ww-s-id-check.com Open in urlscan Pro
2606:4700:3035::ac43:c03b Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ww-s-id-check.com/
Effective URL:
https://ww-s-id-check.com/app/Kartennummer
Submission: On October 09 via manual (October 9th 2023, 8:04:50 am UTC) from IN — Scanned from DE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3035::ac43:c03b, located in United States and belongs to CLOUDFLARENET, US. The main domain is ww-s-id-check.com.
TLS certificate: Issued by GTS CA 1P5 on October 8th 2023. Valid for: 3 months.

This is the only time ww-s-id-check.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sparkasse (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3030::6815:4452	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 16	2606:4700:303... 2606:4700:3035::ac43:c03b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	1

1 2606:4700:3030::6815:4452 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ww-s-id-check.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2606:4700:3035::ac43:c03b (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

ww-s-id-check.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	ww-s-id-check.com 4 redirects ww-s-id-check.com	24 KB
13	1

	Domain	Requested by
17	ww-s-id-check.com	4 redirects ww-s-id-check.com
13	1

This site contains no links.

Subject Issuer	Validity	Valid
ww-s-id-check.com GTS CA 1P5	`2023-10-08` - `2024-01-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ww-s-id-check.com/app/Kartennummer
Frame ID: 9584D07736521EE8DB07548F1686B3E5
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

S-ID-CHECK

Page URL History Show full URLs

http://ww-s-id-check.com/ HTTP 301
https://ww-s-id-check.com/ HTTP 302
https://ww-s-id-check.com/app HTTP 301
https://ww-s-id-check.com/app/ HTTP 302
https://ww-s-id-check.com/app/Start Page URL
https://ww-s-id-check.com/app/Kartennummer Page URL

Page Statistics

13
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

22 kB
Transfer

24 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ww-s-id-check.com/ HTTP 301
https://ww-s-id-check.com/ HTTP 302
https://ww-s-id-check.com/app HTTP 301
https://ww-s-id-check.com/app/ HTTP 302
https://ww-s-id-check.com/app/Start Page URL
https://ww-s-id-check.com/app/Kartennummer Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://ww-s-id-check.com/ HTTP 301
https://ww-s-id-check.com/ HTTP 302
https://ww-s-id-check.com/app HTTP 301
https://ww-s-id-check.com/app/ HTTP 302
https://ww-s-id-check.com/app/Start

