banking-postbank.kc-parkmaskiner.dk Open in urlscan Pro
45.82.71.25 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://banking-postbank.kc-parkmaskiner.dk/
Effective URL:
https://banking-postbank.kc-parkmaskiner.dk/meine/id.php
Submission: On May 30 via manual (May 30th 2023, 10:29:51 am UTC) from DE — Scanned from DK

Summary HTTP 10 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 45.82.71.25, located in Netherlands and belongs to ON-LINE-DATA Server location - Netherlands, Dronten, NL. The main domain is banking-postbank.kc-parkmaskiner.dk.
TLS certificate: Issued by R3 on May 28th 2023. Valid for: 3 months.

This is the only time banking-postbank.kc-parkmaskiner.dk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Postbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 9	45.82.71.25 45.82.71.25	204601 (ON-LINE-D...) (ON-LINE-DATA Server location - Netherlands)
3	2600:9000:225... 2600:9000:2251:8600:13:46b5:7d80:93a1	16509 (AMAZON-02) (AMAZON-02)
10	2

9 45.82.71.25 (Netherlands) 2 redirects

ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL)
PTR: vm4464688.1nvme.had.wf

banking-postbank.kc-parkmaskiner.dk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2251:8600:13:46b5:7d80:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.deutsche-bank.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	kc-parkmaskiner.dk 2 redirects banking-postbank.kc-parkmaskiner.dk	495 KB
3	deutsche-bank.de www.deutsche-bank.de — Cisco Umbrella Rank: 216860	53 KB
10	2

	Domain	Requested by
9	banking-postbank.kc-parkmaskiner.dk	2 redirects banking-postbank.kc-parkmaskiner.dk
3	www.deutsche-bank.de	client www.deutsche-bank.de
10	2

This site contains links to these domains. Also see Links.

Domain
banking.postbank.de

Subject Issuer	Validity	Valid
kc-parkmaskiner.dk R3	`2023-05-28` - `2023-08-26`	3 months	crt.sh
www.deutsche-bank.de DigiCert EV RSA CA G2	`2022-11-15` - `2023-11-14`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://banking-postbank.kc-parkmaskiner.dk/meine/id.php
Frame ID: 959615FB3CD726520E21F04A24AA49D5
Requests: 9 HTTP requests in this frame

Frame: https://banking-postbank.kc-parkmaskiner.dk/meine/assets/cross-domain-bridge.html
Frame ID: 7CA1C7D5D8585070B7F7D64278623611
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Postbank Banking & Brokeragepb-logo

Page URL History Show full URLs

https://banking-postbank.kc-parkmaskiner.dk/ HTTP 302
https://banking-postbank.kc-parkmaskiner.dk/meine/ HTTP 302
https://banking-postbank.kc-parkmaskiner.dk/meine/id.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

10
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

547 kB
Transfer

1303 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://banking.postbank.de/#/login/reset
Title: Zugangsdaten vergessen?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://banking-postbank.kc-parkmaskiner.dk/ HTTP 302
https://banking-postbank.kc-parkmaskiner.dk/meine/ HTTP 302
https://banking-postbank.kc-parkmaskiner.dk/meine/id.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request id.php Show response
banking-postbank.kc-parkmaskiner.dk/meine/
Redirect Chain

https://banking-postbank.kc-parkmaskiner.dk/
https://banking-postbank.kc-parkmaskiner.dk/meine/
https://banking-postbank.kc-parkmaskiner.dk/meine/id.php

682 KB
160 KB

217ms
217ms

Document
text/html

45.82.71.25
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL: https://banking-postbank.kc-parkmaskiner.dk/meine/id.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.71.25 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),
Reverse DNS: vm4464688.1nvme.had.wf
Software: nginx /
Resource Hash: 25e610d00f6f8b9e9a107d4450efeffd0e15be875458e085766f0a82aca2717b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: da-DK,da;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 30 May 2023 10:29:36 GMT
server: nginx
vary: Accept-Encoding

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html; charset=UTF-8
date: Tue, 30 May 2023 10:29:36 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: ./id.php
pragma: no-cache
server: nginx

