www.grundschule-varlheide.de
Open in
urlscan Pro
178.16.62.184
Malicious Activity!
Public Scan
Submitted URL: https://welcome.to/khywzllq
Effective URL: https://www.grundschule-varlheide.de/CA/home/as/region.php?particulier
Submission: On October 20 via manual from FR — Scanned from FR
Effective URL: https://www.grundschule-varlheide.de/CA/home/as/region.php?particulier
Submission: On October 20 via manual from FR — Scanned from FR
Summary
This website contacted 3 IPs
in 2 countries
across 3 domains to perform 29 HTTP transactions.
The main IP is 178.16.62.184, located in
Germany and
belongs to MITTWALD-AS Mittwald CM Service GmbH und Co. KG, DE.
The main domain is www.grundschule-varlheide.de.
TLS certificate: Issued by R3 on August 28th 2023. Valid for: 3 months.
This is the only time www.grundschule-varlheide.de was scanned on urlscan.io!
TLS certificate: Issued by R3 on August 28th 2023. Valid for: 3 months.
This is the only time www.grundschule-varlheide.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Credit Agricole (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 2606:4700:303... 2606:4700:3033::ac43:dfa2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 13 41 | 178.16.62.184 178.16.62.184 | 15817 (MITTWALD-...) (MITTWALD-AS Mittwald CM Service GmbH und Co. KG) | |
| 1 | 151.101.194.132 151.101.194.132 | 54113 (FASTLY) (FASTLY) | |
| 29 | 3 |
41
178.16.62.184
(Germany)
ASN15817 (MITTWALD-AS Mittwald CM Service GmbH und Co. KG, DE)
ASN15817 (MITTWALD-AS Mittwald CM Service GmbH und Co. KG, DE)
| www.grundschule-varlheide.de |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 41 |
grundschule-varlheide.de
13 redirects
www.grundschule-varlheide.de |
960 KB |
| 1 |
tagcommander.com
cdn.tagcommander.com — Cisco Umbrella Rank: 15176 |
62 KB |
| 1 |
welcome.to
1 redirects
welcome.to |
563 B |
| 29 | 3 |
| Domain | Requested by | |
|---|---|---|
| 41 | www.grundschule-varlheide.de |
13 redirects
www.grundschule-varlheide.de
|
| 1 | cdn.tagcommander.com |
www.grundschule-varlheide.de
|
| 1 | welcome.to | 1 redirects |
| 29 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.credit-agricole.frsudmed |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| www.grundschule-varlheide.de R3 |
2023-08-28 - 2023-11-26 |
3 months | crt.sh |
| *.tagcommander.com Thawte RSA CA 2018 |
2023-02-09 - 2024-03-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.grundschule-varlheide.de/CA/home/as/region.php?particulier
Frame ID: 3535B45776E7917539FFE9E57ACE7853
Requests: 31 HTTP requests in this frame
Screenshot
Page Title
Accès CR - Crédit AgricolePage URL History Show full URLs
-
https://welcome.to/khywzllq
HTTP 302
https://www.grundschule-varlheide.de/CA/home HTTP 301
https://www.grundschule-varlheide.de/CA/home/ HTTP 302
https://www.grundschule-varlheide.de/CA/home/as/region.php?particulier Page URL
Detected technologies
Adobe Experience Manager
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <div class="[^"]*parbase
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
TagCommander
(Tag managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.tagcommander\.com
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
URL: https://www.credit-agricole.frsudmed/particulier/acces-cr-et-agence.html?origin=/content/ca/cr871/npc/fr/particulier/acces-cr-et-agence.html
Title: Autre caisse régionale
Title: Autre caisse régionale
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://welcome.to/khywzllq
HTTP 302
https://www.grundschule-varlheide.de/CA/home HTTP 301
https://www.grundschule-varlheide.de/CA/home/ HTTP 302
https://www.grundschule-varlheide.de/CA/home/as/region.php?particulier Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://www.grundschule-varlheide.de/CA/home/assets//clientlibStoreLocatorT34Part.min.css HTTP 301
- https://www.grundschule-varlheide.de/CA/home/assets/clientlibStoreLocatorT34Part.min.css
- https://www.grundschule-varlheide.de/CA/home/assets//clientlibStoreLocatorPart.min.css HTTP 301
- https://www.grundschule-varlheide.de/CA/home/assets/clientlibStoreLocatorPart.min.css
- https://www.grundschule-varlheide.de/CA/home/assets//utils.min.423ec59365a85ebded314ad7311ef508.js HTTP 301
