www.sparda-bw.de
Open in
urlscan Pro
195.145.106.110
Malicious Activity!
Public Scan
Submitted URL: http://biallo.link/kbwa8dq3/
Effective URL: https://www.sparda-bw.de/baufinanzierung-finanzierungsrechner/
Submission: On February 16 via manual from DE — Scanned from DE
Effective URL: https://www.sparda-bw.de/baufinanzierung-finanzierungsrechner/
Submission: On February 16 via manual from DE — Scanned from DE
Summary
This website contacted 4 IPs
in 1 countries
across 4 domains to perform 24 HTTP transactions.
The main IP is 195.145.106.110, located in
Altenau, Germany and
belongs to DTAG Internet service provider operations, DE.
The main domain is www.sparda-bw.de.
The Cisco Umbrella rank of the primary domain is 947649.
TLS certificate: Issued by QuoVadis Europe EV SSL CA G1 on October 14th 2021. Valid for: a year.
This is the only time www.sparda-bw.de was scanned on urlscan.io!
TLS certificate: Issued by QuoVadis Europe EV SSL CA G1 on October 14th 2021. Valid for: a year.
This is the only time www.sparda-bw.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Volksbank (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 144.76.197.149 144.76.197.149 | 24940 (HETZNER-AS) (HETZNER-AS) | |
| 19 | 195.145.106.110 195.145.106.110 | 3320 (DTAG Inte...) (DTAG Internet service provider operations) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:82f::2008 | 15169 (GOOGLE) (GOOGLE) | |
| 4 | 62.156.146.15 62.156.146.15 | 3320 (DTAG Inte...) (DTAG Internet service provider operations) | |
| 24 | 4 |
19
195.145.106.110
(Altenau, Germany)
ASN3320 (DTAG Internet service provider operations, DE)
PTR: www.sparda-bw.de
ASN3320 (DTAG Internet service provider operations, DE)
PTR: www.sparda-bw.de
| www.sparda-bw.de |
1
2a00:1450:4001:82f::2008
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| www.googletagmanager.com |
4
62.156.146.15
(Langwedel, Germany)
ASN3320 (DTAG Internet service provider operations, DE)
ASN3320 (DTAG Internet service provider operations, DE)
| www.baufi-lead.de |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 19 |
sparda-bw.de
www.sparda-bw.de — Cisco Umbrella Rank: 947649 |
637 KB |
| 4 |
baufi-lead.de
www.baufi-lead.de |
344 KB |
| 1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 50 |
45 KB |
| 1 |
biallo.link
1 redirects
biallo.link |
362 B |
| 24 | 4 |
| Domain | Requested by | |
|---|---|---|
| 19 | www.sparda-bw.de |
www.sparda-bw.de
|
| 4 | www.baufi-lead.de |
www.sparda-bw.de
www.baufi-lead.de |
| 1 | www.googletagmanager.com |
www.sparda-bw.de
|
| 1 | biallo.link | 1 redirects |
| 24 | 4 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| sparda-bank-baden-wuerttemberg.genobroker-info.de |
| support.vimpay.de |
| mybaufi.sparda-bw.de |
| play.google.com |
| apps.apple.com |
| appgallery.huawei.com |
| www.facebook.com |
| www.instagram.com |
| www.youtube.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| www.sparda-bw.de QuoVadis Europe EV SSL CA G1 |
2021-10-14 - 2022-10-14 |
a year | crt.sh |
| *.google-analytics.com GTS CA 1C3 |
2022-01-17 - 2022-04-11 |
3 months | crt.sh |
| www.baufi-lead.de GlobalSign RSA OV SSL CA 2018 |
2021-01-27 - 2022-02-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.sparda-bw.de/baufinanzierung-finanzierungsrechner/
Frame ID: 6976F74B9C31521515877590C822A3D8
Requests: 25 HTTP requests in this frame
Screenshot
Page Title
FinanzierungsrechnerPage URL History Show full URLs
-
http://biallo.link/kbwa8dq3/
HTTP 302
https://www.sparda-bw.de/baufinanzierung-finanzierungsrechner/ Page URL
Detected technologies
Google Tag Manager
(Tag Managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <!-- (?:End )?Google Tag Manager -->
- googletagmanager\.com/gtm\.js
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
URL: https://sparda-bank-baden-wuerttemberg.genobroker-info.de/
Title: GENO Broker
Title: GENO Broker
Search URL Search Domain Scan URL
URL: https://support.vimpay.de/kategorie/vimpay-sparda/
Title: VIMpay
Title: VIMpay
Search URL Search Domain Scan URL
