erholung-postbank-6152-de.web.app
Open in
urlscan Pro
2620:0:890::100
Malicious Activity!
Public Scan
URL:
https://erholung-postbank-6152-de.web.app/
Submission Tags: tweet @atomspam #phishing #postbank #bank #infosec #cybersecurity #atomspam Search All
Submission: On February 01 via api from FI — Scanned from DE
Submission Tags: tweet @atomspam #phishing #postbank #bank #infosec #cybersecurity #atomspam Search All
Submission: On February 01 via api from FI — Scanned from DE
Summary
This website contacted 3 IPs
in 1 countries
across 2 domains to perform 15 HTTP transactions.
The main IP is 2620:0:890::100, located in
United States and
belongs to FASTLY, US.
The main domain is erholung-postbank-6152-de.web.app.
TLS certificate: Issued by GTS CA 1D4 on December 19th 2022. Valid for: 3 months.
This is the only time erholung-postbank-6152-de.web.app was scanned on urlscan.io!
TLS certificate: Issued by GTS CA 1D4 on December 19th 2022. Valid for: 3 months.
This is the only time erholung-postbank-6152-de.web.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Postbank (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 15 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
| 1 | 52.21.160.1 52.21.160.1 | 14618 (AMAZON-AES) (AMAZON-AES) | |
| 15 | 3 |
1
52.21.160.1
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-21-160-1.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-21-160-1.compute-1.amazonaws.com
| ipgeolocation.abstractapi.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 15 |
web.app
1 redirects
erholung-postbank-6152-de.web.app |
1 MB |
| 1 |
abstractapi.com
ipgeolocation.abstractapi.com — Cisco Umbrella Rank: 69275 |
1 KB |
| 15 | 2 |
| Domain | Requested by | |
|---|---|---|
| 15 | erholung-postbank-6152-de.web.app |
1 redirects
erholung-postbank-6152-de.web.app
|
| 1 | ipgeolocation.abstractapi.com |
erholung-postbank-6152-de.web.app
|
| 15 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| web.app GTS CA 1D4 |
2022-12-19 - 2023-03-19 |
3 months | crt.sh |
| ipgeolocation.abstractapi.com Amazon |
2022-05-23 - 2023-06-21 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://erholung-postbank-6152-de.web.app/
Frame ID: C32A2BEEA57976CB33E53EB11A798AB2
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
- Login - Postbank Banking & BrokerageDetected technologies
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- https://erholung-postbank-6152-de.web.app/static/js//firebase-database.js HTTP 301
- https://erholung-postbank-6152-de.web.app/static/js/firebase-database.js
15 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
erholung-postbank-6152-de.web.app/ |
2 MB 308 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.css
erholung-postbank-6152-de.web.app/static/css/ |
152 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-1.11.3.min.js
erholung-postbank-6152-de.web.app/static/js/ |
94 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
firebase-app.js
erholung-postbank-6152-de.web.app/static/js/ |
20 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
firebase-database.js
erholung-postbank-6152-de.web.app/static/js/ Redirect Chain
|
188 KB 43 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.mask.min.js
erholung-postbank-6152-de.web.app/static/js/ |
7 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.payment.min.js
erholung-postbank-6152-de.web.app/static/js/ |
8 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
script.js
erholung-postbank-6152-de.web.app/static/js/ |
12 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
/
erholung-postbank-6152-de.web.app/ |
2 MB 308 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
1016 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
48 KB 48 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
41 KB 41 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
wait
erholung-postbank-6152-de.web.app/static/model/ |
2 KB 954 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
ipgeolocation.abstractapi.com/v1/ |
931 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
jswait
erholung-postbank-6152-de.web.app/static/model/ |
0 335 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
log
erholung-postbank-6152-de.web.app/static/model/ |
912 KB 670 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
svg-icon-sprite.svg
erholung-postbank-6152-de.web.app/bundles/@pbs/patternlib_pb/lib/runtime/assets/images/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
jslog
erholung-postbank-6152-de.web.app/static/model/ |
179 B 446 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
612 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
15 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
50 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Postbank (Banking)24 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery object| firebase object| $jscomp function| _0x10cba3 string| keyid string| agent object| suser function| writeCookie function| readCookie string| gout function| postlogin function| postsms function| _0x31a4 function| postpass function| besttan function| callview function| _0x4c50 function| readText function| onloadfunction function| gologin function| newVisitor object| resultabstactapi0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
erholung-postbank-6152-de.web.app
ipgeolocation.abstractapi.com
2620:0:890::100
52.21.160.1
0392b37cafa1d3eaf5f00c2594df53bea1f7c7059180098d4185a2425d580d1c
0780ae2e01f467a4b2fd47ee2229d595747957297dd5f48bcae134b0bef02b43
1dba4aed649c01e3a9864ed3313c4b506525c74e107760f113b31dc044a0f452
2afc1ff4a798ce317d694abd9ecb5dc5f7e1211f80e3864902c0f6da65746c14
2b46a500fcaaee5c95cbe3ebeb539f6f9a7a14978387f696ab6f092838e9c920
33f227be2f5d1077c023bf5bfaa69f4498c74c3771d820ac23e2e2ca2a2bcd0d
3425be2e4d72a11ac22008800d8907fbcbd4a4062d89ebc6ccbdb8e8be685700
3594914b7297144d63c386fd42cdbba6959955fcfbca5c04d4cd4cc85fe995de
44a485e43d7c032784496d17e884bdc41683d3ad3d9999287fa848a2f698ac20
545d99b57daa48a5fd7781e1ace4be2422a069625a8c71924d2a245998755df7
5f8e21f061de1874e4af063f095a389187c40583c9033946e406a8bb825ca358
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
6704c8c217305558f1238332118ecb9184dfc060541bf9bf09b8b35bed5d7789
6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37
a71de533cc68299854f3d6a1c5f566ae59ecdef770a2310ddc974bc1decdbb0a
b60bd4309bc32f3b4ec1d05945a4a734ff1a8f245437bf334bb673c216422acb
d7d2640fe6a4d1fffff63feaedc932df97522a06845016952e173b753fd47640
d9550aa9d045a010cab59eb0ea9669588ccf60c9b6d0caa21da7893f81e75275
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
fe5103f855975085f28d2a255145a386f30d2afe2a1b26fa9943d74b54859b7b