reaktivierungs-formular.com Open in urlscan Pro
2606:4700:3036::6818:6b6b Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://rainbow-search.com//reaktivierungs-formular.php
Effective URL:
https://reaktivierungs-formular.com/
Submission Tags: 6889069
Submission: On December 13 via api (December 13th 2020, 4:49:06 pm UTC) from NL

Summary HTTP 5 Redirects Links 36 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 5 HTTP transactions. The main IP is 2606:4700:3036::6818:6b6b, located in United States and belongs to CLOUDFLARENET, US. The main domain is reaktivierungs-formular.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 12th 2020. Valid for: a year.

This is the only time reaktivierungs-formular.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sparkasse (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	148.72.111.1 148.72.111.1	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
5	2606:4700:303... 2606:4700:3036::6818:6b6b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2

1 148.72.111.1 (Scottsdale, United States) 1 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-148-72-111-1.ip.secureserver.net

rainbow-search.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3036::6818:6b6b (United States)

ASN13335 (CLOUDFLARENET, US)

reaktivierungs-formular.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	reaktivierungs-formular.com reaktivierungs-formular.com	19 KB
1	rainbow-search.com 1 redirects rainbow-search.com	129 B
5	2

	Domain	Requested by
5	reaktivierungs-formular.com	reaktivierungs-formular.com
1	rainbow-search.com	1 redirects
5	2

This site contains links to these domains. Also see Links.

Domain
www.sparkasse.de

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-12-12` - `2021-12-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://reaktivierungs-formular.com/
Frame ID: AFD11E7DC4921F9B5A40E9AF76313ED7
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://rainbow-search.com//reaktivierungs-formular.php HTTP 301
https://reaktivierungs-formular.com/ Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

5
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

19 kB
Transfer

48 kB
Size

1
Cookies

36 Outgoing links

These are links going to different origins than the main page.

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/rund-ums-konto/online-banking.html
Title: Online-Banking

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/rund-ums-konto/girokonto.html
Title: Girokonto

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/rund-ums-konto/tagesgeldkonto.html
Title: Tagesgeldkonto

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/sparen-anlegen/festgeldkonto.html
Title: Festgeldkonto

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/sparen-anlegen/sparbuch.html
Title: Sparbuch

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/karten/aufladbare-kreditkarte.html
Title: Aufladbare Kreditkarte

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/karten/kreditkarte.html
Title: Kreditkarte

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/altersvorsorge/riester-rente.html
Title: Riester-Rente

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen.html
Title: Kredit

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/privatkredit.html
Title: Privatkredit

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/dispokredit.html
Title: Dispokredit

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/autokredit.html
Title: Autokredit

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/baufinanzierung.html
Title: Baufinanzierung

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/bausparen-bausparvertrag.html
Title: Bausparen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/bauspardarlehen.html
Title: Bauspardarlehen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/kredite-finanzierungen/hypothekendarlehen.html
Title: Hypothekendarlehen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/themen.html
Title: Ihre Pläne

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/gemeinsamallemgewachsen.html
Title: GemeinsamAllemGewachsen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/geld-leichter-verstehen.html
Title: Geld einfach verstehen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/service/sicherheit-im-internet.html
Title: Sicherheit im Internet

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/firmenkunden.html
Title: Firmenkunden

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/sparen-anlegen.html
Title: Sparen & Anlegen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/altersvorsorge.html
Title: Altersvorsorge

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/versicherungen.html
Title: Versicherungen

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/karriere.html
Title: Karriere

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/filialen.html
Title: Filialen A-Z

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/geldautomaten.html
Title: Geldautomaten A-Z

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/service/finanzlexikon.html
Title: Finanzlexikon

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/service/sepa.html
Title: SEPA

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/service/karte-sperren.html
Title: Karte sperren

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/service/infocenter/sicherungssystem.html
Title: Sicherungssystem

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/unsere-loesungen/privatkunden/rund-ums-konto/sparkassen-apps.html
Title: Sparkassen Apps

