vr-vorgang.info Open in urlscan Pro
2606:4700:3035::ac43:c095 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://vr-vorgang.info/
Effective URL:
https://vr-vorgang.info/volksbank/bankleitzahl/login
Submission: On January 18 via api (January 18th 2024, 8:37:34 am UTC) from US — Scanned from US

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 21 HTTP transactions. The main IP is 2606:4700:3035::ac43:c095, located in United States and belongs to CLOUDFLARENET, US. The main domain is vr-vorgang.info.
TLS certificate: Issued by E1 on January 14th 2024. Valid for: 3 months.

This is the only time vr-vorgang.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Volksbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 21	2606:4700:303... 2606:4700:3035::ac43:c095	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	47.88.48.79 47.88.48.79	45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.)
1	195.200.53.159 195.200.53.159	15590 (ATRUVIA) (ATRUVIA)
21	4

21 2606:4700:3035::ac43:c095 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

vr-vorgang.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 47.88.48.79 (United States) 1 redirects

ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)

ip9uk39kv26rml8wjjruzg-on.drv.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ip9uk39kv26rml8wjjruzg.on.drv.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.200.53.159 (Karlsruhe, Germany)

ASN15590 (ATRUVIA, DE)

www.vr.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	vr-vorgang.info 2 redirects vr-vorgang.info	314 KB
2	drv.tw 1 redirects ip9uk39kv26rml8wjjruzg-on.drv.tw ip9uk39kv26rml8wjjruzg.on.drv.tw	2 KB
1	vr.de www.vr.de
21	3

	Domain	Requested by
21	vr-vorgang.info	2 redirects vr-vorgang.info
1	www.vr.de	vr-vorgang.info
1	ip9uk39kv26rml8wjjruzg.on.drv.tw	vr-vorgang.info
1	ip9uk39kv26rml8wjjruzg-on.drv.tw	1 redirects
21	4

This site contains no links.

Subject Issuer	Validity	Valid
vr-vorgang.info E1	`2024-01-14` - `2024-04-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://vr-vorgang.info/volksbank/bankleitzahl/login
Frame ID: BBC0BAB4E33E501F8D1CA38E2E2B2066
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bank - Volksbank eG

Page URL History Show full URLs

https://vr-vorgang.info/ HTTP 301
https://vr-vorgang.info/volksbank/login Page URL
https://vr-vorgang.info/volksbank/bankleitzahl/login Page URL

Page Statistics

21
Requests

90 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

372 kB
Transfer

672 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://vr-vorgang.info/ HTTP 301
https://vr-vorgang.info/volksbank/login Page URL
https://vr-vorgang.info/volksbank/bankleitzahl/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://vr-vorgang.info/ HTTP 301
https://vr-vorgang.info/volksbank/login

Request Chain 13

https://ip9uk39kv26rml8wjjruzg-on.drv.tw/jsbot.js HTTP 301
https://ip9uk39kv26rml8wjjruzg.on.drv.tw/jsbot.js

Request Chain 14

https://vr-vorgang.info/volksbank/bankleitzahl/js/ing/bandoo.js HTTP 302
https://www.vr.de/

