www.berliner-sparkasse.de.es-public.com
Open in
urlscan Pro
2606:4700:3034::6818:6831
Malicious Activity!
Public Scan
URL:
https://www.berliner-sparkasse.de.es-public.com/de/db28e9af20e7bb137b7c127f6cb6976e/?AUTH_TOKEN=ee9a24eb16e62ff3bab70c223e4fd930&cur=home
Submission Tags: 6527797
Submission: On April 25 via api from NL
Submission Tags: 6527797
Submission: On April 25 via api from NL
Summary
This website contacted 3 IPs
in 2 countries
across 2 domains to perform 14 HTTP transactions.
The main IP is 2606:4700:3034::6818:6831, located in
United States and
belongs to CLOUDFLARENET, US.
The main domain is www.berliner-sparkasse.de.es-public.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on April 16th 2020. Valid for: 6 months.
This is the only time www.berliner-sparkasse.de.es-public.com was scanned on urlscan.io!
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on April 16th 2020. Valid for: 6 months.
This is the only time www.berliner-sparkasse.de.es-public.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparkasse (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 5 | 2606:4700:303... 2606:4700:3034::6818:6831 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 8 | 62.181.151.235 62.181.151.235 | 15790 (FINANZINF...) (FINANZINFORMATIK-AS-OST) | |
| 1 | 62.181.151.19 62.181.151.19 | 15790 (FINANZINF...) (FINANZINFORMATIK-AS-OST) | |
| 14 | 3 |
5
2606:4700:3034::6818:6831
(United States)
ASN13335 (CLOUDFLARENET, US)
ASN13335 (CLOUDFLARENET, US)
| www.berliner-sparkasse.de.es-public.com |
8
62.181.151.235
(Pulheim, Germany)
ASN15790 (FINANZINFORMATIK-AS-OST, DE)
ASN15790 (FINANZINFORMATIK-AS-OST, DE)
| www.berliner-sparkasse.de |
1
62.181.151.19
(Pulheim, Germany)
ASN15790 (FINANZINFORMATIK-AS-OST, DE)
ASN15790 (FINANZINFORMATIK-AS-OST, DE)
| module.berliner-sparkasse.de |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 9 |
berliner-sparkasse.de
www.berliner-sparkasse.de module.berliner-sparkasse.de |
284 KB |
| 5 |
es-public.com
www.berliner-sparkasse.de.es-public.com |
259 KB |
| 14 | 2 |
| Domain | Requested by | |
|---|---|---|
| 8 | www.berliner-sparkasse.de |
www.berliner-sparkasse.de.es-public.com
|
| 5 | www.berliner-sparkasse.de.es-public.com |
www.berliner-sparkasse.de.es-public.com
|
| 1 | module.berliner-sparkasse.de |
www.berliner-sparkasse.de.es-public.com
|
| 14 | 3 |
This site contains links to these domains. Also see Links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| es-public.com CloudFlare Inc ECC CA-2 |
2020-04-16 - 2020-10-09 |
6 months | crt.sh |
| www.berliner-sparkasse.de QuoVadis EV SSL ICA G3 |
2019-10-01 - 2021-08-01 |
2 years | crt.sh |
| module.berliner-sparkasse.de QuoVadis EV SSL ICA G3 |
2019-09-02 - 2021-08-01 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.berliner-sparkasse.de.es-public.com/de/db28e9af20e7bb137b7c127f6cb6976e/?AUTH_TOKEN=ee9a24eb16e62ff3bab70c223e4fd930&cur=home
Frame ID: 26629A08066E23BA909A9A1954E7969B
Requests: 14 HTTP requests in this frame
Screenshot
Detected technologies
Adobe Experience Manager
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<div class="[^"]*parbase/i
- script /\/etc\/clientlibs\//i
- script /\/etc.clientlibs\//i
Java
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<div class="[^"]*parbase/i
- script /\/etc\/clientlibs\//i
- script /\/etc.clientlibs\//i
CloudFlare
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /^cloudflare$/i
Page Statistics
17 Outgoing links
These are links going to different origins than the main page.
