www.dkb.de.index-online.ga Open in urlscan Pro
2a00:b700::26 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s.free.fr/36J8SU2R
Effective URL:
https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305
Submission Tags: 6849708
Submission: On November 15 via api (November 15th 2020, 7:52:41 pm UTC) from US

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 14 HTTP transactions. The main IP is 2a00:b700::26, located in Russian Federation and belongs to ASBAXET, RU. The main domain is www.dkb.de.index-online.ga.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 2nd 2020. Valid for: 3 months.

This is the only time www.dkb.de.index-online.ga was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DKB (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a01:e0c:1:15... 2a01:e0c:1:1599::29	12322 (PROXAD) (PROXAD)
1 1	148.72.79.24 148.72.79.24	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
2 16	2a00:b700::26 2a00:b700::26	51659 (ASBAXET) (ASBAXET)
14	2

1 2a01:e0c:1:1599::29 (France) 1 redirects

ASN12322 (PROXAD, FR)

s.free.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 148.72.79.24 (Scottsdale, United States) 1 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-148-72-79-24.ip.secureserver.net

voltaicplasma.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:b700::26 (Russian Federation) 2 redirects

ASN51659 (ASBAXET, RU)

www.dkb.de.index-online.ga	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	index-online.ga 2 redirects www.dkb.de.index-online.ga	231 KB
1	voltaicplasma.com 1 redirects voltaicplasma.com	185 B
1	free.fr 1 redirects s.free.fr	258 B
14	3

	Domain	Requested by
16	www.dkb.de.index-online.ga	2 redirects www.dkb.de.index-online.ga
1	voltaicplasma.com	1 redirects
1	s.free.fr	1 redirects
14	3

This site contains no links.

Subject Issuer	Validity	Valid
www.dkb.de.index-online.ga Let's Encrypt Authority X3	`2020-11-02` - `2021-01-31`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305
Frame ID: 0F8E770FDA946AAF8B7D22FD1B68CF4A
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://s.free.fr/36J8SU2R HTTP 301
https://voltaicplasma.com/wp-content/cache/nextend/notweb/n2-ss-1/health.php HTTP 302
https://www.dkb.de.index-online.ga/file/index.php?id=17401574 HTTP 302
https://www.dkb.de.index-online.ga/file/q99550/index.php?valid=true&id=40985830 HTTP 302
https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 Page URL

