de-sparkasse-onlineservice.xyz
Open in
urlscan Pro
172.67.174.152
Malicious Activity!
Public Scan
Effective URL: https://de-sparkasse-onlineservice.xyz/s/anmeldung.php?starten=qTw39CYjs07E4FWahxGAQpVnmDPboM&shufflUri?=AZvMtNB6jnP4gHhDLJXi
Submission: On July 23 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by WE1 on July 17th 2024. Valid for: 3 months.
This is the only time de-sparkasse-onlineservice.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparkasse (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 209.126.2.155 209.126.2.155 | 40021 (NL-811-40021) (NL-811-40021) | |
1 1 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 18 | 172.67.174.152 172.67.174.152 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
17 | 1 |
ASN40021 (NL-811-40021, US)
PTR: vmd144598.contaboserver.net
op.of7.best |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
de-sparkasse-onlineservice.xyz
1 redirects
de-sparkasse-onlineservice.xyz |
799 KB |
1 |
m-santander.de
1 redirects
m-santander.de |
517 B |
1 |
of7.best
1 redirects
op.of7.best |
231 B |
17 | 3 |
Domain | Requested by | |
---|---|---|
18 | de-sparkasse-onlineservice.xyz |
1 redirects
de-sparkasse-onlineservice.xyz
|
1 | m-santander.de | 1 redirects |
1 | op.of7.best | 1 redirects |
17 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
module.foerde-sparkasse.de |
blog.foerde-sparkasse.de |
www.facebook.com |
twitter.com |
www.youtube.com |
www.xing.com |
www.tiktok.com |
termin.foerde-sparkasse.de |
www.studiale.de |
www.sparkassen-shop.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
de-sparkasse-onlineservice.xyz WE1 |
2024-07-17 - 2024-10-15 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://de-sparkasse-onlineservice.xyz/s/anmeldung.php?starten=qTw39CYjs07E4FWahxGAQpVnmDPboM&shufflUri?=AZvMtNB6jnP4gHhDLJXi
Frame ID: 337D1C92F1F766E9384F68BD8C3FB54F
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
Login Online-Banking | SparkassePage URL History Show full URLs
-
https://op.of7.best/suifgwiuefhzwehfiweuhfzwehiufgwezufhweuzfgzuwe.php
HTTP 302
https://m-santander.de/ssppkk HTTP 307
https://de-sparkasse-onlineservice.xyz/s/?s=340y4xp7q43hh29c3pqndv0tl222ud3w HTTP 302
https://de-sparkasse-onlineservice.xyz/s/anmeldung.php?starten=qTw39CYjs07E4FWahxGAQpVnmDPboM&shufflUri?=AZvMtNB6jn... Page URL
Detected technologies
Adobe Experience Manager (CMS) ExpandDetected patterns
- <div class="[^"]*parbase
PHP (Programming Languages) Expand
Detected patterns
- \.php(?:$|\?)
Page Statistics
10 Outgoing links
These are links going to different origins than the main page.
Title: Podcast
Search URL Search Domain Scan URL
Title: Ihre Sparkasse hautnahBlog der Sparkasse
Search URL Search Domain Scan URL
Title: Facebook
Search URL Search Domain Scan URL
Title: Twitter
Search URL Search Domain Scan URL
Title: YouTube
Search URL Search Domain Scan URL
Title: Xing
Search URL Search Domain Scan URL
Title: TikTok
Search URL Search Domain Scan URL
Title: Beratungstermin vereinbaren
Search URL Search Domain Scan URL
Title: Studiale
Search URL Search Domain Scan URL
Title: Sparkassen-Shop
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://op.of7.best/suifgwiuefhzwehfiweuhfzwehiufgwezufhweuzfgzuwe.php
HTTP 302
https://m-santander.de/ssppkk HTTP 307
https://de-sparkasse-onlineservice.xyz/s/?s=340y4xp7q43hh29c3pqndv0tl222ud3w HTTP 302
https://de-sparkasse-onlineservice.xyz/s/anmeldung.php?starten=qTw39CYjs07E4FWahxGAQpVnmDPboM&shufflUri?=AZvMtNB6jnP4gHhDLJXi Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
anmeldung.php
de-sparkasse-onlineservice.xyz/s/ Redirect Chain
|
60 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
internetfiliale.min.36ca8f1e347de7a03a31e002be3843c7.css
de-sparkasse-onlineservice.xyz/s/src/ |
2 MB 189 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
internetfiliale.min.007ac3aaa8c7e77660499b0a77898638.js
de-sparkasse-onlineservice.xyz/s/src/ |
612 KB 148 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_ini.svg
