estrellaswebcam.com
Open in
urlscan Pro
186.64.119.175
Malicious Activity!
Public Scan
Submission: On May 24 via manual from CZ — Scanned from DE
Summary
TLS certificate: Issued by R3 on May 14th 2023. Valid for: 3 months.
This is the only time estrellaswebcam.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparkasse (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 186.64.119.175 186.64.119.175 | 52368 (ZAM LTDA.) (ZAM LTDA.) | |
3 | 213.150.6.28 213.150.6.28 | 12895 (IT-AUSTRI...) (IT-AUSTRIA Vienna) | |
13 | 3 |
ASN52368 (ZAM LTDA., CL)
PTR: mail.pyme114.pymedns.net
estrellaswebcam.com |
ASN12895 (IT-AUSTRIA Vienna, Austria, AT)
PTR: login.sparkasse.at
login.sparkasse.at |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
estrellaswebcam.com
estrellaswebcam.com |
200 KB |
3 |
sparkasse.at
login.sparkasse.at — Cisco Umbrella Rank: 840345 |
3 KB |
13 | 2 |
Domain | Requested by | |
---|---|---|
10 | estrellaswebcam.com |
estrellaswebcam.com
|
3 | login.sparkasse.at |
estrellaswebcam.com
|
13 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.sparkasse.at |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.estrellaswebcam.ssttinvestments.com R3 |
2023-05-14 - 2023-08-12 |
3 months | crt.sh |
login.sparkasse.at DigiCert EV RSA CA G2 |
2023-03-16 - 2024-03-15 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://estrellaswebcam.com/Sparkasse/erste/
Frame ID: 3F02501D0D77273E5E72631411C587AD
Requests: 14 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Title: hier
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
estrellaswebcam.com/Sparkasse/erste/ |
107 KB 37 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lib.css
estrellaswebcam.com/Sparkasse/erste/files/ |
93 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gWqvRrszL2yz5NLdR4kW.js.download
estrellaswebcam.com/Sparkasse/erste/files/ |
220 KB 91 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Doppel-Logo_o_Claim.svg
estrellaswebcam.com/Sparkasse/erste/files/ |
6 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
George-symbol.svg
estrellaswebcam.com/Sparkasse/erste/files/ |
915 B 561 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bankcard.gif
estrellaswebcam.com/Sparkasse/erste/files/ |
49 KB 49 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-Regular-webfont.woff
estrellaswebcam.com/Sparkasse/erste/files/OpenSans/webfonts/opensans_regular/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-Semibold-webfont.woff
estrellaswebcam.com/Sparkasse/erste/files/OpenSans/webfonts/opensans_semibold/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-Regular-webfont.ttf
estrellaswebcam.com/Sparkasse/erste/files/OpenSans/webfonts/opensans_regular/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-Semibold-webfont.ttf
estrellaswebcam.com/Sparkasse/erste/files/OpenSans/webfonts/opensans_semibold/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
JjVL1xJVDS
login.sparkasse.at/sts/ |
33 B 967 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
JjVL1xJVDS
login.sparkasse.at/sts/ |
60 B 865 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
JjVL1xJVDS
login.sparkasse.at/sts/ |
0 931 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparkasse (Banking)40 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| keepalive function| setupKeepaliveInterval number| FLIP_ICON_HEIGHT undefined| myWindow function| sumNumbers function| doRwd function| removeEmptyIEAlertPadding function| calcCol2Height function| calcVisibleWhiteboxHeight function| centerpage function| confirmmsg function| windowtracker function| $ function| jQuery object| reWhiteSpace function| Utf8Encode function| htmlToJsConversion function| nbalert function| setFldFocus function| isWhiteSpace function| isEmpty function| doDisableSpecifiedForm function| doSubmitAndDisable function| jsxEncrypt function| encodeToHex object| STS object| STSSecAppSecondfactor function| setFocus function| displayError function| checkUser function| submitCredentials function| submitCancelLoginForm object| STSCookieBanner boolean| ajax_disabled object| webinject_config string| eventObf function| cls undefined| unload_backup_handler object| w2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
estrellaswebcam.com/ | Name: 4G0qy9fDDI Value: lAOHWdOJ7aMN2KOogmUOSZb8Q8t1X7uM |
|
estrellaswebcam.com/ | Name: NHIJACZdcO Value: yAFZOk2lLVcmL0i1uPBCQKVMaIP2DPBr |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000; includeSubdomains; |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
estrellaswebcam.com
login.sparkasse.at
186.64.119.175
213.150.6.28
04cf169a10f64a9ce6b5650e37e047651690b18b238e1f431636aa292d6fb600
0e6a600e56c051d8db400fb4e377807511fd627b8f5be37555bf11cf9918a3ba
48c24fd8fb19b02949a64918eb768e58dbe70210ad7de1f7f78dfc0052dfde82
605b95182788105d2649dd444824b58416fabea7d22295f6662aed4ea5f68c62
b0f484443bd01c61cebbfb1c3abe4a253e3a0c314150025521712fefc3284224
b8bb52fdbcbdc0b034daee432a3eb2f3232cb0ba16a3eb527bae55cdbc4aaa96
cbe68d4b98dc15f8330492e2231445b7b7cdb44b5c23fc9b0ad57e6ce27df458
d63b87f6b35187a37eb81f9a81f5b52cf33be43e1735da20d838ab8fd82fdd33
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef64cd6986101c72aa777e43872496157ecd23f9dc4770b00f47b9b4bf126f20