umstz-spark-2021.xyz Open in urlscan Pro
2606:4700:3034::ac43:dcea Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://umstz-spark-2021.xyz/s/anmeldung.php
Submission: On November 07 via automatic, source phishtank (November 7th 2021, 4:12:06 pm UTC) — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 2606:4700:3034::ac43:dcea, located in United States and belongs to CLOUDFLARENET, US. The main domain is umstz-spark-2021.xyz.

This is the only time umstz-spark-2021.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sparkasse (Banking)

Domain & IP information

	IP Address		AS Autonomous System
11	2606:4700:303... 2606:4700:3034::ac43:dcea		13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	1

11 2606:4700:3034::ac43:dcea (United States)

ASN13335 (CLOUDFLARENET, US)

umstz-spark-2021.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	umstz-spark-2021.xyz umstz-spark-2021.xyz	214 KB
11	1

	Domain	Requested by
11	umstz-spark-2021.xyz	umstz-spark-2021.xyz
11	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://umstz-spark-2021.xyz/s/anmeldung.php
Frame ID: 2FEE1BB2580008DB3E56E80F07D4BFE1
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online-Banking

Page Statistics

11
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

214 kB
Transfer

467 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request anmeldung.php Show response umstz-spark-2021.xyz/s/	12 KB 4 KB	276ms 262ms	Document text/html	2606:4700:3034::ac43:dcea CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://umstz-spark-2021.xyz/s/anmeldung.php Protocol HTTP/1.1 Server 2606:4700:3034::ac43:dcea , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c77ddd2f5c15b3ae29a1e9987c232f57fca42b9e44ee92a3e60fcac1d6cf55b7` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Sun, 07 Nov 2021 16:12:01 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache vary Accept-Encoding CF-Cache-Status DYNAMIC Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BR5%2BvpJzNAZwGXpCqJvnbt6hmJ5AwollM5SfzvYe%2BlEnwHmuzSL0kXAqD1ZLNWkeHDSCjbZaVwC4TE0%2BIjLik2Syt%2FckAjBMGUyS6Ww3YVeQQ15zLcY0jNx55KJ1wqVOYvfP%2BPn8FOIqjtmvMpZ01yhdUw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare CF-RAY 6aa7d73e3b584a97-FRA Content-Encoding gzip alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H/1.1	200 OK	ngPAmjocXiwpUZyqlfQHsMNkDRhYtFVvIKCWrTOBaEGdxSLJzbue.css umstz-spark-2021.xyz/s/src/css/	249 KB 42 KB	17ms 17ms	Stylesheet text/css	2606:4700:3034::ac43:dcea CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://umstz-spark-2021.xyz/s/src/css/ngPAmjocXiwpUZyqlfQHsMNkDRhYtFVvIKCWrTOBaEGdxSLJzbue.css Requested by Host: umstz-spark-2021.xyz URL: http://umstz-spark-2021.xyz/s/anmeldung.php Protocol HTTP/1.1 Server 2606:4700:3034::ac43:dcea , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b8b51ca2d76d70709c6c9aa47b504dc4484cf89b508df064dc9c2b53d6ee75c4` Request headers Accept-Language de-DE,de;q=0.9 Referer http://umstz-spark-2021.xyz/s/anmeldung.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Sun, 07 Nov 2021 16:12:01 GMT content-encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 4040 Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Content-Length 41937 last-modified Sun, 02 May 2021 19:36:21 GMT Server cloudflare etag "3e436-5c15df5b0fed0-gzip" vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dFXcSafgGGa9KRzlnMPBY0HlATxokbhJAikaOX1b0HSb3avnXKjX0L5M5xlN7Y33hC57atywAb7X5BxBCycZY2uGBBt8JDxqYoNWtVvwjQCE9bBGBVDtYvEC2vVtmwuza6LU%2B%2FaEP%2BeJ6uJJ3q%2FTImNNKg%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/css Cache-Control max-age=14400 Accept-Ranges bytes CF-RAY 6aa7d73fff194a97-FRA
