derkarussellbremser.de Open in urlscan Pro
2606:4700:3034::681c:17f9 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://derkarussellbremser.de/amis
Effective URL:
https://derkarussellbremser.de/amis/
Submission Tags: 6865617
Submission: On November 27 via api (November 27th 2020, 2:15:58 pm UTC) from NL

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3034::681c:17f9, located in United States and belongs to CLOUDFLARENET, US. The main domain is derkarussellbremser.de.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 10th 2020. Valid for: a year.

This is the only time derkarussellbremser.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Capitec Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
3 13	2606:4700:303... 2606:4700:3034::681c:17f9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:a723	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:814::2003	15169 (GOOGLE) (GOOGLE)
13	4

13 2606:4700:3034::681c:17f9 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

derkarussellbremser.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a723 (United States)

ASN13335 (CLOUDFLARENET, US)

ajax.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	derkarussellbremser.de 3 redirects derkarussellbremser.de	28 KB
1	gstatic.com fonts.gstatic.com	11 KB
1	cloudflare.com ajax.cloudflare.com	4 KB
1	googleapis.com fonts.googleapis.com	482 B
13	4

	Domain	Requested by
13	derkarussellbremser.de	3 redirects derkarussellbremser.de ajax.cloudflare.com
1	fonts.gstatic.com	fonts.googleapis.com
1	ajax.cloudflare.com	derkarussellbremser.de
1	fonts.googleapis.com	derkarussellbremser.de
13	4

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-10` - `2021-07-10`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
ajax.cloudflare.com DigiCert ECC Secure Server CA	`2020-08-11` - `2022-08-16`	2 years	crt.sh
*.gstatic.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://derkarussellbremser.de/amis/
Frame ID: C495936ADA5BB0838FB237A81FE80A27
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://derkarussellbremser.de/amis HTTP 301
https://derkarussellbremser.de/amis HTTP 301
http://derkarussellbremser.de/amis/ HTTP 301
https://derkarussellbremser.de/amis/ Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

13
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

42 kB
Transfer

98 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://derkarussellbremser.de/amis HTTP 301
https://derkarussellbremser.de/amis HTTP 301
http://derkarussellbremser.de/amis/ HTTP 301
https://derkarussellbremser.de/amis/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
derkarussellbremser.de/amis/
Redirect Chain

http://derkarussellbremser.de/amis
https://derkarussellbremser.de/amis
http://derkarussellbremser.de/amis/
https://derkarussellbremser.de/amis/

4 KB
2 KB

31ms
30ms

Document
text/html

2606:4700:3034::681c:17f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://derkarussellbremser.de/amis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::681c:17f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 0fd078d4dabaf5b9a95b00fd94607d9401ef4a1d5e7de802a1e0bad3692306ab

Request headers

:method: GET
:authority: derkarussellbremser.de
:scheme: https
:path: /amis/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=d51f3cb6ec8020a03fa8d446bfcc8e83c1606486541
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:15:41 GMT
content-type: text/html
last-modified: Sun, 19 Apr 2020 10:01:14 GMT
vary: Accept-Encoding
x-cache-status: BYPASS
x-powered-by: PleskLin
cf-cache-status: DYNAMIC
cf-request-id: 06aba85bad0000d7152b369000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xHn7WjnZ2ScEU9BPHXHcgm%2Bevy2578Z8dWTsoEW0cc90nh2n%2BBSkrS5pcm%2BZRBLkdEnpwcuP4Xu1o7fPmeb08%2Fvwrg%2BQW9YgupN4bZkO1rymFQF97KR%2BTW89TqOfYljr0Klg"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 5f8c7672ab01d715-FRA
content-encoding: br

Redirect headers

Date: Fri, 27 Nov 2020 14:15:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 27 Nov 2020 15:15:41 GMT
Location: https://derkarussellbremser.de/amis/
cf-request-id: 06aba85b9b000005dca8aab000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RDO2OSz3YFbH3aHieQSIJ7VODkp0Ukz3TUPaVfwIJHdciWzW6Uq%2BTDYelADPt3MwEOtQYgAosQVysMCCeToVSiCPLm%2FH9Bi8Cl8YNWZpDBZcBTKQ03k9q5hj5WcoObG7CqAE"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 5f8c76729dc605dc-FRA

