de-dkb.dkbgerm.com - urlscan.io

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 46.183.118.222, located in Barcelona, Spain and belongs to CLOUDING, ES. The main domain is de-dkb.dkbgerm.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 30th 2020. Valid for: 3 months.

This is the only time de-dkb.dkbgerm.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DKB (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2620:101:2005... 2620:101:2005:11f0::1001	16417 (IRONPORT-...) (IRONPORT-SYSTEMS-INC)
2 6	46.183.118.222 46.183.118.222	49635 (CLOUDING) (CLOUDING)
4	1

1 2620:101:2005:11f0::1001 (United States) 1 redirects

ASN16417 (IRONPORT-SYSTEMS-INC, US)

secure-web.cisco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 46.183.118.222 (Barcelona, Spain) 2 redirects

ASN49635 (CLOUDING, ES)
PTR: 92b89e9c-c35c-4dec-a47a-6a6d40442c58.clouding.host

de-dkb.dkbgerm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	dkbgerm.com 2 redirects de-dkb.dkbgerm.com	169 KB
1	cisco.com 1 redirects secure-web.cisco.com	271 B
4	2

	Domain	Requested by
6	de-dkb.dkbgerm.com	2 redirects de-dkb.dkbgerm.com
1	secure-web.cisco.com	1 redirects
4	2

This site contains no links.

Subject Issuer	Validity	Valid
de-dkb.dkbgerm.com Let's Encrypt Authority X3	`2020-07-30` - `2020-10-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://de-dkb.dkbgerm.com/1424ba/
Frame ID: 18A21891EAC108ED48723E3E9D0E3F14
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://secure-web.cisco.com/1uNnpvXltZwNcpuOma0-tTwPiyuroCafYXUrmJYq7SFs8EMm5o5_DoLTfA2qhfaXystsKDkYUKbq... HTTP 302
https://de-dkb.dkbgerm.com/ HTTP 302
https://de-dkb.dkbgerm.com/1424ba HTTP 301
https://de-dkb.dkbgerm.com/1424ba/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