GET H/1.1	200 OK	invisible.js Show response umstz-spark-2021.xyz/cdn-cgi/challenge-platform/h/b/scripts/	44 KB 16 KB	119ms 118ms	Script text/javascript	2606:4700:3034::ac43:dcea CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://umstz-spark-2021.xyz/cdn-cgi/challenge-platform/h/b/scripts/invisible.js Requested by Host: umstz-spark-2021.xyz URL: http://umstz-spark-2021.xyz/s/anmeldung.php Protocol HTTP/1.1 Server 2606:4700:3034::ac43:dcea , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e7b299e28024b24ab0224a39f586dd40a39482f35eaefa12a2a06df5b63e19f6` Request headers Accept-Language de-DE,de;q=0.9 Referer http://umstz-spark-2021.xyz/s/anmeldung.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Sun, 07 Nov 2021 16:12:02 GMT Content-Encoding gzip NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TVnCNZVU%2BbnA3uNX0Gj9S9s1C%2Ff4I1kGTlHIaeAddsAWVKl%2FSx5mI6KrlmEpu3VrtdrZK8AwjpExXyxgUJ7RUx0PT0rwIDJEGge1kb%2FIxw175%2B%2FTHvLgYfbZltwWXZgbaNenVsh5NESSxrT%2BomiTx3c%2Fag%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/javascript Cache-Control max-age=604800, public Transfer-Encoding chunked Connection keep-alive x-control-type-options nosniff CF-RAY 6aa7d7400f90691c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H/1.1	200 OK	ZR1pMwPB9Xsl53CW8qSL.png umstz-spark-2021.xyz/s/src/img/	2 KB 3 KB	58ms 57ms	Image image/png	2606:4700:3034::ac43:dcea CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://umstz-spark-2021.xyz/s/src/img/ZR1pMwPB9Xsl53CW8qSL.png Requested by Host: umstz-spark-2021.xyz URL: http://umstz-spark-2021.xyz/s/anmeldung.php Protocol HTTP/1.1 Server 2606:4700:3034::ac43:dcea , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b9e830e96a27b155e68fbf2bd76b10c2e9e054874c9c3c1e97bbaea573259894` Request headers Accept-Language de-DE,de;q=0.9 Referer http://umstz-spark-2021.xyz/s/anmeldung.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Sun, 07 Nov 2021 16:12:01 GMT CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 4040 Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Content-Length 1902 last-modified Sun, 02 May 2021 19:36:21 GMT Server cloudflare etag "76e-5c15df5b106a0" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KkiSZInsEvBeWGw0lOO%2FWE4Y9X%2BEOVGlPF6U3JylAHa7axSh2%2F1HNtv6pEWG3fK0kreqTd5o%2FJ4XQP2KBJXszPAHlrz3PjgHU2kfBgOwUdqRoQLG1H1NURUyBw5TWijbW0zf2hjIoQJSp8pVRKpGnJkC2w%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type image/png Cache-Control max-age=14400 Accept-Ranges bytes CF-RAY 6aa7d7400eea6907-FRA
GET H/1.1	200 OK	WwSGd09MRzJAkDH5sm3axX7OLpBbNV.png umstz-spark-2021.xyz/s/src/img/	3 KB 3 KB	35ms 35ms	Image image/png	2606:4700:3034::ac43:dcea CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://umstz-spark-2021.xyz/s/src/img/WwSGd09MRzJAkDH5sm3axX7OLpBbNV.png Requested by Host: umstz-spark-2021.xyz URL: http://umstz-spark-2021.xyz/s/anmeldung.php Protocol HTTP/1.1 Server 2606:4700:3034::ac43:dcea , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9ef3568cb4cbc5b4a96dba63ccff15a441eac6d17c91fa963d2ac1b4534520d6` Request headers Accept-Language de-DE,de;q=0.9 Referer http://umstz-spark-2021.xyz/s/anmeldung.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Sun, 07 Nov 2021 16:12:01 GMT CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 4040 Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Content-Length 2729 last-modified Sun, 02 May 2021 19:36:21 GMT Server cloudflare etag "aa9-5c15df5b106a0" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FiR1ZECkQmsvo6yfnuaSnuXtdxGGjXTRZmfMhcEn5vsCeamyk8mp7lh0cDCAgr68pce0glezSdgRM8NvDBIsQ%2BechKZGlPK1LhwfUbCzlN9poI6d%2FoJj88dngINZMEP9Lk1KLI11i6MWlq0tzGPLrcE8%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type image/png Cache-Control max-age=14400 Accept-Ranges bytes CF-RAY 6aa7d7400b6b2b1a-FRA
