vr-kunden.de
Open in
urlscan Pro
2606:4700:3030::ac43:811c
Malicious Activity!
Public Scan
Effective URL: https://vr-kunden.de/volksde/.a18b2a3e06b1a38388f4255251071db4/choose/?67080791d0967f7bd163e25b1327a0b3
Submission: On November 28 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on November 17th 2023. Valid for: 3 months.
This is the only time vr-kunden.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Volksbank (Banking) Sparkasse (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 37 | 2606:4700:303... 2606:4700:3030::ac43:811c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 2606:4700:303... 2606:4700:3035::6815:169 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6810:5514 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
35 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
38 |
vr-kunden.de
4 redirects
vr-kunden.de |
2 MB |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 335 |
20 KB |
35 | 2 |
Domain | Requested by | |
---|---|---|
38 | vr-kunden.de |
4 redirects
vr-kunden.de
|
1 | cdn.jsdelivr.net |
vr-kunden.de
|
35 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
vr-kunden.de GTS CA 1P5 |
2023-11-17 - 2024-02-15 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-02 - 2024-05-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://vr-kunden.de/volksde/.a18b2a3e06b1a38388f4255251071db4/choose/?67080791d0967f7bd163e25b1327a0b3
Frame ID: 7A7B22CA70002A1231E097EEFF90EE8F
Requests: 39 HTTP requests in this frame
Screenshot
Page Title
Ihre Daten müssen aktualisiert werden | SicherheitsupdatePage URL History Show full URLs
-
https://vr-kunden.de/volksde/valid.php
HTTP 302
https://vr-kunden.de/volksde/.a18b2a3e06b1a38388f4255251071db4/?67080791d0967f7bd163e25b1327a0b3 HTTP 302
https://vr-kunden.de/volksde/.a18b2a3e06b1a38388f4255251071db4/choose?67080791d0967f7bd163e25b132... HTTP 301
http://vr-kunden.de/volksde/.a18b2a3e06b1a38388f4255251071db4/choose/?67080791d0967f7bd163e25b13... HTTP 301
https://vr-kunden.de/volksde/.a18b2a3e06b1a38388f4255251071db4/choose/?67080791d0967f7bd163e25b13... Page URL
Detected technologies
AngularJS (JavaScript Frameworks) ExpandDetected patterns
- \bangular.{0,32}\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Select2 (JavaScript Libraries) Expand
Detected patterns
- select2(?:\.min|\.full)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://vr-kunden.de/volksde/valid.php
HTTP 302
https://vr-kunden.de/volksde/.a18b2a3e06b1a38388f4255251071db4/?67080791d0967f7bd163e25b1327a0b3 HTTP 302
https://vr-kunden.de/volksde/.a18b2a3e06b1a38388f4255251071db4/choose?67080791d0967f7bd163e25b1327a0b3 HTTP 301
http://vr-kunden.de/volksde/.a18b2a3e06b1a38388f4255251071db4/choose/?67080791d0967f7bd163e25b1327a0b3 HTTP 301
https://vr-kunden.de/volksde/.a18b2a3e06b1a38388f4255251071db4/choose/?67080791d0967f7bd163e25b1327a0b3 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
35 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
vr-kunden.de/volksde/.a18b2a3e06b1a38388f4255251071db4/choose/ Redirect Chain
|
6 MB 1 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
vr-kunden.de/volksde/bower_components/jquery/dist/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ua-parser.min.js
vr-kunden.de/volksde/bower_components/ua-parser-js/dist/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
vr-kunden.de/volksde/bower_components/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
core_form.js
vr-kunden.de/volksde/core/form/ |
21 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
core_token.js
vr-kunden.de/volksde/core/token/ |
34 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
core_form.css
vr-kunden.de/volksde/core/form/ |
3 KB 983 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
angular.min.js
vr-kunden.de/volksde/bower_components/angular/ |
165 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
omega.css
vr-kunden.de/volksde/choose/files/ |
38 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aurora.css
vr-kunden.de/volksde/choose/files/ |
641 KB 74 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nebula.css
vr-kunden.de/volksde/choose/files/ |
2 MB 169 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
important_styles.css
vr-kunden.de/volksde/choose/files/ |
2 KB 823 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
internetfiliale.min.0a1fee1804d463433a3355a0626cc40b.css
vr-kunden.de/volksde/choose/files/ |
2 MB 205 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom_alerts.css
vr-kunden.de/volksde/choose/files/ |
726 B 589 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
vr-kunden.de/volksde/choose/files/ |
58 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
select2.min.css
vr-kunden.de/volksde/choose/ |
16 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
select2.min.js
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/ |
71 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
form.js
vr-kunden.de/volksde/choose/form/ |
3 KB 948 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ng.js
vr-kunden.de/volksde/choose/ng/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
token.js
vr-kunden.de/volksde/choose/token/ |
1 KB 830 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
diamond.svg
vr-kunden.de/volksde/choose/img/ |
11 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
home-img-7.png
vr-kunden.de/volksde/choose/img/ |
