec.com
R3		 2024-05-08 -
2024-08-06		 3 months crt.sh
ziegler-hv.com
R3		 2024-05-25 -
2024-08-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://ziegler-hv.com/het/login/auth/login.php?CustomerService
Frame ID: D9E70D1EC63FD2B2F8908655CCE5E9B8
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login - Hetzner Online

Page URL History Show full URLs

  1. https://as-kranjec.com/bot.php Page URL
  2. https://ziegler-hv.com/het/login/auth/ Page URL
  3. https://ziegler-hv.com/het/login/auth/login.php?CustomerService Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

509 kB
Transfer

1006 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://as-kranjec.com/bot.php Page URL
  2. https://ziegler-hv.com/het/login/auth/ Page URL
  3. https://ziegler-hv.com/het/login/auth/login.php?CustomerService Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
bot.php
as-kranjec.com/ 		82 B
401 B 		Document
General
Check archive.org
Download Go to
Full URL
https://as-kranjec.com/bot.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
139.177.181.5 Frankfurt am Main, Germany, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
fra3.hostclusters.com
Software
LiteSpeed / PHP/7.4.33
Resource Hash
7336e066a0f52350487c7d2c9fc693df61b19e791206a1072984ced3732be1ae
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-length
67
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Sun, 26 May 2024 06:04:10 GMT
server
LiteSpeed
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
x-powered-by
PHP/7.4.33
/
ziegler-hv.com/het/login/auth/ 		88 B
300 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ziegler-hv.com/het/login/auth/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
85.214.136.229 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
h3015308.stratoserver.net
Software
nginx / PHP/7.1.33 PleskLin
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://as-kranjec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
gzip
content-length
103
content-type
text/html; charset=UTF-8
date
Sun, 26 May 2024 06:04:11 GMT
server
nginx
vary
Accept-Encoding
x-content-type-options
nosniff
x-powered-by
PHP/7.1.33 PleskLin
x-xss-protection
1; mode=block
favicon.ico
as-kranjec.com/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://as-kranjec.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
139.177.181.5 Frankfurt am Main, Germany, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
fra3.hostclusters.com
Software
LiteSpeed /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://as-kranjec.com/bot.php
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sun, 26 May 2024 06:04:10 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
upgrade-insecure-requests
server
LiteSpeed
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
content-length
1251
Primary Request login.php
ziegler-hv.com/het/login/auth/ 		816 KB
417 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ziegler-hv.com/het/login/auth/login.php?CustomerService
Requested by
Host: ziegler-hv.com
URL: https://ziegler-hv.com/het/login/auth/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
85.214.136.229 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
h3015308.stratoserver.net
Software
nginx / PHP/7.1.33 PleskLin
Resource Hash
e189c5e2daccadb73102b1600fe94072523224b01dc0e8840e7456461a203141
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://ziegler-hv.com/het/login/auth/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sun, 26 May 2024 06:04:12 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-content-type-options
nosniff
x-powered-by
PHP/7.1.33 PleskLin
x-xss-protection
1; mode=block
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6de3e1a1ca77d258e807240d1895f5ac28c4073158a33efeeb288192a6f487a3

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0f61c56ee412fd415d2a9e2af29c3a0219ba609465498a52afefd570f75c6e86

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a3f75f7279680fba6e7b643d3f86e2c8a3159fe0434f545a5d2449e7dbe3c84d

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6d6c3cee9a14f5206c557d34f42b42abbfb8599fd3538d246f1be89489f2edb7

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8a848477b5e082fb1ee4581589803183fe87c5cad9d11a2cf5261bb7f1be6267

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
77e80216c31ad4b2b70c7728ec9e5498ebb26c946f8d1469a0919819e092e3b7

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a08b732faf0a2791589fc6a59c5cc2188bbf926f79d87671bb6b04dc1d5b1791

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		77 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
571a17a027ca5efffdd3d329e3ea342cdb9c3dd2d2f391b2f064c8937a9f3231

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1a88ca7bcf7524692f5d2295db6727685c5d8f444a21fd30fea6a6e49ae3011

Request headers

Referer
Origin
https://ziegler-hv.com
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		75 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer
Origin
https://ziegler-hv.com
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Hetzner (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| savepage_ShadowLoader

1 Cookies

Domain/Path Name / Value
ziegler-hv.com/ Name: PHPSESSID
Value: pa8bbkrn10iu7qqgqf50hbm2gf

2 Console Messages

Source Level URL
Text
network error URL: https://as-kranjec.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
recommendation verbose URL: https://ziegler-hv.com/het/login/auth/login.php?CustomerService#_9560426a8e1a39257
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload