sparkse.info
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Public Scan
Effective URL: https://sparkse.info/Start
Submission: On May 09 via api from GB — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on May 5th 2023. Valid for: 3 months.
This is the only time sparkse.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparkasse (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 47.108.183.46 47.108.183.46 | 37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.) | |
1 1 | 185.230.61.180 185.230.61.180 | 58182 (WIX_COM) (WIX_COM) | |
1 26 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
26 | 2 |
ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)
w0d.cn |
ASN58182 (WIX_COM, IL)
PTR: unalocated.61.wixsite.com
mistermiyagi22.hopp.to |
Apex Domain Subdomains |
Transfer | |
---|---|---|
26 |
sparkse.info
1 redirects
sparkse.info |
981 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 231 |
28 KB |
1 |
hopp.to
1 redirects
mistermiyagi22.hopp.to |
517 B |
1 |
w0d.cn
1 redirects
w0d.cn |
388 B |
26 | 4 |
Domain | Requested by | |
---|---|---|
26 | sparkse.info |
1 redirects
sparkse.info
|
1 | cdnjs.cloudflare.com |
sparkse.info
|
1 | mistermiyagi22.hopp.to | 1 redirects |
1 | w0d.cn | 1 redirects |
26 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sparkse.info GTS CA 1P5 |
2023-05-05 - 2023-08-03 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://sparkse.info/Start
Frame ID: 8BD6E4E122681E15951BDE6B08D74624
Requests: 23 HTTP requests in this frame
Frame:
https://sparkse.info/cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/invisible.js
Frame ID: 78E1A21AB4A616C6F1FD3D8FECFF8E88
Requests: 3 HTTP requests in this frame
Screenshot
Page Title
Sparkasse | Wir ändern unsere Nutzungsbedingungen!Page URL History Show full URLs
-
http://w0d.cn/rget
HTTP 302
https://mistermiyagi22.hopp.to/sparkse HTTP 302
https://sparkse.info/Start Page URL
Detected technologies
Adobe Experience Manager (CMS) ExpandDetected patterns
- <div class="[^"]*parbase
RequireJS (JavaScript Frameworks) Expand
Detected patterns
- require.*\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://w0d.cn/rget
HTTP 302
https://mistermiyagi22.hopp.to/sparkse HTTP 302
https://sparkse.info/Start Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 22- https://sparkse.info/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
- https://sparkse.info/cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/invisible.js
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Start
sparkse.info/ Redirect Chain
|
153 KB 48 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sp_styles.css
sparkse.info/assets/css/ |
2 MB 214 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sp_scripts.js
sparkse.info/assets/js/ |
641 KB 159 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
toast.css
sparkse.info/assets/css/ |
639 KB 75 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sun.css
sparkse.info/assets/css/ |
14 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gridz_structure.css
sparkse.info/assets/css/ |
52 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
light_styles.css
sparkse.info/assets/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bread.svg
sparkse.info/assets/images/ |
22 KB 9 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
drink.svg
sparkse.info/assets/images/ |
976 B 874 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-2.jpg
sparkse.info/assets/images/ |
86 KB 86 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fetch
sparkse.info/if/neo.proxy/TUFJTkBwb3J0YWw=/neoif/neo/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.3/ |
88 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
require.js
sparkse.info/if/neo.proxy/TUFJTkBwb3J0YWw=/neoif/taoospm/js-min/lib/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Sparkasse_web_Rg.woff
sparkse.info/assets/css/cs_haspa/fonts/ |
41 KB 41 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pictos-if.woff
sparkse.info/assets/css/cs_haspa/fonts/ |
197 KB 198 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
SparkasseNEUMedium-Regular.woff2
