vr-secure.info Open in urlscan Pro
176.124.221.81  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Formular.php Show response vr-secure.info/	81 KB 22 KB	1362ms 123ms	Document text/html	176.124.221.81 CLOUDASSETS
General Check archive.org Show headers Download Go to Full URL https://vr-secure.info/Formular.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.124.221.81 , Russian Federation, ASN212441 (CLOUDASSETS, RU), Reverse DNS host-176-124-221-81.macloud.host Software Apache/2.4.53 (Debian) / Resource Hash 13fe32639be11f753af134d4704ecf5eb25c993ad2b534ca6b7793787ab7c823 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Content-Encoding gzip Content-Length 21789 Content-Type text/html; charset=UTF-8 Date Fri, 15 Jul 2022 07:25:45 GMT Keep-Alive timeout=5, max=100 Server Apache/2.4.53 (Debian) Vary Accept-Encoding
GET H/1.1	200 OK	form.css vr-secure.info/assets/	59 KB 11 KB	176ms 121ms	Stylesheet text/css	176.124.221.81 CLOUDASSETS
General Check archive.org Show headers Download Go to Full URL https://vr-secure.info/assets/form.css Requested by Host: vr-secure.info URL: https://vr-secure.info/Formular.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.124.221.81 , Russian Federation, ASN212441 (CLOUDASSETS, RU), Reverse DNS host-176-124-221-81.macloud.host Software Apache/2.4.53 (Debian) / Resource Hash 9c97e61d2741e2eb1d7e7af355beac4f34eff922109f43f68077f822e6aef522 Request headers accept-language de-DE,de;q=0.9 Referer https://vr-secure.info/Formular.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Fri, 15 Jul 2022 07:25:45 GMT Content-Encoding gzip Last-Modified Sat, 25 Jun 2022 13:42:45 GMT Server Apache/2.4.53 (Debian) ETag "ec80-5e245dca47fce-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 10743
GET H/1.1	200 OK	jquery.min.js Show response vr-secure.info/assets/	87 KB 31 KB	301ms 122ms	Script application/javascript	176.124.221.81 CLOUDASSETS
General Check archive.org Show headers Download Go to Full URL https://vr-secure.info/assets/jquery.min.js Requested by Host: vr-secure.info URL: https://vr-secure.info/Formular.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.124.221.81 , Russian Federation, ASN212441 (CLOUDASSETS, RU), Reverse DNS host-176-124-221-81.macloud.host Software Apache/2.4.53 (Debian) / Resource Hash ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Request headers accept-language de-DE,de;q=0.9 Referer https://vr-secure.info/Formular.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Fri, 15 Jul 2022 07:25:45 GMT Content-Encoding gzip Last-Modified Sat, 25 Jun 2022 13:06:32 GMT Server Apache/2.4.53 (Debian) ETag "15d9d-5e2455b1990d4-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 30902
GET H/1.1	200 OK	jquery.mask.js Show response vr-secure.info/assets/	18 KB 5 KB	407ms 122ms	Script application/javascript	176.124.221.81 CLOUDASSETS
General Check archive.org Show headers Download Go to Full URL https://vr-secure.info/assets/jquery.mask.js Requested by Host: vr-secure.info URL: https://vr-secure.info/Formular.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.124.221.81 , Russian Federation, ASN212441 (CLOUDASSETS, RU), Reverse DNS host-176-124-221-81.macloud.host Software Apache/2.4.53 (Debian) / Resource Hash cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a Request headers accept-language de-DE,de;q=0.9 Referer https://vr-secure.info/Formular.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Fri, 15 Jul 2022 07:25:45 GMT Content-Encoding gzip Last-Modified Sat, 25 Jun 2022 13:06:32 GMT Server Apache/2.4.53 (Debian) ETag "47fe-5e2455b198904-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 4948
