spk-portal-de-servicehome-portal-id032.xyz
Open in
urlscan Pro
45.153.229.128
Malicious Activity!
Public Scan
Submitted URL: https://linkzip.me/ezDgN
Effective URL: https://spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/dd6ed338f6ace3327b41e5117082d211/login/
Submission Tags: 7181701
Submission: On June 17 via api from NL
Effective URL: https://spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/dd6ed338f6ace3327b41e5117082d211/login/
Submission Tags: 7181701
Submission: On June 17 via api from NL
Summary
This website contacted 5 IPs
in 2 countries
across 6 domains to perform 22 HTTP transactions.
The main IP is 45.153.229.128, located in
Kyiv, Ukraine and
belongs to VOLIA-AS, UA.
The main domain is spk-portal-de-servicehome-portal-id032.xyz.
TLS certificate: Issued by R3 on June 17th 2021. Valid for: 3 months.
This is the only time spk-portal-de-servicehome-portal-id032.xyz was scanned on urlscan.io!
TLS certificate: Issued by R3 on June 17th 2021. Valid for: 3 months.
This is the only time spk-portal-de-servicehome-portal-id032.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparkasse (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 2606:4700:303... 2606:4700:3032::ac43:9bb6 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2606:4700:303... 2606:4700:3037::6815:78d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2606:4700::68... 2606:4700::6810:a823 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 2 | 104.22.52.65 104.22.52.65 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 1 | 2606:4700:303... 2606:4700:3036::ac43:b5b8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 4 21 | 45.153.229.128 45.153.229.128 | 25229 (VOLIA-AS) (VOLIA-AS) | |
| 22 | 5 |
2
104.22.52.65
(United States)
ASN13335 (CLOUDFLARENET, US)
ASN13335 (CLOUDFLARENET, US)
| secure.statcounter.com | |
| c.statcounter.com |
21
45.153.229.128
(Kyiv, Ukraine)
ASN25229 (VOLIA-AS, UA)
PTR: 4ser-1623869020.4server.su
ASN25229 (VOLIA-AS, UA)
PTR: 4ser-1623869020.4server.su
| spk-portal-de-servicehome-portal-id032.xyz |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 21 |
spk-portal-de-servicehome-portal-id032.xyz
4 redirects
spk-portal-de-servicehome-portal-id032.xyz |
189 KB |
| 2 |
statcounter.com
secure.statcounter.com c.statcounter.com |
13 KB |
| 1 |
redirect-service.xyz
1 redirects
redirect-service.xyz |
1 KB |
| 1 |
cloudflare.com
ajax.cloudflare.com |
5 KB |
| 1 |
blankrefer.com
blankrefer.com |
1 KB |
| 1 |
linkzip.me
linkzip.me |
821 B |
| 22 | 6 |
| Domain | Requested by | |
|---|---|---|
| 21 | spk-portal-de-servicehome-portal-id032.xyz |
4 redirects
spk-portal-de-servicehome-portal-id032.xyz
|
| 1 | c.statcounter.com |
secure.statcounter.com
|
| 1 | redirect-service.xyz | 1 redirects |
| 1 | secure.statcounter.com |
ajax.cloudflare.com
|
| 1 | ajax.cloudflare.com |
blankrefer.com
|
| 1 | blankrefer.com |
linkzip.me
|
| 1 | linkzip.me | |
| 22 | 7 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-02-01 - 2022-01-31 |
a year | crt.sh |
| ajax.cloudflare.com DigiCert ECC Secure Server CA |
2020-08-11 - 2022-08-16 |
2 years | crt.sh |
| us-dallas.statcounter.com Sectigo RSA Domain Validation Secure Server CA |
2020-10-13 - 2021-11-13 |
a year | crt.sh |
| spk-finanzgruppe-de-serviceportal-kunde3.xyz R3 |
2021-06-17 - 2021-09-15 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/dd6ed338f6ace3327b41e5117082d211/login/
Frame ID: 405FFB5551F8AD531AFB2EA917516CBC
Requests: 22 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://linkzip.me/ezDgN Page URL
- https://blankrefer.com/?https://redirect-service.xyz/rgNn1p Page URL
-
https://redirect-service.xyz/rgNn1p
HTTP 302
https://spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/ HTTP 302
https://spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/dd6ed338f6ace3327b41e5117082d211 HTTP 301
http://spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/dd6ed338f6ace3327b41e5117082d211/ HTTP 301
https://spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/dd6ed338f6ace3327b41e5117082d211/ HTTP 302
https://spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/dd6ed338f6ace3327b41e5117082d211/login/ Page URL
Detected technologies
CloudFlare
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /^cloudflare$/i
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://linkzip.me/ezDgN Page URL
- https://blankrefer.com/?https://redirect-service.xyz/rgNn1p Page URL
-
https://redirect-service.xyz/rgNn1p
HTTP 302
https://spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/ HTTP 302
https://spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/dd6ed338f6ace3327b41e5117082d211 HTTP 301
http://spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/dd6ed338f6ace3327b41e5117082d211/ HTTP 301
https://spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/dd6ed338f6ace3327b41e5117082d211/ HTTP 302
https://spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/dd6ed338f6ace3327b41e5117082d211/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
ezDgN
linkzip.me/ |
