id-vrbacking-sesionid.com Open in urlscan Pro
2606:4700:3031::ac43:c384 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.shribalaji.club/GYOLa
Effective URL:
https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
Submission Tags: phishing volksbank Search All
Submission: On May 20 via api (May 20th 2022, 9:30:14 am UTC) from DE — Scanned from DE

Summary HTTP 12 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 5 domains to perform 12 HTTP transactions. The main IP is 2606:4700:3031::ac43:c384, located in United States and belongs to CLOUDFLARENET, US. The main domain is id-vrbacking-sesionid.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 18th 2022. Valid for: a year.

This is the only time id-vrbacking-sesionid.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Volksbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3037::ac43:d539	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	2a06:98c1:312... 2a06:98c1:3120::a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2606:4700:303... 2606:4700:3031::ac43:c384	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	195.200.45.7 195.200.45.7	15590 (ATRUVIA) (ATRUVIA)
12	3

1 2606:4700:3037::ac43:d539 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.shribalaji.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3120::a (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

voba-entering.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:3031::ac43:c384 (United States)

ASN13335 (CLOUDFLARENET, US)

id-vrbacking-sesionid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.200.45.7 (Karlsruhe, Germany)

ASN15590 (ATRUVIA, DE)

www.volksbank-lindenberg.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	id-vrbacking-sesionid.com id-vrbacking-sesionid.com	148 KB
2	voba-entering.com 2 redirects voba-entering.com	1 KB
1	volksbank-lindenberg.de www.volksbank-lindenberg.de	286 B
1	shribalaji.club 1 redirects www.shribalaji.club	1 KB
0	Failed function sub() { [native code] }. Failed
12	5

	Domain	Requested by
10	id-vrbacking-sesionid.com	id-vrbacking-sesionid.com
2	voba-entering.com	2 redirects
1	www.volksbank-lindenberg.de	id-vrbacking-sesionid.com
1	www.shribalaji.club	1 redirects
0	www.volksbank-lindenberg.dehttps Failed	id-vrbacking-sesionid.com
12	5

This site contains links to these domains. Also see Links.

Domain
www.volksbank-lindenberg.de
www.vr.de

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-18` - `2023-05-17`	a year	crt.sh
volksbank-lindenberg.de QuoVadis Europe EV SSL CA G1	`2021-08-12` - `2022-08-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
Frame ID: 61B24DA93F8FD9CF62BC43E1702B77F1
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online-Banking - Volksbank eG

Page URL History Show full URLs

https://www.shribalaji.club/GYOLa HTTP 301
http://voba-entering.com/12345 HTTP 301
https://voba-entering.com/12345 HTTP 302
https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345 Page URL

Page Statistics

12
Requests

92 %
HTTPS

75 %
IPv6

5
Domains

5
Subdomains

3
IPs

2
Countries

149 kB
Transfer

383 kB
Size

4
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://www.volksbank-lindenberg.de/banking-privatehilfe/entry?&id=Index&style=bvr2014
Title: Hilfe

Search URL Search Domain Scan URL

URL: https://www.volksbank-lindenberg.de/banking-privatedemo/external?target=https%3A%2F%2Fwww.volksbank-lindenberg.de%2Fbanking-service%2Fsicherheit%2Fphishing-warnungen.html&source=S%3Aid%3AInfoExternerLink&s=302C02143ACEDAAD2F4C0BDEAA1DB634BF8368AE5C982982021455EFA98CA5223A809EC0D06C50EF84BE338FC68E&rzbk=0280&rzid=XC&vk=INT
Title: Wichtige Sicherheitshinweise!

Search URL Search Domain Scan URL

URL: https://www.volksbank-lindenberg.de/banking-privatedemo/external?target=https%3A%2F%2Fwww.volksbank-lindenberg.de%2Fcontent%2Fdam%2Fallgemeines%2Fvideo%2Frzfilme%2FFiducia_SecureGo_2016_HD.mp4&source=S%3Aid%3AInfoExternerLink&s=302C02145152D7284FAA5E7A8F926AF5F1C8D261A934DBC702146485812E83FE2D49AEA33116ED997C28DF1EDD61&rzbk=0280&rzid=XC&vk=INT
Title: Wie funktioniert das SecureGo-Verfahren?

