![](/screenshots/bf375c99-b6c3-4a9d-ab2b-e05cc3db485b.png)
cp.vpstim.iceservers.net
Open in
urlscan Pro
82.221.141.10
Malicious Activity!
Public Scan
Effective URL: https://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/user.php
Submission: On July 23 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by R10 on June 14th 2024. Valid for: 3 months.
This is the only time cp.vpstim.iceservers.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: targobank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 19 | 82.221.141.10 82.221.141.10 | 50613 (THORDC-AS) (THORDC-AS) | |
17 | 145.226.174.154 145.226.174.154 | 8255 (EURO-INFO...) (EURO-INFORMATION) | |
15 | 91.235.133.188 91.235.133.188 | 30286 (THM) (THM) | |
1 3 | 91.235.132.130 91.235.132.130 | 30286 (THM) (THM) | |
1 | 192.225.158.1 192.225.158.1 | 30286 (THM) (THM) | |
1 | 91.235.134.131 91.235.134.131 | 30286 (THM) (THM) | |
50 | 7 |
ASN50613 (THORDC-AS, IS)
PTR: mail.travelhawk.asia
cp.vpstim.iceservers.net |
ASN30286 (THM, US)
dixnx85sdjb2oozkxpmbjah3woqykypmyoy2hbn220d7543334a45efaam1.e.aa.online-metrix.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
iceservers.net
6 redirects
cp.vpstim.iceservers.net |
64 KB |
17 |
e-i.com
cdnii.e-i.com — Cisco Umbrella Rank: 514326 |
373 KB |
15 |
targobank.de
ydkwim.targobank.de — Cisco Umbrella Rank: 782628 |
93 KB |
5 |
online-metrix.net
1 redirects
h.online-metrix.net — Cisco Umbrella Rank: 4355 h64.online-metrix.net — Cisco Umbrella Rank: 2866 dixnx85sdjb2oozkxpmbjah3woqykypmyoy2hbn220d7543334a45efaam1.e.aa.online-metrix.net |
2 KB |
50 | 4 |
Domain | Requested by | |
---|---|---|
19 | cp.vpstim.iceservers.net |
6 redirects
cp.vpstim.iceservers.net
cdnii.e-i.com |
17 | cdnii.e-i.com |
cp.vpstim.iceservers.net
cdnii.e-i.com |
15 | ydkwim.targobank.de |
cp.vpstim.iceservers.net
ydkwim.targobank.de |
3 | h.online-metrix.net |
1 redirects
ydkwim.targobank.de
|
1 | dixnx85sdjb2oozkxpmbjah3woqykypmyoy2hbn220d7543334a45efaam1.e.aa.online-metrix.net | |
1 | h64.online-metrix.net |
ydkwim.targobank.de
|
50 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.bsi.bund.de |
www.targobank.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cp.vpstim.iceservers.net R10 |
2024-06-14 - 2024-09-12 |
3 months | crt.sh |
*.e-i.com GlobalSign RSA OV SSL CA 2018 |
2024-06-14 - 2025-07-16 |
a year | crt.sh |
ydkwim.targobank.de GlobalSign RSA OV SSL CA 2018 |
2023-12-20 - 2025-01-20 |
a year | crt.sh |
online-metrix.net Viking Cloud Organization Validation CA, Level 1 |
2024-03-20 - 2024-10-21 |
7 months | crt.sh |
*.aa.online-metrix.net Viking Cloud Organization Validation CA, Level 1 |
2024-03-20 - 2024-10-21 |
7 months | crt.sh |
This page contains 6 frames:
Primary Page:
https://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/user.php
Frame ID: 4BBE6541CDA19678A84513DAA40E276C
Requests: 32 HTTP requests in this frame
Frame:
https://ydkwim.targobank.de/fp/check.js;CIS3SID=8D2B9567D5936AA5DDC04E653D05798E?org_id=dixnx85s&session_id=targo-2023-08-13-13-18-58-120-0434041d-71be-427f-a653-1ad591aac0d6&nonce=20d7543334a45efa&jb=33332424607b6d753f4e616e7d7026687b6f3f4469667d782e62736075354368706f6d65
Frame ID: 004A8CEC4F1914E0975A93FC6BF64645
Requests: 14 HTTP requests in this frame
Frame:
https://ydkwim.targobank.de/fp/HP?session_id=targo-2023-08-13-13-18-58-120-0434041d-71be-427f-a653-1ad591aac0d6&org_id=dixnx85s&nonce=20d7543334a45efa&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Frame ID: 1301427C8BA8C685D93A6822CFDE31D0
Requests: 1 HTTP requests in this frame
Frame:
https://ydkwim.targobank.de/fp/ls_fp.html;CIS3SID=8D2B9567D5936AA5DDC04E653D05798E?org_id=dixnx85s&session_id=targo-2023-08-13-13-18-58-120-0434041d-71be-427f-a653-1ad591aac0d6&nonce=20d7543334a45efa
Frame ID: 4260705376BB83634E7EC3896EF24B74
Requests: 1 HTTP requests in this frame
Frame:
https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=8D2B9567D5936AA5DDC04E653D05798E?org_id=dixnx85s&session_id=targo-2023-08-13-13-18-58-120-0434041d-71be-427f-a653-1ad591aac0d6&nonce=20d7543334a45efa
Frame ID: 2F10640CF40B5FB4B1F901988B74DD6F
Requests: 1 HTTP requests in this frame
Frame:
https://ydkwim.targobank.de/fp/top_fp.html;CIS3SID=8D2B9567D5936AA5DDC04E653D05798E?org_id=dixnx85s&session_id=targo-2023-08-13-13-18-58-120-0434041d-71be-427f-a653-1ad591aac0d6&nonce=20d7543334a45efa
