g2sh9dc52ej.online Open in urlscan Pro
2606:4700:3031::6815:5dbc Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://min.lc/spusht
Effective URL:
https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61
Submission: On November 10 via api (November 10th 2023, 12:33:38 pm UTC) from DE — Scanned from DE

Summary HTTP 19 Redirects Links 37 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 19 HTTP transactions. The main IP is 2606:4700:3031::6815:5dbc, located in United States and belongs to CLOUDFLARENET, US. The main domain is g2sh9dc52ej.online.
TLS certificate: Issued by GTS CA 1P5 on October 31st 2023. Valid for: 3 months.

This is the only time g2sh9dc52ej.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sparkasse (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 2	198.98.53.139 198.98.53.139	53667 (PONYNET) (PONYNET)
1 4	2606:4700:303... 2606:4700:3031::6815:5dbc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
2 4	185.85.1.81 185.85.1.81	20546 (SOPRADO-ANY) (SOPRADO-ANY)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
19	6

2 198.98.53.139 (Staten Island, United States) 2 redirects

ASN53667 (PONYNET, US)
PTR: s12139.my-control-panel.com

min.lc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3031::6815:5dbc (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

g2sh9dc52ej.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.85.1.81 (Germany) 2 redirects

ASN20546 (SOPRADO-ANY, DE)
PTR: ip-185-85-1-81.ax5z.com

sparkasse.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.sparkasse.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	sparkasse.de 2 redirects sparkasse.de — Cisco Umbrella Rank: 193084 www.sparkasse.de — Cisco Umbrella Rank: 256293	19 KB
4	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 335	46 KB
4	g2sh9dc52ej.online 1 redirects g2sh9dc52ej.online	862 KB
2	min.lc 2 redirects min.lc	672 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 762	30 KB
1	google.nl www.google.nl — Cisco Umbrella Rank: 10244
19	6

	Domain	Requested by
4	cdn.jsdelivr.net	g2sh9dc52ej.online
4	g2sh9dc52ej.online	1 redirects g2sh9dc52ej.online
2	www.sparkasse.de	g2sh9dc52ej.online
2	sparkasse.de	2 redirects
2	min.lc	2 redirects
1	code.jquery.com	g2sh9dc52ej.online
1	www.google.nl	g2sh9dc52ej.online
19	7

This site contains links to these domains. Also see Links.

Domain
www.sparkasse.de

Subject Issuer	Validity	Valid
g2sh9dc52ej.online GTS CA 1P5	`2023-10-31` - `2024-01-29`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61
Frame ID: 014E4C684EA2EDD95850D1E9D9DEC8D2
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login Online Banking

Page URL History Show full URLs

http://min.lc/spusht HTTP 301
https://min.lc/spusht HTTP 301
https://g2sh9dc52ej.online/booking/654d49c89ee61 Page URL
https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61 Page URL

Detected technologies

Select2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

select2(?:\.min|\.full)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

19
Requests

42 %
HTTPS

67 %
IPv6

6
Domains

7
Subdomains

6
IPs

2
Countries

1202 kB
Transfer

5315 kB
Size

3
Cookies

37 Outgoing links

These are links going to different origins than the main page.

URL: https://www.sparkasse.de/

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/service/sicherheit-im-internet.html
Title: Sicherheitshinweise

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/rund-ums-konto/online-banking.html
Title: Online-Banking

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/rund-ums-konto/girokonto.html
Title: Girokonto

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/rund-ums-konto/tagesgeldkonto.html
Title: Tagesgeldkonto

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/sparen-anlegen/festgeldkonto.html
Title: Festgeldkonto

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/sparen-anlegen/sparbuch.html
Title: Sparbuch

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/karten/aufladbare-kreditkarte.html
Title: Aufladbare Kreditkarte

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/karten/kreditkarte.html
Title: Kreditkarte

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/altersvorsorge/riester-rente.html
Title: Riester-Rente

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen.html
Title: Kredit

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/privatkredit.html
Title: Privatkredit

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/dispokredit.html
Title: Dispokredit

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/autokredit.html
Title: Autokredit

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/baufinanzierung.html
Title: Baufinanzierung

