my.modlebank.ru Open in urlscan Pro
2a00:f940:2:2:1:4:0:101 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://my.modlebank.ru/pass.html
Submission Tags: 7185276
Submission: On June 19 via api (June 19th 2021, 2:17:43 am UTC) from NL

Summary HTTP 17 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 17 HTTP transactions. The main IP is 2a00:f940:2:2:1:4:0:101, located in Russian Federation and belongs to AS-REG, RU. The main domain is my.modlebank.ru.

This is the only time my.modlebank.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Modulbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
3	2a00:f940:2:2... 2a00:f940:2:2:1:4:0:101	197695 (AS-REG) (AS-REG)
4	212.193.146.102 212.193.146.102	34879 (CCT-AS NG...) (CCT-AS NGENIX)
17	3

3 2a00:f940:2:2:1:4:0:101 (Russian Federation)

ASN197695 (AS-REG, RU)

my.modlebank.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 212.193.146.102 (Russian Federation)

ASN34879 (CCT-AS NGENIX, RU)
PTR: cdn.ngenix.net

my.modulbank.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	modulbank.ru my.modulbank.ru	274 KB
3	modlebank.ru my.modlebank.ru	129 KB
0	Failed function sub() { [native code] }. Failed
17	3

	Domain	Requested by
4	my.modulbank.ru	my.modlebank.ru my.modulbank.ru
3	my.modlebank.ru	my.modlebank.ru
0	epebfcehmdedogndhlcacafjaacknbcm Failed	my.modlebank.ru
0	iifchhfnnmpdbibifmljnfjhpififfog Failed	my.modlebank.ru
17	4

This site contains links to these domains. Also see Links.

Domain
my.modulbank.ru
itunes.apple.com
play.google.com

Subject Issuer	Validity	Valid
www.my.modulbank.ru GlobalSign Extended Validation CA - SHA256 - G3	`2020-09-09` - `2021-10-11`	a year	crt.sh

This page contains 2 frames:

Primary Page: http://my.modlebank.ru/pass.html
Frame ID: EE5940744223A6737EAE950DF41FF3DF
Requests: 15 HTTP requests in this frame

Frame: http://my.modlebank.ru/password_files/saved_resource.html
Frame ID: 68E470AD8B9D4C5C8F6137D66759FF68
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

17
Requests

24 %
HTTPS

50 %
IPv6

3
Domains

4
Subdomains

3
IPs

1
Countries

403 kB
Transfer

1599 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://my.modulbank.ru/#/signin

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/ru/app/%D0%BC%D0%BE%D0%B4%D1%83%D0%BB%D1%8C%D0%B1%D0%B0%D0%BD%D0%BA/id1044155034?mt=8
Title: Загрузите в App Store

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=modulbank.ru.app
Title: Доступно в Google play

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request pass.html Show response
my.modlebank.ru/ 10 KB
4 KB 120ms
69ms Document
text/html 2a00:f940:2:2:1:4:0:101
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://my.modlebank.ru/pass.html
Protocol: HTTP/1.1
Server: 2a00:f940:2:2:1:4:0:101 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software: nginx /
Resource Hash: df20ee915224741d00203d88c7d434456833ae8a39b434118e0ea20745ffad97

Request headers

Host: my.modlebank.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx
Date: Sat, 19 Jun 2021 02:17:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 18 Jun 2021 06:22:26 GMT
Content-Encoding: gzip

GET
H/1.1 404
Not Found actions3.js
my.modulbank.ru/js/ 0
0 404ms
107ms Script
text/html 212.193.146.102
CCT-AS NGENIX

General

Check archive.org

Show headers Download Go to

Full URL: https://my.modulbank.ru/js/actions3.js
Requested by: Host: my.modlebank.ru
URL: http://my.modlebank.ru/pass.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 212.193.146.102 , Russian Federation, ASN34879 (CCT-AS NGENIX, RU),
Reverse DNS: cdn.ngenix.net
Software: /
Resource Hash

Request headers

Referer: http://my.modlebank.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200
OK vendor.css
my.modulbank.ru/css/ 28 KB
7 KB 384ms
87ms Stylesheet
text/css 212.193.146.102
CCT-AS NGENIX

General

Check archive.org

Show headers Download Go to

Full URL

https://my.modulbank.ru/css/vendor.css

Requested by

Host: my.modlebank.ru
URL: http://my.modlebank.ru/pass.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.193.146.102 , Russian Federation, ASN34879 (CCT-AS NGENIX, RU),