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/service/wir-ueber-uns.html
Title: Wir über uns

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/impressum.html
Title: Impressum

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/datenschutz.html
Title: Datenschutz

Search URL Search Domain Scan URL

URL: https://www.sparkasse.de/nutzungshinweise.html
Title: Nutzungshinweise

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://rainbow-search.com//reaktivierungs-formular.php HTTP 301
https://reaktivierungs-formular.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response reaktivierungs-formular.com/ Redirect Chain https://rainbow-search.com//reaktivierungs-formular.php https://reaktivierungs-formular.com/	27 KB 3 KB	634ms 601ms	Document text/html	2606:4700:3036::6818:6b6b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://reaktivierungs-formular.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6818:6b6b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d60ede18812b770949065cca63bcd4259d73e293fd4d994c069ef6f56e534a63` Request headers :method GET :authority reaktivierungs-formular.com :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 13 Dec 2020 16:48:50 GMT content-type text/html set-cookie __cfduid=d21856545a51ee3c3fa7c9d9618914f971607878129; expires=Tue, 12-Jan-21 16:48:49 GMT; path=/; domain=.reaktivierungs-formular.com; HttpOnly; SameSite=Lax last-modified Sat, 12 Dec 2020 02:19:46 GMT vary Accept-Encoding cf-cache-status DYNAMIC cf-request-id 06fe9a4f7e000018e5d1a46000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OajdtjDGqxVXGZSzKqndULBg0MHJm882c06UfI5yhvWreW4Dlb85XMcQvvbs%2Fg%2Bz6dzGB47qyWesgGOoekdpms22mTt9iJpvK3VuIFdFMfnSrcKRbzs6HW0kT0a3nJ2UvwB0Eo51cXQ%3D"}],"group":"cf-nel","max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 60112cc59a7a18e5-FRA content-encoding br Redirect headers date Sun, 13 Dec 2020 16:48:49 GMT server Apache x-powered-by PHP/7.3.23 location https://reaktivierungs-formular.com vary User-Agent content-length 0 content-type text/html; charset=UTF-8
GET H2	200	style.css reaktivierungs-formular.com/	7 KB 1 KB	559ms 559ms	Stylesheet text/css	2606:4700:3036::6818:6b6b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://reaktivierungs-formular.com/style.css Requested by Host: reaktivierungs-formular.com URL: https://reaktivierungs-formular.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6818:6b6b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `116412bd999158689026a0461605c642115ce78466ceb6c92b55319604d66f3b` Request headers Referer https://reaktivierungs-formular.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 13 Dec 2020 16:48:50 GMT content-encoding br cf-cache-status MISS last-modified Sat, 12 Dec 2020 00:28:04 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mQMtjkRARXUVAqaHKk2rXyOGmcwH7PbSyH6T9ow5Uc8QIPhzeIGQ6%2Bra%2Bf1YrPAac8biJ56EZ4gUf8tpkIcYQpbTCeGDlpnEhYRdAjNg9JTKJUa8hUOw%2FIAL%2FU4mRjwXxpD0Ta6deyA%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 60112cc96b8b18e5-FRA cf-request-id 06fe9a51e5000018e54a363000000001
GET H2	200	Topbannerlogo.png reaktivierungs-formular.com/Bilder/	12 KB 13 KB	568ms 568ms	Image image/png	2606:4700:3036::6818:6b6b CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://reaktivierungs-formular.com/Bilder/Topbannerlogo.png Requested by Host: reaktivierungs-formular.com URL: https://reaktivierungs-formular.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6818:6b6b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `84ca80f7f566af23b2d22bc000944f98cee6bbb00843ad13fc30f7f72b2d732a` Request headers Referer https://reaktivierungs-formular.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 13 Dec 2020 16:48:50 GMT cf-cache-status REVALIDATED last-modified Thu, 10 Dec 2020 06:50:30 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=N%2Fi4Z5Wt2M05o23AJGw6Ii3ReOGZhH7t7wjn420SqMY61yngftn8i%2BbXs2mhhJs3Ea36Ly05QT3C9hKy52YIHqfp1v33MCz6CO1ins%2FPhe%2FqfcF3Nzu0m9mtCPV41cICPH25S6iVY3A%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 60112cc96b8c18e5-FRA content-length 12646 cf-request-id 06fe9a51dd000018e53e025000000001
