www.voba-support.de Open in urlscan Pro
2606:4700:3031::ac43:d73a  Malicious Activity! Public Scan

9 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.voba-support.de/	991 KB 313 KB	184ms 112ms	Document text/html	2606:4700:3031::ac43:d73a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.voba-support.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::ac43:d73a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 46b70bab6cb6d7548ceb9a3340336d6ab171683b4db380d7969d9d5de4c5be2f Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers date Sun, 30 Jan 2022 12:42:54 GMT content-type text/html; charset=UTF-8 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache vary Accept-Encoding cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FZWVLBkTapqfvF%2FkUlRhIy%2FpBryBKP%2FEhPwGPR7X0OW2NgCgLQyfjtnf8XDi%2FCbGiIGHM0oy7tL4HAIwcnptjvAraOmrlbzghIMSonizkfw1RwM6J617DUtL5bPTwvQPXX9sjUgOL3HSy%2FlPgxLVDo3W"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 6d5ac8671d795bdd-FRA content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	jquery.js Show response www.voba-support.de/dist/js/	87 KB 32 KB	29ms 28ms	Script application/javascript	2606:4700:3031::ac43:d73a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.voba-support.de/dist/js/jquery.js Requested by Host: www.voba-support.de URL: https://www.voba-support.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::ac43:d73a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.voba-support.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 30 Jan 2022 12:42:54 GMT content-encoding br cf-cache-status HIT last-modified Fri, 28 Jan 2022 21:16:43 GMT server cloudflare age 6714 etag W/"15d9d-5d6aaf39703e0-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jEAJ3gZi9ooYhl%2F%2FKu%2FIfF%2BaMktDBs6hl%2Fx4kwFHGRQckz1UogbF0kSN9%2F86n7ENpibGsn%2B6QJPaGHRhoKBJoNS5GyVLYw2CxCyJSQW76txxItAePhi5GQX94SvGuae%2Bk86sAC17xupn%2BkaJLeriniNI"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6d5ac867eef05bdd-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	styles_new.css www.voba-support.de/dist/css/	181 KB 28 KB	178ms 177ms	Stylesheet text/css	2606:4700:3031::ac43:d73a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.voba-support.de/dist/css/styles_new.css Requested by Host: www.voba-support.de URL: https://www.voba-support.de/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:d73a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5d49b77a34a6f213db17404ae95f54bdfd4bf7f7d79f351296c37d81b42611b0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.voba-support.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 30 Jan 2022 12:42:54 GMT content-encoding br cf-cache-status MISS last-modified Fri, 28 Jan 2022 21:16:59 GMT server cloudflare etag W/"2d59f-5d6aaf48c823c-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TeRAkuNidjMyFGjWE4mrbPAeR7Bt3wGcu1dvKiIVAUMUglClosnlttw%2BlkPMVdbGC8FesLhwjA6Lfr6OWA0h5Jy6zKFZMHV2eekm1f0mHQzXV%2FHbFJX6TTKYchrdzP1O1PUomnOTRrCcUpQJa%2FLlBzU%2B"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6d5ac868cb5a0c6d-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	selectize_style.css www.voba-support.de/dist/css/	2 KB 1 KB	125ms 125ms	Stylesheet text/css	2606:4700:3031::ac43:d73a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.voba-support.de/dist/css/selectize_style.css Requested by Host: www.voba-support.de URL: https://www.voba-support.de/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:d73a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash df4a0668029d59c3df311bb16b21dd558df3d7cfb9e8e7d764cf66d3e6d633ef Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.voba-support.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 30 Jan 2022 12:42:54 GMT content-encoding br cf-cache-status MISS last-modified Fri, 28 Jan 2022 21:16:59 GMT server cloudflare etag W/"861-5d6aaf4945251-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=252LHYMc6DPmzEig%2FLP1LBn8DaVpaL3lgsMY26V0V10R%2F%2BDCpGcGH3jfJJ5cShO7ez98PWzZTb6VTkLoTdnSAe0cONYRZRn%2BOESDZ9jyoSOMPDWHzQjfG0iII0NwcRKEnst65PGik6l5mYuVMDpgAlHy"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6d5ac868cb5d0c6d-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	logo_small.gif www.voba-support.de/dist/img/	8 KB 9 KB	107ms 106ms	Image image/gif	2606:4700:3031::ac43:d73a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.voba-support.de/dist/img/logo_small.gif Requested by Host: www.voba-support.de URL: https://www.voba-support.de/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:d73a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a3708350c240900a4a051335e681cfa3e891f05bb59f7946b7933692fa42bb2c Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.voba-support.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 30 Jan 2022 12:42:54 GMT cf-cache-status MISS last-modified Fri, 28 Jan 2022 21:16:44 GMT server cloudflare etag "1ffc-5d6aaf3a9efd3" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rFPbK%2BVZ2pSCi7TAD4rpSj1erjWt2F1ftG5uheBMafhKmqd6Mwv3OJ6m2vFttGmIXP7m9%2Fq25c0U5gts3QWBDcsuwOyVr7ZhPL2OB9Q4pI%2BnUOsdM%2F6bzvM2XCiACurLAKEXC%2B6jSvCZM5B9XBGHyAiE"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 6d5ac868cb680c6d-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 8188
