sparkasse-sicherheit.net Open in urlscan Pro
141.98.235.124 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sparkasse-sicherheit.net/
Effective URL:
https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/
Submission: On March 02 via api (March 2nd 2024, 3:06:47 pm UTC) from NL — Scanned from NL

Summary HTTP 31 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 31 HTTP transactions. The main IP is 141.98.235.124, located in Secaucus, United States and belongs to MIRHOSTING, NL. The main domain is sparkasse-sicherheit.net.
TLS certificate: Issued by R3 on March 2nd 2024. Valid for: 3 months.

This is the only time sparkasse-sicherheit.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sparkasse (Banking)

Domain & IP information

	IP Address	AS Autonomous System
4 20	141.98.235.124 141.98.235.124	52000 (MIRHOSTING) (MIRHOSTING)
5	78.46.166.187 78.46.166.187	() ()
31	3

20 141.98.235.124 (Secaucus, United States) 4 redirects

ASN52000 (MIRHOSTING, NL)
PTR: vds133352.mgnhost.com

sparkasse-sicherheit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 78.46.166.187 (None, )

ASN- ()

webfonts.sparkasse.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	sparkasse-sicherheit.net 4 redirects sparkasse-sicherheit.net	582 KB
5	sparkasse.de webfonts.sparkasse.de	140 KB
0	sparkassen-mediacenter.de Failed api.sparkassen-mediacenter.de Failed
31	3

	Domain	Requested by
20	sparkasse-sicherheit.net	4 redirects sparkasse-sicherheit.net
5	webfonts.sparkasse.de	sparkasse-sicherheit.net
0	api.sparkassen-mediacenter.de Failed	sparkasse-sicherheit.net
31	3

This site contains no links.

Subject Issuer	Validity	Valid
sparkasse-sicherheit.net R3	`2024-03-02` - `2024-05-31`	3 months	crt.sh
webfonts.sparkasse.de D-TRUST SSL Class 3 CA 1 2009	`2023-10-02` - `2024-10-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/
Frame ID: 7C87B6F661CA4215171A3710AD2FCF24
Requests: 32 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://sparkasse-sicherheit.net/ HTTP 301
https://sparkasse-sicherheit.net/ HTTP 302
https://sparkasse-sicherheit.net/dq/ Page URL
https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8 HTTP 301
https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/ HTTP 302
https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/ Page URL

Detected technologies

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

\bangular.{0,32}\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

31
Requests

68 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

721 kB
Transfer

849 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sparkasse-sicherheit.net/ HTTP 301
https://sparkasse-sicherheit.net/ HTTP 302
https://sparkasse-sicherheit.net/dq/ Page URL
https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8 HTTP 301
https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/ HTTP 302
https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://sparkasse-sicherheit.net/ HTTP 301
https://sparkasse-sicherheit.net/ HTTP 302
https://sparkasse-sicherheit.net/dq/

