spk-finanzgruppe-de-home-portalredirect.ru Open in urlscan Pro
141.105.66.248 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://vai.promo/wgbgmx/900a
Effective URL:
https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/
Submission Tags: 6455225
Submission: On March 18 via api (March 18th 2020, 12:31:48 pm UTC) from NL

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 3 domains to perform 20 HTTP transactions. The main IP is 141.105.66.248, located in Russian Federation and belongs to NCONNECT-AS, RU. The main domain is spk-finanzgruppe-de-home-portalredirect.ru.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 18th 2020. Valid for: 3 months.

This is the only time spk-finanzgruppe-de-home-portalredirect.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sparkasse (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	35.198.4.183 35.198.4.183	15169 (GOOGLE) (GOOGLE)
1 1	2606:4700:303... 2606:4700:3032::681b:a17b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 24	141.105.66.248 141.105.66.248	49335 (NCONNECT-AS) (NCONNECT-AS)
20	1

1 35.198.4.183 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 183.4.198.35.bc.googleusercontent.com

vai.promo	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::681b:a17b (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

rewrite-link.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 141.105.66.248 (Russian Federation) 4 redirects

ASN49335 (NCONNECT-AS, RU)

spk-finanzgruppe-de-home-portalredirect.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	spk-finanzgruppe-de-home-portalredirect.ru 4 redirects spk-finanzgruppe-de-home-portalredirect.ru	325 KB
1	rewrite-link.xyz 1 redirects rewrite-link.xyz	781 B
1	vai.promo 1 redirects vai.promo	740 B
20	3

	Domain	Requested by
24	spk-finanzgruppe-de-home-portalredirect.ru	4 redirects spk-finanzgruppe-de-home-portalredirect.ru
1	rewrite-link.xyz	1 redirects
1	vai.promo	1 redirects
20	3

This site contains no links.

Subject Issuer	Validity	Valid
spk-finanzgruppe-de-home-portalredirect.ru Let's Encrypt Authority X3	`2020-03-18` - `2020-06-16`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/
Frame ID: E549BBCDF91504D1C3AB410F1CADED39
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://vai.promo/wgbgmx/900a HTTP 301
https://rewrite-link.xyz/SPFNT1 HTTP 302
https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/ HTTP 302
https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a HTTP 301
http://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/ HTTP 301
https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/ HTTP 302
https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/ Page URL

