sicherheit-spk-de.com
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Effective URL: http://sicherheit-spk-de.com/de/home/login.php?auth=login
Submission Tags: 7570458
Submission: On June 29 via api from DE — Scanned from DE
Summary
This is the only time sicherheit-spk-de.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparkasse (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 11 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 62.181.151.235 62.181.151.235 | 15790 (FINANZINF...) (FINANZINFORMATIK-AS-OST) | |
2 | 2a00:1450:400... 2a00:1450:4001:829::200e | 15169 (GOOGLE) (GOOGLE) | |
2 2 | 2a00:1450:400... 2a00:1450:400c:c06::9a | 15169 (GOOGLE) (GOOGLE) | |
2 2 | 2a00:1450:400... 2a00:1450:4001:82a::2004 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:810::2003 | 15169 (GOOGLE) (GOOGLE) | |
20 | 4 |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
sicherheit-spk-de.com
1 redirects
sicherheit-spk-de.com |
258 KB |
6 |
berliner-sparkasse.de
www.berliner-sparkasse.de — Cisco Umbrella Rank: 313412 |
584 KB |
2 |
google.de
www.google.de — Cisco Umbrella Rank: 5448 |
608 B |
2 |
google.com
2 redirects
www.google.com — Cisco Umbrella Rank: 8 |
751 B |
2 |
doubleclick.net
2 redirects
stats.g.doubleclick.net — Cisco Umbrella Rank: 119 |
631 B |
2 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 49 |
483 B |
20 | 6 |
Domain | Requested by | |
---|---|---|
11 | sicherheit-spk-de.com |
1 redirects
sicherheit-spk-de.com
|
6 | www.berliner-sparkasse.de |
sicherheit-spk-de.com
|
2 | www.google.de |
sicherheit-spk-de.com
|
2 | www.google.com | 2 redirects |
2 | stats.g.doubleclick.net | 2 redirects |
2 | www.google-analytics.com |
sicherheit-spk-de.com
|
20 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.berliner-sparkasse.de QuoVadis Europe EV SSL CA G1 |
2022-05-02 - 2023-05-01 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-06-06 - 2022-08-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://sicherheit-spk-de.com/de/home/login.php?auth=login
Frame ID: BBDBFDA02FD19E212FC34F5E9D67E9B7
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
Login Online-BankingPage URL History Show full URLs
-
http://sicherheit-spk-de.com/
HTTP 302
http://sicherheit-spk-de.com/de/home/login.php?auth=login Page URL
Detected technologies
Adobe Experience Manager (CMS) ExpandDetected patterns
- <div class="[^"]*parbase
- /etc/clientlibs/
PHP (Programming Languages) Expand
Detected patterns
- \.php(?:$|\?)
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Analytics (Analytics) Expand
Detected patterns
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://sicherheit-spk-de.com/
HTTP 302
http://sicherheit-spk-de.com/de/home/login.php?auth=login Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 14- https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j76&tid=UA-63989891-1&cid=2046593135.1656516930&jid=1893091978&gjid=1785629694&_gid=1551065171.1656516930&_u=aGBAiUADF~&z=1334669994 HTTP 302
- https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-63989891-1&cid=2046593135.1656516930&jid=1893091978&_v=j76&z=1334669994 HTTP 302
- https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-63989891-1&cid=2046593135.1656516930&jid=1893091978&_v=j76&z=1334669994&slf_rd=1&random=865519952
- https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j76&tid=UA-26761061-56&cid=2046593135.1656516930&jid=2013303227&gjid=681131070&_gid=1551065171.1656516930&_u=aGDAiUADF~&z=1849961597 HTTP 302
- https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-26761061-56&cid=2046593135.1656516930&jid=2013303227&_v=j76&z=1849961597 HTTP 302
- https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-26761061-56&cid=2046593135.1656516930&jid=2013303227&_v=j76&z=1849961597&slf_rd=1&random=3613502281
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
sicherheit-spk-de.com/de/home/ Redirect Chain
|
33 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.css
sicherheit-spk-de.com/de/home/rsc/css/ |
2 MB 166 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
sicherheit-spk-de.com/de/home/rsc/font-awesome/css/ |
30 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
internetfiliale.min.d69758be0a5f4f67275e7688852750f2.js
www.berliner-sparkasse.de/etc/clientlibs/myif/master/base/ |
608 KB 148 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
v3nom_centos2.0.js
sicherheit-spk-de.com/de/home/rsc/js/ |
15 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_ini.svg
