kunden.weiland-wissen.de Open in urlscan Pro
2a00:1158:2d:300::ab Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://kunden.weiland-wissen.de/ItokenApp//cliente_id/KCS8ZEWVEC2ZZ5N52U/?cliente=bibibobo@terra.com.br/CIBVDAAFBK4JZJI9DL3PHFMY...
Submission: On April 09 via manual (April 9th 2019, 12:07:36 am UTC) from BR

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 2a00:1158:2d:300::ab, located in Germany and belongs to GD-EMEA-DC-SXB1, DE. The main domain is kunden.weiland-wissen.de.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on January 16th 2019. Valid for: a year.

This is the only time kunden.weiland-wissen.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Itau (Banking)

Domain & IP information

	IP Address	AS Autonomous System
8	2a00:1158:2d:... 2a00:1158:2d:300::ab	8972 (GD-EMEA-D...) (GD-EMEA-DC-SXB1)
1	205.185.208.52 205.185.208.52	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
5	151.101.120.193 151.101.120.193	54113 (FASTLY) (FASTLY - Fastly)
14	3

8 2a00:1158:2d:300::ab (Germany)

ASN8972 (GD-EMEA-DC-SXB1, DE)

kunden.weiland-wissen.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.208.52 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.120.193 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	weiland-wissen.de kunden.weiland-wissen.de	16 KB
5	imgur.com i.imgur.com	159 KB
1	jquery.com code.jquery.com	32 KB
14	3

	Domain	Requested by
8	kunden.weiland-wissen.de	kunden.weiland-wissen.de code.jquery.com
5	i.imgur.com
1	code.jquery.com	kunden.weiland-wissen.de
14	3

This site contains no links.

Subject Issuer	Validity	Valid
*.weiland-wissen.de AlphaSSL CA - SHA256 - G2	`2019-01-16` - `2020-02-15`	a year	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
*.imgur.com DigiCert SHA2 Secure Server CA	`2018-12-14` - `2020-02-12`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://kunden.weiland-wissen.de/ItokenApp//cliente_id/KCS8ZEWVEC2ZZ5N52U/?cliente=bibibobo@terra.com.br/CIBVDAAFBK4JZJI9DL3PHFMY/concluir.aspx
Frame ID: F7D1BA6160ACF15CC82D37E5B2BE6177
Requests: 1 HTTP requests in this frame

Frame: https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php
Frame ID: FA64D5A8DACC348C7E15483BFEC89922
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 50%
Detected patterns