Detected technologies

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

20
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

324 kB
Transfer

500 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://vai.promo/wgbgmx/900a HTTP 301
https://rewrite-link.xyz/SPFNT1 HTTP 302
https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/ HTTP 302
https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a HTTP 301
http://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/ HTTP 301
https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/ HTTP 302
https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/ Redirect Chain https://vai.promo/wgbgmx/900a https://rewrite-link.xyz/SPFNT1 https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/ https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a? http://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/? https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/? https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/?	17 KB 5 KB	134ms 134ms	Document text/html	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `e7a9ccf45a2938940561fa5fc48cdb05da9fd73815833e2020c1bf7011f56410` Request headers Host spk-finanzgruppe-de-home-portalredirect.ru Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Accept-Encoding gzip, deflate, br Accept-Language en-US Cookie bid=121af13fb589f769976580dca11e0c4a Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Response headers Server nginx/1.10.3 (Ubuntu) Date Wed, 18 Mar 2020 12:31:29 GMT Content-Type text/html; charset=UTF-8 Content-Length 4707 Connection keep-alive Set-Cookie PHPSESSID=8ajfrimvg2cnfjalap13ik7093; path=/ Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Vary Accept-Encoding Content-Encoding gzip Redirect headers Server nginx/1.10.3 (Ubuntu) Date Wed, 18 Mar 2020 12:31:29 GMT Content-Type text/html; charset=UTF-8 Content-Length 0 Connection keep-alive Set-Cookie bid=121af13fb589f769976580dca11e0c4a location login/?
GET H/1.1	200 OK	jquery.min.js Show response spk-finanzgruppe-de-home-portalredirect.ru/service-portal/bower_components/jquery/dist/	85 KB 30 KB	138ms 137ms	Script application/javascript	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/bower_components/jquery/dist/jquery.min.js Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de` Request headers Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Wed, 18 Mar 2020 12:31:30 GMT Content-Encoding gzip Last-Modified Thu, 27 Feb 2020 17:27:42 GMT Server nginx/1.10.3 (Ubuntu) ETag "15283-59f9209cc9f80-gzip" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 30138
GET H/1.1	200 OK	ua-parser.min.js Show response spk-finanzgruppe-de-home-portalredirect.ru/service-portal/bower_components/ua-parser-js/dist/	17 KB 6 KB	287ms 129ms	Script application/javascript	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/bower_components/ua-parser-js/dist/ua-parser.min.js Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896` Request headers Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Wed, 18 Mar 2020 12:31:30 GMT Content-Encoding gzip Last-Modified Thu, 27 Feb 2020 17:27:44 GMT Server nginx/1.10.3 (Ubuntu) ETag "4298-59f9209eb2400-gzip" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 6063
GET H/1.1	200 OK	font-awesome.min.css spk-finanzgruppe-de-home-portalredirect.ru/service-portal/bower_components/font-awesome/css/	30 KB 7 KB	271ms 121ms	Stylesheet text/css	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/bower_components/font-awesome/css/font-awesome.min.css Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd` Request headers Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers Date Wed, 18 Mar 2020 12:31:30 GMT Content-Encoding gzip Last-Modified Thu, 27 Feb 2020 17:27:40 GMT Server nginx/1.10.3 (Ubuntu) ETag "7918-59f9209ae1b00-gzip" Vary Accept-Encoding Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 7053
GET H/1.1	200 OK	css.css spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/form/	557 B 557 B	271ms 121ms	Stylesheet text/css	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/form/css.css Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `117bce8813acf5c9ee88220b82297dcbec9fd00f46178e6a78d0533b9252f276` Request headers Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers Date Wed, 18 Mar 2020 12:31:30 GMT Content-Encoding gzip Last-Modified Tue, 03 Mar 2020 09:16:50 GMT Server nginx/1.10.3 (Ubuntu) ETag "22d-59fefc387a480-gzip" Vary Accept-Encoding Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 254
GET H/1.1	200 OK	style.php spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/	73 KB 11 KB	292ms 134ms	Stylesheet text/css	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/style.php Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `6eae3c8203666affa26fccb155d1ee94c168acd0ea0d2679c5b133b91dd6d1e4` Request headers Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers Pragma no-cache Date Wed, 18 Mar 2020 12:31:30 GMT Content-Encoding gzip Server nginx/1.10.3 (Ubuntu) Vary Accept-Encoding Content-Type text/css;charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Length 10607 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	spk-logo-desktop.png spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/	7 KB 7 KB	282ms 124ms	Image image/png	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Show image Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/spk-logo-desktop.png Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `a4f04574b20972a5b290984c214ff23af7810b73db0a640c75bf11b2a042336b` Request headers Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Wed, 18 Mar 2020 12:31:30 GMT Last-Modified Thu, 27 Feb 2020 17:27:24 GMT Server nginx/1.10.3 (Ubuntu) ETag "1bb5-59f9208b9f700" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 7093
GET H/1.1	200 OK	spk-logo-mobile.png spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/	5 KB 5 KB	124ms 123ms	Image image/png	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Show image Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/spk-logo-mobile.png Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `723733a7bb6f25194a40769ba4b2c4b4840d707bba89f745984fab9442f72141` Request headers Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Wed, 18 Mar 2020 12:31:30 GMT Last-Modified Thu, 27 Feb 2020 17:27:24 GMT Server nginx/1.10.3 (Ubuntu) ETag "146c-59f9208b9f700" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 5228
GET H/1.1	200 OK	spk-logo-druck.png spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/	6 KB 6 KB	119ms 118ms	Image image/png	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Show image Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/spk-logo-druck.png Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `92a47005456ffc3265cfb02b76cfb77edf109347cd59ef3c755aec4ffd4e8e85` Request headers Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Wed, 18 Mar 2020 12:31:30 GMT Last-Modified Thu, 27 Feb 2020 17:27:24 GMT Server nginx/1.10.3 (Ubuntu) ETag "18d5-59f9208b9f700" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 6357
GET H/1.1	404 Not Found	tdg spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/	304 B 304 B	120ms 119ms	Image text/html	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Show image Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/tdg Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `63ebe3e1c44f3e4c024ab970c7fd1d39cd460bccb23ef366b96569719fca64f1` Request headers Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Wed, 18 Mar 2020 12:31:30 GMT Content-Encoding gzip Server nginx/1.10.3 (Ubuntu) Connection keep-alive Transfer-Encoding chunked Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	form.js Show response spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/form/	9 KB 3 KB	125ms 124ms	Script application/javascript	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/form/form.js?v=5e7214a1d5aac Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `47c4c7b3fddbf6b4c854f09c3d434da26826a2affeca30874e1846ce275b3bc0` Request headers Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Wed, 18 Mar 2020 12:31:30 GMT Content-Encoding gzip Last-Modified Thu, 27 Feb 2020 17:27:34 GMT Server nginx/1.10.3 (Ubuntu) ETag "2535-59f9209528d80-gzip" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 2801
