volksbank.trfed.de
Open in
urlscan Pro
2a06:98c1:3121::9
Malicious Activity!
Public Scan
Effective URL: https://volksbank.trfed.de/volksbank/bankleitzahl/651fad78e6363
Submission: On October 08 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by E1 on September 23rd 2023. Valid for: 3 months.
This is the only time volksbank.trfed.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Volksbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 20 | 2a06:98c1:312... 2a06:98c1:3121::9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 47.251.10.111 47.251.10.111 | 45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.) | |
1 2 | 195.200.53.159 195.200.53.159 | 15590 (ATRUVIA) (ATRUVIA) | |
21 | 4 |
ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
ip9uk39kv26rml8wjjruzg-on.drv.tw | |
ip9uk39kv26rml8wjjruzg.on.drv.tw |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
trfed.de
1 redirects
volksbank.trfed.de |
314 KB |
2 |
vr.de
1 redirects
www.vr.de |
626 B |
2 |
drv.tw
1 redirects
ip9uk39kv26rml8wjjruzg-on.drv.tw ip9uk39kv26rml8wjjruzg.on.drv.tw |
2 KB |
21 | 3 |
Domain | Requested by | |
---|---|---|
20 | volksbank.trfed.de |
1 redirects
volksbank.trfed.de
|
2 | www.vr.de |
1 redirects
volksbank.trfed.de
|
1 | ip9uk39kv26rml8wjjruzg.on.drv.tw |
volksbank.trfed.de
|
1 | ip9uk39kv26rml8wjjruzg-on.drv.tw | 1 redirects |
21 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
trfed.de E1 |
2023-09-23 - 2023-12-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://volksbank.trfed.de/volksbank/bankleitzahl/651fad78e6363
Frame ID: D2251272DACD2D8F0119EFE8873B486B
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
Bank - Volksbank eGPage URL History Show full URLs
- https://volksbank.trfed.de/volksbank/651fad78e6363 Page URL
- https://volksbank.trfed.de/volksbank/bankleitzahl/651fad78e6363 Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://volksbank.trfed.de/volksbank/651fad78e6363 Page URL
- https://volksbank.trfed.de/volksbank/bankleitzahl/651fad78e6363 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 13- https://ip9uk39kv26rml8wjjruzg-on.drv.tw/jsbot.js HTTP 301
- https://ip9uk39kv26rml8wjjruzg.on.drv.tw/jsbot.js
- https://volksbank.trfed.de/volksbank/bankleitzahl/js/ing/bandoo.js HTTP 302
- https://www.vr.de/ HTTP 301
- https://www.vr.de/privatkunden.html
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
651fad78e6363
volksbank.trfed.de/volksbank/ |
741 B 849 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
651fad78e6363
volksbank.trfed.de/volksbank/bankleitzahl/ |
17 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
volksbank.css
volksbank.trfed.de/css/ |
528 KB 254 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo-vr.svg
volksbank.trfed.de/img/ |
11 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1.png
volksbank.trfed.de/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2.png
volksbank.trfed.de/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3.png
volksbank.trfed.de/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4.png
volksbank.trfed.de/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
5.png
volksbank.trfed.de/img/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
6.png
volksbank.trfed.de/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
7.png
volksbank.trfed.de/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
8.png
volksbank.trfed.de/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
9.png
volksbank.trfed.de/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
10.png
volksbank.trfed.de/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jsbot.js
ip9uk39kv26rml8wjjruzg.on.drv.tw/ Redirect Chain
|
8 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
privatkunden.html
www.vr.de/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
details.js
volksbank.trfed.de/js/volksbank/ |
5 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
28 KB 28 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
online
volksbank.trfed.de/user/ |
1 B 0 |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
online
volksbank.trfed.de/user/ |
1 B 0 |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
online
volksbank.trfed.de/user/ |
1 B 0 |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
online
volksbank.trfed.de/user/ |
1 B 0 |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Volksbank (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
volksbank.trfed.de/ | Name: PHPSESSID Value: vauo48n7pp8h04fq4i7ja6hun1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ip9uk39kv26rml8wjjruzg-on.drv.tw
ip9uk39kv26rml8wjjruzg.on.drv.tw
volksbank.trfed.de
www.vr.de
195.200.53.159
2a06:98c1:3121::9
47.251.10.111
08c6216305671f1f3f66067057da56b578d879b7c1c77e409b340e9f873c9a86
193c842a2509cf7f02ae53bcfe06eef90e653f86af7b973bce4059eae10e92f6
3097e43e3a9b2002798fa0cee854002a72f17f43103a9ea7b4dedef610a0f5d6
3274993c2ccd9b85c3597b1e5d08288dadb9611210575b093c33274c9d3bc846
33891c62b6270b0139750f3be423eb7c4807121d5ce7d54699a97ff5ada20bfb
360af9c3974faec9d8d78b383116b453b2b652abe3178f6f61839f047036f9c8
60154e6e2f54fa24a52d92b99146a39d81151578f6a3a4bd533bf8c43d676b6c
6a9d7ec3c0dc1347ce344830677d4c085536e3d857f946da8dd666bbe91e3852
70192633915348f5f3297b15a8349cefd61fb2dea99ac974aa243a4605ef0704
93a42951ec0bae1d49c6c94e2bcac1a728591b5aee96a698aeb95c569aa4ce47
a98221c9155dc607127fe88bbcbc7d88296b084a56661ff27f627e7913dc5c8f
ac8aa43bb2e93266092d30322872b705918cdeecec6fa8857e4bebc3641943fb
bc5bcd93361b2057348129acae6936f5ef20d5b31cebb08a03abdf23a4cb5168
bd336b5f058be348457d5c0805fa3215e2ca365e9a8b77da94d3ee9472865aa2
d68bbc4154509bf29efa267d11838fa5c9da2bcfe75458e242dacfc7d0fa23e1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f00e05e6fcb48cbf33e15e7393b71041234246e48727fc225310c153cfa6cc31
f6f4ddd588353569b0d34bd19e85a0624effb6c2c183aa26695aefc05861a7ed