![](/screenshots/0a43f2cc-9dd9-49fa-a586-64e1b2e5fbc4.png)
de-sparkasse-datenabnahme.xyz
Open in
urlscan Pro
2606:4700:3034::6815:28a8
Malicious Activity!
Public Scan
Effective URL: https://de-sparkasse-datenabnahme.xyz/anmeldung.php?starten=0PNQIqGpU61Ck9zyHWcsTuB5Z7Vot4&shufflUri?=o9DOw82gdnBfNLk6uApY
Submission: On April 19 via api from HU — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on March 8th 2024. Valid for: 3 months.
This is the only time de-sparkasse-datenabnahme.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparkasse (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 209.145.49.186 209.145.49.186 | 40021 (NL-811-40021) (NL-811-40021) | |
1 1 | 172.67.196.63 172.67.196.63 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 2606:4700:303... 2606:4700:3034::6815:28a8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
16 | 172.67.187.115 172.67.187.115 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
17 | 2 |
ASN40021 (NL-811-40021, US)
PTR: server22.swiftlyserver.com
daytoyear.com |
ASN13335 (CLOUDFLARENET, US)
de-sparkasse-datenabnahme.xyz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
de-sparkasse-datenabnahme.xyz
1 redirects
de-sparkasse-datenabnahme.xyz |
891 KB |
1 |
wedlegal.xyz
1 redirects
wedlegal.xyz |
509 B |
1 |
daytoyear.com
1 redirects
daytoyear.com |
267 B |
17 | 3 |
Domain | Requested by | |
---|---|---|
18 | de-sparkasse-datenabnahme.xyz |
1 redirects
de-sparkasse-datenabnahme.xyz
|
1 | wedlegal.xyz | 1 redirects |
1 | daytoyear.com | 1 redirects |
17 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
module.foerde-sparkasse.de |
blog.foerde-sparkasse.de |
www.facebook.com |
twitter.com |
www.youtube.com |
www.xing.com |
www.tiktok.com |
termin.foerde-sparkasse.de |
www.studiale.de |
www.sparkassen-shop.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
de-sparkasse-datenabnahme.xyz GTS CA 1P5 |
2024-03-08 - 2024-06-06 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://de-sparkasse-datenabnahme.xyz/anmeldung.php?starten=0PNQIqGpU61Ck9zyHWcsTuB5Z7Vot4&shufflUri?=o9DOw82gdnBfNLk6uApY
Frame ID: 40B2830A1AEE807CDA405022C02265E2
Requests: 17 HTTP requests in this frame
Screenshot
![](/screenshots/0a43f2cc-9dd9-49fa-a586-64e1b2e5fbc4.png)
Page Title
Login Online-Banking | SparkassePage URL History Show full URLs
-
https://daytoyear.com/wzufgweiurtweidghiweufhzuwehfiuwegr.php
HTTP 302
https://wedlegal.xyz/zentra HTTP 307
https://de-sparkasse-datenabnahme.xyz/?s=u6hyo295ldt7eroyps1mgt6zjpvaukfs HTTP 302
https://de-sparkasse-datenabnahme.xyz/anmeldung.php?starten=0PNQIqGpU61Ck9zyHWcsTuB5Z7Vot4&shufflUri?=o9DOw82gdnBf... Page URL
Detected technologies
Detected patterns
- <div class="[^"]*parbase
Detected patterns
- \.php(?:$|\?)
Page Statistics
10 Outgoing links
These are links going to different origins than the main page.