Frame ID: A33D67A08329DBC2C7A06D4142665BA5
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/bf375c99-b6c3-4a9d-ab2b-e05cc3db485b.png)
Page Title
Login Online Banking | TARGOBANKPage URL History Show full URLs
-
http://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/
HTTP 307
https://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/ HTTP 302
https://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/index.php HTTP 302
https://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/user.php Page URL
Detected technologies
Detected patterns
- /wp-(?:content|includes)/
Detected patterns
- \.php(?:$|\?)
![](/vendor/wappa/icons/Lightbox.png)
Detected patterns
- lightbox(?:-plus-jquery)?.{0,32}\.js
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Bundesamt für Sicherheit in der Informationstechnik
Search URL Search Domain Scan URL
Title: Mehr erfahren
Search URL Search Domain Scan URL
Title: Mehr erfahren
Search URL Search Domain Scan URL
Title: Mehr erfahren
Search URL Search Domain Scan URL
Title: Preise & Leistungen
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/
HTTP 307
https://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/ HTTP 302
https://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/index.php HTTP 302
https://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/user.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/?laws HTTP 302
- https://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/user.php
- https://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/?laws HTTP 302
- https://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/user.php
- https://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/?laws HTTP 302
- https://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/user.php
- https://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/?laws HTTP 302
- https://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/user.php
- https://h.online-metrix.net/fp/clear.png?org_id=dixnx85s&session_id=targo-2023-08-13-13-18-58-120-0434041d-71be-427f-a653-1ad591aac0d6&nonce=20d7543334a45efa>tl=155520000 HTTP 302
- https://h.online-metrix.net/fp/clear.png?org_id=dixnx85s&session_id=targo-2023-08-13-13-18-58-120-0434041d-71be-427f-a653-1ad591aac0d6&nonce=20d7543334a45efa&k=2
50 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
user.php
cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/ Redirect Chain
|
13 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
user.php
cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/ Redirect Chain
|
13 KB 13 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ei_base.css
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ |
752 KB 84 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery_ei.js
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/appli/ |
105 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
devb_base.css
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ |
57 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ei_custom_responsive.css
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ |
106 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
auth.js
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/appli/ |
939 B 828 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ei_needscript.css
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ |
10 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ei_custom_tile.css
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ |
111 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ei_custom_identification.css
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/appli/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
display.js
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/SDTK/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lightbox.js
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/appli/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tracking_event.js
cdnii.e-i.com/WEBO/sd/wat/1.0.12//javascripts/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tags.js
ydkwim.targobank.de/fp/ |
95 KB 13 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginpage.css
cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/html/css/ |
0 22 B |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m.js
cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/inc/ |
0 13 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cv.js
cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/inc/ |
0 22 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
user.php
cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/ Redirect Chain
|
13 KB 13 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
user.php
cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/ Redirect Chain
|
13 KB 13 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
user.php
cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/app/ Redirect Chain
|
13 KB 13 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
circular--400--normal.woff2
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/commun/fonts/ |
59 KB 59 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/images/css/perso/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginpage.css
cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/html/css/ |
0 22 B |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
targobank_icon_white.svg
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/images/css/perso/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
circular--700--normal.woff2
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/commun/fonts/ |
66 KB 67 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fts_picto.woff2
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/commun/fonts/ |
76 KB 76 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
service_online-sicherheit.jpg
cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/html/img/ |
0 22 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tan-verfahren.jpg
cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/html/img/ |
0 22 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
banking-app-620x450.jpg
cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/html/img/ |
0 22 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
check.js;CIS3SID=8D2B9567D5936AA5DDC04E653D05798E
ydkwim.targobank.de/fp/ Frame 004A |
408 KB 76 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
ydkwim.targobank.de/fp/ Frame 004A |
81 B 475 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
ydkwim.targobank.de/fp/ Frame 004A |
81 B 475 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon-32x32.png
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/images/std/favicons/ |
2 KB 2 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
HP
ydkwim.targobank.de/fp/ Frame 1301 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
ydkwim.targobank.de/fp/ Frame 004A |
81 B 540 B |
XHR
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
h.online-metrix.net/fp/ Frame 004A Redirect Chain
|
0 398 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ls_fp.html;CIS3SID=8D2B9567D5936AA5DDC04E653D05798E
ydkwim.targobank.de/fp/ Frame 4260 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
ydkwim.targobank.de/fp/ Frame 004A |
0 398 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
es.js
ydkwim.targobank.de/fp/ Frame 004A |
134 B 656 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sid_fp.html;CIS3SID=8D2B9567D5936AA5DDC04E653D05798E
h.online-metrix.net/fp/ Frame 2F10 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
top_fp.html;CIS3SID=8D2B9567D5936AA5DDC04E653D05798E
ydkwim.targobank.de/fp/ Frame A33D |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
h64.online-metrix.net/fp/ Frame 004A |
0 399 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
ydkwim.targobank.de/fp/ Frame 004A |
0 218 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
dixnx85sdjb2oozkxpmbjah3woqykypmyoy2hbn220d7543334a45efaam1.e.aa.online-metrix.net/fp/ Frame 004A |
81 B 438 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear3.png;CIS3SID=8D2B9567D5936AA5DDC04E653D05798E
ydkwim.targobank.de/fp/ Frame 004A |
0 218 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear1.png;CIS3SID=8D2B9567D5936AA5DDC04E653D05798E
ydkwim.targobank.de/fp/ Frame 004A |
0 400 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
ydkwim.targobank.de/fp/ Frame 004A |