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/bausparen-bausparvertrag.html
Title: Bausparen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/bauspardarlehen.html
Title: Bauspardarlehen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/hypothekendarlehen.html
Title: Hypothekendarlehen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/themen.html
Title: Ihre Pläne

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/mehr-als-geld.html
Title: GemeinsamAllemGewachsen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/aktuelles.html
Title: Aktuelle Themen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/firmenkunden.html
Title: Firmenkunden

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/sparen-anlegen.html
Title: Sparen & Anlegen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/altersvorsorge.html
Title: Altersvorsorge

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/versicherungen.html
Title: Versicherungen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/karriere.html
Title: Karriere

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/filialen.html
Title: Filialen A-Z

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/geldautomaten.html
Title: Geldautomaten A-Z

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/service/finanzlexikon.html
Title: Finanzlexikon

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/service/sepa.html
Title: SEPA

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/service/karte-sperren.html
Title: Karte sperren

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/service/infocenter/sicherungssystem.html
Title: Sicherungssystem

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/rund-ums-konto/sparkassen-apps.html
Title: Sparkassen Apps

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/service/wir-ueber-uns.html
Title: Wir über uns

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/impressum.html
Title: Impressum

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/datenschutz.html
Title: Datenschutz

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/nutzungshinweise.html
Title: Nutzungshinweise

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://min.lc/spusht HTTP 301
https://min.lc/spusht HTTP 301
https://g2sh9dc52ej.online/booking/654d49c89ee61 Page URL
https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://min.lc/spusht HTTP 301
https://min.lc/spusht HTTP 301
https://g2sh9dc52ej.online/booking/654d49c89ee61

Request Chain 3

https://g2sh9dc52ej.online/online/sparkasse/controleren/select2.min.js HTTP 302
https://www.google.nl/

Request Chain 4

https://sparkasse.de/content/dam/sparkasse/logo_ini.svg HTTP 301
https://www.sparkasse.de/content/dam/sparkasse/logo_ini.svg

Request Chain 7

https://sparkasse.de/content/dam/sparkasse/logo_ini.svg HTTP 301
https://www.sparkasse.de/content/dam/sparkasse/logo_ini.svg

Request Chain 9

https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/Sparkasse_web_Rg.woff HTTP 302
https://www.google.nl/

Request Chain 10

https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/Sparkasse_web_Bd.woff HTTP 302
https://www.google.nl/

Request Chain 14

https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/pictos-if.woff HTTP 302
https://www.google.nl/

Request Chain 15

https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/Sparkasse_web_Md.woff HTTP 302
https://www.google.nl/

Request Chain 18

https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/Sparkasse_web_Rg.ttf HTTP 302
https://www.google.nl/

Request Chain 19

https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/Sparkasse_web_Bd.ttf HTTP 302
https://www.google.nl/

Request Chain 20

https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/pictos-if.ttf HTTP 302
https://www.google.nl/

Request Chain 21

https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/Sparkasse_web_Md.ttf HTTP 302
https://www.google.nl/

19 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

654d49c89ee61 Show response
g2sh9dc52ej.online/booking/
Redirect Chain

http://min.lc/spusht
https://min.lc/spusht
https://g2sh9dc52ej.online/booking/654d49c89ee61

96 B
641 B

394ms
285ms

Document
text/html

2606:4700:3031::6815:5dbc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g2sh9dc52ej.online/booking/654d49c89ee61
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:5dbc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34952db3c79924d1599d2034b7cbcc7e5bbfe71b17f1cb713b2dfa885ebd5c5e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 823e530ccd8318d2-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 10 Nov 2023 12:33:31 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A9Gwndynhgd2RjSKsjidKnuAQXeSp7%2BD5oyhXYrPBxC2dVU7FlknHoYwbNwucNiGzJLxnuIqiyAGeI3Oqw4Ri5NpVuRl7oUasIjKh4ZNcRsdEUVGSt1tm5SuoTT8gxLU9btg5i0ycUqw8%2Bp6KVWDzCc%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control: no-store, no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 10 Nov 2023 12:33:31 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://g2sh9dc52ej.online/booking/654d49c89ee61
pragma: no-cache
server: LiteSpeed
x-powered-by: PHP/7.4.33