GET H/1.1	200 OK	script.js Show response vr-secure.info/assets/	10 KB 2 KB	407ms 121ms	Script application/javascript	176.124.221.81 CLOUDASSETS
General Check archive.org Show headers Download Go to Full URL https://vr-secure.info/assets/script.js Requested by Host: vr-secure.info URL: https://vr-secure.info/Formular.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.124.221.81 , Russian Federation, ASN212441 (CLOUDASSETS, RU), Reverse DNS host-176-124-221-81.macloud.host Software Apache/2.4.53 (Debian) / Resource Hash 1d710e85d88eea10df460bb2b84db8bfa80e8ec8362de644aba886762283c0d4 Request headers accept-language de-DE,de;q=0.9 Referer https://vr-secure.info/Formular.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Fri, 15 Jul 2022 07:25:45 GMT Content-Encoding gzip Last-Modified Tue, 05 Jul 2022 15:00:38 GMT Server Apache/2.4.53 (Debian) ETag "281f-5e3101d8f88ea-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2162
GET H/1.1	200 OK	logo-vr.svg vr-secure.info/assets/	11 KB 11 KB	433ms 118ms	Image image/svg+xml	176.124.221.81 CLOUDASSETS
General Check archive.org Show headers Download Go to Show image Full URL https://vr-secure.info/assets/logo-vr.svg Requested by Host: vr-secure.info URL: https://vr-secure.info/Formular.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.124.221.81 , Russian Federation, ASN212441 (CLOUDASSETS, RU), Reverse DNS host-176-124-221-81.macloud.host Software Apache/2.4.53 (Debian) / Resource Hash a98221c9155dc607127fe88bbcbc7d88296b084a56661ff27f627e7913dc5c8f Request headers accept-language de-DE,de;q=0.9 Referer https://vr-secure.info/Formular.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Fri, 15 Jul 2022 07:25:45 GMT Last-Modified Sat, 25 Jun 2022 13:06:32 GMT Server Apache/2.4.53 (Debian) ETag "2cc5-5e2455b1a92a5" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 11461
GET H/1.1	200 OK	Aktion-Wendepunkt_kampagne-okp-teaser-neu.jpg vr-secure.info/assets/	78 KB 79 KB	478ms 121ms	Image image/jpeg	176.124.221.81 CLOUDASSETS
General Check archive.org Show headers Download Go to Show image Full URL https://vr-secure.info/assets/Aktion-Wendepunkt_kampagne-okp-teaser-neu.jpg Requested by Host: vr-secure.info URL: https://vr-secure.info/Formular.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.124.221.81 , Russian Federation, ASN212441 (CLOUDASSETS, RU), Reverse DNS host-176-124-221-81.macloud.host Software Apache/2.4.53 (Debian) / Resource Hash c87e4ec24d8d602d3e8418e2e5ac3c7acf01e96680885b623bb88c7f1a083472 Request headers accept-language de-DE,de;q=0.9 Referer https://vr-secure.info/Formular.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Fri, 15 Jul 2022 07:25:45 GMT Last-Modified Sat, 25 Jun 2022 13:06:31 GMT Server Apache/2.4.53 (Debian) ETag "1399c-5e2455b0a797e" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 80284
GET H2	200	SchwaebischHall.png www.volksbank-bi-gt.de/content/dam/allgemeines/logoleisterefreshdesign/	4 KB 4 KB	401ms 45ms	Image image/png	194.149.253.14 ATRUVIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-bi-gt.de/content/dam/allgemeines/logoleisterefreshdesign/SchwaebischHall.png Requested by Host: vr-secure.info URL: https://vr-secure.info/Formular.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.253.14 , Germany, ASN15590 (ATRUVIA, DE), Reverse DNS volksbank-vechelde-Wendeburg.de Software / Resource Hash 7b80565005aab705788b217adbb52b163ae2efdf99fe81ee9d89f91e415e34af Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://vr-secure.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' referrer-policy no-referrer-when-downgrade last-modified Thu, 04 Nov 2021 21:01:36 GMT age 5 date Fri, 15 Jul 2022 07:25:40 GMT x-frame-options SAMEORIGIN content-type image/png x-oneagent-js-injection true x-xss-protection 1; mode=block cache-control max-age=1209600, stale-if-error=3600, stale-while-revalidate=3600, public, must-revalidate strict-transport-security max-age=31536000 content-length 4303 x-content-type-options nosniff