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Start Show response ww-s-id-check.com/app/ Redirect Chain http://ww-s-id-check.com/ https://ww-s-id-check.com/ https://ww-s-id-check.com/app https://ww-s-id-check.com/app/ https://ww-s-id-check.com/app/Start	798 B 969 B	174ms 174ms	Document text/html	2606:4700:3035::ac43:c03b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ww-s-id-check.com/app/Start Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c03b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4 Resource Hash `6ff12fd5fffdb9b1402fc2f3a9f87e1b8123934d17a5f7b205b14ea810293649` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 81351d5be9fb03dc-FRA content-encoding br content-type text/html; charset=UTF-8 date Mon, 09 Oct 2023 08:04:46 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache refresh 1; url=Kartennummer report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4gEtxo4zyQqfCIq2Xxk86rxf9Yk3d3YFnM31dv2gwrpnUGf%2FyybCwkGRCWv%2B9Y5cb%2BVUEEEJbL%2Fly5sYYxFlV0kIO7%2Bhj85Uv8IAaYZUc3As3Eelog%2FcVTuCjXYH%2FK9g3gICsJSSGpWzLn%2Be627yqw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/7.4 Redirect headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 81351d5ad9b992ad-FRA content-type text/html; charset=UTF-8 date Mon, 09 Oct 2023 08:04:46 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location Start nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5VdGOxAy9DCOmc6WVYZabo08sU1RYRclHyQVWAwmFk6MxXmQyRNe0LSuUIAwfuDTqGiCVSiveIiye22nlo5v8cqgj6br2fFZTYMlEMoE7XivNYEVEX3ujV81BXS5LCSKJLnyaRlCWeet5SbXgSh1Rg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4
GET H3	200	style.css ww-s-id-check.com/app/style/	5 KB 2 KB	72ms 71ms	Stylesheet text/css	2606:4700:3035::ac43:c03b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ww-s-id-check.com/app/style/style.css Requested by Host: ww-s-id-check.com URL: https://ww-s-id-check.com/app/Start Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c03b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b7caf4843a2627417a3929827647b923d1f42f9f03dbc9b4666cfe0ee7415c8b` Request headers accept-language de-DE,de;q=0.9 Referer https://ww-s-id-check.com/app/Start User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 08:04:46 GMT content-encoding br cf-cache-status REVALIDATED last-modified Sun, 08 Oct 2023 08:35:21 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xpQMOSngHR5MnfYYJl3U1EaN6DwfXhhmT4tt1qNRqFDwcewWu%2FKpaNlhNSUNpd012v0bROIjWabbOzphxToGN3ehC766Mw1AcBMtWjSaU6m%2BDGmMzn2BotoWe8yhOCHyjRBvMRj4MT30yBOl1Nui1Q%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 81351d5d0b9e03dc-FRA alt-svc h3=":443"; ma=86400 expires Mon, 09 Oct 2023 08:19:46 GMT
GET H3	200	control.js Show response ww-s-id-check.com/app/style/js/	333 B 656 B	71ms 70ms	Script application/javascript	2606:4700:3035::ac43:c03b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ww-s-id-check.com/app/style/js/control.js Requested by Host: ww-s-id-check.com URL: https://ww-s-id-check.com/app/Start Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c03b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `dac06351367826a2a698a474a13635540da692d94871eef537130c896a887ae7` Request headers accept-language de-DE,de;q=0.9 Referer https://ww-s-id-check.com/app/Start User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 08:04:46 GMT content-encoding br cf-cache-status REVALIDATED last-modified Sun, 08 Oct 2023 08:35:21 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xHTnOtu63fPrpwKwOkR0Ep1ICXsZ9pyT84gg4TvKjXRzbDbF5n9iD2IHs%2FfyscBfontlb6qjdOx4x%2FXIQDgzQhQ4h%2BJiOFj%2BE5JJ2uLLGLbHhrZbHO0Mx%2FEZZqJQo6VhFprSJSaE1aSlXUZNRuAE1Q%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 81351d5d0b9f03dc-FRA alt-svc h3=":443"; ma=86400 expires Mon, 09 Oct 2023 08:19:46 GMT
GET H3	200	logo.png ww-s-id-check.com/app/style/img/	12 KB 12 KB	72ms 71ms	Image image/png	2606:4700:3035::ac43:c03b CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ww-s-id-check.com/app/style/img/logo.png Requested by Host: ww-s-id-check.com URL: https://ww-s-id-check.com/app/style/style.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c03b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7651d5f01d2cbda0b58974026dc92e647f104c81c329efc784867f536a620b03` Request headers accept-language de-DE,de;q=0.9 Referer https://ww-s-id-check.com/app/style/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 08:04:46 GMT cf-cache-status REVALIDATED last-modified Sun, 08 Oct 2023 08:35:21 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L4%2Bb%2BLSpJrGrRXvlXYbniA%2F%2BAwf2N1hztMXD6Tfd3R8lFu9QkWLuPCKZo13NYdoDOvfOURC%2FQwO4C2RUUiSuSouzJ69Toqr2CENITVF2GVwJOGfBvIabfH6U%2FKT89bKHqdERD2Di1GlR0OSyFWUnwA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 81351d5d9c4503dc-FRA alt-svc h3=":443"; ma=86400 content-length 11821 expires Mon, 09 Oct 2023 08:19:46 GMT
