poba-aktuell.com - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 3 domains to perform 6 HTTP transactions. The main IP is 2606:4700:3036::6815:365a, located in United States and belongs to CLOUDFLARENET, US. The main domain is poba-aktuell.com.
TLS certificate: Issued by GTS CA 1P5 on June 18th 2023. Valid for: 3 months.

This is the only time poba-aktuell.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Postbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	162.210.102.130 162.210.102.130	32748 (STEADFAST) (STEADFAST)
1 1	2606:4700:303... 2606:4700:3036::ac43:dc5e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 8	2606:4700:303... 2606:4700:3036::6815:365a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:303... 2606:4700:3031::ac43:8951	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	1

1 162.210.102.130 (United States) 1 redirects

ASN32748 (STEADFAST, US)
PTR: simonsturgeon.uk

ssurl.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::ac43:dc5e (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

defaulter.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:3036::6815:365a (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

poba-aktuell.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::ac43:8951 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

poba-aktuell.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	poba-aktuell.com 3 redirects poba-aktuell.com	306 KB
1	defaulter.site 1 redirects defaulter.site	778 B
1	ssurl.be 1 redirects ssurl.be	286 B
6	3

	Domain	Requested by
9	poba-aktuell.com	3 redirects poba-aktuell.com
1	defaulter.site	1 redirects
1	ssurl.be	1 redirects
6	3

This site contains no links.

Subject Issuer	Validity	Valid
poba-aktuell.com GTS CA 1P5	`2023-06-18` - `2023-09-16`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://poba-aktuell.com/index.php
Frame ID: 28C29233FC5AAF2172E12D7D3E0FF10F
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Postbank Banking & Brokerage

Page URL History Show full URLs

https://ssurl.be/pzIWO HTTP 301
https://defaulter.site/SPo3St HTTP 302
https://poba-aktuell.com/bestsign HTTP 301
http://poba-aktuell.com/bestsign/ HTTP 301
https://poba-aktuell.com/bestsign/ HTTP 302
https://poba-aktuell.com/index.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