URL: https://module.berliner-sparkasse.de/de/home/toolbar/kontakt/wichtige_rufnummern.html?n=true
Title: Wichtige Telefonnummern
Title: Wichtige Telefonnummern
Search URL Search Domain Scan URL
URL: https://www.sparkassen-chat.de/if6/?te_org=IF6&te_art=VC&blz=10050000&title=Logout&origin=https%3A%2F%2Fwww.berliner-sparkasse.de%2Fde%2Fhome%2Fmisc%2Flogout.html
Title: Live-Chat
Title: Live-Chat
Search URL Search Domain Scan URL
URL: https://module.berliner-sparkasse.de/de/home/toolbar/kontakt/wichtige_rufnummern.html
Title: Weitere Telefonnummern
Title: Weitere Telefonnummern
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/content/myif/berliner-sk/work/filiale/de/home/login-online-banking.html?lightbox=%2Fde%2Fhome%2Fkontakt-neo%2Flightboxes%2Ftvb%3Fn%3Dtrue%26stref%3Dkontakt_footer
Title: Beratungstermin vereinbaren
Title: Beratungstermin vereinbaren
Search URL Search Domain Scan URL
URL: https://www.sparkassen-chat.de/if6/?te_org=IF6&te_art=VC&blz=10050000&title=Login%2BOnline-Banking&origin=https%3A%2F%2Fwww.berliner-sparkasse.de%2Fde%2Fhome%2Flogin-online-banking.html
Title: Live-Chat
Title: Live-Chat
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/content/myif/berliner-sk/work/filiale/de/home/login-online-banking.html?lightbox=%2Fde%2Fhome%2Fprivatkunden%2Fonline-mobile-banking%2Fpushtan%2Flightboxes%2Fpushtan-verfahren-freischalten%3Fn%3Dtrue%26stref%3Dservice_links
Title: Online-Banking freischalten
Title: Online-Banking freischalten
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/content/myif/berliner-sk/work/filiale/de/home/login-online-banking.html?lightbox=%2Fde%2Fhome%2Fservice%2Fadresse-aendern%2Flightbox%2Fadresse-aendern%3Fn%3Dtrue%26stref%3Dservice_links
Title: Adresse ändern
Title: Adresse ändern
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/content/myif/berliner-sk/work/filiale/de/home/login-online-banking.html?lightbox=%2Fde%2Fhome%2Fprivatkunden%2Fonline-mobile-banking%2Fpushtan%2Flightboxes%2Fpushtan-verfahren-freischalten%3Fn%3Dtrue%26stref%3Dsitemap
Title: Online-Banking freischalten
Title: Online-Banking freischalten
Search URL Search Domain Scan URL
URL: https://kredit.skpk.de/?template=Privatkredit_Berlin&utm_source=if6&utm_medium=bsk&utm_campaign=mv_pkvv_17_08&utm_content=footer
Title: S-Privatkredit
Title: S-Privatkredit
Search URL Search Domain Scan URL
URL: https://web.s-investor.de/app/markt.htm?INST_ID=0004093&ident=0
Title: BörsenCenter
Title: BörsenCenter
Search URL Search Domain Scan URL
URL: http://t23.intelliad.de/index.php?redirect=https%3A%2F%2Fwww.berliner-sparkasse.de%2Fde%2Fhome%2Fservice%2Fnewsletter.html&cl=0383839313236323131303&bm=100&bmcl=6353835313236323131303&cp=893&ag=124&crid=108
Title: Newsletter
Title: Newsletter
Search URL Search Domain Scan URL
URL: https://www.facebook.com/berlinersparkasse
Title: Facebook
Title: Facebook
Search URL Search Domain Scan URL
URL: https://twitter.com/BerlinerSPK
Title: Twitter
Title: Twitter
Search URL Search Domain Scan URL
URL: https://www.instagram.com/berlinersparkasse/
Title: Instagram
Title: Instagram
Search URL Search Domain Scan URL
URL: https://www.youtube.com/user/berlinersparkasse
Title: Youtube
Title: Youtube
Search URL Search Domain Scan URL
URL: http://blog.berliner-sparkasse.de/
Title: Blog
Title: Blog
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/content/myif/berliner-sk/work/filiale/de/home/misc/eprivacy/_jcr_content.bin
Title: Schließen
Title: Schließen
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
www.berliner-sparkasse.de.es-public.com/de/db28e9af20e7bb137b7c127f6cb6976e/ |
48 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
internetfiliale.min.css
www.berliner-sparkasse.de.es-public.com/de/db28e9af20e7bb137b7c127f6cb6976e/files/ |
542 KB 72 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
internetfiliale.min.1e413cd876d7f3afa6ff469237b793f0.js
www.berliner-sparkasse.de/etc/clientlibs/myif/berliner-sk/base/ |
342 KB 97 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
spk-logo-desktop.png
