urlscan.io logo urlscan.io
SecurityTrails logo

nermann.sbs Open in urlscan Pro
104.21.20.55  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://nermann.sbs/lander/sber/
Effective URL: https://nermann.sbs/lander/sber/
Submission: On October 09 via api from RU — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 104.21.20.55, located in and belongs to CLOUDFLARENET, US. The main domain is nermann.sbs.
TLS certificate: Issued by WE1 on October 2nd 2024. Valid for: 3 months.
This is the only time nermann.sbs was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: SberBank (Banking)

Domain & IP information

IP Address AS Autonomous System
10 104.21.20.55 13335 (CLOUDFLAR...)
1 142.251.35.170 15169 (GOOGLE)
2 142.250.64.67 15169 (GOOGLE)
13 3
Apex Domain
Subdomains		 Transfer
10 nermann.sbs
nermann.sbs
85 KB
2 gstatic.com
fonts.gstatic.com
53 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30
1 KB
13 3
Domain Requested by
10 nermann.sbs nermann.sbs
2 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com nermann.sbs
13 3

This site contains no links.

Subject Issuer Validity Valid
nermann.sbs
WE1		 2024-10-02 -
2024-12-31		 3 months crt.sh
upload.video.google.com
WR2		 2024-09-16 -
2024-12-09		 3 months crt.sh
*.gstatic.com
WR2		 2024-09-16 -
2024-12-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://nermann.sbs/lander/sber/
Frame ID: A1DB199D8F8C4F2729640C87D8A361DD
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

СберБанк Инвестиции

Page URL History Show full URLs

  1. http://nermann.sbs/lander/sber/ HTTP 307
    https://nermann.sbs/lander/sber/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

139 kB
Transfer

266 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://nermann.sbs/lander/sber/ HTTP 307
    https://nermann.sbs/lander/sber/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
nermann.sbs/lander/sber/
Redirect Chain
  • http://nermann.sbs/lander/sber/
  • https://nermann.sbs/lander/sber/
16 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nermann.sbs/lander/sber/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.20.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf6b7d2eaaa09e68bdb1f57f38f3bc8ce69809bc6025efd3b664b6766749b279

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8cfe958b5af9c9a3-IAD
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 09 Oct 2024 13:05:47 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VFs%2F0o9IQ59vdm8xE9ibfwPXEjLT9FYNj4AV%2Bp1XQBrh9PDtjLmfztY8pEc0khHLG7WWwDwfeDOZ9uwKm9f0hohOIikj3EM2UV9%2Bhx2Rck2UxgZXbBJNDzExT2xWEA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
speculation-rules
"/cdn-cgi/speculation"
vary
accept-encoding

Redirect headers

Location
https://nermann.sbs/lander/sber/
Non-Authoritative-Reason
HttpsUpgrades
speculation
nermann.sbs/cdn-cgi/ 		128 B
558 B 		Other
General
Check archive.org
Download Go to
Full URL
https://nermann.sbs/cdn-cgi/speculation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.20.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://nermann.sbs
Referer
https://nermann.sbs/lander/sber/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xRaSnc0%2B4aLEcYp7QO3KFgDuP5zC3gxDI23xxCBIRKr7WElrqc%2FyWotn4D0oDGSVbIzbT8xEVMVs%2FfvmVS%2BRqkz8tV%2F54IjSnrM%2BpPLcK7wqlssQ4nqGuGGKmz4DxA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cfe958dabdcc9a3-IAD
access-control-allow-origin
https://nermann.sbs
alt-svc
h3=":443"; ma=86400
content-length
128
date
Wed, 09 Oct 2024 13:05:47 GMT
content-type
application/speculationrules+json
vary
Origin, Accept-Encoding
server
cloudflare
css2
fonts.googleapis.com/ 		11 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Montserrat:wght@200;300;400;500;600;700&display=swap
Requested by
Host: nermann.sbs
URL: https://nermann.sbs/lander/sber/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.35.170 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f10.1e100.net
Software
ESF /
Resource Hash
22798a759b5bb551c54279a9d91dda9608f9f363f5a2841edd243bd253c9fd9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nermann.sbs/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 09 Oct 2024 13:05:47 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 09 Oct 2024 13:05:47 GMT
content-type
text/css; charset=utf-8
last-modified
Wed, 09 Oct 2024 11:51:31 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
style.css
nermann.sbs/lander/sber/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nermann.sbs/lander/sber/css/style.css
Requested by
Host: nermann.sbs
URL: https://nermann.sbs/lander/sber/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.20.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
189cb1d1d218780257404bd21f67c5766244776d8fa55844e22f63e89ee79459