Reverse DNS

cdn.ngenix.net

Software

nginx /

Resource Hash

1e6c604752ca2ce41009d57329f8953ecb6f5586e152fa0d0989c420f00be4bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;, max-age=31536000
X-Content-Security-Policy	sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals allow-orientation-lock allow-pointer-lock allow-presentation allow-popups-to-escape-sandbox allow-top-navigation;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://my.modlebank.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 02:17:25 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-NGENIX-Cache: HIT
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 15 Jun 2021 05:30:44 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"60c83b04-716b"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubdomains;, max-age=31536000
Content-Type: text/css
Feature-Policy: geolocation: *;midi: self;notifications: *;push: *;sync-xhr: *;microphone: self;camera: *;magnetometer: self;gyroscope: self;speaker: self;vibrate: self;fullscreen: self;payment: *;accelerometer: self;ambient-light-sensor: self;encrypted-media: self;usb: self;vr: self;image-compression: *;autoplay: self;battery: self;
Content-Security-Policy-Report-Only: default-src * data: blob: 'self'; script-src cdn.carrotquest.io/api.min.js track.rtb-media.ru cloud.roistat.com track.adspire.io gstatic.com googleadservices.com *.googleapis.com *.yandex.ru yandexmetrica.com google-analytics.com googletagmanager.com *.ddmanager.ru *.modulbank.ru *.maps.yandex.net 'unsafe-inline' blob: data: 'self'; script-src-elem googletagmanager.com *.googleapis.com code.jquery.com gstatic.com track.adspire.io cloud.roistat.com track.rtb-media.ru *.yandex.ru googleadservices.com yandexmetrica.com *.modulbank.ru *.ddmanager.ru google-analytics.com googletagmanager.com cdn.carrotquest.io/api.min.js *.maps.yandex.net 'unsafe-inline' blob: data: 'self'; style-src data: blob: 'self' 'unsafe-inline' *.googleapis.com *.modulbank.ru; style-src-elem data: blob: 'self' 'unsafe-inline' *.googleapis.com *.modulbank.ru; connect-src pay.modulbank.ru modulbuh.ru modulkassa.ru modulbank.ru rko.modulbank.ru google-analytics.com google-analytics.bi.owox.com api.mixpanel.com *.yandex.ru *.modulbank.ru suggestions.dadata.ru stats.g.doubleclick.net blob: 'self'; frame-ancestors 'self'; report-uri https://o99014.ingest.sentry.io/api/217443/security/?sentry_key=bbc3dc19f0c34a6d98368069779e811f;
X-Content-Security-Policy: sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals allow-orientation-lock allow-pointer-lock allow-presentation allow-popups-to-escape-sandbox allow-top-navigation;

GET
H/1.1 200
OK main.css
my.modulbank.ru/css/ 972 KB
262 KB 404ms
108ms Stylesheet
text/css 212.193.146.102
CCT-AS NGENIX

General

Check archive.org

Show headers Download Go to

Full URL

https://my.modulbank.ru/css/main.css

Requested by

Host: my.modlebank.ru
URL: http://my.modlebank.ru/pass.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.193.146.102 , Russian Federation, ASN34879 (CCT-AS NGENIX, RU),

Reverse DNS

cdn.ngenix.net

Software

nginx /

Resource Hash

105b0c498eb9732ef875c94c1ebc9bc7f6393a5484fa6bbe75818dbe558112a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;, max-age=31536000
X-Content-Security-Policy	sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals allow-orientation-lock allow-pointer-lock allow-presentation allow-popups-to-escape-sandbox allow-top-navigation;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://my.modlebank.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 02:17:25 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-NGENIX-Cache: HIT
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 15 Jun 2021 05:30:44 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"60c83b04-f3050"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubdomains;, max-age=31536000
Content-Type: text/css
Feature-Policy: geolocation: *;midi: self;notifications: *;push: *;sync-xhr: *;microphone: self;camera: *;magnetometer: self;gyroscope: self;speaker: self;vibrate: self;fullscreen: self;payment: *;accelerometer: self;ambient-light-sensor: self;encrypted-media: self;usb: self;vr: self;image-compression: *;autoplay: self;battery: self;
Content-Security-Policy-Report-Only: default-src * data: blob: 'self'; script-src cdn.carrotquest.io/api.min.js track.rtb-media.ru cloud.roistat.com track.adspire.io gstatic.com googleadservices.com *.googleapis.com *.yandex.ru yandexmetrica.com google-analytics.com googletagmanager.com *.ddmanager.ru *.modulbank.ru *.maps.yandex.net 'unsafe-inline' blob: data: 'self'; script-src-elem googletagmanager.com *.googleapis.com code.jquery.com gstatic.com track.adspire.io cloud.roistat.com track.rtb-media.ru *.yandex.ru googleadservices.com yandexmetrica.com *.modulbank.ru *.ddmanager.ru google-analytics.com googletagmanager.com cdn.carrotquest.io/api.min.js *.maps.yandex.net 'unsafe-inline' blob: data: 'self'; style-src data: blob: 'self' 'unsafe-inline' *.googleapis.com *.modulbank.ru; style-src-elem data: blob: 'self' 'unsafe-inline' *.googleapis.com *.modulbank.ru; connect-src pay.modulbank.ru modulbuh.ru modulkassa.ru modulbank.ru rko.modulbank.ru google-analytics.com google-analytics.bi.owox.com api.mixpanel.com *.yandex.ru *.modulbank.ru suggestions.dadata.ru stats.g.doubleclick.net blob: 'self'; frame-ancestors 'self'; report-uri https://o99014.ingest.sentry.io/api/217443/security/?sentry_key=bbc3dc19f0c34a6d98368069779e811f;
X-Content-Security-Policy: sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals allow-orientation-lock allow-pointer-lock allow-presentation allow-popups-to-escape-sandbox allow-top-navigation;