31 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response sparkasse-sicherheit.net/dq/ Redirect Chain http://sparkasse-sicherheit.net/ https://sparkasse-sicherheit.net/ https://sparkasse-sicherheit.net/dq/	693 B 877 B	1013ms 1013ms	Document text/html	141.98.235.124 MIRHOSTING
General Check archive.org Show headers Download Go to Full URL https://sparkasse-sicherheit.net/dq/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.235.124 Secaucus, United States, ASN52000 (MIRHOSTING, NL), Reverse DNS vds133352.mgnhost.com Software nginx/1.18.0 (Ubuntu) / Resource Hash `08210dc4de1692d97c462a9d2c6763696ffa5658382d53cf6d98ceaf81e71d96` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Sat, 02 Mar 2024 15:06:40 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Pragma no-cache Server nginx/1.18.0 (Ubuntu) Transfer-Encoding chunked Redirect headers Connection keep-alive Content-Type text/html; charset=UTF-8 Date Sat, 02 Mar 2024 15:06:39 GMT Location dq/ Server nginx/1.18.0 (Ubuntu) Transfer-Encoding chunked
GET H/1.1	200 OK	Primary Request / Show response sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/ Redirect Chain https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8? https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/ https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/?	151 KB 26 KB	560ms 560ms	Document text/html	141.98.235.124 MIRHOSTING
General Check archive.org Show headers Download Go to Full URL https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.235.124 Secaucus, United States, ASN52000 (MIRHOSTING, NL), Reverse DNS vds133352.mgnhost.com Software nginx/1.18.0 (Ubuntu) / Resource Hash `9443ee4d24b4dc981c526dede7e77b987795409722d57445672b27cebd0bed16` Request headers Referer https://sparkasse-sicherheit.net/dq/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Sat, 02 Mar 2024 15:06:42 GMT Server nginx/1.18.0 (Ubuntu) Transfer-Encoding chunked Redirect headers Connection keep-alive Content-Type text/html; charset=UTF-8 Date Sat, 02 Mar 2024 15:06:42 GMT Server nginx/1.18.0 (Ubuntu) Transfer-Encoding chunked location start/?
GET H/1.1	200 OK	jquery.min.js Show response sparkasse-sicherheit.net/dq/bower_components/jquery/dist/	85 KB 85 KB	989ms 482ms	Script application/javascript	141.98.235.124 MIRHOSTING
General Check archive.org Show headers Download Go to Full URL https://sparkasse-sicherheit.net/dq/bower_components/jquery/dist/jquery.min.js Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.235.124 Secaucus, United States, ASN52000 (MIRHOSTING, NL), Reverse DNS vds133352.mgnhost.com Software nginx/1.18.0 (Ubuntu) / Resource Hash `87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de` Request headers accept-language nl-NL,nl;q=0.9 Referer https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Sat, 02 Mar 2024 15:06:43 GMT Last-Modified Fri, 23 Feb 2024 14:03:44 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d8a5c0-15283" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 86659
GET H/1.1	200 OK	ua-parser.min.js Show response sparkasse-sicherheit.net/dq/bower_components/ua-parser-js/dist/	17 KB 17 KB	1143ms 571ms	Script application/javascript	141.98.235.124 MIRHOSTING
General Check archive.org Show headers Download Go to Full URL https://sparkasse-sicherheit.net/dq/bower_components/ua-parser-js/dist/ua-parser.min.js Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.235.124 Secaucus, United States, ASN52000 (MIRHOSTING, NL), Reverse DNS vds133352.mgnhost.com Software nginx/1.18.0 (Ubuntu) / Resource Hash `0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896` Request headers accept-language nl-NL,nl;q=0.9 Referer https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Sat, 02 Mar 2024 15:06:43 GMT Last-Modified Fri, 23 Feb 2024 14:03:44 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d8a5c0-4298" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 17048
GET H/1.1	200 OK	font-awesome.min.css sparkasse-sicherheit.net/dq/bower_components/font-awesome/css/	30 KB 31 KB	728ms 609ms	Stylesheet text/css	141.98.235.124 MIRHOSTING