Search URL Search Domain Scan URL

URL: https://www.volksbank-lindenberg.de/banking-privatedemo/external?target=https%3A%2F%2Fwww.vr-banking-app.de%2Fcontent%2Fdam%2Ff8885-0%2Fmedien_extern%2F150330_Smart-Tan-Plus.mp4&source=S%3Aid%3AInfoExternerLink&s=302D021466D8BF558565667D17D4D4F5A18C05CF6436A75602150081CC4D20DA0054494203B554BC05990E99CF5C4F&rzbk=0280&rzid=XC&vk=INT
Title: Wie funktioniert das Sm@rt TAN plus Verfahren?

Search URL Search Domain Scan URL

URL: https://www.volksbank-lindenberg.de/banking-privatedemo/external?target=https%3A%2F%2Fwww.vr-banking-app.de%2Fcontent%2Fdam%2Ff8885-0%2Fvideos%2F02VR_Banking.mp4&source=S%3Aid%3AInfoExternerLink&s=302C02144D86E44E71B60C50F790B4AD36E4A1280276E11A02147A95623FB6ED717C135F93924A0C9BE182987067&rzbk=0280&rzid=XC&vk=INT
Title: Wie funktioniert die VR-Banking App?

Search URL Search Domain Scan URL

URL: https://www.volksbank-lindenberg.de/banking-privatedemo/external?target=https%3A%2F%2Fwww.vr-banking-app.de%2Fcontent%2Fdam%2Ff8885-0%2Fvideos%2Fgiropay_kundenvideo_08_2014.mp4&source=S%3Aid%3AInfoExternerLink&s=302C02140C0F0AF50993B81C421561AA9D1D54F70DB675B2021475347342C84DF37B975B3676B6287BD697AFE5A2&rzbk=0280&rzid=XC&vk=INT
Title: Wie funktioniert giropay?

Search URL Search Domain Scan URL

URL: https://www.volksbank-lindenberg.de/banking-privatedemo/entry
Title: Zur Demo-Anwendung

Search URL Search Domain Scan URL

URL: https://www.vr.de/privatkunden/service/impressum1.html
Title: Impressum

Search URL Search Domain Scan URL

URL: https://www.vr.de/privatkunden/service/nutzungsbedingungen1.html
Title: Nutzungsbedingungen

Search URL Search Domain Scan URL

URL: https://www.volksbank-lindenberg.de/banking-privatehilfe/entry?&id=sicherheitshinweise&style=bvr2014
Title: Sicherheitshinweise

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.shribalaji.club/GYOLa HTTP 301
http://voba-entering.com/12345 HTTP 301
https://voba-entering.com/12345 HTTP 302
https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request entry Show response
id-vrbacking-sesionid.com/banking-private/
Redirect Chain

https://www.shribalaji.club/GYOLa
http://voba-entering.com/12345
https://voba-entering.com/12345
https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345

13 KB
4 KB

238ms
193ms

Document
text/html

2606:4700:3031::ac43:c384
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:c384 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27f543bf119b4cd60bfcf0ea749d15cfc39ac3f41fc24275b1dcacf2298f5ef4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 70e40d508c9691f5-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 20 May 2022 09:30:09 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F8LPWX01vka%2FSf54kPqMGMfEKMgWEvdwvgI%2B0H4iTPhGstyiRC%2BS6QY1yQmlfPv8BgcMfAiHbRemecTO7pnRezxPtFrBSN4E52Ur9SjPgwkqeveuU3S0M2%2BufdBp6b7v%2BjdiRVUEyeHddps8w80TyqX%2BGc%2FVdENq"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-served-by: id-vrbacking-sesionid.com