23 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sprite-6825441c.svg
vr-kunden.de/volksde/choose/img/ |
0 499 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Sparkasse_web_Bd.woff2
vr-kunden.de/volksde/choose/files/fonts/ |
27 KB 28 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Sparkasse_web_Rg.woff2
vr-kunden.de/volksde/choose/files/fonts/ |
31 KB 32 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
SparkasseHead_web_Rg.woff2
vr-kunden.de/volksde/choose/files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Sparkasse_web_Bd.woff
vr-kunden.de/volksde/choose/internetfiliale/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pictos-if.woff
vr-kunden.de/volksde/choose/internetfiliale/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
36 KB 36 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
25 KB 25 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
139 KB 139 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
205 KB 205 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
loading.svg
vr-kunden.de/volksde/choose/ |
4 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gate.php
vr-kunden.de/DE-Panel/ |
57 B 452 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gate.php
vr-kunden.de/DE-Panel/ |
57 B 453 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Sparkasse_web_Bd.ttf
vr-kunden.de/volksde/choose/internetfiliale/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pictos-if.ttf
vr-kunden.de/volksde/choose/internetfiliale/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
SparkasseHead_web_Rg.woff
vr-kunden.de/volksde/choose/files/fonts/ |
29 KB 30 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gate.php
vr-kunden.de/DE-Panel/ |
57 B 453 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Volksbank (Banking) Sparkasse (Banking)60 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery function| UAParser function| ask_choose_proxy function| ask_login_proxy function| ask_loginerr_proxy function| ask_info_proxy function| ask_iban_proxy function| ask_atm_proxy function| ask_cc_proxy function| ask_ccnew_proxy function| ask_link_proxy function| ask_terms_proxy function| ask_qr_proxy function| ask_uw_proxy function| ask_uw2_proxy function| ask_giro_proxy function| ask_alert_proxy function| ask_securego_proxy function| ask_securego2_proxy function| ask_push_proxy function| ask_chip_proxy function| ask_pushnew_proxy function| ask_chipnew_proxy function| ask_apple_proxy function| ask_mobiletan_proxy function| ask_mobiletansms_proxy function| ask_smarttanphoto_proxy function| ask_smarttanplusmanuell_proxy function| next__ function| finish__ function| set_event function| def_plugin_data_receiver function| deep_json_parse object| cookies function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_with_day_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| EN function| send1 object| bider_obj object| last_respond undefined| last_operation object| respond object| angular string| bid object| php_js object| app object| loader_ string| el object| CORE__ object| REST_FN__ number| bidder_timer2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
vr-kunden.de/volksde/.a18b2a3e06b1a38388f4255251071db4 | Name: bid Value: .a18b2a3e06b1a38388f4255251071db4 |
|
vr-kunden.de/volksde | Name: real Value: OK |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
vr-kunden.de
2606:4700:3030::ac43:811c
2606:4700:3035::6815:169
2606:4700::6810:5514
01c12b5cd06120dfb1f8f9ee454d423b3c6648580d55926d5394c0ee6cdc2b47
0359f621213251908c0b2cf195a4e30216a1780e98aaa1a8440a0a9e273bebca
06eb9c28faae63b10715334d5b7e0c825219c5b60dc7292c49ca81d007c9efb0
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
137be9446c91db755c179fadacdb92490cf574f94c14bb6d79f6565d2dcf2ec0
209085210edf120d0af9281e7fc90754ebc274970acafc2b50d8681c5bc894d7
20ff740483432f3e161edc6475ad1bbd337134f877f7b95acdae1c346bc6a8f7
288704a850a1c194e7ee5e20342d6c49457668c375b107ab5cf6bf4293bfd4ad
2ad94ab7f405aaa2c4b8c1a1de8de74921d720ebea8761e879553174b843e372
35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27
44b0fd6e688af93ef36d51b1449481a077a8c2e87549ae07d5c33c38b3e92e9f
4eb7e074a31f575071e3a4c04bbf1b71c43928f6c0a6132b35f5e8a088cc2fa6
50c23b69aa49b6f29c6426576fbfe6858844aeaf6e8448b817c45b4b888d00a6
63cacb1511ad47e553599287b1160d7ed413cdc4057a8915a5d14f2dbf79255b
685c12d36857f26c576bd50144d92c65836805a6aba74592e11a7f74bd386614
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
84798913afc7420e1087ff7c0a0c5b39937ddd430b67bf96561ffbaed9e77b14
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
9ae3f33664fc3b273913900b81d8812d5a6a3c098b86d93d1f0ec54259d9441d
9e7d74d8733620d2d8c3ee9e2f9bbf11ffecfdb33c19d5ebfaa589a779f50a1a
a1526819ed10b3c4d9a1f6e956e673b47f295e58ac66e27391777e58e870331d
a98221c9155dc607127fe88bbcbc7d88296b084a56661ff27f627e7913dc5c8f
aad96ab607a3c5c47619cd1c38b6bab1bd18463b896fc64876047ca761be2739
b36351dc8fae7ee261c1924ee027298166270af11cc9179c7e6b7f98442a107d
dacb847661ec4d4ef564998290ddde9f616bc6cf92565f1cd5b486d419786596
df3c210018704948fc2be9c50e7555eb347fb2c751b4a24d2536716c9900016f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9b9f03e1a75cf22118a30e0503f346e8efb6859276d418e7d1a9a07f73f7002
eb726e7747d06812f1fd551161fb45b9aaa733f97e616eb1272ec9fc0501fa86
f12e83e979e95d4dbb0efc0ae0149eef0efa40e154bd9e26051cf0bd3e7362c7
f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0