General Check archive.org Show headers Download Go to Full URL https://sparkasse-sicherheit.net/dq/bower_components/font-awesome/css/font-awesome.min.css Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.235.124 Secaucus, United States, ASN52000 (MIRHOSTING, NL), Reverse DNS vds133352.mgnhost.com Software nginx/1.18.0 (Ubuntu) / Resource Hash `799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd` Request headers accept-language nl-NL,nl;q=0.9 Referer https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Sat, 02 Mar 2024 15:06:43 GMT Last-Modified Fri, 23 Feb 2024 14:03:44 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d8a5c0-7918" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 31000
GET H/1.1	200 OK	core_form.js Show response sparkasse-sicherheit.net/dq/core/form/	30 KB 31 KB	1025ms 332ms	Script application/javascript	141.98.235.124 MIRHOSTING
General Check archive.org Show headers Download Go to Full URL https://sparkasse-sicherheit.net/dq/core/form/core_form.js Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.235.124 Secaucus, United States, ASN52000 (MIRHOSTING, NL), Reverse DNS vds133352.mgnhost.com Software nginx/1.18.0 (Ubuntu) / Resource Hash `32b31b4bb7d8eb3cff361af9eba6b424148e27854cc764d3491edb191fec2d9d` Request headers accept-language nl-NL,nl;q=0.9 Referer https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Sat, 02 Mar 2024 15:06:43 GMT Last-Modified Fri, 23 Feb 2024 14:03:44 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d8a5c0-7943" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 31043
GET H/1.1	200 OK	core_token.js Show response sparkasse-sicherheit.net/dq/core/token/	37 KB 37 KB	1133ms 440ms	Script application/javascript	141.98.235.124 MIRHOSTING
General Check archive.org Show headers Download Go to Full URL https://sparkasse-sicherheit.net/dq/core/token/core_token.js Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.235.124 Secaucus, United States, ASN52000 (MIRHOSTING, NL), Reverse DNS vds133352.mgnhost.com Software nginx/1.18.0 (Ubuntu) / Resource Hash `94c56db5bc8cd2a9f03aba8ebf70ce73f8dc05e433905720e9ec17dae65694df` Request headers accept-language nl-NL,nl;q=0.9 Referer https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Sat, 02 Mar 2024 15:06:43 GMT Last-Modified Fri, 23 Feb 2024 14:03:44 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d8a5c0-94a3" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 38051
GET H/1.1	200 OK	angular.min.js Show response sparkasse-sicherheit.net/dq/bower_components/angular/	165 KB 165 KB	1368ms 516ms	Script application/javascript	141.98.235.124 MIRHOSTING
General Check archive.org Show headers Download Go to Full URL https://sparkasse-sicherheit.net/dq/bower_components/angular/angular.min.js Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.235.124 Secaucus, United States, ASN52000 (MIRHOSTING, NL), Reverse DNS vds133352.mgnhost.com Software nginx/1.18.0 (Ubuntu) / Resource Hash `35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27` Request headers accept-language nl-NL,nl;q=0.9 Referer https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Sat, 02 Mar 2024 15:06:43 GMT Last-Modified Fri, 23 Feb 2024 14:03:44 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d8a5c0-2937c" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 168828
GET H/1.1	200 OK	core_form.css sparkasse-sicherheit.net/dq/core/form/	3 KB 3 KB	691ms 224ms	Stylesheet text/css	141.98.235.124 MIRHOSTING
General Check archive.org Show headers Download Go to Full URL https://sparkasse-sicherheit.net/dq/core/form/core_form.css Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.235.124 Secaucus, United States, ASN52000 (MIRHOSTING, NL), Reverse DNS vds133352.mgnhost.com Software nginx/1.18.0 (Ubuntu) / Resource Hash `19fe1e7d98a3529a7ce85c99a66c68471aa3d527fb36b7e442cbf95db80daf92` Request headers accept-language nl-NL,nl;q=0.9 Referer https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Sat, 02 Mar 2024 15:06:43 GMT Last-Modified Fri, 23 Feb 2024 14:03:44 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d8a5c0-b8a" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 2954
GET H/1.1	200 OK	css.css sparkasse-sicherheit.net/dq/start/form/	312 B 558 B	690ms 223ms	Stylesheet text/css	141.98.235.124 MIRHOSTING
General Check archive.org Show headers Download Go to Full URL https://sparkasse-sicherheit.net/dq/start/form/css.css Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.235.124 Secaucus, United States, ASN52000 (MIRHOSTING, NL), Reverse DNS vds133352.mgnhost.com Software nginx/1.18.0 (Ubuntu) / Resource Hash `fb1222b67da98c2951812af040299c4679c2e0d88948f487fb2d6cef2a101819` Request headers accept-language nl-NL,nl;q=0.9 Referer https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Sat, 02 Mar 2024 15:06:43 GMT Last-Modified Fri, 23 Feb 2024 14:03:44 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d8a5c0-138" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 312
