targ-kunden.cfd Open in urlscan Pro
154.216.20.131 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://targ-kunden.cfd/targobank/targo
Effective URL:
https://targ-kunden.cfd/targobank/authentification/targo
Submission: On October 03 via automatic, source openphish (October 3rd 2024, 1:23:10 am UTC) — Scanned from DE

Summary HTTP 10 Redirects Links 21 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 10 HTTP transactions. The main IP is 154.216.20.131, located in Hong Kong, Hong Kong and belongs to NETRESEARCH, GB. The main domain is targ-kunden.cfd.
TLS certificate: Issued by R11 on October 2nd 2024. Valid for: 3 months.

This is the only time targ-kunden.cfd was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: targobank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
6	154.216.20.131 154.216.20.131	215240 (NETRESEARCH) (NETRESEARCH)
1 1	34.200.162.253 34.200.162.253	14618 (AMAZON-AES) (AMAZON-AES)
1	3.217.91.211 3.217.91.211	14618 (AMAZON-AES) (AMAZON-AES)
10	3

6 154.216.20.131 (Hong Kong, Hong Kong)

ASN215240 (NETRESEARCH, GB)

targ-kunden.cfd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.200.162.253 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-162-253.compute-1.amazonaws.com

ip9uk39kv26rml8wjjruzg-on.drv.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.217.91.211 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-91-211.compute-1.amazonaws.com

ip9uk39kv26rml8wjjruzg.on.drv.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	targ-kunden.cfd targ-kunden.cfd	1 MB
2	drv.tw 1 redirects ip9uk39kv26rml8wjjruzg-on.drv.tw ip9uk39kv26rml8wjjruzg.on.drv.tw	2 KB
0	targobank.de Failed www.targobank.de — Cisco Umbrella Rank: 422972 Failed
10	3

	Domain	Requested by
6	targ-kunden.cfd	targ-kunden.cfd
1	ip9uk39kv26rml8wjjruzg.on.drv.tw	targ-kunden.cfd
1	ip9uk39kv26rml8wjjruzg-on.drv.tw	1 redirects
0	www.targobank.de Failed	targ-kunden.cfd
10	4

This site contains links to these domains. Also see Links.

Domain
www.targobank.de
www.bsi.bund.de

Subject Issuer	Validity	Valid
targ-kunden.cfd R11	`2024-10-02` - `2024-12-31`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://targ-kunden.cfd/targobank/authentification/targo
Frame ID: 2682F5BA758CAFA50A44C8F352CB09CA
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login Online Banking | TARGOBANK

Page URL History Show full URLs

http://targ-kunden.cfd/targobank/targo HTTP 307
https://targ-kunden.cfd/targobank/targo Page URL
https://targ-kunden.cfd/targobank/authentification/targo Page URL

Page Statistics

10
Requests

60 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

1447 kB
Transfer

3530 kB
Size

1
Cookies

21 Outgoing links

These are links going to different origins than the main page.

URL: https://www.targobank.de/
Title: Privatkunden

Search URL Search Domain Scan URL

URL: https://www.targobank.de/de/geschaeftskunden/
Title: Geschäftskunden

Search URL Search Domain Scan URL

URL: https://www.targobank.de/de/firmenkunden/
Title: Firmenkunden

Search URL Search Domain Scan URL

URL: https://www.targobank.de/index.html

Search URL Search Domain Scan URL

URL: https://www.targobank.de/de/identification/authentification.html
Title: Passwort vergessen?

Search URL Search Domain Scan URL

URL: https://www.targobank.de/de/user/password_reset.html
Title: Zugangsdaten vergessen?

Search URL Search Domain Scan URL

URL: https://www.targobank.de/de/user/password_reset.html#C:password
Title: Zugangsdaten vergessen?

Search URL Search Domain Scan URL

URL: https://www.targobank.de/de/user/password_reset.html#C:username
Title: Neu bei der TARGOBANK?

