www.takekerr.com
Open in
urlscan Pro
89.46.105.78
Malicious Activity!
Public Scan
Effective URL: https://www.takekerr.com/-/at/
Submission: On March 03 via api from US
Summary
TLS certificate: Issued by Actalis Domain Validation Server CA G2 on April 15th 2019. Valid for: a year.
This is the only time www.takekerr.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparkasse (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2a00:1450:400... 2a00:1450:4001:821::2001 | 15169 (GOOGLE) (GOOGLE) | |
1 | 89.46.105.78 89.46.105.78 | 31034 (ARUBA-ASN) (ARUBA-ASN) | |
1 | 2a00:1450:400... 2a00:1450:4001:820::2009 | 15169 (GOOGLE) (GOOGLE) | |
7 | 213.150.6.28 213.150.6.28 | 12895 (IT-AUSTRI...) (IT-AUSTRIA Vienna) | |
2 2 | 2a00:1450:400... 2a00:1450:4001:809::2001 | 15169 (GOOGLE) (GOOGLE) | |
2 2 | 2a00:1450:400... 2a00:1450:4001:815::200e | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:80b::200d | 15169 (GOOGLE) (GOOGLE) | |
19 | 6 |
ASN15169 (GOOGLE, US)
erstegbnkgrp2.blogspot.com |
ASN12895 (IT-AUSTRIA Vienna, Austria, AT)
PTR: login.sparkasse.at
login.sparkasse.at |
ASN15169 (GOOGLE, US)
lh3.googleusercontent.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
sparkasse.at
login.sparkasse.at |
106 KB |
4 |
google.com
2 redirects
lh3.google.com accounts.google.com |
300 B |
2 |
googleusercontent.com
2 redirects
lh3.googleusercontent.com |
438 B |
2 |
blogspot.com
erstegbnkgrp2.blogspot.com |
6 KB |
1 |
blogger.com
www.blogger.com |
52 KB |
1 |
takekerr.com
www.takekerr.com Failed |
73 KB |
19 | 6 |
Domain | Requested by | |
---|---|---|
7 | login.sparkasse.at |
www.takekerr.com
|
2 | accounts.google.com |
www.takekerr.com
|
2 | lh3.google.com | 2 redirects |
2 | lh3.googleusercontent.com | 2 redirects |
2 | erstegbnkgrp2.blogspot.com |
erstegbnkgrp2.blogspot.com
|
1 | www.blogger.com |
erstegbnkgrp2.blogspot.com
|
1 | www.takekerr.com |
erstegbnkgrp2.blogspot.com
|
19 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
kine.centre-belge.com |
login.sparkasse.at |
www.sparkasse.at |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.googleusercontent.com GTS CA 1O1 |
2020-02-12 - 2020-05-06 |
3 months | crt.sh |
*.takekerr.com Actalis Domain Validation Server CA G2 |
2019-04-15 - 2020-07-15 |
a year | crt.sh |
*.blogger.com GTS CA 1O1 |
2020-02-12 - 2020-05-06 |
3 months | crt.sh |
login.sparkasse.at DigiCert SHA2 Extended Validation Server CA |
2019-05-13 - 2020-05-20 |
a year | crt.sh |
accounts.google.com GTS CA 1O1 |
2020-02-12 - 2020-05-06 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.takekerr.com/-/at/
Frame ID: 017A5F9ECFEC16A3E87D4000D0099AF9
Requests: 23 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://erstegbnkgrp2.blogspot.com/SEDRRFMFMFKD Page URL
- https://www.takekerr.com/-/at/ Page URL
Detected technologies
Blogger (Blogs) ExpandDetected patterns
- url /^https?:\/\/[^\/]+\.blogspot\.com/i
Python (Programming Languages) Expand
Detected patterns
- url /^https?:\/\/[^\/]+\.blogspot\.com/i
Java (Programming Languages) Expand
Detected patterns
- headers server /GSE/i
OpenGSE (Web Servers) Expand
Detected patterns
- headers server /GSE/i
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Impressum
Search URL Search Domain Scan URL
Title: Datenschutz
Search URL Search Domain Scan URL
Title: Geschäftsbedingungen
Search URL Search Domain Scan URL
Title: Service & Kontakt
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://erstegbnkgrp2.blogspot.com/SEDRRFMFMFKD Page URL
- https://www.takekerr.com/-/at/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 8- https://lh3.googleusercontent.com/vNzB1Lu0Yeywf18F8c9Mm_OOSktIUnAkP4zxiQQUqBivpO4EJ8GakzRwkMoMreMCfubyLb2XvSZwe2_BQKb-m6yL2yCpLbKbN3Lj0KiiBv2geR0vGkC7bGGwMpPin0lvu8XDx9fA3dLfai3Zn77sRn5h7oM45qJZ2XYuj2Oc0PZ_s5m_ltEtogGEDeBYuAJzTwg5mP-vopkmWiPyMPurD8PXnVLlBxDI65EJmowNNL7FqxD2bnpTzZOza6SYdOxq0vP0N_rLQExjxaCTaG3n84hbhBXHGH8EOC77Y4JYUA1e0mhj0ggkS6D4fMuMGYc3ZWr7g1W__qEB4mL1BHC4paOIfBZ6qfb3kO0M5Lm6zaNPLiXovp9rZFrQ2e5lzxlKBec2fu2oMcZScUz_dk4BczHGnmxtwubaZInW0J83Ald6htwwxtA5IG5QTimvqsGSoZCPdtz9EeytX67n0TLro0gXaN5_-xp8gMKj6_YQKcrPiMXdPKOw3JRG7Z-JHDHBvXwT0PtWmDVffy5SgDufZ5aI3kgVelhaex5VKpx3HVRfkSRYZzgaXnwxSWv-Now9xq3ZRBGwU9UU7oWQxqSQTZE1930uj2FWTJm2ahTTiUnf5Jk=s1-no HTTP 302