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nermann.sbs/lander/sber/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"6697b3d6-bd0"
age
44821
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q%2FVjg5HNo0635AW7mSQXjqRtC0MU%2BcSLj%2BeOvjRxp%2Fb6CSpVjOuJgH34jjam3XmuN%2FuorX6VH6ZK6s%2FRoT%2BZjlgGggemLfVeLP%2BvME4zSfngaJZJG8d64wVy8KNcHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Sat, 19 Oct 2024 00:38:46 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 13:05:47 GMT
content-type
text/css
last-modified
Wed, 17 Jul 2024 12:06:46 GMT
vary
Accept-Encoding
cache-control
max-age=864000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8cfe958dbbf8c9a3-IAD
access-control-allow-origin
*
server
cloudflare
landing.css
nermann.sbs/lander/sber/assets/landing/css/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nermann.sbs/lander/sber/assets/landing/css/landing.css
Requested by
Host: nermann.sbs
URL: https://nermann.sbs/lander/sber/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.20.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f02fef6e9154d43edbf9e8a7c30f9910d2d981ae7fb7582ac8f6b9350635df9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nermann.sbs/lander/sber/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"6697b3d6-10da"
age
81298
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K70imxggDd4w2GYhToDwYMkNe5V9hXsA%2B96FJQ5PKBPi%2FC1TiP1TUnfsfgKDP0iH2fXiwUM64rDyjsOrpAbk3WXNKh7%2Bs0t5ompDYM2t5IVj0rA5bvrfW0pGdo1BDw%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Fri, 18 Oct 2024 14:30:49 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 13:05:47 GMT
content-type
text/css
last-modified
Wed, 17 Jul 2024 12:06:46 GMT
vary
Accept-Encoding
cache-control
max-age=864000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8cfe958dbbfcc9a3-IAD
access-control-allow-origin
*
server
cloudflare
intlTelInput.css
nermann.sbs/lander/sber/assets/landing/css/ 		22 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nermann.sbs/lander/sber/assets/landing/css/intlTelInput.css
Requested by
Host: nermann.sbs
URL: https://nermann.sbs/lander/sber/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.20.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84507c031fc78d2b8449214cb58a09c018092a0ddc39bc91869d002d43f1c104

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nermann.sbs/lander/sber/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"6697b3d6-5974"
age
81298
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gbui3phC%2BnzSXGaZinLfHjB8ebiUpPJo%2BLmddTT1hBjVvJJraTm2kUwnXfnJdHQrvBdPf2Q6r3kMxFzreeo11iLHVuhr4yN2RhAvo67PEOJI7tVtWTF3ORSAFSE3lQ%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Fri, 18 Oct 2024 14:30:49 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 13:05:47 GMT
content-type
text/css
last-modified
Wed, 17 Jul 2024 12:06:46 GMT
vary
Accept-Encoding
cache-control
max-age=864000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8cfe958dbc00c9a3-IAD
access-control-allow-origin
*
server
cloudflare
jquery.min.js
nermann.sbs/lander/sber/assets/landing/js/ 		87 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nermann.sbs/lander/sber/assets/landing/js/jquery.min.js
Requested by
Host: nermann.sbs
URL: https://nermann.sbs/lander/sber/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.20.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nermann.sbs/lander/sber/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"6697b3d6-15d9f"
age
81298
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k4gJ0If4r7cJX72K950nEPK2QYECpfQCvANxWIqEOynqUklGSas1Lt54DWBoaE3NJpRCiDQd7DWdpEqNu40ISBtH3yyP%2FCqxosBPzShvuNLwTa7jcqZ30NMmB9phVA%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Fri, 18 Oct 2024 14:30:49 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 13:05:47 GMT
content-type
application/javascript
last-modified
Wed, 17 Jul 2024 12:06:46 GMT
vary
Accept-Encoding
cache-control
max-age=864000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8cfe958dbc05c9a3-IAD
access-control-allow-origin
*
server
cloudflare
jquery.validate.min.js
nermann.sbs/lander/sber/assets/landing/js/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nermann.sbs/lander/sber/assets/landing/js/jquery.validate.min.js
Requested by
Host: nermann.sbs
URL: https://nermann.sbs/lander/sber/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.20.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3183bfeda628b7c107abb16bdc206be17b6feb545e84fc660b45e87ba5179195

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nermann.sbs/lander/sber/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"6697b3d6-5f7e"
age
81298
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SmgHDSoHdqVLxU4TZu4bq7n9fQvmkU2SAFHoWB4byUsv%2BUMvE2zdP8NrrTuE562IL1lp1%2Fwm252dF%2BlSDhhpKtjr85xnCHRuFGcKpIgUHl%2BYKlFg8Ngu4NaD2r3rEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Fri, 18 Oct 2024 14:30:49 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 13:05:47 GMT
content-type
application/javascript
last-modified
Wed, 17 Jul 2024 12:06:46 GMT
vary
Accept-Encoding
cache-control
max-age=864000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8cfe958dbc07c9a3-IAD
access-control-allow-origin
*
server
cloudflare
form.js
nermann.sbs/lander/sber/assets/landing/js/ 		17 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nermann.sbs/lander/sber/assets/landing/js/form.js
Requested by
Host: nermann.sbs
URL: https://nermann.sbs/lander/sber/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.20.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5e6989bc6c282c097457238279dfed830042852d0cb2104082731da6b71b324