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

Page Statistics

14
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

250 kB
Transfer

429 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s.free.fr/36J8SU2R HTTP 301
https://voltaicplasma.com/wp-content/cache/nextend/notweb/n2-ss-1/health.php HTTP 302
https://www.dkb.de.index-online.ga/file/index.php?id=17401574 HTTP 302
https://www.dkb.de.index-online.ga/file/q99550/index.php?valid=true&id=40985830 HTTP 302
https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 00951124a.php Show response www.dkb.de.index-online.ga/file/q99550/ Redirect Chain https://s.free.fr/36J8SU2R https://voltaicplasma.com/wp-content/cache/nextend/notweb/n2-ss-1/health.php https://www.dkb.de.index-online.ga/file/index.php?id=17401574 https://www.dkb.de.index-online.ga/file/q99550/index.php?valid=true&id=40985830 https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305	4 KB 2 KB	344ms 42ms	Document text/html	2a00:b700::26 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::26 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `7401a09e20ae2ace6d6a24e052f47b724f24e9459c8d17d041cc2f32f82da700` Request headers :method GET :authority www.dkb.de.index-online.ga :scheme https :path /file/q99550/00951124a.php?web=succes&local=_&id=40171305 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US cookie PHPSESSID=87ff9f74465fa92c2b1f3f70aa49fa96 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache content-type text/html; charset-UTF-8;charset=UTF-8 content-length 1885 content-encoding br vary Accept-Encoding,User-Agent date Sun, 15 Nov 2020 19:52:24 GMT server LiteSpeed Redirect headers status 302 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-cache, no-store, must-revalidate, max-age=0 pragma no-cache content-type text/html; charset-UTF-8;charset=UTF-8 location ./00951124a.php?web=succes&local=_&id=40171305 content-length 329 content-encoding br vary Accept-Encoding,User-Agent date Sun, 15 Nov 2020 19:52:24 GMT server LiteSpeed
GET H2	200	style.css www.dkb.de.index-online.ga/file/q99550/layout/css/	208 KB 83 KB	343ms 42ms	Stylesheet text/css	2a00:b700::26 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://www.dkb.de.index-online.ga/file/q99550/layout/css/style.css Requested by Host: www.dkb.de.index-online.ga URL: https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::26 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `ccf58fd95a492710d279596355c544f27055b7a7c69082a1fb95776d7dd8275b` Request headers Referer https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 15 Nov 2020 19:52:24 GMT content-encoding br last-modified Sun, 05 Jul 2020 19:38:04 GMT server LiteSpeed etag "34137-5f022c1c-ad05620cbd899012;br" vary Accept-Encoding,User-Agent content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 84392 expires Sun, 22 Nov 2020 19:52:24 GMT
GET H2	200	style.js Show response www.dkb.de.index-online.ga/file/q99550/layout/js/	96 KB 44 KB	427ms 126ms	Script application/javascript	2a00:b700::26 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://www.dkb.de.index-online.ga/file/q99550/layout/js/style.js Requested by Host: www.dkb.de.index-online.ga URL: https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::26 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `b56dd0f5e443608e46b42696f86fe376190c1688f2586cf5345b0b43f2973a5c` Request headers Referer https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 15 Nov 2020 19:52:25 GMT content-encoding br last-modified Sun, 11 Nov 2018 21:23:54 GMT server LiteSpeed etag "17f6f-5be89dea-1782d35ad41d03ef;br" vary Accept-Encoding,User-Agent content-type application/javascript status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 44821 expires Sun, 22 Nov 2020 19:52:25 GMT
GET H2	200	lganim.png www.dkb.de.index-online.ga/file/q99550/layout/img/	2 KB 2 KB	342ms 42ms	Image image/png	2a00:b700::26 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://www.dkb.de.index-online.ga/file/q99550/layout/img/lganim.png Requested by Host: www.dkb.de.index-online.ga URL: https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::26 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `36a258832c16ec7b222f6473c7fb9d6c562515906518c70f04412dfffdc51cce` Request headers Referer https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 15 Nov 2020 19:52:25 GMT last-modified Sun, 05 Jul 2020 19:28:08 GMT server LiteSpeed etag "810-5f0229c8-dde981f47d2e9e7d;;;" vary User-Agent content-type image/png status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 2064 expires Sun, 22 Nov 2020 19:52:25 GMT
GET H2	200	lgm.png www.dkb.de.index-online.ga/file/q99550/layout/img/	2 KB 2 KB	342ms 42ms	Image image/png	2a00:b700::26 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://www.dkb.de.index-online.ga/file/q99550/layout/img/lgm.png Requested by Host: www.dkb.de.index-online.ga URL: https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::26 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `608d2f0a5a4f3095c311ff0644ee444188e2456b2e3aad4dddd17bfcfcfaf785` Request headers Referer https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 15 Nov 2020 19:52:25 GMT last-modified Tue, 30 Jun 2020 21:22:32 GMT server LiteSpeed etag "6cd-5efbad18-17c7574c6ddf3cc4;;;" vary User-Agent content-type image/png status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 1741 expires Sun, 22 Nov 2020 19:52:25 GMT
GET H2	200	lg.png www.dkb.de.index-online.ga/file/q99550/layout/img/	2 KB 2 KB	345ms 41ms	Image image/png	2a00:b700::26 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://www.dkb.de.index-online.ga/file/q99550/layout/img/lg.png Requested by Host: www.dkb.de.index-online.ga URL: https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::26 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `27e18534caa2264f097911adb91ef28ecbd44f836e1930c8529632a99bdac4f4` Request headers Referer https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 15 Nov 2020 19:52:25 GMT last-modified Tue, 30 Jun 2020 20:56:20 GMT server LiteSpeed etag "978-5efba6f4-4cb0df469dd261ab;;;" vary User-Agent content-type image/png status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 2424 expires Sun, 22 Nov 2020 19:52:25 GMT
GET H2	200	rech.png www.dkb.de.index-online.ga/file/q99550/layout/img/	1 KB 1 KB	345ms 42ms	Image image/png	2a00:b700::26 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://www.dkb.de.index-online.ga/file/q99550/layout/img/rech.png Requested by Host: www.dkb.de.index-online.ga URL: https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::26 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `1c6f40e5af1c98c21e718c1eafa10b3675b12f697d0135ed57fffb9260684241` Request headers Referer https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 15 Nov 2020 19:52:25 GMT last-modified Tue, 30 Jun 2020 20:57:18 GMT server LiteSpeed etag "424-5efba72e-75a1e7e0e4fd471c;;;" vary User-Agent content-type image/png status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 1060 expires Sun, 22 Nov 2020 19:52:25 GMT
