Submitted URL: https://erstegbnkgrp2.blogspot.com/SEDRRFMFMFKD
Effective URL: https://www.takekerr.com/-/at/
Submission: On March 03 via api from US

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 19 HTTP transactions. The main IP is 89.46.105.78, located in Arezzo, Italy and belongs to ARUBA-ASN, IT. The main domain is www.takekerr.com.
TLS certificate: Issued by Actalis Domain Validation Server CA G2 on April 15th 2019. Valid for: a year.
This is the only time www.takekerr.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sparkasse (Banking)

Domain & IP information

IP Address AS Autonomous System
2 2a00:1450:400... 15169 (GOOGLE)
1 89.46.105.78 31034 (ARUBA-ASN)
1 2a00:1450:400... 15169 (GOOGLE)
7 213.150.6.28 12895 (IT-AUSTRI...)
2 2 2a00:1450:400... 15169 (GOOGLE)
2 2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
19 6
Domain Requested by
7 login.sparkasse.at www.takekerr.com
2 accounts.google.com www.takekerr.com
2 lh3.google.com 2 redirects
2 lh3.googleusercontent.com 2 redirects
2 erstegbnkgrp2.blogspot.com erstegbnkgrp2.blogspot.com
1 www.blogger.com erstegbnkgrp2.blogspot.com
1 www.takekerr.com erstegbnkgrp2.blogspot.com
19 7

This site contains links to these domains. Also see Links.

Domain
kine.centre-belge.com
login.sparkasse.at
www.sparkasse.at
Subject Issuer Validity Valid
*.googleusercontent.com
GTS CA 1O1
2020-02-12 -
2020-05-06
3 months crt.sh
*.takekerr.com
Actalis Domain Validation Server CA G2
2019-04-15 -
2020-07-15
a year crt.sh
*.blogger.com
GTS CA 1O1
2020-02-12 -
2020-05-06
3 months crt.sh
login.sparkasse.at
DigiCert SHA2 Extended Validation Server CA
2019-05-13 -
2020-05-20
a year crt.sh
accounts.google.com
GTS CA 1O1
2020-02-12 -
2020-05-06
3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.takekerr.com/-/at/
Frame ID: 017A5F9ECFEC16A3E87D4000D0099AF9
Requests: 23 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://erstegbnkgrp2.blogspot.com/SEDRRFMFMFKD Page URL
  2. https://www.takekerr.com/-/at/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /^https?:\/\/[^\/]+\.blogspot\.com/i

Overall confidence: 100%
Detected patterns
  • url /^https?:\/\/[^\/]+\.blogspot\.com/i