21 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	login vr-vorgang.info/volksbank/ Redirect Chain https://vr-vorgang.info/ https://vr-vorgang.info/volksbank/login	733 B 752 B	621ms 620ms	Document text/html	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vr-vorgang.info/volksbank/login Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 847583f3dca94976-MIA content-encoding br content-type text/html; charset=UTF-8 date Thu, 18 Jan 2024 08:37:21 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XY9xDrpAsFzx61HsRMgVkShaNVVsWd0BCm5%2BrdYSrnN6qRwYpejsEwPMV2iMt4LDeVh%2Bstm1IZM3%2BwxAvhzvA3RokNxp6e4oZyxlPptMhGzlgVYHQckZOJL%2FQQqNiodreOsMjU3RcVrZXKx7cqA%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers cache-control max-age=3600 cf-ray 847583f39c6e4976-MIA date Thu, 18 Jan 2024 08:37:20 GMT expires Thu, 18 Jan 2024 09:37:20 GMT location https://vr-vorgang.info/volksbank/login nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Vtihhj41GQl4FiY1w6lHWrss76vmBkbwF%2BlxWe%2FSXryoF7Vm7J2dMCq8OOCQqeEDukD%2FgL%2B8e88KDDkM0s4yscfzhBOIIBMuhV9O%2Fz9JBdZx1TDPoJuoJ8n9Ar5MPiSO7MjbZj9YW0udJcr9vg%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	Primary Request login Show response vr-vorgang.info/volksbank/bankleitzahl/	17 KB 3 KB	323ms 322ms	Document text/html	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8d63f2e163f01b2658a4e3527dccc3484e4dcac83ffdb0435ceaf9bc25d78ec5` Request headers Referer https://vr-vorgang.info/volksbank/login Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 847583f7e9b24976-MIA content-encoding br content-type text/html; charset=UTF-8 date Thu, 18 Jan 2024 08:37:21 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GrXeb1kFv3PhaOx8FkhATAI4EfywpUZL7KpnhcbpExfLNqklTkToe281k1QfO4DJzWZH8%2BFCf%2F8qxjNoQBTMrR4vJA3%2FrLyf5mrw%2FamNDUM56lQ1ezXSCwngOtYP8khfljkCrQKl2Vn4%2FbNgls0%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H3	200	volksbank.css vr-vorgang.info/css/	528 KB 254 KB	709ms 708ms	Stylesheet text/css	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vr-vorgang.info/css/volksbank.css Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `360af9c3974faec9d8d78b383116b453b2b652abe3178f6f61839f047036f9c8` Request headers accept-language en-US,en;q=0.9 Referer https://vr-vorgang.info/volksbank/bankleitzahl/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Thu, 18 Jan 2024 08:37:22 GMT content-encoding br cf-cache-status MISS last-modified Sat, 13 Jan 2024 23:36:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"8400c-60edc406817e8-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EgB3uxM2XC42ZcOb59k2NPNgH0MzBZb8MjjvfcGKFW69bg%2BoC3LgPMPVmw2wFXE2jaHXez2urPRbBL6r1N4ErLeBHGaTfbTygGqVIKcBFcmDDtS6veduvfry9E1zemxfSpWUIjiH%2FjBDSvhjNbw%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 847583fa089b2887-MIA alt-svc h3=":443"; ma=86400
GET H3	200	logo-vr.svg vr-vorgang.info/img/	11 KB 4 KB	316ms 316ms	Image image/svg+xml	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vr-vorgang.info/img/logo-vr.svg Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a98221c9155dc607127fe88bbcbc7d88296b084a56661ff27f627e7913dc5c8f` Request headers accept-language en-US,en;q=0.9 Referer https://vr-vorgang.info/volksbank/bankleitzahl/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Thu, 18 Jan 2024 08:37:21 GMT content-encoding br cf-cache-status MISS last-modified Sat, 13 Jan 2024 23:36:38 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"2cc5-60edc4085d2c7" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n8VjBPgn%2F3s4AilXJyP%2FBi7zABzcqfctkPT4zsKV1qa1jUYj5PETJVNFsPS88Cpl79GkurLDcypcH47mk6wA8YIfPUggS1iX54oQTD0sJZslbyBVHsRZAFi9BDcz5hraqu6KMq1iVGn%2FUj%2FZd8k%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 847583fa089d2887-MIA alt-svc h3=":443"; ma=86400
