privatkunden.webcindario.com
Open in
urlscan Pro
5.57.226.202
Malicious Activity!
Public Scan
Effective URL: https://privatkunden.webcindario.com/Guten-Tag/app/user.php
Submission: On August 04 via manual from LB — Scanned from DE
Summary
TLS certificate: Issued by R3 on June 24th 2023. Valid for: 3 months.
This is the only time privatkunden.webcindario.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Postbank (Banking)Domain & IP information
ASN29119 (SERVIHOSTING-AS AireNetworks, ES)
privatkunden.webcindario.com |
ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com |
ASN16509 (AMAZON-02, US)
www.deutsche-bank.de |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net |
ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f14.1e100.net
fundingchoicesmessages.google.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN16509 (AMAZON-02, US)
secure.quantserve.com |
ASN16509 (AMAZON-02, US)
rules.quantcount.com |
ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com |
Domain | Requested by | |
---|---|---|
10 | privatkunden.webcindario.com |
2 redirects
privatkunden.webcindario.com
|
3 | fundingchoicesmessages.google.com |
pagead2.googlesyndication.com
|
3 | www.deutsche-bank.de |
privatkunden.webcindario.com
www.deutsche-bank.de |
2 | fonts.gstatic.com |
privatkunden.webcindario.com
fonts.googleapis.com |
2 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
2 | hosting.miarroba.info |
privatkunden.webcindario.com
|
2 | pagead2.googlesyndication.com |
privatkunden.webcindario.com
pagead2.googlesyndication.com |
1 | www.google.de |
privatkunden.webcindario.com
|
1 | www.google.com |
privatkunden.webcindario.com
|
1 | fonts.googleapis.com | |
1 | stats.g.doubleclick.net |
www.google-analytics.com
|
1 | rules.quantcount.com |
secure.quantserve.com
|
1 | secure.quantserve.com |
www.googletagmanager.com
|
1 | googleads.g.doubleclick.net |
pagead2.googlesyndication.com
|
1 | www.googletagmanager.com |
privatkunden.webcindario.com
|
1 | reseller-hosting-themes.com | 1 redirects |
1 | bc4.io | 1 redirects |
30 | 17 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.webcindario.com R3 |
2023-06-24 - 2023-09-22 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
www.deutsche-bank.de DigiCert EV RSA CA G2 |
2022-11-15 - 2023-11-14 |
a year | crt.sh |
miarroba.info E1 |
2023-06-13 - 2023-09-11 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
*.google.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-08-09 - 2023-09-09 |
a year | crt.sh |
quantserve.com R3 |
2023-06-13 - 2023-09-11 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
www.google.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
www.google.de GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://privatkunden.webcindario.com/Guten-Tag/app/user.php
Frame ID: D30F8EA04C6F0DBEFDE14006C2A47B95
Requests: 28 HTTP requests in this frame
Frame:
https://hosting.miarroba.info/607f6b0b381bbc1f64fa027d62891072_cookie.php
Frame ID: 16C3EAA1F64006DD1D3CEA849DBD4AF3
Requests: 1 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/html/r20230802/r20190131/zrt_lookup.html
Frame ID: D2C8407570FD56B3B4F6DB71EBAA9A0A
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://bc4.io/a96fef0
HTTP 301
https://reseller-hosting-themes.com/wordpress/wp-admin/css/repair/ HTTP 302
https://privatkunden.webcindario.com/Guten-Tag/ HTTP 302
https://privatkunden.webcindario.com/Guten-Tag/app/index.php HTTP 302
https://privatkunden.webcindario.com/Guten-Tag/app/user.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Google AdSense (Advertising Networks) Expand
Detected patterns
- googlesyndication\.com/
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtm\.js
Quantcast Measure (Analytics) Expand
Detected patterns
- \.quantserve\.com/quant\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bc4.io/a96fef0
HTTP 301
https://reseller-hosting-themes.com/wordpress/wp-admin/css/repair/ HTTP 302
https://privatkunden.webcindario.com/Guten-Tag/ HTTP 302
https://privatkunden.webcindario.com/Guten-Tag/app/index.php HTTP 302
https://privatkunden.webcindario.com/Guten-Tag/app/user.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
30 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
user.php
privatkunden.webcindario.com/Guten-Tag/app/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ |
144 KB 50 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fonts.css
www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/ |
1 KB 884 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
user-style.css
privatkunden.webcindario.com/Guten-Tag/app/res/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-cut.png
privatkunden.webcindario.com/Guten-Tag/app/res/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img1.jpg
privatkunden.webcindario.com/Guten-Tag/app/res/ |
44 KB 44 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jq.js
privatkunden.webcindario.com/Guten-Tag/app/res/ |
287 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
hosting.miarroba.info/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
172 KB 63 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
back.jpg
privatkunden.webcindario.com/Guten-Tag/app/res/ |
243 KB 243 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FrutigerLTW05-55Roman.woff2
www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/ |
25 KB 26 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FrutigerLTW05-65Bold.woff2
www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/ |
25 KB 26 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
607f6b0b381bbc1f64fa027d62891072_cookie.php
hosting.miarroba.info/ Frame 16C3 |