url /\.aspx(?:$|\?)/i

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

url /\.aspx(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

IIS (Web Servers) Expand

Overall confidence: 50%
Detected patterns

url /\.aspx(?:$|\?)/i

Page Statistics

14
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

208 kB
Transfer

264 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response kunden.weiland-wissen.de/ItokenApp//cliente_id/KCS8ZEWVEC2ZZ5N52U/	569 B 676 B	100ms 52ms	Document text/html	2a00:1158:2d:300::ab GD-EMEA-DC-SXB1
General Check archive.org Show headers Download Go to Full URL https://kunden.weiland-wissen.de/ItokenApp//cliente_id/KCS8ZEWVEC2ZZ5N52U/?cliente=bibibobo@terra.com.br/CIBVDAAFBK4JZJI9DL3PHFMY/concluir.aspx Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1158:2d:300::ab , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE), Reverse DNS Software Apache/2.4.39 / PHP/5.6.38 Resource Hash `b449963af278056cbf4130aa6e1c26c6fe2c55bf26832bda2f38da0e2fdbda58` Request headers :method GET :authority kunden.weiland-wissen.de :scheme https :path /ItokenApp//cliente_id/KCS8ZEWVEC2ZZ5N52U/?cliente=bibibobo@terra.com.br/CIBVDAAFBK4JZJI9DL3PHFMY/concluir.aspx pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 200 date Tue, 09 Apr 2019 00:07:20 GMT server Apache/2.4.39 x-powered-by PHP/5.6.38 content-type text/html; charset=UTF-8
GET H2	200	index.php Show response kunden.weiland-wissen.de/ItokenApp/atendimento/ Frame FA64	763 B 920 B	48ms 48ms	Document text/html	2a00:1158:2d:300::ab GD-EMEA-DC-SXB1
General Check archive.org Show headers Download Go to Full URL https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php Requested by Host: kunden.weiland-wissen.de URL: https://kunden.weiland-wissen.de/ItokenApp//cliente_id/KCS8ZEWVEC2ZZ5N52U/?cliente=bibibobo@terra.com.br/CIBVDAAFBK4JZJI9DL3PHFMY/concluir.aspx Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1158:2d:300::ab , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE), Reverse DNS Software Apache/2.4.39 / PHP/5.6.38 Resource Hash `6a3af2cf314eba6c4ac18e438812dfe50c790b5c9e7317e740f19083c77e1cf8` Request headers :method GET :authority kunden.weiland-wissen.de :scheme https :path /ItokenApp/atendimento/index.php pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 referer https://kunden.weiland-wissen.de/ItokenApp//cliente_id/KCS8ZEWVEC2ZZ5N52U/?cliente=bibibobo@terra.com.br/CIBVDAAFBK4JZJI9DL3PHFMY/concluir.aspx accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://kunden.weiland-wissen.de/ItokenApp//cliente_id/KCS8ZEWVEC2ZZ5N52U/?cliente=bibibobo@terra.com.br/CIBVDAAFBK4JZJI9DL3PHFMY/concluir.aspx Response headers status 200 date Tue, 09 Apr 2019 00:07:20 GMT server Apache/2.4.39 x-powered-by PHP/5.6.38 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache set-cookie PHPSESSID=f20fca46f872bccd0680dcca335331ce; path=/ content-type text/html; charset=UTF-8
GET H/1.1	200 OK	jquery-1.9.1.min.js Show response code.jquery.com/ Frame FA64	90 KB 32 KB	71ms 18ms	Script application/javascript	205.185.208.52 Highwinds Network...
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-1.9.1.min.js Requested by Host: kunden.weiland-wissen.de URL: https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 205.185.208.52 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US), Reverse DNS vip052.ssl.hwcdn.net Software nginx / Resource Hash `c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4` Request headers Referer https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 09 Apr 2019 00:07:20 GMT Content-Encoding gzip Last-Modified Fri, 24 Oct 2014 00:16:07 GMT Server nginx ETag W/"54499a47-169d5" Vary Accept-Encoding X-HW 1554768440.dop005.pa1.shc,1554768440.dop005.pa1.t,1554768440.cds029.pa1.c Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control max-age=315360000, public Connection Keep-Alive Accept-Ranges bytes Content-Length 32772
GET H2	200	script.js Show response kunden.weiland-wissen.de/ItokenApp/atendimento/js/ Frame FA64	7 KB 7 KB	18ms 17ms	Script application/javascript	2a00:1158:2d:300::ab GD-EMEA-DC-SXB1
General Check archive.org Show headers Download Go to Full URL https://kunden.weiland-wissen.de/ItokenApp/atendimento/js/script.js Requested by Host: kunden.weiland-wissen.de URL: https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1158:2d:300::ab , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE), Reverse DNS Software Apache/2.4.39 / Resource Hash `9cd11a74a385e59db4fe92e063365ec0f325b694a802e6616cde6922aa841bd2` Request headers :path /ItokenApp/atendimento/js/script.js pragma no-cache cookie PHPSESSID=f20fca46f872bccd0680dcca335331ce accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority kunden.weiland-wissen.de referer https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php :scheme https :method GET Referer https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 00:07:20 GMT last-modified Sun, 07 Apr 2019 01:22:21 GMT server Apache/2.4.39 etag "1adf-585e68d37fad2" content-type application/javascript status 200 accept-ranges bytes content-length 6879
GET H2	200	norm.css kunden.weiland-wissen.de/ItokenApp/atendimento/css/ Frame FA64	5 KB 5 KB	15ms 14ms	Stylesheet text/css	2a00:1158:2d:300::ab GD-EMEA-DC-SXB1