GET
H2 200 Primary Request 654d49c89ee61 Show response
g2sh9dc52ej.online/online/sparkasse/controleren/ 5 MB
859 KB 114ms
113ms Document
text/html 2606:4700:3031::6815:5dbc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:5dbc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c360522de0b364c514019025081c8aa440b1bcc3de1060e65ffe05962034666

Request headers

Referer: https://g2sh9dc52ej.online/booking/654d49c89ee61
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 823e530eb80118d2-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 10 Nov 2023 12:33:32 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GkhR9ObjOEMpvRryC%2BiDS8jZdA4yhKLzAHJcvp%2BrVqwXuplWm42e34JcVxUnhOC1Jwh1Cb2baol7ON3lQHLFPG9DVaUKZSXJcJYQJAl2nbe5YHjvCfSyMVzm%2B%2FfOY69sLGlip%2Bv3gvzW9PZ9D8A%2FPzI%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 select2.min.css
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/ 16 KB
3 KB 155ms
62ms Stylesheet
text/css 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css

Requested by

Host: g2sh9dc52ej.online
URL: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2sh9dc52ej.online/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 10 Nov 2023 12:33:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 10654619
x-jsd-version: 4.1.0-rc.0
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230031-FRA, cache-yyz4539-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"3f88-kT+fe5U1rseQyjzp1uNaz682mZM"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yhMhYbCT6P4WYxSaNuOZqFQIbcr%2FDf2PL52bo5OzN%2BC6Ed5Dur5KDf3NN070JoqqnqEE%2F%2BV7j7FpmdhXnlpvvq31%2FheG9%2FE5kKPqXLZlKYm2CDX4%2BZ3CyX8GhCMOOs7l%2B8OlhK9fSo4dL7J034M%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 823e53100b6a5d9e-FRA

GET
H2 200 select2.min.js Show response
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/ 71 KB
20 KB 164ms
71ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js

Requested by

Host: g2sh9dc52ej.online
URL: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2sh9dc52ej.online/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 10 Nov 2023 12:33:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 728184
x-jsd-version: 4.1.0-rc.0
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230044-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"11dcb-beEOdKmS/KFegD2RDRMPgmYxy4Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VLsK%2FmdNK%2BsGrKMQ%2F4A4m601fkD%2BgDhtikuFgLgY5b5huh2%2Fy2ObKUTfEzpYp3UXk2zDo2Ubb8RxnhbYxH4PKZYO2pSJmCO4WGsrUH0CpGLY3SX03MfFHrCO8hhB%2FfvlgQ471f1UlJ%2FgTZH%2FxaQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 823e53100b6e5d9e-FRA

GET
H2

200

/ Show response
www.google.nl/
Redirect Chain

https://g2sh9dc52ej.online/online/sparkasse/controleren/select2.min.js
https://www.google.nl/

0
0

251ms
144ms

Script
text/html

2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.nl/
Requested by: Host: g2sh9dc52ej.online
URL: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61
Protocol: H2
Server: 2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2sh9dc52ej.online/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Redirect headers

pragma: no-cache
date: Fri, 10 Nov 2023 12:33:32 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sfueZI%2BjUXGvAH9jaVBf9RgiJuxc6rYBK1EMprOy%2B4Xqbo0OnJHNA3uqZ0ldeV5H32y1eh2VGZhTmLiZ7fg2IWKBml9eVHSoRLmh9RmCYd7Ctw292hGnPYQiDiyVzSWWnoEzAmxKjrvwNOkM6dsLgUw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
location: https://www.google.nl
cache-control: no-store, no-cache, must-revalidate
cf-ray: 823e530f7bff65d7-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2

200

logo_ini.svg
www.sparkasse.de/content/dam/sparkasse/
Redirect Chain

https://sparkasse.de/content/dam/sparkasse/logo_ini.svg
https://www.sparkasse.de/content/dam/sparkasse/logo_ini.svg

22 KB
9 KB

77ms
53ms

Image
image/svg+xml

185.85.1.81
SOPRADO-ANY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sparkasse.de/content/dam/sparkasse/logo_ini.svg