GET
H2 200 styles.70d6ae8c7a953b81.css
banking-postbank.kc-parkmaskiner.dk/meine/assets/ 271 KB
41 KB 77ms
66ms Stylesheet
text/css 45.82.71.25
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL: https://banking-postbank.kc-parkmaskiner.dk/meine/assets/styles.70d6ae8c7a953b81.css
Requested by: Host: banking-postbank.kc-parkmaskiner.dk
URL: https://banking-postbank.kc-parkmaskiner.dk/meine/id.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.71.25 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),
Reverse DNS: vm4464688.1nvme.had.wf
Software: nginx /
Resource Hash: 3cb4ec283d959d8da35ce21bb1a2bbd68d407d70f75e7b3b70e9de3c97ad125d

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://banking-postbank.kc-parkmaskiner.dk/meine/id.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 10:29:36 GMT
content-encoding: gzip
last-modified: Sun, 12 Feb 2023 14:26:50 GMT
server: nginx
etag: W/"63e8f72a-43c03"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fonts.css
www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/ 1 KB
884 B 179ms
46ms Stylesheet
text/css 2600:9000:2251:8600:13:46b5:7d80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/fonts.css

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:8600:13:46b5:7d80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

adc96b6efe5919552898681732312c97108a36e5d17d1bd20044c09f31b7e43b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.deutsche-bank.de
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, allow-from https://meine.deutsche-bank.de

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://banking-postbank.kc-parkmaskiner.dk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 10:29:36 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 b4904c5988fd0eaae341a12cc47f3766.cloudfront.net (CloudFront)
content-security-policy: frame-ancestors https://*.deutsche-bank.de
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront
content-length: 226
last-modified: Wed, 24 Feb 2021 08:20:14 GMT
server: Apache
db-nickname: VTJGc2RHVmtYMS82UnRZVm5CZW9ReWthRStqSkFIbnVoVFhaRHIwb2l3bz0=
etag: "42d-5bc10b44d0b80-gzip"
vary: Accept-Encoding,Origin
x-frame-options: SAMEORIGIN, allow-from https://meine.deutsche-bank.de
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: gj9nXIsBmHg3S7auS13VIIxK4BhDgtKnLPoyUiP-aPvB1E9SvVnTtQ==
expires: Wed, 29 May 2024 10:29:36 GMT

GET
H2 404 cross-domain-bridge.html Show response
banking-postbank.kc-parkmaskiner.dk/meine/assets/ Frame 7CA1 3 KB
1 KB 35ms
35ms Document
text/html 45.82.71.25
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL: https://banking-postbank.kc-parkmaskiner.dk/meine/assets/cross-domain-bridge.html
Requested by: Host: banking-postbank.kc-parkmaskiner.dk
URL: https://banking-postbank.kc-parkmaskiner.dk/meine/id.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.71.25 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),
Reverse DNS: vm4464688.1nvme.had.wf
Software: nginx /
Resource Hash: d9cd6dfca94282619431285858508adf7a4552a70c2bb6dc4f30b0c83d9b1615

Request headers

Referer: https://banking-postbank.kc-parkmaskiner.dk/meine/id.php
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: da-DK,da;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 30 May 2023 10:29:36 GMT
etag: W/"6473d68d-b96"
server: nginx
vary: Accept-Encoding

GET
H2 200 teaser-image-pb.jpg
banking-postbank.kc-parkmaskiner.dk/meine/assets/ 44 KB
44 KB 40ms
40ms Image
image/jpeg 45.82.71.25
Netherlands

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banking-postbank.kc-parkmaskiner.dk/meine/assets/teaser-image-pb.jpg
Requested by: Host: banking-postbank.kc-parkmaskiner.dk
URL: https://banking-postbank.kc-parkmaskiner.dk/meine/id.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.71.25 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),
Reverse DNS: vm4464688.1nvme.had.wf
Software: nginx /
Resource Hash: 97fe447ddc107dc8b5f84af5b559f36c71eb2da143a98ef3080014d1f17c994a