GET H/1.1	200 OK	token.js Show response spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/token/	11 KB 2 KB	124ms 123ms	Script application/javascript	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/token/token.js?v=5e7214a1d5b0d Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `0e322d75e7e6d86475f347f96a1f770a17025eec6070a0d8735177af29094d8a` Request headers Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Wed, 18 Mar 2020 12:31:30 GMT Content-Encoding gzip Last-Modified Tue, 03 Mar 2020 10:09:42 GMT Server nginx/1.10.3 (Ubuntu) ETag "2a6a-59ff080988580-gzip" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 1782
GET H/1.1	200 OK	25frrutigerltw02-55roman-webfont.woff spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/fonts/reg/	25 KB 25 KB	128ms 127ms	Font application/font-woff	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/fonts/reg/25frrutigerltw02-55roman-webfont.woff Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `7cc0a4759f5cfe7d8a6f191f79a38b1c8e36c975f160b89f21d31436dff05c4e` Request headers Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/style.php Origin https://spk-finanzgruppe-de-home-portalredirect.ru Sec-Fetch-Dest font User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 18 Mar 2020 12:31:30 GMT Last-Modified Sun, 01 Mar 2020 13:29:08 GMT Server nginx/1.10.3 (Ubuntu) ETag "62e4-59fcb0e247100" Content-Type application/font-woff Connection keep-alive Accept-Ranges bytes Content-Length 25316
GET H/1.1	200 OK	pictos-if.woff spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/	64 KB 64 KB	149ms 129ms	Font application/font-woff	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/pictos-if.woff Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `d6fff4dce0ed66b0ef96ec5165e4b5fa7d2d193df2537040630dd19606b7b664` Request headers Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/style.php Origin https://spk-finanzgruppe-de-home-portalredirect.ru Sec-Fetch-Dest font User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 18 Mar 2020 12:31:30 GMT Last-Modified Thu, 27 Feb 2020 17:27:22 GMT Server nginx/1.10.3 (Ubuntu) ETag "ff6c-59f92089b7280" Content-Type application/font-woff Connection keep-alive Accept-Ranges bytes Content-Length 65388
GET H/1.1	200 OK	25frrutigerltw02-65bold-webfont.woff spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/fonts/bold/	25 KB 26 KB	220ms 124ms	Font application/font-woff	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/fonts/bold/25frrutigerltw02-65bold-webfont.woff Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `353b8f56926b58e1c037ac912432156fff183d03d5f42a1f5d2ec06199e446f4` Request headers Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/style.php Origin https://spk-finanzgruppe-de-home-portalredirect.ru Sec-Fetch-Dest font User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 18 Mar 2020 12:31:30 GMT Last-Modified Sun, 01 Mar 2020 13:29:00 GMT Server nginx/1.10.3 (Ubuntu) ETag "6574-59fcb0daa5f00" Content-Type application/font-woff Connection keep-alive Accept-Ranges bytes Content-Length 25972
GET H/1.1	200 OK	password.ttf spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/	125 KB 125 KB	217ms 122ms	Font application/font-sfnt	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/password.ttf Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `5585d482c2eee6acbeca5fe3d9ffaad32b15c5b26995ee345b0208f557571155` Request headers Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/login/style.php Origin https://spk-finanzgruppe-de-home-portalredirect.ru Sec-Fetch-Dest font User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 18 Mar 2020 12:31:30 GMT Last-Modified Tue, 03 Mar 2020 09:02:34 GMT Server nginx/1.10.3 (Ubuntu) ETag "1f2fc-59fef90821e80" Content-Type application/font-sfnt Connection keep-alive Accept-Ranges bytes Content-Length 127740
GET H/1.1	200 OK	home.php Show response spk-finanzgruppe-de-home-portalredirect.ru/service-portal/	57 B 220 B	271ms 271ms	XHR application/json	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/home.php?link=sparkase.de&bid=121af13fb589f769976580dca11e0c4a&callback=jQuery32108314499089258707_1584534690166&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1584534690167 Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/bower_components/jquery/dist/jquery.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `7505e0d89e67f8891caed25469a1f278c737c54ae4ac767057e47c2574f00734` Request headers Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Sec-Fetch-Dest empty X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 18 Mar 2020 12:31:30 GMT Server nginx/1.10.3 (Ubuntu) Connection keep-alive Content-Length 57 Content-Type application/json
GET H/1.1	200 OK	home.php Show response spk-finanzgruppe-de-home-portalredirect.ru/service-portal/	57 B 220 B	252ms 252ms	XHR application/json	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/home.php?link=sparkase.de&bid=121af13fb589f769976580dca11e0c4a&callback=jQuery32108314499089258707_1584534690168&data=%7B%22mes%22%3A%22User%20on%20Login%20page%22%7D&_=1584534690169 Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/bower_components/jquery/dist/jquery.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `6af3dece52f0bb8f8d6021b5f563763ea72ae7b441bd61b61bb7ce3ceab3b1a1` Request headers Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Sec-Fetch-Dest empty X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 18 Mar 2020 12:31:30 GMT Server nginx/1.10.3 (Ubuntu) Connection keep-alive Content-Length 57 Content-Type application/json
GET H/1.1	200 OK	home.php Show response spk-finanzgruppe-de-home-portalredirect.ru/service-portal/	57 B 220 B	250ms 250ms	XHR application/json	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/home.php?link=sparkase.de&bid=121af13fb589f769976580dca11e0c4a&callback=jQuery32108314499089258707_1584534690166&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1584534690170 Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/bower_components/jquery/dist/jquery.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `7505e0d89e67f8891caed25469a1f278c737c54ae4ac767057e47c2574f00734` Request headers Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Sec-Fetch-Dest empty X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 18 Mar 2020 12:31:35 GMT Server nginx/1.10.3 (Ubuntu) Connection keep-alive Content-Length 57 Content-Type application/json
GET H/1.1	200 OK	home.php Show response spk-finanzgruppe-de-home-portalredirect.ru/service-portal/	57 B 220 B	253ms 252ms	XHR application/json	141.105.66.248 NCONNECT-AS
General Check archive.org Show headers Download Go to Full URL https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/home.php?link=sparkase.de&bid=121af13fb589f769976580dca11e0c4a&callback=jQuery32108314499089258707_1584534690166&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1584534690171 Requested by Host: spk-finanzgruppe-de-home-portalredirect.ru URL: https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/bower_components/jquery/dist/jquery.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 141.105.66.248 , Russian Federation, ASN49335 (NCONNECT-AS, RU), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash `7505e0d89e67f8891caed25469a1f278c737c54ae4ac767057e47c2574f00734` Request headers Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 Referer https://spk-finanzgruppe-de-home-portalredirect.ru/service-portal/121af13fb589f769976580dca11e0c4a/login/? Sec-Fetch-Dest empty X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 18 Mar 2020 12:31:40 GMT Server nginx/1.10.3 (Ubuntu) Connection keep-alive Content-Length 57 Content-Type application/json

