meine-postbank.de-id49adh1ghaub18aghg1z87.com Open in urlscan Pro
176.121.14.62 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/
Effective URL:
https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login
Submission: On February 21 via manual (February 21st 2022, 2:40:51 pm UTC) from DE — Scanned from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 176.121.14.62, located in Ukraine and belongs to FLOWSPEC-AS, UA. The main domain is meine-postbank.de-id49adh1ghaub18aghg1z87.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on February 19th 2022. Valid for: a year.

This is the only time meine-postbank.de-id49adh1ghaub18aghg1z87.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Postbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 9	176.121.14.62 176.121.14.62	210138 (FLOWSPEC-AS) (FLOWSPEC-AS)
2	185.157.34.21 185.157.34.21	8373 (DEUBA-NET...) (DEUBA-NET Germany)
10	3

9 176.121.14.62 (Ukraine) 1 redirects

ASN210138 (FLOWSPEC-AS, UA)

meine-postbank.de-id49adh1ghaub18aghg1z87.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.157.34.21 (Bonn, Germany)

ASN8373 (DEUBA-NET Germany, DE)
PTR: meine.postbank.de

meine.postbank.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	de-id49adh1ghaub18aghg1z87.com 1 redirects meine-postbank.de-id49adh1ghaub18aghg1z87.com	223 KB
2	postbank.de meine.postbank.de — Cisco Umbrella Rank: 261262	93 KB
10	2

	Domain	Requested by
9	meine-postbank.de-id49adh1ghaub18aghg1z87.com	1 redirects meine-postbank.de-id49adh1ghaub18aghg1z87.com
2	meine.postbank.de	meine-postbank.de-id49adh1ghaub18aghg1z87.com
10	2

This site contains no links.

Subject Issuer	Validity	Valid
*.de-id49adh1ghaub18aghg1z87.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-19` - `2023-02-19`	a year	crt.sh
meine.postbank.de DigiCert EV RSA CA G2	`2021-06-17` - `2022-06-22`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login
Frame ID: 1A70D621263BFB52333A0603CC47FE8A
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login - Postbank Banking & Brokerage

Page URL History Show full URLs

https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/ HTTP 302
https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

316 kB
Transfer

446 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/ HTTP 302
https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request login Show response
meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/
Redirect Chain

https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/
https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login

60 KB
19 KB

426ms
426ms

Document
text/html

176.121.14.62
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: f5c8434b5294f3963a98471108de1d492ec5c70142df969353d6b47db43c19f2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx/1.10.3
Date: Mon, 21 Feb 2022 14:40:37 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 18691
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip

Redirect headers

Server: nginx/1.10.3
Date: Mon, 21 Feb 2022 14:40:37 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Location: login

GET
H/1.1 200
OK username.css
meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/CSS/ 42 KB
7 KB 344ms
343ms Stylesheet
text/css 176.121.14.62
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/CSS/username.css
Requested by: Host: meine-postbank.de-id49adh1ghaub18aghg1z87.com
URL: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: 482655e5c04fdf09bc0fd2f060a4f73dd2aaa15bcf4266f0aefea11a9bd77188

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 14:40:38 GMT
Content-Encoding: gzip
Last-Modified: Tue, 18 Jan 2022 00:57:16 GMT
Server: nginx/1.10.3
ETag: "a989-5d5d0c013f300-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7002

GET
H/1.1 200
OK jquery.min.js Show response
meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/JS/ 87 KB
30 KB 465ms
395ms Script
application/javascript 176.121.14.62
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/JS/jquery.min.js
Requested by: Host: meine-postbank.de-id49adh1ghaub18aghg1z87.com
URL: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 14:40:38 GMT
Content-Encoding: gzip
Last-Modified: Tue, 09 Feb 2021 12:50:20 GMT
Server: nginx/1.10.3
ETag: "15d84-5bae6baa25b00-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30910

GET
H/1.1 200
OK logo.svg
meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/IMAGES/ 3 KB
3 KB 385ms
315ms Image
image/svg+xml 176.121.14.62
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/IMAGES/logo.svg
Requested by: Host: meine-postbank.de-id49adh1ghaub18aghg1z87.com
URL: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: 44a485e43d7c032784496d17e884bdc41683d3ad3d9999287fa848a2f698ac20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 14:40:38 GMT
Last-Modified: Tue, 18 Jan 2022 00:58:08 GMT
Server: nginx/1.10.3
ETag: "a9e-5d5d0c32d6800"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2718

GET
H/1.1 200
OK logo-claim.svg
meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/IMAGES/ 3 KB
3 KB 386ms
316ms Image
image/svg+xml 176.121.14.62
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/IMAGES/logo-claim.svg
Requested by: Host: meine-postbank.de-id49adh1ghaub18aghg1z87.com
URL: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: fe5103f855975085f28d2a255145a386f30d2afe2a1b26fa9943d74b54859b7b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 14:40:38 GMT
Last-Modified: Tue, 18 Jan 2022 00:58:22 GMT
Server: nginx/1.10.3
ETag: "a05-5d5d0c4030780"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2565