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://banking-postbank.kc-parkmaskiner.dk/meine/id.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 10:29:36 GMT
last-modified: Sun, 12 Feb 2023 14:32:32 GMT
server: nginx
etag: "63e8f880-b0ef"
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 45295
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 94a99b13acbdc92b.jpg
banking-postbank.kc-parkmaskiner.dk/meine/assets/ 243 KB
243 KB 41ms
39ms Image
image/jpeg 45.82.71.25
Netherlands

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banking-postbank.kc-parkmaskiner.dk/meine/assets/94a99b13acbdc92b.jpg
Requested by: Host: banking-postbank.kc-parkmaskiner.dk
URL: https://banking-postbank.kc-parkmaskiner.dk/meine/id.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.71.25 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),
Reverse DNS: vm4464688.1nvme.had.wf
Software: nginx /
Resource Hash: 8c477933a91763dd80d66840a72f9b25bee4250bc4adb2ec15932d5f6a473ecf

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://banking-postbank.kc-parkmaskiner.dk/meine/id.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 10:29:36 GMT
last-modified: Sun, 12 Feb 2023 14:32:12 GMT
server: nginx
etag: "63e8f86c-3cbb5"
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 248757
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 pb-logo-with-title-no-subline.e1d194a4d3600cb0.svg
banking-postbank.kc-parkmaskiner.dk/meine/assets/ 7 KB
3 KB 415ms
414ms Image
image/svg+xml 45.82.71.25
Netherlands

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banking-postbank.kc-parkmaskiner.dk/meine/assets/pb-logo-with-title-no-subline.e1d194a4d3600cb0.svg
Requested by: Host: banking-postbank.kc-parkmaskiner.dk
URL: https://banking-postbank.kc-parkmaskiner.dk/meine/id.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.71.25 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),
Reverse DNS: vm4464688.1nvme.had.wf
Software: nginx /
Resource Hash: 12164efcaf829ad24ff7a8367cdcd40dde1d4c23d437d28d791617a8827d7115

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://banking-postbank.kc-parkmaskiner.dk/meine/id.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 10:29:36 GMT
content-encoding: gzip
last-modified: Sun, 12 Feb 2023 14:32:24 GMT
server: nginx
etag: W/"63e8f878-1bab"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 pb-logo-splash.e83ae1f69ca2f23d.svg
banking-postbank.kc-parkmaskiner.dk/meine/assets/ 1 KB
822 B 417ms
417ms Image
image/svg+xml 45.82.71.25
Netherlands

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banking-postbank.kc-parkmaskiner.dk/meine/assets/pb-logo-splash.e83ae1f69ca2f23d.svg
Requested by: Host: banking-postbank.kc-parkmaskiner.dk
URL: https://banking-postbank.kc-parkmaskiner.dk/meine/assets/styles.70d6ae8c7a953b81.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.71.25 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),
Reverse DNS: vm4464688.1nvme.had.wf
Software: nginx /
Resource Hash: 3ab65524380fa9267bbcf2d4df64def918baeeaf4df69a2d58026d2149b68d96

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://banking-postbank.kc-parkmaskiner.dk/meine/assets/styles.70d6ae8c7a953b81.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 10:29:36 GMT
content-encoding: gzip
last-modified: Sun, 12 Feb 2023 14:32:46 GMT
server: nginx
etag: W/"63e8f88e-487"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 FrutigerLTW05-65Bold.woff2
www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/ 25 KB
26 KB 176ms
91ms Font
font/woff2 2600:9000:2251:8600:13:46b5:7d80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/FrutigerLTW05-65Bold.woff2

Requested by

Host: www.deutsche-bank.de
URL: https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/fonts.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:8600:13:46b5:7d80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

be4beee7d867a4c4702b8ab281d1d11884a6b7ae9a5e74aac6b141000cb248de

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.deutsche-bank.de
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, allow-from https://meine.deutsche-bank.de