GET H3	200	control.php Show response ww-s-id-check.com/app/	0 525 B	42ms 42ms	Fetch text/html	2606:4700:3035::ac43:c03b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ww-s-id-check.com/app/control.php Requested by Host: ww-s-id-check.com URL: https://ww-s-id-check.com/app/style/js/control.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c03b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://ww-s-id-check.com/app/Start User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers pragma no-cache date Mon, 09 Oct 2023 08:04:47 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CQ927Jw0X84E4jI0jtPoPHUnpAJZ7zjsXS0XRVCnP3b%2BmnNlXBnYLO4hODUx4uPajJjE5qSDtSziLr1HXwbYQ%2FJHwtaSpRs%2FSflikPuNJ%2F4zzf0kyUq6Q1AgsBtdkvsrqnat4cZgmKd24ztEz6GUkg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control no-store, no-cache, must-revalidate cf-ray 81351d63db7403dc-FRA alt-svc h3=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H3	200	Primary Request Kartennummer Show response ww-s-id-check.com/app/	1 KB 957 B	157ms 156ms	Document text/html	2606:4700:3035::ac43:c03b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ww-s-id-check.com/app/Kartennummer Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c03b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4 Resource Hash `788462f15073f8c7d48e2cdd641d3ff3b15af45f3b7c4c7dd0df0fa765066291` Request headers Referer https://ww-s-id-check.com/app/Start Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 81351d646c5b03dc-FRA content-encoding br content-type text/html; charset=UTF-8 date Mon, 09 Oct 2023 08:04:47 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EuP1TvojoAH4QfiR%2F56BoV%2FpFook5kGyMrzIBj85NUIQtPyeda3mM1JBpNSM4EuwU3TKkYIp6Wq7Q%2BXtzoPKXudqFTMqFglvwJDW29EXxAN1FzwgoOwr3NRo%2BBbk6zd3sICijyrzKUWPes6GFfuz3A%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/7.4
GET H3	200	style.css ww-s-id-check.com/app/style/	5 KB 2 KB	32ms 29ms	Stylesheet text/css	2606:4700:3035::ac43:c03b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ww-s-id-check.com/app/style/style.css Requested by Host: ww-s-id-check.com URL: https://ww-s-id-check.com/app/Kartennummer Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c03b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b7caf4843a2627417a3929827647b923d1f42f9f03dbc9b4666cfe0ee7415c8b` Request headers accept-language de-DE,de;q=0.9 Referer https://ww-s-id-check.com/app/Kartennummer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 08:04:47 GMT content-encoding br cf-cache-status HIT last-modified Sun, 08 Oct 2023 08:35:21 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 1 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NCde%2FN14Ldon0mPXztk7JBCtT2MaLdNfaCVLs69COeGBGkXit%2F%2Bq76F3MpPR5Nxnt06lwx%2Fvnnd7obr9qRgo%2BcswlviDuwY09GGAv1JeKVZ8F%2FD5mQO6Lqs4BYXu8v4EfadQzaXIUe6peBjnU%2FMLxA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 81351d656d8103dc-FRA alt-svc h3=":443"; ma=86400 expires Mon, 09 Oct 2023 08:19:46 GMT
GET H3	200	control.js Show response ww-s-id-check.com/app/style/js/	333 B 647 B	32ms 29ms	Script application/javascript	2606:4700:3035::ac43:c03b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ww-s-id-check.com/app/style/js/control.js Requested by Host: ww-s-id-check.com URL: https://ww-s-id-check.com/app/Kartennummer Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c03b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `dac06351367826a2a698a474a13635540da692d94871eef537130c896a887ae7` Request headers accept-language de-DE,de;q=0.9 Referer https://ww-s-id-check.com/app/Kartennummer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 08:04:47 GMT content-encoding br cf-cache-status HIT last-modified Sun, 08 Oct 2023 08:35:21 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 1 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sju%2BExyY0D1GpFgWCn2pF3RHviLfxTAMu8%2FCxHP5q1iVM0OCmX4h2Ilf8Dn4cyghg32Oe49UFmdGVVNlW9Jhec6nRvCGpQKnkj57JGQAobXOqtbsrHDvmpRGbKTTeKsqPrc%2FkQZslRMbH4LZ0PUbgg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 81351d656d8203dc-FRA alt-svc h3=":443"; ma=86400 expires Mon, 09 Oct 2023 08:19:46 GMT
GET H3	200	sanitizer.js Show response ww-s-id-check.com/app/style/js/	396 B 694 B	75ms 72ms	Script application/javascript	2606:4700:3035::ac43:c03b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ww-s-id-check.com/app/style/js/sanitizer.js Requested by Host: ww-s-id-check.com URL: https://ww-s-id-check.com/app/Kartennummer Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c03b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `dfda2e6b8c579fbb3ec48c96ecc617e3b5f49d0366dd1b3afc84e72814730e20` Request headers accept-language de-DE,de;q=0.9 Referer https://ww-s-id-check.com/app/Kartennummer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 08:04:47 GMT content-encoding br cf-cache-status REVALIDATED last-modified Sun, 08 Oct 2023 08:35:21 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VQ%2FpZfpWNIMRc5fNWcXvdZpFdBWkXR7sCMxJkP5FV61qaEB%2FF4S64fhRLVGytmQH6i6%2BABlyowZxVwevB%2FBRpzSCuNRlw0QPJ%2BuKrzkyrUTRe7Ux0osrzDcnZBZ6Plxt1QJnnwQX%2FGNIO7WkSS%2FTsw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 81351d656d8403dc-FRA alt-svc h3=":443"; ma=86400 expires Mon, 09 Oct 2023 08:19:47 GMT