- https://www.grundschule-varlheide.de/CA/home/assets/utils.min.423ec59365a85ebded314ad7311ef508.js
- https://www.grundschule-varlheide.de/CA/home/assets//clientlibHeader.min.js HTTP 301
- https://www.grundschule-varlheide.de/CA/home/assets/clientlibHeader.min.js
- https://www.grundschule-varlheide.de/CA/home/assets//contexthub HTTP 301
- https://www.grundschule-varlheide.de/CA/home/assets/contexthub
- https://www.grundschule-varlheide.de/CA/home/assets//common.js.t%C3%A9l%C3%A9chargement HTTP 301
- https://www.grundschule-varlheide.de/CA/home/assets/common.js.t%C3%A9l%C3%A9chargement
- https://www.grundschule-varlheide.de/CA/home/assets//util.js.t%C3%A9l%C3%A9chargement HTTP 301
- https://www.grundschule-varlheide.de/CA/home/assets/util.js.t%C3%A9l%C3%A9chargement
- https://www.grundschule-varlheide.de/CA/home/assets//controls.js.t%C3%A9l%C3%A9chargement HTTP 301
- https://www.grundschule-varlheide.de/CA/home/assets/controls.js.t%C3%A9l%C3%A9chargement
- https://www.grundschule-varlheide.de/CA/home/assets//places_impl.js.t%C3%A9l%C3%A9chargement HTTP 301
- https://www.grundschule-varlheide.de/CA/home/assets/places_impl.js.t%C3%A9l%C3%A9chargement
- https://www.grundschule-varlheide.de/CA/home/assets//clientlib-google-map.min.87a76470d686bc99a65e1f582ee93f13.js.t%C3%A9l%C3%A9chargement HTTP 301
- https://www.grundschule-varlheide.de/CA/home/assets/clientlib-google-map.min.87a76470d686bc99a65e1f582ee93f13.js.t%C3%A9l%C3%A9chargement
- https://www.grundschule-varlheide.de/CA/home/assets//clientlibStoreLocatorGeneral.min.fed0763fde2431a7c1b27d703f22ca4e.js.t%C3%A9l%C3%A9chargement HTTP 301
- https://www.grundschule-varlheide.de/CA/home/assets/clientlibStoreLocatorGeneral.min.fed0763fde2431a7c1b27d703f22ca4e.js.t%C3%A9l%C3%A9chargement
29 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
region.php
www.grundschule-varlheide.de/CA/home/as/ Redirect Chain
|
403 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clientlib-part.min.css
www.grundschule-varlheide.de/CA/home/assets/css/ |
1 MB 169 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clientlibStoreLocatorT33Part.min.css
www.grundschule-varlheide.de/CA/home/assets/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clientlibStoreLocatorT34Part.min.css
www.grundschule-varlheide.de/CA/home/assets/ Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clientlibBoutonVertPart.min.css
www.grundschule-varlheide.de/CA/home/assets/css/ |
0 140 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clientlibStoreLocatorPart.min.css
www.grundschule-varlheide.de/CA/home/assets/ Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
www.grundschule-varlheide.de/CA/home/assets/js/ |
148 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
utils.min.423ec59365a85ebded314ad7311ef508.js
www.grundschule-varlheide.de/CA/home/assets/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
granite.min.js
www.grundschule-varlheide.de/CA/home/assets/js/ |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clientlib-bootstrap-jquery.min.js
www.grundschule-varlheide.de/CA/home/assets/js/ |
572 KB 137 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clientlibHeader.min.js
www.grundschule-varlheide.de/CA/home/assets/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
contexthub
www.grundschule-varlheide.de/CA/home/assets/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
common.js.t%C3%A9l%C3%A9chargement
www.grundschule-varlheide.de/CA/home/assets/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
util.js.t%C3%A9l%C3%A9chargement
www.grundschule-varlheide.de/CA/home/assets/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
controls.js.t%C3%A9l%C3%A9chargement
www.grundschule-varlheide.de/CA/home/assets/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
places_impl.js.t%C3%A9l%C3%A9chargement
www.grundschule-varlheide.de/CA/home/assets/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
NPC-logo_Agir_chaque_jour_CA_H_Desktop-1.svg
www.grundschule-varlheide.de/CA/home/assets/img/ |
22 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
CA_Logo_seul-1.svg
