spk-reaktivierung.de Open in urlscan Pro
2606:4700:3030::ac43:d520 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://spk-reaktivierung.de/
Effective URL:
https://spk-reaktivierung.de/
Submission: On November 29 via automatic, source openphish (November 29th 2022, 1:24:08 pm UTC) — Scanned from DE

Summary HTTP 5 Redirects Links 36 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 2606:4700:3030::ac43:d520, located in United States and belongs to CLOUDFLARENET, US. The main domain is spk-reaktivierung.de.
TLS certificate: Issued by GTS CA 1P5 on November 26th 2022. Valid for: 3 months.

This is the only time spk-reaktivierung.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sparkasse (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3036::6815:3587	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:303... 2606:4700:3030::ac43:d520	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	1

1 2606:4700:3036::6815:3587 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

spk-reaktivierung.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3030::ac43:d520 (United States)

ASN13335 (CLOUDFLARENET, US)

spk-reaktivierung.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	spk-reaktivierung.de 1 redirects spk-reaktivierung.de	20 KB
5	1

	Domain	Requested by
6	spk-reaktivierung.de	1 redirects spk-reaktivierung.de
5	1

This site contains links to these domains. Also see Links.

Domain
www.sparkasse.de

Subject Issuer	Validity	Valid
*.spk-reaktivierung.de GTS CA 1P5	`2022-11-26` - `2023-02-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://spk-reaktivierung.de/
Frame ID: 077D2B6BFF281DCE2F03AAF8104BD39F
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sparkasse PushTAN

Page URL History Show full URLs

http://spk-reaktivierung.de/ HTTP 301
https://spk-reaktivierung.de/ Page URL

Page Statistics

5
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

19 kB
Transfer

45 kB
Size

0
Cookies

36 Outgoing links

These are links going to different origins than the main page.

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/rund-ums-konto/online-banking.html
Title: Online-Banking

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/rund-ums-konto/girokonto.html
Title: Girokonto

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/rund-ums-konto/tagesgeldkonto.html
Title: Tagesgeldkonto

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/sparen-anlegen/festgeldkonto.html
Title: Festgeldkonto

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/sparen-anlegen/sparbuch.html
Title: Sparbuch

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/karten/aufladbare-kreditkarte.html
Title: Aufladbare Kreditkarte

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/karten/kreditkarte.html
Title: Kreditkarte

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/altersvorsorge/riester-rente.html
Title: Riester-Rente

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen.html
Title: Kredit

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/privatkredit.html
Title: Privatkredit

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/dispokredit.html
Title: Dispokredit

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/autokredit.html
Title: Autokredit

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/baufinanzierung.html
Title: Baufinanzierung

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/bausparen-bausparvertrag.html
Title: Bausparen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/bauspardarlehen.html
Title: Bauspardarlehen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/hypothekendarlehen.html
Title: Hypothekendarlehen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/themen.html
Title: Ihre Pläne

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/gemeinsamallemgewachsen.html
Title: GemeinsamAllemGewachsen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/geld-leichter-verstehen.html
Title: Geld einfach verstehen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/service/sicherheit-im-internet.html
Title: Sicherheit im Internet

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/firmenkunden.html
Title: Firmenkunden

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/sparen-anlegen.html
Title: Sparen & Anlegen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/altersvorsorge.html
Title: Altersvorsorge

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/versicherungen.html
Title: Versicherungen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/karriere.html
Title: Karriere

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/filialen.html
Title: Filialen A-Z

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/geldautomaten.html
Title: Geldautomaten A-Z

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/service/finanzlexikon.html
Title: Finanzlexikon

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/service/sepa.html
Title: SEPA

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/service/karte-sperren.html
Title: Karte sperren

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/service/infocenter/sicherungssystem.html
Title: Sicherungssystem

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/rund-ums-konto/sparkassen-apps.html
Title: Sparkassen Apps

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/service/wir-ueber-uns.html
Title: Wir über uns