Request headers

Referer: https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/fonts.css
Origin: https://banking-postbank.kc-parkmaskiner.dk
accept-language: da-DK,da;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 10:29:37 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: frame-ancestors https://*.deutsche-bank.de
via: 1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront
content-length: 26008
last-modified: Wed, 24 Feb 2021 08:20:14 GMT
server: Apache
db-nickname: VTJGc2RHVmtYMS82UnRZVm5CZW9ReWthRStqSkFIbnVoVFhaRHIwb2l3bz0=
etag: "6598-5bc10b44d0b80"
vary: Origin
x-frame-options: SAMEORIGIN, allow-from https://meine.deutsche-bank.de
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: x7EghBTuxZyxxzMmv67bwYEe9wYJ7iAmXBl1DFbfPwpI-0O3Bj5IBQ==
expires: Wed, 29 May 2024 10:29:37 GMT

GET
H2 200 FrutigerLTW05-55Roman.woff2
www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/ 25 KB
26 KB 138ms
53ms Font
font/woff2 2600:9000:2251:8600:13:46b5:7d80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/FrutigerLTW05-55Roman.woff2

Requested by

Host: www.deutsche-bank.de
URL: https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/fonts.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:8600:13:46b5:7d80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

55cb206a77ff71092c309352fcb5927a389382ae678bab55f85ab13ed6239d31

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.deutsche-bank.de
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, allow-from https://meine.deutsche-bank.de

Request headers

Referer: https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/fonts.css
Origin: https://banking-postbank.kc-parkmaskiner.dk
accept-language: da-DK,da;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 10:29:37 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: frame-ancestors https://*.deutsche-bank.de
via: 1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront
content-length: 25764
last-modified: Wed, 24 Feb 2021 08:20:14 GMT
server: Apache
db-nickname: VTJGc2RHVmtYMStyeDc0RUsyYkJqR3h6UmxOL2VuRXdwb2xBMnpTTVpWcz0=
etag: "64a4-5bc10b44d0b80"
vary: Origin
x-frame-options: SAMEORIGIN, allow-from https://meine.deutsche-bank.de
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: hm_fdzdmQ8i4m_o7sw9LRnVzJjI58PMGyubvyPDE0r-0Wtu5DNbkyw==
expires: Wed, 29 May 2024 10:29:37 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Postbank (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			banking-postbank.kc-parkmaskiner.dk/	1969-12-31 23:59:59	Name: PHPSESSID Value: lqcoumatnchleemalc8k54tnc9

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://banking-postbank.kc-parkmaskiner.dk/meine/assets/cross-domain-bridge.html Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

banking-postbank.kc-parkmaskiner.dk
www.deutsche-bank.de
2600:9000:2251:8600:13:46b5:7d80:93a1
45.82.71.25
12164efcaf829ad24ff7a8367cdcd40dde1d4c23d437d28d791617a8827d7115
25e610d00f6f8b9e9a107d4450efeffd0e15be875458e085766f0a82aca2717b
3ab65524380fa9267bbcf2d4df64def918baeeaf4df69a2d58026d2149b68d96
3cb4ec283d959d8da35ce21bb1a2bbd68d407d70f75e7b3b70e9de3c97ad125d
55cb206a77ff71092c309352fcb5927a389382ae678bab55f85ab13ed6239d31
8c477933a91763dd80d66840a72f9b25bee4250bc4adb2ec15932d5f6a473ecf
97fe447ddc107dc8b5f84af5b559f36c71eb2da143a98ef3080014d1f17c994a
adc96b6efe5919552898681732312c97108a36e5d17d1bd20044c09f31b7e43b
be4beee7d867a4c4702b8ab281d1d11884a6b7ae9a5e74aac6b141000cb248de
d9cd6dfca94282619431285858508adf7a4552a70c2bb6dc4f30b0c83d9b1615

banking-postbank.kc-parkmaskiner.dk Open in urlscan Pro 45.82.71.25 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

547 kBTransfer

1303 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

banking-postbank.kc-parkmaskiner.dk Open in urlscan Pro
45.82.71.25 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

547 kB
Transfer

1303 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!