db.sicher-starten-de.xyz Open in urlscan Pro
2606:4700:3034::6815:5344 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://db.sicher-starten-de.xyz/start
Effective URL:
https://db.sicher-starten-de.xyz/start
Submission: On July 22 via manual (July 22nd 2024, 12:43:22 pm UTC) from DE — Scanned from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 2606:4700:3034::6815:5344, located in United States and belongs to CLOUDFLARENET, US. The main domain is db.sicher-starten-de.xyz.
TLS certificate: Issued by WE1 on July 2nd 2024. Valid for: 3 months.

This is the only time db.sicher-starten-de.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Deutsche Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
10	2606:4700:303... 2606:4700:3034::6815:5344		13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	1

10 2606:4700:3034::6815:5344 (United States)

ASN13335 (CLOUDFLARENET, US)

db.sicher-starten-de.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	sicher-starten-de.xyz db.sicher-starten-de.xyz	135 KB
10	1

	Domain	Requested by
10	db.sicher-starten-de.xyz	db.sicher-starten-de.xyz
10	1

This site contains no links.

Subject Issuer	Validity	Valid
sicher-starten-de.xyz WE1	`2024-07-02` - `2024-09-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://db.sicher-starten-de.xyz/start
Frame ID: AC1D82D85F62302D89FB926870C6876E
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Onlinebanking und Brokerage der Deutschen Bank

Page URL History Show full URLs

http://db.sicher-starten-de.xyz/start HTTP 307
https://db.sicher-starten-de.xyz/start Page URL