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/impressum.html
Title: Impressum

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/datenschutz.html
Title: Datenschutz

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/nutzungshinweise.html
Title: Nutzungshinweise

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://spk-reaktivierung.de/ HTTP 301
https://spk-reaktivierung.de/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response spk-reaktivierung.de/ Redirect Chain http://spk-reaktivierung.de/ https://spk-reaktivierung.de/	24 KB 3 KB	535ms 511ms	Document text/html	2606:4700:3030::ac43:d520 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://spk-reaktivierung.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:d520 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5d23d729ca0d6d9d717e575e37b50bbb18e5d6729ef2147db3cca1c271e6fa56` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 771ba94afb7b9bb3-FRA content-encoding br content-type text/html date Tue, 29 Nov 2022 13:24:02 GMT last-modified Wed, 28 Sep 2022 15:36:20 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PYQY2o8gXJDo56xMV9w47OSw44vVQfyd%2BDcGGIIukm%2BN6sMkj6STjbehBZQI5yUkR1AwgcLtLtN%2Bk1cERpQg653EwTZ9LkXS7GEflLhme75bPuUtsFDwjY2CiYiUDdzWbJdwVaaZWTePv9D%2FfBKKhHu28w%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding,User-Agent Redirect headers CF-RAY 771ba94a49999bf4-FRA Cache-Control max-age=3600 Connection keep-alive Date Tue, 29 Nov 2022 13:24:02 GMT Expires Tue, 29 Nov 2022 14:24:02 GMT Location https://spk-reaktivierung.de/ NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OFbx%2F6OtZLOcqthPBOqaCu9IWi0y1DF2QU6ljbCMYXnVbRpLniGzHYxmrduDLbpRD%2FQjABy7AUw9ijTbsBqBbKwX2zNJz6qsH83D0tkyISnHUNex74tLX9LkgTeoUaQeTobczmWm4d66s1fTerUsaKpJ6g%3D%3D"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Vary Accept-Encoding alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	style.css spk-reaktivierung.de/	7 KB 1 KB	544ms 543ms	Stylesheet text/css	2606:4700:3030::ac43:d520 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://spk-reaktivierung.de/style.css Requested by Host: spk-reaktivierung.de URL: https://spk-reaktivierung.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:d520 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `62c85e1b35fc137b5894d99e4e74c7ee3e2da74403c392ecb6cb181d97eaa130` Request headers accept-language de-DE,de;q=0.9 Referer https://spk-reaktivierung.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers date Tue, 29 Nov 2022 13:24:03 GMT content-encoding br cf-cache-status MISS last-modified Wed, 28 Sep 2022 15:36:22 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"1c4a-5e9be85d5e980-gzip" vary Accept-Encoding,User-Agent report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SrLWCLAxPDZTeh0jQVmqrOlSmJlxk4miHgCE4t2vKQEYPPk%2FVrHkEWnbGFPL0eJT37EHy1xtXB%2FH5AwBeR%2FOjsdO60YhwOpSHLKKSeQ04kdIT14IImHdEjvkEXcJK1mlOAZLZFjW%2BKYQPRw6F4jGziZD6A%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 771ba94e4bf79bb3-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	Topbannerlogo.png spk-reaktivierung.de/Bilder/	12 KB 13 KB	550ms 549ms	Image image/png	2606:4700:3030::ac43:d520 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://spk-reaktivierung.de/Bilder/Topbannerlogo.png Requested by Host: spk-reaktivierung.de URL: https://spk-reaktivierung.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:d520 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `84ca80f7f566af23b2d22bc000944f98cee6bbb00843ad13fc30f7f72b2d732a` Request headers accept-language de-DE,de;q=0.9 Referer https://spk-reaktivierung.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers date Tue, 29 Nov 2022 13:24:03 GMT cf-cache-status MISS last-modified Wed, 28 Sep 2022 15:34:49 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "3166-5e9be804ad840" vary User-Agent, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mQHDr%2BBAv%2FV5EHldalKiD2m8vFaUaN8HucTIybOL20AbIC8tyYadbY%2B5oEHXgNSoS3e47mJoJCbW5LrpLJRoFK%2FkmKZZHjtlIpMcOPZ56vvWqnXBTC8FIIaZZonHuA6F2ohXxjKudrrmemZJmc8mhQSnPg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 771ba94e4bfb9bb3-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 12646
