sxb1plvwcpnl495429.prod.sxb1.secureserver.net
Open in
urlscan Pro
92.205.133.155
Malicious Activity!
Public Scan
Submitted URL: https://sxb1plvwcpnl495429.prod.sxb1.secureserver.net/~meinkunde/app/web/
Effective URL: https://sxb1plvwcpnl495429.prod.sxb1.secureserver.net/~meinkunde/app/web/x9n1d7ftmb/anmeldung.php?de=375669079982345330631541423253
Submission Tags: 7850858
Submission: On October 17 via api from GB — Scanned from DE
Effective URL: https://sxb1plvwcpnl495429.prod.sxb1.secureserver.net/~meinkunde/app/web/x9n1d7ftmb/anmeldung.php?de=375669079982345330631541423253
Submission Tags: 7850858
Submission: On October 17 via api from GB — Scanned from DE
Summary
This website contacted 4 IPs
in 3 countries
across 3 domains to perform 8 HTTP transactions.
The main IP is 92.205.133.155, located in
Strasbourg, France and
belongs to GODADDY-SXB, DE.
The main domain is sxb1plvwcpnl495429.prod.sxb1.secureserver.net.
TLS certificate: Issued by Starfield Secure Certificate Authorit... on August 2nd 2022. Valid for: a year.
This is the only time sxb1plvwcpnl495429.prod.sxb1.secureserver.net was scanned on urlscan.io!
TLS certificate: Issued by Starfield Secure Certificate Authorit... on August 2nd 2022. Valid for: a year.
This is the only time sxb1plvwcpnl495429.prod.sxb1.secureserver.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DKB (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 6 | 92.205.133.155 92.205.133.155 | 21499 (GODADDY-SXB) (GODADDY-SXB) | |
| 2 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1b | 20446 (STACKPATH...) (STACKPATH-CDN) | |
| 1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 8 | 4 |
6
92.205.133.155
(Strasbourg, France)
ASN21499 (GODADDY-SXB, DE)
ASN21499 (GODADDY-SXB, DE)
| sxb1plvwcpnl495429.prod.sxb1.secureserver.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 6 |
secureserver.net
1 redirects
sxb1plvwcpnl495429.prod.sxb1.secureserver.net |
277 KB |
| 2 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 677 |
140 KB |
| 1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 216 |
8 KB |
| 8 | 3 |
| Domain | Requested by | |
|---|---|---|
| 6 | sxb1plvwcpnl495429.prod.sxb1.secureserver.net |
1 redirects
sxb1plvwcpnl495429.prod.sxb1.secureserver.net
|
| 2 | code.jquery.com |
sxb1plvwcpnl495429.prod.sxb1.secureserver.net
|
| 1 | cdnjs.cloudflare.com |
sxb1plvwcpnl495429.prod.sxb1.secureserver.net
|
| 8 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.prod.sxb1.secureserver.net Starfield Secure Certificate Authority - G2 |
2022-08-02 - 2023-09-03 |
a year | crt.sh |
| *.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sxb1plvwcpnl495429.prod.sxb1.secureserver.net/~meinkunde/app/web/x9n1d7ftmb/anmeldung.php?de=375669079982345330631541423253
Frame ID: 2ABE5A266A1FDB90BAED098BE1897600
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
DKB - Deutsche Kreditbank AG - Internet BankingPage URL History Show full URLs
-
https://sxb1plvwcpnl495429.prod.sxb1.secureserver.net/~meinkunde/app/web/
HTTP 302
https://sxb1plvwcpnl495429.prod.sxb1.secureserver.net/~meinkunde/app/web/x9n1d7ftmb/anmeldung.php?de=375669079982345330631541423253 Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- ([\d.]+)/jquery-ui(?:\.min)?\.js
- jquery-ui.*\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://sxb1plvwcpnl495429.prod.sxb1.secureserver.net/~meinkunde/app/web/
HTTP 302
https://sxb1plvwcpnl495429.prod.sxb1.secureserver.net/~meinkunde/app/web/x9n1d7ftmb/anmeldung.php?de=375669079982345330631541423253 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
anmeldung.php
sxb1plvwcpnl495429.prod.sxb1.secureserver.net/~meinkunde/app/web/x9n1d7ftmb/ Redirect Chain
|
51 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dkb-global.css
sxb1plvwcpnl495429.prod.sxb1.secureserver.net/~meinkunde/app/assets/ |
237 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-3.4.1.min.js
code.jquery.com/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-ui.js
code.jquery.com/ui/1.11.1/ |
454 KB 110 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dkb_responsive.min.css
sxb1plvwcpnl495429.prod.sxb1.secureserver.net/~meinkunde/app/assets/ |
601 KB 96 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
354f646801f0224553b645c3a4dbc80a.jpg
sxb1plvwcpnl495429.prod.sxb1.secureserver.net/~meinkunde/app/assets/ |
100 KB 101 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.js
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.2.0/js/ |
31 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dkb-global-print.css
sxb1plvwcpnl495429.prod.sxb1.secureserver.net/~meinkunde/app/assets/ |
221 KB 33 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
475 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
208 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
948 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
846 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
686 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
944 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
856 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
669 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
864 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
911 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DKB (Banking)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| validatetan0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
code.jquery.com
sxb1plvwcpnl495429.prod.sxb1.secureserver.net
2001:4de0:ac18::1:a:1b
2606:4700::6811:180e
92.205.133.155
06f7edf3277d44924c26cdb4f3a9a5bdff10471b49b886a34a1544fa37a2a40d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0b969bfdbb0496aa56664660247d76c9696b29a6e79a126c38acb9983e058ee9
0fe9650923b3c4d5d1b829c47a2a4eb9b6931a06132036a02c570e355f53ec87
241495adaaa0aec4023c0996e3285b8b84c6425915330edb8cbc19189df8cd50
24483b4771b2128af4110c159a9dcb59d15557460f8ecbf0bd0805f0fad5816e
24cc29533598f962823c4229bc280487646a27a42a95257c31de1b9b18f3710f
3192ba93cb31f7fecf507ab899b4279ced7d91716f9fd5e3b200410375a6cbf0
42daabd3d4f9f2e08f67e987d9a1f1319ec7156865af2dbabdc0ab4ba7be9f75
44916913841d34baa376b3b72911ed27f16629909ed5c4f1a59be98af036e8af
5aa97ee206d9655910ece7996d461dc1cdf1550a4487a53d04815c5570bb78ae
6095c4b2fc25c6534e68ddcbcd1fb58f2634036f75262042c215c74a9285bc79
72e1af139f74424d56589a3d06474355afb141c3bd72a38d141c19f851bbc2ca
8938d65a397b1a1bbc86d79cc00a997f258e7b4826b942a83fb7345bf7c6048b
9ce512a71046d92faedf023caec1de8edf5438d159fcafdd64b147006b2bd50e
a30c546ea7a8f0861fbe49a030bc0fcc707c7de128c265881d4010906d1e5fcb
aaaab8bd6ca3c54bdce3326acf1e6ad3de078008ed8e45984f9f9cac1e7c68b8
d75a13cddae198bbb040efae849b4daa89b3059e03d928714b074c37a4a8ecf7
fe73e87e02eadba5240358a4eeebeb334e6d8e7eaa9d024f41644241f3adaadd
ff6b70d8459332e298276d8616be97e6f3c5d64925e666fbe67a667cce0950f5