rozbiorki.pl Open in urlscan Pro
85.128.251.206 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://rozbiorki.pl/includes/iu/gtlert.html
Submission: On February 05 via manual (February 5th 2018, 1:38:51 pm UTC) from GB

Summary HTTP 18 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 18 HTTP transactions. The main IP is 85.128.251.206, located in Poland and belongs to NAZWA, PL. The main domain is rozbiorki.pl.

This is the only time rozbiorki.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: GTBank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	85.128.251.206 85.128.251.206	15967 (NAZWA) (NAZWA)
1 16	149.126.77.194 149.126.77.194	19551 (INCAPSULA) (INCAPSULA - Incapsula Inc)
18	3

1 85.128.251.206 (Poland)

ASN15967 (NAZWA, PL)
PTR: aoq206.rev.netart.pl

rozbiorki.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 149.126.77.194 (Frankfurt, Germany) 1 redirects

ASN19551 (INCAPSULA - Incapsula Inc, US)
PTR: 149.126.77.194.ip.incapdns.net

ibank.gtbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	gtbank.com 1 redirects ibank.gtbank.com iss.gtbank.com Failed	154 KB
1	rozbiorki.pl rozbiorki.pl	4 KB
18	2

	Domain	Requested by
16	ibank.gtbank.com	1 redirects rozbiorki.pl ibank.gtbank.com
1	rozbiorki.pl
0	iss.gtbank.com Failed	rozbiorki.pl
18	3

This site contains links to these domains. Also see Links.

Domain
www.gtbank.com

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://rozbiorki.pl/includes/iu/gtlert.html
Frame ID: (58FE4315D147F0F022268A24C6A95AF0)
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 50%
Detected patterns

html /<input[^>]+name="__VIEWSTATE/i

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<input[^>]+name="__VIEWSTATE/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

IIS (Web Servers) Expand

Overall confidence: 50%
Detected patterns

html /<input[^>]+name="__VIEWSTATE/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

18
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

157 kB
Transfer

257 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: http://www.gtbank.com/securitycentre
Title: READ MORE

Search URL Search Domain Scan URL

URL: http://www.gtbank.com/index.php/personalbanking/41-services/e-banking-services/254-token
Title: GET YOURS

Search URL Search Domain Scan URL

URL: http://www.gtbank.com/
Title: GTBANK.COM

Search URL Search Domain Scan URL

URL: http://www.gtbank.com/terms-conditions
Title: TERMS & CONDITIONS

Search URL Search Domain Scan URL

URL: http://www.gtbank.com/whistle-blower
Title: WHISTLE BLOWER

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://ibank.gtbank.com/ibank3/WebResource.axd?d=odj1PM6ZHPU7qvXI8G2nDRUEHWEYUa85agnpQXcjPawKuz288RP9GihfGPopdotNHoWSKEDi5ZdAttxeHKVrFmn5XlFUduOMsDAPH0GtuD81&t=635195493660000000 HTTP 302
https://ibank.gtbank.com/ibank3/Expiresession.aspx?aspxerrorpath=/ibank3/WebResource.axd