Overall confidence: 100%
Detected patterns
  • headers server /GSE/i

Overall confidence: 100%
Detected patterns
  • headers server /GSE/i

Page Statistics

19
Requests

68 %
HTTPS

71 %
IPv6

6
Domains

7
Subdomains

6
IPs

3
Countries

236 kB
Transfer

657 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://erstegbnkgrp2.blogspot.com/SEDRRFMFMFKD Page URL
  2. https://www.takekerr.com/-/at/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • https://lh3.googleusercontent.com/vNzB1Lu0Yeywf18F8c9Mm_OOSktIUnAkP4zxiQQUqBivpO4EJ8GakzRwkMoMreMCfubyLb2XvSZwe2_BQKb-m6yL2yCpLbKbN3Lj0KiiBv2geR0vGkC7bGGwMpPin0lvu8XDx9fA3dLfai3Zn77sRn5h7oM45qJZ2XYuj2Oc0PZ_s5m_ltEtogGEDeBYuAJzTwg5mP-vopkmWiPyMPurD8PXnVLlBxDI65EJmowNNL7FqxD2bnpTzZOza6SYdOxq0vP0N_rLQExjxaCTaG3n84hbhBXHGH8EOC77Y4JYUA1e0mhj0ggkS6D4fMuMGYc3ZWr7g1W__qEB4mL1BHC4paOIfBZ6qfb3kO0M5Lm6zaNPLiXovp9rZFrQ2e5lzxlKBec2fu2oMcZScUz_dk4BczHGnmxtwubaZInW0J83Ald6htwwxtA5IG5QTimvqsGSoZCPdtz9EeytX67n0TLro0gXaN5_-xp8gMKj6_YQKcrPiMXdPKOw3JRG7Z-JHDHBvXwT0PtWmDVffy5SgDufZ5aI3kgVelhaex5VKpx3HVRfkSRYZzgaXnwxSWv-Now9xq3ZRBGwU9UU7oWQxqSQTZE1930uj2FWTJm2ahTTiUnf5Jk=s1-no HTTP 302
  • https://lh3.google.com/Av4mmqfROkx20IGerHXKbZzBqNq-OfPcLU8osY25m10dILTuMQinGfa0RUuj3W9J_F4QKp-gY44=s1-no HTTP 302
  • https://accounts.google.com/ServiceLogin?continue=https://lh3.google.com/Av4mmqfROkx20IGerHXKbZzBqNq-OfPcLU8osY25m10dILTuMQinGfa0RUuj3W9J_F4QKp-gY44%3Ds1-no&hl=en
Request Chain 13
  • https://lh3.googleusercontent.com/vNzB1Lu0Yeywf18F8c9Mm_OOSktIUnAkP4zxiQQUqBivpO4EJ8GakzRwkMoMreMCfubyLb2XvSZwe2_BQKb-m6yL2yCpLbKbN3Lj0KiiBv2geR0vGkC7bGGwMpPin0lvu8XDx9fA3dLfai3Zn77sRn5h7oM45qJZ2XYuj2Oc0PZ_s5m_ltEtogGEDeBYuAJzTwg5mP-vopkmWiPyMPurD8PXnVLlBxDI65EJmowNNL7FqxD2bnpTzZOza6SYdOxq0vP0N_rLQExjxaCTaG3n84hbhBXHGH8EOC77Y4JYUA1e0mhj0ggkS6D4fMuMGYc3ZWr7g1W__qEB4mL1BHC4paOIfBZ6qfb3kO0M5Lm6zaNPLiXovp9rZFrQ2e5lzxlKBec2fu2oMcZScUz_dk4BczHGnmxtwubaZInW0J83Ald6htwwxtA5IG5QTimvqsGSoZCPdtz9EeytX67n0TLro0gXaN5_-xp8gMKj6_YQKcrPiMXdPKOw3JRG7Z-JHDHBvXwT0PtWmDVffy5SgDufZ5aI3kgVelhaex5VKpx3HVRfkSRYZzgaXnwxSWv-Now9xq3ZRBGwU9UU7oWQxqSQTZE1930uj2FWTJm2ahTTiUnf5Jk=s1-no HTTP 302
  • https://lh3.google.com/Av4mmqfROkx20IGerHXKbZzBqNq-OfPcLU8osY25m10dILTuMQinGfa0RUuj3W9J_F4QKp-gY44=s1-no HTTP 302
  • https://accounts.google.com/ServiceLogin?continue=https://lh3.google.com/Av4mmqfROkx20IGerHXKbZzBqNq-OfPcLU8osY25m10dILTuMQinGfa0RUuj3W9J_F4QKp-gY44%3Ds1-no&hl=en

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
SEDRRFMFMFKD
erstegbnkgrp2.blogspot.com/
8 KB
3 KB
Document
General
Full URL
https://erstegbnkgrp2.blogspot.com/SEDRRFMFMFKD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
629f975acc4c94a610a6cd9527e6479491e03365c5688267c4eb2ed64ae9c710
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
erstegbnkgrp2.blogspot.com
:scheme
https
:path
/SEDRRFMFMFKD
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

status
404
content-type
text/html; charset=UTF-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Tue, 03 Mar 2020 15:48:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
3207
server
GSE
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
/
www.takekerr.com/-/at/
0
0

Primary Request /
www.takekerr.com/-/at/
312 KB
73 KB
Document
General
Full URL
https://www.takekerr.com/-/at/
Requested by
Host: erstegbnkgrp2.blogspot.com
URL: https://erstegbnkgrp2.blogspot.com/SEDRRFMFMFKD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
89.46.105.78 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS
webx1109.aruba.it
Software
aruba-proxy /
Resource Hash
f3b3281d0835b4a5f3aac83d62861db22969cc2b17f4226401a010d6e6536e26