Requested by

Host: g2sh9dc52ej.online
URL: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61

Protocol

Server

185.85.1.81 , Germany, ASN20546 (SOPRADO-ANY, DE),

Reverse DNS

ip-185-85-1-81.ax5z.com

Software

myracloud /

Resource Hash

2ee73fd1898343f28de6ed91576db74c150e7f91fd9f6767ae1c52a503a4728a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2sh9dc52ej.online/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 10 Nov 2023 12:33:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 Mar 2019 15:37:12 GMT
server: myracloud
content-encoding: gzip
vary: accept-encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: max-age=0
content-disposition: attachment; filename="logo_ini.svg"
accept-ranges: bytes
content-length: 8985
x-xss-protection: 1; mode=block
expires: Fri, 10 Nov 2023 12:33:32 GMT

Redirect headers

date: Fri, 10 Nov 2023 12:33:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: myracloud
etag: "myra-75459f3a"
content-type: text/html; charset=iso-8859-1
location: https://www.sparkasse.de/content/dam/sparkasse/logo_ini.svg
cache-control: max-age=0
content-length: 267
x-xss-protection: 1; mode=block
expires: Fri, 10 Nov 2023 12:33:32 GMT

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 187ms
57ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: g2sh9dc52ej.online
URL: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2sh9dc52ej.online/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 10 Nov 2023 12:33:32 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 4381512
x-cache: HIT, HIT
content-length: 30875
x-served-by: cache-lga21931-LGA, cache-sof1510038-SOF
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1699619612.400820,VS0,VE0
etag: W/"28feccc0-15d9d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 25, 3271114

GET
H3 200 control.js Show response
g2sh9dc52ej.online/js/sparkasse/ 4 KB
1 KB 109ms
109ms Script
application/javascript 2606:4700:3031::6815:5dbc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g2sh9dc52ej.online/js/sparkasse/control.js
Requested by: Host: g2sh9dc52ej.online
URL: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:5dbc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54b3e380ddc56858898ae80bd3b8d20062655ee00132357cffe37ebb54b893d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 10 Nov 2023 12:33:32 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 27 Nov 2022 06:43:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"ec8-5ee6e133aff00-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F8FxF45jZkta%2FAgUyZzkfs77SoIAO9kiliYgIKu5Km5cRS4pi6is%2FO1ioexogrjQ8XhaXMSj7cuhsu%2BuS1Y9jINo58xF7502i7jkVHthu06jBHQyPO%2Fq%2BA16qUK7YSOFscXcclLgOTGLjmHbUpat6Mk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 823e5311ff2a65d7-FRA
alt-svc: h3=":443"; ma=86400

GET
H2

200

logo_ini.svg
www.sparkasse.de/content/dam/sparkasse/
Redirect Chain

https://sparkasse.de/content/dam/sparkasse/logo_ini.svg
https://www.sparkasse.de/content/dam/sparkasse/logo_ini.svg

22 KB
9 KB

53ms
53ms

Image
image/svg+xml

185.85.1.81
SOPRADO-ANY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sparkasse.de/content/dam/sparkasse/logo_ini.svg

Requested by

Host: g2sh9dc52ej.online
URL: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61

Protocol

Server

185.85.1.81 , Germany, ASN20546 (SOPRADO-ANY, DE),

Reverse DNS

ip-185-85-1-81.ax5z.com

Software

myracloud /

Resource Hash

2ee73fd1898343f28de6ed91576db74c150e7f91fd9f6767ae1c52a503a4728a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2sh9dc52ej.online/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 10 Nov 2023 12:33:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 Mar 2019 15:37:12 GMT
server: myracloud
content-encoding: gzip
vary: accept-encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: max-age=0
content-disposition: attachment; filename="logo_ini.svg"
accept-ranges: bytes
content-length: 8985
x-xss-protection: 1; mode=block
expires: Fri, 10 Nov 2023 12:33:32 GMT

Redirect headers

date: Fri, 10 Nov 2023 12:33:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: myracloud
etag: "myra-75459f3a"
content-type: text/html; charset=iso-8859-1
location: https://www.sparkasse.de/content/dam/sparkasse/logo_ini.svg
cache-control: max-age=0
content-length: 267
x-xss-protection: 1; mode=block
expires: Fri, 10 Nov 2023 12:33:32 GMT

