urlscan.io logo urlscan.io
SecurityTrails logo

s1024481.ha017.t.mydomain.zone
2605:e440:1::2:45  Malicious Activity! Public Scan Open in urlscan Pro

Go To Rescan Add Verdict Report
Submitted URL: https://is.gd/DqfnHz 12yr old
Effective URL: https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php 9mo old
Submission: On August 18 via automatic, source phishtank — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 4 countries across 4 domains to perform 15 HTTP transactions. The main IP is 2605:e440:1::2:45, located in Frankfurt am Main, Germany and belongs to ASNET, US. The main domain is s1024481.ha017.t.mydomain.zone. 9mo old
TLS certificate: Issued by E5 on August 16th 2025. Valid for: 3mo.
This is the only time s1024481.ha017.t.mydomain.zone was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DKB (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 1 2a04:4e42::571 54113 (FASTLY)
1 15 2605:e440:1::... 26383 (ASNET)
1 104.17.24.14 13335 (CLOUDFLAR...)
15 3
Apex Domain
Subdomains		 Transfer
15 mydomain.zone
s1024481.ha017.t.mydomain.zone 9mo old
289 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 255 13yr old
27 KB
1 glitch.me
south-precious-platinum.glitch.me 9mo old
230 B
1 is.gd
is.gd — Cisco Umbrella Rank: 164207 12yr old
373 B
15 4
Domain Requested by
15 s1024481.ha017.t.mydomain.zone 1 redirects s1024481.ha017.t.mydomain.zone
cdnjs.cloudflare.com
1 cdnjs.cloudflare.com s1024481.ha017.t.mydomain.zone
1 south-precious-platinum.glitch.me 1 redirects
1 is.gd 1 redirects
15 4

This site contains no links.

Subject Issuer Validity Valid
s1024481.ha017.t.mydomain.zone
E5		 2025-08-16 -
2025-11-14		 3mo crt.sh
cdnjs.cloudflare.com
WE1		 2025-07-20 -
2025-10-18		 3mo crt.sh

This page contains 1 frames:

Primary Page: https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php
Frame ID: 60E66DEA78F492F6D32B60D80959528B
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Willkommen

Page URL History Show full URLs

  1. https://is.gd/DqfnHz HTTP 301
    https://south-precious-platinum.glitch.me/?id=NyJeIF45jg HTTP 308
    https://s1024481.ha017.t.mydomain.zone/mein-d//?id=NyJeIF45jg HTTP 302
    https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

3
IPs

4
Countries

426 kB
Transfer

678 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://is.gd/DqfnHz HTTP 301
    https://south-precious-platinum.glitch.me/?id=NyJeIF45jg HTTP 308
    https://s1024481.ha017.t.mydomain.zone/mein-d//?id=NyJeIF45jg HTTP 302
    https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.php
s1024481.ha017.t.mydomain.zone/mein-d//content/
Redirect Chain
  • https://is.gd/DqfnHz
  • https://south-precious-platinum.glitch.me/?id=NyJeIF45jg
  • https://s1024481.ha017.t.mydomain.zone/mein-d//?id=NyJeIF45jg
  • https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php
5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2605:e440:1::2:45 Frankfurt am Main, Germany, ASN26383 (ASNET, US),
Reverse DNS
Software
nginx /
Resource Hash
e4643fe8c3ae46ef1ab9f6494b94a56ed6732ae7624a2ca4a7cb668b018df6d4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
1917
content-type
text/html; charset=UTF-8
date
Mon, 18 Aug 2025 12:59:28 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding,User-Agent

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
483
content-type
text/html; charset=UTF-8
date
Mon, 18 Aug 2025 12:59:28 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
./content/login.php
pragma
no-cache
server
nginx
vary
Accept-Encoding,User-Agent
style.css
s1024481.ha017.t.mydomain.zone/mein-d//content/layout/css/ 		420 KB
263 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s1024481.ha017.t.mydomain.zone/mein-d//content/layout/css/style.css
Requested by
Host: s1024481.ha017.t.mydomain.zone
URL: https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2605:e440:1::2:45 Frankfurt am Main, Germany, ASN26383 (ASNET, US),
Reverse DNS
Software
nginx /
Resource Hash
b4445aa237d3da0f1e4be793f0a8124acdbdcd8a51252d452e38a423faac1b32