GET H/1.1	200 OK	spk-logo-druck.png umstz-spark-2021.xyz/s/src/img/	10 KB 11 KB	31ms 30ms	Image image/png	2606:4700:3034::ac43:dcea CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://umstz-spark-2021.xyz/s/src/img/spk-logo-druck.png Requested by Host: umstz-spark-2021.xyz URL: http://umstz-spark-2021.xyz/s/anmeldung.php Protocol HTTP/1.1 Server 2606:4700:3034::ac43:dcea , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d16cd665d719c20820702b390ce43791ec4ae374d5233251b04d578264808684` Request headers Accept-Language de-DE,de;q=0.9 Referer http://umstz-spark-2021.xyz/s/anmeldung.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Sun, 07 Nov 2021 16:12:01 GMT CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 4040 Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Content-Length 10048 last-modified Sun, 02 May 2021 19:36:21 GMT Server cloudflare etag "2740-5c15df5b106a0" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kLX1210cEUSzHdpbTDJ9wguVjPmXUQ6AWy6Qgv8%2FRl%2ButrkkkiOiSxfhco7Agy1ckTAJNbbcYE%2B%2FH8xC%2F3WZbb9JH5Rs5ktQh4jz39CVeZN0u8%2FjAllaJ%2FrQiLOIEThC3cZWswyhoAyUxygv3FJLAfSX8Q%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type image/png Cache-Control max-age=14400 Accept-Ranges bytes CF-RAY 6aa7d7400f1f4e38-FRA
GET H/1.1	200 OK	pictos-if.woff umstz-spark-2021.xyz/s/src/fonts/	48 KB 48 KB	19ms 18ms	Font application/font-woff	2606:4700:3034::ac43:dcea CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://umstz-spark-2021.xyz/s/src/fonts/pictos-if.woff Requested by Host: umstz-spark-2021.xyz URL: http://umstz-spark-2021.xyz/s/src/css/ngPAmjocXiwpUZyqlfQHsMNkDRhYtFVvIKCWrTOBaEGdxSLJzbue.css Protocol HTTP/1.1 Server 2606:4700:3034::ac43:dcea , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `56666c32c5c048a791e99fafef70d3791d6d5c6d350771ffbb4e2119df335f03` Request headers Referer http://umstz-spark-2021.xyz/s/src/css/ngPAmjocXiwpUZyqlfQHsMNkDRhYtFVvIKCWrTOBaEGdxSLJzbue.css Origin http://umstz-spark-2021.xyz Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Sun, 07 Nov 2021 16:12:01 GMT Content-Encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 4039 Transfer-Encoding chunked Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Sun, 02 May 2021 19:36:21 GMT Server cloudflare etag W/"be24-5c15df5b0fed0" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=25dNFqz6uxsUV1dQoYtDp2Tz5tPTV99bULjYTgoY7SFcuAVFPK9CK4geTIBN%2F%2BVHFwhO0wPjIMhSWW2hXGKfRWNyzFR%2BG4%2BIQDAdrCFLjxUB7XCipUBBsPGPZMoU7ZrkuCGdpxna0QQmzOmXRhj6Qf2SsA%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type application/font-woff Cache-Control max-age=14400 CF-RAY 6aa7d7403f8a4a97-FRA
GET H/1.1	200 OK	GmtFBuKRSiNbVacYxEjhfTdWlAUkvrQDZqOpPsoeHCMIzyXJwgnL.woff umstz-spark-2021.xyz/s/src/fonts/	39 KB 39 KB	16ms 15ms	Font application/font-woff	2606:4700:3034::ac43:dcea CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://umstz-spark-2021.xyz/s/src/fonts/GmtFBuKRSiNbVacYxEjhfTdWlAUkvrQDZqOpPsoeHCMIzyXJwgnL.woff Requested by Host: umstz-spark-2021.xyz URL: http://umstz-spark-2021.xyz/s/src/css/ngPAmjocXiwpUZyqlfQHsMNkDRhYtFVvIKCWrTOBaEGdxSLJzbue.css Protocol HTTP/1.1 Server 2606:4700:3034::ac43:dcea , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a9ad5dac2a400c1fb324e09df57325568e98772618ff818ca5344b171c834aa2` Request headers Referer http://umstz-spark-2021.xyz/s/src/css/ngPAmjocXiwpUZyqlfQHsMNkDRhYtFVvIKCWrTOBaEGdxSLJzbue.css Origin http://umstz-spark-2021.xyz Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Sun, 07 Nov 2021 16:12:01 GMT Content-Encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 4039 Transfer-Encoding chunked Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Sun, 02 May 2021 19:36:21 GMT Server cloudflare etag W/"9a44-5c15df5b0fed0" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cIjeC0h760I9Im6Nr8fB3bNSP1Duy3apYOQWWHnIjc5D3Rs%2F9eGkfHu3dzhywNYTpSuQA1XGSQmCskvRzCmFAiirwKQXHCSHaKqTQeaPRoFAFmHZ62PTJvxIa5SCOEzzcLyYAg1ZWUAReAaw7l7mohDCgQ%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type application/font-woff Cache-Control max-age=14400 CF-RAY 6aa7d7403f884e38-FRA