General Check archive.org Show headers Download Go to Full URL https://kunden.weiland-wissen.de/ItokenApp/atendimento/css/norm.css Requested by Host: kunden.weiland-wissen.de URL: https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1158:2d:300::ab , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE), Reverse DNS Software Apache/2.4.39 / Resource Hash `cdcaddd694de5f5ed5350c77b19b6e8fbbcb9c7304b5c6d6b22a0cf430d1acda` Request headers :path /ItokenApp/atendimento/css/norm.css pragma no-cache cookie PHPSESSID=f20fca46f872bccd0680dcca335331ce accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority kunden.weiland-wissen.de referer https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php :scheme https :method GET Referer https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 00:07:20 GMT last-modified Sun, 07 Apr 2019 01:22:21 GMT server Apache/2.4.39 etag "154d-585e68d37acb2" content-type text/css status 200 accept-ranges bytes content-length 5453
GET H2	200	princ.php Show response kunden.weiland-wissen.de/ItokenApp/atendimento/ Frame FA64	2 KB 2 KB	51ms 50ms	XHR text/html	2a00:1158:2d:300::ab GD-EMEA-DC-SXB1
General Check archive.org Show headers Download Go to Full URL https://kunden.weiland-wissen.de/ItokenApp/atendimento/princ.php?r=40.87023792838933 Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-1.9.1.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1158:2d:300::ab , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE), Reverse DNS Software Apache/2.4.39 / PHP/5.6.38 Resource Hash `46af6a7c0c535d2649a9ccb3c9579d18cd57971a022316b6cc47b701ba1094aa` Request headers :path /ItokenApp/atendimento/princ.php?r=40.87023792838933 pragma no-cache cookie PHPSESSID=f20fca46f872bccd0680dcca335331ce accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept / cache-control no-cache :authority kunden.weiland-wissen.de x-requested-with XMLHttpRequest :scheme https referer https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php :method GET Accept / Referer https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers pragma no-cache date Tue, 09 Apr 2019 00:07:21 GMT server Apache/2.4.39 x-powered-by PHP/5.6.38 content-type text/html; charset=UTF-8 status 200 cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 expires Thu, 19 Nov 1981 08:52:00 GMT
POST H2	200	function.php Show response kunden.weiland-wissen.de/ItokenApp/atendimento/ Frame FA64	104 B 136 B	51ms 50ms	XHR text/html	2a00:1158:2d:300::ab GD-EMEA-DC-SXB1
General Check archive.org Show headers Download Go to Full URL https://kunden.weiland-wissen.de/ItokenApp/atendimento/function.php?r=267.91917014741864 Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-1.9.1.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1158:2d:300::ab , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE), Reverse DNS Software Apache/2.4.39 / PHP/5.6.38 Resource Hash `81560e7c5936d3d25feb51c67b9e23f4b3437acea11b394287d42c0bd9b376a8` Request headers :path /ItokenApp/atendimento/function.php?r=267.91917014741864 pragma no-cache cookie PHPSESSID=f20fca46f872bccd0680dcca335331ce origin https://kunden.weiland-wissen.de accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 content-type application/x-www-form-urlencoded; charset=UTF-8 accept / cache-control no-cache :authority kunden.weiland-wissen.de x-requested-with XMLHttpRequest :scheme https referer https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php content-length 36 :method POST Accept / Referer https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php Origin https://kunden.weiland-wissen.de X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers status 200 date Tue, 09 Apr 2019 00:07:21 GMT server Apache/2.4.39 x-powered-by PHP/5.6.38 content-type text/html; charset=UTF-8
GET H2	200	zm7WphD.png i.imgur.com/ Frame FA64	85 KB 85 KB	120ms 62ms	Image image/png	151.101.120.193 Fastly
General Check archive.org Show headers Download Go to Show image Full URL https://i.imgur.com/zm7WphD.png Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.120.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software cat factory 1.0 / Resource Hash `cbd558d56ee29fbd7c1ab4728b5854392ece67fccac1276ff83ed569c41c99db` Request headers Referer https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 00:07:21 GMT age 2112848 x-cache HIT, HIT status 200 content-length 87172 x-served-by cache-bwi5135-BWI, cache-cdg20740-CDG last-modified Thu, 01 Oct 2015 12:53:38 GMT server cat factory 1.0 x-timer S1554768442.956823,VS0,VE3 etag "0401c070420c8906241b5f73c179530c" access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes x-cache-hits 1, 1
GET H2	200	FgFdGiC.png i.imgur.com/ Frame FA64	190 B 480 B	73ms 16ms	Image image/png	151.101.120.193 Fastly
General Check archive.org Show headers Download Go to Show image Full URL https://i.imgur.com/FgFdGiC.png Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.120.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software cat factory 1.0 / Resource Hash `2a40ba9a82f4b92ffc15ed6e377f1861c6bc84d1cb1a2a32a590e88bfa6df855` Request headers Referer https://kunden.weiland-wissen.de/ItokenApp/atendimento/css/norm.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 00:07:21 GMT age 6320621 x-cache HIT, HIT status 200 content-length 190 x-served-by cache-bwi5148-BWI, cache-cdg20740-CDG last-modified Thu, 01 Oct 2015 12:45:25 GMT server cat factory 1.0 x-timer S1554768442.956892,VS0,VE1 etag "739ffe00e17a1b47cbfe1d88fdd3a6a8" access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes x-cache-hits 1, 1
GET H2	200	fytoV8S.png i.imgur.com/ Frame FA64	10 KB 10 KB	88ms 31ms	Image image/png	151.101.120.193 Fastly
