www.dkb.de.index-online.ga
Open in
urlscan Pro
2a00:b700::26
Malicious Activity!
Public Scan
Effective URL: https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305
Submission Tags: 6849708
Submission: On November 15 via api from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on November 2nd 2020. Valid for: 3 months.
This is the only time www.dkb.de.index-online.ga was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DKB (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2a01:e0c:1:15... 2a01:e0c:1:1599::29 | 12322 (PROXAD) (PROXAD) | |
1 1 | 148.72.79.24 148.72.79.24 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
2 16 | 2a00:b700::26 2a00:b700::26 | 51659 (ASBAXET) (ASBAXET) | |
14 | 2 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-148-72-79-24.ip.secureserver.net
voltaicplasma.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
index-online.ga
2 redirects
www.dkb.de.index-online.ga |
231 KB |
1 |
voltaicplasma.com
1 redirects
voltaicplasma.com |
185 B |
1 |
free.fr
1 redirects
s.free.fr |
258 B |
14 | 3 |
Domain | Requested by | |
---|---|---|
16 | www.dkb.de.index-online.ga |
2 redirects
www.dkb.de.index-online.ga
|
1 | voltaicplasma.com | 1 redirects |
1 | s.free.fr | 1 redirects |
14 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.dkb.de.index-online.ga Let's Encrypt Authority X3 |
2020-11-02 - 2021-01-31 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305
Frame ID: 0F8E770FDA946AAF8B7D22FD1B68CF4A
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://s.free.fr/36J8SU2R
HTTP 301
https://voltaicplasma.com/wp-content/cache/nextend/notweb/n2-ss-1/health.php HTTP 302
https://www.dkb.de.index-online.ga/file/index.php?id=17401574 HTTP 302
https://www.dkb.de.index-online.ga/file/q99550/index.php?valid=true&id=40985830 HTTP 302
https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 Page URL
Detected technologies
LiteSpeed (Web Servers) ExpandDetected patterns
- headers server /^LiteSpeed$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://s.free.fr/36J8SU2R
HTTP 301
https://voltaicplasma.com/wp-content/cache/nextend/notweb/n2-ss-1/health.php HTTP 302
https://www.dkb.de.index-online.ga/file/index.php?id=17401574 HTTP 302
https://www.dkb.de.index-online.ga/file/q99550/index.php?valid=true&id=40985830 HTTP 302
https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
00951124a.php
www.dkb.de.index-online.ga/file/q99550/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
www.dkb.de.index-online.ga/file/q99550/layout/css/ |
208 KB 83 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.js
www.dkb.de.index-online.ga/file/q99550/layout/js/ |
96 KB 44 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lganim.png
www.dkb.de.index-online.ga/file/q99550/layout/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lgm.png
www.dkb.de.index-online.ga/file/q99550/layout/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lg.png
www.dkb.de.index-online.ga/file/q99550/layout/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rech.png
www.dkb.de.index-online.ga/file/q99550/layout/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rechm.png
www.dkb.de.index-online.ga/file/q99550/layout/img/ |
637 B 724 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pub1.png
www.dkb.de.index-online.ga/file/q99550/layout/img/ |
25 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clav.png
www.dkb.de.index-online.ga/file/q99550/layout/img/ |
434 B 520 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pss.png
www.dkb.de.index-online.ga/file/q99550/layout/img/ |
833 B 919 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mend.png
www.dkb.de.index-online.ga/file/q99550/layout/img/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
foot.png
www.dkb.de.index-online.ga/file/q99550/layout/img/ |
26 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footm.png
www.dkb.de.index-online.ga/file/q99550/layout/img/ |
29 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
17 KB 17 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 2 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DKB (Banking)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes function| preventBack object| Modernizr function| $ function| jQuery function| onReady function| setVisible1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.dkb.de.index-online.ga/ | Name: PHPSESSID Value: 87ff9f74465fa92c2b1f3f70aa49fa96 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
s.free.fr
voltaicplasma.com
www.dkb.de.index-online.ga
148.72.79.24
2a00:b700::26
2a01:e0c:1:1599::29
0af2cb3aee76c2bf434e3fefe3d2883d618ba0a05383118aeebac809166435a8
1c6f40e5af1c98c21e718c1eafa10b3675b12f697d0135ed57fffb9260684241
27e18534caa2264f097911adb91ef28ecbd44f836e1930c8529632a99bdac4f4
36a258832c16ec7b222f6473c7fb9d6c562515906518c70f04412dfffdc51cce
608d2f0a5a4f3095c311ff0644ee444188e2456b2e3aad4dddd17bfcfcfaf785
7401a09e20ae2ace6d6a24e052f47b724f24e9459c8d17d041cc2f32f82da700
79b6bfed5b8e93eafbc4b6cc1aeb1a66256446899c27bfb099fc336fb59d3171
7e2cec3fd9b6e9ae8979990be35356161ef1fe6cb29ad3c6db19b8271ac36d66
9a1bc273bf916f89ee371c6937c0678ce6291e84c521726112a50bdb00701c38
b56dd0f5e443608e46b42696f86fe376190c1688f2586cf5345b0b43f2973a5c
ccf58fd95a492710d279596355c544f27055b7a7c69082a1fb95776d7dd8275b
ceea86237e527cf82e51462cce096c8e96f068021beaaa20f79bce194d2a37ac
dfb974a480eb34c181c40099fc1ad6714581e1a7ed873be3f9be618563ebd0b7
e8c287c04d182e18bb74e7c331163d3455affe18148ddde9f152da5c281f5ab7
f69e6e5deee9022416eb4794aa37dc6cf592f47ff5664a947163ec7d847ac105
fc90065db7f3be398bc681db3c25ccae42a8e96f7188f69ac5d29a161d8eedf9