![](/screenshots/fd24217d-c140-4b66-9580-feeaa4f9a40e.png)
www.dsv-gruppe.de
Open in
urlscan Pro
2a02:cb40:200::354
Malicious Activity!
Public Scan
Effective URL: https://www.dsv-gruppe.de/dsv-gruppe/unternehmen/sfp.html
Submission: On July 26 via manual from SG — Scanned from DE
Summary
TLS certificate: Issued by D-TRUST SSL Class 3 CA 1 2009 on June 14th 2022. Valid for: a year.
This is the only time www.dsv-gruppe.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparkasse (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 12 | 2a02:cb40:200... 2a02:cb40:200::354 | 20546 (SOPRADO-ANY) (SOPRADO-ANY) | |
5 | 78.46.166.187 78.46.166.187 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 2a00:1450:400... 2a00:1450:4001:800::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 192.229.233.55 192.229.233.55 | 15133 (EDGECAST) (EDGECAST) | |
2 | 13.36.190.56 13.36.190.56 | 16509 (AMAZON-02) (AMAZON-02) | |
20 | 6 |
ASN24940 (HETZNER-AS, DE)
PTR: webfonts.sparkasse.de
webfonts.sparkasse.de |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-190-56.eu-west-3.compute.amazonaws.com
privacy.trustcommander.net | |
privacy.commander1.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
dsv-gruppe.de
1 redirects
www.dsv-gruppe.de |
469 KB |
5 |
sparkasse.de
webfonts.sparkasse.de — Cisco Umbrella Rank: 716618 |
132 KB |
2 |
trustcommander.net
cdn.trustcommander.net — Cisco Umbrella Rank: 26636 privacy.trustcommander.net — Cisco Umbrella Rank: 35161 |
22 KB |
1 |
commander1.com
privacy.commander1.com — Cisco Umbrella Rank: 44412 |
534 B |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 93 |
70 KB |
20 | 5 |
Domain | Requested by | |
---|---|---|
12 | www.dsv-gruppe.de |
1 redirects
www.dsv-gruppe.de
|
5 | webfonts.sparkasse.de |
www.dsv-gruppe.de
|
1 | privacy.commander1.com |
cdn.trustcommander.net
|
1 | privacy.trustcommander.net |
cdn.trustcommander.net
|
1 | cdn.trustcommander.net |
www.googletagmanager.com
|
1 | www.googletagmanager.com |
www.dsv-gruppe.de
|
20 | 6 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.dsv-gruppe.de D-TRUST SSL Class 3 CA 1 2009 |
2022-06-14 - 2023-07-12 |
a year | crt.sh |
webfonts.sparkasse.de D-TRUST SSL Class 3 CA 1 2009 |
2021-11-18 - 2022-11-21 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-07-04 - 2022-09-26 |
3 months | crt.sh |
cdn.tagcommander.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-04-21 - 2023-05-22 |
a year | crt.sh |
*.trustcommander.net Thawte RSA CA 2018 |
2022-03-09 - 2023-04-09 |
a year | crt.sh |
*.commander1.com Thawte RSA CA 2018 |
2021-09-10 - 2022-10-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.dsv-gruppe.de/dsv-gruppe/unternehmen/sfp.html
Frame ID: 26AD4FF38DF1CED70BE66CFFFF48EFA9
Requests: 21 HTTP requests in this frame
Screenshot
![](/screenshots/fd24217d-c140-4b66-9580-feeaa4f9a40e.png)
Page Title
Sparkassen-Finanzportal | DSV-GruppePage URL History Show full URLs
-
http://www.dsv-gruppe.de/dsv-gruppe/unternehmen/sfp.html
HTTP 301
https://www.dsv-gruppe.de/dsv-gruppe/unternehmen/sfp.html Page URL
Detected technologies
Detected patterns
- /etc/designs/
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- googletagmanager\.com/gtm\.js
Page Statistics
17 Outgoing links
These are links going to different origins than the main page.