GET H/1.1	200 OK	AnMlPaDTHuRzxycBZkjWSbpGsLJghqIYXUFQrmvKNedifEtwCoVO.woff umstz-spark-2021.xyz/s/src/fonts/	39 KB 39 KB	28ms 27ms	Font application/font-woff	2606:4700:3034::ac43:dcea CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://umstz-spark-2021.xyz/s/src/fonts/AnMlPaDTHuRzxycBZkjWSbpGsLJghqIYXUFQrmvKNedifEtwCoVO.woff Requested by Host: umstz-spark-2021.xyz URL: http://umstz-spark-2021.xyz/s/src/css/ngPAmjocXiwpUZyqlfQHsMNkDRhYtFVvIKCWrTOBaEGdxSLJzbue.css Protocol HTTP/1.1 Server 2606:4700:3034::ac43:dcea , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3a096177fdb67dc609921050caec415a389d683674be529f2ba91f6e5514638` Request headers Referer http://umstz-spark-2021.xyz/s/src/css/ngPAmjocXiwpUZyqlfQHsMNkDRhYtFVvIKCWrTOBaEGdxSLJzbue.css Origin http://umstz-spark-2021.xyz Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Sun, 07 Nov 2021 16:12:01 GMT Content-Encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 4039 Transfer-Encoding chunked Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Sun, 02 May 2021 19:36:21 GMT Server cloudflare etag W/"9b38-5c15df5b0fed0" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kgt05fDwCoXkjtXmX3Jx1jOb3%2FgdYP7F9CyQD5TAghzorFlAJiu8ho5VhoIayVOhNvKwx0orfiPgEbHNBzlP%2BgyevdrKSFzqV%2BIIvOX%2FrknQW806lFJgJ4NDeYQ6IAsiIqQ7ORs4MQxlbZcEkivEIizlcA%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type application/font-woff Cache-Control max-age=14400 CF-RAY 6aa7d740399a6973-FRA
GET H/1.1	200 OK	pica.js umstz-spark-2021.xyz/cdn-cgi/challenge-platform/h/b/scripts/	22 KB 8 KB	40ms 40ms	Other text/javascript	2606:4700:3034::ac43:dcea CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://umstz-spark-2021.xyz/cdn-cgi/challenge-platform/h/b/scripts/pica.js Requested by Host: umstz-spark-2021.xyz URL: http://umstz-spark-2021.xyz/s/anmeldung.php Protocol HTTP/1.1 Server 2606:4700:3034::ac43:dcea , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9ce52dbad410e86d3181c74be381df6e1f7f5146a2f95a4d1e5d5a3510001e13` Request headers Accept-Language de-DE,de;q=0.9 Referer http://umstz-spark-2021.xyz/s/anmeldung.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Sun, 07 Nov 2021 16:12:02 GMT Content-Encoding gzip NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cdiewu0TfXSeBOqjavyocN0lQGlozgagzn0zcce21PWkZ%2BDAWIz%2FE8Sn%2Broc4SCMhVLCTaq8eUaxN6jcTxT5VJZYPdNI9uCNNRjidA1Bhm4MUdDusKWeu%2FCnUkd7byMx%2BLw7PCR5FZY4bv8NziLX3jqJtg%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/javascript Cache-Control max-age=604800, public Transfer-Encoding chunked Connection keep-alive x-control-type-options nosniff CF-RAY 6aa7d740c992691c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
POST H/1.1	200 OK	result Show response umstz-spark-2021.xyz/cdn-cgi/challenge-platform/h/b/cv/	2 B 984 B	224ms 224ms	XHR text/plain	2606:4700:3034::ac43:dcea CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://umstz-spark-2021.xyz/cdn-cgi/challenge-platform/h/b/cv/result?req_id=6aa7d73e3b584a97 Requested by Host: umstz-spark-2021.xyz URL: http://umstz-spark-2021.xyz/cdn-cgi/challenge-platform/h/b/scripts/invisible.js Protocol HTTP/1.1 Server 2606:4700:3034::ac43:dcea , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df` Request headers Referer http://umstz-spark-2021.xyz/s/anmeldung.php Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Content-Type application/json Response headers Date Sun, 07 Nov 2021 16:12:02 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AHHhzHPF2ePcMicAa0dQyvhLdQwlTqXxB%2FkvN0L%2FVKhBQXPF4g4KfdMJQskbUW06t3B1gmQq8dApxeBn%2BlnCpVMSAaXg4HfZE7tOkP%2BV85B5zW1Iox%2FFD9BPFtKYgebgss9O1EEYw23wbWs9GH%2Ff5nv0YQ%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/plain;charset=UTF-8 Connection keep-alive CF-RAY 6aa7d743794d691c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Content-Length 2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sparkasse (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			umstz-spark-2021.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: ivgl1qpf02gugj2tvjgcafckgt