GET
H/1.1 200
OK neujahr-login.jpg
meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/IMAGES/ 95 KB
95 KB 493ms
423ms Image
image/jpeg 176.121.14.62
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/IMAGES/neujahr-login.jpg
Requested by: Host: meine-postbank.de-id49adh1ghaub18aghg1z87.com
URL: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: 76fae2721126279d1b99b1ba178d639db3c9cef14feb31730273579b32f786a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 14:40:38 GMT
Last-Modified: Tue, 18 Jan 2022 00:58:41 GMT
Server: nginx/1.10.3
ETag: "17cdc-5d5d0c524f240"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 97500

GET
H/1.1 200
OK login-alte-anmeldung.jpg
meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/IMAGES/ 15 KB
15 KB 385ms
314ms Image
image/jpeg 176.121.14.62
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/IMAGES/login-alte-anmeldung.jpg
Requested by: Host: meine-postbank.de-id49adh1ghaub18aghg1z87.com
URL: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: 2afc1ff4a798ce317d694abd9ecb5dc5f7e1211f80e3864902c0f6da65746c14

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 14:40:38 GMT
Last-Modified: Tue, 18 Jan 2022 00:58:50 GMT
Server: nginx/1.10.3
ETag: "3c6f-5d5d0c5ae4680"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15471

GET
H/1.1 200
OK sicherheitshinweis.jpg
meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/IMAGES/ 50 KB
50 KB 438ms
438ms Image
image/jpeg 176.121.14.62
FLOWSPEC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/IMAGES/sicherheitshinweis.jpg
Requested by: Host: meine-postbank.de-id49adh1ghaub18aghg1z87.com
URL: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 176.121.14.62 , Ukraine, ASN210138 (FLOWSPEC-AS, UA),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: 1dba4aed649c01e3a9864ed3313c4b506525c74e107760f113b31dc044a0f452

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 14:40:38 GMT
Last-Modified: Tue, 18 Jan 2022 00:58:57 GMT
Server: nginx/1.10.3
ETag: "c7e0-5d5d0c6191640"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 51168

GET
DATA 200
OK truncated
/ 1016 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b46a500fcaaee5c95cbe3ebeb539f6f9a7a14978387f696ab6f092838e9c920

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK FrutigerLTW02-55Roman.woff2
meine.postbank.de/bundles/@pbs/patternlib_pb/lib/runtime/assets/fonts/Frutiger/ 48 KB
50 KB 124ms
15ms Font
font/woff2 185.157.34.21
DEUBA-NET Germany

General

Check archive.org

Show headers Download Go to

Full URL

https://meine.postbank.de/bundles/@pbs/patternlib_pb/lib/runtime/assets/fonts/Frutiger/FrutigerLTW02-55Roman.woff2

Requested by

Host: meine-postbank.de-id49adh1ghaub18aghg1z87.com
URL: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/CSS/username.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.157.34.21 Bonn, Germany, ASN8373 (DEUBA-NET Germany, DE),

Reverse DNS

meine.postbank.de

Software

Apache /

Resource Hash

0392b37cafa1d3eaf5f00c2594df53bea1f7c7059180098d4185a2425d580d1c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://bankapi-public.postbank.de https://bankapi.postbank.de https://smoke-api.postbank.de https://smoke-api-public.postbank.de https://www.postbank.de https://collect.tealiumiq.com https://collect-eu-central-1.tealiumiq.com https://visitor-service-eu-central-1.tealiumiq.com https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org; img-src 'self' https://www.postbank.de https://tp.postbank.de https://meine.postbank.de https://smoke-meine.postbank.de https://anlagemanager.postbank.de https://smoke-anlagemanager.postbank.de https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org data: blob:; script-src 'self' https://pb.media01.eu https://tags.tiqcdn.com https://www.postbank.de https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org 'unsafe-inline'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/
Origin: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 14:40:44 GMT
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 49372
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: authorization
Referrer-Policy: origin
Last-Modified: Wed, 03 Nov 2021 14:02:58 GMT
Server: Apache
X-Frame-Options: deny
ETag: "c0dc-5cfe2de054880"
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload;
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=15552000, must-revalidate
Content-Security-Policy: default-src 'self'; connect-src 'self' https://bankapi-public.postbank.de https://bankapi.postbank.de https://smoke-api.postbank.de https://smoke-api-public.postbank.de https://www.postbank.de https://collect.tealiumiq.com https://collect-eu-central-1.tealiumiq.com https://visitor-service-eu-central-1.tealiumiq.com https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org; img-src 'self' https://www.postbank.de https://tp.postbank.de https://meine.postbank.de https://smoke-meine.postbank.de https://anlagemanager.postbank.de https://smoke-anlagemanager.postbank.de https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org data: blob:; script-src 'self' https://pb.media01.eu https://tags.tiqcdn.com https://www.postbank.de https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org 'unsafe-inline'
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=434
Expires: Sat, 20 Aug 2022 14:40:44 GMT

