![](/screenshots/fbf10130-e8fc-436d-a1ca-6e1b2e2b61c8.png)
sicher-mobile-volksbank-direkt.xyz
Open in
urlscan Pro
2606:4700:3030::6818:77f5
Malicious Activity!
Public Scan
Submission: On November 29 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 29th 2020. Valid for: a year.
This is the only time sicher-mobile-volksbank-direkt.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Volksbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 2606:4700:303... 2606:4700:3030::6818:77f5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 172.64.128.13 172.64.128.13 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 2 |
ASN13335 (CLOUDFLARENET, US)
sicher-mobile-volksbank-direkt.xyz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
sicher-mobile-volksbank-direkt.xyz
sicher-mobile-volksbank-direkt.xyz |
88 KB |
4 |
hitsteps.net
log.hitsteps.net |
11 KB |
11 | 2 |
Domain | Requested by | |
---|---|---|
7 | sicher-mobile-volksbank-direkt.xyz |
sicher-mobile-volksbank-direkt.xyz
|
4 | log.hitsteps.net |
sicher-mobile-volksbank-direkt.xyz
log.hitsteps.net |
11 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-11-29 - 2021-11-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sicher-mobile-volksbank-direkt.xyz/
Frame ID: 9371258FFC5EB6228CBC60C346E29FAB
Requests: 11 HTTP requests in this frame
Screenshot
![](/screenshots/fbf10130-e8fc-436d-a1ca-6e1b2e2b61c8.png)
Detected technologies
Detected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
sicher-mobile-volksbank-direkt.xyz/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owZe8v6G22WwbBEm0GI1Wnpo5.css
sicher-mobile-volksbank-direkt.xyz/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owU13IVcpE2JTbDejmc.png
sicher-mobile-volksbank-direkt.xyz/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oIQjf8Tk7IYJNLwI6NzZ1Tz.jpg
sicher-mobile-volksbank-direkt.xyz/ |
76 KB 76 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oNNVlhQSejA6DlTwNT8.png
sicher-mobile-volksbank-direkt.xyz/ |
416 B 765 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oJep6mgze4TZD59OIzDyP.png
sicher-mobile-volksbank-direkt.xyz/ |
199 B 507 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ovzarbqjT1IDg8JDojRtcR6i.png
sicher-mobile-volksbank-direkt.xyz/ |
206 B 510 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
track.php
log.hitsteps.net/ |
40 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gather.php
log.hitsteps.net/ |
53 B 450 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
png.php
log.hitsteps.net/ |
294 B 524 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
png.php
log.hitsteps.net/ |
294 B 533 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Volksbank (Banking)97 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| _hs_getqs function| _hs_setData function| _hs_getData string| ipname_temp string| _hs_uniqueid_temp number| _hs_gdpr_diag function| _hs_checkGDPR string| _hs_bat object| _hs_sysbat string| _hs_adplug string| _hs_a_uid number| _hs_navigator_touchpoints function| _hs_readAdplugin function| _hs_readBattery function| _HSTracker number| _HS_jquery_injected number| HSTracked number| ChatDiv undefined| _HS_body undefined| _HS_html undefined| _HS_dhh undefined| hstc undefined| hstcs undefined| htssc function| _hs_getParmFromHash function| getScript object| hsutube number| hsytindex object| hsutbarr object| hsplayerArray object| hitsteps number| hs_idleTime number| hs_idle number| hs_idles number| hs_timed function| _hsni_addListener function| _hsni_get_href function| _hsni_get_parent function| _hsni_get_target function| _hsni_trackAlinks function| _hsni_noIdle function| _hsni_Idle function| _hsni_mnoIdle function| hs_CheckInactivity function| onYouTubePlayerReady function| onYouTubeIframeAPIReady function| _hs_elementor_video_overlay function| _hs_hash_changed number| aid number| sid string| _hs_api_code_public string| hs_lang number| hs_enable_form number| _hs_noyoutubeapi number| _hs_heatmap_allowed number| _hs_pre_compliance string| _hs_gdpr_compliance_txt string| _hs_gdpr_btn_yes string| _hs_gdpr_btn_no function| _hs_a_giveMeRandom function| _hs_a_readCookie function| _hs_a_writeCookie function| _hs_a_setVal function| _hs_a_getVal function| _hs_bt_toTime object| prm number| nochat number| _hs_youtubeapiloaded number| hs_pingcount number| _hs_gdpr object| img string| hs_rev string| hs_goal string| mysearch string| MySearch string| tag string| Tag string| label string| IPname string| ipname string| _hs_uniqueid string| _hs_integrity string| _hs_last_full_url string| uaddress string| utitle string| uref string| new_url object| battery3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
sicher-mobile-volksbank-direkt.xyz/ | Name: _HS_temp_id Value: jr8kvqushg |
|
sicher-mobile-volksbank-direkt.xyz/ | Name: PHPSESSID Value: cs466uchcrodst8a8fchc3d4q6 |
|
.sicher-mobile-volksbank-direkt.xyz/ | Name: __cfduid Value: d4ed788de9d63fdf59d4d8008759b2bd71606666675 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
log.hitsteps.net
sicher-mobile-volksbank-direkt.xyz
172.64.128.13
2606:4700:3030::6818:77f5
0392b2010148a814539651ab0b337ad59c7d65c20e612dd0b25ad3fa41f88053
39d7a3994f127f43abd8e2e25377f48970f37c0a4d0cbeb55c0631516609ea60
77045e6ba6dd51a001227df5fba513f06957554157546bdf634e2de04073ae3c
8228666f7b7248efbb90277106bc381310060a5c7e2975264f75925c8d2d43ed
92cedc4a98d0d2f737f76314549dbcd3af502daaab543e55871793479bf2cb75
95de8b8e27482bb74828ce6ca0c3516cd6fc7283bf0efea4a50bce7c8193d7cf
c5b872fa66fc0c05f349cb4ca2b9efe201c9b786810ce403379093639f8be0dd
c756a9cf8914499689ca9b70f08d482c5121c6712ec2544c14c83bf97a18c4d8
da078b546f8ca24e1a36441725f00d954b62fadf8f53478657104a22408ad0d4
df9f468196bdd2e7604fcb6a004d80147b1b2f5f2fd20551c9a70539205cb033