- https://lh3.google.com/Av4mmqfROkx20IGerHXKbZzBqNq-OfPcLU8osY25m10dILTuMQinGfa0RUuj3W9J_F4QKp-gY44=s1-no HTTP 302
- https://accounts.google.com/ServiceLogin?continue=https://lh3.google.com/Av4mmqfROkx20IGerHXKbZzBqNq-OfPcLU8osY25m10dILTuMQinGfa0RUuj3W9J_F4QKp-gY44%3Ds1-no&hl=en
- https://lh3.googleusercontent.com/vNzB1Lu0Yeywf18F8c9Mm_OOSktIUnAkP4zxiQQUqBivpO4EJ8GakzRwkMoMreMCfubyLb2XvSZwe2_BQKb-m6yL2yCpLbKbN3Lj0KiiBv2geR0vGkC7bGGwMpPin0lvu8XDx9fA3dLfai3Zn77sRn5h7oM45qJZ2XYuj2Oc0PZ_s5m_ltEtogGEDeBYuAJzTwg5mP-vopkmWiPyMPurD8PXnVLlBxDI65EJmowNNL7FqxD2bnpTzZOza6SYdOxq0vP0N_rLQExjxaCTaG3n84hbhBXHGH8EOC77Y4JYUA1e0mhj0ggkS6D4fMuMGYc3ZWr7g1W__qEB4mL1BHC4paOIfBZ6qfb3kO0M5Lm6zaNPLiXovp9rZFrQ2e5lzxlKBec2fu2oMcZScUz_dk4BczHGnmxtwubaZInW0J83Ald6htwwxtA5IG5QTimvqsGSoZCPdtz9EeytX67n0TLro0gXaN5_-xp8gMKj6_YQKcrPiMXdPKOw3JRG7Z-JHDHBvXwT0PtWmDVffy5SgDufZ5aI3kgVelhaex5VKpx3HVRfkSRYZzgaXnwxSWv-Now9xq3ZRBGwU9UU7oWQxqSQTZE1930uj2FWTJm2ahTTiUnf5Jk=s1-no HTTP 302
- https://lh3.google.com/Av4mmqfROkx20IGerHXKbZzBqNq-OfPcLU8osY25m10dILTuMQinGfa0RUuj3W9J_F4QKp-gY44=s1-no HTTP 302
- https://accounts.google.com/ServiceLogin?continue=https://lh3.google.com/Av4mmqfROkx20IGerHXKbZzBqNq-OfPcLU8osY25m10dILTuMQinGfa0RUuj3W9J_F4QKp-gY44%3Ds1-no&hl=en
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
SEDRRFMFMFKD
erstegbnkgrp2.blogspot.com/ |
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
www.takekerr.com/-/at/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
www.takekerr.com/-/at/ |
312 KB 73 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cookienotice.js
erstegbnkgrp2.blogspot.com/js/ |
6 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3637848364-widgets.js
www.blogger.com/static/v1/widgets/ |
140 KB 52 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MrzQfuEGGBFphCI.css
login.sparkasse.at/ |
159 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lib.css
login.sparkasse.at/sts/styles/ |
92 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
7374732f6f617574682f617574686f72697a65.js
login.sparkasse.at/KfE1bB30fy/ |
30 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0819247478ab180049e95fdbc301d15b2a0f416a1eb5610e1990f46ce427bb42.js
login.sparkasse.at/9ig6dOujn/ |
0 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ServiceLogin
accounts.google.com/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Doppel-Logo_o_Claim.svg
login.sparkasse.at/sts/images/logos/ |
6 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
George-symbol.svg
login.sparkasse.at/sts/images/clients/ |
915 B 938 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bankcard.gif
login.sparkasse.at/sts/images/ |
49 KB 50 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
68 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ServiceLogin
accounts.google.com/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
900 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
erstewf-bold-webfont.woff
login.sparkasse.at/sts/styles/DST_ErsteWeb/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
erstewf-book-webfont.woff
login.sparkasse.at/sts/styles/DST_ErsteWeb/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
erstewf-bold-webfont.ttf
login.sparkasse.at/sts/styles/DST_ErsteWeb/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
erstewf-book-webfont.ttf
login.sparkasse.at/sts/styles/DST_ErsteWeb/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
login.sparkasse.at/Q2wS57y/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.takekerr.com
- URL
- https://www.takekerr.com/-/at/
- Domain
- login.sparkasse.at
- URL
- https://login.sparkasse.at/sts/styles/DST_ErsteWeb/erstewf-bold-webfont.woff