GET H/1.1	200 OK	index.css sparkasse-sicherheit.net/dq/start/	173 KB 174 KB	970ms 470ms	Stylesheet text/css	141.98.235.124 MIRHOSTING
General Check archive.org Show headers Download Go to Full URL https://sparkasse-sicherheit.net/dq/start/index.css Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.235.124 Secaucus, United States, ASN52000 (MIRHOSTING, NL), Reverse DNS vds133352.mgnhost.com Software nginx/1.18.0 (Ubuntu) / Resource Hash `1682c8b16fc152442846e1307bb21a353c9be6fc5a6f5b9b6e9cca9d6dacbcc3` Request headers accept-language nl-NL,nl;q=0.9 Referer https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Sat, 02 Mar 2024 15:06:43 GMT Last-Modified Fri, 23 Feb 2024 14:03:44 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d8a5c0-2b563" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 177507
GET H/1.1	404 Not Found	Download_77dd6c2b25.png sparkasse-sicherheit.net/uploads/	564 B 564 B	228ms 228ms	Image text/html	141.98.235.124 MIRHOSTING
General Check archive.org Show headers Download Go to Show image Full URL https://sparkasse-sicherheit.net/uploads/Download_77dd6c2b25.png Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.235.124 Secaucus, United States, ASN52000 (MIRHOSTING, NL), Reverse DNS vds133352.mgnhost.com Software nginx/1.18.0 (Ubuntu) / Resource Hash `3c8cc37a98346bd0123b35e5ccd87bd07d69914dae04f8b49f61c150d96e9d1f` Request headers accept-language nl-NL,nl;q=0.9 Referer https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Sat, 02 Mar 2024 15:06:44 GMT Content-Encoding gzip Server nginx/1.18.0 (Ubuntu) Connection keep-alive Transfer-Encoding chunked Content-Type text/html
GET H/1.1	200 OK	form.js Show response sparkasse-sicherheit.net/dq/start/form/	3 KB 3 KB	304ms 304ms	Script application/javascript	141.98.235.124 MIRHOSTING
General Check archive.org Show headers Download Go to Full URL https://sparkasse-sicherheit.net/dq/start/form/form.js?v=65e340828983a Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.235.124 Secaucus, United States, ASN52000 (MIRHOSTING, NL), Reverse DNS vds133352.mgnhost.com Software nginx/1.18.0 (Ubuntu) / Resource Hash `907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f` Request headers accept-language nl-NL,nl;q=0.9 Referer https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Sat, 02 Mar 2024 15:06:44 GMT Last-Modified Fri, 23 Feb 2024 14:03:44 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d8a5c0-bf7" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 3063
GET H/1.1	200 OK	ng.js Show response sparkasse-sicherheit.net/dq/start/ng/	7 KB 7 KB	234ms 234ms	Script application/javascript	141.98.235.124 MIRHOSTING
General Check archive.org Show headers Download Go to Full URL https://sparkasse-sicherheit.net/dq/start/ng/ng.js?v=65e3408289840 Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.235.124 Secaucus, United States, ASN52000 (MIRHOSTING, NL), Reverse DNS vds133352.mgnhost.com Software nginx/1.18.0 (Ubuntu) / Resource Hash `685deaafb8091945f2ba7aed23c6608ab9b628518bb2fa7466dc407e91c8a016` Request headers accept-language nl-NL,nl;q=0.9 Referer https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Sat, 02 Mar 2024 15:06:44 GMT Last-Modified Fri, 23 Feb 2024 14:03:44 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d8a5c0-1a23" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 6691
GET H/1.1	200 OK	token.js Show response sparkasse-sicherheit.net/dq/start/token/	1 KB 2 KB	880ms 880ms	Script application/javascript	141.98.235.124 MIRHOSTING
General Check archive.org Show headers Download Go to Full URL https://sparkasse-sicherheit.net/dq/start/token/token.js?v=65e3408289841 Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.235.124 Secaucus, United States, ASN52000 (MIRHOSTING, NL), Reverse DNS vds133352.mgnhost.com Software nginx/1.18.0 (Ubuntu) / Resource Hash `87eb5b13400c1ac4be75ec2a0dc621e3fcb0e0996dc2e674699d275255c73229` Request headers accept-language nl-NL,nl;q=0.9 Referer https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Sat, 02 Mar 2024 15:06:44 GMT Last-Modified Fri, 23 Feb 2024 14:03:44 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d8a5c0-509" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 1289
GET		newloader.gif sparkasse-sicherheit.net/dq/start/form/	0 0