46 B 465 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307270101/ |
361 KB 123 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20230802/r20190131/ Frame D2C8 |
10 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ca-pub-7294310421616689
fundingchoicesmessages.google.com/i/ |
150 KB 50 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AGSKWxUR_Lebl-qgOes4Xqpnz3wmtwtbdkT-n6YzdM3J9irSPxG8FXplxFVqve9lKS5BK0J824Gs0JrrhfXJ3_spGHkY7DDYtCU9nN_J2TIbbdjiwrKxp0HpCr01u_21B4emhe2COt_r6w==
fundingchoicesmessages.google.com/f/ |
300 KB 44 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
52 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
quant.js
secure.quantserve.com/ |
22 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rules-p-d5x2uDVHd7ALE.js
rules.quantcount.com/ |
160 B 642 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
4 B 218 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
4 B 358 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
69 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v140/ |
125 KB 126 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
AGSKWxVtWYTyEHOuYGl56hG5NIfdGibqEEupbuOCVEWviiP30YmW4C7l-1g6BOt1HYvjHaoqzFzmoqDhk2wIGmDO09BZdDVK-bslV8cVaM4z_l7yb0dirWmlIon1b4ubJpYOCqv7dyLoKw==
fundingchoicesmessages.google.com/el/ |
0 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.com/ads/ |
42 B 408 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ |
42 B 408 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v35/ |
47 KB 48 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
fetch.php
privatkunden.webcindario.com/Guten-Tag/panel/ |
1 B 151 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
fetch.php
privatkunden.webcindario.com/Guten-Tag/panel/ |
1 B 151 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Postbank (Banking)62 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| dataLayer function| $ function| jQuery string| cd object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state object| adsbygoogle object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint function| google_sa_impl object| googlefc boolean| adsbygoogle_ama_fc_has_run object| default_ContributorServingResponseClientJs object| __googlefc string| __fcInvoked string| __fcexpdef string| Njc2YmEyNzM3MGQ0MmI4OWxvYWRlcl9qcw== string| Njc2YmEyNzM3MGQ0MmI4OWNhY2hlZF9qcw== object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady function| __uspapi object| __uspapiManager object| __gppEventListeners function| __gpp object| __gppManager boolean| __gppPostMessageReady object| google_tag_manager string| GoogleAnalyticsObject function| mia_ga object| _qevents function| quantserve function| __qc object| ezt object| _qoptions object| gaplugins object| gaGlobal object| gaData6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bc4.io/ | Name: reference Value: 6417930336467241107 |
|
.webcindario.com/ | Name: __muid Value: 996a829a4376fb2b0968638504aa8bd143bd5579 |
|
privatkunden.webcindario.com/ | Name: PHPSESSID Value: 5426df7ebdfd881c38a632a9f6095147 |
|
.privatkunden.webcindario.com/ | Name: _ga Value: GA1.3.1362177859.1691144588 |
|
.privatkunden.webcindario.com/ | Name: _gid Value: GA1.3.1775450932.1691144588 |
|
.privatkunden.webcindario.com/ | Name: _gat_UA-597118-7 Value: 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bc4.io
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
hosting.miarroba.info
pagead2.googlesyndication.com
privatkunden.webcindario.com
reseller-hosting-themes.com
rules.quantcount.com
secure.quantserve.com
stats.g.doubleclick.net
www.deutsche-bank.de
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
129.213.198.22
142.250.184.206
162.210.96.126
2600:9000:2104:f800:13:46b5:7d80:93a1
2600:9000:223c:9800:6:44e3:f8c0:93a1
2620:116:800d:21:93ca:31d8:d86e:38f6
2a00:1450:4001:801::2002
2a00:1450:4001:801::2008
2a00:1450:4001:809::2004
2a00:1450:4001:809::200e
2a00:1450:4001:80f::2002
2a00:1450:4001:828::2003
2a00:1450:4001:828::200a
2a00:1450:4001:830::2003
2a00:1450:4001:831::200e
2a00:1450:400c:c0c::9b
2a06:98c1:3121::3
5.57.226.202
0afff3402c812eea053a600106856a8c4ea4f216cb244e68eeab2ccbef8e9a76
13e21d0e802a0bdd1ab3ce0e30fe4f2a2f5d02d2ce17a0b0a43f7cece1dd44df
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
19603242f3bfa5b6cf922d65bc2353813d1b4c3a4b970638f3fa1c5b6dd39a88
3dc541aa9bb40fe5df53166a1ae584f2df06bc3abf2237e5a46cf77c1d15c3d6
45b31a1495525822f49bb56f4186e51cccc201a977ca39eae8f05846a6c62e52
498b808a9eb9f15e6b205c2d458e4c7a4c942a850948e2131908ca80ed1538bf
55cb206a77ff71092c309352fcb5927a389382ae678bab55f85ab13ed6239d31
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8c477933a91763dd80d66840a72f9b25bee4250bc4adb2ec15932d5f6a473ecf
8f07215a23a4910eb229906b28817531fc89e70a9003d65f7ba388f8c1c589d1
8f5d2e1d267e7487e78ead0a148e8b6a2dff484b5e6db7dcb364b572a2a8761e
97fe447ddc107dc8b5f84af5b559f36c71eb2da143a98ef3080014d1f17c994a
9d02ee01919145c20b03ee9d3013af7118793dedf5d2c0696a773af90066c953
9f8275dba77aaa9b0590caa089e5178ddd70e1edd534aebeab3267fabf9ee71c
adc96b6efe5919552898681732312c97108a36e5d17d1bd20044c09f31b7e43b
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
be4beee7d867a4c4702b8ab281d1d11884a6b7ae9a5e74aac6b141000cb248de
c1e411b115bf427f1f4e299bb21ad9fcf31dc2200bad9a05e66083c03f3a5283
d60c833406c5cca9095b3cabd40d6f65e486a0a4c0b59105031c9a6e94595f5a
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e23decabee8464b650d1d0241283ba0c469806e14a2199efc5bb41771cb673c1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed3071781924562c02f648cab6d9decda453e6b57d137a4dded6f85ae7be3901
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629