targo-aktualisierung.de
Open in
urlscan Pro
188.114.96.3
Malicious Activity!
Public Scan
Effective URL: https://targo-aktualisierung.de/targobank/authentification/65b9788a0b7d9
Submission: On February 12 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on January 28th 2024. Valid for: 3 months.
This is the only time targo-aktualisierung.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: targobank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 9 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 47.251.10.111 47.251.10.111 | 45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.) | |
1 2 | 145.226.174.149 145.226.174.149 | 8255 (EURO-INFO...) (EURO-INFORMATION) | |
10 | 4 |
ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
ip9uk39kv26rml8wjjruzg-on.drv.tw | |
ip9uk39kv26rml8wjjruzg.on.drv.tw |
ASN8255 (EURO-INFORMATION, FR)
PTR: targobank.de
www.targobank.de |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
targo-aktualisierung.de
1 redirects
targo-aktualisierung.de |
1 MB |
2 |
targobank.de
1 redirects
www.targobank.de — Cisco Umbrella Rank: 315404 |
883 B |
2 |
drv.tw
1 redirects
ip9uk39kv26rml8wjjruzg-on.drv.tw ip9uk39kv26rml8wjjruzg.on.drv.tw |
2 KB |
10 | 3 |
Domain | Requested by | |
---|---|---|
9 | targo-aktualisierung.de |
1 redirects
targo-aktualisierung.de
|
2 | www.targobank.de |
1 redirects
targo-aktualisierung.de
|
1 | ip9uk39kv26rml8wjjruzg.on.drv.tw |
targo-aktualisierung.de
|
1 | ip9uk39kv26rml8wjjruzg-on.drv.tw | 1 redirects |
10 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.targobank.de |
www.bsi.bund.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
targo-aktualisierung.de GTS CA 1P5 |
2024-01-28 - 2024-04-27 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://targo-aktualisierung.de/targobank/authentification/65b9788a0b7d9
Frame ID: 8C9CA7E5DE928A538BA8CF4405086E3C
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
Login Online Banking | TARGOBANKiDEAL - Mijn INGPage URL History Show full URLs
- https://targo-aktualisierung.de/targobank/65b9788a0b7d9 Page URL
- https://targo-aktualisierung.de/targobank/authentification/65b9788a0b7d9 Page URL
Page Statistics
21 Outgoing links
These are links going to different origins than the main page.
Title: Privatkunden
Search URL Search Domain Scan URL
Title: Geschäftskunden
Search URL Search Domain Scan URL
Title: Firmenkunden
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Passwort vergessen?
Search URL Search Domain Scan URL
Title: Zugangsdaten vergessen?
Search URL Search Domain Scan URL
Title: Zugangsdaten vergessen?
Search URL Search Domain Scan URL
Title: Neu bei der TARGOBANK?
Search URL Search Domain Scan URL
Title: Online-Sicherheit
Search URL Search Domain Scan URL
Title: Bundesamt für Sicherheit in der Informationstechnik
Search URL Search Domain Scan URL
Title: Mehr erfahren
Search URL Search Domain Scan URL
Title: Mehr erfahren
Search URL Search Domain Scan URL
Title: Mehr erfahren
Search URL Search Domain Scan URL
Title: Impressum
Search URL Search Domain Scan URL
Title: Datenschutz
Search URL Search Domain Scan URL
Title: AGB & Rechtliche Hinweise
Search URL Search Domain Scan URL
Title: Preise & Leistungen
Search URL Search Domain Scan URL
Title: Sicherheit
Search URL Search Domain Scan URL
Title: Kredit
Search URL Search Domain Scan URL
Title: DE
Search URL Search Domain Scan URL
Title: EN
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://targo-aktualisierung.de/targobank/65b9788a0b7d9 Page URL
- https://targo-aktualisierung.de/targobank/authentification/65b9788a0b7d9 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://ip9uk39kv26rml8wjjruzg-on.drv.tw/jsbot.js HTTP 301
- https://ip9uk39kv26rml8wjjruzg.on.drv.tw/jsbot.js
- https://targo-aktualisierung.de/targobank/authentification/js/ing/bandoo.js HTTP 302
- https://www.targobank.de/ HTTP 301
- https://www.targobank.de/de/index.html
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
65b9788a0b7d9
targo-aktualisierung.de/targobank/ |
745 B 856 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
65b9788a0b7d9
targo-aktualisierung.de/targobank/authentification/ |
3 MB 1 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
59 KB 59 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jsbot.js
ip9uk39kv26rml8wjjruzg.on.drv.tw/ Redirect Chain
|
8 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.html
www.targobank.de/de/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.js
targo-aktualisierung.de/js/targobank/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
targobank.png
targo-aktualisierung.de/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
614 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
74 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
622 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
175 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
31 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
66 KB 66 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
76 KB 76 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
online
targo-aktualisierung.de/user/ |
1 B 0 |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
online
targo-aktualisierung.de/user/ |
1 B 0 |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
online
targo-aktualisierung.de/user/ |
1 B 0 |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
online
targo-aktualisierung.de/user/ |
1 B 0 |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: targobank (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| savepage_ShadowLoader1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
targo-aktualisierung.de/ | Name: PHPSESSID Value: tdtn9lpt5n71gh1od0u42bbkal |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ip9uk39kv26rml8wjjruzg-on.drv.tw
ip9uk39kv26rml8wjjruzg.on.drv.tw
targo-aktualisierung.de
www.targobank.de
145.226.174.149
188.114.96.3
47.251.10.111
1aa3edd533940d94c1e417143713e5aaf22c2d269b0a205d611b770c6bb092c6
29091caa6f2374957c15476e14ef16bedead97eac46bf90fa6c55f371331fe99
2dd728523432b8b301641d20d109cb5486953cc99960eba828012e93523a53d8
3274993c2ccd9b85c3597b1e5d08288dadb9611210575b093c33274c9d3bc846
45f2967a362f767a414c279f114b8f6bd293f3ab07d3753fe9abdd4080408c1a
475d4aa3fbc311d30979535bec5e9922dec32caf59661567bf507235122a1015
520193756dc3b8619e8e9af04dbe84b623b41898ca5b1003399b6f8010f8eeb3
5a33fcbf0f406c9e9e767d66a1f43462b8391ffb8e8aaf8de53248a1510e37aa
5e66a8c7347a07a1ed864fa0e0da8bd973efff45537ab7a7525f9dab4caaf5f3
64cd2352fc23c91fe8c05fd696ec62486e5383ca1fe8b67a7aa896a3c624434f
754235af94ace68ec407cdbdbcaab45f4baf868f32feb3ec0bca57adbc0c9193
763ec799fe728d3702688292479dc220ddd0f4af4acc96ed06f21df564a55f6f
a5850616e81a1083429e862600597db59b3a5114291eae884ab2f9a7847dedc2
bbd961c93397bc450f406fc284d8dfe569c39a5cdcbb04c6c847d6e57de60c47
cfefc3d1e1fd30433488f4faf720e638f0567faeee99cec325f7fb726f40db66
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855