466 B 821 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
blankrefer.com/ |
809 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rocket-loader.min.js
ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ |
12 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
counter.js
secure.statcounter.com/counter/ |
38 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
 Cookie set
/
spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/dd6ed338f6ace3327b41e5117082d211/login/ Redirect Chain
|
17 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
t.php
c.statcounter.com/ |
192 B 586 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.min.js
spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/bower_components/jquery/dist/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ua-parser.min.js
spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/bower_components/ua-parser-js/dist/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
css.css
spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/login/form/ |
357 B 509 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.php
spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/login/ |
73 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
desktop.png
spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/login/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mobile.png
spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/login/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
druck.png
spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/login/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tdg
spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/login/ |
304 B 304 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
form.js
spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/login/form/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
token.js
spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/login/token/ |
11 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
25frrutigerltw02-55roman-webfont.woff
spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/login/ |
25 KB 25 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
pictos-if.woff
spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/login/ |
64 KB 64 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Frutiger.woff
spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/login/ |
22 KB 22 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
home.php
spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/ |
57 B 220 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
home.php
spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/ |
57 B 220 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
home.php
spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/ |
57 B 220 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparkasse (Banking)37 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| UAParser string| bid object| php_js string| el function| next__ function| finish__ object| cookies function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| send1 function| ask_login_proxy object| bider_obj object| last_respond undefined| last_operation object| respond object| CORE__ object| REST_FN__ number| bidder_timer2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| spk-portal-de-servicehome-portal-id032.xyz/ | Name: PHPSESSID Value: 8qcu7h98vnk2qsoufs47kekhhu |
|
| spk-portal-de-servicehome-portal-id032.xyz/service_redirectsession/dd6ed338f6ace3327b41e5117082d211 | Name: bid Value: dd6ed338f6ace3327b41e5117082d211 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.cloudflare.com
blankrefer.com
c.statcounter.com
linkzip.me
redirect-service.xyz
secure.statcounter.com
spk-portal-de-servicehome-portal-id032.xyz
104.22.52.65
2606:4700:3032::ac43:9bb6
2606:4700:3036::ac43:b5b8
2606:4700:3037::6815:78d
2606:4700::6810:a823
45.153.229.128
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
13bcee1b5bebe47d78aa9d740c901e00ba9f27ada5ec7eb98ce3d26cf40f33bd
163b0f22d9825ceca33cb968a22703a4eb3b0f7e56e7446e9aba8c391bf4cc09
2a5aed1b8c1eeec1152ff77a0cd956cc096eaec13b25c3a88b9f2ef6645f7564
47c4c7b3fddbf6b4c854f09c3d434da26826a2affeca30874e1846ce275b3bc0
63f9673baeaac4bd05e284263b7e679df8d7ba8e65907c6f95e31d43d4c5800f
723733a7bb6f25194a40769ba4b2c4b4840d707bba89f745984fab9442f72141
7cc0a4759f5cfe7d8a6f191f79a38b1c8e36c975f160b89f21d31436dff05c4e
823f9dfa3ee6b0ff35ef3a6662967325e4053898692cc803c4c9aff9cdcbc3db
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
91fe495a8eec4d0432773b5253a018f33e2685f65c19f3db173fddeb9468481d
92a47005456ffc3265cfb02b76cfb77edf109347cd59ef3c755aec4ffd4e8e85
a4f04574b20972a5b290984c214ff23af7810b73db0a640c75bf11b2a042336b
bdf255c9b2aef6468bb30a0c4ad9479c957293a979df31637b547d3c8d31f94b
ca02570becc85e15c4fe143c43d4efd05f0d430d4a50cbe7b4f49e75f68c1fad
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d6fff4dce0ed66b0ef96ec5165e4b5fa7d2d193df2537040630dd19606b7b664
db57c6b30e7cff1c815c9bdc14f132a8f5c1d607dc63c674141a0683621a0431
edf9103836ae6dd51cbe59f5c648a32d35752b654e8b3164c9fa67cb366dd6c5