voiksbanksicher-ueber24.xyz
Open in
urlscan Pro
2606:4700:3031::ac43:a0dd
Malicious Activity!
Public Scan
Effective URL: https://voiksbanksicher-ueber24.xyz/login/tWzLlYzpNTUKsvj&MSZYYpOlwSCr=SVyPIycbEASbdaS-YXVdfzPWxd&JsWIbMrWErfaDJHztkQYK=PmSBRACdYcgk...
Submission: On April 19 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on March 10th 2024. Valid for: 3 months.
This is the only time voiksbanksicher-ueber24.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Volksbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 162.241.125.232 162.241.125.232 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
1 1 | 172.67.178.44 172.67.178.44 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 2606:4700:303... 2606:4700:3031::ac43:a0dd | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 18 | 172.67.160.221 172.67.160.221 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
20 | 3 |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 162-241-125-232.webhostbox.net
us.stromieri.za.com |
ASN13335 (CLOUDFLARENET, US)
voiksbanksicher-ueber24.xyz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
voiksbanksicher-ueber24.xyz
2 redirects
voiksbanksicher-ueber24.xyz |
266 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 231 |
31 KB |
1 |
verbanlau.xyz
1 redirects
verbanlau.xyz |
504 B |
1 |
za.com
1 redirects
us.stromieri.za.com |
229 B |
20 | 4 |
Domain | Requested by | |
---|---|---|
20 | voiksbanksicher-ueber24.xyz |
2 redirects
voiksbanksicher-ueber24.xyz
|
2 | cdnjs.cloudflare.com |
voiksbanksicher-ueber24.xyz
|
1 | verbanlau.xyz | 1 redirects |
1 | us.stromieri.za.com | 1 redirects |
20 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.schwaebisch-hall.de |
www.union-investment.de |
www.ruv.de |
www.easycredit.de |
www.dzbank.de |
www.dz-privatbank.com |
www.vr-smart-finanz.de |
www.dzhyp.de |
www.muenchenerhyp.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
voiksbanksicher-ueber24.xyz GTS CA 1P5 |
2024-03-10 - 2024-06-08 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://voiksbanksicher-ueber24.xyz/login/tWzLlYzpNTUKsvj&MSZYYpOlwSCr=SVyPIycbEASbdaS-YXVdfzPWxd&JsWIbMrWErfaDJHztkQYK=PmSBRACdYcgkqpPcyGSFBl
Frame ID: BF4E0875740152E4ACCED631BB43F8CB
Requests: 18 HTTP requests in this frame
Frame:
https://voiksbanksicher-ueber24.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js
Frame ID: C15A026C32DAC2AC5966C2AABE577F9A
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
AnmeldenPage URL History Show full URLs
-
https://us.stromieri.za.com/viwutrigfwheiduzweufgwheiufzgweuzf.php
HTTP 302
https://verbanlau.xyz/brand HTTP 307
https://voiksbanksicher-ueber24.xyz/?s=vrk8bi1rqfs7gq4hhlj37c0hi2ku433x HTTP 302
https://voiksbanksicher-ueber24.xyz/login/tWzLlYzpNTUKsvj&MSZYYpOlwSCr=SVyPIycbEASbdaS-YXVdfzPWxd&JsWIbMrWErfaDJ... Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://us.stromieri.za.com/viwutrigfwheiduzweufgwheiufzgweuzf.php
HTTP 302
https://verbanlau.xyz/brand HTTP 307
https://voiksbanksicher-ueber24.xyz/?s=vrk8bi1rqfs7gq4hhlj37c0hi2ku433x HTTP 302
https://voiksbanksicher-ueber24.xyz/login/tWzLlYzpNTUKsvj&MSZYYpOlwSCr=SVyPIycbEASbdaS-YXVdfzPWxd&JsWIbMrWErfaDJHztkQYK=PmSBRACdYcgkqpPcyGSFBl Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 16- https://voiksbanksicher-ueber24.xyz/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://voiksbanksicher-ueber24.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
tWzLlYzpNTUKsvj&MSZYYpOlwSCr=SVyPIycbEASbdaS-YXVdfzPWxd&JsWIbMrWErfaDJHztkQYK=PmSBRACdYcgkqpPcyGSFBl
voiksbanksicher-ueber24.xyz/login/ Redirect Chain
|
1 MB 134 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
styles.c41ccfebca008d50e005.css
voiksbanksicher-ueber24.xyz/new/ |
31 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.png
voiksbanksicher-ueber24.xyz/new/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
