sparkse.info
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Effective URL: https://sparkse.info/Start
Submission: On May 14 via api from GB — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on May 5th 2023. Valid for: 3 months.
This is the only time sparkse.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparkasse (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 91.201.52.86 91.201.52.86 | 44128 (INTERNET-...) (INTERNET-PRO-AS) | |
1 1 | 185.230.61.180 185.230.61.180 | 58182 (WIX_COM) (WIX_COM) | |
1 26 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
26 | 2 |
ASN58182 (WIX_COM, IL)
PTR: unalocated.61.wixsite.com
mistermiyagi22.hopp.to |
Apex Domain Subdomains |
Transfer | |
---|---|---|
26 |
sparkse.info
1 redirects
sparkse.info |
1006 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 231 |
28 KB |
1 |
hopp.to
1 redirects
mistermiyagi22.hopp.to |
520 B |
1 |
sh-u.ru
1 redirects
sh-u.ru |
378 B |
26 | 4 |
Domain | Requested by | |
---|---|---|
26 | sparkse.info |
1 redirects
sparkse.info
|
1 | cdnjs.cloudflare.com |
sparkse.info
|
1 | mistermiyagi22.hopp.to | 1 redirects |
1 | sh-u.ru | 1 redirects |
26 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sparkse.info GTS CA 1P5 |
2023-05-05 - 2023-08-03 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://sparkse.info/Start
Frame ID: 081DFC28444FF76496F5792A88C4AB52
Requests: 23 HTTP requests in this frame
Frame:
https://sparkse.info/cdn-cgi/challenge-platform/h/g/scripts/jsd/7fe8adc8/invisible.js
Frame ID: 2D52D838516EC1E1625FEC17760A4FFF
Requests: 3 HTTP requests in this frame
Screenshot
Page Title
Sparkasse | Wir ändern unsere Nutzungsbedingungen!Page URL History Show full URLs
-
https://sh-u.ru/YSVpPK
HTTP 301
https://mistermiyagi22.hopp.to/sparksed HTTP 302
https://sparkse.info/Start Page URL
Detected technologies
Adobe Experience Manager (CMS) ExpandDetected patterns
- <div class="[^"]*parbase
RequireJS (JavaScript Frameworks) Expand
Detected patterns
- require.*\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://sh-u.ru/YSVpPK
HTTP 301
https://mistermiyagi22.hopp.to/sparksed HTTP 302
https://sparkse.info/Start Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 22- https://sparkse.info/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
- https://sparkse.info/cdn-cgi/challenge-platform/h/g/scripts/jsd/7fe8adc8/invisible.js
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Start
sparkse.info/ Redirect Chain
|
153 KB 48 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sp_styles.css
sparkse.info/assets/css/ |
2 MB 214 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sp_scripts.js
sparkse.info/assets/js/ |
641 KB 159 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
toast.css
sparkse.info/assets/css/ |
639 KB 75 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sun.css
sparkse.info/assets/css/ |
14 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gridz_structure.css
sparkse.info/assets/css/ |
52 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
light_styles.css
sparkse.info/assets/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bread.svg
sparkse.info/assets/images/ |
22 KB 9 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
drink.svg
sparkse.info/assets/images/ |
976 B 868 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-2.jpg
sparkse.info/assets/images/ |
86 KB 86 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fetch
sparkse.info/if/neo.proxy/TUFJTkBwb3J0YWw=/neoif/neo/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
require.js
sparkse.info/if/neo.proxy/TUFJTkBwb3J0YWw=/neoif/taoospm/js-min/lib/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Sparkasse_web_Rg.woff
sparkse.info/assets/css/cs_haspa/fonts/ |
41 KB 41 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pictos-if.woff
sparkse.info/assets/css/cs_haspa/fonts/ |
197 KB 198 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
SparkasseNEUMedium-Regular.woff2
sparkse.info/assets/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
SparkasseNEURg-Regular.woff2
sparkse.info/assets/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
