dkb.digitalworkpalace.com Open in urlscan Pro
103.228.112.106 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cetangarana.com/de/
Effective URL:
https://dkb.digitalworkpalace.com/banking/auth/login.php
Submission: On December 16 via api (December 16th 2022, 12:33:00 pm UTC) from GB — Scanned from DE

Summary HTTP 5 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 5 HTTP transactions. The main IP is 103.228.112.106, located in Gurgaon, India and belongs to NEXTRA-IN NEXTRA TELESERVICES PVT. LTD., IN. The main domain is dkb.digitalworkpalace.com.
TLS certificate: Issued by R3 on December 12th 2022. Valid for: 3 months.

This is the only time dkb.digitalworkpalace.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DKB (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	134.0.10.149 134.0.10.149	197712 (CDMON sis...) (CDMON sistemes@cdmon.com)
1 6	103.228.112.106 103.228.112.106	58640 (NEXTRA-IN...) (NEXTRA-IN NEXTRA TELESERVICES PVT. LTD.)
5	2

1 134.0.10.149 (Spain) 1 redirects

ASN197712 (CDMON sistemes@cdmon.com, ES)
PTR: vxhcp-08.srv.cat

cetangarana.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 103.228.112.106 (Gurgaon, India) 1 redirects

ASN58640 (NEXTRA-IN NEXTRA TELESERVICES PVT. LTD., IN)
PTR: ns106.resellerone.host

dkb.digitalworkpalace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	digitalworkpalace.com 1 redirects dkb.digitalworkpalace.com	917 KB
1	cetangarana.com 1 redirects cetangarana.com	210 B
5	2

	Domain	Requested by
6	dkb.digitalworkpalace.com	1 redirects dkb.digitalworkpalace.com
1	cetangarana.com	1 redirects
5	2

This site contains no links.

Subject Issuer	Validity	Valid
dkb.digitalworkpalace.com R3	`2022-12-12` - `2023-03-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://dkb.digitalworkpalace.com/banking/auth/login.php
Frame ID: 6721E920BBB0907031868AA2BF50918E
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DKB - Deutsche Kreditbank AG - Internet Banking

Page URL History Show full URLs

https://cetangarana.com/de/ HTTP 302
https://dkb.digitalworkpalace.com/banking/ HTTP 302
https://dkb.digitalworkpalace.com/banking/auth/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

