www.voba-support.de
Open in
urlscan Pro
2606:4700:3031::ac43:d73a
Malicious Activity!
Public Scan
Submission: On January 30 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 28th 2022. Valid for: a year.
This is the only time www.voba-support.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Volksbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 2606:4700:303... 2606:4700:3031::ac43:d73a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
9 | 194.149.254.20 194.149.254.20 | 15590 (FIDUCIA) (FIDUCIA) | |
16 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
volksbank-eg.de
www.volksbank-eg.de |
53 KB |
7 |
voba-support.de
www.voba-support.de |
402 KB |
16 | 2 |
Domain | Requested by | |
---|---|---|
9 | www.volksbank-eg.de |
www.voba-support.de
|
7 | www.voba-support.de |
www.voba-support.de
|
16 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.schwaebisch-hall.de |
www.union-investment.de |
www.ruv.de |
www.easycredit.de |
www.dzbank.de |
www.dz-privatbank.com |
www.vr-smart-finanz.de |
www.dzhyp.de |
www.muenchenerhyp.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-01-28 - 2023-01-27 |
a year | crt.sh |
volksbank-eg.de D-TRUST SSL Class 3 CA 1 EV 2009 |
2021-12-06 - 2022-12-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.voba-support.de/
Frame ID: 878C2E835B42867C8426EA2B213BEE32
Requests: 18 HTTP requests in this frame
9 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.voba-support.de/ |
991 KB 313 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
www.voba-support.de/dist/js/ |
87 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
styles_new.css
www.voba-support.de/dist/css/ |
181 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
selectize_style.css
www.voba-support.de/dist/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_small.gif
www.voba-support.de/dist/img/ |
8 KB 9 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SchwaebischHall.png
www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UnionInvestment.png
www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RundV.png
www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
easyCredit.png
www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DZBANK_Initiativbank.png
www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DZPrivatbank.png
www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
VR_Smart_Finanz.png
www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DGHYP.png
www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
M%C3%BCnchenerHyp.png
www.volksbank-eg.de/content/dam/allgemeines/logoleisterefreshdesign/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
login-js.js
www.voba-support.de/dist/js/ |
1 KB 859 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
selectize.min.js
www.voba-support.de/dist/js/ |
61 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
24 KB 24 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
24 KB 24 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Volksbank (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| Sifter object| MicroPlugin function| Selectize1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.voba-support.de/ | Name: PHPSESSID Value: nkv3s0pkbamd383j90vg893ce7 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.voba-support.de
www.volksbank-eg.de
194.149.254.20
2606:4700:3031::ac43:d73a
193c842a2509cf7f02ae53bcfe06eef90e653f86af7b973bce4059eae10e92f6
1d2c8a5d8e4077c48189b3b22abe9d735c9534bada852e47d183e3b92a140ed9
3097e43e3a9b2002798fa0cee854002a72f17f43103a9ea7b4dedef610a0f5d6
33891c62b6270b0139750f3be423eb7c4807121d5ce7d54699a97ff5ada20bfb
3b12d22ad3911a57b6d862ce7c9be4bb72423b9226c1b991c252d5160bf01e1c
46b70bab6cb6d7548ceb9a3340336d6ab171683b4db380d7969d9d5de4c5be2f
5d49b77a34a6f213db17404ae95f54bdfd4bf7f7d79f351296c37d81b42611b0
60154e6e2f54fa24a52d92b99146a39d81151578f6a3a4bd533bf8c43d676b6c
7b80565005aab705788b217adbb52b163ae2efdf99fe81ee9d89f91e415e34af
87d66b64a908815a367022932ea1a8b2fd1a192d3251f00ae2bc92decdc89bec
93a42951ec0bae1d49c6c94e2bcac1a728591b5aee96a698aeb95c569aa4ce47
a3708350c240900a4a051335e681cfa3e891f05bb59f7946b7933692fa42bb2c
ab26bc72d10a5d80984e1a1bbe9f5d12c38013e35070f3ab382908c1f08594ec
bc5bcd93361b2057348129acae6936f5ef20d5b31cebb08a03abdf23a4cb5168
df4a0668029d59c3df311bb16b21dd558df3d7cfb9e8e7d764cf66d3e6d633ef
e51c27572746b9de1a6a24066e439aa07a35264f682f921f2d9afab0ada66d6a
f00e05e6fcb48cbf33e15e7393b71041234246e48727fc225310c153cfa6cc31
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e