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request gtlert.html Show response rozbiorki.pl/includes/iu/	14 KB 4 KB	91ms 62ms	Document text/html	85.128.251.206 NAZWA
General Check archive.org Show headers Download Go to Full URL http://rozbiorki.pl/includes/iu/gtlert.html Protocol HTTP/1.1 Server 85.128.251.206 , Poland, ASN15967 (NAZWA, PL), Reverse DNS aoq206.rev.netart.pl Software Apache/2 / Resource Hash `c4b558a9514b28b61f77c929e1504b4830910c010300018d1f19208de76b6671` Request headers Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Connection keep-alive Accept-Encoding gzip, deflate Host rozbiorki.pl Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Mon, 05 Feb 2018 13:38:40 GMT Content-Encoding gzip Last-Modified Sun, 04 Feb 2018 10:57:33 GMT Server Apache/2 ETag "36ee-56460d011814f-gzip" Vary Accept-Encoding Content-Type text/html Connection keep-alive Accept-Ranges bytes Content-Length 3444
GET H/1.1	200 OK	Main.css ibank.gtbank.com/ibank3/Style/	46 KB 9 KB	675ms 468ms	Stylesheet text/css	149.126.77.194 Incapsula Inc
General Check archive.org Show headers Download Go to Full URL https://ibank.gtbank.com/ibank3/Style/Main.css Requested by Host: rozbiorki.pl URL: http://rozbiorki.pl/includes/iu/gtlert.html Protocol HTTP/1.1 Server 149.126.77.194 Frankfurt, Germany, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS 149.126.77.194.ip.incapdns.net Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `a6ae40cc001945c235eecbb1c338c87f3a623e947b46a5a75d84d809350df0dd` Request headers Referer http://rozbiorki.pl/includes/iu/gtlert.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Mon, 05 Feb 2018 13:38:39 GMT Content-Encoding gzip Last-Modified Thu, 03 Aug 2017 09:56:03 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "7e24bcb73ecd31:0" Transfer-Encoding chunked Content-Type text/css X-Iinfo 3-28068265-28068268 NNNN CT(106 228 0) RT(1517837919673 30) q(0 0 3 0) r(4 4) U5 Accept-Ranges bytes X-CDN Incapsula
GET H/1.1	200 OK	jquery.js Show response ibank.gtbank.com/ibank3/js/	90 KB 33 KB	689ms 482ms	Script application/javascript	149.126.77.194 Incapsula Inc
General Check archive.org Show headers Download Go to Full URL https://ibank.gtbank.com/ibank3/js/jquery.js Requested by Host: rozbiorki.pl URL: http://rozbiorki.pl/includes/iu/gtlert.html Protocol HTTP/1.1 Server 149.126.77.194 Frankfurt, Germany, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS 149.126.77.194.ip.incapdns.net Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `f76e9ad77bc5d73afc3d4208a860b9447a6e6a41fcfd8336a0ed30dd35252e82` Request headers Referer http://rozbiorki.pl/includes/iu/gtlert.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Mon, 05 Feb 2018 13:38:39 GMT Content-Encoding gzip Last-Modified Sun, 03 Aug 2014 06:16:36 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "2a82297be2aecf1:0" Transfer-Encoding chunked Content-Type application/javascript X-Iinfo 1-17312651-17312653 NNNN CT(105 231 0) RT(1517837919673 27) q(0 1 4 1) r(5 5) U5 Accept-Ranges bytes X-CDN Incapsula
GET H/1.1	200 OK	respond.min.js Show response ibank.gtbank.com/ibank3/js/	4 KB 3 KB	674ms 468ms	Script application/javascript	149.126.77.194 Incapsula Inc
General Check archive.org Show headers Download Go to Full URL https://ibank.gtbank.com/ibank3/js/respond.min.js Requested by Host: rozbiorki.pl URL: http://rozbiorki.pl/includes/iu/gtlert.html Protocol HTTP/1.1 Server 149.126.77.194 Frankfurt, Germany, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS 149.126.77.194.ip.incapdns.net Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `355d46f5be4da4152052ca59d5d1f3984c7fdc7e8c54e7c18cd545ce8215717f` Request headers Referer http://rozbiorki.pl/includes/iu/gtlert.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Mon, 05 Feb 2018 13:38:39 GMT Content-Encoding gzip Last-Modified Fri, 12 Apr 2013 07:31:14 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "04d41b64f37ce1:0" Transfer-Encoding chunked Content-Type application/javascript X-Iinfo 10-105703473-105703479 NNNN CT(106 228 0) RT(1517837919673 31) q(0 0 3 1) r(4 4) U5 Accept-Ranges bytes X-CDN Incapsula
GET H/1.1	200 OK	Expiresession.aspx Show response ibank.gtbank.com/ibank3/ Redirect Chain https://ibank.gtbank.com/ibank3/WebResource.axd?d=odj1PM6ZHPU7qvXI8G2nDRUEHWEYUa85agnpQXcjPawKuz288RP9GihfGPopdotNHoWSKEDi5ZdAttxeHKVrFmn5XlFUduOMsDAPH0GtuD81&t=635195493660000000 https://ibank.gtbank.com/ibank3/Expiresession.aspx?aspxerrorpath=/ibank3/WebResource.axd	0 2 KB	118ms 118ms	Script text/html	149.126.77.194 Incapsula Inc