Request headers

:method
GET
:authority
www.takekerr.com
:scheme
https
:path
/-/at/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://erstegbnkgrp2.blogspot.com/SEDRRFMFMFKD
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://erstegbnkgrp2.blogspot.com/SEDRRFMFMFKD

Response headers

status
200
server
aruba-proxy
date
Tue, 03 Mar 2020 15:48:30 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
set-cookie
PHPSESSID=pvjej20rftqpon1qjd7g76lhp6; path=/
x-servername
ipvsproxy54.ad.aruba.it
content-encoding
gzip
cookienotice.js
erstegbnkgrp2.blogspot.com/js/
6 KB
2 KB
Script
General
Full URL
https://erstegbnkgrp2.blogspot.com/js/cookienotice.js
Requested by
Host: erstegbnkgrp2.blogspot.com
URL: https://erstegbnkgrp2.blogspot.com/SEDRRFMFMFKD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://erstegbnkgrp2.blogspot.com/SEDRRFMFMFKD
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 03 Mar 2020 15:47:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 03 Mar 2020 11:17:22 GMT
server
sffe
age
73
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
2026
x-xss-protection
0
expires
Tue, 10 Mar 2020 15:47:16 GMT
3637848364-widgets.js
www.blogger.com/static/v1/widgets/
140 KB
52 KB
Script
General
Full URL
https://www.blogger.com/static/v1/widgets/3637848364-widgets.js
Requested by
Host: erstegbnkgrp2.blogspot.com
URL: https://erstegbnkgrp2.blogspot.com/SEDRRFMFMFKD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://erstegbnkgrp2.blogspot.com/SEDRRFMFMFKD
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 03 Mar 2020 14:36:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 02 Mar 2020 18:23:36 GMT
server
sffe
age
4336
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
52813
x-xss-protection
0
expires
Wed, 03 Mar 2021 14:36:13 GMT
MrzQfuEGGBFphCI.css
login.sparkasse.at/
159 B
1 KB
Stylesheet
General
Full URL
https://login.sparkasse.at/MrzQfuEGGBFphCI.css
Requested by
Host: www.takekerr.com
URL: https://www.takekerr.com/-/at/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
213.150.6.28 Vienna, Austria, ASN12895 (IT-AUSTRIA Vienna, Austria, AT),
Reverse DNS
login.sparkasse.at
Software
/
Resource Hash
b3254effbb2ddf0613b19e4d33cb8348aad07c31576ba096c29bddd514695e3c

Request headers

Referer
https://www.takekerr.com/-/at/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Cache-Control
private, max-age=86400
Content-Length
159
Content-Type
text/css
lib.css
login.sparkasse.at/sts/styles/
92 KB
20 KB
Stylesheet
General
Full URL
https://login.sparkasse.at/sts/styles/lib.css
Requested by
Host: www.takekerr.com
URL: https://www.takekerr.com/-/at/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
213.150.6.28 Vienna, Austria, ASN12895 (IT-AUSTRIA Vienna, Austria, AT),
Reverse DNS
login.sparkasse.at
Software
Apache /
Resource Hash
2ef681aee9a74dbdb418977f24a8b0c06e8af55f5331df472fce382249f5a161
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.takekerr.com/-/at/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Tue, 03 Mar 2020 15:48:30 GMT
Content-Encoding
br
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 25 Feb 2020 13:23:46 GMT
Server
Apache
X-Frame-Options
DENY
ETag
W/"94195-1582637026000-br"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
text/css
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=100
Expires
Tue, 03 Mar 2020 16:53:30 GMT
7374732f6f617574682f617574686f72697a65.js
login.sparkasse.at/KfE1bB30fy/
30 KB
30 KB
Script
General
Full URL
https://login.sparkasse.at/KfE1bB30fy/7374732f6f617574682f617574686f72697a65.js
Requested by
Host: www.takekerr.com
URL: https://www.takekerr.com/-/at/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
213.150.6.28 Vienna, Austria, ASN12895 (IT-AUSTRIA Vienna, Austria, AT),
Reverse DNS
login.sparkasse.at
Software
/
Resource Hash
98b13c2779fba099ace16741cb262a599faa57884b9a171af7d1f4c6ca08eddb