Search URL Search Domain Scan URL

URL: https://www.targobank.de/de/service/online-sicherheit/index.html?rd=0716
Title: Online-Sicherheit

Search URL Search Domain Scan URL

URL: https://www.bsi.bund.de/
Title: Bundesamt für Sicherheit in der Informationstechnik

Search URL Search Domain Scan URL

URL: https://www.targobank.de/service/online-sicherheit
Title: Mehr erfahren

Search URL Search Domain Scan URL

URL: https://www.targobank.de/service/tan-verfahren
Title: Mehr erfahren

Search URL Search Domain Scan URL

URL: https://www.targobank.de/service/mobile-banking/index.html
Title: Mehr erfahren

Search URL Search Domain Scan URL

URL: https://www.targobank.de/de/impressum/index.html
Title: Impressum

Search URL Search Domain Scan URL

URL: https://www.targobank.de/de/datenschutz/index.html
Title: Datenschutz

Search URL Search Domain Scan URL

URL: https://www.targobank.de/de/rechtliche-hinweise/index.html
Title: AGB & Rechtliche Hinweise

Search URL Search Domain Scan URL

URL: https://www.targobank.de/de/download/Preisubersicht.pdf
Title: Preise & Leistungen

Search URL Search Domain Scan URL

URL: https://www.targobank.de/de/service/online-sicherheit/index.html
Title: Sicherheit

Search URL Search Domain Scan URL

URL: https://www.targobank.de/de/kredit.html
Title: Kredit

Search URL Search Domain Scan URL

URL: https://www.targobank.de/de/banque/pageaccueil.html
Title: DE

Search URL Search Domain Scan URL

URL: https://www.targobank.de/en/banque/pageaccueil.html
Title: EN

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://targ-kunden.cfd/targobank/targo HTTP 307
https://targ-kunden.cfd/targobank/targo Page URL
https://targ-kunden.cfd/targobank/authentification/targo Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://targ-kunden.cfd/targobank/targo HTTP 307
https://targ-kunden.cfd/targobank/targo

Request Chain 1

https://targ-kunden.cfd/favicon.ico HTTP 302
https://www.targobank.de/

Request Chain 6

https://ip9uk39kv26rml8wjjruzg-on.drv.tw/jsbot.js HTTP 301
https://ip9uk39kv26rml8wjjruzg.on.drv.tw/jsbot.js

Request Chain 7

https://targ-kunden.cfd/targobank/authentification/js/ing/bandoo.js HTTP 302
https://www.targobank.de/ HTTP 301
https://www.targobank.de/de/index.html

10 HTTP transactions
10 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	targo targ-kunden.cfd/targobank/ Redirect Chain http://targ-kunden.cfd/targobank/targo https://targ-kunden.cfd/targobank/targo	736 B 741 B	1774ms 824ms	Document text/html	154.216.20.131 NETRESEARCH
General Check archive.org Show headers Download Go to Full URL https://targ-kunden.cfd/targobank/targo Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 154.216.20.131 Hong Kong, Hong Kong, ASN215240 (NETRESEARCH, GB), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Encoding gzip Content-Length 321 Content-Type text/html; charset=UTF-8 Date Thu, 03 Oct 2024 01:22:59 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Server Apache/2.4.41 (Ubuntu) Vary Accept-Encoding Redirect headers Location https://targ-kunden.cfd/targobank/targo Non-Authoritative-Reason HttpsUpgrades
GET H/1.1	200 OK	Primary Request targo Show response targ-kunden.cfd/targobank/authentification/	3 MB 1 MB	120ms 68ms	Document text/html	154.216.20.131 NETRESEARCH
General Check archive.org Show headers Download Go to Full URL https://targ-kunden.cfd/targobank/authentification/targo Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 154.216.20.131 Hong Kong, Hong Kong, ASN215240 (NETRESEARCH, GB), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `8d7aa282fbd300ba3a583ecfba6178c37640f4f4d61f0c036898cf5a7aee6968` Request headers Referer https://targ-kunden.cfd/targobank/targo Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Thu, 03 Oct 2024 01:23:00 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=98 Pragma no-cache Server Apache/2.4.41 (Ubuntu) Transfer-Encoding chunked Vary Accept-Encoding
GET		/ www.targobank.de/ Redirect Chain https://targ-kunden.cfd/favicon.ico https://www.targobank.de/	0 0