GET H2	200	SchwaebischHall.png www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/	4 KB 4 KB	315ms 53ms	Image image/png	194.149.254.20 FIDUCIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/SchwaebischHall.png Requested by Host: www.voba-support.de URL: https://www.voba-support.de/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.254.20 , Germany, ASN15590 (FIDUCIA, DE), Reverse DNS Software / Resource Hash 7b80565005aab705788b217adbb52b163ae2efdf99fe81ee9d89f91e415e34af Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.voba-support.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' referrer-policy no-referrer-when-downgrade last-modified Thu, 04 Nov 2021 21:18:57 GMT age 0 date Sun, 30 Jan 2022 12:42:54 GMT x-frame-options SAMEORIGIN content-type image/png x-oneagent-js-injection true x-xss-protection 1; mode=block cache-control max-age=1209600, stale-if-error=3600, stale-while-revalidate=3600, public, must-revalidate strict-transport-security max-age=31536000 content-length 4303 x-content-type-options nosniff
GET H2	200	UnionInvestment.png www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/	6 KB 6 KB	297ms 35ms	Image image/png	194.149.254.20 FIDUCIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/UnionInvestment.png Requested by Host: www.voba-support.de URL: https://www.voba-support.de/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.254.20 , Germany, ASN15590 (FIDUCIA, DE), Reverse DNS Software / Resource Hash 93a42951ec0bae1d49c6c94e2bcac1a728591b5aee96a698aeb95c569aa4ce47 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.voba-support.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' referrer-policy no-referrer-when-downgrade last-modified Thu, 02 Apr 2020 20:01:18 GMT age 379 date Sun, 30 Jan 2022 12:36:35 GMT x-frame-options SAMEORIGIN content-type image/png x-oneagent-js-injection true x-xss-protection 1; mode=block cache-control max-age=1209600, stale-if-error=3600, stale-while-revalidate=3600, public, must-revalidate strict-transport-security max-age=31536000 content-length 6142 x-content-type-options nosniff
GET H2	200	RundV.png www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/	5 KB 5 KB	314ms 53ms	Image image/png	194.149.254.20 FIDUCIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/RundV.png Requested by Host: www.voba-support.de URL: https://www.voba-support.de/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.254.20 , Germany, ASN15590 (FIDUCIA, DE), Reverse DNS Software / Resource Hash 33891c62b6270b0139750f3be423eb7c4807121d5ce7d54699a97ff5ada20bfb Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.voba-support.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' referrer-policy no-referrer-when-downgrade last-modified Thu, 02 Apr 2020 20:01:20 GMT age 0 date Sun, 30 Jan 2022 12:42:54 GMT x-frame-options SAMEORIGIN content-type image/png x-oneagent-js-injection true x-xss-protection 1; mode=block cache-control max-age=1209600, stale-if-error=3600, stale-while-revalidate=3600, public, must-revalidate strict-transport-security max-age=31536000 content-length 4917 x-content-type-options nosniff
GET H2	200	easyCredit.png www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/	5 KB 5 KB	315ms 53ms	Image image/png	194.149.254.20 FIDUCIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/easyCredit.png Requested by Host: www.voba-support.de URL: https://www.voba-support.de/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.254.20 , Germany, ASN15590 (FIDUCIA, DE), Reverse DNS Software / Resource Hash ab26bc72d10a5d80984e1a1bbe9f5d12c38013e35070f3ab382908c1f08594ec Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.voba-support.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' referrer-policy no-referrer-when-downgrade last-modified Thu, 10 Aug 2017 14:12:44 GMT age 0 date Sun, 30 Jan 2022 12:42:54 GMT x-frame-options SAMEORIGIN content-type image/png x-oneagent-js-injection true x-xss-protection 1; mode=block cache-control max-age=1209600, stale-if-error=3600, stale-while-revalidate=3600, public, must-revalidate strict-transport-security max-age=31536000 content-length 5085 x-content-type-options nosniff