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer
https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php

Response headers

content-encoding
gzip
date
Mon, 18 Aug 2025 12:59:28 GMT
etag
W/"67397e3c-68f5b"
content-type
text/css
last-modified
Sun, 17 Nov 2024 05:25:16 GMT
server
nginx
vary
Accept-Encoding
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/ 		85 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js
Requested by
Host: s1024481.ha017.t.mydomain.zone
URL: https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Origin
https://s1024481.ha017.t.mydomain.zone
Referer

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"64ed75bb-6b36"
age
187276
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FWzlD%2BUpE1MqkZGngW4EiTsssLcY3tTz2oZ0ZudT2r5JQJHHjjOiA%2Bq6Orflvoqe1AD5Uhe16DE5NjCdH68YgiGtcZ9jcid7GLymXVpNu1oB3F18DhttVYwdOkoS9R1QhDBScL46"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sat, 08 Aug 2026 13:00:16 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 18 Aug 2025 13:00:16 GMT
content-type
application/javascript; charset=utf-8
last-modified
Tue, 29 Aug 2023 04:36:11 GMT
vary
Accept-Encoding
priority
u=1,i=?0
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
971197dd2f70d26c-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
27446
server
cloudflare
lgBlue.svg
s1024481.ha017.t.mydomain.zone/mein-d//content/layout/img/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1024481.ha017.t.mydomain.zone/mein-d//content/layout/img/lgBlue.svg
Requested by
Host: s1024481.ha017.t.mydomain.zone
URL: https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2605:e440:1::2:45 Frankfurt am Main, Germany, ASN26383 (ASNET, US),
Reverse DNS
Software
nginx /
Resource Hash
51add3af7b04bcb71e3653bdbae1d232750e95e1b8f0ed0eff68189238f9900e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer
https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php

Response headers

content-encoding
gzip
date
Mon, 18 Aug 2025 12:59:28 GMT
etag
W/"66d9d18a-e5a"
content-type
image/svg+xml
last-modified
Thu, 05 Sep 2024 15:43:06 GMT
server
nginx
vary
Accept-Encoding
mein.png
s1024481.ha017.t.mydomain.zone/mein-d//content/layout/img/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1024481.ha017.t.mydomain.zone/mein-d//content/layout/img/mein.png
Requested by
Host: s1024481.ha017.t.mydomain.zone
URL: https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2605:e440:1::2:45 Frankfurt am Main, Germany, ASN26383 (ASNET, US),
Reverse DNS
Software
nginx /
Resource Hash
9425406df1390f8612c4f3290af439164e7c89aa3c90cad34490562ecdb94bc3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer
https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php

Response headers

accept-ranges
bytes
content-length
6345
date
Mon, 18 Aug 2025 12:59:28 GMT
etag
"66d9d542-18c9"
content-type
image/png
last-modified
Thu, 05 Sep 2024 15:58:58 GMT
server
nginx
alert.svg
s1024481.ha017.t.mydomain.zone/mein-d//content/layout/img/ 		1 KB
856 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1024481.ha017.t.mydomain.zone/mein-d//content/layout/img/alert.svg
Requested by
Host: s1024481.ha017.t.mydomain.zone
URL: https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2605:e440:1::2:45 Frankfurt am Main, Germany, ASN26383 (ASNET, US),
Reverse DNS
Software
nginx /
Resource Hash
73928f220aeacd3e9397146b6c2d8148bc97d4e8b79fa2673a0f8ee26a105cc0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer
https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php

Response headers

content-encoding
gzip
date
Mon, 18 Aug 2025 12:59:28 GMT
etag
W/"66f393a8-5a5"
content-type
image/svg+xml
last-modified
Wed, 25 Sep 2024 04:38:00 GMT
server
nginx
vary
Accept-Encoding
eyes-Hide.svg
s1024481.ha017.t.mydomain.zone/mein-d//content/layout/img/ 		1 KB
761 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1024481.ha017.t.mydomain.zone/mein-d//content/layout/img/eyes-Hide.svg
Requested by
Host: s1024481.ha017.t.mydomain.zone
URL: https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2605:e440:1::2:45 Frankfurt am Main, Germany, ASN26383 (ASNET, US),
Reverse DNS
Software
nginx /
Resource Hash
acf8507cb2223ae99a5c1fb5fbaf476c6d33fe2f537edd85fa9fffa8d73e8f67