0 398 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
ydkwim.targobank.de/fp/ Frame 004A |
0 398 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
fetch.php
cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/panel/ |
1 B 55 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
fetch.php
cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/panel/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cp.vpstim.iceservers.net
- URL
- https://cp.vpstim.iceservers.net/wp-content/themes/twentytwentytwo/styles/t-s/panel/fetch.php
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: targobank (Banking)54 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 function| $ function| jQuery function| Display function| OnEventDisplay function| OnEventDisplayOptions function| OnEventDisplayNew function| OnEventDisplayHelp function| setFontSize function| addFav function| setIFrameHeight function| setItemSel function| wlib_createCookie function| wlib_readCookie function| wlib_deleteCookie function| wlib_getNodeId function| wlib_swapDisplayInit function| wlib_swapDisplay function| wlib_show function| wlib_swapDisplayElements function| wlib_hideAll function| wlib_showAll string| wlib_httpMethod function| wlib_httpInit function| wlib_httpOpenToSend function| wlib_httpRefreshHtml function| wlib_initDisplays function| auto_fill number| numberOfFrames function| esd1_displayWait function| esd1_displayWaitAnim function| OpenLB function| CloseLB function| OpenLightBox function| CloseLightBox function| trackEvent function| GACEvent function| GUAEvent function| ATEvent function| PianoEvent function| TCEvent function| GTMEvent function| DCLICEvent function| MTMEvent function| trackCustomEvent function| submitForm function| submitFormOrCaptcha function| submitFormIfNecessary function| shouldSubmitForm function| tmx_run_page_fingerprinting function| tmx_post_session_params_fixed boolean| tmx_profiling_started string| cd4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cp.vpstim.iceservers.net/ | Name: PHPSESSID Value: 0a849398928d90ab21beb9df05534166 |
|
ydkwim.targobank.de/ | Name: thx_guid Value: 94a774d03ffb49f076276edd2a3fe5fd |
|
ydkwim.targobank.de/ | Name: tmx_guid Value: AAyxydKb1sCfQlL9PM3UjM4t_4zmg63bQDLY8ANSzCfiIw6Up3ZTrwCVQUOe5xKBQYlCYFIvYEHqcN9koUkjGTNFNu7mcA |
|
h.online-metrix.net/ | Name: thx_global_guid Value: cfce967e306a4281bfafd7fd9ca1257a |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnii.e-i.com
cp.vpstim.iceservers.net
dixnx85sdjb2oozkxpmbjah3woqykypmyoy2hbn220d7543334a45efaam1.e.aa.online-metrix.net
h.online-metrix.net
h64.online-metrix.net
ydkwim.targobank.de
cp.vpstim.iceservers.net
145.226.174.154
192.225.158.1
82.221.141.10
91.235.132.130
91.235.133.188
91.235.134.131
10ba0effb9c3910637ba92a59c9f5562e2dd76954d4275ff57455cedbf9ab93a
17f3584c73837354ddc3f9adc60e34d7d04929ed08e7fd4ce4a6ef7631f785db
1aa3edd533940d94c1e417143713e5aaf22c2d269b0a205d611b770c6bb092c6
1e1d86b1154ee380b5200b0aedeb3a4fd302c1b4e0efb925317ff733b1dee220
344b4143622b5c8814e8c3f3b1bfa6f4f9c336fd37066064eed44ede0da8d9a2
3c80d0dfe22348e1d8cfc37e6b64dfb353daa4961b847e0a95a5e54ec8863348
475d4aa3fbc311d30979535bec5e9922dec32caf59661567bf507235122a1015
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
754235af94ace68ec407cdbdbcaab45f4baf868f32feb3ec0bca57adbc0c9193
7e5d933041864d63dbc980ed5e71665303297250ff35fadbfa3486decf550971
7f56fb8924b6a1026d4a1f08464793d9723669e652a3c2836b492fd10874d425
8bbbebccaba8e0296e91d0118aa7e60a1cf7a947dacfa1d9c395d218fe13d437
92ba41aa9873d8f826083e78bbc5ead09ea62f3d2e13dfc453765c9aae1a16f1
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
9de4010cbeae73ea48252f4c4baf68f65bc45d1f5e10f3f852ed65fd263e97f9
a5850616e81a1083429e862600597db59b3a5114291eae884ab2f9a7847dedc2
bf446b764bc51ad54f00ecacb66d62a3d9ce67a5bf768db9f5fee94340e2d426
c0f2427a6d94e5d304775bd674cf7eba9ef2182939bf0705fa0fedf7001b9a36
cbdcf2ea8f4d64060463a8429d20ed497be36146a4de14ab7c6cc7aef722f1f6
cfefc3d1e1fd30433488f4faf720e638f0567faeee99cec325f7fb726f40db66
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb113c85215a11bc76e98322fc7f88d813b9ee790166467a543ac13cd68133c1
ed9403031e40e51b0eed6f141270fcd12a543a5018ee53cbf03e0fe02c95a67d
f3087ccba6634e5434bf86dbdc9583a7ad8ef4953ab99223883548d449a94b34