GET H3	200	1.png vr-vorgang.info/img/	1 KB 2 KB	311ms 310ms	Image image/png	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vr-vorgang.info/img/1.png Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `08c6216305671f1f3f66067057da56b578d879b7c1c77e409b340e9f873c9a86` Request headers accept-language en-US,en;q=0.9 Referer https://vr-vorgang.info/volksbank/bankleitzahl/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Thu, 18 Jan 2024 08:37:21 GMT cf-cache-status MISS last-modified Sat, 13 Jan 2024 23:36:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "409-60edc40706554" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4cFJfh%2B9gBNbAJwlUExhWxrsei6beQcYb5SqgG2njYaX5Rmu97mgIH7gjKYVtvCq7tNr2e2g%2F%2FcYqpzKHP%2FgKb%2BQNzIIZzkPeKcw%2FEkRUgaFXrZ8fp2yp8qjqEmXseIrqZj35OfMJCTGFbIERsg%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 847583fa089e2887-MIA alt-svc h3=":443"; ma=86400 content-length 1033
GET H3	200	2.png vr-vorgang.info/img/	6 KB 6 KB	308ms 306ms	Image image/png	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vr-vorgang.info/img/2.png Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `93a42951ec0bae1d49c6c94e2bcac1a728591b5aee96a698aeb95c569aa4ce47` Request headers accept-language en-US,en;q=0.9 Referer https://vr-vorgang.info/volksbank/bankleitzahl/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Thu, 18 Jan 2024 08:37:21 GMT cf-cache-status MISS last-modified Sat, 13 Jan 2024 23:36:37 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "17fe-60edc40728850" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fxKuzMffudpbcd3RGERs%2B09Eae6YPtaoIb%2B8SIpSDOKuX%2BFwWCHfKFmbJI0ACbo1FgB%2F0YH0DzDiSP%2BLt6iDVyhm3OqXGA6p4Vxd6q7kobtM1ryP1QffTFlaXXoWLDuLA4TMdsd0PMASYUTuLTg%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 847583fa28c92887-MIA alt-svc h3=":443"; ma=86400 content-length 6142
GET H3	200	3.png vr-vorgang.info/img/	5 KB 5 KB	307ms 304ms	Image image/png	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vr-vorgang.info/img/3.png Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `33891c62b6270b0139750f3be423eb7c4807121d5ce7d54699a97ff5ada20bfb` Request headers accept-language en-US,en;q=0.9 Referer https://vr-vorgang.info/volksbank/bankleitzahl/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Thu, 18 Jan 2024 08:37:21 GMT cf-cache-status MISS last-modified Sat, 13 Jan 2024 23:36:37 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "1335-60edc4072e614" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wsn2dRQlu5JVT5ccoRdkS%2FS%2BtbN7m5Otl1mQnshMRMmkdQIQdJp%2BLpXh%2BtuLEQc45U8NL4NUj8v0RIlIuquJGKNl69h25hD1iAY6XtsNf%2FD91IoJk0%2F8z45pvmD62t9p2z8UnZXyIneqgxK5Z2Q%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 847583fa28cf2887-MIA alt-svc h3=":443"; ma=86400 content-length 4917
GET H3	200	4.png vr-vorgang.info/img/	2 KB 2 KB	1860ms 1856ms	Image image/png	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vr-vorgang.info/img/4.png Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `bd336b5f058be348457d5c0805fa3215e2ca365e9a8b77da94d3ee9472865aa2` Request headers accept-language en-US,en;q=0.9 Referer https://vr-vorgang.info/volksbank/bankleitzahl/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Thu, 18 Jan 2024 08:37:23 GMT cf-cache-status MISS last-modified Sat, 13 Jan 2024 23:36:37 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "605-60edc40748c0a" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oaXOTzjgHfOUuioIt48bMUYrwJC3ZkhvUi%2BxLPapb2BylXLSoEjNRf4fDBRXM4zQVvXY9V0n699rCsFj9akWFT%2Bmuvt4%2B0h9H3WbFA3j9At1JUxmKoHCzApjkr8KMy2ccNdGcBSyw8UiU4ZlePE%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 847583fa28d12887-MIA alt-svc h3=":443"; ma=86400 content-length 1541
GET H3	200	5.png vr-vorgang.info/img/	16 KB 17 KB	437ms 434ms	Image image/png	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vr-vorgang.info/img/5.png Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `60154e6e2f54fa24a52d92b99146a39d81151578f6a3a4bd533bf8c43d676b6c` Request headers accept-language en-US,en;q=0.9 Referer https://vr-vorgang.info/volksbank/bankleitzahl/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Thu, 18 Jan 2024 08:37:22 GMT cf-cache-status MISS last-modified Sat, 13 Jan 2024 23:36:37 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "4194-60edc4074f96f" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7JyIMMST4%2BPIAZBqgQaJqX8fBDApCHlzD%2Blxj7tzBfWW2R1wiwk4oRGwVK29CUWXEcJyQSugenyD0kdlfNPjOrF9O6pM56NADHJTFP6%2BR5oBBls2a%2BHboQUvZs%2Bl6btSEZGT6S%2B9Y1HqA9B1oO8%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 847583fa28d92887-MIA alt-svc h3=":443"; ma=86400 content-length 16788