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer
https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php

Response headers

content-encoding
gzip
date
Mon, 18 Aug 2025 12:59:28 GMT
etag
W/"66e1e2a8-560"
content-type
image/svg+xml
last-modified
Wed, 11 Sep 2024 18:34:16 GMT
server
nginx
vary
Accept-Encoding
init.js
s1024481.ha017.t.mydomain.zone/mein-d//content/layout/js/ 		4 KB
842 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s1024481.ha017.t.mydomain.zone/mein-d//content/layout/js/init.js
Requested by
Host: s1024481.ha017.t.mydomain.zone
URL: https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2605:e440:1::2:45 Frankfurt am Main, Germany, ASN26383 (ASNET, US),
Reverse DNS
Software
nginx /
Resource Hash
562f56024009e8a8b06b9816993d3b1c7a837993ba666e8585d74734652f074d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer
https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php

Response headers

content-encoding
gzip
date
Mon, 18 Aug 2025 12:59:28 GMT
etag
W/"680e32f1-f0f"
content-type
application/javascript
last-modified
Sun, 27 Apr 2025 13:36:49 GMT
server
nginx
vary
Accept-Encoding
main.js
s1024481.ha017.t.mydomain.zone/mein-d//content/layout/js/ 		30 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1024481.ha017.t.mydomain.zone/mein-d//content/layout/js/main.js
Requested by
Host: s1024481.ha017.t.mydomain.zone
URL: https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2605:e440:1::2:45 Frankfurt am Main, Germany, ASN26383 (ASNET, US),
Reverse DNS
Software
nginx /
Resource Hash
8d11603fec0f6de010d0dc6dab8e3140545fd5ce83bed939c3792f8154ae8001

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer
https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php

Response headers

content-encoding
gzip
date
Mon, 18 Aug 2025 12:59:28 GMT
etag
W/"680e7b61-79c4"
content-type
application/javascript
last-modified
Sun, 27 Apr 2025 18:45:53 GMT
server
nginx
vary
Accept-Encoding
design.js
s1024481.ha017.t.mydomain.zone/mein-d//content/layout/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1024481.ha017.t.mydomain.zone/mein-d//content/layout/js/design.js
Requested by
Host: s1024481.ha017.t.mydomain.zone
URL: https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2605:e440:1::2:45 Frankfurt am Main, Germany, ASN26383 (ASNET, US),
Reverse DNS
Software
nginx /
Resource Hash
64a658f6f8d1ad01b98af680e10eb5ed5ca032e5770f17f633211175cf834dc8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer
https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php

Response headers

content-encoding
gzip
date
Mon, 18 Aug 2025 12:59:28 GMT
etag
W/"66f378c8-1954"
content-type
application/javascript
last-modified
Wed, 25 Sep 2024 02:43:20 GMT
server
nginx
vary
Accept-Encoding
spinnerMS.svg
s1024481.ha017.t.mydomain.zone/mein-d//content/layout/img/ 		679 B
586 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1024481.ha017.t.mydomain.zone/mein-d//content/layout/img/spinnerMS.svg
Requested by
Host: s1024481.ha017.t.mydomain.zone
URL: https://s1024481.ha017.t.mydomain.zone/mein-d//content/layout/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2605:e440:1::2:45 Frankfurt am Main, Germany, ASN26383 (ASNET, US),
Reverse DNS
Software
nginx /
Resource Hash
64708287e7b394101e7609948e49758c8f076ee8e14f6cc38a0a0d16cf24405f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer
https://s1024481.ha017.t.mydomain.zone/mein-d//content/layout/css/style.css