GET
H2 200 select2.min.css
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/ 16 KB
2 KB 50ms
49ms Stylesheet
text/css 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css

Requested by

Host: g2sh9dc52ej.online
URL: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2sh9dc52ej.online/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 10 Nov 2023 12:33:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 10654619
x-jsd-version: 4.1.0-rc.0
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230031-FRA, cache-yyz4539-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"3f88-kT+fe5U1rseQyjzp1uNaz682mZM"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T7HRVqMlP5R7NtejWnwfFVITvGbwIRTzu5VmNb65MX5ZlD07z5s%2F%2BzwengK%2BQKyWHH85PTOvLCMnB0asdWX0qOS8LH25GnujAU9KDkhtqDGcUOr0S1jDaE564L7yVa9dWtBPoZcdDPmmrgG4R%2Bo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 823e53135fc55d9e-FRA

GET

/
www.google.nl/
Redirect Chain

https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/Sparkasse_web_Rg.woff
https://www.google.nl/

0
0

GET

/
www.google.nl/
Redirect Chain

https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/Sparkasse_web_Bd.woff
https://www.google.nl/

0
0

GET
DATA 200
OK truncated
/ 41 KB
41 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0e9eb66a1b33ae648ada3c56eb55fa149c4f1b88316b5a7255ca9b076740f451

Request headers

Referer
Origin: https://g2sh9dc52ej.online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type: font/woff

GET
DATA 200
OK truncated
/ 36 KB
36 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e9b9f03e1a75cf22118a30e0503f346e8efb6859276d418e7d1a9a07f73f7002

Request headers

Referer
Origin: https://g2sh9dc52ej.online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type: font/woff

GET
H3 200 select2.min.js Show response
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/ 71 KB
20 KB 58ms
57ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js

Requested by

Host: g2sh9dc52ej.online
URL: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2sh9dc52ej.online/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 10 Nov 2023 12:33:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 22564790
x-jsd-version: 4.1.0-rc.0
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230125-FRA, cache-yyz4535-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"11dcb-beEOdKmS/KFegD2RDRMPgmYxy4Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hJRlDkYpibVo8nM7PJn6DwpvlZaLDguAVD%2FFIBbcZw%2FFYEv7oYI8%2By%2FpNn5SXHP2SKSSgmssMHeusgzD7xFqTrD8Ru%2BgF1Bn9%2FlcDZwRzN2W%2FI5HRoOq5KFRdiJrRxAJmYm7LpD8X5MlFTUmLJo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 823e5313ab7671bf-FRA

GET

/
www.google.nl/
Redirect Chain

https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/pictos-if.woff
https://www.google.nl/

0
0

GET

/
www.google.nl/
Redirect Chain

https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/Sparkasse_web_Md.woff
https://www.google.nl/

0
0

GET
DATA 200
OK truncated
/ 30 KB
30 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67284df54731fccb0b3c039cbeaab3474c057c5bc95accad964b13ef86eb1c8d

Request headers

Referer
Origin: https://g2sh9dc52ej.online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type: font/woff

GET
DATA 200
OK truncated
/ 139 KB
139 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 84798913afc7420e1087ff7c0a0c5b39937ddd430b67bf96561ffbaed9e77b14

Request headers

Referer
Origin: https://g2sh9dc52ej.online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type: font/woff

GET

/
www.google.nl/
Redirect Chain

https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/Sparkasse_web_Rg.ttf
https://www.google.nl/

0
0

GET

/
www.google.nl/
Redirect Chain

https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/Sparkasse_web_Bd.ttf
https://www.google.nl/

0
0

GET

/
www.google.nl/
Redirect Chain

https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/pictos-if.ttf
https://www.google.nl/

0
0

GET

/
www.google.nl/
Redirect Chain

https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/Sparkasse_web_Md.ttf
https://www.google.nl/

0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.google.nl
URL: https://www.google.nl/