GET H3	200	6.png vr-vorgang.info/img/	3 KB 3 KB	859ms 857ms	Image image/png	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vr-vorgang.info/img/6.png Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `bc5bcd93361b2057348129acae6936f5ef20d5b31cebb08a03abdf23a4cb5168` Request headers accept-language en-US,en;q=0.9 Referer https://vr-vorgang.info/volksbank/bankleitzahl/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Thu, 18 Jan 2024 08:37:22 GMT cf-cache-status MISS last-modified Sat, 13 Jan 2024 23:36:37 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "c12-60edc4076af05" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xpD6PoGanwbcMHLwRM6nbsJNGUXmIecDxk4%2BrbnPIiQBEZPrdU3y%2ByBlcMTsF1K6dLg8PQy8UxrTnAzaVjS1%2BmlkXjEkD5W8750AkDpc1nnQiOHlzcTEv3vBNKpyegiuvPoJHvfrKrQhKyyy%2FZI%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 847583fa28dd2887-MIA alt-svc h3=":443"; ma=86400 content-length 3090
GET H3	200	7.png vr-vorgang.info/img/	4 KB 4 KB	321ms 319ms	Image image/png	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vr-vorgang.info/img/7.png Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3097e43e3a9b2002798fa0cee854002a72f17f43103a9ea7b4dedef610a0f5d6` Request headers accept-language en-US,en;q=0.9 Referer https://vr-vorgang.info/volksbank/bankleitzahl/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Thu, 18 Jan 2024 08:37:21 GMT cf-cache-status MISS last-modified Sat, 13 Jan 2024 23:36:37 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "e8f-60edc40773bac" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Mh0UcaQLvAxDuYWU4IMiYb84lduJ6z0QqrOhPlZvBa%2BqGuPIR%2B9kDXPrAIByNF5%2FpAxgVaBZooYvYjcW2FF52jFZp1dohoym3TLyyBmr7v3S7WDFT7hR2GEqeH%2FSmeMXMPkEd6DXrzzgZudJL0%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 847583fa28de2887-MIA alt-svc h3=":443"; ma=86400 content-length 3727
GET H3	200	8.png vr-vorgang.info/img/	2 KB 2 KB	2862ms 2860ms	Image image/png	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vr-vorgang.info/img/8.png Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `193c842a2509cf7f02ae53bcfe06eef90e653f86af7b973bce4059eae10e92f6` Request headers accept-language en-US,en;q=0.9 Referer https://vr-vorgang.info/volksbank/bankleitzahl/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Thu, 18 Jan 2024 08:37:24 GMT cf-cache-status MISS last-modified Sat, 13 Jan 2024 23:36:37 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "75b-60edc4078d201" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nq4rZKbDajmIY3i2MEaWEFSR%2Buh%2B3ZniQefI3PUnW0hNyeN3ZT0Ywl8pZWn66mPJ1fad%2FldJvIDhTeNYjDU4QsvSWLixpHq29iG0dGIOMa5WXMlQFLLw%2BKFayd0BYP5WKlp91JJDZBbPWo8HjFI%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 847583fa28e22887-MIA alt-svc h3=":443"; ma=86400 content-length 1883
GET H3	200	9.png vr-vorgang.info/img/	6 KB 6 KB	337ms 335ms	Image image/png	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vr-vorgang.info/img/9.png Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f00e05e6fcb48cbf33e15e7393b71041234246e48727fc225310c153cfa6cc31` Request headers accept-language en-US,en;q=0.9 Referer https://vr-vorgang.info/volksbank/bankleitzahl/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Thu, 18 Jan 2024 08:37:21 GMT cf-cache-status MISS last-modified Sat, 13 Jan 2024 23:36:37 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "16ae-60edc40793f66" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lo%2Fkcdx0fGzAdzwRXrthQimSZ5hHGBIr6AVi7kOYD3pl%2BVVlNyfRrhzWSLz5GOaQAi%2F3WeFDN2ZC8qG8URTNNR%2F7RtllzrSW5ORsEic8uOJzjTdmXwm3K7ZqDowUI58EerxDP9%2Bo8T%2FyREcFUCs%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 847583fa28e42887-MIA alt-svc h3=":443"; ma=86400 content-length 5806