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 70e40d4f4ec6913d-FRA
content-type: text/html; charset=UTF-8
date: Fri, 20 May 2022 09:30:09 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vx0rRfYWTEVNYOf5droiUy2YzWCI3fiZHiFMNGX2zZcvnX7xSgbWbwc%2BjzpXl1C6VLYhgvrYwdqP2%2Fal5g4K3XzLeDK%2Fq6kZZjiKAfrXWeDRM9sknYaXWpz7Zxa2vE%2FDZdpWt2ZhdsxTLUCsZb7Teg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-served-by: voba-entering.com

GET
H2 200 volksbank.css
id-vrbacking-sesionid.com/banking-private/assets/ 225 KB
51 KB 260ms
256ms Stylesheet
text/css 2606:4700:3031::ac43:c384
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://id-vrbacking-sesionid.com/banking-private/assets/volksbank.css?v=1653039009
Requested by: Host: id-vrbacking-sesionid.com
URL: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:c384 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9cd3cfacee9c3934066ed45a9d814ca669f3bd5b55e99eb833ad045edad0b18d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 May 2022 09:30:09 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C1qc8CieOqIRJeCgKqS7LpkSj4YX9tg666fQhipyi0HOFXJNN3fe7cqMk9BAaQhNLJPZ7Yblk8z9mwpSnuMfSLFjv6dWlL3GxhBhLOBpmrP5%2FW%2FT1cxSv1WMI2wPcJy6pRZjFPfBcWf4iYu5DsBbx1WISH5ZjOUZ"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
x-served-by: id-vrbacking-sesionid.com
cf-ray: 70e40d51ee4391f5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 responsive.css
id-vrbacking-sesionid.com/banking-private/assets/ 67 KB
13 KB 154ms
151ms Stylesheet
text/css 2606:4700:3031::ac43:c384
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://id-vrbacking-sesionid.com/banking-private/assets/responsive.css
Requested by: Host: id-vrbacking-sesionid.com
URL: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:c384 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 861eba7e283d6f7f342fb806e81882126efbc0f0f9da931653bb84f3a770f8ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 May 2022 09:30:09 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6MQTCo8GOBes%2Bofdbzmgt02WfNGSsSxXZjEHnDU3UgSattfgMMNjZH5nckw3t1OIVS0f2RIPn%2FeEHRBaBm%2F9kl9HtVZozgYSNJfsaJ7YdqHaKzZvIHfAvbQzbcgPOI8wxL90ZGmXSuK8B3SexCJck19P8M5hqBZu"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
x-served-by: id-vrbacking-sesionid.com
cf-ray: 70e40d51ee4491f5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 design.css
id-vrbacking-sesionid.com/banking-private/assets/ 80 B
586 B 255ms
252ms Stylesheet
text/css 2606:4700:3031::ac43:c384
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://id-vrbacking-sesionid.com/banking-private/assets/design.css
Requested by: Host: id-vrbacking-sesionid.com
URL: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:c384 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e1584f5d1eef2d0d815ae6b3c2f6be610c6947d312b6573c02d96dfcdda5c4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 May 2022 09:30:09 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a0foTzcdi9nF5%2BnYqJnrj%2Bsl9Of68%2BFqXq3VaNIRum2W%2FTwwJJ5A2czTjNfsUddud%2FAi6dUC9kMYUn5kQO2N8tO5UMGOA1HTccwUjkUYNrom9SbCvXcT0yyl8bEEZhvVUI5M%2FD7Geicw%2FbcID8r%2BUVd%2FC1sE0vWe"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
x-served-by: id-vrbacking-sesionid.com
cf-ray: 70e40d51ee4591f5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 logo.png
