ww-s-id-check.com
Open in
urlscan Pro
2606:4700:3035::ac43:c03b
Malicious Activity!
Public Scan
Effective URL: https://ww-s-id-check.com/app/Kartennummer
Submission: On October 09 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on October 8th 2023. Valid for: 3 months.
This is the only time ww-s-id-check.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparkasse (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3030::6815:4452 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 16 | 2606:4700:303... 2606:4700:3035::ac43:c03b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
13 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
ww-s-id-check.com
4 redirects
ww-s-id-check.com |
24 KB |
13 | 1 |
Domain | Requested by | |
---|---|---|
17 | ww-s-id-check.com |
4 redirects
ww-s-id-check.com
|
13 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ww-s-id-check.com GTS CA 1P5 |
2023-10-08 - 2024-01-06 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ww-s-id-check.com/app/Kartennummer
Frame ID: 9584D07736521EE8DB07548F1686B3E5
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
S-ID-CHECKPage URL History Show full URLs
-
http://ww-s-id-check.com/
HTTP 301
https://ww-s-id-check.com/ HTTP 302
https://ww-s-id-check.com/app HTTP 301
https://ww-s-id-check.com/app/ HTTP 302
https://ww-s-id-check.com/app/Start Page URL
- https://ww-s-id-check.com/app/Kartennummer Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://ww-s-id-check.com/
HTTP 301
https://ww-s-id-check.com/ HTTP 302
https://ww-s-id-check.com/app HTTP 301
https://ww-s-id-check.com/app/ HTTP 302
https://ww-s-id-check.com/app/Start Page URL
- https://ww-s-id-check.com/app/Kartennummer Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://ww-s-id-check.com/ HTTP 301
- https://ww-s-id-check.com/ HTTP 302
- https://ww-s-id-check.com/app HTTP 301
- https://ww-s-id-check.com/app/ HTTP 302
- https://ww-s-id-check.com/app/Start
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Start
ww-s-id-check.com/app/ Redirect Chain
|
798 B 969 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
ww-s-id-check.com/app/style/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
control.js
ww-s-id-check.com/app/style/js/ |
333 B 656 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.png
ww-s-id-check.com/app/style/img/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
control.php
ww-s-id-check.com/app/ |
0 525 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
Kartennummer
ww-s-id-check.com/app/ |
1 KB 957 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
ww-s-id-check.com/app/style/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
control.js
ww-s-id-check.com/app/style/js/ |
333 B 647 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sanitizer.js
ww-s-id-check.com/app/style/js/ |
396 B 694 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
card.svg
ww-s-id-check.com/app/style/img/ |
652 B 906 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
control.php
ww-s-id-check.com/app/ |
0 527 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
control.php
ww-s-id-check.com/app/ |
0 525 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
control.php
ww-s-id-check.com/app/ |
0 529 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparkasse (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| GetResponse function| sanitizer object| x1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ww-s-id-check.com/ | Name: PHPSESSID Value: dfdcfeafdcf87394b0bf7e6f7089f0c8 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ww-s-id-check.com
2606:4700:3030::6815:4452
2606:4700:3035::ac43:c03b
6ff12fd5fffdb9b1402fc2f3a9f87e1b8123934d17a5f7b205b14ea810293649
7651d5f01d2cbda0b58974026dc92e647f104c81c329efc784867f536a620b03
788462f15073f8c7d48e2cdd641d3ff3b15af45f3b7c4c7dd0df0fa765066291
b7caf4843a2627417a3929827647b923d1f42f9f03dbc9b4666cfe0ee7415c8b
dac06351367826a2a698a474a13635540da692d94871eef537130c896a887ae7
dfda2e6b8c579fbb3ec48c96ecc617e3b5f49d0366dd1b3afc84e72814730e20
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f51854fd01980991114a4cb8d10a5160625c988473f872b32050419da7e61332