4
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

169 kB
Transfer

168 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://secure-web.cisco.com/1uNnpvXltZwNcpuOma0-tTwPiyuroCafYXUrmJYq7SFs8EMm5o5_DoLTfA2qhfaXystsKDkYUKbqjGUdStAEOdLX3D1T6fEcxjgzEkmifcEur08kndQ3iy-JBtpo_Y_OOeb-jM34onlCG9AltpB2KrWUgl6wDDt7fBTX2EXiReL8fkQXSR8kTgEmhDe5WdC5NN9C-15o4QVA7eJMSFxQ_dQ3rNzTi-KttZQVQ_aWYXT7cRE4woE96bPY4Aa3Ri__-2L6k7bXyKUO6VHU9cPzfXOTgyxQ9IETQlqHg5NWmwlQl3sSSitVsTxAb6mMwheER4gk2fK8iPjHuUhXL4szkL0pBeH_y2rpgdZ1n9DZr3CA/https%3A%2F%2Fde-dkb.dkbgerm.com%2F HTTP 302
https://de-dkb.dkbgerm.com/ HTTP 302
https://de-dkb.dkbgerm.com/1424ba HTTP 301
https://de-dkb.dkbgerm.com/1424ba/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response de-dkb.dkbgerm.com/1424ba/ Redirect Chain https://secure-web.cisco.com/1uNnpvXltZwNcpuOma0-tTwPiyuroCafYXUrmJYq7SFs8EMm5o5_DoLTfA2qhfaXystsKDkYUKbqjGUdStAEOdLX3D1T6fEcxjgzEkmifcEur08kndQ3iy-JBtpo_Y_OOeb-jM34onlCG9AltpB2KrWUgl6wDDt7fBTX2EXi... https://de-dkb.dkbgerm.com/ https://de-dkb.dkbgerm.com/1424ba https://de-dkb.dkbgerm.com/1424ba/	1 KB 1 KB	42ms 42ms	Document text/html	46.183.118.222 CLOUDING
General Check archive.org Show headers Download Go to Full URL https://de-dkb.dkbgerm.com/1424ba/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 46.183.118.222 Barcelona, Spain, ASN49635 (CLOUDING, ES), Reverse DNS 92b89e9c-c35c-4dec-a47a-6a6d40442c58.clouding.host Software nginx / PleskLin Resource Hash `797aaca218a1740a25f2fd0005e86b47b6eb8aa9f3ba655bad3ef4d2f815a1d7` Request headers :method GET :authority de-dkb.dkbgerm.com :scheme https :path /1424ba/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 server nginx date Thu, 30 Jul 2020 13:05:56 GMT content-type text/html content-length 1027 last-modified Thu, 30 Jul 2020 13:05:56 GMT etag "5f22c5b4-403" x-powered-by PleskLin accept-ranges bytes Redirect headers status 301 server nginx date Thu, 30 Jul 2020 13:05:56 GMT content-type text/html; charset=iso-8859-1 content-length 311 location https://de-dkb.dkbgerm.com/1424ba/ x-powered-by PleskLin
GET H2	200	styles.css de-dkb.dkbgerm.com/1424ba/	1 KB 1 KB	43ms 42ms	Stylesheet text/css	46.183.118.222 CLOUDING
General Check archive.org Show headers Download Go to Full URL https://de-dkb.dkbgerm.com/1424ba/styles.css Requested by Host: de-dkb.dkbgerm.com URL: https://de-dkb.dkbgerm.com/1424ba/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 46.183.118.222 Barcelona, Spain, ASN49635 (CLOUDING, ES), Reverse DNS 92b89e9c-c35c-4dec-a47a-6a6d40442c58.clouding.host Software nginx / PleskLin Resource Hash `9b947115ef2a807f3981e9035613650054a41d342676ba866871cad273557d74` Request headers Referer https://de-dkb.dkbgerm.com/1424ba/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 30 Jul 2020 13:05:56 GMT last-modified Thu, 30 Jul 2020 13:05:56 GMT server nginx x-powered-by PleskLin etag "5f22c5b4-523" content-type text/css status 200 accept-ranges bytes content-length 1315
GET H2	200	Calque0.png de-dkb.dkbgerm.com/1424ba/images/	165 KB 166 KB	74ms 73ms	Image image/png	46.183.118.222 CLOUDING
General Check archive.org Show headers Download Go to Show image Full URL https://de-dkb.dkbgerm.com/1424ba/images/Calque0.png Requested by Host: de-dkb.dkbgerm.com URL: https://de-dkb.dkbgerm.com/1424ba/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 46.183.118.222 Barcelona, Spain, ASN49635 (CLOUDING, ES), Reverse DNS 92b89e9c-c35c-4dec-a47a-6a6d40442c58.clouding.host Software nginx / PleskLin Resource Hash `6a43edc7adc97f18050526ce962b0e00a9700157e33aebf709be01db007902a2` Request headers Referer https://de-dkb.dkbgerm.com/1424ba/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 30 Jul 2020 13:05:56 GMT last-modified Thu, 30 Jul 2020 13:05:56 GMT server nginx x-powered-by PleskLin etag "5f22c5b4-29533" content-type image/png status 200 accept-ranges bytes content-length 169267
GET H2	404	index_Button1_bkgrnd.png de-dkb.dkbgerm.com/1424ba/images/	808 B 808 B	91ms 91ms	Image text/html	46.183.118.222 CLOUDING
General Check archive.org Show headers Download Go to Show image Full URL https://de-dkb.dkbgerm.com/1424ba/images/index_Button1_bkgrnd.png Requested by Host: de-dkb.dkbgerm.com URL: https://de-dkb.dkbgerm.com/1424ba/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 46.183.118.222 Barcelona, Spain, ASN49635 (CLOUDING, ES), Reverse DNS 92b89e9c-c35c-4dec-a47a-6a6d40442c58.clouding.host Software nginx / Resource Hash `b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187` Request headers Referer https://de-dkb.dkbgerm.com/1424ba/styles.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 30 Jul 2020 13:05:56 GMT last-modified Thu, 30 Jul 2020 12:20:33 GMT server nginx etag "328-5aba7b2ef0338" content-type text/html status 404 accept-ranges bytes content-length 808

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DKB (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

de-dkb.dkbgerm.com
secure-web.cisco.com
2620:101:2005:11f0::1001
46.183.118.222
6a43edc7adc97f18050526ce962b0e00a9700157e33aebf709be01db007902a2
797aaca218a1740a25f2fd0005e86b47b6eb8aa9f3ba655bad3ef4d2f815a1d7
9b947115ef2a807f3981e9035613650054a41d342676ba866871cad273557d74
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

de-dkb.dkbgerm.com Open in urlscan Pro 46.183.118.222 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

4 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

169 kBTransfer

168 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

de-dkb.dkbgerm.com Open in urlscan Pro
46.183.118.222 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

169 kB
Transfer

168 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!