meine-postbank-de.herokuapp.com
Open in
urlscan Pro
54.72.108.52
Malicious Activity!
Public Scan
Submission: On July 26 via manual from US
Summary
This is the only time meine-postbank-de.herokuapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Postbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 54.72.108.52 54.72.108.52 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
2 | 160.83.8.182 160.83.8.182 | 8373 (DEUBA-NET...) (DEUBA-NET Germany) | |
7 | 3 |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-72-108-52.eu-west-1.compute.amazonaws.com
meine-postbank-de.herokuapp.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
herokuapp.com
meine-postbank-de.herokuapp.com |
404 KB |
2 |
postbank.de
www.postbank.de |
271 KB |
0 |
jquery.com
Failed
code.jquery.com Failed |
|
7 | 3 |
Domain | Requested by | |
---|---|---|
4 | meine-postbank-de.herokuapp.com |
meine-postbank-de.herokuapp.com
|
2 | www.postbank.de |
meine-postbank-de.herokuapp.com
|
0 | code.jquery.com Failed |
meine-postbank-de.herokuapp.com
|
7 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh | |
www.postbank.de DigiCert SHA2 Extended Validation Server CA |
2018-07-05 - 2020-07-05 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://meine-postbank-de.herokuapp.com/sms.php
Frame ID: D20C1302FCD8794D8F063B081923D337
Requests: 7 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
sms.php
meine-postbank-de.herokuapp.com/ |
16 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery-3.3.1.min.js
code.jquery.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.production.css
meine-postbank-de.herokuapp.com/bundles/@pbs/iob5Frame-common/lib/runtime/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.production.css
meine-postbank-de.herokuapp.com/bundles/@pbs/iob5Frame-dependencies/lib/runtime/ |
379 KB 379 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-claim.svg
meine-postbank-de.herokuapp.com/bundles/@pbs/iob5Frame-dependencies/lib/runtime/assets/pbs_patternlib_react/pattern-library/images/ |
6 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iob_5_sicherheitshinweis.jpg
www.postbank.de/privatkunden/images/ |
186 KB 187 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iob_5_login.jpg
www.postbank.de/privatkunden/images/ |
83 KB 84 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- code.jquery.com
- URL
- https://code.jquery.com/jquery-3.3.1.min.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Postbank (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
meine-postbank-de.herokuapp.com
www.postbank.de
code.jquery.com
160.83.8.182
54.72.108.52
1ad849d8a916dcde00adb1ee3d0f21c7f636a98b7b2c49f57194f245d37b2e91
2b6765fddb3cc26e57bd32f6a1532d7af96fa38dd85965157ea08c0e64bd3659
36cabf2967728d7f474777e2793de7881353ba63487f93d157587df886315791
60ec2afa50c04c023edfef83b2df47fced2f5ae7a7efa1bd0e63fc2a28fce6ae
946660bb68994bd9480fd5822b55ebd2907bcf76927305e84f47c20431568789
a5840fa24a0315ef18819430fddd1256d1aa8fa7326b727410878f311ed49f58