urlscan.io logo urlscan.io
SecurityTrails logo

sparkasse-connect.pleaseletme.help Open in urlscan Pro
103.198.26.219  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://sparkasse-connect.pleaseletme.help/privatkunden/73732/
Submission: On June 04 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 4 HTTP transactions. The main IP is 103.198.26.219, located in Cyberjaya, Malaysia and belongs to GBNETWORK-AS-AP GB Network Solutions Sdn. Bhd., MY. The main domain is sparkasse-connect.pleaseletme.help.
TLS certificate: Issued by R3 on June 3rd 2024. Valid for: 3 months.
This is the only time sparkasse-connect.pleaseletme.help was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sparkasse (Banking)

Domain & IP information

IP Address AS Autonomous System
1 103.198.26.219 132372 (GBNETWORK...)
1 185.85.1.81 20546 (SOPRADO-ANY)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a04:4e42:400... 54113 (FASTLY)
4 5
Apex Domain
Subdomains		 Transfer
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 426
7 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 613
30 KB
1 sparkasse.de
www.sparkasse.de — Cisco Umbrella Rank: 227175
7 KB
1 pleaseletme.help
sparkasse-connect.pleaseletme.help
669 KB
4 4
Domain Requested by
1 cdn.jsdelivr.net sparkasse-connect.pleaseletme.help
1 ajax.googleapis.com sparkasse-connect.pleaseletme.help
1 www.sparkasse.de sparkasse-connect.pleaseletme.help
1 sparkasse-connect.pleaseletme.help
4 4

This site contains links to these domains. Also see Links.

Domain
www.berliner-sparkasse.de
Subject Issuer Validity Valid
sparkasse-connect.pleaseletme.help
R3		 2024-06-03 -
2024-09-01		 3 months crt.sh
www.sparkasse.de
D-TRUST SSL Class 3 CA 1 EV 2009		 2024-05-16 -
2025-05-18		 a year crt.sh
upload.video.google.com
WR2		 2024-05-13 -
2024-08-05		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-09-27 -
2024-10-28		 a year crt.sh

This page contains 1 frames:

Primary Page: https://sparkasse-connect.pleaseletme.help/privatkunden/73732/
Frame ID: 0900802C3B86A5A430F2D5CD4F87A225
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login Online-Banking

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

4
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

1018 kB
Transfer

4105 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
sparkasse-connect.pleaseletme.help/privatkunden/73732/ 		3 MB
669 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sparkasse-connect.pleaseletme.help/privatkunden/73732/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.198.26.219 Cyberjaya, Malaysia, ASN132372 (GBNETWORK-AS-AP GB Network Solutions Sdn. Bhd., MY),
Reverse DNS
assurprox.com
Software
nginx / PleskLin
Resource Hash
d17bf55144a657d693d7fd95b0a790af2e5d67d547afa35b3bd6a8921c0afa27

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
br
content-type
text/html
date
Tue, 04 Jun 2024 10:33:44 GMT
etag
W/"665edf3f-3646d0"
last-modified
Tue, 04 Jun 2024 09:32:47 GMT
server
nginx
x-powered-by
PleskLin
tenant_header_logo.svg
www.sparkasse.de/assets/ 		15 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.sparkasse.de/assets/tenant_header_logo.svg
Requested by
Host: sparkasse-connect.pleaseletme.help
URL: https://sparkasse-connect.pleaseletme.help/privatkunden/73732/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.85.1.81 , Germany, ASN20546 (SOPRADO-ANY, DE),
Reverse DNS
ip-185-85-1-81.ax5z.com
Software
myracloud /
Resource Hash
b0806659e4a12b2665227e54911485706ed7f288c7cef9e55add4b4d917d3092
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' www.googletagmanager.com www.yellowmap.de cdn.yellowmap.de cdn.trustcommander.net www.youtube.com www.google-analytics.com *.doubleclick.net connect.facebook.net assets.adobedtm.com adobedc.demdex.net edge.adobedc.net; style-src 'self' 'unsafe-inline' cdn.yellowmap.de; connect-src 'self' *.sparkasse.de autocomplete.smartmaps.cloud events.flagship.io *.yellowmap.de *.trustcommander.net *.commander1.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.sparkassen-finanzportal.de eu-api.friendlycaptcha.eu www.facebook.com assets.adobedtm.com adobedc.demdex.net edge.adobedc.net; img-src data: 'self' 'unsafe-inline' i.ytimg.com map.iib-institut.de *.yellowmaps.eu www.yellowmap.de *.sparkasse.de *.trustcommander.net *.commander1.com img.youtube.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com www.google.com www.google.de api.sparkassen-mediacenter.de kvp-skmc.dbc-gmbh.com *.doubleclick.net images.podigee-cdn.net feeds.sparkassen-finanzportal.de events.flagship.io www.facebook.com; media-src api.sparkassen-mediacenter.de kvp-skmc.dbc-gmbh.com youtu.be www.youtube.com; frame-src data: 'self' cdn.trustcommander.net widget.civey.com sparkasse.linda-chatbot.de www.youtube.com player.podigee-cdn.net stage-if-egs.s-communication.de if-egs.s-communication.de; font-src 'self' webfonts.sparkasse.de cdn.yellowmap.de; object-src 'self'; manifest-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://sparkasse-connect.pleaseletme.help/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 10:33:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-cache-group
assets
x-content-type-options
nosniff
content-security-policy
default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' www.googletagmanager.com www.yellowmap.de cdn.yellowmap.de cdn.trustcommander.net www.youtube.com www.google-analytics.com *.doubleclick.net connect.facebook.net assets.adobedtm.com adobedc.demdex.net edge.adobedc.net; style-src 'self' 'unsafe-inline' cdn.yellowmap.de; connect-src 'self' *.sparkasse.de autocomplete.smartmaps.cloud events.flagship.io *.yellowmap.de *.trustcommander.net *.commander1.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.sparkassen-finanzportal.de eu-api.friendlycaptcha.eu www.facebook.com assets.adobedtm.com adobedc.demdex.net edge.adobedc.net; img-src data: 'self' 'unsafe-inline' i.ytimg.com map.iib-institut.de *.yellowmaps.eu www.yellowmap.de *.sparkasse.de *.trustcommander.net *.commander1.com img.youtube.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com www.google.com www.google.de api.sparkassen-mediacenter.de kvp-skmc.dbc-gmbh.com *.doubleclick.net images.podigee-cdn.net feeds.sparkassen-finanzportal.de events.flagship.io www.facebook.com; media-src api.sparkassen-mediacenter.de kvp-skmc.dbc-gmbh.com youtu.be www.youtube.com; frame-src data: 'self' cdn.trustcommander.net widget.civey.com sparkasse.linda-chatbot.de www.youtube.com player.podigee-cdn.net stage-if-egs.s-communication.de if-egs.s-communication.de; font-src 'self' webfonts.sparkasse.de cdn.yellowmap.de; object-src 'self'; manifest-src 'self'; worker-src 'self' blob:;
x-cdn
1
x-xss-protection
1; mode=block
last-modified
Thu, 30 May 2024 06:13:42 GMT
server
myracloud
etag
W/"3a0a-18fc821fdf0"
vary
accept-encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=3600
expires
Tue, 04 Jun 2024 10:37:31 GMT
truncated
/ 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
92a47005456ffc3265cfb02b76cfb77edf109347cd59ef3c755aec4ffd4e8e85

