urlscan.io logo urlscan.io
SecurityTrails logo

meine-postbank-de.herokuapp.com Open in urlscan Pro
54.72.108.52  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://meine-postbank-de.herokuapp.com/sms.php
Submission: On July 26 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 54.72.108.52, located in Dublin, Ireland and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is meine-postbank-de.herokuapp.com.
This is the only time meine-postbank-de.herokuapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Postbank (Banking)

Domain & IP information

IP Address AS Autonomous System
4 54.72.108.52 16509 (AMAZON-02)
2 160.83.8.182 8373 (DEUBA-NET...)
7 3
Apex Domain
Subdomains		 Transfer
4 herokuapp.com
meine-postbank-de.herokuapp.com
404 KB
2 postbank.de
www.postbank.de
271 KB
0 jquery.com Failed
code.jquery.com Failed
7 3
Domain Requested by
4 meine-postbank-de.herokuapp.com meine-postbank-de.herokuapp.com
2 www.postbank.de meine-postbank-de.herokuapp.com
0 code.jquery.com Failed meine-postbank-de.herokuapp.com
7 3

This site contains no links.

Subject Issuer Validity Valid

1970-01-01 -
1970-01-01		 a few seconds crt.sh
www.postbank.de
DigiCert SHA2 Extended Validation Server CA		 2018-07-05 -
2020-07-05		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://meine-postbank-de.herokuapp.com/sms.php
Frame ID: D20C1302FCD8794D8F063B081923D337
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

7
Requests

29 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

675 kB
Transfer

673 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request sms.php
meine-postbank-de.herokuapp.com/ 		16 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://meine-postbank-de.herokuapp.com/sms.php
Protocol
HTTP/1.1
Server
54.72.108.52 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-72-108-52.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
a5840fa24a0315ef18819430fddd1256d1aa8fa7326b727410878f311ed49f58

Request headers

Host
meine-postbank-de.herokuapp.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Connection
keep-alive
Date
Fri, 26 Jul 2019 12:35:19 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Via
1.1 vegur
jquery-3.3.1.min.js
code.jquery.com/ 		0
0
index.production.css
meine-postbank-de.herokuapp.com/bundles/@pbs/iob5Frame-common/lib/runtime/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://meine-postbank-de.herokuapp.com/bundles/@pbs/iob5Frame-common/lib/runtime/index.production.css
Requested by
Host: meine-postbank-de.herokuapp.com
URL: http://meine-postbank-de.herokuapp.com/sms.php
Protocol
HTTP/1.1
Security
, ,
Server
54.72.108.52 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-72-108-52.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
36cabf2967728d7f474777e2793de7881353ba63487f93d157587df886315791

Request headers

Referer
http://meine-postbank-de.herokuapp.com/sms.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date
Fri, 26 Jul 2019 12:35:19 GMT
Via
1.1 vegur
Last-Modified
Wed, 24 Jul 2019 23:46:58 GMT
Server
Apache
Etag
"ada-58e75ecc1e080"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2778
index.production.css
meine-postbank-de.herokuapp.com/bundles/@pbs/iob5Frame-dependencies/lib/runtime/ 		379 KB
379 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://meine-postbank-de.herokuapp.com/bundles/@pbs/iob5Frame-dependencies/lib/runtime/index.production.css
Requested by
Host: meine-postbank-de.herokuapp.com
URL: http://meine-postbank-de.herokuapp.com/sms.php
Protocol
HTTP/1.1
Security
, ,
Server
54.72.108.52 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-72-108-52.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
2b6765fddb3cc26e57bd32f6a1532d7af96fa38dd85965157ea08c0e64bd3659

Request headers

Referer
http://meine-postbank-de.herokuapp.com/sms.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date
Fri, 26 Jul 2019 12:35:19 GMT
Via
1.1 vegur
Last-Modified
Wed, 24 Jul 2019 23:46:58 GMT
Server
Apache
Etag
"5ec1c-58e75ecc1e080"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
388124
logo-claim.svg
meine-postbank-de.herokuapp.com/bundles/@pbs/iob5Frame-dependencies/lib/runtime/assets/pbs_patternlib_react/pattern-library/images/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://meine-postbank-de.herokuapp.com/bundles/@pbs/iob5Frame-dependencies/lib/runtime/assets/pbs_patternlib_react/pattern-library/images/logo-claim.svg
Requested by
Host: meine-postbank-de.herokuapp.com
URL: http://meine-postbank-de.herokuapp.com/sms.php
Protocol
HTTP/1.1
Security
, ,
Server
54.72.108.52 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-72-108-52.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
1ad849d8a916dcde00adb1ee3d0f21c7f636a98b7b2c49f57194f245d37b2e91

Request headers

Referer
http://meine-postbank-de.herokuapp.com/sms.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date
Fri, 26 Jul 2019 12:35:19 GMT
Via
1.1 vegur
Last-Modified
Wed, 24 Jul 2019 23:46:58 GMT
Server
Apache
Etag
"18ff-58e75ecc1e080"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6399
iob_5_sicherheitshinweis.jpg
www.postbank.de/privatkunden/images/ 		186 KB
187 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.postbank.de/privatkunden/images/iob_5_sicherheitshinweis.jpg
Requested by
Host: meine-postbank-de.herokuapp.com
URL: http://meine-postbank-de.herokuapp.com/sms.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.83.8.182 , United States, ASN8373 (DEUBA-NET Germany, DE),
Reverse DNS
Software
Apache /
Resource Hash
946660bb68994bd9480fd5822b55ebd2907bcf76927305e84f47c20431568789
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://meine-postbank-de.herokuapp.com/sms.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date
Fri, 26 Jul 2019 12:35:19 GMT
Last-Modified
Mon, 03 Jun 2019 08:49:28 GMT
Server
Apache
DB-Nickname
VTJGc2RHVmtYMThmTWNrUzZsck13dThJbFhMSER1eURUWUIydndjcmNJZz0=
Strict-Transport-Security
max-age=31536000
Upgrade
h2,h2c
Cache-Control
must-revalidate, private
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
image/jpeg
Keep-Alive
timeout=5, max=100
Content-Length
190704
Expires
-1
iob_5_login.jpg
www.postbank.de/privatkunden/images/ 		83 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.postbank.de/privatkunden/images/iob_5_login.jpg
Requested by
Host: meine-postbank-de.herokuapp.com
URL: http://meine-postbank-de.herokuapp.com/sms.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.83.8.182 , United States, ASN8373 (DEUBA-NET Germany, DE),
Reverse DNS
Software
Apache /
Resource Hash
60ec2afa50c04c023edfef83b2df47fced2f5ae7a7efa1bd0e63fc2a28fce6ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://meine-postbank-de.herokuapp.com/sms.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date
Fri, 26 Jul 2019 12:35:19 GMT
Last-Modified
Wed, 05 Sep 2018 08:59:03 GMT
Server
Apache
DB-Nickname
VTJGc2RHVmtYMThmTWNrUzZsck13dThJbFhMSER1eURUWUIydndjcmNJZz0=
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
must-revalidate, private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
85472
Expires
-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
code.jquery.com
URL
https://code.jquery.com/jquery-3.3.1.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Postbank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

0 Cookies