GET nmcades_plugin_api.js
iifchhfnnmpdbibifmljnfjhpififfog/ 0
0

GET nmcades_plugin_api.js
epebfcehmdedogndhlcacafjaacknbcm/ 0
0

GET
H/1.1 404
Not Found saved_resource.html Show response
my.modlebank.ru/password_files/ Frame 68E4 292 KB
63 KB 81ms
81ms Document
text/html 2a00:f940:2:2:1:4:0:101
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://my.modlebank.ru/password_files/saved_resource.html
Requested by: Host: my.modlebank.ru
URL: http://my.modlebank.ru/pass.html
Protocol: HTTP/1.1
Server: 2a00:f940:2:2:1:4:0:101 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software: nginx /
Resource Hash: 10dd20a20e33eeccf2b13a185520bdc3521a3d684786168304ea94833bc67848

Request headers

Host: my.modlebank.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://my.modlebank.ru/pass.html
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://my.modlebank.ru/pass.html

Response headers

Server: nginx
Date: Sat, 19 Jun 2021 02:17:24 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 07 Jun 2021 08:02:54 GMT
Content-Encoding: gzip

GET
H/1.1 200
OK logo-solid.svg
my.modulbank.ru/images/logo/bank/ 5 KB
4 KB 88ms
87ms Image
image/svg+xml 212.193.146.102
CCT-AS NGENIX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.modulbank.ru/images/logo/bank/logo-solid.svg?4da0949

Requested by

Host: my.modulbank.ru
URL: https://my.modulbank.ru/css/main.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.193.146.102 , Russian Federation, ASN34879 (CCT-AS NGENIX, RU),

Reverse DNS

cdn.ngenix.net

Software

nginx /

Resource Hash

27730a2690dfa5d40f67f378b8299de04fea4d132d35cf427796021733ee191a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;, max-age=31536000
X-Content-Security-Policy	sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals allow-orientation-lock allow-pointer-lock allow-presentation allow-popups-to-escape-sandbox allow-top-navigation;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://my.modulbank.ru/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 02:17:25 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-NGENIX-Cache: HIT
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 15 Jun 2021 05:30:52 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"60c83b0c-1384"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubdomains;, max-age=31536000
Content-Type: image/svg+xml
Feature-Policy: geolocation: *;midi: self;notifications: *;push: *;sync-xhr: *;microphone: self;camera: *;magnetometer: self;gyroscope: self;speaker: self;vibrate: self;fullscreen: self;payment: *;accelerometer: self;ambient-light-sensor: self;encrypted-media: self;usb: self;vr: self;image-compression: *;autoplay: self;battery: self;
Content-Security-Policy-Report-Only: default-src * data: blob: 'self'; script-src cdn.carrotquest.io/api.min.js track.rtb-media.ru cloud.roistat.com track.adspire.io gstatic.com googleadservices.com *.googleapis.com *.yandex.ru yandexmetrica.com google-analytics.com googletagmanager.com *.ddmanager.ru *.modulbank.ru *.maps.yandex.net 'unsafe-inline' blob: data: 'self'; script-src-elem googletagmanager.com *.googleapis.com code.jquery.com gstatic.com track.adspire.io cloud.roistat.com track.rtb-media.ru *.yandex.ru googleadservices.com yandexmetrica.com *.modulbank.ru *.ddmanager.ru google-analytics.com googletagmanager.com cdn.carrotquest.io/api.min.js *.maps.yandex.net 'unsafe-inline' blob: data: 'self'; style-src data: blob: 'self' 'unsafe-inline' *.googleapis.com *.modulbank.ru; style-src-elem data: blob: 'self' 'unsafe-inline' *.googleapis.com *.modulbank.ru; connect-src pay.modulbank.ru modulbuh.ru modulkassa.ru modulbank.ru rko.modulbank.ru google-analytics.com google-analytics.bi.owox.com api.mixpanel.com *.yandex.ru *.modulbank.ru suggestions.dadata.ru stats.g.doubleclick.net blob: 'self'; frame-ancestors 'self'; report-uri https://o99014.ingest.sentry.io/api/217443/security/?sentry_key=bbc3dc19f0c34a6d98368069779e811f;
X-Content-Security-Policy: sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals allow-orientation-lock allow-pointer-lock allow-presentation allow-popups-to-escape-sandbox allow-top-navigation;