URL: https://mybaufi.sparda-bw.de/finanzrechner
Title: Finanzierung rechnen mit SpardaMyBaufi
Title: Finanzierung rechnen mit SpardaMyBaufi
Search URL Search Domain Scan URL
URL: https://play.google.com/store/apps/details?id=com.comeco.teo&hl=de
Search URL Search Domain Scan URL
URL: https://apps.apple.com/de/app/teo-lifestyle-banking/id1481553099
Search URL Search Domain Scan URL
URL: https://appgallery.huawei.com/#/app/C102982023
Search URL Search Domain Scan URL
URL: https://www.facebook.com/SpardaBW/?rf=199763706722497
Search URL Search Domain Scan URL
URL: https://www.instagram.com/spardabw/
Search URL Search Domain Scan URL
URL: https://www.youtube.com/user/SpardaWelt/featured?disable_polymer=1
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://biallo.link/kbwa8dq3/
HTTP 302
https://www.sparda-bw.de/baufinanzierung-finanzierungsrechner/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
www.sparda-bw.de/baufinanzierung-finanzierungsrechner/ Redirect Chain
|
105 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
HelveticaNeueLT-RomanWOFF2.woff2
www.sparda-bw.de/resources/styleguide/latest/fonts/ |
26 KB 27 KB |
Font
application/x-font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
SpardaIconFontWOFF2.woff2
www.sparda-bw.de/resources/styleguide/latest/fonts/ |
24 KB 25 KB |
Font
application/x-font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
styles.min.css
www.sparda-bw.de/resources/styleguide/latest/css/ |
344 KB 57 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
print.min.css
www.sparda-bw.de/resources/styleguide/latest/css/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
init.min.js
www.sparda-bw.de/resources/styleguide/latest/js/ |
149 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo-sparda-bank.svg
www.sparda-bw.de/admin/bank-logos/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gtm.js
www.googletagmanager.com/ |
118 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
appandroid.png
www.sparda-bw.de/hidden/layout/images/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
appios.png
www.sparda-bw.de/hidden/layout/images/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
apphuawei.png
www.sparda-bw.de/hidden/layout/images/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
all.min.js
www.sparda-bw.de/resources/styleguide/latest/js/ |
324 KB 76 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
cookie-inner-html.html
www.sparda-bw.de/internetauftritt/globale-technische-seiten/ |
8 KB 2 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sparda-baden-wuerttemberg_1400w.jpg
www.sparda-bw.de/internetauftritt/bilder/seitenhintergrund/ |
136 KB 136 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
baufi-renovierung_1400w.jpg
www.sparda-bw.de/internetauftritt/bilder/absatz-hintergruende/produkte/baufinanzierung/ |
104 KB 104 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
HelveticaNeueLT-BoldWOFF2.woff2
www.sparda-bw.de/resources/styleguide/latest/fonts/ |
37 KB 37 KB |
Font
application/x-font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
HelveticaNeueLT-MediumWOFF2.woff2
www.sparda-bw.de/resources/styleguide/latest/fonts/ |
27 KB 28 KB |
Font
application/x-font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
FivoSans-Light.otf
www.sparda-bw.de/resources/styleguide/latest/fonts/FivoSans/ |
45 KB 27 KB |
Font
application/x-font-opentype |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
HelveticaNeueLT-LightWOFF2.woff2
www.sparda-bw.de/resources/styleguide/latest/fonts/ |
27 KB 28 KB |
Font
application/x-font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
imports.js
www.baufi-lead.de/baufilead/partner/isyfU7WnHuwKXl0LmHIs77MGUUR8J5/ |
2 MB 237 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
43 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
javascript-konfigurationen.json
www.sparda-bw.de/internetauftritt/globale-technische-seiten/ |
6 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
partnerconfig.json
www.baufi-lead.de/baufilead/partner/isyfU7WnHuwKXl0LmHIs77MGUUR8J5/ |
