servpols.com
Open in
urlscan Pro
188.114.97.3
Malicious Activity!
Public Scan
Effective URL: http://servpols.com/postfach/?20230920055542
Submission: On September 20 via manual from DE — Scanned from NL
Summary
This is the only time servpols.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: targobank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 45.79.163.249 45.79.163.249 | 63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud) | |
1 18 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.185.138 142.250.185.138 | 15169 (GOOGLE) (GOOGLE) | |
2 | 142.250.185.195 142.250.185.195 | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.26.0.100 104.26.0.100 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 145.226.174.154 145.226.174.154 | 8255 (EURO-INFO...) (EURO-INFORMATION) | |
2 | 145.226.174.149 145.226.174.149 | 8255 (EURO-INFO...) (EURO-INFORMATION) | |
29 | 7 |
ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: rs9-nyc.serverhostgroup.com
sinapicorporate.com |
ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f10.1e100.net
ajax.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f3.1e100.net
www.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
servpols.com
2 redirects
servpols.com |
397 KB |
4 |
e-i.com
cdnii.e-i.com — Cisco Umbrella Rank: 768387 |
203 KB |
2 |
targobank.de
www.targobank.de — Cisco Umbrella Rank: 818449 |
2 KB |
2 |
gstatic.com
www.gstatic.com |
18 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 410 |
121 KB |
1 |
geojs.io
get.geojs.io — Cisco Umbrella Rank: 18575 |
683 B |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 720 |
83 KB |
1 |
sinapicorporate.com
1 redirects
sinapicorporate.com |
269 B |
1 |
sweedbuy.com
1 redirects
sweedbuy.com |
450 B |
29 | 9 |
Domain | Requested by | |
---|---|---|
19 | servpols.com |
2 redirects
servpols.com
|
4 | cdnii.e-i.com |
servpols.com
|
2 | www.targobank.de |
servpols.com
|
2 | www.gstatic.com |
servpols.com
|
2 | cdnjs.cloudflare.com |
servpols.com
|
1 | get.geojs.io |
servpols.com
|
1 | ajax.googleapis.com |
servpols.com
|
1 | sinapicorporate.com | 1 redirects |
1 | sweedbuy.com | 1 redirects |
29 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-09-04 - 2023-11-27 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-09-04 - 2023-11-27 |
3 months | crt.sh |
*.e-i.com GlobalSign RSA OV SSL CA 2018 |
2023-06-26 - 2024-07-27 |
a year | crt.sh |
*.targobank.de GlobalSign RSA OV SSL CA 2018 |
2023-05-11 - 2024-06-11 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
http://servpols.com/postfach/?20230920055542
Frame ID: 56E5D6AE3FC802A5CAC273C3CEEC75C2
Requests: 27 HTTP requests in this frame
Frame:
http://servpols.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/8370c0b3/main.js
Frame ID: FFC478F568666A261B715A78EBF1231F
Requests: 2 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://sweedbuy.com/9877680689894321/6430858216/mwhuhwqauvlc
HTTP 302
https://sinapicorporate.com/20230920115543/DS20230920115543 HTTP 302
https://servpols.com/postfach?20230920055542 HTTP 301
http://servpols.com/postfach/?20230920055542 Page URL
Detected technologies
Firebase (Databases) ExpandDetected patterns
- /firebasejs/([\d.]+)/firebase
UIKit (Web Frameworks) Expand
Detected patterns
- uikit.*\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://sweedbuy.com/9877680689894321/6430858216/mwhuhwqauvlc
HTTP 302
https://sinapicorporate.com/20230920115543/DS20230920115543 HTTP 302
https://servpols.com/postfach?20230920055542 HTTP 301
http://servpols.com/postfach/?20230920055542 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 26- http://servpols.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- http://servpols.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/8370c0b3/main.js
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
servpols.com/postfach/ Redirect Chain
|
19 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ei_base.css
servpols.com/postfach/assets/css/ |
735 KB 81 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ei_custom_identification.css
servpols.com/postfach/assets/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loginpage.css
servpols.com/postfach/assets/css/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
waiting.css
servpols.com/postfach/assets/css/ |
940 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uikit.js
cdnjs.cloudflare.com/ajax/libs/uikit/3.2.0/js/ |
334 KB 53 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/ |
274 KB 68 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ |
82 KB 83 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
firebase-app.js
www.gstatic.com/firebasejs/8.7.1/ |
21 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
firebase-analytics.js
www.gstatic.com/firebasejs/8.7.1/ |
35 KB 11 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
antiboot.js
servpols.com/postfach/assets/js/ |
9 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
country.js
servpols.com/postfach/assets/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
auth.js
servpols.com/postfach/assets/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.waiting.js