General Check archive.org Show headers Download Go to Full URL https://ibank.gtbank.com/ibank3/Expiresession.aspx?aspxerrorpath=/ibank3/WebResource.axd Requested by Host: rozbiorki.pl URL: http://rozbiorki.pl/includes/iu/gtlert.html Protocol HTTP/1.1 Server 149.126.77.194 Frankfurt, Germany, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS 149.126.77.194.ip.incapdns.net Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://rozbiorki.pl/includes/iu/gtlert.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Pragma no-cache Date Mon, 05 Feb 2018 13:38:40 GMT Content-Encoding gzip Server Microsoft-IIS/8.5 X-AspNet-Version 4.0.30319 X-Powered-By ASP.NET Transfer-Encoding chunked Content-Type text/html; charset=utf-8 X-Iinfo 10-105703474-105703480 ENNN RT(1517837919673 525) q(0 0 0 -1) r(2 2) U5 Cache-Control no-cache X-CDN Incapsula Expires -1 Redirect headers Date Mon, 05 Feb 2018 13:38:39 GMT Server Microsoft-IIS/8.5 X-AspNet-Version 4.0.30319 X-Powered-By ASP.NET Content-Type text/html; charset=utf-8 Location /ibank3/Expiresession.aspx?aspxerrorpath=/ibank3/WebResource.axd X-Iinfo 10-105703474-105703480 NNNN CT(106 228 0) RT(1517837919673 32) q(0 0 3 1) r(4 4) U5 Cache-Control private Content-Length 181 X-CDN Incapsula
GET H/1.1	200 OK	ad_trsf.gif ibank.gtbank.com/ibank3/img/ads/	4 KB 4 KB	115ms 115ms	Image image/gif	149.126.77.194 Incapsula Inc
General Check archive.org Show headers Download Go to Show image Full URL https://ibank.gtbank.com/ibank3/img/ads/ad_trsf.gif Requested by Host: rozbiorki.pl URL: http://rozbiorki.pl/includes/iu/gtlert.html Protocol HTTP/1.1 Server 149.126.77.194 Frankfurt, Germany, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS 149.126.77.194.ip.incapdns.net Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `743a83264054a31c77a0a44d2f81e2527d057deed27ea4904865809fcdb18375` Request headers Referer http://rozbiorki.pl/includes/iu/gtlert.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Mon, 05 Feb 2018 13:38:40 GMT Last-Modified Tue, 25 Feb 2014 18:13:00 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "0de64375532cf1:0" Content-Type image/gif X-Iinfo 3-28068265-28068268 ENNN RT(1517837919673 712) q(0 0 0 -1) r(1 1) U5 Accept-Ranges bytes Content-Length 3781 X-CDN Incapsula
GET H/1.1	200 OK	mobile_tab.jpg ibank.gtbank.com/ibank3/img/adverts/280x650/	29 KB 29 KB	117ms 117ms	Image image/jpeg	149.126.77.194 Incapsula Inc
General Check archive.org Show headers Download Go to Show image Full URL https://ibank.gtbank.com/ibank3/img/adverts/280x650/mobile_tab.jpg Requested by Host: rozbiorki.pl URL: http://rozbiorki.pl/includes/iu/gtlert.html Protocol HTTP/1.1 Server 149.126.77.194 Frankfurt, Germany, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS 149.126.77.194.ip.incapdns.net Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `6a2d62f4c5772cd0e3d1e8dc3ff014b71e0bd3392525efc9cbcb43d4cf0a5607` Request headers Referer http://rozbiorki.pl/includes/iu/gtlert.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Mon, 05 Feb 2018 13:38:40 GMT Last-Modified Tue, 28 Oct 2014 19:12:43 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "1855ca26e3f2cf1:0" Content-Type image/jpeg X-Iinfo 3-28068265-28068268 ENNN RT(1517837919673 827) q(0 0 0 -1) r(1 1) U5 Accept-Ranges bytes Content-Length 29481 X-CDN Incapsula
GET H/1.1	200 OK	mobile.jpg ibank.gtbank.com/ibank3/img/adverts/280x650/	59 KB 60 KB	120ms 120ms	Image image/jpeg	149.126.77.194 Incapsula Inc
General Check archive.org Show headers Download Go to Show image Full URL https://ibank.gtbank.com/ibank3/img/adverts/280x650/mobile.jpg Requested by Host: rozbiorki.pl URL: http://rozbiorki.pl/includes/iu/gtlert.html Protocol HTTP/1.1 Server 149.126.77.194 Frankfurt, Germany, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS 149.126.77.194.ip.incapdns.net Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `27ea81aa6109aee663f9b2675f0894bdb48a72ea2c718bc6c10188b4ce5646cb` Request headers Referer http://rozbiorki.pl/includes/iu/gtlert.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Mon, 05 Feb 2018 13:38:40 GMT Last-Modified Wed, 13 Aug 2014 15:47:19 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "5cf849dddb7cf1:0" Content-Type image/jpeg X-Iinfo 1-17312651-17312653 ENNN RT(1517837919673 878) q(0 0 0 -1) r(1 1) U5 Accept-Ranges bytes Content-Length 60877 X-CDN Incapsula
GET		hI5.js iss.gtbank.com/24684/	0 0