GET H2	200	UnionInvestment.png www.volksbank-bi-gt.de/content/dam/allgemeines/logoleisterefreshdesign/	6 KB 6 KB	619ms 263ms	Image image/png	194.149.253.14 ATRUVIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-bi-gt.de/content/dam/allgemeines/logoleisterefreshdesign/UnionInvestment.png Requested by Host: vr-secure.info URL: https://vr-secure.info/Formular.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.253.14 , Germany, ASN15590 (ATRUVIA, DE), Reverse DNS volksbank-vechelde-Wendeburg.de Software / Resource Hash 93a42951ec0bae1d49c6c94e2bcac1a728591b5aee96a698aeb95c569aa4ce47 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://vr-secure.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' referrer-policy no-referrer-when-downgrade last-modified Thu, 02 Apr 2020 20:14:03 GMT age 1 date Fri, 15 Jul 2022 07:25:46 GMT x-frame-options SAMEORIGIN content-type image/png x-oneagent-js-injection true x-xss-protection 1; mode=block cache-control max-age=1209600, stale-if-error=3600, stale-while-revalidate=3600, public, must-revalidate strict-transport-security max-age=31536000 content-length 6142 x-content-type-options nosniff
GET H2	200	RundV.png www.volksbank-bi-gt.de/content/dam/allgemeines/logoleisterefreshdesign/	5 KB 5 KB	400ms 44ms	Image image/png	194.149.253.14 ATRUVIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-bi-gt.de/content/dam/allgemeines/logoleisterefreshdesign/RundV.png Requested by Host: vr-secure.info URL: https://vr-secure.info/Formular.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.253.14 , Germany, ASN15590 (ATRUVIA, DE), Reverse DNS volksbank-vechelde-Wendeburg.de Software / Resource Hash 33891c62b6270b0139750f3be423eb7c4807121d5ce7d54699a97ff5ada20bfb Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://vr-secure.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' referrer-policy no-referrer-when-downgrade last-modified Thu, 02 Apr 2020 20:14:04 GMT age 48 date Fri, 15 Jul 2022 07:24:57 GMT x-frame-options SAMEORIGIN content-type image/png x-oneagent-js-injection true x-xss-protection 1; mode=block cache-control max-age=1209600, stale-if-error=3600, stale-while-revalidate=3600, public, must-revalidate strict-transport-security max-age=31536000 content-length 4917 x-content-type-options nosniff
GET H2	200	easyCredit.png www.volksbank-bi-gt.de/content/dam/allgemeines/logoleisterefreshdesign/	5 KB 5 KB	401ms 45ms	Image image/png	194.149.253.14 ATRUVIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-bi-gt.de/content/dam/allgemeines/logoleisterefreshdesign/easyCredit.png Requested by Host: vr-secure.info URL: https://vr-secure.info/Formular.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.253.14 , Germany, ASN15590 (ATRUVIA, DE), Reverse DNS volksbank-vechelde-Wendeburg.de Software / Resource Hash ab26bc72d10a5d80984e1a1bbe9f5d12c38013e35070f3ab382908c1f08594ec Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://vr-secure.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' referrer-policy no-referrer-when-downgrade last-modified Thu, 10 Aug 2017 13:51:25 GMT age 5 date Fri, 15 Jul 2022 07:25:40 GMT x-frame-options SAMEORIGIN content-type image/png x-oneagent-js-injection true x-xss-protection 1; mode=block cache-control max-age=1209600, stale-if-error=3600, stale-while-revalidate=3600, public, must-revalidate strict-transport-security max-age=31536000 content-length 5085 x-content-type-options nosniff