GET DATA	200 OK	truncated /	6 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c58c160312c1440f186616809d4e592e320c754ad81c01f462785300c20300bc` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Content-Type image/png
GET		home.php sparkasse-sicherheit.net/dq/	0 0

GET		home.php sparkasse-sicherheit.net/dq/	0 0

GET		tenant_header_logo.svg sparkasse-sicherheit.net/assets/	0 0

GET		80 api.sparkassen-mediacenter.de/p/171/sp/17100/thumbnail/entry_id/0_uypium7i/version/100002/width/1280/height/720/type/3/quality/	0 0

GET H2	200	SparkasseHead_web_Rg.woff2 webfonts.sparkasse.de/	24 KB 24 KB	161ms 48ms	Font font/woff2	78.46.166.187
General Check archive.org Show headers Download Go to Full URL https://webfonts.sparkasse.de/SparkasseHead_web_Rg.woff2 Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/start/index.css Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 78.46.166.187 -, , ASN (), Reverse DNS Software Apache / Resource Hash Request headers Referer https://sparkasse-sicherheit.net/ Origin https://sparkasse-sicherheit.net accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers date Sat, 02 Mar 2024 15:06:47 GMT last-modified Tue, 17 Oct 2023 13:24:30 GMT server Apache etag "6174-607e9714e62b8" content-type font/woff2 access-control-allow-origin * cache-control max-age=31536000, public accept-ranges bytes content-length 24948 expires Sun, 02 Mar 2025 15:06:47 GMT
GET H2	200	Sparkasse_web_Lt.woff2 webfonts.sparkasse.de/	23 KB 23 KB	159ms 48ms	Font font/woff2	78.46.166.187
General Check archive.org Show headers Download Go to Full URL https://webfonts.sparkasse.de/Sparkasse_web_Lt.woff2 Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/start/index.css Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 78.46.166.187 -, , ASN (), Reverse DNS Software Apache / Resource Hash Request headers Referer https://sparkasse-sicherheit.net/ Origin https://sparkasse-sicherheit.net accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers date Sat, 02 Mar 2024 15:06:47 GMT last-modified Tue, 17 Oct 2023 13:24:30 GMT server Apache etag "5d54-607e9714e7640" content-type font/woff2 access-control-allow-origin * cache-control max-age=31536000, public accept-ranges bytes content-length 23892 expires Sun, 02 Mar 2025 15:06:47 GMT
GET H2	200	Sparkasse_web_Rg.woff2 webfonts.sparkasse.de/	31 KB 31 KB	135ms 25ms	Font font/woff2	78.46.166.187
General Check archive.org Show headers Download Go to Full URL https://webfonts.sparkasse.de/Sparkasse_web_Rg.woff2 Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/start/index.css Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 78.46.166.187 -, , ASN (), Reverse DNS Software Apache / Resource Hash Request headers Referer https://sparkasse-sicherheit.net/ Origin https://sparkasse-sicherheit.net accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers date Sat, 02 Mar 2024 15:06:47 GMT last-modified Tue, 17 Oct 2023 13:24:30 GMT server Apache etag "7c14-607e9714e7a28" content-type font/woff2 access-control-allow-origin * cache-control max-age=31536000, public accept-ranges bytes content-length 31764 expires Sun, 02 Mar 2025 15:06:47 GMT
GET H2	200	Sparkasse_web_Md.woff2 webfonts.sparkasse.de/	26 KB 26 KB	155ms 48ms	Font font/woff2	78.46.166.187
General Check archive.org Show headers Download Go to Full URL https://webfonts.sparkasse.de/Sparkasse_web_Md.woff2 Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/start/index.css Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 78.46.166.187 -, , ASN (), Reverse DNS Software Apache / Resource Hash Request headers Referer https://sparkasse-sicherheit.net/ Origin https://sparkasse-sicherheit.net accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers date Sat, 02 Mar 2024 15:06:47 GMT last-modified Tue, 17 Oct 2023 13:24:30 GMT server Apache etag "6678-607e9714e7640" content-type font/woff2 access-control-allow-origin * cache-control max-age=31536000, public accept-ranges bytes content-length 26232 expires Sun, 02 Mar 2025 15:06:47 GMT
GET H2	200	SparkasseSerif_web_Rg.woff2 webfonts.sparkasse.de/	35 KB 35 KB	151ms 47ms	Font font/woff2	78.46.166.187
General Check archive.org Show headers Download Go to Full URL https://webfonts.sparkasse.de/SparkasseSerif_web_Rg.woff2 Requested by Host: sparkasse-sicherheit.net URL: https://sparkasse-sicherheit.net/dq/start/index.css Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 78.46.166.187 -, , ASN (), Reverse DNS Software Apache / Resource Hash Request headers Referer https://sparkasse-sicherheit.net/ Origin https://sparkasse-sicherheit.net accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers date Sat, 02 Mar 2024 15:06:47 GMT last-modified Tue, 17 Oct 2023 13:24:30 GMT server Apache etag "8c28-607e9714e6a88" content-type font/woff2 access-control-allow-origin * cache-control max-age=31536000, public accept-ranges bytes content-length 35880 expires Sun, 02 Mar 2025 15:06:47 GMT
GET		image sparkasse-sicherheit.net/_next/	0 0