GET		k1Y.js iss.gtbank.com/24684/	0 0

GET H/1.1	200 OK	logo.png ibank.gtbank.com/ibank3/img/	3 KB 3 KB	117ms 116ms	Image image/png	149.126.77.194 Incapsula Inc
General Check archive.org Show headers Download Go to Show image Full URL https://ibank.gtbank.com/ibank3/img/logo.png Requested by Host: rozbiorki.pl URL: http://rozbiorki.pl/includes/iu/gtlert.html Protocol HTTP/1.1 Server 149.126.77.194 Frankfurt, Germany, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS 149.126.77.194.ip.incapdns.net Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `736f03dc62c4d15eb44d93effa1b31bedfc4ad84db8f95d6e33eef2a8196b558` Request headers Referer https://ibank.gtbank.com/ibank3/Style/Main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Mon, 05 Feb 2018 13:38:40 GMT Last-Modified Fri, 14 Jun 2013 07:29:50 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "eba5b0f4d068ce1:0" Content-Type image/png X-Iinfo 10-105703474-105703480 ENNN RT(1517837919673 882) q(0 0 0 -1) r(1 1) U5 Accept-Ranges bytes Content-Length 3054 X-CDN Incapsula
GET H/1.1	200 OK	ibtext2.png ibank.gtbank.com/ibank3/img/	1 KB 2 KB	117ms 116ms	Image image/png	149.126.77.194 Incapsula Inc
General Check archive.org Show headers Download Go to Show image Full URL https://ibank.gtbank.com/ibank3/img/ibtext2.png Requested by Host: rozbiorki.pl URL: http://rozbiorki.pl/includes/iu/gtlert.html Protocol HTTP/1.1 Server 149.126.77.194 Frankfurt, Germany, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS 149.126.77.194.ip.incapdns.net Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `8356754f7a7240986d4cc59157aafea4258eea9d2a56550ea19d08a60a4af73c` Request headers Referer https://ibank.gtbank.com/ibank3/Style/Main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Mon, 05 Feb 2018 13:38:40 GMT Last-Modified Thu, 11 Jul 2013 14:38:00 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "1ae4613e447ece1:0" Content-Type image/png X-Iinfo 10-105703473-105703479 ENNN RT(1517837919673 883) q(0 0 0 -1) r(1 1) U5 Accept-Ranges bytes Content-Length 1269 X-CDN Incapsula
GET H/1.1	200 OK	gradbg.png ibank.gtbank.com/ibank3/img/	183 B 527 B	252ms 113ms	Image image/png	149.126.77.194 Incapsula Inc
General Check archive.org Show headers Download Go to Show image Full URL https://ibank.gtbank.com/ibank3/img/gradbg.png Requested by Host: rozbiorki.pl URL: http://rozbiorki.pl/includes/iu/gtlert.html Protocol HTTP/1.1 Server 149.126.77.194 Frankfurt, Germany, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS 149.126.77.194.ip.incapdns.net Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `aaeaf8ebf5b61080b3e1f7e675c85a42e051d4edb6183efb8968900198659dc2` Request headers Referer https://ibank.gtbank.com/ibank3/Style/Main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Mon, 05 Feb 2018 13:38:40 GMT Last-Modified Fri, 14 Jun 2013 07:31:36 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "f167d033d168ce1:0" Content-Type image/png X-Iinfo 6-39408661-39408664 ENNN RT(1517837920560 132) q(0 0 0 -1) r(1 1) U5 Accept-Ranges bytes Content-Length 183 X-CDN Incapsula
GET H/1.1	200 OK	greenbg.png ibank.gtbank.com/ibank3/img/	519 B 862 B	251ms 112ms	Image image/png	149.126.77.194 Incapsula Inc
General Check archive.org Show headers Download Go to Show image Full URL https://ibank.gtbank.com/ibank3/img/greenbg.png Requested by Host: rozbiorki.pl URL: http://rozbiorki.pl/includes/iu/gtlert.html Protocol HTTP/1.1 Server 149.126.77.194 Frankfurt, Germany, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS 149.126.77.194.ip.incapdns.net Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `82b0d37da2dc26e64e5afae54b3c708fb49ee464bc8c58ec1ab01559c700776b` Request headers Referer https://ibank.gtbank.com/ibank3/Style/Main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Mon, 05 Feb 2018 13:38:40 GMT Last-Modified Fri, 14 Jun 2013 07:31:32 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "b171731d168ce1:0" Content-Type image/png X-Iinfo 9-95627334-95627335 ENNN RT(1517837920560 132) q(0 0 0 -1) r(1 1) U5 Accept-Ranges bytes Content-Length 519 X-CDN Incapsula