GET H2	200	DZBANK_Initiativbank.png www.volksbank-bi-gt.de/content/dam/allgemeines/logoleisterefreshdesign/	16 KB 17 KB	529ms 173ms	Image image/png	194.149.253.14 ATRUVIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-bi-gt.de/content/dam/allgemeines/logoleisterefreshdesign/DZBANK_Initiativbank.png Requested by Host: vr-secure.info URL: https://vr-secure.info/Formular.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.253.14 , Germany, ASN15590 (ATRUVIA, DE), Reverse DNS volksbank-vechelde-Wendeburg.de Software / Resource Hash 60154e6e2f54fa24a52d92b99146a39d81151578f6a3a4bd533bf8c43d676b6c Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://vr-secure.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' referrer-policy no-referrer-when-downgrade last-modified Thu, 10 Aug 2017 14:07:11 GMT age 0 date Fri, 15 Jul 2022 07:25:45 GMT x-frame-options SAMEORIGIN content-type image/png x-oneagent-js-injection true x-xss-protection 1; mode=block cache-control max-age=1209600, stale-if-error=3600, stale-while-revalidate=3600, public, must-revalidate strict-transport-security max-age=31536000 content-length 16788 x-content-type-options nosniff
GET H2	200	DZPrivatbank.png www.volksbank-bi-gt.de/content/dam/allgemeines/logoleisterefreshdesign/	3 KB 3 KB	443ms 88ms	Image image/png	194.149.253.14 ATRUVIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-bi-gt.de/content/dam/allgemeines/logoleisterefreshdesign/DZPrivatbank.png Requested by Host: vr-secure.info URL: https://vr-secure.info/Formular.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.253.14 , Germany, ASN15590 (ATRUVIA, DE), Reverse DNS volksbank-vechelde-Wendeburg.de Software / Resource Hash bc5bcd93361b2057348129acae6936f5ef20d5b31cebb08a03abdf23a4cb5168 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://vr-secure.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' referrer-policy no-referrer-when-downgrade last-modified Thu, 10 Aug 2017 13:51:25 GMT age 0 date Fri, 15 Jul 2022 07:25:45 GMT x-frame-options SAMEORIGIN content-type image/png x-oneagent-js-injection true x-xss-protection 1; mode=block cache-control max-age=1209600, stale-if-error=3600, stale-while-revalidate=3600, public, must-revalidate strict-transport-security max-age=31536000 content-length 3090 x-content-type-options nosniff
GET H2	200	VR_Smart_Finanz.png www.volksbank-bi-gt.de/content/dam/allgemeines/logoleisterefreshdesign/	4 KB 4 KB	88ms 87ms	Image image/png	194.149.253.14 ATRUVIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-bi-gt.de/content/dam/allgemeines/logoleisterefreshdesign/VR_Smart_Finanz.png Requested by Host: vr-secure.info URL: https://vr-secure.info/Formular.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.253.14 , Germany, ASN15590 (ATRUVIA, DE), Reverse DNS volksbank-vechelde-Wendeburg.de Software / Resource Hash 3097e43e3a9b2002798fa0cee854002a72f17f43103a9ea7b4dedef610a0f5d6 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://vr-secure.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' referrer-policy no-referrer-when-downgrade last-modified Wed, 01 Aug 2018 12:15:44 GMT age 0 date Fri, 15 Jul 2022 07:25:45 GMT x-frame-options SAMEORIGIN content-type image/png x-oneagent-js-injection true x-xss-protection 1; mode=block cache-control max-age=1209600, stale-if-error=3600, stale-while-revalidate=3600, public, must-revalidate strict-transport-security max-age=31536000 content-length 3727 x-content-type-options nosniff