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sparkasse (Banking)

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

rewrite-link.xyz
spk-finanzgruppe-de-home-portalredirect.ru
vai.promo
141.105.66.248
2606:4700:3032::681b:a17b
35.198.4.183
0e322d75e7e6d86475f347f96a1f770a17025eec6070a0d8735177af29094d8a
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
117bce8813acf5c9ee88220b82297dcbec9fd00f46178e6a78d0533b9252f276
353b8f56926b58e1c037ac912432156fff183d03d5f42a1f5d2ec06199e446f4
47c4c7b3fddbf6b4c854f09c3d434da26826a2affeca30874e1846ce275b3bc0
5585d482c2eee6acbeca5fe3d9ffaad32b15c5b26995ee345b0208f557571155
63ebe3e1c44f3e4c024ab970c7fd1d39cd460bccb23ef366b96569719fca64f1
6af3dece52f0bb8f8d6021b5f563763ea72ae7b441bd61b61bb7ce3ceab3b1a1
6eae3c8203666affa26fccb155d1ee94c168acd0ea0d2679c5b133b91dd6d1e4
723733a7bb6f25194a40769ba4b2c4b4840d707bba89f745984fab9442f72141
7505e0d89e67f8891caed25469a1f278c737c54ae4ac767057e47c2574f00734
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7cc0a4759f5cfe7d8a6f191f79a38b1c8e36c975f160b89f21d31436dff05c4e
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
92a47005456ffc3265cfb02b76cfb77edf109347cd59ef3c755aec4ffd4e8e85
a4f04574b20972a5b290984c214ff23af7810b73db0a640c75bf11b2a042336b
d6fff4dce0ed66b0ef96ec5165e4b5fa7d2d193df2537040630dd19606b7b664
e7a9ccf45a2938940561fa5fc48cdb05da9fd73815833e2020c1bf7011f56410

spk-finanzgruppe-de-home-portalredirect.ru Open in urlscan Pro 141.105.66.248 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

1 IPs

2 Countries

324 kBTransfer

500 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

28 JavaScript Global Variables

0 Cookies

Indicators

spk-finanzgruppe-de-home-portalredirect.ru Open in urlscan Pro
141.105.66.248 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

324 kB
Transfer

500 kB
Size

0
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!