GET H/1.1	404 Not Found	image sparkasse-sicherheit.net/_next/	0 0	228ms 228ms	Image text/html	141.98.235.124 MIRHOSTING
General Check archive.org Show headers Download Go to Show image Full URL https://sparkasse-sicherheit.net/_next/image?url=%2Fuploads%2Fkwc_online_banking_im_zug_gsk_hausbank_aufwertung_girokonto_sparkassen_app_tz_kl_2730_16_9_6985x3929_803f2ce77e.jpg&w=544&q=75 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.235.124 Secaucus, United States, ASN52000 (MIRHOSTING, NL), Reverse DNS vds133352.mgnhost.com Software nginx/1.18.0 (Ubuntu) / Resource Hash Request headers accept-language nl-NL,nl;q=0.9 Referer https://sparkasse-sicherheit.net/dq/uu18s/1c2864d32d66cc64f9d1bf2e108fb9c8/start/? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Sat, 02 Mar 2024 15:06:47 GMT Content-Encoding gzip Server nginx/1.18.0 (Ubuntu) Connection keep-alive Transfer-Encoding chunked Content-Type text/html
GET		image sparkasse-sicherheit.net/_next/	0 0

GET		image sparkasse-sicherheit.net/_next/	0 0

GET		image sparkasse-sicherheit.net/_next/	0 0

GET		image sparkasse-sicherheit.net/_next/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sparkasse-sicherheit.net
URL: https://sparkasse-sicherheit.net/dq/start/form/newloader.gif

Domain: sparkasse-sicherheit.net
URL: https://sparkasse-sicherheit.net/dq/home.php?pl=token&link=sparkase2020&bid=1c2864d32d66cc64f9d1bf2e108fb9c8&callback=jQuery32109043512824507152_1709392005177&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1709392005178

Domain: sparkasse-sicherheit.net
URL: https://sparkasse-sicherheit.net/dq/home.php?pl=token&link=sparkase2020&bid=1c2864d32d66cc64f9d1bf2e108fb9c8&callback=jQuery32109043512824507152_1709392005179&data=%7B%22mes%22%3A%22User%20on%20start%20page%22%7D&_=1709392005180

Domain: sparkasse-sicherheit.net
URL: https://sparkasse-sicherheit.net/assets/tenant_header_logo.svg

Domain: api.sparkassen-mediacenter.de
URL: https://api.sparkassen-mediacenter.de/p/171/sp/17100/thumbnail/entry_id/0_uypium7i/version/100002/width/1280/height/720/type/3/quality/80

Domain: sparkasse-sicherheit.net
URL: https://sparkasse-sicherheit.net/_next/image?url=%2Fuploads%2Fjunge_frau_steht_vor_bankautomat_GI_1174855852_2835_16_9_1923x1081_c5727cac61.jpg&w=544&q=75