SchwaebischHall.png
voiksbanksicher-ueber24.xyz/new/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
UnionInvestment.png
voiksbanksicher-ueber24.xyz/new/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
RundV.png
voiksbanksicher-ueber24.xyz/new/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
easyCredit.png
voiksbanksicher-ueber24.xyz/new/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
DZBANK_Initiativbank.png
voiksbanksicher-ueber24.xyz/new/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
DZPrivatbank.png
voiksbanksicher-ueber24.xyz/new/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
VR_Smart_Finanz.png
voiksbanksicher-ueber24.xyz/new/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
DGHYP.png
voiksbanksicher-ueber24.xyz/new/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
M%C3%BCnchenerHyp.png
voiksbanksicher-ueber24.xyz/new/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/ |
86 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.mask.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.15/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
site.js
voiksbanksicher-ueber24.xyz/assets/js/site/ |
7 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
FrutigerVR-Bold_hinted.woff2
voiksbanksicher-ueber24.xyz/new/ |
24 KB 24 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
FrutigerVR-Regular_hinted.woff2
voiksbanksicher-ueber24.xyz/new/ |
24 KB 25 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
voiksbanksicher-ueber24.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/ Frame C15A Redirect Chain
|
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
voiksbanksicher-ueber24.xyz/new/ |
3 KB 4 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
876b339248c636dd
voiksbanksicher-ueber24.xyz/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame C15A |
0 608 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Volksbank (Banking)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| $ function| jQuery object| $jscomp function| Site object| site2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
voiksbanksicher-ueber24.xyz/ | Name: PHPSESSID Value: 0s8tffgbks7jd7h2r7que2f2me |
|
.voiksbanksicher-ueber24.xyz/ | Name: cf_clearance Value: CK_wSfjdyXzANB1KFFaWjU0lON3u4RN5zNC59qHPlBA-1713511954-1.0.1.1-BgSsHglB7gdQPC_fU.OUnz.XxQzOSU5qsQubuylmCEAN136wBpE96kVORTdnqxV4EQfJ2cCu2bGx9ZgfpXtQ3A |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
us.stromieri.za.com
verbanlau.xyz
voiksbanksicher-ueber24.xyz
104.17.25.14
162.241.125.232
172.67.160.221
172.67.178.44
2606:4700:3031::ac43:a0dd
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
193c842a2509cf7f02ae53bcfe06eef90e653f86af7b973bce4059eae10e92f6
3097e43e3a9b2002798fa0cee854002a72f17f43103a9ea7b4dedef610a0f5d6
33891c62b6270b0139750f3be423eb7c4807121d5ce7d54699a97ff5ada20bfb
484e193247ff1d9817990f0a936e75dc76ed69859cf8f1c854dff331fda44da8
4af071a57c236fd1f0f0a862c29041c4cb73c0a2ed02d9f7abfb504ee5222909
60154e6e2f54fa24a52d92b99146a39d81151578f6a3a4bd533bf8c43d676b6c
7b80565005aab705788b217adbb52b163ae2efdf99fe81ee9d89f91e415e34af
88aa1d3191c4fd20292768909dbf14e04bda916792a3a6ce7b3970a1dca0dc97
93a42951ec0bae1d49c6c94e2bcac1a728591b5aee96a698aeb95c569aa4ce47
ab26bc72d10a5d80984e1a1bbe9f5d12c38013e35070f3ab382908c1f08594ec
af04aec736c43b3a1e44614897ae314d3f624fcdc15f6d9749600963b20e4eff
bb1e4731164dda2d8d3b57061d1d9873a4ca5370de119e6524f33461d7027b4d
bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e
bc5bcd93361b2057348129acae6936f5ef20d5b31cebb08a03abdf23a4cb5168
c3c3221389c9dbd0396bcf0e8c0670688bb6189a066248851e0828529ebe466e
c825e9b517a70daf14196922b7c35578f62e5facea44a808acf4dadda1456b85
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4bdb3d21d0c5f31206ba58da6c63c69c618d73723fce095e872d67e11f9d818
f00e05e6fcb48cbf33e15e7393b71041234246e48727fc225310c153cfa6cc31