- Domain
- login.sparkasse.at
- URL
- https://login.sparkasse.at/sts/styles/DST_ErsteWeb/erstewf-book-webfont.woff
- Domain
- login.sparkasse.at
- URL
- https://login.sparkasse.at/sts/styles/DST_ErsteWeb/erstewf-bold-webfont.ttf
- Domain
- login.sparkasse.at
- URL
- https://login.sparkasse.at/sts/styles/DST_ErsteWeb/erstewf-book-webfont.ttf
- Domain
- login.sparkasse.at
- URL
- https://login.sparkasse.at/Q2wS57y/?m=4056e4967d485fabd6f44f5c30e562d8b7c6d3397cfd59d57d5554701d9543136f9fec150c2394a8ce0669444a07ca112452954bb5d43b0ea9b8bf31f12133ede59a916aefd0a6e6f34836f45afb4f99064ce16678976403a83004d365c44ee76d6c7dfe0376ed5477eb265400c6e85f2e0f5711f909ef15c5693d5b47f37eb161181ed3b206a82362ae23d2bf82628940d0eec6ad3996ea6a67339d9b12143fb0be4419e93127caafe79750
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparkasse (Banking)124 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| keepalive function| setupKeepaliveInterval number| FLIP_ICON_HEIGHT undefined| myWindow function| sumNumbers function| doRwd function| calcCol2Height function| calcVisibleWhiteboxHeight function| centerpage function| confirmmsg function| windowtracker function| $ function| jQuery function| Arcfour function| ARC4init function| ARC4next function| prng_newstate number| rng_psize undefined| rng_state object| rng_pool number| rng_pptr function| rng_seed_int function| rng_seed_time number| t object| ua undefined| z function| rng_get_byte function| rng_get_bytes function| SecureRandom number| dbits number| canary boolean| j_lm function| BigInteger function| nbi function| am1 function| am2 function| am3 number| BI_FP string| BI_RM object| BI_RC number| rr number| vv function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| parseBigInt function| linebrk function| byte2Hex function| pkcs1pad2 function| RSAKey function| RSASetPublic function| RSADoPublic function| RSAEncrypt object| reWhiteSpace function| Utf8Encode function| htmlToJsConversion function| nbalert function| setFldFocus function| isWhiteSpace function| isEmpty function| doDisableSpecifiedForm function| doSubmitAndDisable function| jsxEncrypt function| encodeToHex object| STS function| setFocus function| displayError function| checkUser function| checkPwd number| totalEncryptAttempts function| disableInputField function| disableInputFields function| validateMac function| encodeForHtmlAttribute function| validateMacRetry function| submitCredentials function| submitSecret function| submitCancelLoginForm undefined| ie9rgb4 boolean| QyiU string| anti_fraud object| _I boolean| rEbn boolean| bLauNCTx boolean| Tpimob object| input object| username1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.takekerr.com/ | Name: PHPSESSID Value: pvjej20rftqpon1qjd7g76lhp6 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.google.com
erstegbnkgrp2.blogspot.com
lh3.google.com
lh3.googleusercontent.com
login.sparkasse.at
www.blogger.com
www.takekerr.com
login.sparkasse.at
www.takekerr.com
213.150.6.28
2a00:1450:4001:809::2001
2a00:1450:4001:80b::200d
2a00:1450:4001:815::200e
2a00:1450:4001:820::2009
2a00:1450:4001:821::2001
89.46.105.78
04cf169a10f64a9ce6b5650e37e047651690b18b238e1f431636aa292d6fb600
2ef681aee9a74dbdb418977f24a8b0c06e8af55f5331df472fce382249f5a161
48c24fd8fb19b02949a64918eb768e58dbe70210ad7de1f7f78dfc0052dfde82
629f975acc4c94a610a6cd9527e6479491e03365c5688267c4eb2ed64ae9c710
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
98b13c2779fba099ace16741cb262a599faa57884b9a171af7d1f4c6ca08eddb
ac46b34d79ab1942b00cfcf903cf75e0e2ed9f354ed493a2cf7d5fa0d85c569b
b0f484443bd01c61cebbfb1c3abe4a253e3a0c314150025521712fefc3284224
b3254effbb2ddf0613b19e4d33cb8348aad07c31576ba096c29bddd514695e3c
b8bb52fdbcbdc0b034daee432a3eb2f3232cb0ba16a3eb527bae55cdbc4aaa96
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f3b3281d0835b4a5f3aac83d62861db22969cc2b17f4226401a010d6e6536e26
fcefa276f4f9af1acd48ef626f2c53be9990253a7498d22bae50689baa834af7