id-vrbacking-sesionid.com/banking-private/assets/img/ 11 KB
11 KB 254ms
251ms Image
image/png 2606:4700:3031::ac43:c384
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id-vrbacking-sesionid.com/banking-private/assets/img/logo.png
Requested by: Host: id-vrbacking-sesionid.com
URL: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:c384 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5e82c983e0c377abdb421f93fe1591c356320b5ffad0a85c562186d29f508ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 20 May 2022 09:30:09 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10785
x-served-by: id-vrbacking-sesionid.com
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2%2BxQbIn34f95mSYodXTz9QNoRaoyRZ3goSBVH%2BpRtfC%2B6n2pPZY%2BYHNjKrsfxmOi%2BNHUNuIx0DIBWyDldaWGr4v502TDPLnj8NmG5uQm%2FVJD9bP5q79luDwYt474OtSKY0pHO4vwf5RiDPAPdNNXWfiQA3csfwnY"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
cf-ray: 70e40d51ee4f91f5-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 hilfe.jpg
id-vrbacking-sesionid.com/banking-private/assets/img/ 22 KB
22 KB 244ms
241ms Image
image/jpeg 2606:4700:3031::ac43:c384
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id-vrbacking-sesionid.com/banking-private/assets/img/hilfe.jpg
Requested by: Host: id-vrbacking-sesionid.com
URL: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:c384 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9bcf04a450538a155a0e7dcdcd1c0a3c8ee1d005a930f00a1ef8576afb3560c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 20 May 2022 09:30:09 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 22609
x-served-by: id-vrbacking-sesionid.com
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O84h7AhDYLttHhDejLoCXtOyb54lnrfTDKwGO4zV4l%2BCKumVNKbnbjSH%2BvuLADdpoM4tppDbOLwgy%2FqTWRjBQoUaB7YLgP7KfAE%2F1oQC8qa3Y%2FjtR4Tk9sZ1Ru9xS1EnHeYWjmvsrYIUUKcXQ%2F3JfhWfmI198PEP"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
cf-ray: 70e40d51ee5091f5-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 array.jpg
id-vrbacking-sesionid.com/banking-private/assets/img/ 22 KB
22 KB 244ms
242ms Image
image/jpeg 2606:4700:3031::ac43:c384
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id-vrbacking-sesionid.com/banking-private/assets/img/array.jpg
Requested by: Host: id-vrbacking-sesionid.com
URL: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:c384 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3f57a62d865ac54a3c8e41657b057220e3dea2a94b1662f40e3a470c42919e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 20 May 2022 09:30:09 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 22486
x-served-by: id-vrbacking-sesionid.com
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y0PTnbZ6iXriqwzfWUEvSA73Ao70Ojz%2BLCK8yWCv7tkJ8JXYSqyQdnE4e3VFYmanNtEtPO%2BrqTOw%2FPQ%2BBcIHyYpPCumXQKfNSPQwn9Q6NrEx9sFDWgfUTKvILQT8cK9U%2FpAhseI4U5NbGvA2QTSAqYfGQv02OFeG"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
cf-ray: 70e40d51ee5191f5-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 xhtml-filler
www.volksbank-lindenberg.de/banking-privatedemo/resource/ 43 B
286 B 97ms
14ms Image
image/gif 195.200.45.7
ATRUVIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.volksbank-lindenberg.de/banking-privatedemo/resource/xhtml-filler?rzbk=0280&rzid=XC&style=bvr2014

