176.121.14.62 Open in urlscan Pro
176.121.14.62 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://176.121.14.62/cb/
Effective URL:
http://176.121.14.62/cb/login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf
Submission: On March 17 via manual (March 17th 2022, 8:56:13 am UTC) from DE — Scanned from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 176.121.14.62, located in Ukraine and belongs to FLOWSPEC-AS, UA. The main domain is 176.121.14.62.

This is the only time 176.121.14.62 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Commerzbank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 9	176.121.14.62 176.121.14.62		210138 (FLOWSPEC-AS) (FLOWSPEC-AS)
10	2

9 176.121.14.62 (Ukraine) 1 redirects

ASN210138 (FLOWSPEC-AS, UA)

176.121.14.62	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
0	shell.com Failed shell.com Failed
10	1

	Domain	Requested by
0	shell.com Failed	176.121.14.62
10	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://176.121.14.62/cb/login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf
Frame ID: E2BE793EF3CA56EF04EA32C32F939BD6
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Anmeldung zum Online Banking - Commerzbank

Page URL History Show full URLs

http://176.121.14.62/cb/ HTTP 302
http://176.121.14.62/cb/login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

10
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

397 kB
Transfer

1088 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://176.121.14.62/cb/ HTTP 302
http://176.121.14.62/cb/login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

http://176.121.14.62/portal/media/system/fonts/icons_woff.woff HTTP 302
https://shell.com/

Request Chain 8

http://176.121.14.62/portal/media/system/fonts/icons_ttf.ttf HTTP 302
https://shell.com/

10 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login_pk.php Show response 176.121.14.62/cb/ Redirect Chain http://176.121.14.62/cb/ http://176.121.14.62/cb/login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf	11 KB 4 KB	327ms 326ms	Document text/html	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://176.121.14.62/cb/login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `71e95757025de90e9e5093d6ad8c66ec787fdc3525971fcc2377942d8f04fa27` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Server nginx/1.10.3 Date Thu, 17 Mar 2022 08:55:56 GMT Content-Type text/html; charset=UTF-8 Content-Length 3303 Connection keep-alive Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Vary Accept-Encoding Content-Encoding gzip Redirect headers Server nginx/1.10.3 Date Thu, 17 Mar 2022 08:55:56 GMT Content-Type text/html; charset=UTF-8 Content-Length 0 Connection keep-alive Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Location login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf
GET H/1.1	200 OK	tJdCpYM7SGe20sBJgYtX.css 176.121.14.62/cb/src/css/	381 KB 115 KB	280ms 279ms	Stylesheet text/css	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://176.121.14.62/cb/src/css/tJdCpYM7SGe20sBJgYtX.css Requested by Host: 176.121.14.62 URL: http://176.121.14.62/cb/login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `37029498cede60fe98173c612d3b41877740516fe8cdde316a8e43eb80cc28c0` Request headers Accept-Language de-DE,de;q=0.9 Referer http://176.121.14.62/cb/login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Thu, 17 Mar 2022 08:55:57 GMT Content-Encoding gzip Last-Modified Sat, 26 Nov 2016 23:54:28 GMT Server nginx/1.10.3 ETag "5f4ce-5423cf5829500-gzip" Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive Accept-Ranges bytes
GET H/1.1	200 OK	eXEMAagyc9A6IDGQYnxk.css 176.121.14.62/cb/src/css/	397 KB 116 KB	380ms 319ms	Stylesheet text/css	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://176.121.14.62/cb/src/css/eXEMAagyc9A6IDGQYnxk.css Requested by Host: 176.121.14.62 URL: http://176.121.14.62/cb/login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `303ab70f60742854a5aa23682e17cd05f9e93bac543aecc351c953f37f36a79c` Request headers Accept-Language de-DE,de;q=0.9 Referer http://176.121.14.62/cb/login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Thu, 17 Mar 2022 08:55:57 GMT Content-Encoding gzip Last-Modified Sat, 26 Nov 2016 23:54:28 GMT Server nginx/1.10.3 ETag "6320a-5423cf5829500-gzip" Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive Accept-Ranges bytes
GET H/1.1	200 OK	KLSH9j2z1n0ZoPmJ9Aii.css 176.121.14.62/cb/src/css/	2 KB 973 B	383ms 322ms	Stylesheet text/css	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://176.121.14.62/cb/src/css/KLSH9j2z1n0ZoPmJ9Aii.css Requested by Host: 176.121.14.62 URL: http://176.121.14.62/cb/login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `615e9d2fb7a23014dbb2dd4414147fd07fa9caa925ae4a749ba4df4dc7911563` Request headers Accept-Language de-DE,de;q=0.9 Referer http://176.121.14.62/cb/login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Thu, 17 Mar 2022 08:55:57 GMT Content-Encoding gzip Last-Modified Sat, 26 Nov 2016 23:54:28 GMT Server nginx/1.10.3 ETag "93f-5423cf5829500-gzip" Vary Accept-Encoding Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 679
GET H/1.1	200 OK	EB83Vkm5YXkNloOPt5mJ.css 176.121.14.62/cb/src/css/	227 KB 91 KB	334ms 272ms	Stylesheet text/css	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://176.121.14.62/cb/src/css/EB83Vkm5YXkNloOPt5mJ.css Requested by Host: 176.121.14.62 URL: http://176.121.14.62/cb/login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `cd6b884b7d3fbcbb7e38a6f82ed7f6f8d0ec401c0ce38b91ced696cc8f485f79` Request headers Accept-Language de-DE,de;q=0.9 Referer http://176.121.14.62/cb/login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Thu, 17 Mar 2022 08:55:57 GMT Content-Encoding gzip Last-Modified Sat, 26 Nov 2016 23:54:28 GMT Server nginx/1.10.3 ETag "38a89-5423cf5829500-gzip" Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive Accept-Ranges bytes
GET H/1.1	200 OK	logo_big_svg.svg 176.121.14.62/cb/src/img/	17 KB 17 KB	393ms 331ms	Image image/svg+xml	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Show image Full URL http://176.121.14.62/cb/src/img/logo_big_svg.svg Requested by Host: 176.121.14.62 URL: http://176.121.14.62/cb/login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `d28263b118f646cc7c098e5b8c09f994fe27585f541a90f02423b9246621c0d2` Request headers Accept-Language de-DE,de;q=0.9 Referer http://176.121.14.62/cb/login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Thu, 17 Mar 2022 08:55:57 GMT Last-Modified Sat, 19 Nov 2016 14:41:46 GMT Server nginx/1.10.3 ETag "42a8-541a86c02fe80" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 17064
GET H/1.1	200 OK	bg_metanav_gif.gif 176.121.14.62/cb/src/img/	1 KB 1 KB	273ms 273ms	Image image/gif	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Show image Full URL http://176.121.14.62/cb/src/img/bg_metanav_gif.gif Requested by Host: 176.121.14.62 URL: http://176.121.14.62/cb/src/css/eXEMAagyc9A6IDGQYnxk.css Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `ae247f0ee2d331e7f89a54b2d683589de735b83bda69b00b29bf728e1cc31e75` Request headers Accept-Language de-DE,de;q=0.9 Referer http://176.121.14.62/cb/src/css/eXEMAagyc9A6IDGQYnxk.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Thu, 17 Mar 2022 08:55:57 GMT Last-Modified Sat, 19 Nov 2016 14:55:38 GMT Server nginx/1.10.3 ETag "464-541a89d9a4e80" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 1124
GET		/ shell.com/ Redirect Chain http://176.121.14.62/portal/media/system/fonts/icons_woff.woff https://shell.com/	0 0