General Check archive.org Show headers Download Go to Show image Full URL https://i.imgur.com/fytoV8S.png Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.120.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software cat factory 1.0 / Resource Hash `2a3164c1e99e0fb111e4a948d72bde221aa3d7017adc0da4516ca2ae59223eae` Request headers Referer https://kunden.weiland-wissen.de/ItokenApp/atendimento/css/norm.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 00:07:21 GMT age 2373583 x-cache HIT, HIT status 200 content-length 10168 x-served-by cache-bwi5149-BWI, cache-cdg20740-CDG last-modified Mon, 12 Sep 2016 01:03:14 GMT server cat factory 1.0 x-timer S1554768442.956988,VS0,VE1 etag "522791f0eacdec57a085f7cf34e03975" access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes x-cache-hits 1, 1
GET H2	200	bKCzwa8.png i.imgur.com/ Frame FA64	6 KB 7 KB	73ms 17ms	Image image/png	151.101.120.193 Fastly
General Check archive.org Show headers Download Go to Show image Full URL https://i.imgur.com/bKCzwa8.png Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.120.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software cat factory 1.0 / Resource Hash `8941102c4c1c9e1be231e90d1823da87a03974747284c84cd6a39612c683161a` Request headers Referer https://kunden.weiland-wissen.de/ItokenApp/atendimento/css/norm.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 00:07:21 GMT age 5902481 x-cache HIT, HIT status 200 content-length 6654 x-served-by cache-bwi5122-BWI, cache-cdg20740-CDG last-modified Fri, 09 Sep 2016 01:29:57 GMT server cat factory 1.0 x-timer S1554768442.956985,VS0,VE1 etag "38aa4c25cdafee3fbb51c833efee6cfd" access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes x-cache-hits 1, 1
GET H2	200	bmtpv3h.png i.imgur.com/ Frame FA64	57 KB 57 KB	87ms 33ms	Image image/png	151.101.120.193 Fastly
General Check archive.org Show headers Download Go to Show image Full URL https://i.imgur.com/bmtpv3h.png Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.120.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software cat factory 1.0 / Resource Hash `9fbd1563bf8b5d9d6203fe4a20cc8b951d25ea5442d6081462795421cd1d7913` Request headers Referer https://kunden.weiland-wissen.de/ItokenApp/atendimento/css/norm.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 00:07:21 GMT age 2844979 x-cache HIT, HIT status 200 content-length 57970 x-served-by cache-bwi5126-BWI, cache-cdg20740-CDG last-modified Thu, 01 Oct 2015 12:58:19 GMT server cat factory 1.0 x-timer S1554768442.956999,VS0,VE2 etag "cf750006eed618872a751f5d6d86feca" access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes x-cache-hits 1, 1
POST H2	200	function.php Show response kunden.weiland-wissen.de/ItokenApp/atendimento/ Frame FA64	104 B 159 B	46ms 46ms	XHR text/html	2a00:1158:2d:300::ab GD-EMEA-DC-SXB1
General Check archive.org Show headers Download Go to Full URL https://kunden.weiland-wissen.de/ItokenApp/atendimento/function.php?r=70.89070686445422 Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-1.9.1.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1158:2d:300::ab , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE), Reverse DNS Software Apache/2.4.39 / PHP/5.6.38 Resource Hash `81560e7c5936d3d25feb51c67b9e23f4b3437acea11b394287d42c0bd9b376a8` Request headers :path /ItokenApp/atendimento/function.php?r=70.89070686445422 pragma no-cache origin https://kunden.weiland-wissen.de accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 content-type application/x-www-form-urlencoded; charset=UTF-8 accept / cache-control no-cache :authority kunden.weiland-wissen.de x-requested-with XMLHttpRequest :scheme https referer https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php content-length 36 :method POST Accept / Referer https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php Origin https://kunden.weiland-wissen.de X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers status 200 date Tue, 09 Apr 2019 00:07:25 GMT server Apache/2.4.39 x-powered-by PHP/5.6.38 content-type text/html; charset=UTF-8
POST H2	200	function.php Show response kunden.weiland-wissen.de/ItokenApp/atendimento/ Frame FA64	104 B 159 B	50ms 50ms	XHR text/html	2a00:1158:2d:300::ab GD-EMEA-DC-SXB1
General Check archive.org Show headers Download Go to Full URL https://kunden.weiland-wissen.de/ItokenApp/atendimento/function.php?r=378.76659581681247 Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-1.9.1.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1158:2d:300::ab , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE), Reverse DNS Software Apache/2.4.39 / PHP/5.6.38 Resource Hash `81560e7c5936d3d25feb51c67b9e23f4b3437acea11b394287d42c0bd9b376a8` Request headers :path /ItokenApp/atendimento/function.php?r=378.76659581681247 pragma no-cache origin https://kunden.weiland-wissen.de accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 content-type application/x-www-form-urlencoded; charset=UTF-8 accept / cache-control no-cache :authority kunden.weiland-wissen.de x-requested-with XMLHttpRequest :scheme https referer https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php content-length 36 :method POST Accept / Referer https://kunden.weiland-wissen.de/ItokenApp/atendimento/index.php Origin https://kunden.weiland-wissen.de X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers status 200 date Tue, 09 Apr 2019 00:07:30 GMT server Apache/2.4.39 x-powered-by PHP/5.6.38 content-type text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Itau (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			kunden.weiland-wissen.de/	1969-12-31 23:59:59	Name: PHPSESSID Value: f20fca46f872bccd0680dcca335331ce