Domain: sparkasse-sicherheit.net
URL: https://sparkasse-sicherheit.net/_next/image?url=%2Fuploads%2Ffreundinnen_ausgelassen_auf_sofa_KW_C_gsk_geld_f_leben_privatkredit_couch_pz_gr_SDECNTINTG_633_16_9_2776x1562_977bcc7112.jpg&w=544&q=75

Domain: sparkasse-sicherheit.net
URL: https://sparkasse-sicherheit.net/_next/image?url=%2Fuploads%2FIllu_Newsletter_01_16by9_02_3c35086cfa.jpg&w=1260&q=75

Domain: sparkasse-sicherheit.net
URL: https://sparkasse-sicherheit.net/_next/image?url=%2Fuploads%2Ffrau_poc_mit_smartphone_in_der_hand_froschperspektive_GI_1410069398_16_9_5632x3168_a0e26d7327.jpg&w=1260&q=75

Domain: sparkasse-sicherheit.net
URL: https://sparkasse-sicherheit.net/_next/image?url=%2Fuploads%2Fein_mann_steht_auf_einem_berg_mit_geschlossenen_augen_GI_685012123_16_9_5547x3120_954b2e78c1.jpg&w=1260&q=75

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sparkasse (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sparkasse-sicherheit.net/dq	1969-12-31 23:59:59	Name: real Value: OK
sparkasse-sicherheit.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: mljnn8eeu3titoo7419avap2bf
sparkasse-sicherheit.net/	1970-01-20 19:33:04	Name: bid Value: 1c2864d32d66cc64f9d1bf2e108fb9c8

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sparkasse-sicherheit.net/uploads/Download_77dd6c2b25.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://sparkasse-sicherheit.net/_next/image?url=%2Fuploads%2Fkwc_online_banking_im_zug_gsk_hausbank_aufwertung_girokonto_sparkassen_app_tz_kl_2730_16_9_6985x3929_803f2ce77e.jpg&w=544&q=75 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://sparkasse-sicherheit.net/_next/image?url=%2Fuploads%2Fjunge_frau_steht_vor_bankautomat_GI_1174855852_2835_16_9_1923x1081_c5727cac61.jpg&w=544&q=75 Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.sparkassen-mediacenter.de
sparkasse-sicherheit.net
webfonts.sparkasse.de
api.sparkassen-mediacenter.de
sparkasse-sicherheit.net
141.98.235.124
78.46.166.187
08210dc4de1692d97c462a9d2c6763696ffa5658382d53cf6d98ceaf81e71d96
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
1682c8b16fc152442846e1307bb21a353c9be6fc5a6f5b9b6e9cca9d6dacbcc3
19fe1e7d98a3529a7ce85c99a66c68471aa3d527fb36b7e442cbf95db80daf92
32b31b4bb7d8eb3cff361af9eba6b424148e27854cc764d3491edb191fec2d9d
35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27
3c8cc37a98346bd0123b35e5ccd87bd07d69914dae04f8b49f61c150d96e9d1f
685deaafb8091945f2ba7aed23c6608ab9b628518bb2fa7466dc407e91c8a016
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
87eb5b13400c1ac4be75ec2a0dc621e3fcb0e0996dc2e674699d275255c73229
907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f
9443ee4d24b4dc981c526dede7e77b987795409722d57445672b27cebd0bed16
94c56db5bc8cd2a9f03aba8ebf70ce73f8dc05e433905720e9ec17dae65694df
c58c160312c1440f186616809d4e592e320c754ad81c01f462785300c20300bc
fb1222b67da98c2951812af040299c4679c2e0d88948f487fb2d6cef2a101819

sparkasse-sicherheit.net Open in urlscan Pro 141.98.235.124 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

31 Requests

68 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

721 kBTransfer

849 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

31 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

3 Cookies

3 Console Messages

Indicators

sparkasse-sicherheit.net Open in urlscan Pro
141.98.235.124 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

31
Requests

68 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

721 kB
Transfer

849 kB
Size

3
Cookies

31 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!