Title: Kundenlogin
Search URL Search Domain Scan URL
Title: Business-Shop
Search URL Search Domain Scan URL
Title: Sparkassen-Shop
Search URL Search Domain Scan URL
Title: Sparkassen MitarbeiterEinkauf
Search URL Search Domain Scan URL
Title: Mitarbeiter-Shop
Search URL Search Domain Scan URL
Title: LinkedIn
Search URL Search Domain Scan URL
Title: XING
Search URL Search Domain Scan URL
Title: kununu
Search URL Search Domain Scan URL
Title: DSV-Gruppe Karriere auf Instagram
Search URL Search Domain Scan URL
Title: DSV-Azubis auf Instagram
Search URL Search Domain Scan URL
Title: DSV-Azubis auf TikTok
Search URL Search Domain Scan URL
Title: DSV-Gruppe auf Facebook
Search URL Search Domain Scan URL
Title: DSV-Gruppe Karriere auf Facebook
Search URL Search Domain Scan URL
Title: DSV-Azubis auf Facebook
Search URL Search Domain Scan URL
Title: Karriere auf Sparkasse.de
Search URL Search Domain Scan URL
Title: Kontaktanfragen
Search URL Search Domain Scan URL
Title: Datenschutzfragen
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.dsv-gruppe.de/dsv-gruppe/unternehmen/sfp.html
HTTP 301
https://www.dsv-gruppe.de/dsv-gruppe/unternehmen/sfp.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
sfp.html
www.dsv-gruppe.de/dsv-gruppe/unternehmen/ Redirect Chain
|
75 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlibs_vendor.5b5ed128618b5643458bb9a3bccb8802.css
www.dsv-gruppe.de/etc/designs/shared/ |
29 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlibs_standard.73dba236221bb668ed27399652f17786.css
www.dsv-gruppe.de/etc/designs/shared/ |
515 KB 64 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlibs_vendor.33bb4ba0b34f5c639eaba2aafb5f5048.js
www.dsv-gruppe.de/etc/designs/shared/ |
1 KB 930 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlibs_standard.1f0f316ba61224edb722f88949bd22ee.js
www.dsv-gruppe.de/etc/designs/shared/ |
975 KB 268 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Sparkasse_web_Rg.woff2
webfonts.sparkasse.de/ |
31 KB 31 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Sparkasse_web_It.woff2
webfonts.sparkasse.de/ |
24 KB 25 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SparkasseHead_web_Rg.woff2
webfonts.sparkasse.de/ |
24 KB 25 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Sparkasse_web_Bd.woff2
webfonts.sparkasse.de/ |
27 KB 28 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Sparkasse_web_Lt.woff2
webfonts.sparkasse.de/ |
23 KB 24 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DSV-Gruppe_RT.png
www.dsv-gruppe.de/content/dam/mandant-dsv-gruppe/startseite/ |
32 KB 32 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SFP_mit_logo_wei%C3%9F.png
www.dsv-gruppe.de/content/dam/mandant-dsv-gruppe/unternehmenskommunikation/dsv-gruppe/teaser/unternehmenslogos/ |
27 KB 27 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
197 KB 70 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1641905357807.png
www.dsv-gruppe.de/content/dsv-gruppe/de/hauptnavigation/jcr:content/meta-navigation/link_logo/image.img.png/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1641303638590.jpg
www.dsv-gruppe.de/content/dsv-gruppe/de/startseite/dsv-gruppe/unternehmen/sfp/jcr:content/opener/slides/slide1/image.img.original.jpg/ |
23 KB 23 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite-6825441c.svg
www.dsv-gruppe.de/etc/designs/shared/static/images/svg/sparkasse/ |
71 KB 16 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
privacy_v2_110.js
cdn.trustcommander.net/privacy/5394/ |
77 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
privacy.trustcommander.net/privacy-consent/ |
43 B 534 B |
Ping
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
component.75.8336a22867cb77df2401.chunk.js
www.dsv-gruppe.de/etc/designs/shared/static/scripts/application/components/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
ctrust
privacy.commander1.com/ |
43 B 534 B |
Ping
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparkasse (Banking)32 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| dataLayerGTM object| dataLayer object| google_tag_manager string| tCPrivacyTagManager function| prepareAcmVendorConsent function| prepareConsent object| privacyForceHitDomain object| tagCategories object| tagVendors object| minorTags number| tc_privacy_used function| tC object| caReady function| cact string| tcVendorsConsent string| tcCategoriesConsent function| onOptOut function| tc_closePrivacyCenter object| webpackJsonp function| $ function| jQuery function| SearchIndex function| ComponentLoader object| fastdom1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.dsv-gruppe.de/ | Name: TCPID Value: 12272951411454357470 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | frame-ancestors 'self' https://wirnet.dsv-gruppe.de; |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.trustcommander.net
privacy.commander1.com
privacy.trustcommander.net
webfonts.sparkasse.de
www.dsv-gruppe.de
www.googletagmanager.com
13.36.190.56
192.229.233.55
2a00:1450:4001:800::2008
2a02:cb40:200::354
78.46.166.187
05a1bcc8e1530e054b8059af640bac92cc18411872360beb954032ed3fa529ea
06147f5f6c9c65b209ae2b9ebe866796cf1a42b3774da25c51e93f53e38d1073
096f7f4e1114967f2e7102e883edebe113db4cb492889621dc120ffa4d60a256
0bf89fa92c891974c71479430cb7cb8fe50193c70437ef096b35fb1e47112e5b
0feb865ab25583d9997a088b9532b00e6e11b72c2d86cfebf08633f3b1a0a1f4
26ce49f4682c07409deb331b91c30cfb6f03c45426ba4f40606e6576ccedf7e3
372882d973bb4af9445e2c4283b653db5701d2e21496c09229997093f4774fda
547acff31e762851c76731f8a2e6515efe212f14de4b929faea84f6efbed278e
6c38b69e3028bbb297d8b99e090001ef7c25272e0d57e6b1bdecf4a8f98fc9e5
76ae60b25983a4ae5b995a5c9d3ff40c4705e5d3232611702db9a339142c6e77
8db41fe3da9ce118ee335b135c4f0a1dce27ad3374f3591acf3b28b6528f5653
a1526819ed10b3c4d9a1f6e956e673b47f295e58ac66e27391777e58e870331d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2db94eb516c386ce3e776f4896ba8eca2eeaf0c3acfe3c3601dc2a23719f95b
bc417f1b17095cfd3aad19641067373e355658b380f76d197ceca39c7a0525f1
dacb847661ec4d4ef564998290ddde9f616bc6cf92565f1cd5b486d419786596
ec3c703a5c513a5d8bc6c16a50f0e926ae46ed0dae8a3071366a71df2a3f9e87
ee88fd9b3699bcb212d44212f21d65add1930c92382d4e64686ca4eece3fd216
f111736804c4dc6a6b3a9c15cf658be1c4cb9cc202d400171c32f913c961c882
fc8425b006552c1e18536e31c12b7b934bfbed4c9c7ce62009db06724403833f