23 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
postleitzahlen.json
www.baufi-lead.de/baufilead/partner/isyfU7WnHuwKXl0LmHIs77MGUUR8J5/ |
694 KB 103 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
imports.txt
www.baufi-lead.de/baufilead/partner/isyfU7WnHuwKXl0LmHIs77MGUUR8J5/ |
0 254 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Volksbank (Banking)40 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| dataLayer object| sparda function| $ function| jQuery string| necessaryValue string| functionalValue string| statisticsValue string| personalizationValue object| choices string| spardaPersonalizationRecommendationServiceUrl object| spardaPersonalizationCRMjson object| regionBasedFooterImages object| utag_data object| ParallaxScroll object| lightbox function| loadjs function| autosize function| onSubmitRecaptchaForm string| resourceBaseUrl function| loadTealium object| google_tag_manager string| baufilead_version string| baufilead_baseUrl string| baufilead_token function| isUnsupportedBrowser undefined| divTag object| baufiLeadNebenkostenRechner function| jqBl object| bl object| bl_globalContext function| __extends object| accountingBl function| baufiLeadErmittleNebenkostenBl object| baufiLeadNebenkostenRechnerBl function| baufiLeadErmittleNebenkosten function| createWatchExpression function| blAppendCss object| angularBl undefined| accounting6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| biallo.link/ | Name: JSESSIONID Value: DF0C76EC962153D538B14AE5326113B5 |
|
| www.sparda-bw.de/ | Name: iServer Value: !K5c2sW15umfDh6wpqNQzDXkDaxQEBfvroy++T1KDfGdagrxFSzw9DAsRN0k/ECY9DangaS2Vc2HcjHs= |
|
| www.sparda-bw.de/ | Name: TS01bff4a1 Value: 0131dfe881e4afd0ed8593eed08251c0162991e06919f5b2c0464ab200eace5167cd362228bdf011765248b1e4af8134cea5e6d07d |
|
| .sparda-bw.de/ | Name: sparda.checkCookie Value: test%20cookies |
|
| .sparda-bw.de/ | Name: sparda.cookieDisagreement Value: true |
|
| .sparda-bw.de/ | Name: sparda.trackingDisagreement Value: true |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Content-Security-Policy | upgrade-insecure-requests |
| Strict-Transport-Security | max-age=63072000; includeSubDomains; preload |
| X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
biallo.link
www.baufi-lead.de
www.googletagmanager.com
www.sparda-bw.de
144.76.197.149
195.145.106.110
2a00:1450:4001:82f::2008
62.156.146.15
030b5a184e124f839cefd4a08d9c7ddea2125cc12946760aab5893bf8f62e4d3
0dab8c098d6fea10c55e143ec30ccb954e056b300e5cd27665365aef0bee8310
0db1d55979bc77cf00ed70daecf5ca104e2ef92ab338c8d2dbce08831e394ecc
1606c8a9dba0d000a8620101988564b02efe24c4dc2c5ef74fd8157b660a0554
34522a4e71af8ad7ff0ca5bbd9c30b72d96eae6d500eaec3ce1acada20e9d6ba
3f149afbca6eb73cd5c4b2b9e356c5e9740b0762d76b9738b43c0bd1103b10b9
52b14da0d9c32a527fa6fc7ed5f928cb9e7affd289a21a94b87b528edc8660c3
64c94a91e1ff0df157d4311457b32335c35dfedf2ab56f68e774429cce131fac
688b72fb87903922902e4c039e0c755c21533ed9de5a5f5cf8adc423c8f6c8ee
8aba4ae225db23799a77c72c00d2448ff6c704653725a063fc80895f50479ac4
9cf33025a8b7ef59df53cc649879d33c4ca76f90a18eca7df257163c2438201c
a78555c56252819d4b415fdbb1aba157a90e7d5cd45ee6717afa8a824d701028
ac6aac69c3d2c2ca10390b8a3684a4bc8079e40c72ab4ba04c9393ea60f9605c
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b29e5c1635725d1f7808f072f41382ea81c606dc036dffc2eb366663e5ca8985
c1790ed197d8bdfa28d5d8f530e7336bdb44639c8d7d252d4a551c3c068df917
c90a7c9ffb7ebe84cfb4d7e3c07bdf8352c7729a86bfebc0f7bbaa196e3eafc3
dd8e78e8aa76ffdd1103a2fce17e1edcc3ccb9a6ee5cbf2462d413adafb3cebe
e20174f0e17243fd2a574d71da30882b214b7ca5ccf7df3bbb52dbef0c50efd9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6eceae6a11e0279d661566adad96d215a610c4452504a396a93f36cb1c53347
eb345f778901ca3cba392837d01a978ec38a29fb18f83c86e832418dfc604e68
ee0ba93e0feaeaab6865fce96a77eabed19c10fb09e037e1081f225e01bd31cb
efbc0a37ff0d97e04b628944ce66f6b66c22fe4a12fd2ad9d839a795c63a7a42
fe6db4f9e79c24bb69739b756983fe49d36c156733a20030cb3593788b8b79f8