GET
H2 200 default-3.0.0.css
derkarussellbremser.de/amis/ 55 KB
8 KB 49ms
41ms Stylesheet
text/css 2606:4700:3034::681c:17f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://derkarussellbremser.de/amis/default-3.0.0.css
Requested by: Host: derkarussellbremser.de
URL: https://derkarussellbremser.de/amis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::681c:17f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: d6760b85c62431567ea152b3c55feba168e01a13884517d16b1fa5a57d29ffb5

Request headers

Referer: https://derkarussellbremser.de/amis/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:15:41 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 13 Apr 2020 03:08:50 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"5e93d7c2-dbee"
x-cache-status: BYPASS
vary: Accept-Encoding
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gKQaTxKTT8Y5jcvMgzYZMmfMCmtWeVFb2Wfmm5hzWpsVVKUurseGxtV0df8yZV8Z8w054p2uvx4sjr6e7vMSmjpMyruA3g80s02a%2B3zNznrBCO7FLSvZbmTqRkEJ23aB6cHj"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 5f8c76730be4d715-FRA
cf-request-id: 06aba85be30000d7154a8f0000000001

GET
H2 404 jquery-ui-1.8.10.custom.min.css
derkarussellbremser.de/amis/ 0
0 716ms
708ms Stylesheet
text/html 2606:4700:3034::681c:17f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://derkarussellbremser.de/amis/jquery-ui-1.8.10.custom.min.css
Requested by: Host: derkarussellbremser.de
URL: https://derkarussellbremser.de/amis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::681c:17f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://derkarussellbremser.de/amis/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Nov 2020 14:15:41 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FhRso8yh1yJtUyU%2B6sQB9OORNJzMTcdqkq2mCzHcaP7Fyh0gjIOUtCy7Io0n1kZ7S%2BF6bVVGHaI2AiwnahH3TPyxdYnf8jEG8MuEdIRSKhOCCFFRbVn9F1pWXU73lUakEzDZ"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-cache
cf-ray: 5f8c76730be7d715-FRA
cf-request-id: 06aba85be40000d715530f9000000001

GET
H2 404 default.custom.min-1.1.0.css
derkarussellbremser.de/amis/ 0
0 980ms
973ms Stylesheet
text/html 2606:4700:3034::681c:17f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://derkarussellbremser.de/amis/default.custom.min-1.1.0.css
Requested by: Host: derkarussellbremser.de
URL: https://derkarussellbremser.de/amis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::681c:17f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://derkarussellbremser.de/amis/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Nov 2020 14:15:42 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OVkoxkF%2F8Nfg14m2qRJbNlB4TGariF2iXL0c3a22jhwvHbgC7NgFy9KyrNR2ooCRIOMxuA8o2fSrYxGDwiBxi9h8BY75O2n3EV%2FYQnA%2FSV4Qhi%2FsTnlkSnxdMUvCqiUVHqeS"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-cache
cf-ray: 5f8c76730be8d715-FRA
cf-request-id: 06aba85be40000d715190a0000000001

GET
H2 200 css2
fonts.googleapis.com/ 750 B
482 B 22ms
15ms Stylesheet
text/css 2a00:1450:4001:820::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Ropa+Sans&display=swap

Requested by

Host: derkarussellbremser.de
URL: https://derkarussellbremser.de/amis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a4c9e307e9da2b25cb7d9549b2bf409d0617aefbbabd7ad7cabe8f637ac7c8b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://derkarussellbremser.de/amis/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 27 Nov 2020 14:15:41 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
date: Fri, 27 Nov 2020 14:15:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Fri, 27 Nov 2020 14:15:41 GMT

GET
H2 200 logo_main.png
derkarussellbremser.de/amis/ 13 KB
13 KB 37ms
31ms Image
image/png 2606:4700:3034::681c:17f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://derkarussellbremser.de/amis/logo_main.png
Requested by: Host: derkarussellbremser.de
URL: https://derkarussellbremser.de/amis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::681c:17f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 8c6cc4a59a3652eeab42c1f31e3144070f7d7aad696fe7694f046daf3a2da2b9

Request headers

Referer: https://derkarussellbremser.de/amis/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:15:41 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
x-cache-status: BYPASS
content-length: 12929
cf-request-id: 06aba85be40000d715e38c4000000001
last-modified: Mon, 13 Apr 2020 03:08:54 GMT
server: cloudflare
etag: "5e93d7c6-3281"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=P6XTJScB60X4TWn6i6k%2BPI12VacHAA8TvCfFJo%2FNwu7kV5ThbRz%2BxWNHlPhGy5q59SrZat%2BELyI%2FDEOgSZrfBK%2Br75yYvHFH48ILvbbpXq%2BgFxrm2BFMNCV6EF%2BiptqIftjC"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 5f8c76730be9d715-FRA