GET H/1.1	200 OK	keybg.png ibank.gtbank.com/ibank3/img/	147 B 499 B	128ms 124ms	Image image/png	149.126.77.194 Incapsula Inc
General Check archive.org Show headers Download Go to Show image Full URL https://ibank.gtbank.com/ibank3/img/keybg.png Requested by Host: rozbiorki.pl URL: http://rozbiorki.pl/includes/iu/gtlert.html Protocol HTTP/1.1 Server 149.126.77.194 Frankfurt, Germany, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS 149.126.77.194.ip.incapdns.net Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `efda1329039625b6b665fcc93e49a3f29dead8c49636f9a238ebe4b100301728` Request headers Referer https://ibank.gtbank.com/ibank3/Style/Main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Mon, 05 Feb 2018 13:38:40 GMT Last-Modified Fri, 14 Jun 2013 07:31:32 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "30666b31d168ce1:0" Content-Type image/png X-Iinfo 9-95627334-95627335 NNNN CT(0 0 0) RT(1517837920560 8) q(0 0 0 -1) r(1 1) U5 Accept-Ranges bytes Content-Length 147 X-CDN Incapsula
GET H/1.1	200 OK	footbg.png ibank.gtbank.com/ibank3/img/	331 B 683 B	127ms 124ms	Image image/png	149.126.77.194 Incapsula Inc
General Check archive.org Show headers Download Go to Show image Full URL https://ibank.gtbank.com/ibank3/img/footbg.png Requested by Host: rozbiorki.pl URL: http://rozbiorki.pl/includes/iu/gtlert.html Protocol HTTP/1.1 Server 149.126.77.194 Frankfurt, Germany, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS 149.126.77.194.ip.incapdns.net Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `9a7ca670add876603d9cfa2e106953f42d420ee481ff01ebabe686e97d902539` Request headers Referer https://ibank.gtbank.com/ibank3/Style/Main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Mon, 05 Feb 2018 13:38:40 GMT Last-Modified Fri, 14 Jun 2013 07:31:37 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "95ee7b34d168ce1:0" Content-Type image/png X-Iinfo 6-39408661-39408664 NNNN CT(0 0 0) RT(1517837920560 9) q(0 0 0 -1) r(1 1) U5 Accept-Ranges bytes Content-Length 331 X-CDN Incapsula
GET H/1.1	200 OK	token.png ibank.gtbank.com/ibank3/img/	3 KB 4 KB	207ms 112ms	Image image/png	149.126.77.194 Incapsula Inc
General Check archive.org Show headers Download Go to Show image Full URL https://ibank.gtbank.com/ibank3/img/token.png Requested by Host: ibank.gtbank.com URL: https://ibank.gtbank.com/ibank3/js/jquery.js Protocol HTTP/1.1 Server 149.126.77.194 Frankfurt, Germany, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS 149.126.77.194.ip.incapdns.net Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `b7fa39a9767692ee74840315b88d6d92a72b7a7dfa619aead9b954a39a2a92ee` Request headers Referer https://ibank.gtbank.com/ibank3/Style/Main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Mon, 05 Feb 2018 13:38:40 GMT Last-Modified Fri, 14 Jun 2013 08:12:26 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "b77e41e8d668ce1:0" Content-Type image/png X-Iinfo 10-105703473-105703479 ENNN RT(1517837919673 998) q(0 0 0 -1) r(1 1) U5 Accept-Ranges bytes Content-Length 3469 X-CDN Incapsula
GET H/1.1	200 OK	shield.png ibank.gtbank.com/ibank3/img/	2 KB 2 KB	206ms 111ms	Image image/png	149.126.77.194 Incapsula Inc
General Check archive.org Show headers Download Go to Show image Full URL https://ibank.gtbank.com/ibank3/img/shield.png Requested by Host: ibank.gtbank.com URL: https://ibank.gtbank.com/ibank3/js/jquery.js Protocol HTTP/1.1 Server 149.126.77.194 Frankfurt, Germany, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS 149.126.77.194.ip.incapdns.net Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `53920bb8e98d002e6b57db8a516efe8835c6bda241020cc64ffad5ef4c5c28f9` Request headers Referer https://ibank.gtbank.com/ibank3/Style/Main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Mon, 05 Feb 2018 13:38:40 GMT Last-Modified Fri, 14 Jun 2013 07:29:45 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "891d4bf1d068ce1:0" Content-Type image/png X-Iinfo 10-105703474-105703480 ENNN RT(1517837919673 998) q(0 0 0 -1) r(1 1) U5 Accept-Ranges bytes Content-Length 2153 X-CDN Incapsula