GET H3	200	10.png vr-vorgang.info/img/	2 KB 2 KB	2861ms 2859ms	Image image/png	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vr-vorgang.info/img/10.png Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f6f4ddd588353569b0d34bd19e85a0624effb6c2c183aa26695aefc05861a7ed` Request headers accept-language en-US,en;q=0.9 Referer https://vr-vorgang.info/volksbank/bankleitzahl/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Thu, 18 Jan 2024 08:37:24 GMT cf-cache-status MISS last-modified Sat, 13 Jan 2024 23:36:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "680-60edc40706554" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HP0DuG1Ts6EZvAcsyQq7LbA0rs0CkJfsiCC7Lmx4HqFXg%2BGoprkjW6jBLcilMh9maFMhrXqlBeSd7nLAH03VqIdEAEorKciY2e85pOnyXOPtsOPIgbtiAjmmd%2B3lIJ%2BiB3009udtc7Pj%2Bu8Q6Qc%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 847583fa28e62887-MIA alt-svc h3=":443"; ma=86400 content-length 1664
GET H2	200	jsbot.js Show response ip9uk39kv26rml8wjjruzg.on.drv.tw/ Redirect Chain https://ip9uk39kv26rml8wjjruzg-on.drv.tw/jsbot.js https://ip9uk39kv26rml8wjjruzg.on.drv.tw/jsbot.js	8 KB 2 KB	2484ms 1306ms	Script text/javascript	47.88.48.79 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://ip9uk39kv26rml8wjjruzg.on.drv.tw/jsbot.js Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H2 Server 47.88.48.79 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx/1.14.0 (Ubuntu) / Resource Hash `3274993c2ccd9b85c3597b1e5d08288dadb9611210575b093c33274c9d3bc846` Request headers accept-language en-US,en;q=0.9 Referer https://vr-vorgang.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Thu, 18 Jan 2024 08:37:29 GMT content-encoding gzip last-modified Sat, 01 Jan 2022 15:56:07 GMT server nginx/1.14.0 (Ubuntu) vary Origin, Sec-Fetch-Mode, X-Requested-Wtih, Accept-Encoding x-cache BYPASS content-type text/javascript cache-control public, s-maxage=43200, max-age=43200 Redirect headers location https://ip9uk39kv26rml8wjjruzg.on.drv.tw/jsbot.js date Thu, 18 Jan 2024 08:37:27 GMT cache-control public, s-maxage=604800, max-age=604800 server nginx/1.14.0 (Ubuntu) x-cache BYPASS content-type text/html
GET H2	200	/ Show response www.vr.de/ Redirect Chain https://vr-vorgang.info/volksbank/bankleitzahl/js/ing/bandoo.js https://www.vr.de/	0 0	519ms 147ms	Script text/html	195.200.53.159 ATRUVIA
General Check archive.org Show headers Download Go to Full URL https://www.vr.de/ Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H2 Server 195.200.53.159 Karlsruhe, Germany, ASN15590 (ATRUVIA, DE), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language en-US,en;q=0.9 Referer https://vr-vorgang.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers Redirect headers pragma no-cache date Thu, 18 Jan 2024 08:37:23 GMT cf-cache-status BYPASS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RevxiAWLD0%2F2KY98go6MlsYlY8X1HI8NX1k4IA6G0O8bxAd7lPzyasEUKv59ouU%2BLSjStmMRJDoreFGaHsogH76nSnQ%2B7Qp6r16asxpLsvO%2FYUVdEDV0DfuoSbWP2D9TXUCCerxFbp0zC6WImwA%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 location https://www.vr.de cache-control no-store, no-cache, must-revalidate cf-ray 847583fa28d32887-MIA alt-svc h3=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H3	200	details.js Show response vr-vorgang.info/js/volksbank/	5 KB 1 KB	321ms 319ms	Script application/javascript	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vr-vorgang.info/js/volksbank/details.js Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d68bbc4154509bf29efa267d11838fa5c9da2bcfe75458e242dacfc7d0fa23e1` Request headers accept-language en-US,en;q=0.9 Referer https://vr-vorgang.info/volksbank/bankleitzahl/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Thu, 18 Jan 2024 08:37:21 GMT content-encoding br cf-cache-status MISS last-modified Sat, 13 Jan 2024 23:36:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"12a1-60edc40cc06f3-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HpefB6sFpB0x11zzYQfs2nQ9pS6RdkGkOotpgjJiECz98R3iP9AHmt%2BiZllUMHygagPieSGiSrEBCcizrNZYgwUL3s2DwpTGieJbop6Cz3TLYcJEtXsjKO2j2c6b9QSlHv%2F5Hjc80VkjotVvFps%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 847583fa28d62887-MIA alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated /	29 KB 29 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `70192633915348f5f3297b15a8349cefd61fb2dea99ac974aa243a4605ef0704` Request headers Referer Origin https://vr-vorgang.info accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	28 KB 28 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6a9d7ec3c0dc1347ce344830677d4c085536e3d857f946da8dd666bbe91e3852` Request headers Referer Origin https://vr-vorgang.info accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers Content-Type font/woff2