Requested by

Host: id-vrbacking-sesionid.com
URL: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

195.200.45.7 Karlsruhe, Germany, ASN15590 (ATRUVIA, DE),

Reverse DNS

Software

Resource Hash

33dcafb8470734f44deceefaeb93ca1f4a82f79f8b9a15c7b7176a10b7bde15b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id-vrbacking-sesionid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 20 May 2022 09:01:30 GMT
x-content-type-options: nosniff
age: 1719
strict-transport-security: max-age=31536000
content-type: image/gif
x-oneagent-js-injection: true
cache-control: max-age=10800
server-timing: dtRpid;desc="763090463", dtSInfo;desc="0"
accept-charset: UTF-8
content-length: 43
x-xss-protection: 1; mode=block
expires: Fri, 20 May 2022 12:01:30 GMT

GET xhtml-filler
www.volksbank-lindenberg.dehttps//www.volksbank-lindenberg.de/banking-privatedemo/resource/ 0
0

GET
H2 200 ebpe-infolink.svg
id-vrbacking-sesionid.com/assets/ 238 B
483 B 216ms
215ms Image
image/svg+xml 2606:4700:3031::ac43:c384
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id-vrbacking-sesionid.com/assets/ebpe-infolink.svg
Requested by: Host: id-vrbacking-sesionid.com
URL: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:c384 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ece0245da35fdd267a149939344cd40f8ef0ad634dfd4244b1beb10f512a1189

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 May 2022 09:30:09 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1JHl%2B64tom7VHH1NZDxUWYzblw0Ya01g252PiuQI%2FRL8bhPCH9tW9SeGrB16A4ENBiILe5kOPzYyM%2BFl5ZAjcxDW7omsrtuzLKhmfp%2BbHzKxCsJh8nIe%2BqxYv1uiz3IiFTvc6%2B7u2IOdduGt1VxIWAnNd2wttvxW"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: no-store, no-cache, must-revalidate
x-served-by: id-vrbacking-sesionid.com
cf-ray: 70e40d51ee5291f5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 up.jpg
id-vrbacking-sesionid.com/banking-private/assets/img/ 22 KB
22 KB 279ms
278ms Image
image/jpeg 2606:4700:3031::ac43:c384
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id-vrbacking-sesionid.com/banking-private/assets/img/up.jpg
Requested by: Host: id-vrbacking-sesionid.com
URL: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:c384 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 222d770aeffae244101da1ae3c157ccf7135a71923703173c35751c3bd18868f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 20 May 2022 09:30:09 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 22306
x-served-by: id-vrbacking-sesionid.com
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J1mVDb0GV8Wk2WIco9C08%2FZuAPuCZIOKQATr8zBxnJgFMf7Trr%2B0zOVjze2ZRhV1Gzu9Wqf2V%2BdN%2FvPZgVIKzxvHzAdpM7dq3Kdt5k8I95KmztIYH2iD57VV%2FO425XZoN8xcXxXoFKWgxvlyqtoeFFo007aR1E%2Bn"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
cf-ray: 70e40d51ee5591f5-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 email-decode.min.js Show response
id-vrbacking-sesionid.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 16ms
13ms Script
application/javascript 2606:4700:3031::ac43:c384
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://id-vrbacking-sesionid.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: id-vrbacking-sesionid.com
URL: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::ac43:c384 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id-vrbacking-sesionid.com/banking-private/entry?referrer=https://voba-entering.com/12345
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 20 May 2022 09:30:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 17 May 2022 19:29:40 GMT
server: cloudflare
etag: W/"6283f7a4-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TTT7TSJ%2Fbpax1XGlU9LPUpSpBkpl7yWDQl3aOGdt7uoLiAChoR0Euv1BPvnigb3naIMQ%2Bh73ItW1Hqu9pTv7wsz%2FDqrSMOHKBm5M7uSENfcK6y2hO7gi0WhG1X15z54zEbjA0diELn8umEvveK6cNFvJy5%2B2iGQn"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 70e40d51ee4a91f5-FRA
vary: Accept-Encoding
expires: Sun, 22 May 2022 09:30:09 GMT

GET
DATA 200
OK truncated
/ 329 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a07e35a0a48199eb5cde940517b95ba921bb4a58e173dfea2468c5e4b5578897

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=US-ASCII

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.volksbank-lindenberg.dehttps
URL: https://www.volksbank-lindenberg.dehttps//www.volksbank-lindenberg.de/banking-privatedemo/resource/xhtml-filler?rzbk=0280&rzid=XC&style=bvr2014

