lavantatemizleme.com
Open in
urlscan Pro
92.204.220.54
Malicious Activity!
Public Scan
Submitted URL: https://www.locations-villas-vacances.fr/vacances/
Effective URL: https://lavantatemizleme.com/icon/spl/b99/wella/
Submission: On September 05 via manual from NL — Scanned from FR
Effective URL: https://lavantatemizleme.com/icon/spl/b99/wella/
Submission: On September 05 via manual from NL — Scanned from FR
Summary
This website contacted 4 IPs
in 2 countries
across 4 domains to perform 10 HTTP transactions.
The main IP is 92.204.220.54, located in
Strasbourg, France and
belongs to GODADDY-SXB, DE.
The main domain is lavantatemizleme.com.
TLS certificate: Issued by SSL.com RSA SSL subCA on June 23rd 2022. Valid for: 3 months.
This is the only time lavantatemizleme.com was scanned on urlscan.io!
TLS certificate: Issued by SSL.com RSA SSL subCA on June 23rd 2022. Valid for: 3 months.
This is the only time lavantatemizleme.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DKB (Banking)Community Verdicts: Malicious — 2 votes Show Verdicts
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 91.134.217.229 91.134.217.229 | 16276 (OVH) (OVH) | |
| 6 | 92.204.220.54 92.204.220.54 | 21499 (GODADDY-SXB) (GODADDY-SXB) | |
| 1 | 2a04:4e42::485 2a04:4e42::485 | 54113 (FASTLY) (FASTLY) | |
| 2 | 2606:4700::68... 2606:4700::6812:1734 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 10 | 4 |
1
91.134.217.229
(France)
ASN16276 (OVH, FR)
PTR: ip229.ip-91-134-217.eu
ASN16276 (OVH, FR)
PTR: ip229.ip-91-134-217.eu
| www.locations-villas-vacances.fr |
6
92.204.220.54
(Strasbourg, France)
ASN21499 (GODADDY-SXB, DE)
PTR: ip-92-204-220-54.ip.secureserver.net
ASN21499 (GODADDY-SXB, DE)
PTR: ip-92-204-220-54.ip.secureserver.net
| lavantatemizleme.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 6 |
lavantatemizleme.com
lavantatemizleme.com |
77 KB |
| 2 |
fontawesome.com
pro.fontawesome.com — Cisco Umbrella Rank: 10760 |
150 KB |
| 1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 493 |
24 KB |
| 1 |
locations-villas-vacances.fr
www.locations-villas-vacances.fr |
316 B |
| 10 | 4 |
| Domain | Requested by | |
|---|---|---|
| 6 | lavantatemizleme.com |
lavantatemizleme.com
|
| 2 | pro.fontawesome.com |
lavantatemizleme.com
pro.fontawesome.com |
| 1 | cdn.jsdelivr.net |
lavantatemizleme.com
|
| 1 | www.locations-villas-vacances.fr | |
| 10 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| locations-villas-vacances.fr R3 |
2022-08-21 - 2022-11-19 |
3 months | crt.sh |
| www.lavantatemizleme.com SSL.com RSA SSL subCA |
2022-06-23 - 2022-09-21 |
3 months | crt.sh |
| jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q1 |
2022-03-21 - 2023-04-22 |
a year | crt.sh |
| *.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-12-01 - 2023-01-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://lavantatemizleme.com/icon/spl/b99/wella/
Frame ID: A70B6C061946A40A636B78C56869E3A1
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://www.locations-villas-vacances.fr/vacances/ Page URL
- https://lavantatemizleme.com/icon/spl/b99/wella/ Page URL
Detected technologies
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www.locations-villas-vacances.fr/vacances/ Page URL
- https://lavantatemizleme.com/icon/spl/b99/wella/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
/
www.locations-villas-vacances.fr/vacances/ |
204 B 316 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
/
lavantatemizleme.com/icon/spl/b99/wella/ |
18 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.1.1/dist/css/ |
159 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
all.css
pro.fontawesome.com/releases/v5.10.0/css/ |
153 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.css
lavantatemizleme.com/icon/spl/b99/wella/style/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.svg
lavantatemizleme.com/icon/spl/b99/wella/assets/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
image2.jpg
lavantatemizleme.com/icon/spl/b99/wella/assets/ |
12 KB 12 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
image3.jpg
lavantatemizleme.com/icon/spl/b99/wella/assets/ |
29 KB 29 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.js
lavantatemizleme.com/icon/spl/b99/wella/plugin/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fa-solid-900.woff2
pro.fontawesome.com/releases/v5.10.0/webfonts/ |
120 KB 120 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Malicious
page.url
Submitted on
September 5th 2022, 5:37:54 pm
UTC —
From Netherlands
Threats:
Phishing
Comment: Sehr geehrter Kunde
Wir bedauern, Ihnen mitteilen zu müssen, dass wir Ihr Konto vorübergehend
eingeschränkt haben. GemäB der neuen Gesetzgebung sind wir verpflichtet, alle
unsere Firmenkonten in regelmäBigen Abständen auf die Gültigkeit der
gespeicherten Daten zu überprüfen. Eine Überprüfung Ihres Kontos ergab, dass Sie
das neue Sicherheitssystem *Dkb TAN2go*noch nicht aktiviert haben.
Bitte schlieBen Sie diesen Vorgang sofort ab, indem Sie auf den unten stehenden
Link klicken
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DKB (Banking)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| lavantatemizleme.com/ | Name: numberVictime Value: 733753 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
lavantatemizleme.com
pro.fontawesome.com
www.locations-villas-vacances.fr
2606:4700::6812:1734
2a04:4e42::485
91.134.217.229
92.204.220.54
2af905d92cfd34b5413126a54f639da408166cbbcb54318e413ad5e10b5bf6ec
516b8c6244cd8970cadf4941417cc05b363c57aa2a01fb470891f2c9e9d9578e
5408d9f3668d380c3148ecc04f9401c082f980a88d86962bc906baf0d7abdb28
6095c4b2fc25c6534e68ddcbcd1fb58f2634036f75262042c215c74a9285bc79
77e04a1fe76f9430622575d1d15e9c045fd97eae73f5cca7fb2d3602851ad884
80f04717f32ea0320c5e8618fbacedd1fee3a8775ad8292140a6113551d4b5b0
ad6176d092c8f91e5e488891ba2d895dbadab8eea63a1080d9f3199e0c073ec3
b0071cd7ccef32768966b353e2ff09d13e07ab31148944e5545803232c2341e9
d27aa8bf9677cf4ef12acd7b37afc20f1f661d7c163b929ae9caf103b01fce37
de763dedf5fbf5a7f0a42ca06cccba4f37f85a35a4bcb378ad5ae886c884bfcd