GET Roboto-Regular.woff2
my.modulbank.ru/fonts/ 0
0

GET Roboto-Medium.woff2
my.modulbank.ru/fonts/ 0
0

GET Montserrat-Bold.woff2
my.modulbank.ru/fonts/ 0
0

GET Roboto-Bold.woff2
my.modulbank.ru/fonts/ 0
0

GET
H/1.1 404
Not Found saved_resource.html Show response
my.modlebank.ru/password_files/ Frame 68E4 292 KB
63 KB 86ms
86ms Fetch
text/html 2a00:f940:2:2:1:4:0:101
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://my.modlebank.ru/password_files/saved_resource.html
Requested by: Host: my.modlebank.ru
URL: http://my.modlebank.ru/password_files/saved_resource.html
Protocol: HTTP/1.1
Server: 2a00:f940:2:2:1:4:0:101 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software: nginx /
Resource Hash: 10dd20a20e33eeccf2b13a185520bdc3521a3d684786168304ea94833bc67848

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: my.modlebank.ru
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://my.modlebank.ru/password_files/saved_resource.html
Connection: keep-alive
Cache-Control: no-cache
Referer: http://my.modlebank.ru/password_files/saved_resource.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 02:17:24 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Jun 2021 08:02:54 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

GET Roboto-Regular.woff
my.modulbank.ru/fonts/ 0
0

GET Roboto-Medium.woff
my.modulbank.ru/fonts/ 0
0

GET Montserrat-Bold.woff
my.modulbank.ru/fonts/ 0
0

GET Roboto-Bold.woff
my.modulbank.ru/fonts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: iifchhfnnmpdbibifmljnfjhpififfog
URL: chrome-extension://iifchhfnnmpdbibifmljnfjhpififfog/nmcades_plugin_api.js

Domain: epebfcehmdedogndhlcacafjaacknbcm
URL: chrome-extension://epebfcehmdedogndhlcacafjaacknbcm/nmcades_plugin_api.js

Domain: my.modulbank.ru
URL: https://my.modulbank.ru/fonts/Roboto-Regular.woff2

Domain: my.modulbank.ru
URL: https://my.modulbank.ru/fonts/Roboto-Medium.woff2

Domain: my.modulbank.ru
URL: https://my.modulbank.ru/fonts/Montserrat-Bold.woff2

Domain: my.modulbank.ru
URL: https://my.modulbank.ru/fonts/Roboto-Bold.woff2

Domain: my.modulbank.ru
URL: https://my.modulbank.ru/fonts/Roboto-Regular.woff

Domain: my.modulbank.ru
URL: https://my.modulbank.ru/fonts/Roboto-Medium.woff

Domain: my.modulbank.ru
URL: https://my.modulbank.ru/fonts/Montserrat-Bold.woff

Domain: my.modulbank.ru
URL: https://my.modulbank.ru/fonts/Roboto-Bold.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Modulbank (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

epebfcehmdedogndhlcacafjaacknbcm
iifchhfnnmpdbibifmljnfjhpififfog
my.modlebank.ru
my.modulbank.ru
epebfcehmdedogndhlcacafjaacknbcm
iifchhfnnmpdbibifmljnfjhpififfog
my.modulbank.ru
212.193.146.102
2a00:f940:2:2:1:4:0:101
105b0c498eb9732ef875c94c1ebc9bc7f6393a5484fa6bbe75818dbe558112a2
10dd20a20e33eeccf2b13a185520bdc3521a3d684786168304ea94833bc67848
1e6c604752ca2ce41009d57329f8953ecb6f5586e152fa0d0989c420f00be4bc
27730a2690dfa5d40f67f378b8299de04fea4d132d35cf427796021733ee191a
df20ee915224741d00203d88c7d434456833ae8a39b434118e0ea20745ffad97

my.modlebank.ru Open in urlscan Pro 2a00:f940:2:2:1:4:0:101 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

17 Requests

24 %HTTPS

50 %IPv6

3 Domains

4 Subdomains

3 IPs

1 Countries

403 kBTransfer

1599 kBSize

0 Cookies

3 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

Indicators

my.modlebank.ru Open in urlscan Pro
2a00:f940:2:2:1:4:0:101 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

24 %
HTTPS

50 %
IPv6

3
Domains

4
Subdomains

3
IPs

1
Countries

403 kB
Transfer

1599 kB
Size

0
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!