www.sapiolife.de Open in urlscan Pro
2001:1520:a:87::  Malicious Activity! Public Scan

Submitted URL: https://foamtek.ca/2001
Effective URL: https://www.sapiolife.de/ddd/banking/
Submission: On February 28 via api from EE — Scanned from DE

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 2001:1520:a:87::, located in Strasbourg, France and belongs to GD-EMEA-DC-SXB1, DE. The main domain is www.sapiolife.de.
TLS certificate: Issued by Starfield Secure Certificate Authorit... on September 27th 2023. Valid for: a year.
This is the only time www.sapiolife.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DKB (Banking)

Domain & IP information

IP Address AS Autonomous System
1 2 149.56.117.69 16276 (OVH)
1 2001:1520:a:87:: 8972 (GD-EMEA-D...)
2 3
Apex Domain
Subdomains
Transfer
2 foamtek.ca
foamtek.ca
376 B
1 sapiolife.de
www.sapiolife.de
274 KB
2 2
Domain Requested by
2 foamtek.ca 1 redirects
1 www.sapiolife.de
2 2
Subject Issuer Validity Valid
foamtek.ca
cPanel, Inc. Certification Authority
2024-02-05 -
2024-05-05
3 months crt.sh
*.sapiolife.de
Starfield Secure Certificate Authority - G2
2023-09-27 -
2024-09-27
a year crt.sh

This page contains 1 frames:

Primary Page: https://www.sapiolife.de/ddd/banking/
Frame ID: 5EA17D78C3142D01355EDC2FB5B85230
Requests: 9 HTTP requests in this frame

Screenshot

Page Title

DKB - Deutsche Kreditbank AG - Internet Banking

Page URL History Show full URLs

  1. https://foamtek.ca/2001 HTTP 301
    https://foamtek.ca/2001/ Page URL
  2. https://www.sapiolife.de/ddd/banking/ Page URL

Page Statistics

2
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

274 kB
Transfer

1925 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://foamtek.ca/2001 HTTP 301
    https://foamtek.ca/2001/ Page URL
  2. https://www.sapiolife.de/ddd/banking/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://foamtek.ca/2001 HTTP 301
  • https://foamtek.ca/2001/

2 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
foamtek.ca/2001/
Redirect Chain
  • https://foamtek.ca/2001
  • https://foamtek.ca/2001/
84 B
156 B
Document
General
Full URL
https://foamtek.ca/2001/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.56.117.69 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
victoriaweb.whc.ca
Software
LiteSpeed / PHP/7.4.33
Resource Hash
a2dd328e87647a7ba9c7f61eb976dff02e7f4a904a2ccf4aed8067fb71954177

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
br
content-length
65
content-type
text/html; charset=UTF-8
date
Wed, 28 Feb 2024 12:34:08 GMT
server
LiteSpeed
vary
Accept-Encoding
x-powered-by
PHP/7.4.33

Redirect headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
707
content-type
text/html
date
Wed, 28 Feb 2024 12:34:08 GMT
location
https://foamtek.ca/2001/
server
LiteSpeed
Primary Request /
www.sapiolife.de/ddd/banking/
2 MB
274 KB
Document
General
Full URL
https://www.sapiolife.de/ddd/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:1520:a:87:: Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software
nginx /
Resource Hash
205c674fd0254d06760e035fe65d01d142598977fece01d86812c19c3d918255

Request headers

Referer
https://foamtek.ca/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=3600
content-encoding
gzip
content-type
text/html
date
Wed, 28 Feb 2024 12:34:08 GMT
etag
"1d29df-5e8f0696b7b80-gzip"
expires
Wed, 28 Feb 2024 13:34:08 GMT
last-modified
Sun, 18 Sep 2022 09:42:22 GMT
server
nginx
vary
Accept-Encoding
x-cache-status
BYPASS
truncated
/
21 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bf10f1cdd602d25cc591f60063670cd8c9e86e4dd74dd6bb1ed9d05ecbbfc72b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/jpeg
truncated
/
29 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5408d9f3668d380c3148ecc04f9401c082f980a88d86962bc906baf0d7abdb28

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/jpeg
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6095c4b2fc25c6534e68ddcbcd1fb58f2634036f75262042c215c74a9285bc79

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/
475 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
24483b4771b2128af4110c159a9dcb59d15557460f8ecbf0bd0805f0fad5816e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/
208 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
72e1af139f74424d56589a3d06474355afb141c3bd72a38d141c19f851bbc2ca

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/
846 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3192ba93cb31f7fecf507ab899b4279ced7d91716f9fd5e3b200410375a6cbf0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5aa97ee206d9655910ece7996d461dc1cdf1550a4487a53d04815c5570bb78ae

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DKB (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| savepage_ShadowLoader

0 Cookies