reaktivierungs-formular.com
Open in
urlscan Pro
2606:4700:3036::6818:6b6b
Malicious Activity!
Public Scan
Effective URL: https://reaktivierungs-formular.com/
Submission Tags: 6889069
Submission: On December 13 via api from NL
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 12th 2020. Valid for: a year.
This is the only time reaktivierungs-formular.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparkasse (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 148.72.111.1 148.72.111.1 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
5 | 2606:4700:303... 2606:4700:3036::6818:6b6b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 2 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-148-72-111-1.ip.secureserver.net
rainbow-search.com |
ASN13335 (CLOUDFLARENET, US)
reaktivierungs-formular.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
reaktivierungs-formular.com
reaktivierungs-formular.com |
19 KB |
1 |
rainbow-search.com
1 redirects
rainbow-search.com |
129 B |
5 | 2 |
Domain | Requested by | |
---|---|---|
5 | reaktivierungs-formular.com |
reaktivierungs-formular.com
|
1 | rainbow-search.com | 1 redirects |
5 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.sparkasse.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-12-12 - 2021-12-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://reaktivierungs-formular.com/
Frame ID: AFD11E7DC4921F9B5A40E9AF76313ED7
Requests: 6 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://rainbow-search.com//reaktivierungs-formular.php
HTTP 301
https://reaktivierungs-formular.com/ Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /^cloudflare$/i
Page Statistics
36 Outgoing links
These are links going to different origins than the main page.
Title: Online-Banking
Search URL Search Domain Scan URL
Title: Girokonto
Search URL Search Domain Scan URL
Title: Tagesgeldkonto
Search URL Search Domain Scan URL
Title: Festgeldkonto
Search URL Search Domain Scan URL
Title: Sparbuch
Search URL Search Domain Scan URL
Title: Aufladbare Kreditkarte
Search URL Search Domain Scan URL
Title: Kreditkarte
Search URL Search Domain Scan URL
Title: Riester-Rente
Search URL Search Domain Scan URL
Title: Kredit
Search URL Search Domain Scan URL
Title: Privatkredit
Search URL Search Domain Scan URL
Title: Dispokredit
Search URL Search Domain Scan URL
Title: Autokredit
Search URL Search Domain Scan URL
Title: Baufinanzierung
Search URL Search Domain Scan URL
Title: Bausparen
Search URL Search Domain Scan URL
Title: Bauspardarlehen
Search URL Search Domain Scan URL
Title: Hypothekendarlehen
Search URL Search Domain Scan URL
Title: Ihre Pläne
Search URL Search Domain Scan URL
Title: GemeinsamAllemGewachsen
Search URL Search Domain Scan URL
Title: Geld einfach verstehen
Search URL Search Domain Scan URL
Title: Sicherheit im Internet
Search URL Search Domain Scan URL
Title: Firmenkunden
Search URL Search Domain Scan URL
Title: Sparen & Anlegen
Search URL Search Domain Scan URL
Title: Altersvorsorge
Search URL Search Domain Scan URL
Title: Versicherungen
Search URL Search Domain Scan URL
Title: Karriere
Search URL Search Domain Scan URL
Title: Filialen A-Z
Search URL Search Domain Scan URL
Title: Geldautomaten A-Z
Search URL Search Domain Scan URL
Title: Finanzlexikon
Search URL Search Domain Scan URL
Title: SEPA
Search URL Search Domain Scan URL
Title: Karte sperren
Search URL Search Domain Scan URL
Title: Sicherungssystem
Search URL Search Domain Scan URL
Title: Sparkassen Apps
Search URL Search Domain Scan URL
Title: Wir ĂĽber uns
Search URL Search Domain Scan URL
Title: Impressum
Search URL Search Domain Scan URL
Title: Datenschutz
Search URL Search Domain Scan URL
Title: Nutzungshinweise
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://rainbow-search.com//reaktivierungs-formular.php
HTTP 301
https://reaktivierungs-formular.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
reaktivierungs-formular.com/ Redirect Chain
|
27 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
reaktivierungs-formular.com/ |
7 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Topbannerlogo.png
reaktivierungs-formular.com/Bilder/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DE.PNG
reaktivierungs-formular.com/Bilder/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Schloss.PNG
reaktivierungs-formular.com/Bilder/ |
381 B 737 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
266 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparkasse (Banking)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.reaktivierungs-formular.com/ | Name: __cfduid Value: d21856545a51ee3c3fa7c9d9618914f971607878129 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
rainbow-search.com
reaktivierungs-formular.com
148.72.111.1
2606:4700:3036::6818:6b6b
116412bd999158689026a0461605c642115ce78466ceb6c92b55319604d66f3b
2d42908cc99e7a40113374446f52be5e2cc6ed50ce868337867653bd63859fda
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33
84ca80f7f566af23b2d22bc000944f98cee6bbb00843ad13fc30f7f72b2d732a
d60ede18812b770949065cca63bcd4259d73e293fd4d994c069ef6f56e534a63
e6ef822dbf57955e1060eef9e9d7fbc72e638585e64b14d17f7b403c51dbfdf5