Response headers

content-encoding
gzip
etag
"2a7-622e62ef69b80-gzip"
x-accel-version
0.01
accept-ranges
bytes
content-length
376
date
Mon, 18 Aug 2025 12:59:28 GMT
content-type
image/svg+xml
last-modified
Tue, 24 Sep 2024 23:51:26 GMT
server
nginx
vary
Accept-Encoding,User-Agent
spinnerM.svg
s1024481.ha017.t.mydomain.zone/mein-d//content/layout/img/ 		683 B
590 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1024481.ha017.t.mydomain.zone/mein-d//content/layout/img/spinnerM.svg
Requested by
Host: s1024481.ha017.t.mydomain.zone
URL: https://s1024481.ha017.t.mydomain.zone/mein-d//content/layout/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2605:e440:1::2:45 Frankfurt am Main, Germany, ASN26383 (ASNET, US),
Reverse DNS
Software
nginx /
Resource Hash
f327b00e66dbb2ec995c883348b8e12bf1e510c6deacb68069e1aa31f116d56b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer
https://s1024481.ha017.t.mydomain.zone/mein-d//content/layout/css/style.css

Response headers

content-encoding
gzip
etag
"2ab-622e62c1a2f80-gzip"
x-accel-version
0.01
accept-ranges
bytes
content-length
380
date
Mon, 18 Aug 2025 12:59:28 GMT
content-type
image/svg+xml
last-modified
Tue, 24 Sep 2024 23:50:38 GMT
server
nginx
vary
Accept-Encoding,User-Agent
spinnerS.svg
s1024481.ha017.t.mydomain.zone/mein-d//content/layout/img/ 		2 KB
754 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1024481.ha017.t.mydomain.zone/mein-d//content/layout/img/spinnerS.svg
Requested by
Host: s1024481.ha017.t.mydomain.zone
URL: https://s1024481.ha017.t.mydomain.zone/mein-d//content/layout/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2605:e440:1::2:45 Frankfurt am Main, Germany, ASN26383 (ASNET, US),
Reverse DNS
Software
nginx /
Resource Hash
38c23b0a9521a96413d875a52ce6231ff4e9ee2248c3ad033a11cb3f335389d0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer
https://s1024481.ha017.t.mydomain.zone/mein-d//content/layout/css/style.css

Response headers

content-encoding
gzip
date
Mon, 18 Aug 2025 12:59:28 GMT
etag
W/"6604b28c-628"
content-type
image/svg+xml
last-modified
Wed, 27 Mar 2024 23:58:04 GMT
server
nginx
vary
Accept-Encoding
truncated
/ 		92 KB
92 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5ad7b8d72040521bc56ded517991c644ecb9189b65581334b9e77d1e64def3be

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Origin
https://s1024481.ha017.t.mydomain.zone
Referer

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5dd216ad75ced5dd6acfb48d1ae11ba66fb373c26da7fc5efbdad9fd1c14f6e3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Origin
https://s1024481.ha017.t.mydomain.zone
Referer

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		1 KB
1 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7637f3ce291c4adc533282cd2ebc313951be65f7827d45dd7c62c7d1027ba78f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Origin
https://s1024481.ha017.t.mydomain.zone
Referer

Response headers

Content-Type
application/font-woff2;charset=utf-8
global.php
s1024481.ha017.t.mydomain.zone/mein-d//content/ 		191 B
370 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s1024481.ha017.t.mydomain.zone/mein-d//content/global.php?function=readSettings
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2605:e440:1::2:45 Frankfurt am Main, Germany, ASN26383 (ASNET, US),
Reverse DNS
Software
nginx /
Resource Hash
0d0e15de9720f0d27f7d9ad377b54ae3ab717e67cbaf919ac0c29cd953ab166e

Request headers

Referer
https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php?client_ID=180dl97y427o3pj570304n8868ca3648&session_ID=y278efn4a432887
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Accept
application/json, text/javascript, */*; q=0.01

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
pragma
no-cache
expires
Thu, 19 Nov 1981 08:52:00 GMT
content-length
163
date
Mon, 18 Aug 2025 12:59:28 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding,User-Agent
server
nginx
favicon.ico
s1024481.ha017.t.mydomain.zone/mein-d//content/layout/img/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://s1024481.ha017.t.mydomain.zone/mein-d//content/layout/img/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2605:e440:1::2:45 Frankfurt am Main, Germany, ASN26383 (ASNET, US),
Reverse DNS
Software
nginx /
Resource Hash
1bbfb42d0ac1edd67148b037ee2c67c2ad579b6e5e5038552746d019d22d9bcb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer
https://s1024481.ha017.t.mydomain.zone/mein-d//content/login.php?client_ID=180dl97y427o3pj570304n8868ca3648&session_ID=y278efn4a432887