GET DATA	200 OK	truncated /	3 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `475d4aa3fbc311d30979535bec5e9922dec32caf59661567bf507235122a1015` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `cfefc3d1e1fd30433488f4faf720e638f0567faeee99cec325f7fb726f40db66` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	59 KB 59 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `754235af94ace68ec407cdbdbcaab45f4baf868f32feb3ec0bca57adbc0c9193` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://targ-kunden.cfd Referer Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	66 KB 66 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1aa3edd533940d94c1e417143713e5aaf22c2d269b0a205d611b770c6bb092c6` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://targ-kunden.cfd Referer Response headers Content-Type font/woff2
GET H2	200	jsbot.js Show response ip9uk39kv26rml8wjjruzg.on.drv.tw/ Redirect Chain https://ip9uk39kv26rml8wjjruzg-on.drv.tw/jsbot.js https://ip9uk39kv26rml8wjjruzg.on.drv.tw/jsbot.js	8 KB 2 KB	1551ms 123ms	Script text/javascript	3.217.91.211 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://ip9uk39kv26rml8wjjruzg.on.drv.tw/jsbot.js Requested by Host: targ-kunden.cfd URL: https://targ-kunden.cfd/targobank/authentification/targo Protocol H2 Server 3.217.91.211 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-217-91-211.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash `3274993c2ccd9b85c3597b1e5d08288dadb9611210575b093c33274c9d3bc846` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://targ-kunden.cfd/ Response headers cache-control public, s-maxage=43200, max-age=43200 content-encoding gzip x-cache HIT date Thu, 03 Oct 2024 01:23:05 GMT content-type text/javascript vary Origin, Sec-Fetch-Mode, X-Requested-Wtih, Accept-Encoding server nginx/1.18.0 (Ubuntu) last-modified Sat, 01 Jan 2022 15:56:07 GMT Redirect headers cache-control public, s-maxage=604800, max-age=604800 location https://ip9uk39kv26rml8wjjruzg.on.drv.tw/jsbot.js x-cache HIT date Thu, 03 Oct 2024 01:23:03 GMT content-type text/html server nginx/1.18.0 (Ubuntu)
GET		index.html www.targobank.de/de/ Redirect Chain https://targ-kunden.cfd/targobank/authentification/js/ing/bandoo.js https://www.targobank.de/ https://www.targobank.de/de/index.html	0 0

GET H/1.1	200 OK	login.js Show response targ-kunden.cfd/js/targobank/	4 KB 1 KB	52ms 52ms	Script application/javascript	154.216.20.131 NETRESEARCH
General Check archive.org Show headers Download Go to Full URL https://targ-kunden.cfd/js/targobank/login.js Requested by Host: targ-kunden.cfd URL: https://targ-kunden.cfd/targobank/authentification/targo Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 154.216.20.131 Hong Kong, Hong Kong, ASN215240 (NETRESEARCH, GB), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `520193756dc3b8619e8e9af04dbe84b623b41898ca5b1003399b6f8010f8eeb3` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://targ-kunden.cfd/targobank/authentification/targo Response headers Content-Encoding gzip ETag "116d-5ff3cf7ad3e80-gzip" Connection Keep-Alive Accept-Ranges bytes Content-Length 1131 Keep-Alive timeout=5, max=100 Date Thu, 03 Oct 2024 01:23:00 GMT Last-Modified Thu, 29 Jun 2023 04:16:42 GMT Vary Accept-Encoding Server Apache/2.4.41 (Ubuntu) Content-Type application/javascript
GET H/1.1	200 OK	targobank.png targ-kunden.cfd/img/	1 KB 1 KB	101ms 48ms	Image image/png	154.216.20.131 NETRESEARCH
General Check archive.org Show headers Download Go to Show image Full URL https://targ-kunden.cfd/img/targobank.png Requested by Host: targ-kunden.cfd URL: https://targ-kunden.cfd/targobank/authentification/targo Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 154.216.20.131 Hong Kong, Hong Kong, ASN215240 (NETRESEARCH, GB), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `2dd728523432b8b301641d20d109cb5486953cc99960eba828012e93523a53d8` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://targ-kunden.cfd/targobank/authentification/targo Response headers ETag "44c-5ff3b74021480" Connection Keep-Alive Accept-Ranges bytes Content-Length 1100 Keep-Alive timeout=5, max=99 Date Thu, 03 Oct 2024 01:23:00 GMT Last-Modified Thu, 29 Jun 2023 02:28:18 GMT Content-Type image/png Server Apache/2.4.41 (Ubuntu)
GET DATA	200 OK	truncated /	614 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5a33fcbf0f406c9e9e767d66a1f43462b8391ffb8e8aaf8de53248a1510e37aa` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	74 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `45f2967a362f767a414c279f114b8f6bd293f3ab07d3753fe9abdd4080408c1a` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	622 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `29091caa6f2374957c15476e14ef16bedead97eac46bf90fa6c55f371331fe99` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	175 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bbd961c93397bc450f406fc284d8dfe569c39a5cdcbb04c6c847d6e57de60c47` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	31 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `64cd2352fc23c91fe8c05fd696ec62486e5383ca1fe8b67a7aa896a3c624434f` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	76 KB 76 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a5850616e81a1083429e862600597db59b3a5114291eae884ab2f9a7847dedc2` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://targ-kunden.cfd Referer Response headers Content-Type font/woff2
POST H/1.1	200 OK	online targ-kunden.cfd/user/	1 B 0	63ms 61ms	Fetch text/html	154.216.20.131 NETRESEARCH
General Check archive.org Show headers Download Go to Full URL https://targ-kunden.cfd/user/online Requested by Host: targ-kunden.cfd URL: https://targ-kunden.cfd/targobank/authentification/targo Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 154.216.20.131 Hong Kong, Hong Kong, ASN215240 (NETRESEARCH, GB), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Content-Type multipart/form-data; boundary=----WebKitFormBoundaryo3MKI7R8vJRtzNVm Referer https://targ-kunden.cfd/targobank/authentification/targo Response headers Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Connection Keep-Alive Expires Thu, 19 Nov 1981 08:52:00 GMT Content-Length 1 Keep-Alive timeout=5, max=96 Date Thu, 03 Oct 2024 01:23:03 GMT Content-Type text/html; charset=UTF-8 Server Apache/2.4.41 (Ubuntu)
POST H/1.1	200 OK	online targ-kunden.cfd/user/	1 B 0	68ms 67ms	Fetch text/html	154.216.20.131 NETRESEARCH
General Check archive.org Show headers Download Go to Full URL https://targ-kunden.cfd/user/online Requested by Host: targ-kunden.cfd URL: https://targ-kunden.cfd/targobank/authentification/targo Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 154.216.20.131 Hong Kong, Hong Kong, ASN215240 (NETRESEARCH, GB), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Content-Type multipart/form-data; boundary=----WebKitFormBoundaryL1pib0JABrKA8KqX Referer https://targ-kunden.cfd/targobank/authentification/targo Response headers Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Connection Keep-Alive Expires Thu, 19 Nov 1981 08:52:00 GMT Content-Length 1 Keep-Alive timeout=5, max=95 Date Thu, 03 Oct 2024 01:23:06 GMT Content-Type text/html; charset=UTF-8 Server Apache/2.4.41 (Ubuntu)
POST		online targ-kunden.cfd/user/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.targobank.de
URL: https://www.targobank.de/