GET
H/1.1 200
OK FrutigerLTW02-65Bold.woff2
meine.postbank.de/bundles/@pbs/patternlib_pb/lib/runtime/assets/fonts/Frutiger/ 41 KB
43 KB 122ms
15ms Font
font/woff2 185.157.34.21
DEUBA-NET Germany

General

Check archive.org

Show headers Download Go to

Full URL

https://meine.postbank.de/bundles/@pbs/patternlib_pb/lib/runtime/assets/fonts/Frutiger/FrutigerLTW02-65Bold.woff2

Requested by

Host: meine-postbank.de-id49adh1ghaub18aghg1z87.com
URL: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/pb/CSS/username.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.157.34.21 Bonn, Germany, ASN8373 (DEUBA-NET Germany, DE),

Reverse DNS

meine.postbank.de

Software

Apache /

Resource Hash

33f227be2f5d1077c023bf5bfaa69f4498c74c3771d820ac23e2e2ca2a2bcd0d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://bankapi-public.postbank.de https://bankapi.postbank.de https://smoke-api.postbank.de https://smoke-api-public.postbank.de https://www.postbank.de https://collect.tealiumiq.com https://collect-eu-central-1.tealiumiq.com https://visitor-service-eu-central-1.tealiumiq.com https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org; img-src 'self' https://www.postbank.de https://tp.postbank.de https://meine.postbank.de https://smoke-meine.postbank.de https://anlagemanager.postbank.de https://smoke-anlagemanager.postbank.de https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org data: blob:; script-src 'self' https://pb.media01.eu https://tags.tiqcdn.com https://www.postbank.de https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org 'unsafe-inline'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com/
Origin: https://meine-postbank.de-id49adh1ghaub18aghg1z87.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 14:40:44 GMT
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 42008
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: authorization
Referrer-Policy: origin
Last-Modified: Wed, 03 Nov 2021 14:02:58 GMT
Server: Apache
X-Frame-Options: deny
ETag: "a418-5cfe2de054880"
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload;
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=15552000, must-revalidate
Content-Security-Policy: default-src 'self'; connect-src 'self' https://bankapi-public.postbank.de https://bankapi.postbank.de https://smoke-api.postbank.de https://smoke-api-public.postbank.de https://www.postbank.de https://collect.tealiumiq.com https://collect-eu-central-1.tealiumiq.com https://visitor-service-eu-central-1.tealiumiq.com https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org; img-src 'self' https://www.postbank.de https://tp.postbank.de https://meine.postbank.de https://smoke-meine.postbank.de https://anlagemanager.postbank.de https://smoke-anlagemanager.postbank.de https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org data: blob:; script-src 'self' https://pb.media01.eu https://tags.tiqcdn.com https://www.postbank.de https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org 'unsafe-inline'
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=396
Expires: Sat, 20 Aug 2022 14:40:44 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Postbank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			meine-postbank.de-id49adh1ghaub18aghg1z87.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: tfgke50h6mqpqj64acor5eg242

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

meine-postbank.de-id49adh1ghaub18aghg1z87.com
meine.postbank.de
176.121.14.62
185.157.34.21
0392b37cafa1d3eaf5f00c2594df53bea1f7c7059180098d4185a2425d580d1c
1dba4aed649c01e3a9864ed3313c4b506525c74e107760f113b31dc044a0f452
2afc1ff4a798ce317d694abd9ecb5dc5f7e1211f80e3864902c0f6da65746c14
2b46a500fcaaee5c95cbe3ebeb539f6f9a7a14978387f696ab6f092838e9c920
33f227be2f5d1077c023bf5bfaa69f4498c74c3771d820ac23e2e2ca2a2bcd0d
44a485e43d7c032784496d17e884bdc41683d3ad3d9999287fa848a2f698ac20
482655e5c04fdf09bc0fd2f060a4f73dd2aaa15bcf4266f0aefea11a9bd77188
76fae2721126279d1b99b1ba178d639db3c9cef14feb31730273579b32f786a3
f5c8434b5294f3963a98471108de1d492ec5c70142df969353d6b47db43c19f2
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fe5103f855975085f28d2a255145a386f30d2afe2a1b26fa9943d74b54859b7b

meine-postbank.de-id49adh1ghaub18aghg1z87.com Open in urlscan Pro 176.121.14.62 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

316 kBTransfer

446 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

meine-postbank.de-id49adh1ghaub18aghg1z87.com Open in urlscan Pro
176.121.14.62 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

316 kB
Transfer

446 kB
Size

1
Cookies

10 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!