sparkasse.de.personendaten.to

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 6 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is sparkasse.de.personendaten.to.
TLS certificate: Issued by E1 on August 19th 2022. Valid for: 3 months.

This is the only time sparkasse.de.personendaten.to was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sparkasse (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3030::6815:40b8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2

1 2606:4700:3030::6815:40b8 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

sparkasse.de.kunden.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

sparkasse.de.personendaten.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	personendaten.to sparkasse.de.personendaten.to	435 KB
1	kunden.to 1 redirects sparkasse.de.kunden.to	560 B
6	2

	Domain	Requested by
6	sparkasse.de.personendaten.to	sparkasse.de.personendaten.to
1	sparkasse.de.kunden.to	1 redirects
6	2

This site contains no links.

Subject Issuer	Validity	Valid
www.sparkasse.de.personendaten.to E1	`2022-08-19` - `2022-11-17`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://sparkasse.de.personendaten.to/personendaten
Frame ID: F172616416F223B2E36E7CF9E14948B5
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online-Banking: Login

Page URL History Show full URLs

https://sparkasse.de.kunden.to/ HTTP 302
https://sparkasse.de.personendaten.to/personendaten Page URL

Page Statistics

6
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

435 kB
Transfer

715 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://sparkasse.de.kunden.to/ HTTP 302
https://sparkasse.de.personendaten.to/personendaten Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request personendaten Show response sparkasse.de.personendaten.to/ Redirect Chain https://sparkasse.de.kunden.to/ https://sparkasse.de.personendaten.to/personendaten	370 KB 103 KB	1316ms 1167ms	Document text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sparkasse.de.personendaten.to/personendaten Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d70ba352758fe7660b6079f9ae65e6a93454c58b8b44faeb09a7d36123fcb1cb` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 741d28d93f3e59d7-MXP content-encoding br content-type text/html; charset=UTF-8 date Sun, 28 Aug 2022 12:48:10 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q0unz5utq1D%2FfXl3Tu%2FDqQRtq3x5uS%2FpZ%2B58WMbc8Z%2B8b4HRtsgvYISI%2Bz%2Bw%2BsLMHrU7YWZbu4P%2BgF90Zs3fzPr4Z6kiIOS0VBtDRpPv166oylQEpD7lRrECQkAaXKHxtLvFvfisuTvSKB6Fztotz5KLYqVavkRxTnQbjg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 741d28d289e6ba9d-MXP content-type text/html; charset=UTF-8 date Sun, 28 Aug 2022 12:48:08 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" location https://sparkasse.de.personendaten.to/personendaten nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YjZnnsMirsIo6L%2FKV7QavjyVHAgCHozxRtKvFyEZ6IAlFrXwCwmck8aUyun9MAZWQQbCSXWWyae0msFvaZqyJ9YSoNp%2F%2F%2F4iWc6%2BMMmf8c66nLLS13DLnXkK2b7Gswnmnt6BQ8eIu2uLQHgMW%2F8T8gikrO9n"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	logo.svg sparkasse.de.personendaten.to/include/image/	22 KB 8 KB	1324ms 1324ms	Image image/svg+xml	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sparkasse.de.personendaten.to/include/image/logo.svg Requested by Host: sparkasse.de.personendaten.to URL: https://sparkasse.de.personendaten.to/personendaten Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2ee73fd1898343f28de6ed91576db74c150e7f91fd9f6767ae1c52a503a4728a` Request headers accept-language de-DE,de;q=0.9 Referer https://sparkasse.de.personendaten.to/personendaten User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Sun, 28 Aug 2022 12:48:11 GMT content-encoding br cf-cache-status MISS last-modified Mon, 02 May 2022 08:26:16 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IniaZPkfflwG95Wjby53LMZqcjNG1DeTKdaPZYP1Jq8avXPSIaZBBIL0%2FGZi3lURFzx0fVu3BIVwZ3Wsd87LTwLPmObdXSlXtq56WjonSS9CiQPeBCviRnoc6%2Ff6%2BgZIM0AG9Fg%2BhSLbSXebNTxgyr4HTJ%2BRyh1hd%2FoJ9g%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 741d28e1588159d7-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET DATA	200 OK	truncated /	484 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6d4896a5c60e379a5d0d81ac938a6db06617d856eeb828fa8a36da7c0a817fe0` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	Sparkasse_web_Bd.woff sparkasse.de.personendaten.to/include/css/fonts/	36 KB 36 KB	1310ms 1309ms	Font font/woff	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sparkasse.de.personendaten.to/include/css/fonts/Sparkasse_web_Bd.woff Requested by Host: sparkasse.de.personendaten.to URL: https://sparkasse.de.personendaten.to/personendaten Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e9b9f03e1a75cf22118a30e0503f346e8efb6859276d418e7d1a9a07f73f7002` Request headers Referer https://sparkasse.de.personendaten.to/personendaten Origin https://sparkasse.de.personendaten.to accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Sun, 28 Aug 2022 12:48:11 GMT cf-cache-status MISS last-modified Wed, 27 Apr 2022 08:09:26 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d1q1GwoGp0ui%2F8YJ05XBegtZMWozts5u7GDPF0gRBPmYTl2x0je966eltoiw8%2B4art5N7X2Dy3MhU3m5koJAxOxAgMNjG%2Bo8sDMStPDWMcsWQ1EmdpxZ10dC7ApMeRj1Ik3WjVcbvHaulJ6dnCZm2lUwpD1VtUhtGkWl9g%3D%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 741d28e1689759d7-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 36892