sparkse.info/assets/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
SparkasseNEURg-Regular.woff2
sparkse.info/assets/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
SparkasseNEURg-Bold.woff2
sparkse.info/assets/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ospm_v2.css
sparkse.info/if/neo.proxy/TUFJTkBwb3J0YWw=/neoif/taoospm/css/ospm/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ospm_if_v2.css
sparkse.info/if/neo.proxy/TUFJTkBwb3J0YWw=/neoif/taoospm/css/ospm/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Start
sparkse.info/ |
38 KB 38 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Start
sparkse.info/ |
153 KB 48 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Sparkasse_web_Bd.woff
sparkse.info/assets/css/cs_haspa/fonts/ |
36 KB 37 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
invisible.js
sparkse.info/cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/ Frame 78E1 Redirect Chain
|
26 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pica.js
sparkse.info/cdn-cgi/challenge-platform/h/g/scripts/ Frame 78E1 |
6 KB 3 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
7c483d410fd91bc3
sparkse.info/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 78E1 |
2 B 638 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparkasse (Banking)47 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless object| IF6 function| getQueryParamValue string| IF6_lightbox_closeicon_text function| overlayShow function| overlayClose function| setSessionTimeout function| focusBankingFormularElement function| toggleClassInRows function| SLURI function| moveBContent object| ifLoginHeaderTimer function| refreshClientTimeout function| refreshServerTimeout undefined| startCountdownLayer function| showCountdownLayer function| updateHeaderLoginIfPresent function| tick function| countdownShow function| callBreakHtml object| nbfDatePicker object| nbfTanInput function| selectListBoxItem function| editTeaserRef function| pagenav_statistics_send function| pagenav_statistics function| pagenav_scroll function| pagenav_scroll_window function| $ function| jQuery object| myif object| IFNeoBridge string| ospm_initialServer string| ospm_baseUrl boolean| ospm_if object| ospm_pageData object| style object| style_if boolean| nbf number| timeLeft number| setTimer function| c number| dots function| type function| formatCardNumber number| timer3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
w0d.cn/ | Name: ASP.NET_SessionId Value: viza3rzegecjqoqa1nrcwsqs |
|
sparkse.info/ | Name: PHPSESSID Value: hc1bv8961tnifjafbuput6kfh6 |
|
.sparkse.info/ | Name: __cf_bm Value: KJ0XvC6OR.7E9Zb_HOK7Fh9XxHjvzQwLVHReclBXCkw-1683617451-0-AcfwtMdv9RsuDFqlezkoijaDGIDq3t1q6YxitOmFdvG2RXI1O/GqaiHcEMyxZBq3NaZ49oPaTHAVBAg1KAVugoXUlOhvfoq/OSqpsKpCxxjS |
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
mistermiyagi22.hopp.to
sparkse.info
w0d.cn
185.230.61.180
2606:4700::6811:190e
2a06:98c1:3120::3
47.108.183.46
0e9eb66a1b33ae648ada3c56eb55fa149c4f1b88316b5a7255ca9b076740f451
1586adc8f49ebd0d1deca54b3bc9d1850e7f299b0880b61e6520a7cf2f336a17
22e293166017618b14342bd640677f88274154a0fed8393cb056a16056348de4
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2ee73fd1898343f28de6ed91576db74c150e7f91fd9f6767ae1c52a503a4728a
340e931741c7162a2f4365577878e7b90d015114993168afbd2c40b674984380
385bbee80414712855e9a4250cd4dcbbff192dc79136cf99fa5b62075d3bb0ad
43ee040ac010fe5245c2cea4e7cf175f5b27c713d6b0a3ba9443c8a26c8980c5
670215d94b14cfa72f9d66889c0232173372b2b7956d84c5a6247dfa337093d8
74e29c203255ea561c5057e915995667190e189d02c3d5a3e840ab28d2b26b33
8cdb874ad1a4a0623414f048ec39df6607f87a6dd123830a9bfef18b359e8347
9b08252d579d6590cc6d8929376e0b305c79eced12fe7684f1df1701b2b31992
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e91bcf65d01abb7d971cf9dda8046e8c20f9c4c53b849c656301b46e7b8131e0
e9b9f03e1a75cf22118a30e0503f346e8efb6859276d418e7d1a9a07f73f7002
f4e07d2fb57dd99f228e0d5b6e4e7a8d051ae49bb9643d850ac10369a6158e35
f9ada1a458f60f2a8178aa6620bfcb7f19105e20db5549d40358cba260f3af05
fb2f4ba04607d232655bde091daa0392a2632d4c153aa451438c9f63a0f76606