Title: Podcast
Search URL Search Domain Scan URL
Title: Ihre Sparkasse hautnahBlog der Sparkasse
Search URL Search Domain Scan URL
Title: Facebook
Search URL Search Domain Scan URL
Title: Twitter
Search URL Search Domain Scan URL
Title: YouTube
Search URL Search Domain Scan URL
Title: Xing
Search URL Search Domain Scan URL
Title: TikTok
Search URL Search Domain Scan URL
Title: Beratungstermin vereinbaren
Search URL Search Domain Scan URL
Title: Studiale
Search URL Search Domain Scan URL
Title: Sparkassen-Shop
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://daytoyear.com/wzufgweiurtweidghiweufhzuwehfiuwegr.php
HTTP 302
https://wedlegal.xyz/zentra HTTP 307
https://de-sparkasse-datenabnahme.xyz/?s=u6hyo295ldt7eroyps1mgt6zjpvaukfs HTTP 302
https://de-sparkasse-datenabnahme.xyz/anmeldung.php?starten=0PNQIqGpU61Ck9zyHWcsTuB5Z7Vot4&shufflUri?=o9DOw82gdnBfNLk6uApY Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
anmeldung.php
de-sparkasse-datenabnahme.xyz/ Redirect Chain
|
60 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
internetfiliale.min.36ca8f1e347de7a03a31e002be3843c7.css
de-sparkasse-datenabnahme.xyz/src/ |
2 MB 185 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
internetfiliale.min.007ac3aaa8c7e77660499b0a77898638.js
de-sparkasse-datenabnahme.xyz/src/ |
612 KB 153 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_ini.svg
de-sparkasse-datenabnahme.xyz/src/ |
22 KB 9 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Bildmarke_S-Sparkasse_72px.svg
de-sparkasse-datenabnahme.xyz/src/ |
976 B 904 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1624599692487.png
de-sparkasse-datenabnahme.xyz/src/ |
81 KB 82 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1559285204680.jpg
de-sparkasse-datenabnahme.xyz/src/ |
49 KB 49 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
tdg
de-sparkasse-datenabnahme.xyz/src/ |
45 B 492 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
universal_analytics.min.fce01e1aa1583405fd3c179639d0bd13.js
de-sparkasse-datenabnahme.xyz/src/ |
77 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Sparkasse_web_Rg.woff
de-sparkasse-datenabnahme.xyz/src/fonts/ |
41 KB 41 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pictos-if.woff
de-sparkasse-datenabnahme.xyz/src/fonts/ |
204 KB 205 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Sparkasse_web_Md.woff
de-sparkasse-datenabnahme.xyz/src/fonts/ |
30 KB 31 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
SparkasseHead_web_Rg.woff
de-sparkasse-datenabnahme.xyz/src/fonts/ |
29 KB 30 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Sparkasse_web_Lt.woff
de-sparkasse-datenabnahme.xyz/src/fonts/ |
30 KB 30 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Sparkasse_web_Bd.woff
de-sparkasse-datenabnahme.xyz/src/fonts/ |
36 KB 37 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon1x.ico
de-sparkasse-datenabnahme.xyz/src/ |
1 KB 693 B |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon2x.png
de-sparkasse-datenabnahme.xyz/src/ |
298 B 778 B |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparkasse (Banking)33 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| IF6 function| getQueryParamValue string| IF6_lightbox_closeicon_text function| overlayShow function| overlayClose function| setSessionTimeout function| focusBankingFormularElement function| toggleClassInRows function| SLURI function| moveBContent object| ifLoginHeaderTimer function| refreshClientTimeout function| refreshServerTimeout undefined| startCountdownLayer function| showCountdownLayer function| updateHeaderLoginIfPresent function| tick function| countdownShow function| callBreakHtml object| nbfDatePicker object| nbfTanInput function| selectListBoxItem function| editTeaserRef function| pagenav_statistics_send function| pagenav_statistics function| pagenav_scroll function| pagenav_scroll_window function| $ function| jQuery object| myif object| IF boolean| bcarouselAttached boolean| mkp_switcher1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
de-sparkasse-datenabnahme.xyz/ | Name: PHPSESSID Value: frqv08ctd9kjr9j076hpibjnmd |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
daytoyear.com
de-sparkasse-datenabnahme.xyz
wedlegal.xyz
172.67.187.115
172.67.196.63
209.145.49.186
2606:4700:3034::6815:28a8
0953b37758ea0fe97892f833b84425dce3e3dee6419374cf439c373b0a159f2e
0e9eb66a1b33ae648ada3c56eb55fa149c4f1b88316b5a7255ca9b076740f451
25dd114c2f885924740de83597589835df1a394b84b1cf687585790462f95042
2b09bfaae201b4b85471fc79e4890ed850374b3751f3dbda255092b1740c4737
2ee73fd1898343f28de6ed91576db74c150e7f91fd9f6767ae1c52a503a4728a
56e9434317dee79ec08a0e26b77be2e4188fafa982f1e9b91d3103574f131b60
62cfb054088e29a0e576b434030c236c6101af0599e6f55cfe89b35a6186fba4
67284df54731fccb0b3c039cbeaab3474c057c5bc95accad964b13ef86eb1c8d
7771efb0493be3b72af4f72309fbcd3fc797ff5cb68411000809afb7906c2aa2
7bff2bf5fb283195a323aa0994f605e0710397955f82d54d8f4993993a5037d5
85ab3462e1b68b508a597e80ad0e5b8c9106b460978e5e9e259ddb8a554743ad
a9ef9d42dab6b5e3172ec15be7fa5605792b9cd28055eaa9efc29c91eb789da6
d57403a697fb7d9e5090e8958be0325c4ae6d09b72f6d67b9e2a666e6c6be335
e9b9f03e1a75cf22118a30e0503f346e8efb6859276d418e7d1a9a07f73f7002
eb726e7747d06812f1fd551161fb45b9aaa733f97e616eb1272ec9fc0501fa86
ee88f0851598c363b9b465dd2606efb934c3357aaed3274d0f4a2e6d40b86951
f4e07d2fb57dd99f228e0d5b6e4e7a8d051ae49bb9643d850ac10369a6158e35