GET H2	200	DE.PNG spk-reaktivierung.de/Bilder/	1 KB 1 KB	623ms 622ms	Image image/png	2606:4700:3030::ac43:d520 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://spk-reaktivierung.de/Bilder/DE.PNG Requested by Host: spk-reaktivierung.de URL: https://spk-reaktivierung.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:d520 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e6ef822dbf57955e1060eef9e9d7fbc72e638585e64b14d17f7b403c51dbfdf5` Request headers accept-language de-DE,de;q=0.9 Referer https://spk-reaktivierung.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers date Tue, 29 Nov 2022 13:24:03 GMT cf-cache-status MISS last-modified Wed, 28 Sep 2022 15:34:48 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "418-5e9be803b9600" vary User-Agent, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lTY%2BCV2%2Bv%2BL2j5WCs%2BPWWJkLZQNdz6Ys2y8No81r5iU%2BUkto3u9TmtySvf82KZ%2Fi7YMUSJ1T1RrcbwW1rN0jGPq8Fcp%2BZ6WR%2FmVCGINcSwnHRrvTTrOlQ09MENcJ5RY1PSYFZJ2g5Vl6V31x1%2BAtpCdl5w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 771ba94e4bff9bb3-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 1048
GET H2	200	Schloss.PNG spk-reaktivierung.de/Bilder/	381 B 699 B	556ms 556ms	Image image/png	2606:4700:3030::ac43:d520 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://spk-reaktivierung.de/Bilder/Schloss.PNG Requested by Host: spk-reaktivierung.de URL: https://spk-reaktivierung.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:d520 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2d42908cc99e7a40113374446f52be5e2cc6ed50ce868337867653bd63859fda` Request headers accept-language de-DE,de;q=0.9 Referer https://spk-reaktivierung.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers date Tue, 29 Nov 2022 13:24:03 GMT cf-cache-status MISS last-modified Wed, 28 Sep 2022 15:34:49 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "17d-5e9be804ad840" vary User-Agent, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ijl%2BK%2FjfTyAEWH67BNI8owXeL6mYX2DOemzGHmP%2FTxOhC5uzmuty7O88AHXF0UCDHuQnTfaAd32zft7F5kQyuoSz%2FnoLghrCrEE%2FjQZQzj5QliBSSMt0Qa%2FVCZFeS4jzRrtVYuEn%2Bd8Ic2SyVY%2Bbyc39TQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 771ba94e4c039bb3-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 381

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sparkasse (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

spk-reaktivierung.de
2606:4700:3030::ac43:d520
2606:4700:3036::6815:3587
2d42908cc99e7a40113374446f52be5e2cc6ed50ce868337867653bd63859fda
5d23d729ca0d6d9d717e575e37b50bbb18e5d6729ef2147db3cca1c271e6fa56
62c85e1b35fc137b5894d99e4e74c7ee3e2da74403c392ecb6cb181d97eaa130
84ca80f7f566af23b2d22bc000944f98cee6bbb00843ad13fc30f7f72b2d732a
e6ef822dbf57955e1060eef9e9d7fbc72e638585e64b14d17f7b403c51dbfdf5

spk-reaktivierung.de Open in urlscan Pro 2606:4700:3030::ac43:d520 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

5 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

19 kBTransfer

45 kBSize

0 Cookies

36 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

spk-reaktivierung.de Open in urlscan Pro
2606:4700:3030::ac43:d520 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

19 kB
Transfer

45 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!