GET H2	200	rechm.png www.dkb.de.index-online.ga/file/q99550/layout/img/	637 B 724 B	348ms 45ms	Image image/png	2a00:b700::26 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://www.dkb.de.index-online.ga/file/q99550/layout/img/rechm.png Requested by Host: www.dkb.de.index-online.ga URL: https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::26 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `fc90065db7f3be398bc681db3c25ccae42a8e96f7188f69ac5d29a161d8eedf9` Request headers Referer https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 15 Nov 2020 19:52:25 GMT last-modified Tue, 30 Jun 2020 21:06:40 GMT server LiteSpeed etag "27d-5efba960-fd5467a94abb9a9d;;;" vary User-Agent content-type image/png status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 637 expires Sun, 22 Nov 2020 19:52:25 GMT
GET H2	200	pub1.png www.dkb.de.index-online.ga/file/q99550/layout/img/	25 KB 26 KB	345ms 42ms	Image image/png	2a00:b700::26 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://www.dkb.de.index-online.ga/file/q99550/layout/img/pub1.png Requested by Host: www.dkb.de.index-online.ga URL: https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::26 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `ceea86237e527cf82e51462cce096c8e96f068021beaaa20f79bce194d2a37ac` Request headers Referer https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 15 Nov 2020 19:52:25 GMT last-modified Tue, 30 Jun 2020 20:57:56 GMT server LiteSpeed etag "65f3-5efba754-5de6a325fa9bd0ed;;;" vary User-Agent content-type image/png status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 26099 expires Sun, 22 Nov 2020 19:52:25 GMT
GET H2	200	clav.png www.dkb.de.index-online.ga/file/q99550/layout/img/	434 B 520 B	346ms 43ms	Image image/png	2a00:b700::26 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://www.dkb.de.index-online.ga/file/q99550/layout/img/clav.png Requested by Host: www.dkb.de.index-online.ga URL: https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::26 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `e8c287c04d182e18bb74e7c331163d3455affe18148ddde9f152da5c281f5ab7` Request headers Referer https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 15 Nov 2020 19:52:25 GMT last-modified Tue, 30 Jun 2020 20:58:38 GMT server LiteSpeed etag "1b2-5efba77e-349bf35ce4790e1;;;" vary User-Agent content-type image/png status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 434 expires Sun, 22 Nov 2020 19:52:25 GMT
GET H2	200	pss.png www.dkb.de.index-online.ga/file/q99550/layout/img/	833 B 919 B	346ms 43ms	Image image/png	2a00:b700::26 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://www.dkb.de.index-online.ga/file/q99550/layout/img/pss.png Requested by Host: www.dkb.de.index-online.ga URL: https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::26 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `7e2cec3fd9b6e9ae8979990be35356161ef1fe6cb29ad3c6db19b8271ac36d66` Request headers Referer https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 15 Nov 2020 19:52:25 GMT last-modified Thu, 02 Jul 2020 02:10:40 GMT server LiteSpeed etag "341-5efd4220-b40a6c249b7fea1f;;;" vary User-Agent content-type image/png status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 833 expires Sun, 22 Nov 2020 19:52:25 GMT
GET H2	200	mend.png www.dkb.de.index-online.ga/file/q99550/layout/img/	12 KB 12 KB	346ms 44ms	Image image/png	2a00:b700::26 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://www.dkb.de.index-online.ga/file/q99550/layout/img/mend.png Requested by Host: www.dkb.de.index-online.ga URL: https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::26 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `f69e6e5deee9022416eb4794aa37dc6cf592f47ff5664a947163ec7d847ac105` Request headers Referer https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 15 Nov 2020 19:52:25 GMT last-modified Tue, 30 Jun 2020 21:03:22 GMT server LiteSpeed etag "2f65-5efba89a-e431623059d95f4;;;" vary User-Agent content-type image/png status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 12133 expires Sun, 22 Nov 2020 19:52:25 GMT
GET H2	200	foot.png www.dkb.de.index-online.ga/file/q99550/layout/img/	26 KB 26 KB	346ms 44ms	Image image/png	2a00:b700::26 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://www.dkb.de.index-online.ga/file/q99550/layout/img/foot.png Requested by Host: www.dkb.de.index-online.ga URL: https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::26 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `0af2cb3aee76c2bf434e3fefe3d2883d618ba0a05383118aeebac809166435a8` Request headers Referer https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 15 Nov 2020 19:52:25 GMT last-modified Tue, 30 Jun 2020 21:28:08 GMT server LiteSpeed etag "667c-5efbae68-f30ac6ba0c688edd;;;" vary User-Agent content-type image/png status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 26236 expires Sun, 22 Nov 2020 19:52:25 GMT
GET H2	200	footm.png www.dkb.de.index-online.ga/file/q99550/layout/img/	29 KB 30 KB	348ms 46ms	Image image/png	2a00:b700::26 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://www.dkb.de.index-online.ga/file/q99550/layout/img/footm.png Requested by Host: www.dkb.de.index-online.ga URL: https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:b700::26 , Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software LiteSpeed / Resource Hash `9a1bc273bf916f89ee371c6937c0678ce6291e84c521726112a50bdb00701c38` Request headers Referer https://www.dkb.de.index-online.ga/file/q99550/00951124a.php?web=succes&local=_&id=40171305 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 15 Nov 2020 19:52:25 GMT last-modified Tue, 30 Jun 2020 21:11:48 GMT server LiteSpeed etag "75ec-5efbaa94-61281a90e99f9a50;;;" vary User-Agent content-type image/png status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 30188 expires Sun, 22 Nov 2020 19:52:25 GMT
GET DATA	200 OK	truncated /	17 KB 17 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `79b6bfed5b8e93eafbc4b6cc1aeb1a66256446899c27bfb099fc336fb59d3171` Request headers Origin https://www.dkb.de.index-online.ga Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type application/font-woff2;charset=utf-8
GET DATA	200 OK	truncated /	2 KB 2 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `dfb974a480eb34c181c40099fc1ad6714581e1a7ed873be3f9be618563ebd0b7` Request headers Origin https://www.dkb.de.index-online.ga Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type application/font-woff2;charset=utf-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DKB (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.dkb.de.index-online.ga/	1969-12-31 23:59:59	Name: PHPSESSID Value: 87ff9f74465fa92c2b1f3f70aa49fa96