Page Statistics

10
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

135 kB
Transfer

514 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://db.sicher-starten-de.xyz/start HTTP 307
https://db.sicher-starten-de.xyz/start Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request start Show response db.sicher-starten-de.xyz/ Redirect Chain http://db.sicher-starten-de.xyz/start https://db.sicher-starten-de.xyz/start	17 KB 5 KB	230ms 172ms	Document text/html	2606:4700:3034::6815:5344 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://db.sicher-starten-de.xyz/start Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:5344 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f56222b14712b7a155ce3793ff3c5b05cfdd7d57d5a7160d843fc96e2fafae74` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 8a7383f658599f48-FRA content-encoding br content-type text/html; charset=UTF-8 date Mon, 22 Jul 2024 12:43:17 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J4xgBjcWNmVo%2B6I81haQmnTgRmQNEdJj11O39sqBa8akEgxMY4BGjImPGNO3wMql2m81U6AQNv7pPuwtV3LCPixnqgbUaegJwIpLfCLz%2FivDgaZ5rExQDksQJZuXL%2FEeXyOQseHDcFQHm3jgsqado3fGsr90OpQ%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers Location https://db.sicher-starten-de.xyz/start Non-Authoritative-Reason HttpsUpgrades
GET H3	200	styles.css db.sicher-starten-de.xyz/assets/css/	400 KB 56 KB	248ms 247ms	Stylesheet text/css	2606:4700:3034::6815:5344 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://db.sicher-starten-de.xyz/assets/css/styles.css Requested by Host: db.sicher-starten-de.xyz URL: https://db.sicher-starten-de.xyz/start Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:5344 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4c1aacf8abd0859dda56d2fe60300db1cd38631a0d8380c2e8701dcd04c9f0cf` Request headers Referer https://db.sicher-starten-de.xyz/start User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Mon, 22 Jul 2024 12:43:17 GMT content-encoding gzip cf-cache-status EXPIRED last-modified Wed, 03 Jul 2024 01:41:26 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "64067-61c4dedb83949-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V%2FKuyKhhPA1gr8CiJkX1Yk2JhaTKrej2hhssSLvP0HI0odxCthqo0QvSeHE1DCERMRfcPBtedEwg%2FrHElCR%2FUxkj4IhItShWiIFDHrLYnuRiciULLT3OtY%2FWde6YmRjpc0nV%2B6hf67KPellAl0ylznEg4o6XIRc%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 accept-ranges bytes cf-ray 8a7383f79a299f48-FRA alt-svc h3=":443"; ma=86400 content-length 56795
GET H3	200	logo_db.gif db.sicher-starten-de.xyz/assets/images/	2 KB 2 KB	156ms 155ms	Image image/gif	2606:4700:3034::6815:5344 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://db.sicher-starten-de.xyz/assets/images/logo_db.gif Requested by Host: db.sicher-starten-de.xyz URL: https://db.sicher-starten-de.xyz/start Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:5344 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `102d5e9253625aeb5d47ad0350763b534b95a92a240f353e8bd9bb43ef1722c2` Request headers Referer https://db.sicher-starten-de.xyz/start User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Mon, 22 Jul 2024 12:43:17 GMT cf-cache-status REVALIDATED last-modified Wed, 03 Jul 2024 01:41:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "774-61c4dedf82fe4" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oa09Wpd3mHRK1gJ3QM%2Bc%2B7Ne%2FYRTY4j1ZXwrvjn9PB0B5aFdIZdGQO0WGjPhmD79B1vUy7%2Bk27ZoXkU9gxn7AMeHRyL29eFyIbJsTAKOvASJJ7YJE8nv2NhaoptOHJ%2Ff8LiEwIAbnuAj7EMkAaZIpPozQ6Pw%2BEI%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control max-age=14400 accept-ranges bytes cf-ray 8a7383f79a2a9f48-FRA alt-svc h3=":443"; ma=86400 content-length 1908
GET H3	200	print.css db.sicher-starten-de.xyz/assets/css/	12 KB 4 KB	164ms 163ms	Stylesheet text/css	2606:4700:3034::6815:5344 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://db.sicher-starten-de.xyz/assets/css/print.css Requested by Host: db.sicher-starten-de.xyz URL: https://db.sicher-starten-de.xyz/start Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:5344 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9ad8478925b9c5d28672c14ad7b15aa406d0f6dd0f16946652c32248b4f4ba2c` Request headers Referer https://db.sicher-starten-de.xyz/start User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Mon, 22 Jul 2024 12:43:17 GMT content-encoding gzip cf-cache-status EXPIRED last-modified Wed, 03 Jul 2024 01:41:26 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "30f5-61c4dedb460ef-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BNgt0x3iQ1paHKn27p2nhTdTDBw4ys66c8tN9yMvq%2FWpri3HCVxj5XC9XmpIJAH2K7q8X%2Fls%2FEMlrP%2BAG8BsWIHM1ygDN5bwhpSKqJhbVj%2FHG3Y9MpvFiVG8jnf05vZRLQj0Vow19QPmMOY9O2uUQMudAZKiKZU%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 accept-ranges bytes cf-ray 8a7383f7ba649f48-FRA alt-svc h3=":443"; ma=86400 content-length 3290
GET H3	200	bg_headerContainer.svg db.sicher-starten-de.xyz/assets/images/	24 KB 9 KB	21ms 21ms	Image image/svg+xml	2606:4700:3034::6815:5344 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://db.sicher-starten-de.xyz/assets/images/bg_headerContainer.svg Requested by Host: db.sicher-starten-de.xyz URL: https://db.sicher-starten-de.xyz/start Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:5344 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9262dbfa53a29e4577d36a4fc360759764771809c70c47d6ec713f2c889caf74` Request headers Referer https://db.sicher-starten-de.xyz/start User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Mon, 22 Jul 2024 12:43:17 GMT content-encoding br cf-cache-status HIT last-modified Wed, 03 Jul 2024 01:41:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 1127 etag W/"602b-61c4dedece556" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RMUjDF%2Fc9gZI%2BTw%2BnrlEfv7W5iZXynCKyVOKCaLxwbPslgWA%2BAzBfZyDsEe0cAHE0x1pNjyZ3DKxm4hRC68QH0kfVUh92nSxsUs%2FB5kQU1jLMBefPBGxq5SUmVcT3C9WPctmttUrcw%2B5aiUh3OxVYy3u0RT%2FXp8%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 8a7383f94ce99f48-FRA alt-svc h3=":443"; ma=86400