Request headers

Referer
https://www.takekerr.com/-/at/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Pragma
no-cache
Cache-Control
no-cache
Content-Length
30826
Content-Type
text/javascript
0819247478ab180049e95fdbc301d15b2a0f416a1eb5610e1990f46ce427bb42.js
login.sparkasse.at/9ig6dOujn/
0
1 KB
Script
General
Full URL
https://login.sparkasse.at/9ig6dOujn/0819247478ab180049e95fdbc301d15b2a0f416a1eb5610e1990f46ce427bb42.js
Requested by
Host: www.takekerr.com
URL: https://www.takekerr.com/-/at/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
213.150.6.28 Vienna, Austria, ASN12895 (IT-AUSTRIA Vienna, Austria, AT),
Reverse DNS
login.sparkasse.at
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.takekerr.com/-/at/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Pragma
no-cache
Cache-Control
no-cache
Content-Length
0
Content-Type
text/javascript
ServiceLogin
accounts.google.com/
Redirect Chain
  • https://lh3.googleusercontent.com/vNzB1Lu0Yeywf18F8c9Mm_OOSktIUnAkP4zxiQQUqBivpO4EJ8GakzRwkMoMreMCfubyLb2XvSZwe2_BQKb-m6yL2yCpLbKbN3Lj0KiiBv2geR0vGkC7bGGwMpPin0lvu8XDx9fA3dLfai3Zn77sRn5h7oM45qJZ2XY...
  • https://lh3.google.com/Av4mmqfROkx20IGerHXKbZzBqNq-OfPcLU8osY25m10dILTuMQinGfa0RUuj3W9J_F4QKp-gY44=s1-no
  • https://accounts.google.com/ServiceLogin?continue=https://lh3.google.com/Av4mmqfROkx20IGerHXKbZzBqNq-OfPcLU8osY25m10dILTuMQinGfa0RUuj3W9J_F4QKp-gY44%3Ds1-no&hl=en
0
0
Image
General
Full URL
https://accounts.google.com/ServiceLogin?continue=https://lh3.google.com/Av4mmqfROkx20IGerHXKbZzBqNq-OfPcLU8osY25m10dILTuMQinGfa0RUuj3W9J_F4QKp-gY44%3Ds1-no&hl=en
Requested by
Host: www.takekerr.com
URL: https://www.takekerr.com/-/at/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.takekerr.com/-/at/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date
Tue, 03 Mar 2020 15:48:30 GMT
x-content-type-options
nosniff
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
server
fife
access-control-allow-origin
*
location
https://accounts.google.com/ServiceLogin?continue=https://lh3.google.com/Av4mmqfROkx20IGerHXKbZzBqNq-OfPcLU8osY25m10dILTuMQinGfa0RUuj3W9J_F4QKp-gY44%3Ds1-no&hl=en
content-type
text/html; charset=UTF-8
status
302
cache-control
private
timing-allow-origin
*
vary
Origin
content-length
363
x-xss-protection
0
Doppel-Logo_o_Claim.svg
login.sparkasse.at/sts/images/logos/
6 KB
3 KB
Image
General
Full URL
https://login.sparkasse.at/sts/images/logos/Doppel-Logo_o_Claim.svg
Requested by
Host: www.takekerr.com
URL: https://www.takekerr.com/-/at/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
213.150.6.28 Vienna, Austria, ASN12895 (IT-AUSTRIA Vienna, Austria, AT),
Reverse DNS
login.sparkasse.at
Software
Apache /
Resource Hash
b8bb52fdbcbdc0b034daee432a3eb2f3232cb0ba16a3eb527bae55cdbc4aaa96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.takekerr.com/-/at/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Tue, 03 Mar 2020 15:48:29 GMT
Content-Encoding
br
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
2008
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 25 Feb 2020 13:23:46 GMT
Server
Apache
X-Frame-Options
DENY
ETag
W/"6025-1582637026000-br"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
image/svg+xml
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=100
Expires
Tue, 03 Mar 2020 16:53:30 GMT
George-symbol.svg
login.sparkasse.at/sts/images/clients/
915 B
938 B
Image
General
Full URL
