urlscan.io logo urlscan.io
SecurityTrails logo

secrurego-jetzt.com Open in urlscan Pro
45.146.255.179  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://secrurego-jetzt.com/ui898YUh/76Op/658b6bc696169
Submission Tags: @ecarlesi threat phishing Search All
Submission: On December 30 via api from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 6 HTTP transactions. The main IP is 45.146.255.179, located in Germany and belongs to AUROLOGIC aurologic GmbH, DE. The main domain is secrurego-jetzt.com.
TLS certificate: Issued by R3 on December 26th 2023. Valid for: 3 months.
This is the only time secrurego-jetzt.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Volksbank (Banking)

Domain & IP information

IP Address AS Autonomous System
2 45.146.255.179 30823 (AUROLOGIC...)
2 195.200.51.198 15590 (ATRUVIA)
6 3
Apex Domain
Subdomains		 Transfer
2 berliner-volksbank.de
www.berliner-volksbank.de — Cisco Umbrella Rank: 828657 Failed
10 KB
2 secrurego-jetzt.com
secrurego-jetzt.com
553 KB
6 2
Domain Requested by
2 www.berliner-volksbank.de secrurego-jetzt.com
2 secrurego-jetzt.com secrurego-jetzt.com
6 2

This site contains no links.

Subject Issuer Validity Valid
secrurego-jetzt.com
R3		 2023-12-26 -
2024-03-25		 3 months crt.sh
berliner-volksbank.de
QuoVadis Europe EV SSL CA G1		 2023-06-27 -
2024-06-27		 a year crt.sh

This page contains 1 frames:

Primary Page: https://secrurego-jetzt.com/ui898YUh/76Op/658b6bc696169
Frame ID: 1C1CD5C8EB6FD609F578679CA647846E
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Anmelden - Volksbank

Page Statistics

6
Requests

67 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

707 kB
Transfer

2118 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 658b6bc696169
secrurego-jetzt.com/ui898YUh/76Op/ 		2 MB
550 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secrurego-jetzt.com/ui898YUh/76Op/658b6bc696169
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
45.146.255.179 , Germany, ASN30823 (AUROLOGIC aurologic GmbH, DE),
Reverse DNS
silver-hawk-98002.zap.cloud
Software
nginx/1.24.0 /
Resource Hash
3dd0fbe22463c31aadcaf5c9ea86ec916cc38136f8b71e65a6d7ab4717d09e8a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sat, 30 Dec 2023 04:40:36 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
no-cache
Server
nginx/1.24.0
Transfer-Encoding
chunked
Vary
Accept-Encoding
vkb.png
secrurego-jetzt.com/public/img/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secrurego-jetzt.com/public/img/vkb.png
Requested by
Host: secrurego-jetzt.com
URL: https://secrurego-jetzt.com/ui898YUh/76Op/658b6bc696169
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
45.146.255.179 , Germany, ASN30823 (AUROLOGIC aurologic GmbH, DE),
Reverse DNS
silver-hawk-98002.zap.cloud
Software
nginx/1.24.0 /
Resource Hash
22bf3193fa44f65146b052384fa83c3f4037dfb8528492dde8510a7e6076c74f

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://secrurego-jetzt.com/ui898YUh/76Op/658b6bc696169
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 30 Dec 2023 04:40:36 GMT
Last-Modified
Wed, 20 Dec 2023 18:45:50 GMT
Server
nginx/1.24.0
ETag
"6583365e-977"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2423
truncated
/ 		22 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f5e6ddeeafef73b85dbbf7d7b2ed0cef898013f3530ec375caf87fc88eeca5bd

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
08c6216305671f1f3f66067057da56b578d879b7c1c77e409b340e9f873c9a86

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93a42951ec0bae1d49c6c94e2bcac1a728591b5aee96a698aeb95c569aa4ce47

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
33891c62b6270b0139750f3be423eb7c4807121d5ce7d54699a97ff5ada20bfb

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		16 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
60154e6e2f54fa24a52d92b99146a39d81151578f6a3a4bd533bf8c43d676b6c

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bc5bcd93361b2057348129acae6936f5ef20d5b31cebb08a03abdf23a4cb5168

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3097e43e3a9b2002798fa0cee854002a72f17f43103a9ea7b4dedef610a0f5d6