917 kB
Transfer

924 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cetangarana.com/de/ HTTP 302
https://dkb.digitalworkpalace.com/banking/ HTTP 302
https://dkb.digitalworkpalace.com/banking/auth/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
5 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.php Show response dkb.digitalworkpalace.com/banking/auth/ Redirect Chain https://cetangarana.com/de/ https://dkb.digitalworkpalace.com/banking/ https://dkb.digitalworkpalace.com/banking/auth/login.php	30 KB 31 KB	580ms 579ms	Document text/html	103.228.112.106 NEXTRA-IN NEXTRA ...
General Check archive.org Show headers Download Go to Full URL https://dkb.digitalworkpalace.com/banking/auth/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 103.228.112.106 Gurgaon, India, ASN58640 (NEXTRA-IN NEXTRA TELESERVICES PVT. LTD., IN), Reverse DNS ns106.resellerone.host Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `b34571e3d08800133f2f99bdd89b9367d42fe1ca5a6203d3b907f17df88a830f` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Content-Encoding gzip Content-Length 31199 Content-Type text/html; charset=UTF-8 Date Fri, 16 Dec 2022 12:32:54 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Pragma no-cache Server Microsoft-IIS/8.5 Vary Accept-Encoding X-Powered-By ASP.NET X-Powered-By-Plesk PleskWin Redirect headers Cache-Control no-store, no-cache, must-revalidate Content-Length 137 Content-Type text/html; charset=UTF-8 Date Fri, 16 Dec 2022 12:32:54 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Location auth/login.php Pragma no-cache Server Microsoft-IIS/8.5 X-Powered-By ASP.NET X-Powered-By-Plesk PleskWin
GET H/1.1	200 OK	global.css dkb.digitalworkpalace.com/banking/auth/files/css/	237 KB 238 KB	1222ms 1078ms	Stylesheet text/css	103.228.112.106 NEXTRA-IN NEXTRA ...
General Check archive.org Show headers Download Go to Full URL https://dkb.digitalworkpalace.com/banking/auth/files/css/global.css Requested by Host: dkb.digitalworkpalace.com URL: https://dkb.digitalworkpalace.com/banking/auth/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 103.228.112.106 Gurgaon, India, ASN58640 (NEXTRA-IN NEXTRA TELESERVICES PVT. LTD., IN), Reverse DNS ns106.resellerone.host Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `6f7e37273fe0e0310c8a491decebfc3a97f48f5d26982f34e7c1353ce1930661` Request headers accept-language de-DE,de;q=0.9 Referer https://dkb.digitalworkpalace.com/banking/auth/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers X-Powered-By-Plesk PleskWin Date Fri, 16 Dec 2022 12:32:55 GMT Content-Encoding gzip Last-Modified Wed, 30 Nov 2022 16:45:58 GMT Server Microsoft-IIS/8.5 ETag "febbc038db4d91:0" X-Powered-By ASP.NET Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Accept-Ranges bytes
GET H/1.1	200 OK	responsive.min.css dkb.digitalworkpalace.com/banking/auth/files/css/	601 KB 602 KB	733ms 442ms	Stylesheet text/css	103.228.112.106 NEXTRA-IN NEXTRA ...
General Check archive.org Show headers Download Go to Full URL https://dkb.digitalworkpalace.com/banking/auth/files/css/responsive.min.css Requested by Host: dkb.digitalworkpalace.com URL: https://dkb.digitalworkpalace.com/banking/auth/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 103.228.112.106 Gurgaon, India, ASN58640 (NEXTRA-IN NEXTRA TELESERVICES PVT. LTD., IN), Reverse DNS ns106.resellerone.host Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `84ceb28d811d91ca06987031548f3f32a860ebd7206bc0d3c2ebd2684ababd97` Request headers accept-language de-DE,de;q=0.9 Referer https://dkb.digitalworkpalace.com/banking/auth/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers X-Powered-By-Plesk PleskWin Date Fri, 16 Dec 2022 12:32:55 GMT Content-Encoding gzip Last-Modified Wed, 30 Nov 2022 15:22:18 GMT Server Microsoft-IIS/8.5 ETag "2f5e9188cf4d91:0" X-Powered-By ASP.NET Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Accept-Ranges bytes
GET H/1.1	200 OK	cf318495924471a0f48394a91edef30d.jpg dkb.digitalworkpalace.com/banking/auth/files/img/	19 KB 20 KB	612ms 454ms	Image image/jpeg	103.228.112.106 NEXTRA-IN NEXTRA ...
General Check archive.org Show headers Download Go to Show image Full URL https://dkb.digitalworkpalace.com/banking/auth/files/img/cf318495924471a0f48394a91edef30d.jpg Requested by Host: dkb.digitalworkpalace.com URL: https://dkb.digitalworkpalace.com/banking/auth/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 103.228.112.106 Gurgaon, India, ASN58640 (NEXTRA-IN NEXTRA TELESERVICES PVT. LTD., IN), Reverse DNS ns106.resellerone.host Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `d364f8c877649738183736979f77804f29d3442f81d84ae6bd7d267af56907e4` Request headers accept-language de-DE,de;q=0.9 Referer https://dkb.digitalworkpalace.com/banking/auth/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers X-Powered-By-Plesk PleskWin Date Fri, 16 Dec 2022 12:32:55 GMT Last-Modified Wed, 30 Nov 2022 15:36:18 GMT Server Microsoft-IIS/8.5 ETag "f6f9717dd14d91:0" X-Powered-By ASP.NET Content-Type image/jpeg Accept-Ranges bytes Content-Length 19924
GET H/1.1	200 OK	large.jpg dkb.digitalworkpalace.com/banking/auth/files/img/	26 KB 27 KB	728ms 437ms	Image image/jpeg	103.228.112.106 NEXTRA-IN NEXTRA ...
General Check archive.org Show headers Download Go to Show image Full URL https://dkb.digitalworkpalace.com/banking/auth/files/img/large.jpg Requested by Host: dkb.digitalworkpalace.com URL: https://dkb.digitalworkpalace.com/banking/auth/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 103.228.112.106 Gurgaon, India, ASN58640 (NEXTRA-IN NEXTRA TELESERVICES PVT. LTD., IN), Reverse DNS ns106.resellerone.host Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `4f089d9911784e1253afaf5102932887ff2dbb1577d13ccae8d1f4cd8461c780` Request headers accept-language de-DE,de;q=0.9 Referer https://dkb.digitalworkpalace.com/banking/auth/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers X-Powered-By-Plesk PleskWin Date Fri, 16 Dec 2022 12:32:55 GMT Last-Modified Wed, 30 Nov 2022 15:19:43 GMT Server Microsoft-IIS/8.5 ETag "8ef1892ccf4d91:0" X-Powered-By ASP.NET Content-Type image/jpeg Accept-Ranges bytes Content-Length 27038
GET DATA	200 OK	truncated /	3 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6095c4b2fc25c6534e68ddcbcd1fb58f2634036f75262042c215c74a9285bc79` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	208 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `72e1af139f74424d56589a3d06474355afb141c3bd72a38d141c19f851bbc2ca` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	948 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0fe9650923b3c4d5d1b829c47a2a4eb9b6931a06132036a02c570e355f53ec87` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	846 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `3192ba93cb31f7fecf507ab899b4279ced7d91716f9fd5e3b200410375a6cbf0` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	5 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5aa97ee206d9655910ece7996d461dc1cdf1550a4487a53d04815c5570bb78ae` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DKB (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cetangarana.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: s1gri5f72hceka8ae37epbrbeggcoo0r
			dkb.digitalworkpalace.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: n3u59di9m00em1u1tio2vibvoj

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cetangarana.com
dkb.digitalworkpalace.com
103.228.112.106
134.0.10.149
0fe9650923b3c4d5d1b829c47a2a4eb9b6931a06132036a02c570e355f53ec87
3192ba93cb31f7fecf507ab899b4279ced7d91716f9fd5e3b200410375a6cbf0
4f089d9911784e1253afaf5102932887ff2dbb1577d13ccae8d1f4cd8461c780
5aa97ee206d9655910ece7996d461dc1cdf1550a4487a53d04815c5570bb78ae
6095c4b2fc25c6534e68ddcbcd1fb58f2634036f75262042c215c74a9285bc79
6f7e37273fe0e0310c8a491decebfc3a97f48f5d26982f34e7c1353ce1930661
72e1af139f74424d56589a3d06474355afb141c3bd72a38d141c19f851bbc2ca
84ceb28d811d91ca06987031548f3f32a860ebd7206bc0d3c2ebd2684ababd97
b34571e3d08800133f2f99bdd89b9367d42fe1ca5a6203d3b907f17df88a830f
d364f8c877649738183736979f77804f29d3442f81d84ae6bd7d267af56907e4

dkb.digitalworkpalace.com Open in urlscan Pro 103.228.112.106 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

917 kBTransfer

924 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

Indicators

dkb.digitalworkpalace.com Open in urlscan Pro
103.228.112.106 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

917 kB
Transfer

924 kB
Size

2
Cookies

5 HTTP transactions
5 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!