de-dkb.dkbgerm.com
Open in
urlscan Pro
46.183.118.222
Malicious Activity!
Public Scan
Effective URL: https://de-dkb.dkbgerm.com/1424ba/
Submission: On July 30 via manual from DE
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on July 30th 2020. Valid for: 3 months.
This is the only time de-dkb.dkbgerm.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DKB (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2620:101:2005... 2620:101:2005:11f0::1001 | 16417 (IRONPORT-...) (IRONPORT-SYSTEMS-INC) | |
2 6 | 46.183.118.222 46.183.118.222 | 49635 (CLOUDING) (CLOUDING) | |
4 | 1 |
ASN49635 (CLOUDING, ES)
PTR: 92b89e9c-c35c-4dec-a47a-6a6d40442c58.clouding.host
de-dkb.dkbgerm.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
dkbgerm.com
2 redirects
de-dkb.dkbgerm.com |
169 KB |
1 |
cisco.com
1 redirects
secure-web.cisco.com |
271 B |
4 | 2 |
Domain | Requested by | |
---|---|---|
6 | de-dkb.dkbgerm.com |
2 redirects
de-dkb.dkbgerm.com
|
1 | secure-web.cisco.com | 1 redirects |
4 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
de-dkb.dkbgerm.com Let's Encrypt Authority X3 |
2020-07-30 - 2020-10-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://de-dkb.dkbgerm.com/1424ba/
Frame ID: 18A21891EAC108ED48723E3E9D0E3F14
Requests: 4 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://secure-web.cisco.com/1uNnpvXltZwNcpuOma0-tTwPiyuroCafYXUrmJYq7SFs8EMm5o5_DoLTfA2qhfaXystsKDkYUKbq...
HTTP 302
https://de-dkb.dkbgerm.com/ HTTP 302
https://de-dkb.dkbgerm.com/1424ba HTTP 301
https://de-dkb.dkbgerm.com/1424ba/ Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://secure-web.cisco.com/1uNnpvXltZwNcpuOma0-tTwPiyuroCafYXUrmJYq7SFs8EMm5o5_DoLTfA2qhfaXystsKDkYUKbqjGUdStAEOdLX3D1T6fEcxjgzEkmifcEur08kndQ3iy-JBtpo_Y_OOeb-jM34onlCG9AltpB2KrWUgl6wDDt7fBTX2EXiReL8fkQXSR8kTgEmhDe5WdC5NN9C-15o4QVA7eJMSFxQ_dQ3rNzTi-KttZQVQ_aWYXT7cRE4woE96bPY4Aa3Ri__-2L6k7bXyKUO6VHU9cPzfXOTgyxQ9IETQlqHg5NWmwlQl3sSSitVsTxAb6mMwheER4gk2fK8iPjHuUhXL4szkL0pBeH_y2rpgdZ1n9DZr3CA/https%3A%2F%2Fde-dkb.dkbgerm.com%2F
HTTP 302
https://de-dkb.dkbgerm.com/ HTTP 302
https://de-dkb.dkbgerm.com/1424ba HTTP 301
https://de-dkb.dkbgerm.com/1424ba/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
de-dkb.dkbgerm.com/1424ba/ Redirect Chain
|
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
de-dkb.dkbgerm.com/1424ba/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Calque0.png
de-dkb.dkbgerm.com/1424ba/images/ |
165 KB 166 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index_Button1_bkgrnd.png
de-dkb.dkbgerm.com/1424ba/images/ |
808 B 808 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DKB (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
de-dkb.dkbgerm.com
secure-web.cisco.com
2620:101:2005:11f0::1001
46.183.118.222
6a43edc7adc97f18050526ce962b0e00a9700157e33aebf709be01db007902a2
797aaca218a1740a25f2fd0005e86b47b6eb8aa9f3ba655bad3ef4d2f815a1d7
9b947115ef2a807f3981e9035613650054a41d342676ba866871cad273557d74
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187