GET H2	200	Sparkasse_web_Rg.woff sparkasse.de.personendaten.to/include/css/fonts/	41 KB 41 KB	1376ms 1375ms	Font font/woff	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sparkasse.de.personendaten.to/include/css/fonts/Sparkasse_web_Rg.woff Requested by Host: sparkasse.de.personendaten.to URL: https://sparkasse.de.personendaten.to/personendaten Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0e9eb66a1b33ae648ada3c56eb55fa149c4f1b88316b5a7255ca9b076740f451` Request headers Referer https://sparkasse.de.personendaten.to/personendaten Origin https://sparkasse.de.personendaten.to accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Sun, 28 Aug 2022 12:48:11 GMT cf-cache-status MISS last-modified Wed, 27 Apr 2022 08:09:04 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=spyABme1OqNYOUjLXbzJl4iVZqrSwostxAcW5OMquCA0t%2BEZbIVLRDmZnsKePDfBhlYBBMcMyqK6q%2BKOYxcxPgn7Wy6Y%2BtoD9LJhsP2Q0ip%2Flme7rdIeV2xljupKflG%2BqLeTIsowK3%2BHZnMkZDW%2BD6PN%2BaMKAkckhsSlDA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 741d28e1689959d7-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 41472
GET H2	200	ec.png sparkasse.de.personendaten.to/include/image/	48 KB 48 KB	1351ms 1350ms	Image image/png	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sparkasse.de.personendaten.to/include/image/ec.png Requested by Host: sparkasse.de.personendaten.to URL: https://sparkasse.de.personendaten.to/personendaten Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8d91412d0bf955844be14a869bb948b2951d9afc3db2117feed8b92249cac8fe` Request headers accept-language de-DE,de;q=0.9 Referer https://sparkasse.de.personendaten.to/personendaten User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Sun, 28 Aug 2022 12:48:11 GMT cf-cache-status MISS last-modified Fri, 29 Apr 2022 07:57:56 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ztr4GcqkTopOShkW1Z2lsAdIuwhDXqNWg6z5TkVmGpwsj5zeXzjxjHI%2BTN%2FMh3QzK5wZm%2BW44nUa%2BVGvDXe2TX9ojXHEraAVJyMboycg9%2BW6QiZe1Eeu9ZsLk7wFxWN1YWkQX64WaTwzd0QAT%2FLN36b3DuBOsRDteyFdww%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 741d28e188da59d7-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 48788
GET H2	200	pictos-if.woff sparkasse.de.personendaten.to/include/css/fonts/	197 KB 198 KB	1337ms 1337ms	Font font/woff	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sparkasse.de.personendaten.to/include/css/fonts/pictos-if.woff Requested by Host: sparkasse.de.personendaten.to URL: https://sparkasse.de.personendaten.to/personendaten Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `385bbee80414712855e9a4250cd4dcbbff192dc79136cf99fa5b62075d3bb0ad` Request headers Referer https://sparkasse.de.personendaten.to/personendaten Origin https://sparkasse.de.personendaten.to accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Sun, 28 Aug 2022 12:48:11 GMT cf-cache-status MISS last-modified Wed, 27 Apr 2022 08:09:10 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nJ%2B4%2FWvibbuTZXdmpiRsMuxiJV3iqSIH838uzSIwHQ3ktKkjzrE3qeW8p%2BlEE6zjLEVHBcK00tvcBXuN%2FQ54KAWoPA%2BuSY8AFKiWp%2FPH78IicX%2Blak%2ButSKR6kk9Gt%2FdlOLG0ZnHA%2BJnGOzkjphzfKPHeCmKrt3VBgA9Nw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 741d28e188dc59d7-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 202184

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sparkasse (Banking)

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

sparkasse.de.kunden.to
sparkasse.de.personendaten.to
2606:4700:3030::6815:40b8
2a06:98c1:3120::3
0e9eb66a1b33ae648ada3c56eb55fa149c4f1b88316b5a7255ca9b076740f451
2ee73fd1898343f28de6ed91576db74c150e7f91fd9f6767ae1c52a503a4728a
385bbee80414712855e9a4250cd4dcbbff192dc79136cf99fa5b62075d3bb0ad
6d4896a5c60e379a5d0d81ac938a6db06617d856eeb828fa8a36da7c0a817fe0
8d91412d0bf955844be14a869bb948b2951d9afc3db2117feed8b92249cac8fe
d70ba352758fe7660b6079f9ae65e6a93454c58b8b44faeb09a7d36123fcb1cb
e9b9f03e1a75cf22118a30e0503f346e8efb6859276d418e7d1a9a07f73f7002

sparkasse.de.personendaten.to Open in urlscan Pro 2a06:98c1:3120::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

6 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

435 kBTransfer

715 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

30 JavaScript Global Variables

0 Cookies

Indicators

sparkasse.de.personendaten.to Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

435 kB
Transfer

715 kB
Size

0
Cookies

6 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!