SparkasseNEURg-Bold.woff2
sparkse.info/assets/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.3/ |
88 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ospm_v2.css
sparkse.info/if/neo.proxy/TUFJTkBwb3J0YWw=/neoif/taoospm/css/ospm/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ospm_if_v2.css
sparkse.info/if/neo.proxy/TUFJTkBwb3J0YWw=/neoif/taoospm/css/ospm/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Start
sparkse.info/ |
63 KB 63 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Start
sparkse.info/ |
153 KB 48 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Sparkasse_web_Bd.woff
sparkse.info/assets/css/cs_haspa/fonts/ |
36 KB 37 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
invisible.js
sparkse.info/cdn-cgi/challenge-platform/h/g/scripts/jsd/7fe8adc8/ Frame 2D52 Redirect Chain
|
24 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pica.js
sparkse.info/cdn-cgi/challenge-platform/h/g/scripts/ Frame 2D52 |
6 KB 3 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
7c734200ee3768fe
sparkse.info/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 2D52 |
2 B 632 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparkasse (Banking)47 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless object| IF6 function| getQueryParamValue string| IF6_lightbox_closeicon_text function| overlayShow function| overlayClose function| setSessionTimeout function| focusBankingFormularElement function| toggleClassInRows function| SLURI function| moveBContent object| ifLoginHeaderTimer function| refreshClientTimeout function| refreshServerTimeout undefined| startCountdownLayer function| showCountdownLayer function| updateHeaderLoginIfPresent function| tick function| countdownShow function| callBreakHtml object| nbfDatePicker object| nbfTanInput function| selectListBoxItem function| editTeaserRef function| pagenav_statistics_send function| pagenav_statistics function| pagenav_scroll function| pagenav_scroll_window function| $ function| jQuery object| myif object| IFNeoBridge string| ospm_initialServer string| ospm_baseUrl boolean| ospm_if object| ospm_pageData object| style object| style_if boolean| nbf number| timeLeft number| setTimer function| c number| dots function| type function| formatCardNumber number| timer4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
sh-u.ru/ | Name: PHPSESSID Value: c8df47414925e0ea8149d5e3a70dc5c5 |
|
sh-u.ru/ | Name: short_YSVpPK Value: 1 |
|
sparkse.info/ | Name: PHPSESSID Value: qc1bjou68hfnm7j4gtlrmp35av |
|
.sparkse.info/ | Name: __cf_bm Value: bmmU78icSOYb31MkYkwJx5zKuwE7t0tr0jaNPn0ZpTw-1684068532-0-AY2IDlEgXNMbVw/Ss4h3ptSM37oyptfookujKq0Cbkw1gzoSG5fT2GIxINTbjUWwNOEQuCQXavH9SYVPOqIFjoT90d+fMbdY6Ee39FkvwsV+ |
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
mistermiyagi22.hopp.to
sh-u.ru
sparkse.info
185.230.61.180
2606:4700::6811:190e
2a06:98c1:3121::3
91.201.52.86
0e9eb66a1b33ae648ada3c56eb55fa149c4f1b88316b5a7255ca9b076740f451
0fb669fcf2e761acc03f274083c816bb0a7d2b0c9eb24928a7b897d5818828f9
1586adc8f49ebd0d1deca54b3bc9d1850e7f299b0880b61e6520a7cf2f336a17
22e293166017618b14342bd640677f88274154a0fed8393cb056a16056348de4
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2ee73fd1898343f28de6ed91576db74c150e7f91fd9f6767ae1c52a503a4728a
340e931741c7162a2f4365577878e7b90d015114993168afbd2c40b674984380
385bbee80414712855e9a4250cd4dcbbff192dc79136cf99fa5b62075d3bb0ad
622086cc54433d5da6f74cc13cefc62260ed87c40ddcbac7c1de80e5ce629923
670215d94b14cfa72f9d66889c0232173372b2b7956d84c5a6247dfa337093d8
74e29c203255ea561c5057e915995667190e189d02c3d5a3e840ab28d2b26b33
8cdb874ad1a4a0623414f048ec39df6607f87a6dd123830a9bfef18b359e8347
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
a72220461ce96a63ae75743b8c8ff7eba0d7450291564dc80b2214fb53a4f9ef
d3a01492020e7a5afeb4668d828c83c12313fb99249f411871aeec2d8c51d0ce
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e91bcf65d01abb7d971cf9dda8046e8c20f9c4c53b849c656301b46e7b8131e0
e9b9f03e1a75cf22118a30e0503f346e8efb6859276d418e7d1a9a07f73f7002
f4e07d2fb57dd99f228e0d5b6e4e7a8d051ae49bb9643d850ac10369a6158e35