POST H3	200	online vr-vorgang.info/user/	1 B 0	382ms 382ms	Fetch text/html	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vr-vorgang.info/user/online Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://vr-vorgang.info/volksbank/bankleitzahl/login accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Content-Type multipart/form-data; boundary=----WebKitFormBoundaryHm41umdirVmDF6xa Response headers pragma no-cache date Thu, 18 Jan 2024 08:37:25 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4nRXLxko%2BY4k3b3oD3XTQvoEN%2FBK3o07hlmEFGw6lD6UdRKYd%2By%2BF4z7aZQBP2u8WBm0aJZ8GAt0JRsoyKSJ%2FRsFdjId%2FdV%2BNl5LmRhnJraNWaqKadKYqBVXp%2B%2BQ6mkDeBhVfLdD5tcvZf8UeWE%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control no-store, no-cache, must-revalidate cf-ray 847584125b7d2887-MIA alt-svc h3=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT
POST H3	200	online vr-vorgang.info/user/	1 B 0	242ms 242ms	Fetch text/html	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vr-vorgang.info/user/online Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://vr-vorgang.info/volksbank/bankleitzahl/login accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Content-Type multipart/form-data; boundary=----WebKitFormBoundary2mdDG5nisIoZQHfN Response headers pragma no-cache date Thu, 18 Jan 2024 08:37:28 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f6DKEdgXrt8Pl0wpwbd63eJiIvvjN3HFP9SGS0RKDePnrnSx6y4TVZSACBl4WA5pdDYSgCDwai4fiHblGs76cuUtu4aXTCcLRZY9dz6ed9eHJSg3jxULL68XVVKlpLcfJVKsbqRfh8L1RWjSPiU%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control no-store, no-cache, must-revalidate cf-ray 847584251ea82887-MIA alt-svc h3=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT
POST H3	200	online vr-vorgang.info/user/	1 B 0	238ms 238ms	Fetch text/html	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vr-vorgang.info/user/online Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://vr-vorgang.info/volksbank/bankleitzahl/login accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Content-Type multipart/form-data; boundary=----WebKitFormBoundaryOIOBasLC0n1b0hkm Response headers pragma no-cache date Thu, 18 Jan 2024 08:37:31 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eo%2FhhBPpVtbuRKtiSBf%2Fc%2FTJgHUsVFBS2fkMldhdOiDZG1Lw4KW8AsUxYZShy1aJqkVVOrrNE%2BP6DzBJy2wA%2FteYRRZaT73gQgBTlcfIFmpZU25uiRJ9Rsv0aqVNnZSEUZSDKw2bDLsCWmuAHYA%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control no-store, no-cache, must-revalidate cf-ray 84758437df3a2887-MIA alt-svc h3=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT
POST H3	200	online vr-vorgang.info/user/	1 B 0	234ms 234ms	Fetch text/html	2606:4700:3035::ac43:c095 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vr-vorgang.info/user/online Requested by Host: vr-vorgang.info URL: https://vr-vorgang.info/volksbank/bankleitzahl/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c095 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://vr-vorgang.info/volksbank/bankleitzahl/login accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Content-Type multipart/form-data; boundary=----WebKitFormBoundaryEBBpLmmjLfAgbzTM Response headers pragma no-cache date Thu, 18 Jan 2024 08:37:34 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uJun5xA2wchCvnUznqDhrtDMKiyAGKP%2B4SooiVyb4W8JMP%2FnmL9158XcTk65zsq%2FRwHEJ8v5TLpxOW41srekrCFaneMoNxoR1iECqeh%2Fiq3%2BHVhAD2MBpMVtWDokF3ncE12aubO3ZvYmRItBHFU%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control no-store, no-cache, must-revalidate cf-ray 8475844a9f982887-MIA alt-svc h3=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Volksbank (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			vr-vorgang.info/	1969-12-31 23:59:59	Name: PHPSESSID Value: 7b0viv8tbhjm0vie5c5lvvn72u