GET H2	200	DZBANK_Initiativbank.png www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/	16 KB 17 KB	314ms 52ms	Image image/png	194.149.254.20 FIDUCIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/DZBANK_Initiativbank.png Requested by Host: www.voba-support.de URL: https://www.voba-support.de/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.254.20 , Germany, ASN15590 (FIDUCIA, DE), Reverse DNS Software / Resource Hash 60154e6e2f54fa24a52d92b99146a39d81151578f6a3a4bd533bf8c43d676b6c Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.voba-support.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' referrer-policy no-referrer-when-downgrade last-modified Thu, 10 Aug 2017 13:56:41 GMT age 377 date Sun, 30 Jan 2022 12:36:37 GMT x-frame-options SAMEORIGIN content-type image/png x-oneagent-js-injection true x-xss-protection 1; mode=block cache-control max-age=1209600, stale-if-error=3600, stale-while-revalidate=3600, public, must-revalidate strict-transport-security max-age=31536000 content-length 16788 x-content-type-options nosniff
GET H2	200	DZPrivatbank.png www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/	3 KB 3 KB	332ms 71ms	Image image/png	194.149.254.20 FIDUCIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/DZPrivatbank.png Requested by Host: www.voba-support.de URL: https://www.voba-support.de/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.254.20 , Germany, ASN15590 (FIDUCIA, DE), Reverse DNS Software / Resource Hash bc5bcd93361b2057348129acae6936f5ef20d5b31cebb08a03abdf23a4cb5168 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.voba-support.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' referrer-policy no-referrer-when-downgrade last-modified Thu, 10 Aug 2017 13:42:03 GMT age 1 date Sun, 30 Jan 2022 12:42:53 GMT x-frame-options SAMEORIGIN content-type image/png x-oneagent-js-injection true x-xss-protection 1; mode=block cache-control max-age=1209600, stale-if-error=3600, stale-while-revalidate=3600, public, must-revalidate strict-transport-security max-age=31536000 content-length 3090 x-content-type-options nosniff
GET H2	200	VR_Smart_Finanz.png www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/	4 KB 4 KB	73ms 19ms	Image image/png	194.149.254.20 FIDUCIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/VR_Smart_Finanz.png Requested by Host: www.voba-support.de URL: https://www.voba-support.de/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.254.20 , Germany, ASN15590 (FIDUCIA, DE), Reverse DNS Software / Resource Hash 3097e43e3a9b2002798fa0cee854002a72f17f43103a9ea7b4dedef610a0f5d6 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.voba-support.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' referrer-policy no-referrer-when-downgrade last-modified Wed, 01 Aug 2018 12:15:44 GMT age 319 date Sun, 30 Jan 2022 12:37:35 GMT x-frame-options SAMEORIGIN content-type image/png x-oneagent-js-injection true x-xss-protection 1; mode=block cache-control max-age=1209600, stale-if-error=3600, stale-while-revalidate=3600, public, must-revalidate strict-transport-security max-age=31536000 content-length 3727 x-content-type-options nosniff
GET H2	200	DGHYP.png www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/	2 KB 2 KB	108ms 53ms	Image image/png	194.149.254.20 FIDUCIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/DGHYP.png Requested by Host: www.voba-support.de URL: https://www.voba-support.de/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.254.20 , Germany, ASN15590 (FIDUCIA, DE), Reverse DNS Software / Resource Hash 193c842a2509cf7f02ae53bcfe06eef90e653f86af7b973bce4059eae10e92f6 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.voba-support.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' referrer-policy no-referrer-when-downgrade last-modified Wed, 01 Aug 2018 12:15:44 GMT age 0 date Sun, 30 Jan 2022 12:42:54 GMT x-frame-options SAMEORIGIN content-type image/png x-oneagent-js-injection true x-xss-protection 1; mode=block cache-control max-age=1209600, stale-if-error=3600, stale-while-revalidate=3600, public, must-revalidate strict-transport-security max-age=31536000 content-length 1883 x-content-type-options nosniff
GET H2	200	M%C3%BCnchenerHyp.png www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/	6 KB 6 KB	73ms 19ms	Image image/png	194.149.254.20 FIDUCIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/M%C3%BCnchenerHyp.png Requested by Host: www.voba-support.de URL: https://www.voba-support.de/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.254.20 , Germany, ASN15590 (FIDUCIA, DE), Reverse DNS Software / Resource Hash f00e05e6fcb48cbf33e15e7393b71041234246e48727fc225310c153cfa6cc31 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.voba-support.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' referrer-policy no-referrer-when-downgrade last-modified Thu, 10 Aug 2017 13:57:22 GMT age 376 date Sun, 30 Jan 2022 12:36:38 GMT x-frame-options SAMEORIGIN content-type image/png x-oneagent-js-injection true x-xss-protection 1; mode=block cache-control max-age=1209600, stale-if-error=3600, stale-while-revalidate=3600, public, must-revalidate strict-transport-security max-age=31536000 content-length 5806 x-content-type-options nosniff