GET H3	404	bg_additionalInfos.png db.sicher-starten-de.xyz/assets/css/	286 B 286 B	163ms 163ms	Image text/html	2606:4700:3034::6815:5344 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://db.sicher-starten-de.xyz/assets/css/bg_additionalInfos.png Requested by Host: db.sicher-starten-de.xyz URL: https://db.sicher-starten-de.xyz/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:5344 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `65edc36e4dedd0d7f426fc5c4dcfef0d9a79b2912b333167efdef898d54521a8` Request headers Referer https://db.sicher-starten-de.xyz/assets/css/styles.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Mon, 22 Jul 2024 12:43:17 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FVrBU0OMjQ8oiKTaootzUX2XvOY1QILetwaJJpPNApVZUsRWrASjCGs3f2d%2BuozfYRxuvq%2BOVr0%2FrrnJ%2BOf2c0fLI0zCNRNAerSpdokQ5WHw3s83zc3opDNv51pijtnUrMO9%2Fvftk52Uf9ioYiOBMKDEkJ4P8x8%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 8a7383f94ceb9f48-FRA alt-svc h3=":443"; ma=86400
GET H3	200	pfbicons.woff db.sicher-starten-de.xyz/assets/fonts/	57 KB 57 KB	158ms 158ms	Font font/woff	2606:4700:3034::6815:5344 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://db.sicher-starten-de.xyz/assets/fonts/pfbicons.woff Requested by Host: db.sicher-starten-de.xyz URL: https://db.sicher-starten-de.xyz/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:5344 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7274c97d9d713e6c4a515d61678edb6a3cb6e61d855276a64f37d41c3e25e354` Request headers Referer https://db.sicher-starten-de.xyz/assets/css/styles.css Origin https://db.sicher-starten-de.xyz User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Mon, 22 Jul 2024 12:43:17 GMT cf-cache-status REVALIDATED last-modified Wed, 03 Jul 2024 01:41:29 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "e2c4-61c4dede1aa67" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kBMSjFG1ohmcX88pHL5kxS62PbpMoCX8Oxq%2FgGZS9DVkq3%2FYiqvqu02xmXn1PlD0Fc4A84urc36ZC6mc4xHasizwdcS%2BKt9ECLRtpR8DH1m%2B7lvQgtzW3qQZCuagEs84Q8MZ%2FIqu6myFI%2FNMoyW%2B6Ydo0MQnaW0%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff cache-control max-age=14400 accept-ranges bytes cf-ray 8a7383f95cf99f48-FRA alt-svc h3=":443"; ma=86400 content-length 58052
GET H3	404	bg_phishingDistractor.png db.sicher-starten-de.xyz/assets/css/	286 B 286 B	154ms 153ms	Image text/html	2606:4700:3034::6815:5344 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://db.sicher-starten-de.xyz/assets/css/bg_phishingDistractor.png Requested by Host: db.sicher-starten-de.xyz URL: https://db.sicher-starten-de.xyz/assets/css/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:5344 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `65edc36e4dedd0d7f426fc5c4dcfef0d9a79b2912b333167efdef898d54521a8` Request headers Referer https://db.sicher-starten-de.xyz/assets/css/styles.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Mon, 22 Jul 2024 12:43:17 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yBeuVUxlYjENlLGmwtPbARcMs6dIQOImajNtfm2dbtmhd5RvQU6YuDIeI7GsM1lBzwqTtaaJEcYHi%2F0UNd%2FcJo5yg%2F%2FKD8amrUG8d43CQvnydplILG%2FBxg3btpXudsLHHdiWmxpYf89XIVrWF1M4b41zP%2BujYQ8%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 8a7383f95cfe9f48-FRA alt-svc h3=":443"; ma=86400
GET H3	200	bt_primary_default.png db.sicher-starten-de.xyz/assets/images/	397 B 883 B	162ms 162ms	Image image/png	2606:4700:3034::6815:5344 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://db.sicher-starten-de.xyz/assets/images/bt_primary_default.png Requested by Host: db.sicher-starten-de.xyz URL: https://db.sicher-starten-de.xyz/start Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:5344 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7c2bceb05d1e6ffbad84c59a08f4943d37a1323fe48573d7ad9afc5121cbc95f` Request headers Referer https://db.sicher-starten-de.xyz/start User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Mon, 22 Jul 2024 12:43:17 GMT cf-cache-status REVALIDATED last-modified Wed, 03 Jul 2024 01:41:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "18d-61c4dedef2772" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uqjhmPPyyUvKKhLPOy5vCG0IZZbREU31%2F2LpRWztrNji1mufS%2BdsJxDOPclBjcYtP77i5m%2FtF64w6R9GZElm8xxXf97Ot4n%2BM%2B37qx%2FWGBlNrFguFwpacWNrUomE7NfxCsPSoRoTC2qCuCdJ%2Bdwe4eolH4OH%2FEM%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 8a7383f95d009f48-FRA alt-svc h3=":443"; ma=86400 content-length 397
GET H3	200	favicon.ico db.sicher-starten-de.xyz/assets/images/	894 B 702 B	164ms 163ms	Other image/vnd.microsoft.icon	2606:4700:3034::6815:5344 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://db.sicher-starten-de.xyz/assets/images/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:5344 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0fe6d3356a172fa529d66f672dd5e7dafc6192999bd88a5006b0b7d90ee006c6` Request headers Referer https://db.sicher-starten-de.xyz/start User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Mon, 22 Jul 2024 12:43:17 GMT content-encoding br cf-cache-status REVALIDATED last-modified Wed, 03 Jul 2024 01:41:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"37e-61c4dedf3ea2b" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xX7gmU45hhqraV6Q%2Bh58TkpNK0CLSpkEEeeKwBp6ZNSGd6MYfbNn69i%2Bc1T0fwn%2BH0fxy2GqnpABaKc43JkwV2AlM6S%2F7BkKdKMz8DWcRhVrfL1YFUSYqtKFMdbIzAKqs14zJ3sFbbIo98N%2FXFI2UbHMNQNpKdI%3D"}],"group":"cf-nel","max_age":604800} content-type image/vnd.microsoft.icon cache-control max-age=14400 cf-ray 8a7383fa6ed99f48-FRA alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Deutsche Bank (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			db.sicher-starten-de.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: kqiak1mq2ps752ebtd9dh21fv3