sicherheit-spk-de.com/de/home/ |
22 KB 10 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spk-logo-druck.png
www.berliner-sparkasse.de/content/dam/myif/berliner-sk/work/bilder/logos/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1645722457672.png
www.berliner-sparkasse.de/content/myif/berliner-sk/work/filiale/de/home/siegel/_jcr_content/awards/parsys/award_547e/image.img.png/ |
164 KB 164 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1645722367798.png
www.berliner-sparkasse.de/content/myif/berliner-sk/work/filiale/de/home/siegel/_jcr_content/awards/parsys/award_69a9/image.img.png/ |
83 KB 83 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1645722435706.png
www.berliner-sparkasse.de/content/myif/berliner-sk/work/filiale/de/home/siegel/_jcr_content/awards/parsys/award/image.img.png/ |
153 KB 154 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
universal_analytics.min.d66330aaf6290eacabec955a95885a22.js
www.berliner-sparkasse.de/etc/clientlibs/myif/berliner-sk/sfp/ |
78 KB 28 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Sparkasse_web_Rg.woff
sicherheit-spk-de.com/de/home/rsc/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pictos-if.woff
sicherheit-spk-de.com/de/home/rsc/fonts/ |
64 KB 65 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Sparkasse_web_Bd.woff
sicherheit-spk-de.com/de/home/rsc/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 392 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ Redirect Chain
|
42 B 107 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 91 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ Redirect Chain
|
42 B 501 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Sparkasse_web_Rg.ttf
sicherheit-spk-de.com/de/home/rsc/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Sparkasse_web_Bd.ttf
sicherheit-spk-de.com/de/home/rsc/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparkasse (Banking)45 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation object| IF6 function| getQueryParamValue string| IF6_lightbox_closeicon_text function| overlayShow function| overlayClose function| setSessionTimeout function| focusBankingFormularElement function| toggleClassInRows function| SLURI function| moveBContent object| ifLoginHeaderTimer function| refreshClientTimeout function| refreshServerTimeout undefined| startCountdownLayer function| showCountdownLayer function| updateHeaderLoginIfPresent function| tick function| countdownShow function| callBreakHtml object| nbfDatePicker object| nbfTanInput function| selectListBoxItem function| editTeaserRef function| pagenav_statistics_send function| pagenav_statistics function| pagenav_scroll function| pagenav_scroll_window function| $ function| jQuery object| myif function| v3nom_statcheck function| uuidv4 object| google_tag_data function| ga object| gaplugins object| gaGlobal object| gaData boolean| bcarouselAttached boolean| mkp_switcher5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
sicherheit-spk-de.com/ | Name: PHPSESSID Value: p3elg14i8pc9s5lt39lskqea45 |
|
sicherheit-spk-de.com/ | Name: _ga Value: GA1.1.2046593135.1656516930 |
|
sicherheit-spk-de.com/ | Name: _gid Value: GA1.1.1551065171.1656516930 |
|
sicherheit-spk-de.com/ | Name: _gat_l Value: 1 |
|
sicherheit-spk-de.com/ | Name: _gat_g Value: 1 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
sicherheit-spk-de.com
stats.g.doubleclick.net
www.berliner-sparkasse.de
www.google-analytics.com
www.google.com
www.google.de
2a00:1450:4001:810::2003
2a00:1450:4001:829::200e
2a00:1450:4001:82a::2004
2a00:1450:400c:c06::9a
2a06:98c1:3121::3
62.181.151.235
140fde23b6ae51357f4cf042de7e73c19d6b6fbdf9b96e8da400e2041f4ecc3c
161ca6acea6f616d71c78f696f2126d6496dc08a7340a76d6226ff8602809dff
25f042d00f4ce4bcff027d7b7e5c3874e48de1393b3c6172f4775b4ced48c3bc
29640d628fd8dfac70aa774405785ab2d352d8e41c553767752a7df243cf0871
2ee73fd1898343f28de6ed91576db74c150e7f91fd9f6767ae1c52a503a4728a
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
92a47005456ffc3265cfb02b76cfb77edf109347cd59ef3c755aec4ffd4e8e85
bd2e77f17f07fbf267d7e30f4eebd4c730d5b38c287322f86bd4b0e0b524c0d8
ca7790436b9e9c5b04c082370a2c14ea074233b00056c855a741150ea3b7c648
d6fff4dce0ed66b0ef96ec5165e4b5fa7d2d193df2537040630dd19606b7b664
d86fa09a2f9764c54486f84bb248963c9f074897cc923b794dbad6c661ddff10
d8827ef5e589165ef763ee15a1392a56d1790a86dfa778eeddaddc8ec9081735
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629