https://login.sparkasse.at/sts/images/clients/George-symbol.svg
Requested by
Host: www.takekerr.com
URL: https://www.takekerr.com/-/at/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
213.150.6.28 Vienna, Austria, ASN12895 (IT-AUSTRIA Vienna, Austria, AT),
Reverse DNS
login.sparkasse.at
Software
Apache /
Resource Hash
04cf169a10f64a9ce6b5650e37e047651690b18b238e1f431636aa292d6fb600
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.takekerr.com/-/at/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Tue, 03 Mar 2020 15:48:30 GMT
Content-Encoding
br
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
442
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 25 Feb 2020 13:23:46 GMT
Server
Apache
X-Frame-Options
DENY
ETag
W/"915-1582637026000-br"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
image/svg+xml
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=100
Expires
Tue, 03 Mar 2020 16:53:30 GMT
bankcard.gif
login.sparkasse.at/sts/images/
49 KB
50 KB
Image
General
Full URL
https://login.sparkasse.at/sts/images/bankcard.gif
Requested by
Host: www.takekerr.com
URL: https://www.takekerr.com/-/at/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
213.150.6.28 Vienna, Austria, ASN12895 (IT-AUSTRIA Vienna, Austria, AT),
Reverse DNS
login.sparkasse.at
Software
Apache /
Resource Hash
b0f484443bd01c61cebbfb1c3abe4a253e3a0c314150025521712fefc3284224
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.takekerr.com/-/at/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Tue, 03 Mar 2020 15:48:30 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Last-Modified
Tue, 25 Feb 2020 13:23:48 GMT
Server
Apache
ETag
W/"50328-1582637028000"
X-Frame-Options
DENY
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=99
Content-Length
50328
X-XSS-Protection
1; mode=block
Expires
Tue, 03 Mar 2020 16:53:30 GMT
truncated
/
68 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
ServiceLogin
accounts.google.com/
Redirect Chain
  • https://lh3.googleusercontent.com/vNzB1Lu0Yeywf18F8c9Mm_OOSktIUnAkP4zxiQQUqBivpO4EJ8GakzRwkMoMreMCfubyLb2XvSZwe2_BQKb-m6yL2yCpLbKbN3Lj0KiiBv2geR0vGkC7bGGwMpPin0lvu8XDx9fA3dLfai3Zn77sRn5h7oM45qJZ2XY...
  • https://lh3.google.com/Av4mmqfROkx20IGerHXKbZzBqNq-OfPcLU8osY25m10dILTuMQinGfa0RUuj3W9J_F4QKp-gY44=s1-no
  • https://accounts.google.com/ServiceLogin?continue=https://lh3.google.com/Av4mmqfROkx20IGerHXKbZzBqNq-OfPcLU8osY25m10dILTuMQinGfa0RUuj3W9J_F4QKp-gY44%3Ds1-no&hl=en
0
0
Image
General
Full URL
https://accounts.google.com/ServiceLogin?continue=https://lh3.google.com/Av4mmqfROkx20IGerHXKbZzBqNq-OfPcLU8osY25m10dILTuMQinGfa0RUuj3W9J_F4QKp-gY44%3Ds1-no&hl=en
Requested by
Host: www.takekerr.com
URL: https://www.takekerr.com/-/at/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.takekerr.com/-/at/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date
Tue, 03 Mar 2020 15:48:30 GMT
x-content-type-options
nosniff
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
server
fife
access-control-allow-origin
*
location
https://accounts.google.com/ServiceLogin?continue=https://lh3.google.com/Av4mmqfROkx20IGerHXKbZzBqNq-OfPcLU8osY25m10dILTuMQinGfa0RUuj3W9J_F4QKp-gY44%3Ds1-no&hl=en
content-type
text/html; charset=UTF-8
status
302
cache-control
private
timing-allow-origin
*
vary
Origin
content-length
363
x-xss-protection
0
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fcefa276f4f9af1acd48ef626f2c53be9990253a7498d22bae50689baa834af7