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
193c842a2509cf7f02ae53bcfe06eef90e653f86af7b973bce4059eae10e92f6

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f00e05e6fcb48cbf33e15e7393b71041234246e48727fc225310c153cfa6cc31

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
image/png
polyfills.0e11c782a58adcea.js
www.berliner-volksbank.de/services_auth/auth-frontend/ 		0
0
truncated
/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
70192633915348f5f3297b15a8349cefd61fb2dea99ac974aa243a4605ef0704

Request headers

Referer
Origin
https://secrurego-jetzt.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6a9d7ec3c0dc1347ce344830677d4c085536e3d857f946da8dd666bbe91e3852

Request headers

Referer
Origin
https://secrurego-jetzt.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		63 KB
63 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
17a6c1570a04dd163c252c6ac22efbc0f95106ba77438d18f16e61913c396073

Request headers

Referer
Origin
https://secrurego-jetzt.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c825e9b517a70daf14196922b7c35578f62e5facea44a808acf4dadda1456b85

Request headers

Referer
Origin
https://secrurego-jetzt.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
font/woff2
scripts.8afe9b88e77e9029.js
www.berliner-volksbank.de/services_auth/auth-frontend/ 		30 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.berliner-volksbank.de/services_auth/auth-frontend/scripts.8afe9b88e77e9029.js
Requested by
Host: secrurego-jetzt.com
URL: https://secrurego-jetzt.com/ui898YUh/76Op/658b6bc696169
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.200.51.198 Göppingen, Germany, ASN15590 (ATRUVIA, DE),
Reverse DNS
Software
/
Resource Hash
6eb55389baff7676489188945e3c508c1d5f2ad0969bd5fdcdfb3cd3b26b1ace
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://secrurego-jetzt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 05:16:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
age
3799444
traceresponse
00-dc2ee57fdb8c7256c6df4c958e3a7a34-ef922d40d02c03eb-01
server-timing
dtSInfo;desc="0", dtRpid;desc="360215929"
content-length
9814
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 02 Nov 2023 08:23:36 GMT
x-dt-tracestate
e73a785a-39369852@dt
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=31536000,public
accept-ranges
bytes
expires
Fri, 15 Nov 2024 05:16:32 GMT
main.20b30852e39f9c8e.js
www.berliner-volksbank.de/services_auth/auth-frontend/ 		0
0
main.js
www.berliner-volksbank.de/services_auth/auth-frontend/services_cloud/portal/webcomponents/cms-components/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.berliner-volksbank.de/services_auth/auth-frontend/services_cloud/portal/webcomponents/cms-components/main.js
Requested by
Host: secrurego-jetzt.com
URL: https://secrurego-jetzt.com/ui898YUh/76Op/658b6bc696169
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.200.51.198 Göppingen, Germany, ASN15590 (ATRUVIA, DE),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://secrurego-jetzt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.berliner-volksbank.de
URL
https://www.berliner-volksbank.de/services_auth/auth-frontend/polyfills.0e11c782a58adcea.js
Domain
www.berliner-volksbank.de
URL
https://www.berliner-volksbank.de/services_auth/auth-frontend/main.20b30852e39f9c8e.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Volksbank (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| opttanConfig object| rsct object| RsctOpttan

1 Cookies

Domain/Path Name / Value
secrurego-jetzt.com/ Name: PHPSESSID
Value: prp5fajogutnos7dasqkb0ihoi

4 Console Messages

Source Level URL
Text
javascript error URL: https://secrurego-jetzt.com/ui898YUh/76Op/658b6bc696169
Message:
Access to script at 'https://www.berliner-volksbank.de/services_auth/auth-frontend/main.20b30852e39f9c8e.js' from origin 'https://secrurego-jetzt.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.berliner-volksbank.de/services_auth/auth-frontend/main.20b30852e39f9c8e.js
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://secrurego-jetzt.com/ui898YUh/76Op/658b6bc696169
Message:
Access to script at 'https://www.berliner-volksbank.de/services_auth/auth-frontend/polyfills.0e11c782a58adcea.js' from origin 'https://secrurego-jetzt.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.berliner-volksbank.de/services_auth/auth-frontend/polyfills.0e11c782a58adcea.js
Message:
Failed to load resource: net::ERR_FAILED