www.berliner-sparkasse.de/content/dam/myif/berliner-sk/work/bilder/logos/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
spk-logo-mobile.png
www.berliner-sparkasse.de/content/dam/myif/berliner-sk/work/bilder/logos/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
spk-logo-druck.png
www.berliner-sparkasse.de/content/dam/myif/berliner-sk/work/bilder/logos/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
1569232418826.png
www.berliner-sparkasse.de/content/myif/berliner-sk/work/filiale/de/home/siegel/_jcr_content/awards/parsys/award_547e/image.img.png/ |
33 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
1507888956944.png
www.berliner-sparkasse.de/content/myif/berliner-sk/work/filiale/de/home/siegel/_jcr_content/awards/parsys/award/image.img.png/ |
39 KB 40 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
1576482947570.jpg
www.berliner-sparkasse.de/content/myif/berliner-sk/work/filiale/de/home/siegel/_jcr_content/awards/parsys/award_0/image.img.jpg/ |
55 KB 56 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tdg
module.berliner-sparkasse.de/if/services/ |
45 B 574 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
universal_analytics.min.6821acb38acdf3bdc5bb822034e4f5f8.js
www.berliner-sparkasse.de/etc/clientlibs/myif/berliner-sk/sfp/universal_analytics/ |
170 KB 44 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Sparkasse_web_Rg.woff
www.berliner-sparkasse.de.es-public.com/de/db28e9af20e7bb137b7c127f6cb6976e/files/ |
39 KB 39 KB |
Font
font/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pictos-if.woff
www.berliner-sparkasse.de.es-public.com/de/db28e9af20e7bb137b7c127f6cb6976e/files/ |
101 KB 101 KB |
Font
font/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Sparkasse_web_Bd.woff
www.berliner-sparkasse.de.es-public.com/de/db28e9af20e7bb137b7c127f6cb6976e/files/ |
39 KB 38 KB |
Font
font/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparkasse (Banking)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| IF6 function| getQueryParamValue string| IF6_lightbox_closeicon_text function| overlayShow function| overlayClose function| focusBankingFormularElement function| toggleClassInRows function| SLURI function| moveBContent function| refreshServerTimeout function| showCountdownLayer function| refreshClientTimeout function| tick function| updateHeaderLoginIfPresent function| setSessionTimeout function| countdownShow function| callBreakHtml function| editTeaserRef function| pagenav_statistics_send function| pagenav_statistics function| pagenav_scroll function| pagenav_scroll_window function| $ function| jQuery object| IF boolean| bcarouselAttached object| ifLoginHeaderTimer2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| www.berliner-sparkasse.de.es-public.com/ | Name: PHPSESSID Value: h4l6p6s0am6mhubtfiu4g5n7o1 |
|
| .es-public.com/ | Name: __cfduid Value: d817b1c6831128ce74c93cedc215fa2011587829894 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
module.berliner-sparkasse.de
www.berliner-sparkasse.de
www.berliner-sparkasse.de.es-public.com
2606:4700:3034::6818:6831
62.181.151.19
62.181.151.235
174ab10faf521733c7e857ff3b2acebeaea5919c4608c326ca8622035de5c93d
476c17e3cf8dd32252ddf91c678b364d8d7310b66fc6d0fa773a4750c3e05f86
5f76ec01bb4b4b8e036b6d7cdc411a0fc75e6c53de60b7ef6ebb9dc104b676b6
62cfb054088e29a0e576b434030c236c6101af0599e6f55cfe89b35a6186fba4
6307e650c6cd51633ef2e9d9528ef4a163d3b9432f7d5ceb3e7fd2c61fe5a95f
644fe45aed1482abe92dd9ffd221a5570e0e509ce73647ea27180bf4aa8213f3
8260c63f462057662b692a0e463350d73a20e751dfdbc91357c9ac1f0041b962
92a47005456ffc3265cfb02b76cfb77edf109347cd59ef3c755aec4ffd4e8e85
9ab7158ea83e44a5191401a040ae2b2c89fd00d3d289cbd969f0d29c2fc30caf
a9ad5dac2a400c1fb324e09df57325568e98772618ff818ca5344b171c834aa2
bedee0bcb0139065ca3f68c4e7b5d8434761867fcb4b535cb3d3a77ee4204597
d3d6aefec9d4c8294072e8a246a45716badf57373b71990f6254b4c480245288
daced0adba4deceea44557ede4ab39d39cf7be7328d9b0033b721ea7b4f5c34e
e3a096177fdb67dc609921050caec415a389d683674be529f2ba91f6e5514638