![](/screenshots/918c2e73-e55a-4a5c-9970-50b16c29c4d8.png)
dkb.digitalworkpalace.com
Open in
urlscan Pro
103.228.112.106
Malicious Activity!
Public Scan
Effective URL: https://dkb.digitalworkpalace.com/banking/auth/login.php
Submission: On December 16 via api from GB — Scanned from DE
Summary
TLS certificate: Issued by R3 on December 12th 2022. Valid for: 3 months.
This is the only time dkb.digitalworkpalace.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DKB (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 134.0.10.149 134.0.10.149 | 197712 (CDMON sis...) (CDMON sistemes@cdmon.com) | |
1 6 | 103.228.112.106 103.228.112.106 | 58640 (NEXTRA-IN...) (NEXTRA-IN NEXTRA TELESERVICES PVT. LTD.) | |
5 | 2 |
ASN197712 (CDMON sistemes@cdmon.com, ES)
PTR: vxhcp-08.srv.cat
cetangarana.com |
ASN58640 (NEXTRA-IN NEXTRA TELESERVICES PVT. LTD., IN)
PTR: ns106.resellerone.host
dkb.digitalworkpalace.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
digitalworkpalace.com
1 redirects
dkb.digitalworkpalace.com |
917 KB |
1 |
cetangarana.com
1 redirects
cetangarana.com |
210 B |
5 | 2 |
Domain | Requested by | |
---|---|---|
6 | dkb.digitalworkpalace.com |
1 redirects
dkb.digitalworkpalace.com
|
1 | cetangarana.com | 1 redirects |
5 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
dkb.digitalworkpalace.com R3 |
2022-12-12 - 2023-03-12 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://dkb.digitalworkpalace.com/banking/auth/login.php
Frame ID: 6721E920BBB0907031868AA2BF50918E
Requests: 10 HTTP requests in this frame
Screenshot
![](/screenshots/918c2e73-e55a-4a5c-9970-50b16c29c4d8.png)
Page Title
DKB - Deutsche Kreditbank AG - Internet BankingPage URL History Show full URLs
-
https://cetangarana.com/de/
HTTP 302
https://dkb.digitalworkpalace.com/banking/ HTTP 302
https://dkb.digitalworkpalace.com/banking/auth/login.php Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://cetangarana.com/de/
HTTP 302
https://dkb.digitalworkpalace.com/banking/ HTTP 302
https://dkb.digitalworkpalace.com/banking/auth/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
dkb.digitalworkpalace.com/banking/auth/ Redirect Chain
|
30 KB 31 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
global.css
dkb.digitalworkpalace.com/banking/auth/files/css/ |
237 KB 238 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
responsive.min.css
dkb.digitalworkpalace.com/banking/auth/files/css/ |
601 KB 602 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cf318495924471a0f48394a91edef30d.jpg
dkb.digitalworkpalace.com/banking/auth/files/img/ |
19 KB 20 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
large.jpg
dkb.digitalworkpalace.com/banking/auth/files/img/ |
26 KB 27 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
208 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
948 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
846 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DKB (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cetangarana.com/ | Name: PHPSESSID Value: s1gri5f72hceka8ae37epbrbeggcoo0r |
|
dkb.digitalworkpalace.com/ | Name: PHPSESSID Value: n3u59di9m00em1u1tio2vibvoj |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cetangarana.com
dkb.digitalworkpalace.com
103.228.112.106
134.0.10.149
0fe9650923b3c4d5d1b829c47a2a4eb9b6931a06132036a02c570e355f53ec87
3192ba93cb31f7fecf507ab899b4279ced7d91716f9fd5e3b200410375a6cbf0
4f089d9911784e1253afaf5102932887ff2dbb1577d13ccae8d1f4cd8461c780
5aa97ee206d9655910ece7996d461dc1cdf1550a4487a53d04815c5570bb78ae
6095c4b2fc25c6534e68ddcbcd1fb58f2634036f75262042c215c74a9285bc79
6f7e37273fe0e0310c8a491decebfc3a97f48f5d26982f34e7c1353ce1930661
72e1af139f74424d56589a3d06474355afb141c3bd72a38d141c19f851bbc2ca
84ceb28d811d91ca06987031548f3f32a860ebd7206bc0d3c2ebd2684ababd97
b34571e3d08800133f2f99bdd89b9367d42fe1ca5a6203d3b907f17df88a830f
d364f8c877649738183736979f77804f29d3442f81d84ae6bd7d267af56907e4