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: iss.gtbank.com
URL: http://iss.gtbank.com/24684/hI5.js

Domain: iss.gtbank.com
URL: http://iss.gtbank.com/24684/k1Y.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: GTBank (Banking)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ibank.gtbank.com
iss.gtbank.com
rozbiorki.pl
iss.gtbank.com
149.126.77.194
85.128.251.206
27ea81aa6109aee663f9b2675f0894bdb48a72ea2c718bc6c10188b4ce5646cb
355d46f5be4da4152052ca59d5d1f3984c7fdc7e8c54e7c18cd545ce8215717f
53920bb8e98d002e6b57db8a516efe8835c6bda241020cc64ffad5ef4c5c28f9
6a2d62f4c5772cd0e3d1e8dc3ff014b71e0bd3392525efc9cbcb43d4cf0a5607
736f03dc62c4d15eb44d93effa1b31bedfc4ad84db8f95d6e33eef2a8196b558
743a83264054a31c77a0a44d2f81e2527d057deed27ea4904865809fcdb18375
82b0d37da2dc26e64e5afae54b3c708fb49ee464bc8c58ec1ab01559c700776b
8356754f7a7240986d4cc59157aafea4258eea9d2a56550ea19d08a60a4af73c
9a7ca670add876603d9cfa2e106953f42d420ee481ff01ebabe686e97d902539
a6ae40cc001945c235eecbb1c338c87f3a623e947b46a5a75d84d809350df0dd
aaeaf8ebf5b61080b3e1f7e675c85a42e051d4edb6183efb8968900198659dc2
b7fa39a9767692ee74840315b88d6d92a72b7a7dfa619aead9b954a39a2a92ee
c4b558a9514b28b61f77c929e1504b4830910c010300018d1f19208de76b6671
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
efda1329039625b6b665fcc93e49a3f29dead8c49636f9a238ebe4b100301728
f76e9ad77bc5d73afc3d4208a860b9447a6e6a41fcfd8336a0ed30dd35252e82

rozbiorki.pl Open in urlscan Pro 85.128.251.206 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

18 Requests

0 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

3 IPs

2 Countries

157 kBTransfer

257 kBSize

0 Cookies

5 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

0 Cookies

Indicators

rozbiorki.pl Open in urlscan Pro
85.128.251.206 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

157 kB
Transfer

257 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!