GET DATA	200 OK	truncated /	17 KB 17 KB		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8e0cac4821c935482392023f91f3c6814b9c2337ec4dabadf995b5fb95f61a75` Request headers Referer http://176.121.14.62/ Origin http://176.121.14.62 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Content-Type application/x-font-woff
GET		/ shell.com/ Redirect Chain http://176.121.14.62/portal/media/system/fonts/icons_ttf.ttf https://shell.com/	0 0

GET H/1.1	200 OK	icons_woff.woff 176.121.14.62/cb/src/css/	36 KB 36 KB	271ms 271ms	Font application/font-woff	176.121.14.62 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL http://176.121.14.62/cb/src/css/icons_woff.woff Requested by Host: 176.121.14.62 URL: http://176.121.14.62/cb/src/css/tJdCpYM7SGe20sBJgYtX.css Protocol HTTP/1.1 Server 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software nginx/1.10.3 / Resource Hash `3d7409b8a77b69c365c5cd5f0770468a606fdfd0b2d590ea91146dcc88fe1b81` Request headers Referer http://176.121.14.62/cb/src/css/tJdCpYM7SGe20sBJgYtX.css Origin http://176.121.14.62 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Thu, 17 Mar 2022 08:55:58 GMT Last-Modified Sat, 19 Nov 2016 14:53:46 GMT Server nginx/1.10.3 ETag "8f00-541a896ed5280" Content-Type application/font-woff Connection keep-alive Accept-Ranges bytes Content-Length 36608

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: shell.com
URL: https://shell.com/

Domain: shell.com
URL: https://shell.com/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Commerzbank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			176.121.14.62/	1969-12-31 23:59:59	Name: PHPSESSID Value: 380lhpiq7og684kiukujkndii4

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: http://176.121.14.62/cb/login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf Message: Access to font at 'https://shell.com/' (redirected from 'http://176.121.14.62/portal/media/system/fonts/icons_woff.woff') from origin 'http://176.121.14.62' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://shell.com/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://176.121.14.62/cb/login_pk.php?lp=RJ17BVjekqzOdxyvgmALfianl6phUS&pk?=QEKoAyinRIqJ4l9bMLtf Message: Access to font at 'https://shell.com/' (redirected from 'http://176.121.14.62/portal/media/system/fonts/icons_ttf.ttf') from origin 'http://176.121.14.62' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://shell.com/ Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

shell.com
shell.com
176.121.14.62
303ab70f60742854a5aa23682e17cd05f9e93bac543aecc351c953f37f36a79c
37029498cede60fe98173c612d3b41877740516fe8cdde316a8e43eb80cc28c0
3d7409b8a77b69c365c5cd5f0770468a606fdfd0b2d590ea91146dcc88fe1b81
615e9d2fb7a23014dbb2dd4414147fd07fa9caa925ae4a749ba4df4dc7911563
71e95757025de90e9e5093d6ad8c66ec787fdc3525971fcc2377942d8f04fa27
8e0cac4821c935482392023f91f3c6814b9c2337ec4dabadf995b5fb95f61a75
ae247f0ee2d331e7f89a54b2d683589de735b83bda69b00b29bf728e1cc31e75
cd6b884b7d3fbcbb7e38a6f82ed7f6f8d0ec401c0ce38b91ced696cc8f485f79
d28263b118f646cc7c098e5b8c09f994fe27585f541a90f02423b9246621c0d2

176.121.14.62 Open in urlscan Pro 176.121.14.62 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

397 kBTransfer

1088 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

4 Console Messages

Indicators

176.121.14.62 Open in urlscan Pro
176.121.14.62 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

397 kB
Transfer

1088 kB
Size

1
Cookies

10 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!