GET
H2 200 proceed.gif
derkarussellbremser.de/amis/ 259 B
584 B 60ms
55ms Image
image/gif 2606:4700:3034::681c:17f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://derkarussellbremser.de/amis/proceed.gif
Requested by: Host: derkarussellbremser.de
URL: https://derkarussellbremser.de/amis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::681c:17f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 5acd35d92607514c1364dc42f29e96e563859c3b1c6cdd8a3b6dbb572523241c

Request headers

Referer: https://derkarussellbremser.de/amis/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:15:41 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
x-cache-status: BYPASS
content-length: 259
cf-request-id: 06aba85be50000d7150aad6000000001
last-modified: Mon, 13 Apr 2020 03:08:54 GMT
server: cloudflare
etag: "103-5a3236730fd80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5a%2FaZ2s%2BN6F9OdZRttUs9WeSlAkn1BDx1qajaXTWWpRB2szn4dd3wd%2B4CUsFqWImPIFq8RMXi4txrCyRETBPY2JEukEio7OhC5t9xlhVHliqBwgXl8PAY81f5BMtW5vo1wFn"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-accel-version: 0.01
accept-ranges: bytes
cf-ray: 5f8c76730becd715-FRA

GET
H2 200 SSL-certificate-seal-ssl-animated.gif
derkarussellbremser.de/amis/ 3 KB
3 KB 45ms
42ms Image
image/gif 2606:4700:3034::681c:17f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://derkarussellbremser.de/amis/SSL-certificate-seal-ssl-animated.gif
Requested by: Host: derkarussellbremser.de
URL: https://derkarussellbremser.de/amis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::681c:17f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: aae304e25813c81be17fd70ef4bf31f572ac3f807bb53987a31e9606534bbf41

Request headers

Referer: https://derkarussellbremser.de/amis/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:15:41 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
x-cache-status: BYPASS
content-length: 2975
cf-request-id: 06aba85be50000d71512158000000001
last-modified: Mon, 13 Apr 2020 03:08:54 GMT
server: cloudflare
etag: "5e93d7c6-b9f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=e%2B%2BYjYycJRvz2d7kCD4NZvINDoQfPDgil%2BER94DA62nRVBEpM0tR8TH9dpszFOIK1jsTy8h3zR19HEdJP9pZIzJznOTUXAQUX3kL%2FvuCTfn5q15xS0Lgsu1vC%2BZtj6tzqkDX"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
accept-ranges: bytes
cf-ray: 5f8c76730beed715-FRA

GET
H2 200 rocket-loader.min.js Show response
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ 12 KB
4 KB 14ms
10ms Script
application/javascript 2606:4700::6810:a723
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Requested by

Host: derkarussellbremser.de
URL: https://derkarussellbremser.de/amis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a723 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://derkarussellbremser.de/amis/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:15:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-request-id: 06aba85be4000005fd288c6000000001
last-modified: Tue, 24 Nov 2020 15:06:25 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"5fbd2171-3016"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZpW56I%2FuGuH5zd5YRx5iq%2BfH9yf8tvVSbDbECSfQV4FsvFj52%2FS1vFJ%2Fmt4EzkViB%2FubTUqp%2B7Fbfs13kCySlzYKqbHeR4U7Bf0fD2tGhTjrwkaFqVYZuetaQTPhTb0g"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 5f8c76730c8705fd-FRA
expires: Sun, 29 Nov 2020 14:15:41 GMT

GET
H2 404 loginSubmitForm-1.0.0.js.download
derkarussellbremser.de/amis/ 0
0 1273ms
1272ms Script
text/html 2606:4700:3034::681c:17f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://derkarussellbremser.de/amis/loginSubmitForm-1.0.0.js.download
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::681c:17f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://derkarussellbremser.de/amis/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Nov 2020 14:15:42 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rA9h8MJK%2FSkiV7QNbhTl0hzRf95TnRcooOeq0qFIOxAV%2BcQJo5yGO5UwVZC9L%2BW3tGDl3V3D1LymGF6A%2FVJREcKYcf33PRSxMY4G9iUiSMhx4CwGCqIA%2BYXv4pJJaF9bhfm8"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-cache
cf-ray: 5f8c76734c93d715-FRA
cf-request-id: 06aba85c0a0000d715efbe7000000001