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Volksbank (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.shribalaji.club/	1970-01-20 03:10:46	Name: XSRF-TOKEN Value: eyJpdiI6Ijd1RTltTkY5OU9ObjkxKzlFdEk5dHc9PSIsInZhbHVlIjoidTc2NTJ3d05RT2Y4UHNoUWppbUZBYm9RSlVoZ2tZTFZabVYvc1hPZW9DOWNCd3pMNW5jSTRzSHBUSmpNUTJMcjB2bElWYm1qMTYrTTRUWWl0YVR3YmZaZ21CVHVUa2RjUWhvNFAyZ0FrWWRtQjdGZEhyVGFsR2QvRGlNenhLSzEiLCJtYWMiOiIyM2U0ZjQ5N2Y3NThiNDk4MzQ5OWVhNmMxNTVhNjA3OTNlNWY3M2I3MzViMGE3MTcyOWUwZjExZTgzZDA2MTMwIn0%3D
www.shribalaji.club/	1970-01-20 03:10:46	Name: shribalaji_session Value: eyJpdiI6Imc4blk1OFpDUXlWcDA5YXhXYXFEZ1E9PSIsInZhbHVlIjoiYUVtQmtENXYyTEdjWldNdXQzalZXajZRUDdSNm8xbGtvL1pzQlo5TXJSNExQZWZ2RG5nMEFKTmtNSXVtelV0RHo2ZXZxNHBXaW1YMVNmMEJOVHhDWFRFS2FmeHVVVlRNSzNuRHlEWTVNRjdDMlB3YnBjUGxpOExJck1DblI4RGciLCJtYWMiOiI3OTYyYjE0YjNhZGExMTNiYjk3ZDFiOTA5OTdiNmExYjI5ZDQxMDE3YjNkMmNmMDZkNThiY2UyMWYxNzhiYmRlIn0%3D
voba-entering.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: qmbbksfd21f1qs7vgjkoipm404
id-vrbacking-sesionid.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 4dp9m1ngojh1ousn6i82oqnebv

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.volksbank-lindenberg.dehttps//www.volksbank-lindenberg.de/banking-privatedemo/resource/xhtml-filler?rzbk=0280&rzid=XC&style=bvr2014 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

id-vrbacking-sesionid.com
voba-entering.com
www.shribalaji.club
www.volksbank-lindenberg.de
www.volksbank-lindenberg.dehttps
www.volksbank-lindenberg.dehttps
195.200.45.7
2606:4700:3031::ac43:c384
2606:4700:3037::ac43:d539
2a06:98c1:3120::a
222d770aeffae244101da1ae3c157ccf7135a71923703173c35751c3bd18868f
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
27f543bf119b4cd60bfcf0ea749d15cfc39ac3f41fc24275b1dcacf2298f5ef4
33dcafb8470734f44deceefaeb93ca1f4a82f79f8b9a15c7b7176a10b7bde15b
3e1584f5d1eef2d0d815ae6b3c2f6be610c6947d312b6573c02d96dfcdda5c4e
861eba7e283d6f7f342fb806e81882126efbc0f0f9da931653bb84f3a770f8ed
9cd3cfacee9c3934066ed45a9d814ca669f3bd5b55e99eb833ad045edad0b18d
a07e35a0a48199eb5cde940517b95ba921bb4a58e173dfea2468c5e4b5578897
c3f57a62d865ac54a3c8e41657b057220e3dea2a94b1662f40e3a470c42919e9
c5e82c983e0c377abdb421f93fe1591c356320b5ffad0a85c562186d29f508ff
ece0245da35fdd267a149939344cd40f8ef0ad634dfd4244b1beb10f512a1189
f9bcf04a450538a155a0e7dcdcd1c0a3c8ee1d005a930f00a1ef8576afb3560c

id-vrbacking-sesionid.com Open in urlscan Pro 2606:4700:3031::ac43:c384 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

12 Requests

92 %HTTPS

75 %IPv6

5 Domains

5 Subdomains

3 IPs

2 Countries

149 kBTransfer

383 kBSize

4 Cookies

10 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

4 Cookies

1 Console Messages

Indicators

id-vrbacking-sesionid.com Open in urlscan Pro
2606:4700:3031::ac43:c384 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

92 %
HTTPS

75 %
IPv6

5
Domains

5
Subdomains

3
IPs

2
Countries

149 kB
Transfer

383 kB
Size

4
Cookies

12 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!