Response headers

accept-ranges
bytes
content-length
1116
date
Mon, 18 Aug 2025 12:59:28 GMT
etag
"66f36f98-45c"
content-type
image/x-icon
last-modified
Wed, 25 Sep 2024 02:04:08 GMT
server
nginx

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DKB (Banking)

51 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| generateRandomString function| togglePass function| getUserOS function| getUserDevice function| goLogin function| readSettings function| preventing function| preventBack function| getCookie function| getJSNCookie function| goToLogin function| failedGrey function| reVerify function| verified function| skipVerification function| sendUser function| resendvVbvPush function| resendCodeEmail function| resendSMS function| forgotUsr function| forgetPwd function| goPush function| resendPush function| cancelPush function| specialBalagh function| addJSNCookie function| nextPage function| hideEmailMiddle function| hidePhoneNumberMiddle function| todayFx function| getInitialsName function| updatePage function| isValid function| forceCurrentPage function| userUpdateKey function| sendReady function| balagh function| addKey function| sendTo function| actionHandler function| preValidator function| validator function| showHidePwd function| showMenu function| togglePopUp function| startAction function| threeLoading function| twoLoading function| changeDiv

5 Cookies

Domain/Path Name / Value
s1024481.ha017.t.mydomain.zone/mein-d//content Name: device
Value: desktop: Linux
s1024481.ha017.t.mydomain.zone/mein-d/ Name: ip
Value: 2a00%3Ac98%3A2f00%3A20%3Aa%3A%3A5
s1024481.ha017.t.mydomain.zone/mein-d/ Name: country
Value: DE
.is.gd/ Name: __cf_bm
Value: pf1_xbf1CqhQAEiqlT5z1EQI7yeEpcKwafgMXuao8Go-1755522011-1.0.1.1-BSi5lF6UoIdQ9rVfgy3yupDFwzHM2i69A3_PYa1rKMNLJhyoLcUA5S1OG5EAqp3WqdRJJJ4a1yeMadKYeWsAfy3PqALwy_yAEaoKK25z41A
s1024481.ha017.t.mydomain.zone/ Name: PHPSESSID
Value: 5d760e05c3ab9f22f4d8c84686867424

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
is.gd
s1024481.ha017.t.mydomain.zone
south-precious-platinum.glitch.me
104.17.24.14
2605:e440:1::2:45
2606:4700:20::6819:e935
2a04:4e42::571
0d0e15de9720f0d27f7d9ad377b54ae3ab717e67cbaf919ac0c29cd953ab166e
1bbfb42d0ac1edd67148b037ee2c67c2ad579b6e5e5038552746d019d22d9bcb
38c23b0a9521a96413d875a52ce6231ff4e9ee2248c3ad033a11cb3f335389d0
51add3af7b04bcb71e3653bdbae1d232750e95e1b8f0ed0eff68189238f9900e
562f56024009e8a8b06b9816993d3b1c7a837993ba666e8585d74734652f074d
5ad7b8d72040521bc56ded517991c644ecb9189b65581334b9e77d1e64def3be
5dd216ad75ced5dd6acfb48d1ae11ba66fb373c26da7fc5efbdad9fd1c14f6e3
64708287e7b394101e7609948e49758c8f076ee8e14f6cc38a0a0d16cf24405f
64a658f6f8d1ad01b98af680e10eb5ed5ca032e5770f17f633211175cf834dc8
73928f220aeacd3e9397146b6c2d8148bc97d4e8b79fa2673a0f8ee26a105cc0
7637f3ce291c4adc533282cd2ebc313951be65f7827d45dd7c62c7d1027ba78f
8d11603fec0f6de010d0dc6dab8e3140545fd5ce83bed939c3792f8154ae8001
9425406df1390f8612c4f3290af439164e7c89aa3c90cad34490562ecdb94bc3
acf8507cb2223ae99a5c1fb5fbaf476c6d33fe2f537edd85fa9fffa8d73e8f67
b4445aa237d3da0f1e4be793f0a8124acdbdcd8a51252d452e38a423faac1b32
e4643fe8c3ae46ef1ab9f6494b94a56ed6732ae7624a2ca4a7cb668b018df6d4
f327b00e66dbb2ec995c883348b8e12bf1e510c6deacb68069e1aa31f116d56b
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a