GET
H2 200 EYqxmaNOzLlWtsZSScy6XTNpcZGf2w.woff2
fonts.gstatic.com/s/ropasans/v10/ 11 KB
11 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ropasans/v10/EYqxmaNOzLlWtsZSScy6XTNpcZGf2w.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Ropa+Sans&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49bae83e26d9e399cc139265d607d0f6f59ab5d318623fd375fb5e022ff9771c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://derkarussellbremser.de
Referer: https://fonts.googleapis.com/css2?family=Ropa+Sans&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 19:17:10 GMT
x-content-type-options: nosniff
last-modified: Tue, 01 Sep 2020 04:16:21 GMT
server: sffe
age: 241112
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10788
x-xss-protection: 0
expires: Wed, 24 Nov 2021 19:17:10 GMT

GET
H2 404 flama-basic-webfont.woff
derkarussellbremser.de/fonts/ 0
0 279ms
278ms Font
text/html 2606:4700:3034::681c:17f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://derkarussellbremser.de/fonts/flama-basic-webfont.woff
Requested by: Host: derkarussellbremser.de
URL: https://derkarussellbremser.de/amis/default-3.0.0.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::681c:17f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Origin: https://derkarussellbremser.de
Referer: https://derkarussellbremser.de/amis/default-3.0.0.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Nov 2020 14:15:42 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bR4WKB%2BKB%2BQ%2FYS0AqUZlcFQM%2BzxkREDaMbBzmsaiugxe%2FI506nOHsPQIc5cDWyIUINSBWizyRCAn631Sy3TMrvZRwaZY1BqqNg6joXs2XNF3ALiOb8W2WvTW%2BwGK3W62QQn0"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-cache
cf-ray: 5f8c76792a83d715-FRA
cf-request-id: 06aba85fbc0000d715e7836000000001

GET
H2 404 flama-basic-webfont.ttf
derkarussellbremser.de/fonts/ 0
0 247ms
246ms Font
text/html 2606:4700:3034::681c:17f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://derkarussellbremser.de/fonts/flama-basic-webfont.ttf
Requested by: Host: derkarussellbremser.de
URL: https://derkarussellbremser.de/amis/default-3.0.0.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::681c:17f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Origin: https://derkarussellbremser.de
Referer: https://derkarussellbremser.de/amis/default-3.0.0.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Nov 2020 14:15:42 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nCUuklEfbckithHAMjYLLG4CMSS1ZG9SKKF7lz5HnESR0O%2Fg9eIBXAsnnGxu0oG5b3BfO%2BJiyQPQvLaVTkLgDML4sVosU9E0leVS75ydPHX3v%2B2tEQYQ3sTim7eptWvPNDUj"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-cache
cf-ray: 5f8c767afe99d715-FRA
cf-request-id: 06aba860db0000d7153d0a5000000001

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Capitec Bank (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			derkarussellbremser.de/	1969-12-31 23:59:59	Name: 699c9dadc6d84ba1519d524114d87459 Value: hf6gjt1ufdk01es1l713f9caqu
			.derkarussellbremser.de/	1970-01-19 14:57:58	Name: __cfduid Value: d51f3cb6ec8020a03fa8d446bfcc8e83c1606486541

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.cloudflare.com
derkarussellbremser.de
fonts.googleapis.com
fonts.gstatic.com
2606:4700:3034::681c:17f9
2606:4700::6810:a723
2a00:1450:4001:814::2003
2a00:1450:4001:820::200a
0fd078d4dabaf5b9a95b00fd94607d9401ef4a1d5e7de802a1e0bad3692306ab
49bae83e26d9e399cc139265d607d0f6f59ab5d318623fd375fb5e022ff9771c
5acd35d92607514c1364dc42f29e96e563859c3b1c6cdd8a3b6dbb572523241c
8c6cc4a59a3652eeab42c1f31e3144070f7d7aad696fe7694f046daf3a2da2b9
a4c9e307e9da2b25cb7d9549b2bf409d0617aefbbabd7ad7cabe8f637ac7c8b5
aae304e25813c81be17fd70ef4bf31f572ac3f807bb53987a31e9606534bbf41
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
d6760b85c62431567ea152b3c55feba168e01a13884517d16b1fa5a57d29ffb5

derkarussellbremser.de Open in urlscan Pro 2606:4700:3034::681c:17f9 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

100 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

42 kBTransfer

98 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

2 Cookies

Indicators

derkarussellbremser.de Open in urlscan Pro
2606:4700:3034::681c:17f9 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

42 kB
Transfer

98 kB
Size

2
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!