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
900 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ac46b34d79ab1942b00cfcf903cf75e0e2ed9f354ed493a2cf7d5fa0d85c569b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
9 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
48c24fd8fb19b02949a64918eb768e58dbe70210ad7de1f7f78dfc0052dfde82

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
erstewf-bold-webfont.woff
login.sparkasse.at/sts/styles/DST_ErsteWeb/
0
0

erstewf-book-webfont.woff
login.sparkasse.at/sts/styles/DST_ErsteWeb/
0
0

erstewf-bold-webfont.ttf
login.sparkasse.at/sts/styles/DST_ErsteWeb/
0
0

erstewf-book-webfont.ttf
login.sparkasse.at/sts/styles/DST_ErsteWeb/
0
0

/
login.sparkasse.at/Q2wS57y/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.takekerr.com
URL
https://www.takekerr.com/-/at/
Domain
login.sparkasse.at
URL
https://login.sparkasse.at/sts/styles/DST_ErsteWeb/erstewf-bold-webfont.woff
Domain
login.sparkasse.at
URL
https://login.sparkasse.at/sts/styles/DST_ErsteWeb/erstewf-book-webfont.woff
Domain
login.sparkasse.at
URL
https://login.sparkasse.at/sts/styles/DST_ErsteWeb/erstewf-bold-webfont.ttf
Domain
login.sparkasse.at
URL
https://login.sparkasse.at/sts/styles/DST_ErsteWeb/erstewf-book-webfont.ttf
Domain
login.sparkasse.at
URL
https://login.sparkasse.at/Q2wS57y/?m=4056e4967d485fabd6f44f5c30e562d8b7c6d3397cfd59d57d5554701d9543136f9fec150c2394a8ce0669444a07ca112452954bb5d43b0ea9b8bf31f12133ede59a916aefd0a6e6f34836f45afb4f99064ce16678976403a83004d365c44ee76d6c7dfe0376ed5477eb265400c6e85f2e0f5711f909ef15c5693d5b47f37eb161181ed3b206a82362ae23d2bf82628940d0eec6ad3996ea6a67339d9b12143fb0be4419e93127caafe79750

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sparkasse (Banking)

124 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| keepalive function| setupKeepaliveInterval number| FLIP_ICON_HEIGHT undefined| myWindow function| sumNumbers function| doRwd function| calcCol2Height function| calcVisibleWhiteboxHeight function| centerpage function| confirmmsg function| windowtracker function| $ function| jQuery function| Arcfour function| ARC4init function| ARC4next function| prng_newstate number| rng_psize undefined| rng_state object| rng_pool number| rng_pptr function| rng_seed_int function| rng_seed_time number| t object| ua undefined| z function| rng_get_byte function| rng_get_bytes function| SecureRandom number| dbits number| canary boolean| j_lm function| BigInteger function| nbi function| am1 function| am2 function| am3 number| BI_FP string| BI_RM object| BI_RC number| rr number| vv function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| parseBigInt function| linebrk function| byte2Hex function| pkcs1pad2 function| RSAKey function| RSASetPublic function| RSADoPublic function| RSAEncrypt object| reWhiteSpace function| Utf8Encode function| htmlToJsConversion function| nbalert function| setFldFocus function| isWhiteSpace function| isEmpty function| doDisableSpecifiedForm function| doSubmitAndDisable function| jsxEncrypt function| encodeToHex object| STS function| setFocus function| displayError function| checkUser function| checkPwd number| totalEncryptAttempts function| disableInputField function| disableInputFields function| validateMac function| encodeForHtmlAttribute function| validateMacRetry function| submitCredentials function| submitSecret function| submitCancelLoginForm undefined| ie9rgb4 boolean| QyiU string| anti_fraud object| _I boolean| rEbn boolean| bLauNCTx boolean| Tpimob object| input object| username

1 Cookies

Domain/Path Name / Value
www.takekerr.com/ Name: PHPSESSID
Value: pvjej20rftqpon1qjd7g76lhp6

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block