6
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

3
Subdomains

1
IPs

1
Countries

305 kB
Transfer

335 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ssurl.be/pzIWO HTTP 301
https://defaulter.site/SPo3St HTTP 302
https://poba-aktuell.com/bestsign HTTP 301
http://poba-aktuell.com/bestsign/ HTTP 301
https://poba-aktuell.com/bestsign/ HTTP 302
https://poba-aktuell.com/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request index.php Show response poba-aktuell.com/ Redirect Chain https://ssurl.be/pzIWO https://defaulter.site/SPo3St https://poba-aktuell.com/bestsign http://poba-aktuell.com/bestsign/ https://poba-aktuell.com/bestsign/ https://poba-aktuell.com/index.php	13 KB 2 KB	378ms 378ms	Document text/html	2606:4700:3036::6815:365a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poba-aktuell.com/index.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:365a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `50ed0be13a57bc66dc979d34bd28f42053afc36490327302593bf19fdb28c9af` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 7df73b7bf870698f-FRA content-encoding br content-type text/html; charset=UTF-8 date Fri, 30 Jun 2023 14:52:19 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D4W7uK2Z1m7EzTeWR5moqCNnLOcwOVZ%2FaSUyNOP4RHUwsEv5m0oNxp3FkkaF6OaTqH5JpTCDNEZQpsftGg3QYH2lBUBjkcGPMamEdaDNmM88%2FBYULiVVsMIMxE7F2M6j4zCqacJok0y2uRMwE%2BfL"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 7df73b7bcd4335e1-FRA content-type text/html; charset=UTF-8 date Fri, 30 Jun 2023 14:52:19 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location ../index.php nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pixJh2I2MOZcfBeaKHTkOLC2E4xNV2GGj%2BxpMPFNlBXHBCGTJmxZGV%2B4mVIr7qQFJRGhOY6qHcv%2Fe%2FvopjrgBENGT1qyzktLv%2BXVNj%2BIzallr8O7o1olHQ%2BqamRTZKULJBAaLSwriXyxOWrWjCvF"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H3	200	build.css poba-aktuell.com/frontend/css/	21 KB 5 KB	35ms 35ms	Stylesheet text/css	2606:4700:3036::6815:365a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poba-aktuell.com/frontend/css/build.css Requested by Host: poba-aktuell.com URL: https://poba-aktuell.com/index.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:365a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b3f6be01a37e6bd808914e77e72f4b696216d05fdfc5312bec863f4ea5c9472b` Request headers accept-language de-DE,de;q=0.9 Referer https://poba-aktuell.com/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 30 Jun 2023 14:52:19 GMT content-encoding br cf-cache-status MISS last-modified Tue, 23 May 2023 13:41:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"646cc27e-55d8" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Cxtu%2BV4P%2FyjxT3ZDRWmzRshOdWeZ6M%2F4EkaXe5Aw6r6mszvLR1hKDDqyuFMqQNDbCz5%2FbxQ7Dlg2Mpo8L2AhoDWrqbKJJ%2FG6S61KohHzRs53Wky09%2B%2BQ8M2c3HfwlaKXzIFLXqH2ptAoDeR8gcW"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=315360000 cf-ray 7df73b7e5b2e698f-FRA alt-svc h3=":443"; ma=86400 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	pbbg.94a99b13acbdc92b.jpg poba-aktuell.com/frontend/images/	243 KB 243 KB	54ms 53ms	Image image/jpeg	2606:4700:3036::6815:365a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://poba-aktuell.com/frontend/images/pbbg.94a99b13acbdc92b.jpg Requested by Host: poba-aktuell.com URL: https://poba-aktuell.com/frontend/css/build.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:365a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8c477933a91763dd80d66840a72f9b25bee4250bc4adb2ec15932d5f6a473ecf` Request headers accept-language de-DE,de;q=0.9 Referer https://poba-aktuell.com/frontend/css/build.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 30 Jun 2023 14:52:19 GMT cf-cache-status MISS last-modified Tue, 23 May 2023 11:10:15 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "646c9f17-3cbb5" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NLebdRxw7S97cmL64zVIDsix8r1TsV70yt9pZlMvGBlfqL5QBsetv54rhTXoIxjsdRNlE4divZtPi0P6lkdWANiO3I8qQb5U%2FolPUG1yAucDGv9XCCK6jzEN4RZaxDmIpqUc72FCwdc4p0Qy2Og2"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control max-age=315360000 accept-ranges bytes cf-ray 7df73b7e9b92698f-FRA alt-svc h3=":443"; ma=86400 content-length 248757 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	pb-logo-with-title-no-subline.e1d194a4d3600cb0.svg poba-aktuell.com/frontend/images/	7 KB 3 KB	36ms 36ms	Image image/svg+xml	2606:4700:3036::6815:365a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://poba-aktuell.com/frontend/images/pb-logo-with-title-no-subline.e1d194a4d3600cb0.svg Requested by Host: poba-aktuell.com URL: https://poba-aktuell.com/frontend/css/build.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:365a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `12164efcaf829ad24ff7a8367cdcd40dde1d4c23d437d28d791617a8827d7115` Request headers accept-language de-DE,de;q=0.9 Referer https://poba-aktuell.com/frontend/css/build.