servpols.com/postfach/assets/js/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
validation.js
servpols.com/postfach/assets/js/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
servpols.com/postfach/assets/img/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
targobank_icon_white.svg
servpols.com/postfach/assets/img/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
country.json
get.geojs.io/v1/ip/ |
77 B 683 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
targobank_icon_white.svg
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.105.37/de/images/css/perso/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
circular--400--normal.woff2
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.105.37/commun/fonts/ |
59 KB 59 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-check.svg
www.targobank.de/de/html/svg/ |
614 B 990 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
service_online-sicherheit.jpg
servpols.com/postfach/assets/img/ |
74 KB 74 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-accordion-arrow-down-white.svg
www.targobank.de/de/html/svg/ |
622 B 924 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tan-verfahren.jpg
servpols.com/postfach/assets/img/ |
175 KB 176 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
banking-app-620x450.jpg
servpols.com/postfach/assets/img/ |
31 KB 32 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
circular--700--normal.woff2
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.105.37/commun/fonts/ |
66 KB 67 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fts_picto.woff2
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.105.37/commun/fonts/ |
76 KB 76 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
servpols.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/8370c0b3/ Frame FFC4 Redirect Chain
|
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
809931ceee643647
servpols.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame FFC4 |
0 828 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: targobank (Banking)47 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| UIkit function| $ function| jQuery object| firebase function| _0x3de411 function| _0x5c0073 function| _0x3f4c14 function| _0x4150 function| _0x54bb14 function| fetchip function| badip object| fruits function| _0x2fd6 function| containsAny function| loadFileAndPrintToConsole function| botAgent function| getUrlParameter function| _0xb8aa84 function| _0x9394 function| display_access_denied_error function| allow_whitelist_countries function| _0x2c9c function| _0xd52c52 function| _0x1602 function| _0x28223d function| _0x180705 function| _0x22e680 function| _0x15fb function| _0x5aa0fd function| _0x1280 function| _0xc685 function| _0x2e04de function| _0x474be0 function| _0x4ad54f function| _0x20ac6f function| _0x6f8a43 function| _0x2dc0 function| showsms function| isIdentOk number| countlog function| sendmeForm number| countsms function| _0x2769 function| sendsms function| _0x86e067 boolean| isMobile object| revealPasswordButton0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdnii.e-i.com
cdnjs.cloudflare.com
get.geojs.io
servpols.com
sinapicorporate.com
sweedbuy.com
www.gstatic.com
www.targobank.de
104.17.25.14
104.26.0.100
142.250.185.138
142.250.185.195
145.226.174.149
145.226.174.154
188.114.96.3
188.114.97.3
45.79.163.249
03b5861a76d3d1fd0e6075905645aa5fa1907591d90e2f08b1b0ffbbe1506957
1a86fc33ab36847f01b5b62e2139c4a7a9b1aea06969d19bfc7837f88a64af43
1aa3edd533940d94c1e417143713e5aaf22c2d269b0a205d611b770c6bb092c6
29091caa6f2374957c15476e14ef16bedead97eac46bf90fa6c55f371331fe99
302bd7d73b6afcfa4946ea0e524627bde1d86561fccf67a009080afeabdc73da
3f1c1e5ea358c2934442a5aa965c2336b5b631afcfbe7946ca6328817a2891b2
45f2967a362f767a414c279f114b8f6bd293f3ab07d3753fe9abdd4080408c1a
475d4aa3fbc311d30979535bec5e9922dec32caf59661567bf507235122a1015
5a33fcbf0f406c9e9e767d66a1f43462b8391ffb8e8aaf8de53248a1510e37aa
5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55
64cd2352fc23c91fe8c05fd696ec62486e5383ca1fe8b67a7aa896a3c624434f
754235af94ace68ec407cdbdbcaab45f4baf868f32feb3ec0bca57adbc0c9193
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
8ad5ffda5cb870d165f52baad443adae062bfbf48c3580739a7e1fa753370578
a5850616e81a1083429e862600597db59b3a5114291eae884ab2f9a7847dedc2
a91284ef94d09c5daa196df7c6fcc33baee63796915fe878b580a0e2aa3dda70
af20c5f6b76f74ea13a004f5ccda1af7410d1e8fe18b4650c433fb36bc2d598b
bb050cd781c5589bddee0e0ccea2ff40145dc051fa03bcafde3a217116d06ce7
bbd961c93397bc450f406fc284d8dfe569c39a5cdcbb04c6c847d6e57de60c47
cfefc3d1e1fd30433488f4faf720e638f0567faeee99cec325f7fb726f40db66
d404e01916636d8c76f737079392a2da123cf83c60ad3da1fc6fe44241db4e8b
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e376b4d5b71d75bf9e226e642dda173dec49b7c47d74a4ed38f0f7309152950e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1fd426e3ea36f51263e1f3156458d4170fd20ffcc85b5d1cf8736889665e17
f60a75108028d760d57b08e5690dbfb6b404ba06e9ff668abc3f9cc99f6952e4
f8269c15773d6f1d9dd269858f9745279aa778f4b595266ff18d14470e3048b3
faecc94423b6f1681ebd73286a0aa99e43cec755048d0b2fe6dd2e1d786dd5fb
fd06e05cb33c09a18fd5c171b34227047688a936099600ed197da59eb0514ff7