de-sparkasse-onlineservice.xyz/s/src/ |
22 KB 9 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Bildmarke_S-Sparkasse_72px.svg
de-sparkasse-onlineservice.xyz/s/src/ |
976 B 859 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1624599692487.png
de-sparkasse-onlineservice.xyz/s/src/ |
81 KB 82 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1559285204680.jpg
de-sparkasse-onlineservice.xyz/s/src/ |
49 KB 49 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
tdg
de-sparkasse-onlineservice.xyz/s/src/ |
45 B 485 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
universal_analytics.min.fce01e1aa1583405fd3c179639d0bd13.js
de-sparkasse-onlineservice.xyz/s/src/ |
77 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Sparkasse_web_Rg.woff
de-sparkasse-onlineservice.xyz/s/src/fonts/ |
41 KB 41 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pictos-if.woff
de-sparkasse-onlineservice.xyz/s/src/fonts/ |
204 KB 114 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Sparkasse_web_Md.woff
de-sparkasse-onlineservice.xyz/s/src/fonts/ |
30 KB 31 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
SparkasseHead_web_Rg.woff
de-sparkasse-onlineservice.xyz/s/src/fonts/ |
29 KB 30 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Sparkasse_web_Lt.woff
de-sparkasse-onlineservice.xyz/s/src/fonts/ |
30 KB 30 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Sparkasse_web_Bd.woff
de-sparkasse-onlineservice.xyz/s/src/fonts/ |
36 KB 37 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon1x.ico
de-sparkasse-onlineservice.xyz/s/src/ |
1 KB 690 B |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon2x.png
de-sparkasse-onlineservice.xyz/s/src/ |
298 B 766 B |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparkasse (Banking)32 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| IF6 function| getQueryParamValue string| IF6_lightbox_closeicon_text function| overlayShow function| overlayClose function| setSessionTimeout function| focusBankingFormularElement function| toggleClassInRows function| SLURI function| moveBContent object| ifLoginHeaderTimer function| refreshClientTimeout function| refreshServerTimeout function| showCountdownLayer function| updateHeaderLoginIfPresent function| tick function| countdownShow function| callBreakHtml object| nbfDatePicker object| nbfTanInput function| selectListBoxItem function| editTeaserRef function| pagenav_statistics_send function| pagenav_statistics function| pagenav_scroll function| pagenav_scroll_window function| $ function| jQuery object| myif object| IF boolean| bcarouselAttached boolean| mkp_switcher1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
de-sparkasse-onlineservice.xyz/ | Name: PHPSESSID Value: knh4ussld0n6he4vi1hlr0fu4t |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
de-sparkasse-onlineservice.xyz
m-santander.de
op.of7.best
172.67.174.152
188.114.96.3
209.126.2.155
0953b37758ea0fe97892f833b84425dce3e3dee6419374cf439c373b0a159f2e
0e9eb66a1b33ae648ada3c56eb55fa149c4f1b88316b5a7255ca9b076740f451
25dd114c2f885924740de83597589835df1a394b84b1cf687585790462f95042
2b09bfaae201b4b85471fc79e4890ed850374b3751f3dbda255092b1740c4737
2ee73fd1898343f28de6ed91576db74c150e7f91fd9f6767ae1c52a503a4728a
56e9434317dee79ec08a0e26b77be2e4188fafa982f1e9b91d3103574f131b60
62cfb054088e29a0e576b434030c236c6101af0599e6f55cfe89b35a6186fba4
67284df54731fccb0b3c039cbeaab3474c057c5bc95accad964b13ef86eb1c8d
7771efb0493be3b72af4f72309fbcd3fc797ff5cb68411000809afb7906c2aa2
7bff2bf5fb283195a323aa0994f605e0710397955f82d54d8f4993993a5037d5
85ab3462e1b68b508a597e80ad0e5b8c9106b460978e5e9e259ddb8a554743ad
a9ef9d42dab6b5e3172ec15be7fa5605792b9cd28055eaa9efc29c91eb789da6
d57403a697fb7d9e5090e8958be0325c4ae6d09b72f6d67b9e2a666e6c6be335
e9b9f03e1a75cf22118a30e0503f346e8efb6859276d418e7d1a9a07f73f7002
eb726e7747d06812f1fd551161fb45b9aaa733f97e616eb1272ec9fc0501fa86
ee88f0851598c363b9b465dd2606efb934c3357aaed3274d0f4a2e6d40b86951
f4e07d2fb57dd99f228e0d5b6e4e7a8d051ae49bb9643d850ac10369a6158e35