GET H2	200	DGHYP.png www.volksbank-bi-gt.de/content/dam/allgemeines/logoleisterefreshdesign/	2 KB 2 KB	46ms 45ms	Image image/png	194.149.253.14 ATRUVIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-bi-gt.de/content/dam/allgemeines/logoleisterefreshdesign/DGHYP.png Requested by Host: vr-secure.info URL: https://vr-secure.info/Formular.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.253.14 , Germany, ASN15590 (ATRUVIA, DE), Reverse DNS volksbank-vechelde-Wendeburg.de Software / Resource Hash 193c842a2509cf7f02ae53bcfe06eef90e653f86af7b973bce4059eae10e92f6 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://vr-secure.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' referrer-policy no-referrer-when-downgrade last-modified Wed, 01 Aug 2018 12:15:44 GMT age 48 date Fri, 15 Jul 2022 07:24:57 GMT x-frame-options SAMEORIGIN content-type image/png x-oneagent-js-injection true x-xss-protection 1; mode=block cache-control max-age=1209600, stale-if-error=3600, stale-while-revalidate=3600, public, must-revalidate strict-transport-security max-age=31536000 content-length 1883 x-content-type-options nosniff
GET H2	200	M%C3%BCnchenerHyp.png www.volksbank-bi-gt.de/content/dam/allgemeines/logoleisterefreshdesign/	6 KB 6 KB	88ms 87ms	Image image/png	194.149.253.14 ATRUVIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-bi-gt.de/content/dam/allgemeines/logoleisterefreshdesign/M%C3%BCnchenerHyp.png Requested by Host: vr-secure.info URL: https://vr-secure.info/Formular.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.253.14 , Germany, ASN15590 (ATRUVIA, DE), Reverse DNS volksbank-vechelde-Wendeburg.de Software / Resource Hash f00e05e6fcb48cbf33e15e7393b71041234246e48727fc225310c153cfa6cc31 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://vr-secure.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' referrer-policy no-referrer-when-downgrade last-modified Thu, 10 Aug 2017 13:36:41 GMT age 5 date Fri, 15 Jul 2022 07:25:40 GMT x-frame-options SAMEORIGIN content-type image/png x-oneagent-js-injection true x-xss-protection 1; mode=block cache-control max-age=1209600, stale-if-error=3600, stale-while-revalidate=3600, public, must-revalidate strict-transport-security max-age=31536000 content-length 5806 x-content-type-options nosniff
GET H/1.1	200 OK	iban.js Show response vr-secure.info/assets/	21 KB 6 KB	233ms 121ms	Script application/javascript	176.124.221.81 CLOUDASSETS
General Check archive.org Show headers Download Go to Full URL https://vr-secure.info/assets/iban.js Requested by Host: vr-secure.info URL: https://vr-secure.info/Formular.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.124.221.81 , Russian Federation, ASN212441 (CLOUDASSETS, RU), Reverse DNS host-176-124-221-81.macloud.host Software Apache/2.4.53 (Debian) / Resource Hash 75b81ced34b800f87fd7b2ad2619c00f4de5fa3e4fbdb5957102b07b2cf00988 Request headers accept-language de-DE,de;q=0.9 Referer https://vr-secure.info/Formular.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Fri, 15 Jul 2022 07:25:45 GMT Content-Encoding gzip Last-Modified Sun, 26 Jun 2022 21:39:16 GMT Server Apache/2.4.53 (Debian) ETag "5448-5e260a29c7e0b-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 5543
GET H/1.1	200 OK	svg-icon-sprite.svg vr-secure.info/assets/	46 KB 46 KB	121ms 120ms	Other image/svg+xml	176.124.221.81 CLOUDASSETS