GET H3	200	login-js.js Show response www.voba-support.de/dist/js/	1 KB 859 B	103ms 102ms	Script application/javascript	2606:4700:3031::ac43:d73a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.voba-support.de/dist/js/login-js.js Requested by Host: www.voba-support.de URL: https://www.voba-support.de/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:d73a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 87d66b64a908815a367022932ea1a8b2fd1a192d3251f00ae2bc92decdc89bec Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.voba-support.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 30 Jan 2022 12:42:54 GMT content-encoding br cf-cache-status MISS last-modified Fri, 28 Jan 2022 21:16:41 GMT server cloudflare etag W/"4bb-5d6aaf37e1c9c-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y6U%2FjSZxtSftx30Uq3vPfns2I7PS6e4KaIcdT10M%2Fw47Q2SH31GaXzG7HVqRZNGW40n9vnuZx6eiFWVL3oMmjxOhID9quyROwmZH6K0i9o5ZjuQObxzCyJx9INqyGbXDaqdhgHwQZ5DWAKhw9tvwegcx"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6d5ac868cb640c6d-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	selectize.min.js Show response www.voba-support.de/dist/js/	61 KB 19 KB	150ms 149ms	Script application/javascript	2606:4700:3031::ac43:d73a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.voba-support.de/dist/js/selectize.min.js Requested by Host: www.voba-support.de URL: https://www.voba-support.de/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:d73a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3b12d22ad3911a57b6d862ce7c9be4bb72423b9226c1b991c252d5160bf01e1c Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.voba-support.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 30 Jan 2022 12:42:54 GMT content-encoding br cf-cache-status MISS last-modified Fri, 28 Jan 2022 21:16:41 GMT server cloudflare etag W/"f3d1-5d6aaf37a7312-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bgic4mTcy%2Bq%2BiBY8jr0OZgK8%2BncvUPSG%2FICWvfjw8AWWEKKY4gIiuiE%2FuB2TAs42vyeKC6ns8cmQXNXioNFVe5weZQ%2Ffg2C8qi7VnyJ0yib5OQKz4ML7v5wGkjbNCUkS%2BoBw0CM%2F4dxlAbbbWiDqZDo8"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6d5ac868cb660c6d-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET DATA	200 OK	truncated /	24 KB 24 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash e51c27572746b9de1a6a24066e439aa07a35264f682f921f2d9afab0ada66d6a Request headers Referer Origin https://www.voba-support.de Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type application/font-woff2;charset=utf-8
GET DATA	200 OK	truncated /	24 KB 24 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 1d2c8a5d8e4077c48189b3b22abe9d735c9534bada852e47d183e3b92a140ed9 Request headers Referer Origin https://www.voba-support.de Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type application/font-woff2;charset=utf-8

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Volksbank (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| Sifter object| MicroPlugin function| Selectize

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.voba-support.de/	1969-12-31 23:59:59	Name: PHPSESSID Value: nkv3s0pkbamd383j90vg893ce7

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.voba-support.de
www.volksbank-eg.de
194.149.254.20
2606:4700:3031::ac43:d73a
193c842a2509cf7f02ae53bcfe06eef90e653f86af7b973bce4059eae10e92f6
1d2c8a5d8e4077c48189b3b22abe9d735c9534bada852e47d183e3b92a140ed9
3097e43e3a9b2002798fa0cee854002a72f17f43103a9ea7b4dedef610a0f5d6
33891c62b6270b0139750f3be423eb7c4807121d5ce7d54699a97ff5ada20bfb
3b12d22ad3911a57b6d862ce7c9be4bb72423b9226c1b991c252d5160bf01e1c
46b70bab6cb6d7548ceb9a3340336d6ab171683b4db380d7969d9d5de4c5be2f
5d49b77a34a6f213db17404ae95f54bdfd4bf7f7d79f351296c37d81b42611b0
60154e6e2f54fa24a52d92b99146a39d81151578f6a3a4bd533bf8c43d676b6c
7b80565005aab705788b217adbb52b163ae2efdf99fe81ee9d89f91e415e34af
87d66b64a908815a367022932ea1a8b2fd1a192d3251f00ae2bc92decdc89bec
93a42951ec0bae1d49c6c94e2bcac1a728591b5aee96a698aeb95c569aa4ce47
a3708350c240900a4a051335e681cfa3e891f05bb59f7946b7933692fa42bb2c
ab26bc72d10a5d80984e1a1bbe9f5d12c38013e35070f3ab382908c1f08594ec
bc5bcd93361b2057348129acae6936f5ef20d5b31cebb08a03abdf23a4cb5168
df4a0668029d59c3df311bb16b21dd558df3d7cfb9e8e7d764cf66d3e6d633ef
e51c27572746b9de1a6a24066e439aa07a35264f682f921f2d9afab0ada66d6a
f00e05e6fcb48cbf33e15e7393b71041234246e48727fc225310c153cfa6cc31
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e