GET H3	200	card.svg ww-s-id-check.com/app/style/img/	652 B 906 B	69ms 69ms	Image image/svg+xml	2606:4700:3035::ac43:c03b CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ww-s-id-check.com/app/style/img/card.svg Requested by Host: ww-s-id-check.com URL: https://ww-s-id-check.com/app/style/style.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c03b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f51854fd01980991114a4cb8d10a5160625c988473f872b32050419da7e61332` Request headers accept-language de-DE,de;q=0.9 Referer https://ww-s-id-check.com/app/style/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 08:04:47 GMT content-encoding br cf-cache-status REVALIDATED last-modified Sun, 08 Oct 2023 08:35:21 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3i1PGBNPfI3uYYhCIGNdR7j1U8pIeXOT3aeWfeBwvK3rZrPo588Rs1L8a71KKTgQuA8Xv74tOTZXWMIHGSwpsFTOgYlhpuR5VKRgDCEtAhrB9d8KQYr6ztoIIEEo1aFeIGqzihDrDto4vcnyvSgg%2BA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 81351d65bddf03dc-FRA alt-svc h3=":443"; ma=86400 expires Mon, 09 Oct 2023 08:19:47 GMT
GET H3	200	control.php Show response ww-s-id-check.com/app/	0 527 B	48ms 48ms	Fetch text/html	2606:4700:3035::ac43:c03b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ww-s-id-check.com/app/control.php Requested by Host: ww-s-id-check.com URL: https://ww-s-id-check.com/app/style/js/control.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c03b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://ww-s-id-check.com/app/Kartennummer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers pragma no-cache date Mon, 09 Oct 2023 08:04:48 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XEMRmHL1%2FmX5VXfIuQxg%2FneUN1rDlNDuGG9RXPFgPEVldUL6vt4X7UyxPlJwMnyY45YpNMwEZMyhyINaWP8HJvGORqCymgdopZuEbupjhQ3kbciRxTHnnAIp%2B9opgvATCMK3nY%2BgNw2GYR3vxErgag%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control no-store, no-cache, must-revalidate cf-ray 81351d6bdceb03dc-FRA alt-svc h3=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H3	200	control.php Show response ww-s-id-check.com/app/	0 525 B	44ms 44ms	Fetch text/html	2606:4700:3035::ac43:c03b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ww-s-id-check.com/app/control.php Requested by Host: ww-s-id-check.com URL: https://ww-s-id-check.com/app/style/js/control.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c03b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://ww-s-id-check.com/app/Kartennummer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers pragma no-cache date Mon, 09 Oct 2023 08:04:49 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7mzXQZBkkCppQ%2BFRF5oEX%2FezoXcYhmC5oHAF28QUiDK6OXOT9zBkrwXG0GyMNYwsO9ypYd6ttbFjn6AySAFA8V0lF%2BY1lFP6KPhFdGF5dQCwP50vKYyYZDphMqWA3paEnIFwbUcLNqq9S5KQxNr8wA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control no-store, no-cache, must-revalidate cf-ray 81351d721c0d03dc-FRA alt-svc h3=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H3	200	control.php Show response ww-s-id-check.com/app/	0 529 B	43ms 43ms	Fetch text/html	2606:4700:3035::ac43:c03b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ww-s-id-check.com/app/control.php Requested by Host: ww-s-id-check.com URL: https://ww-s-id-check.com/app/style/js/control.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:c03b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://ww-s-id-check.com/app/Kartennummer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers pragma no-cache date Mon, 09 Oct 2023 08:04:50 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BBdG6ftAMczIUEKZf3q3rGEbOmx5Vwxeg3imhlvCbwXref1N9uz3UCW%2FxLKSznDJZlIlQQTQZAhIMSvHyOih%2BM0%2Fg%2FPlZoRz970JZRPZ7cnBcuvs%2BRLHIR32y984wScaJnFqyhxMljbftsekt3a%2BlQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control no-store, no-cache, must-revalidate cf-ray 81351d785b1603dc-FRA alt-svc h3=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sparkasse (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| GetResponse function| sanitizer object| x

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ww-s-id-check.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: dfdcfeafdcf87394b0bf7e6f7089f0c8

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ww-s-id-check.com
2606:4700:3030::6815:4452
2606:4700:3035::ac43:c03b
6ff12fd5fffdb9b1402fc2f3a9f87e1b8123934d17a5f7b205b14ea810293649
7651d5f01d2cbda0b58974026dc92e647f104c81c329efc784867f536a620b03
788462f15073f8c7d48e2cdd641d3ff3b15af45f3b7c4c7dd0df0fa765066291
b7caf4843a2627417a3929827647b923d1f42f9f03dbc9b4666cfe0ee7415c8b
dac06351367826a2a698a474a13635540da692d94871eef537130c896a887ae7
dfda2e6b8c579fbb3ec48c96ecc617e3b5f49d0366dd1b3afc84e72814730e20
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f51854fd01980991114a4cb8d10a5160625c988473f872b32050419da7e61332

ww-s-id-check.com Open in urlscan Pro 2606:4700:3035::ac43:c03b Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

13 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

22 kBTransfer

24 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

ww-s-id-check.com Open in urlscan Pro
2606:4700:3035::ac43:c03b Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

22 kB
Transfer

24 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!