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 30 Jun 2023 14:52:19 GMT content-encoding br cf-cache-status MISS last-modified Tue, 23 May 2023 11:10:15 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"646c9f17-1bab" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SsVTL%2FprXvIn6Y2REKgPI00ERaEXwel7L34lOK%2FB0DTbNBXmkw94TQpwDLZgIMy4P0UdLhe3KWT73sBDE6I3lTgQaFyp7xgVgytq%2FiGDOklfAtFI2V4QJPgC4M4mNV6w4eUAX54fYdcTYvKq6Y3Z"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=315360000 cf-ray 7df73b7e9b95698f-FRA alt-svc h3=":443"; ma=86400 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	FrutigerLTW05-65Bold.a18adccbfba3032a.woff2 poba-aktuell.com/frontend/fonts/	25 KB 26 KB	28ms 27ms	Font font/woff2	2606:4700:3036::6815:365a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poba-aktuell.com/frontend/fonts/FrutigerLTW05-65Bold.a18adccbfba3032a.woff2 Requested by Host: poba-aktuell.com URL: https://poba-aktuell.com/frontend/css/build.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:365a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `be4beee7d867a4c4702b8ab281d1d11884a6b7ae9a5e74aac6b141000cb248de` Request headers Referer https://poba-aktuell.com/frontend/css/build.css Origin https://poba-aktuell.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 30 Jun 2023 14:52:19 GMT cf-cache-status MISS last-modified Tue, 23 May 2023 11:10:15 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "646c9f17-6598" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JJCy2eVyTDpIY8lHmAr7D%2FLvgx5u1wa85fAve1%2BuQs7F80HF2vinSHJpieVZyMTx3K6ZMyBuc0zzocyBpNE%2FEA1h6vq5fkFbaIMk9dW28oioXdb9dFx2%2FMIiXwBkOn38fZlK%2FMdpSe7AwWHvVhdv"}],"group":"cf-nel","max_age":604800} content-type font/woff2 cache-control max-age=315360000 accept-ranges bytes cf-ray 7df73b7e9b98698f-FRA alt-svc h3=":443"; ma=86400 content-length 26008 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	FrutigerLTW05-55Roman.cc9768c5af9adc84.woff2 poba-aktuell.com/frontend/fonts/	25 KB 26 KB	43ms 43ms	Font font/woff2	2606:4700:3036::6815:365a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poba-aktuell.com/frontend/fonts/FrutigerLTW05-55Roman.cc9768c5af9adc84.woff2 Requested by Host: poba-aktuell.com URL: https://poba-aktuell.com/frontend/css/build.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:365a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `55cb206a77ff71092c309352fcb5927a389382ae678bab55f85ab13ed6239d31` Request headers Referer https://poba-aktuell.com/frontend/css/build.css Origin https://poba-aktuell.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 30 Jun 2023 14:52:19 GMT cf-cache-status MISS last-modified Tue, 23 May 2023 11:10:15 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "646c9f17-64a4" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BAsvobmSTkCc4DfRV56A6j3L%2BIo%2F3nabTd6ASpPQshH2ymTXSLeAltMyorS7v6t%2B4PqfW9EKO6Sc9eBy3ZCnc%2F04bTww1xXNFuetP59iiajdZdYDH0YeRTZIIvHuFesZSHJJuNXFAEjAY08YsfVr"}],"group":"cf-nel","max_age":604800} content-type font/woff2 cache-control max-age=315360000 accept-ranges bytes cf-ray 7df73b7e9b9b698f-FRA alt-svc h3=":443"; ma=86400 content-length 25764 expires Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Postbank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ssurl.be/	1969-12-31 23:59:59	Name: PHPSESSID Value: g615ghlg8st4ejoq00bsmhqfua
ssurl.be/	1970-01-20 12:55:38	Name: short_pzIWO Value: 1
defaulter.site/	1970-01-20 13:40:15	Name: _subid Value: s3ph8164d
defaulter.site/	1970-01-20 22:31:36	Name: eada9 Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjZcIjoxNjg4MTM2NzM5fSxcImNhbXBhaWduc1wiOntcIjJcIjoxNjg4MTM2NzM5fSxcInRpbWVcIjoxNjg4MTM2NzM5fSJ9.PpaAfXIQf62AAtP1tSlgjSkFICsQAwNLMrVhM9Cg4Bw
poba-aktuell.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 9lv43fsr4km80ccks0427a0n0h

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

defaulter.site
poba-aktuell.com
ssurl.be
162.210.102.130
2606:4700:3031::ac43:8951
2606:4700:3036::6815:365a
2606:4700:3036::ac43:dc5e
12164efcaf829ad24ff7a8367cdcd40dde1d4c23d437d28d791617a8827d7115
50ed0be13a57bc66dc979d34bd28f42053afc36490327302593bf19fdb28c9af
55cb206a77ff71092c309352fcb5927a389382ae678bab55f85ab13ed6239d31
8c477933a91763dd80d66840a72f9b25bee4250bc4adb2ec15932d5f6a473ecf
b3f6be01a37e6bd808914e77e72f4b696216d05fdfc5312bec863f4ea5c9472b
be4beee7d867a4c4702b8ab281d1d11884a6b7ae9a5e74aac6b141000cb248de

poba-aktuell.com Open in urlscan Pro 2606:4700:3036::6815:365a Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

75 %IPv6

3 Domains

3 Subdomains

1 IPs

1 Countries

305 kBTransfer

335 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

5 Cookies

Indicators

poba-aktuell.com Open in urlscan Pro
2606:4700:3036::6815:365a Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

3
Subdomains

1
IPs

1
Countries

305 kB
Transfer

335 kB
Size

5
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!