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
deprecation	warning	URL: http://umstz-spark-2021.xyz/cdn-cgi/challenge-platform/h/b/scripts/invisible.js Message: 'window.webkitStorageInfo' is deprecated. Please use 'navigator.webkitTemporaryStorage' or 'navigator.webkitPersistentStorage' instead.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

umstz-spark-2021.xyz
2606:4700:3034::ac43:dcea
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
56666c32c5c048a791e99fafef70d3791d6d5c6d350771ffbb4e2119df335f03
9ce52dbad410e86d3181c74be381df6e1f7f5146a2f95a4d1e5d5a3510001e13
9ef3568cb4cbc5b4a96dba63ccff15a441eac6d17c91fa963d2ac1b4534520d6
a9ad5dac2a400c1fb324e09df57325568e98772618ff818ca5344b171c834aa2
b8b51ca2d76d70709c6c9aa47b504dc4484cf89b508df064dc9c2b53d6ee75c4
b9e830e96a27b155e68fbf2bd76b10c2e9e054874c9c3c1e97bbaea573259894
c77ddd2f5c15b3ae29a1e9987c232f57fca42b9e44ee92a3e60fcac1d6cf55b7
d16cd665d719c20820702b390ce43791ec4ae374d5233251b04d578264808684
e3a096177fdb67dc609921050caec415a389d683674be529f2ba91f6e5514638
e7b299e28024b24ab0224a39f586dd40a39482f35eaefa12a2a06df5b63e19f6

umstz-spark-2021.xyz Open in urlscan Pro 2606:4700:3034::ac43:dcea Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

11 Requests

0 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

214 kBTransfer

467 kBSize

1 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

umstz-spark-2021.xyz Open in urlscan Pro
2606:4700:3034::ac43:dcea Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

214 kB
Transfer

467 kB
Size

1
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!