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://db.sicher-starten-de.xyz/assets/css/bg_phishingDistractor.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://db.sicher-starten-de.xyz/assets/css/bg_additionalInfos.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

db.sicher-starten-de.xyz
2606:4700:3034::6815:5344
0fe6d3356a172fa529d66f672dd5e7dafc6192999bd88a5006b0b7d90ee006c6
102d5e9253625aeb5d47ad0350763b534b95a92a240f353e8bd9bb43ef1722c2
4c1aacf8abd0859dda56d2fe60300db1cd38631a0d8380c2e8701dcd04c9f0cf
65edc36e4dedd0d7f426fc5c4dcfef0d9a79b2912b333167efdef898d54521a8
7274c97d9d713e6c4a515d61678edb6a3cb6e61d855276a64f37d41c3e25e354
7c2bceb05d1e6ffbad84c59a08f4943d37a1323fe48573d7ad9afc5121cbc95f
9262dbfa53a29e4577d36a4fc360759764771809c70c47d6ec713f2c889caf74
9ad8478925b9c5d28672c14ad7b15aa406d0f6dd0f16946652c32248b4f4ba2c
f56222b14712b7a155ce3793ff3c5b05cfdd7d57d5a7160d843fc96e2fafae74

db.sicher-starten-de.xyz Open in urlscan Pro 2606:4700:3034::6815:5344 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

135 kBTransfer

514 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

db.sicher-starten-de.xyz Open in urlscan Pro
2606:4700:3034::6815:5344 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

135 kB
Transfer

514 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!