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3edc58dd505c594baa6bd39f1641072b5a072f16410c6d0c4bf65df2cdb1d356

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		976 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f4e07d2fb57dd99f228e0d5b6e4e7a8d051ae49bb9643d850ac10369a6158e35

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		73 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
eb2c3a2739a9798911a3fc551f4e9635708ef2398670ec92e9888ad27ff5bbbc

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		38 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b47cdecc0f76feb9ae35c32d9380056f77ef63df510fd2477a882b746ee5e045

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		86 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
10626038ac8b95269a4494bd2c43f2a6f706a5032ad7b8bd202e65a0e7de24fd

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		45 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
62cfb054088e29a0e576b434030c236c6101af0599e6f55cfe89b35a6186fba4

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
43a2c75ca73d8c1101ff7ae617e6dbc6934e8aa1cd72d64ce50908ac297156cb

Request headers

Referer
Origin
https://sparkasse-connect.pleaseletme.help
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff
truncated
/ 		205 KB
205 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5706622f56a9d55053b778d797260c4ff05ce65c3402d0df06b1c5ddf59496a5

Request headers

Referer
Origin
https://sparkasse-connect.pleaseletme.help
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff
truncated
/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7b2888ded6c1e95affe8813aaba8fbcd060d774451c10afa71227616e9af159f

Request headers

Referer
Origin
https://sparkasse-connect.pleaseletme.help
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff
truncated
/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
addffd48c2bb1fe1e4409899c79d5b2beca7d72c4d80575401091f09ab0eae52

Request headers

Referer
Origin
https://sparkasse-connect.pleaseletme.help
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff
truncated
/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9ae3f33664fc3b273913900b81d8812d5a6a3c098b86d93d1f0ec54259d9441d

Request headers

Referer
Origin
https://sparkasse-connect.pleaseletme.help
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.7.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js
Requested by
Host: sparkasse-connect.pleaseletme.help
URL: https://sparkasse-connect.pleaseletme.help/privatkunden/73732/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://sparkasse-connect.pleaseletme.help/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 06:14:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
15541
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30462
x-xss-protection
0
last-modified
Tue, 12 Sep 2023 02:38:22 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 04 Jun 2025 06:14:45 GMT
disable-devtool@latest
cdn.jsdelivr.net/npm/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/disable-devtool@latest
Requested by
Host: sparkasse-connect.pleaseletme.help
URL: https://sparkasse-connect.pleaseletme.help/privatkunden/73732/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2a741550c18b132b0ef573f818fc79d6c09169be71d538b968ceac551c178ad3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://sparkasse-connect.pleaseletme.help/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 04 Jun 2024 10:33:46 GMT
x-content-type-options
nosniff
content-encoding
br
age
2680
x-jsd-version
0.3.7
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
6741
x-served-by
cache-fra-eddf8230055-FRA, cache-cph2320026-CPH
x-jsd-version-type
version
etag
W/"4372-w4TGldenTh5CcrE/nVlC0PJNCZ0"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sparkasse (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| DisableDevtool function| myFunction

0 Cookies