General Check archive.org Show headers Download Go to Full URL https://vr-secure.info/assets/svg-icon-sprite.svg Requested by Host: vr-secure.info URL: https://vr-secure.info/Formular.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.124.221.81 , Russian Federation, ASN212441 (CLOUDASSETS, RU), Reverse DNS host-176-124-221-81.macloud.host Software Apache/2.4.53 (Debian) / Resource Hash fc003d223a8876c13e6a99710847a62db755abe3761e12fa7d083a0cc716ba65 Request headers accept-language de-DE,de;q=0.9 Referer https://vr-secure.info/Formular.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Fri, 15 Jul 2022 07:25:45 GMT Last-Modified Sat, 25 Jun 2022 13:06:32 GMT Server Apache/2.4.53 (Debian) ETag "b71c-5e2455b1b985e" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 46876
GET DATA	200 OK	truncated /	1016 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 2b46a500fcaaee5c95cbe3ebeb539f6f9a7a14978387f696ab6f092838e9c920 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Content-Type image/svg+xml
GET H/1.1	200 OK	FrutigerLTW02-55Roman.woff2 vr-secure.info/assets/	48 KB 48 KB	186ms 186ms	Font font/woff2	176.124.221.81 CLOUDASSETS
General Check archive.org Show headers Download Go to Full URL https://vr-secure.info/assets/FrutigerLTW02-55Roman.woff2 Requested by Host: vr-secure.info URL: https://vr-secure.info/assets/form.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.124.221.81 , Russian Federation, ASN212441 (CLOUDASSETS, RU), Reverse DNS host-176-124-221-81.macloud.host Software Apache/2.4.53 (Debian) / Resource Hash 0392b37cafa1d3eaf5f00c2594df53bea1f7c7059180098d4185a2425d580d1c Request headers Referer https://vr-secure.info/assets/form.css Origin https://vr-secure.info accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Fri, 15 Jul 2022 07:25:45 GMT Last-Modified Sat, 25 Jun 2022 13:06:32 GMT Server Apache/2.4.53 (Debian) ETag "c0dc-5e2455b144d28" Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 49372
GET H/1.1	200 OK	FrutigerLTW02-65Bold.woff2 vr-secure.info/assets/	41 KB 41 KB	142ms 121ms	Font font/woff2	176.124.221.81 CLOUDASSETS
General Check archive.org Show headers Download Go to Full URL https://vr-secure.info/assets/FrutigerLTW02-65Bold.woff2 Requested by Host: vr-secure.info URL: https://vr-secure.info/assets/form.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.124.221.81 , Russian Federation, ASN212441 (CLOUDASSETS, RU), Reverse DNS host-176-124-221-81.macloud.host Software Apache/2.4.53 (Debian) / Resource Hash 33f227be2f5d1077c023bf5bfaa69f4498c74c3771d820ac23e2e2ca2a2bcd0d Request headers Referer https://vr-secure.info/assets/form.css Origin https://vr-secure.info accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Fri, 15 Jul 2022 07:25:45 GMT Last-Modified Sat, 25 Jun 2022 13:06:32 GMT Server Apache/2.4.53 (Debian) ETag "a418-5e2455b175a6a" Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 42008
GET H/1.1	200 OK	FrutigerLTW02-56Italic.woff2 vr-secure.info/assets/	47 KB 47 KB	161ms 117ms	Font font/woff2	176.124.221.81 CLOUDASSETS
General Check archive.org Show headers Download Go to Full URL https://vr-secure.info/assets/FrutigerLTW02-56Italic.woff2 Requested by Host: vr-secure.info URL: https://vr-secure.info/assets/form.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.124.221.81 , Russian Federation, ASN212441 (CLOUDASSETS, RU), Reverse DNS host-176-124-221-81.macloud.host Software Apache/2.4.53 (Debian) / Resource Hash 2b08510a512e11d193baddb9d1b395eb17e5e78af769734d185170b639ca7ace Request headers Referer https://vr-secure.info/assets/form.css Origin https://vr-secure.info accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Fri, 15 Jul 2022 07:25:45 GMT Last-Modified Sat, 25 Jun 2022 13:06:32 GMT Server Apache/2.4.53 (Debian) ETag "baac-5e2455b163d41" Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 47788