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ip9uk39kv26rml8wjjruzg-on.drv.tw
ip9uk39kv26rml8wjjruzg.on.drv.tw
vr-vorgang.info
www.vr.de
195.200.53.159
2606:4700:3035::ac43:c095
47.88.48.79
08c6216305671f1f3f66067057da56b578d879b7c1c77e409b340e9f873c9a86
193c842a2509cf7f02ae53bcfe06eef90e653f86af7b973bce4059eae10e92f6
3097e43e3a9b2002798fa0cee854002a72f17f43103a9ea7b4dedef610a0f5d6
3274993c2ccd9b85c3597b1e5d08288dadb9611210575b093c33274c9d3bc846
33891c62b6270b0139750f3be423eb7c4807121d5ce7d54699a97ff5ada20bfb
360af9c3974faec9d8d78b383116b453b2b652abe3178f6f61839f047036f9c8
60154e6e2f54fa24a52d92b99146a39d81151578f6a3a4bd533bf8c43d676b6c
6a9d7ec3c0dc1347ce344830677d4c085536e3d857f946da8dd666bbe91e3852
70192633915348f5f3297b15a8349cefd61fb2dea99ac974aa243a4605ef0704
8d63f2e163f01b2658a4e3527dccc3484e4dcac83ffdb0435ceaf9bc25d78ec5
93a42951ec0bae1d49c6c94e2bcac1a728591b5aee96a698aeb95c569aa4ce47
a98221c9155dc607127fe88bbcbc7d88296b084a56661ff27f627e7913dc5c8f
bc5bcd93361b2057348129acae6936f5ef20d5b31cebb08a03abdf23a4cb5168
bd336b5f058be348457d5c0805fa3215e2ca365e9a8b77da94d3ee9472865aa2
d68bbc4154509bf29efa267d11838fa5c9da2bcfe75458e242dacfc7d0fa23e1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f00e05e6fcb48cbf33e15e7393b71041234246e48727fc225310c153cfa6cc31
f6f4ddd588353569b0d34bd19e85a0624effb6c2c183aa26695aefc05861a7ed

vr-vorgang.info Open in urlscan Pro 2606:4700:3035::ac43:c095 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

21 Requests

90 %HTTPS

33 %IPv6

3 Domains

4 Subdomains

4 IPs

2 Countries

372 kBTransfer

672 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

vr-vorgang.info Open in urlscan Pro
2606:4700:3035::ac43:c095 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

90 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

372 kB
Transfer

672 kB
Size

1
Cookies

21 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!