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

s.free.fr
voltaicplasma.com
www.dkb.de.index-online.ga
148.72.79.24
2a00:b700::26
2a01:e0c:1:1599::29
0af2cb3aee76c2bf434e3fefe3d2883d618ba0a05383118aeebac809166435a8
1c6f40e5af1c98c21e718c1eafa10b3675b12f697d0135ed57fffb9260684241
27e18534caa2264f097911adb91ef28ecbd44f836e1930c8529632a99bdac4f4
36a258832c16ec7b222f6473c7fb9d6c562515906518c70f04412dfffdc51cce
608d2f0a5a4f3095c311ff0644ee444188e2456b2e3aad4dddd17bfcfcfaf785
7401a09e20ae2ace6d6a24e052f47b724f24e9459c8d17d041cc2f32f82da700
79b6bfed5b8e93eafbc4b6cc1aeb1a66256446899c27bfb099fc336fb59d3171
7e2cec3fd9b6e9ae8979990be35356161ef1fe6cb29ad3c6db19b8271ac36d66
9a1bc273bf916f89ee371c6937c0678ce6291e84c521726112a50bdb00701c38
b56dd0f5e443608e46b42696f86fe376190c1688f2586cf5345b0b43f2973a5c
ccf58fd95a492710d279596355c544f27055b7a7c69082a1fb95776d7dd8275b
ceea86237e527cf82e51462cce096c8e96f068021beaaa20f79bce194d2a37ac
dfb974a480eb34c181c40099fc1ad6714581e1a7ed873be3f9be618563ebd0b7
e8c287c04d182e18bb74e7c331163d3455affe18148ddde9f152da5c281f5ab7
f69e6e5deee9022416eb4794aa37dc6cf592f47ff5664a947163ec7d847ac105
fc90065db7f3be398bc681db3c25ccae42a8e96f7188f69ac5d29a161d8eedf9

www.dkb.de.index-online.ga Open in urlscan Pro 2a00:b700::26 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

2 IPs

3 Countries

250 kBTransfer

429 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

1 Cookies

Indicators

www.dkb.de.index-online.ga Open in urlscan Pro
2a00:b700::26 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

250 kB
Transfer

429 kB
Size

1
Cookies

14 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!