erneuerung-einverstaendnis.xyz
Open in
urlscan Pro
2a06:98c1:3120::7
Malicious Activity!
Public Scan
Effective URL: https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiq...
Submission Tags: volksbank phishing Search All
Submission: On February 02 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 26th 2022. Valid for: a year.
This is the only time erneuerung-einverstaendnis.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Volksbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:10:... 2606:4700:10::6816:e8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 172.67.167.135 172.67.167.135 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 2606:4700:303... 2606:4700:3035::6815:138e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 8 | 2a06:98c1:312... 2a06:98c1:3120::7 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6810:125e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
9 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
erneuerung-einverstaendnis.xyz
1 redirects
erneuerung-einverstaendnis.xyz |
126 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 227 |
31 KB |
1 |
glockschuss.xyz
1 redirects
glockschuss.xyz |
596 B |
1 |
jkxtsk.xyz
1 redirects
jkxtsk.xyz |
683 B |
1 |
cutt.ly
1 redirects
cutt.ly — Cisco Umbrella Rank: 63623 |
441 B |
9 | 5 |
Domain | Requested by | |
---|---|---|
8 | erneuerung-einverstaendnis.xyz |
1 redirects
erneuerung-einverstaendnis.xyz
|
2 | cdnjs.cloudflare.com |
erneuerung-einverstaendnis.xyz
|
1 | glockschuss.xyz | 1 redirects |
1 | jkxtsk.xyz | 1 redirects |
1 | cutt.ly | 1 redirects |
9 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-01-26 - 2023-01-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI
Frame ID: B120D762252A54FF6029E7F26FC8DFA5
Requests: 9 HTTP requests in this frame
Screenshot
Page Title
Anmeldung - Volksbank eG Online-FilialePage URL History Show full URLs
-
https://cutt.ly/KOWUixY
HTTP 301
http://jkxtsk.xyz/6HLLb6LA HTTP 302
https://glockschuss.xyz/hurensohn HTTP 307
https://erneuerung-einverstaendnis.xyz/?s=rgik20t09yf1ofy15oibi3xjs1garj6n HTTP 302
https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlin... Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://cutt.ly/KOWUixY
HTTP 301
http://jkxtsk.xyz/6HLLb6LA HTTP 302
https://glockschuss.xyz/hurensohn HTTP 307
https://erneuerung-einverstaendnis.xyz/?s=rgik20t09yf1ofy15oibi3xjs1garj6n HTTP 302
https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI
erneuerung-einverstaendnis.xyz/login/ Redirect Chain
|
7 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
c3R5bGUuY3NzLXFiN3I1djlxMnVjODZkOWF2OWVmc2psOGoz
erneuerung-einverstaendnis.xyz/assets/css/style/ |
190 KB 27 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
invisible.js
erneuerung-einverstaendnis.xyz/cdn-cgi/challenge-platform/h/g/scripts/ |
45 KB 16 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
echtzeit.jpg
erneuerung-einverstaendnis.xyz/images/ |
65 KB 65 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/ |
86 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.15/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
c2l0ZS5qcy1xYjdyNXY5cTJ1Yzg2ZDlhdjllZnNqbDhqMw
erneuerung-einverstaendnis.xyz/assets/js/site/ |
12 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.png
erneuerung-einverstaendnis.xyz/images/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
help.svg
erneuerung-einverstaendnis.xyz/images/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Volksbank (Banking)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| __cf_worker_run_after_load function| __cf_run_after_load function| $ function| jQuery object| $jscomp function| U2l0ZS1xYjdyNXY5cTJ1Yzg2ZDlhdjllZnNqbDhqMw object| c2l0ZS1xYjdyNXY5cTJ1Yzg2ZDlhdjllZnNqbDhqMw object| __CF$cv$params2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cutt.ly/ | Name: PHPSESSID Value: 3vmpi825044qnn18omo9dueu22 |
|
erneuerung-einverstaendnis.xyz/ | Name: PHPSESSID Value: qb7r5v9q2uc86d9av9efsjl8j3 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
cutt.ly
erneuerung-einverstaendnis.xyz
glockschuss.xyz
jkxtsk.xyz
172.67.167.135
2606:4700:10::6816:e8
2606:4700:3035::6815:138e
2606:4700::6810:125e
2a06:98c1:3120::7
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
3b6538fd507f985616627af0c1f2db1081531c42d9ea94e2beb5d29472257b95
484e193247ff1d9817990f0a936e75dc76ed69859cf8f1c854dff331fda44da8
4b6c9377bb29212ccd43bdf80a2598eab08cb2ac4be8ecb82f6de0ea766b8e9b
902d505be7f62ed937943900e4a9548f7e79c564a6749f9c81bd7017114d208c
bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e
dc7b12d27bf3d0ce6ac848dc52e9ab6534f325de89fde07bdab0c868e1151bce
f925f4c3b3aef454d845b98490601cb26f391720bfe36879a466b02c74b61e95
f98c05f5c4c46c92cd88d97c5f19cc9805626ff24359c15edaaf1a24ebaa18e4