www.grundschule-varlheide.de/CA/home/assets/img/ |
16 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clientlib-google-map.min.87a76470d686bc99a65e1f582ee93f13.js.t%C3%A9l%C3%A9chargement
www.grundschule-varlheide.de/CA/home/assets/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clientlibStoreLocatorGeneral.min.fed0763fde2431a7c1b27d703f22ca4e.js.t%C3%A9l%C3%A9chargement
www.grundschule-varlheide.de/CA/home/assets/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clientlib-npc-components.js
www.grundschule-varlheide.de/CA/home/assets/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
tc_PortailClientCreditAgricole_1.js
cdn.tagcommander.com/3315/ |
229 KB 62 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
84 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
CA_Logo_seul-1.svg
www.grundschule-varlheide.de/CA/home/assets/img/ |
16 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Gotham-Book.woff2
www.grundschule-varlheide.de/CA/home/assets/fonts/glyphicons/ |
41 KB 41 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
npcicons-crunchy.woff2
www.grundschule-varlheide.de/CA/home/assets/fonts/glyphicons/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ZDG-PartBP-NMB.png
www.grundschule-varlheide.de/CA/home/assets/img/ |
396 KB 399 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Gotham-Bold.woff2
www.grundschule-varlheide.de/CA/home/assets/fonts/glyphicons/ |
38 KB 39 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Gotham-Medium.woff2
www.grundschule-varlheide.de/CA/home/assets/fonts/glyphicons/ |
41 KB 41 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Gotham-Light.woff2
www.grundschule-varlheide.de/CA/home/assets/fonts/glyphicons/ |
39 KB 40 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Credit Agricole (Banking)42 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| matched object| browser object| Granite object| _g function| logger function| $CQ object| tc_vars string| code_cr function| callCreerConteneurTagCmd function| creerElementScript object| ContextHub function| onlyNumbers object| NPC function| isObjEmpty function| frToUsFormat function| isValidInterval function| nbJoursJusquaDate function| docReady function| remove_flickering_override function| start_hideTarget function| end_displayTarget function| hasParent undefined| tc_targetObject undefined| tc_cleanObjectOK undefined| tc_cleanObject undefined| tc undefined| CampagneXT undefined| rePC undefined| cookieTab undefined| storageTab undefined| auto_displayTarget undefined| swapStorage undefined| CampagnePC function| tc_events_1 function| tC object| tC_3315_1 object| caReady function| cact object| tc_array_events function| tC3315_12 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| welcome.to/ | Name: PHPSESSID Value: 3l3q6hcc5815rpetc8ib9s7u3r |
|
| www.grundschule-varlheide.de/ | Name: PHPSESSID Value: 1vn38b7chp1nbouki2uku0675m |
13 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.tagcommander.com
welcome.to
www.grundschule-varlheide.de
151.101.194.132
178.16.62.184
2606:4700:3033::ac43:dfa2
15ea345f59c74e8ccc53d8e656fa8df9eee1a3179eab4f5f44299bc195956250
21e6bc8af28a690ab768bab91afeeabea42d831bdeb0081e5eafc16c065e0cf0
2b4f1630e7cc5b5f4b6dd7b74888509cf60f756f29f3b4405cd0310c10155361
2dc8934cf8c8b835c34214a6a63ca8dd4f119c8ca47809840a703ae9d80122aa
319881caca6f5f0d1e8e24040579d93386008e39dee1045965124b86303143e1
3f51250e2d3ef478f59bc89cb67681b5ed423f8f8dc22062fb49e101e5032a2e
4a3b0d2a941677f6fb37a438d20deacc3cea1d6fdc728f72cf3d7ca099cc0ca9
5c44321c0ba44a1fa665ba4c928fbebd869a3082c458bd2d20a0d07a4e5fcc24
84baa6b2985340c41b978a432689248a8ddb4c8eb607b181759b4e9f5cba3078
a592bc0df18f3631c5ed0b5817764193c6c751b6da0b8cc59bc53d8207964adc
ba17f8257b1f710aa0e7136f4bd4b91a9a7db4f9cac2c409caf8708a64787303
cae7e6829e8b5cf95e813729a3c773a32c7ec09010020413ebc6bd04da940752
e266d1f2bcf1da0faff6964637fdcd9a4e47c50a7a56be74424f409f30c83c5e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef7739951d3aa42224c8019652debe1f25168ca9180a2068c448009540ff02ff
f0ec5a98b6f1682cdc0743b3db7680a2811ba5f207bb6ca8b90d415721d14ece
f37b11cbc5c54f12a2bb8e92bc7dd79240c475feb939cf01010e5213ecbd65f1