sxb1plvwcpnl497350.prod.sxb1.secureserver.net
Open in
urlscan Pro
92.205.145.199
Malicious Activity!
Public Scan
Effective URL: https://sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/de/d8gobciz9k49ou3co61d6vd39u10x9/authentification.php?identification=
Submission: On January 03 via manual from DE — Scanned from US
Summary
TLS certificate: Issued by Starfield Secure Certificate Authorit... on August 2nd 2022. Valid for: a year.
This is the only time sxb1plvwcpnl497350.prod.sxb1.secureserver.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: targobank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 185.104.188.17 185.104.188.17 | 211033 (ASCORIAWEB) (ASCORIAWEB) | |
3 25 | 92.205.145.199 92.205.145.199 | 21499 (GODADDY-SXB) (GODADDY-SXB) | |
23 | 2 |
ASN211033 (ASCORIAWEB, ES)
PTR: vpslantalausev2.coriaweb.red
basquesummertutorial.eus |
ASN21499 (GODADDY-SXB, DE)
sxb1plvwcpnl497350.prod.sxb1.secureserver.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
25 |
secureserver.net
3 redirects
sxb1plvwcpnl497350.prod.sxb1.secureserver.net |
688 KB |
1 |
basquesummertutorial.eus
basquesummertutorial.eus |
257 B |
23 | 2 |
Domain | Requested by | |
---|---|---|
25 | sxb1plvwcpnl497350.prod.sxb1.secureserver.net |
3 redirects
sxb1plvwcpnl497350.prod.sxb1.secureserver.net
|
1 | basquesummertutorial.eus | |
23 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.basquesummertutorial.eus R3 |
2022-12-18 - 2023-03-18 |
3 months | crt.sh |
*.prod.sxb1.secureserver.net Starfield Secure Certificate Authority - G2 |
2022-08-02 - 2023-09-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/de/d8gobciz9k49ou3co61d6vd39u10x9/authentification.php?identification=
Frame ID: 3BA6BB4399CB0DB01EDB92E68E4ED698
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
Login Online Banking | TARGOBANKPage URL History Show full URLs
- https://basquesummertutorial.eus/wp-content/themes/targobb.php?acde=0&data=05|01||f148349f973149dc70a108daec9... Page URL
-
https://sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/de/
HTTP 302
https://sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/de/d8gobciz9k49ou3co61d6vd39u10x9 HTTP 301
https://sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/de/d8gobciz9k49ou3co61d6vd39u10x9/ HTTP 302
https://sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/de/d8gobciz9k49ou3co61d6vd39u10x9/authentification.p... Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
PHP (Programming Languages) Expand
Detected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://basquesummertutorial.eus/wp-content/themes/targobb.php?acde=0&data=05|01||f148349f973149dc70a108daec9b8a0b|84df9e7fe9f640afb435aaaaaaaaaaaa|1|0|638082450024407633|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000|||&sdata=hWVIXFjkqTD65dm%2BCfCirCRwJXewGwnPKzlz8sAB1wE%3D&reserved=0%3E Page URL
-
https://sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/de/
HTTP 302
https://sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/de/d8gobciz9k49ou3co61d6vd39u10x9 HTTP 301
https://sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/de/d8gobciz9k49ou3co61d6vd39u10x9/ HTTP 302
https://sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/de/d8gobciz9k49ou3co61d6vd39u10x9/authentification.php?identification= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
targobb.php
basquesummertutorial.eus/wp-content/themes/ |
125 B 257 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
authentification.php
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/de/d8gobciz9k49ou3co61d6vd39u10x9/ Redirect Chain
|
16 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ei_base.css
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/css/ |
597 KB 63 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
devb_base.css
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/css/ |
60 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ei_custom_responsive.css
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/css/ |
129 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery_ei.js
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/js/ |
105 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
auth.js
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/js/ |
431 B 238 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ei_custom_identification.css
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginpage.css
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/css/ |
6 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
targobank_icon_white.png
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/img/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
targobank_icon_white.svg
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/img/ |
1 KB 670 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
warning.svg
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/img/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-accordion-arrow-right.svg
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/img/ |
857 B 509 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
circular--400--normal.woff2
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/fonts/ |
59 KB 59 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
circular--500--normal.woff2
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/fonts/ |
64 KB 64 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
circular--700--normal.woff2
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/fonts/ |
66 KB 67 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fts_picto.woff2
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/fonts/ |
75 KB 75 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-check.svg
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/img/ |
614 B 435 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
service_online-sicherheit.jpg
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/img/ |
74 KB 74 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-accordion-arrow-down-white.svg
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/img/ |
622 B 377 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tan-verfahren.jpg
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/img/ |
175 KB 177 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
banking-app-620x450.jpg
sxb1plvwcpnl497350.prod.sxb1.secureserver.net/~fb56342ewese/anmeldung/files/img/ |
31 KB 32 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: targobank (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange undefined| jqueryIsLoaded boolean| jQueryIsLoaded function| $ function| jQuery function| ignoreSpaces object| revealPasswordButton0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
basquesummertutorial.eus
sxb1plvwcpnl497350.prod.sxb1.secureserver.net
185.104.188.17
92.205.145.199
00e8b18fd67868968f975af35f89792ab4860e32c07e6a7258f91a46971cb411
1aa3edd533940d94c1e417143713e5aaf22c2d269b0a205d611b770c6bb092c6
2720d64672af921ddb7ca2bb3c79052ddf6395c5f54ef1cd1aea2c989f103b72
29091caa6f2374957c15476e14ef16bedead97eac46bf90fa6c55f371331fe99
32c6efb0e6620b55ce6d9a1ae634da174b0babfb810acb4e4d3856298694ddd4
38f0377daa88051109bd6ac4a3ce7de239cf0a242c49fc5d399888ddbf760490
38fe38eba411d3098e3ebb5709178ce9f1fc56e1a3567fcaa18cb5a2395c23f5
39979f601f57f5d4cc6011bd5b8e5cafa2559eff1b5479a817f6f04ddbc83952
3c03272e4ac6537be4a8246e69fad3a8e9450184aec90298462a3d714a986199
45f2967a362f767a414c279f114b8f6bd293f3ab07d3753fe9abdd4080408c1a
4c55427d1280dc8c721f78d91954191ff0e1035e5a8ec602746c85b55cb3098a
5a33fcbf0f406c9e9e767d66a1f43462b8391ffb8e8aaf8de53248a1510e37aa
5ccdd17e06576785fb36b30e8f8e8b65a25fc90425b39404ab6ad6c53fc837bf
61522c11ffff187f4d054088e766e894aa6a6dbf629b4fbecf508213a22db680
64cd2352fc23c91fe8c05fd696ec62486e5383ca1fe8b67a7aa896a3c624434f
754235af94ace68ec407cdbdbcaab45f4baf868f32feb3ec0bca57adbc0c9193
9ca07cfe33a9de4a4f3bfcc9316fb85b84c52477ca36390201df492aec3007a7
bbd961c93397bc450f406fc284d8dfe569c39a5cdcbb04c6c847d6e57de60c47
bd3f8ad7d7bae1cf9602d0712875f6e9ab48f57d2a809acb8bcba779b60e3e17
c72f85dbad1c57bf7462549813dc310a6bbab6f366518fded579b660237fb8fa
cfefc3d1e1fd30433488f4faf720e638f0567faeee99cec325f7fb726f40db66
d718dd62959faa5f1f77404333840e1477147d4861287ed9f8b384681cf4ee93
eb778615c4b21352ae39e40e73fd6b23a30ad19526b06d6e9dd89d102f4be23f