Domain: www.targobank.de
URL: https://www.targobank.de/de/index.html

Domain: targ-kunden.cfd
URL: https://targ-kunden.cfd/user/online

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: targobank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| savepage_ShadowLoader

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			targ-kunden.cfd/	1969-12-31 23:59:59	Name: PHPSESSID Value: 3vmlu2gce794955ngs9631ckcf

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://targ-kunden.cfd/targobank/authentification/targo Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ip9uk39kv26rml8wjjruzg-on.drv.tw
ip9uk39kv26rml8wjjruzg.on.drv.tw
targ-kunden.cfd
www.targobank.de
targ-kunden.cfd
www.targobank.de
154.216.20.131
3.217.91.211
34.200.162.253
1aa3edd533940d94c1e417143713e5aaf22c2d269b0a205d611b770c6bb092c6
29091caa6f2374957c15476e14ef16bedead97eac46bf90fa6c55f371331fe99
2dd728523432b8b301641d20d109cb5486953cc99960eba828012e93523a53d8
3274993c2ccd9b85c3597b1e5d08288dadb9611210575b093c33274c9d3bc846
45f2967a362f767a414c279f114b8f6bd293f3ab07d3753fe9abdd4080408c1a
475d4aa3fbc311d30979535bec5e9922dec32caf59661567bf507235122a1015
520193756dc3b8619e8e9af04dbe84b623b41898ca5b1003399b6f8010f8eeb3
5a33fcbf0f406c9e9e767d66a1f43462b8391ffb8e8aaf8de53248a1510e37aa
64cd2352fc23c91fe8c05fd696ec62486e5383ca1fe8b67a7aa896a3c624434f
754235af94ace68ec407cdbdbcaab45f4baf868f32feb3ec0bca57adbc0c9193
8d7aa282fbd300ba3a583ecfba6178c37640f4f4d61f0c036898cf5a7aee6968
a5850616e81a1083429e862600597db59b3a5114291eae884ab2f9a7847dedc2
bbd961c93397bc450f406fc284d8dfe569c39a5cdcbb04c6c847d6e57de60c47
cfefc3d1e1fd30433488f4faf720e638f0567faeee99cec325f7fb726f40db66

targ-kunden.cfd Open in urlscan Pro 154.216.20.131 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

60 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

3 IPs

3 Countries

1447 kBTransfer

3530 kBSize

1 Cookies

21 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

targ-kunden.cfd Open in urlscan Pro
154.216.20.131 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

60 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

1447 kB
Transfer

3530 kB
Size

1
Cookies

10 HTTP transactions
10 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!