GET H2	200	DE.PNG reaktivierungs-formular.com/Bilder/	1 KB 1 KB	576ms 576ms	Image image/png	2606:4700:3036::6818:6b6b CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://reaktivierungs-formular.com/Bilder/DE.PNG Requested by Host: reaktivierungs-formular.com URL: https://reaktivierungs-formular.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6818:6b6b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e6ef822dbf57955e1060eef9e9d7fbc72e638585e64b14d17f7b403c51dbfdf5` Request headers Referer https://reaktivierungs-formular.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 13 Dec 2020 16:48:50 GMT cf-cache-status REVALIDATED last-modified Fri, 11 Dec 2020 00:47:16 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Z2v7hckciU62IxWYOHx0AQWGe%2F%2B%2FJoPE0oUh3sV8Nfc9f%2FHYjVoXytBA2YqqIKsctRcMlkzNgv6LxVc17l35O0xMyrd40oT6xYI%2FPes5Z8SmS%2FU2R5xRsV4MoCH%2B3uGDt79iiRkNQOs%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 60112cc96b8e18e5-FRA content-length 1048 cf-request-id 06fe9a51dd000018e5dc128000000001
GET H2	200	Schloss.PNG reaktivierungs-formular.com/Bilder/	381 B 737 B	554ms 553ms	Image image/png	2606:4700:3036::6818:6b6b CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://reaktivierungs-formular.com/Bilder/Schloss.PNG Requested by Host: reaktivierungs-formular.com URL: https://reaktivierungs-formular.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6818:6b6b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2d42908cc99e7a40113374446f52be5e2cc6ed50ce868337867653bd63859fda` Request headers Referer https://reaktivierungs-formular.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 13 Dec 2020 16:48:50 GMT cf-cache-status REVALIDATED last-modified Fri, 11 Dec 2020 03:48:14 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=g7aocIUwZR41e4K9mzvPFRWHTlL%2FYgvdG7fpxvgPlYL82uwcRK19RueojngZ5nWhumhY3INEt2aA9karUCiXRGR0yZUR5QlEx%2BeE7IJtHiWwlxcUUNzgPco9DIA2JpqNMvzmEDpTtQg%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 60112cc96b9018e5-FRA content-length 381 cf-request-id 06fe9a51dd000018e5d6084000000001
GET DATA	200 OK	truncated /	266 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sparkasse (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.reaktivierungs-formular.com/	1970-01-19 15:21:10	Name: __cfduid Value: d21856545a51ee3c3fa7c9d9618914f971607878129

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

rainbow-search.com
reaktivierungs-formular.com
148.72.111.1
2606:4700:3036::6818:6b6b
116412bd999158689026a0461605c642115ce78466ceb6c92b55319604d66f3b
2d42908cc99e7a40113374446f52be5e2cc6ed50ce868337867653bd63859fda
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33
84ca80f7f566af23b2d22bc000944f98cee6bbb00843ad13fc30f7f72b2d732a
d60ede18812b770949065cca63bcd4259d73e293fd4d994c069ef6f56e534a63
e6ef822dbf57955e1060eef9e9d7fbc72e638585e64b14d17f7b403c51dbfdf5

reaktivierungs-formular.com Open in urlscan Pro 2606:4700:3036::6818:6b6b Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

19 kBTransfer

48 kBSize

1 Cookies

36 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

1 Cookies

Indicators

reaktivierungs-formular.com Open in urlscan Pro
2606:4700:3036::6818:6b6b Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

19 kB
Transfer

48 kB
Size

1
Cookies

5 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!