Domain: www.google.nl
URL: https://www.google.nl/

Domain: www.google.nl
URL: https://www.google.nl/

Domain: www.google.nl
URL: https://www.google.nl/

Domain: www.google.nl
URL: https://www.google.nl/

Domain: www.google.nl
URL: https://www.google.nl/

Domain: www.google.nl
URL: https://www.google.nl/

Domain: www.google.nl
URL: https://www.google.nl/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sparkasse (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
min.lc/	1969-12-31 23:59:59	Name: PHPSESSID Value: 29f5f2e72855f40b982091dfd805260d
min.lc/	1970-01-20 16:07:00	Name: short_19751 Value: 1
g2sh9dc52ej.online/	1969-12-31 23:59:59	Name: PHPSESSID Value: d09ckrl013h5fc2jvr4qo25gn1

16 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61 Message: Access to font at 'https://www.google.nl/' (redirected from 'https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/Sparkasse_web_Rg.woff') from origin 'https://g2sh9dc52ej.online' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.google.nl/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61 Message: Access to font at 'https://www.google.nl/' (redirected from 'https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/Sparkasse_web_Bd.woff') from origin 'https://g2sh9dc52ej.online' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.google.nl/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61 Message: Access to font at 'https://www.google.nl/' (redirected from 'https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/pictos-if.woff') from origin 'https://g2sh9dc52ej.online' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.google.nl/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61 Message: Access to font at 'https://www.google.nl/' (redirected from 'https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/Sparkasse_web_Md.woff') from origin 'https://g2sh9dc52ej.online' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.google.nl/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61 Message: Access to font at 'https://www.google.nl/' (redirected from 'https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/Sparkasse_web_Rg.ttf') from origin 'https://g2sh9dc52ej.online' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.google.nl/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61 Message: Access to font at 'https://www.google.nl/' (redirected from 'https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/Sparkasse_web_Bd.ttf') from origin 'https://g2sh9dc52ej.online' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.google.nl/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61 Message: Access to font at 'https://www.google.nl/' (redirected from 'https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/pictos-if.ttf') from origin 'https://g2sh9dc52ej.online' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.google.nl/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://g2sh9dc52ej.online/online/sparkasse/controleren/654d49c89ee61 Message: Access to font at 'https://www.google.nl/' (redirected from 'https://g2sh9dc52ej.online/online/sparkasse/controleren/internetfiliale/fonts/Sparkasse_web_Md.ttf') from origin 'https://g2sh9dc52ej.online' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.google.nl/ Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
code.jquery.com
g2sh9dc52ej.online
min.lc
sparkasse.de
www.google.nl
www.sparkasse.de
www.google.nl
185.85.1.81
198.98.53.139
2606:4700:3031::6815:5dbc
2606:4700::6810:5714
2a00:1450:4001:809::2003
2a04:4e42:200::649
0e9eb66a1b33ae648ada3c56eb55fa149c4f1b88316b5a7255ca9b076740f451
2ee73fd1898343f28de6ed91576db74c150e7f91fd9f6767ae1c52a503a4728a
34952db3c79924d1599d2034b7cbcc7e5bbfe71b17f1cb713b2dfa885ebd5c5e
54b3e380ddc56858898ae80bd3b8d20062655ee00132357cffe37ebb54b893d3
5c360522de0b364c514019025081c8aa440b1bcc3de1060e65ffe05962034666
67284df54731fccb0b3c039cbeaab3474c057c5bc95accad964b13ef86eb1c8d
84798913afc7420e1087ff7c0a0c5b39937ddd430b67bf96561ffbaed9e77b14
cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9b9f03e1a75cf22118a30e0503f346e8efb6859276d418e7d1a9a07f73f7002
f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

g2sh9dc52ej.online Open in urlscan Pro 2606:4700:3031::6815:5dbc Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

42 %HTTPS

67 %IPv6

6 Domains

7 Subdomains

6 IPs

2 Countries

1202 kBTransfer

5315 kBSize

3 Cookies

37 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

3 Cookies

16 Console Messages

Indicators

g2sh9dc52ej.online Open in urlscan Pro
2606:4700:3031::6815:5dbc Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

42 %
HTTPS

67 %
IPv6

6
Domains

7
Subdomains

6
IPs

2
Countries

1202 kB
Transfer

5315 kB
Size

3
Cookies

19 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!