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nermann.sbs/lander/sber/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"6697b3d6-4215"
age
81298
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G5ik0RT%2BOANNL0eZs4tNm5hf2eIbFNssi%2BfBlvrup%2Fysoi4Ky7Fyju6G3ZRA6uIJfimXgWcQlTagX6RSnuWWxbHscXBrmedKnURe4q5x2VNaeGXiPDoTiW6QrVPN4w%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Fri, 18 Oct 2024 14:30:49 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 13:05:47 GMT
content-type
application/javascript
last-modified
Wed, 17 Jul 2024 12:06:46 GMT
vary
Accept-Encoding
cache-control
max-age=864000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8cfe958dbc08c9a3-IAD
access-control-allow-origin
*
server
cloudflare
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ 		32 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@200;300;400;500;600;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.64.67 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s30-in-f3.1e100.net
Software
sffe /
Resource Hash
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://nermann.sbs
Referer
https://fonts.googleapis.com/

Response headers

age
13422
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Thu, 09 Oct 2025 09:22:05 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 09 Oct 2024 09:22:05 GMT
last-modified
Wed, 13 Sep 2023 22:51:58 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
33092
x-xss-protection
0
server
sffe
JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2
fonts.gstatic.com/s/montserrat/v26/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@200;300;400;500;600;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.64.67 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s30-in-f3.1e100.net
Software
sffe /
Resource Hash
637f545351fbed7e7207fdf36e1381b0860f12fffde46a6fa43bdafcc7a05758
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://nermann.sbs
Referer
https://fonts.googleapis.com/

Response headers

age
744
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Thu, 09 Oct 2025 12:53:23 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 09 Oct 2024 12:53:23 GMT
last-modified
Wed, 13 Sep 2023 22:43:52 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
21288
x-xss-protection
0
server
sffe
ru.webp
nermann.sbs/lander/sber/assets/landing/img/flags/ 		226 B
717 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nermann.sbs/lander/sber/assets/landing/img/flags/ru.webp
Requested by
Host: nermann.sbs
URL: https://nermann.sbs/lander/sber/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.20.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b78bb1528859e7b96ea89758d222d630ec82842a2a89aa4e998f25c4421f8e6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nermann.sbs/lander/sber/

Response headers

cf-cache-status
HIT
etag
"6697b3d6-e2"
age
81297
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g%2FeQsDa4%2FK1lEZDKqqlrK7HwyqSViU1vZz7d7E%2BmexRoGlRoCYW5CmHPAppFpwbvoxs%2BazrMR6uBic1xJ4AC%2F0vSbjdbpL4DzwMAQ14LtQYzq7alpowXPaiBAtsFGA%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Fri, 18 Oct 2024 14:30:50 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 13:05:47 GMT
content-type
image/webp
last-modified
Wed, 17 Jul 2024 12:06:46 GMT
vary
Accept-Encoding
cache-control
max-age=864000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8cfe958e8f48c9a3-IAD
accept-ranges
bytes
access-control-allow-origin
*
content-length
226
server
cloudflare
logo.png
nermann.sbs/lander/sber/images/ 		28 KB
28 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://nermann.sbs/lander/sber/images/logo.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.20.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57d4ea85a60012dac3014e047b85f06cbfd126366ed5d6e52df87726204a41fa

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nermann.sbs/lander/sber/

Response headers

cf-cache-status
HIT
etag
"6697b3d6-6fe6"
age
67746
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iKNXvnvLgsUUk%2BgxxWEiX0O9pJ0%2Bm4wZhTPP690HnnDl7aO7u8Ub8STYtXeVG9%2BgJDyTK4kCmlYDpOg4Lf%2F0TezDZmqE2XeoMIosI9DeAkN90ZkwYZwOZlNgHNOZ7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Fri, 18 Oct 2024 18:16:41 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 13:05:47 GMT
content-type
image/png
last-modified
Wed, 17 Jul 2024 12:06:46 GMT
vary
Accept-Encoding
cache-control
max-age=864000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8cfe958f096cc9a3-IAD
accept-ranges
bytes
access-control-allow-origin
*
content-length
28646
server
cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: SberBank (Banking)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| phoneRegex number| numLimit string| phoneccValue string| countryName object| countryList object| countryData string| countryValue function| autoGeo function| numRule function| functionSuccess function| functionError function| functionBeforeSend function| limitText string| phonePlaceholder

1 Cookies

Domain/Path Name / Value
nermann.sbs/ Name: PHPSESSID
Value: u16ln3gcn1n8usibp00i9g3ujf