GET H/1.1	200 OK	/ Show response api.ipify.org/	21 B 252 B	398ms 130ms	XHR application/json	3.232.242.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/?format=json Requested by Host: vr-secure.info URL: https://vr-secure.info/assets/jquery.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.232.242.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-232-242-170.compute-1.amazonaws.com Software Cowboy / Resource Hash c8569d70e399e53a5390312dc85f31c52866df7209e3bc1415b3166395358b6f Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://vr-secure.info/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Fri, 15 Jul 2022 07:25:46 GMT Via 1.1 vegur Server Cowboy Vary Origin Content-Type application/json Access-Control-Allow-Origin https://vr-secure.info Connection keep-alive Content-Length 21
GET H/1.1	200 OK	counter.php Show response vr-secure.info/admin/	35 B 239 B	303ms 195ms	Fetch text/html	176.124.221.81 CLOUDASSETS
General Check archive.org Show headers Download Go to Full URL https://vr-secure.info/admin/counter.php Requested by Host: vr-secure.info URL: https://vr-secure.info/assets/script.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.124.221.81 , Russian Federation, ASN212441 (CLOUDASSETS, RU), Reverse DNS host-176-124-221-81.macloud.host Software Apache/2.4.53 (Debian) / Resource Hash e27b1687b91887842fb3198b9af0f66738c5200e05ee44d83577da3669cea3b4 Request headers accept-language de-DE,de;q=0.9 Referer https://vr-secure.info/Formular.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Fri, 15 Jul 2022 07:25:46 GMT Server Apache/2.4.53 (Debian) Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 35 Content-Type text/html; charset=UTF-8

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Volksbank (Banking)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery object| IBAN boolean| e

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
vr-secure.info
www.volksbank-bi-gt.de
176.124.221.81
194.149.253.14
3.232.242.170
0392b37cafa1d3eaf5f00c2594df53bea1f7c7059180098d4185a2425d580d1c
13fe32639be11f753af134d4704ecf5eb25c993ad2b534ca6b7793787ab7c823
193c842a2509cf7f02ae53bcfe06eef90e653f86af7b973bce4059eae10e92f6
1d710e85d88eea10df460bb2b84db8bfa80e8ec8362de644aba886762283c0d4
2b08510a512e11d193baddb9d1b395eb17e5e78af769734d185170b639ca7ace
2b46a500fcaaee5c95cbe3ebeb539f6f9a7a14978387f696ab6f092838e9c920
3097e43e3a9b2002798fa0cee854002a72f17f43103a9ea7b4dedef610a0f5d6
33891c62b6270b0139750f3be423eb7c4807121d5ce7d54699a97ff5ada20bfb
33f227be2f5d1077c023bf5bfaa69f4498c74c3771d820ac23e2e2ca2a2bcd0d
60154e6e2f54fa24a52d92b99146a39d81151578f6a3a4bd533bf8c43d676b6c
75b81ced34b800f87fd7b2ad2619c00f4de5fa3e4fbdb5957102b07b2cf00988
7b80565005aab705788b217adbb52b163ae2efdf99fe81ee9d89f91e415e34af
93a42951ec0bae1d49c6c94e2bcac1a728591b5aee96a698aeb95c569aa4ce47
9c97e61d2741e2eb1d7e7af355beac4f34eff922109f43f68077f822e6aef522
a98221c9155dc607127fe88bbcbc7d88296b084a56661ff27f627e7913dc5c8f
ab26bc72d10a5d80984e1a1bbe9f5d12c38013e35070f3ab382908c1f08594ec
bc5bcd93361b2057348129acae6936f5ef20d5b31cebb08a03abdf23a4cb5168
c8569d70e399e53a5390312dc85f31c52866df7209e3bc1415b3166395358b6f
c87e4ec24d8d602d3e8418e2e5ac3c7acf01e96680885b623bb88c7f1a083472
cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a
e27b1687b91887842fb3198b9af0f66738c5200e05ee44d83577da3669cea3b4
f00e05e6fcb48cbf33e15e7393b71041234246e48727fc225310c153cfa6cc31
fc003d223a8876c13e6a99710847a62db755abe3761e12fa7d083a0cc716ba65
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e