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
i.imgur.com
kunden.weiland-wissen.de
151.101.120.193
205.185.208.52
2a00:1158:2d:300::ab
2a3164c1e99e0fb111e4a948d72bde221aa3d7017adc0da4516ca2ae59223eae
2a40ba9a82f4b92ffc15ed6e377f1861c6bc84d1cb1a2a32a590e88bfa6df855
46af6a7c0c535d2649a9ccb3c9579d18cd57971a022316b6cc47b701ba1094aa
6a3af2cf314eba6c4ac18e438812dfe50c790b5c9e7317e740f19083c77e1cf8
81560e7c5936d3d25feb51c67b9e23f4b3437acea11b394287d42c0bd9b376a8
8941102c4c1c9e1be231e90d1823da87a03974747284c84cd6a39612c683161a
9cd11a74a385e59db4fe92e063365ec0f325b694a802e6616cde6922aa841bd2
9fbd1563bf8b5d9d6203fe4a20cc8b951d25ea5442d6081462795421cd1d7913
b449963af278056cbf4130aa6e1c26c6fe2c55bf26832bda2f38da0e2fdbda58
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
cbd558d56ee29fbd7c1ab4728b5854392ece67fccac1276ff83ed569c41c99db
cdcaddd694de5f5ed5350c77b19b6e8fbbcb9c7304b5c6d6b22a0cf430d1acda

kunden.weiland-wissen.de Open in urlscan Pro 2a00:1158:2d:300::ab Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

208 kBTransfer

264 kBSize

1 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

kunden.weiland-wissen.de Open in urlscan Pro
2a00:1158:2d:300::ab Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

208 kB
Transfer

264 kB
Size

1
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!