urlscan.io logo urlscan.io
SecurityTrails logo

eg.schulen.konstanz.de Open in urlscan Pro
141.37.164.183  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
Submission Tags: @jcybersec_
Submission: On June 01 via api from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 13 HTTP transactions. The main IP is 141.37.164.183, located in Engen, Germany and belongs to BELWUE BelWue-Koordination, EU. The main domain is eg.schulen.konstanz.de.
This is the only time eg.schulen.konstanz.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DSK Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
7 141.37.164.183 553 (BELWUE Be...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
13 4
Domain Requested by
7 eg.schulen.konstanz.de eg.schulen.konstanz.de
2 www.google.de eg.schulen.konstanz.de
2 www.google.com eg.schulen.konstanz.de
2 googleads.g.doubleclick.net eg.schulen.konstanz.de
13 4

This site contains links to these domains. Also see Links.

Domain
dskbank.bg
Subject Issuer Validity Valid
*.g.doubleclick.net
GTS CA 1O1		 2020-05-05 -
2020-07-28		 3 months crt.sh
www.google.com
GTS CA 1O1		 2020-05-05 -
2020-07-28		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-05-05 -
2020-07-28		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
Frame ID: F32DB25FD23D004D388E50D7EAD507EB
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

13
Requests

46 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

1
Countries

31 kB
Transfer

32 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request thnks.html
eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/ 		5 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
Protocol
HTTP/1.1
Server
141.37.164.183 Engen, Germany, ASN553 (BELWUE BelWue-Koordination, EU),
Reverse DNS
www.theo.schulen.konstanz.de
Software
nginx / PleskLin
Resource Hash
6fe5ce76df55247f5f5682ae7a03ab6750ec088484a70bbc30e62b2222074cb8

Request headers

Host
eg.schulen.konstanz.de
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Mon, 01 Jun 2020 08:56:04 GMT
Content-Type
text/html
Content-Length
5589
Last-Modified
Sat, 30 May 2020 15:27:04 GMT
Connection
keep-alive
ETag
"5ed27b48-15d5"
X-Powered-By
PleskLin
Accept-Ranges
bytes
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/850154699/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/850154699/?random=1532722393931&cv=9&fst=1532722393931&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=http%3A%2F%2F127.0.0.1%2FDISKbank%2Finforamtion.html&tiba=%D0%94%D0%A1%D0%9A%20%D0%94%D0%B8%D1%80%D0%B5%D0%BA%D1%82&rfmt=3&fmt=4
Requested by
Host: eg.schulen.konstanz.de
URL: http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
546990f0b2b057178e4fe98bd852c11879a738e7156832e111044818bce74efc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jun 2020 08:56:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1015
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/850154699/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/850154699/?random=1532722176071&cv=9&fst=1532722176071&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.dskdirect.bg%2FPage%2Fdefault.aspx%3Fxml_id%3D%2Fbg-BG%2F.resetPassword%26channelID%3D2000&tiba=%D0%94%D0%A1%D0%9A%20%D0%94%D0%B8%D1%80%D0%B5%D0%BA%D1%82&rfmt=3&fmt=4
Requested by
Host: eg.schulen.konstanz.de
URL: http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4bd7cf42afdc1db5efe240c89b91b35d3fd29075ad475f55b9de4afff05de388
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jun 2020 08:56:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1054
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
style.direct.2018.css
eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/css/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/css/style.direct.2018.css
Requested by
Host: eg.schulen.konstanz.de
URL: http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
Protocol
HTTP/1.1
Server
141.37.164.183 Engen, Germany, ASN553 (BELWUE BelWue-Koordination, EU),
Reverse DNS
www.theo.schulen.konstanz.de
Software
nginx / PleskLin
Resource Hash

Request headers

Referer
http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 01 Jun 2020 08:56:04 GMT
Content-Encoding
gzip
ETag
"201ba5-3c9-4dff93fff277b"
Last-Modified
Tue, 25 Jun 2013 11:58:40 GMT
Server
nginx
X-Powered-By
PleskLin
Vary
Accept-Encoding
Content-Type
text/html
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
559
Direct.bg.svg
eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/image// 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/image//Direct.bg.svg
Requested by
Host: eg.schulen.konstanz.de
URL: http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
Protocol
HTTP/1.1
Server
141.37.164.183 Engen, Germany, ASN553 (BELWUE BelWue-Koordination, EU),
Reverse DNS
www.theo.schulen.konstanz.de
Software
nginx / PleskLin
Resource Hash
570ff393f1d7c1510720128541199ed20f866cc6684c5288192fd02b482e19e2

Request headers

Referer
http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 01 Jun 2020 08:56:04 GMT
Last-Modified
Sat, 30 May 2020 15:27:04 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5ed27b48-1e7d"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7805
facebook.svg
eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/image// 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/image//facebook.svg
Requested by
Host: eg.schulen.konstanz.de
URL: http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
Protocol
HTTP/1.1
Server
141.37.164.183 Engen, Germany, ASN553 (BELWUE BelWue-Koordination, EU),
Reverse DNS
www.theo.schulen.konstanz.de
Software
nginx / PleskLin
Resource Hash
7a9d2e26c43294bfc2f43d7c8de599e8ebdb1e930dec633e62c58293986a50b6

Request headers

Referer
http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 01 Jun 2020 08:56:04 GMT
Last-Modified
Sat, 30 May 2020 15:27:04 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5ed27b48-415"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1045
youtube.svg
eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/image/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/image/youtube.svg
Requested by
Host: eg.schulen.konstanz.de
URL: http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
Protocol
HTTP/1.1
Server
141.37.164.183 Engen, Germany, ASN553 (BELWUE BelWue-Koordination, EU),
Reverse DNS
www.theo.schulen.konstanz.de
Software
nginx / PleskLin
Resource Hash
1daa4277916dd050fb98fe61a6d1f584871d477094885219c4ea900ee7fc07a8

Request headers

Referer
http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 01 Jun 2020 08:56:04 GMT
Last-Modified
Sat, 30 May 2020 15:27:04 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5ed27b48-1608"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5640
BankaDSK_ciril_CM_White.svg
eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/image/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/image/BankaDSK_ciril_CM_White.svg
Requested by
Host: eg.schulen.konstanz.de
URL: http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
Protocol
HTTP/1.1
Server
141.37.164.183 Engen, Germany, ASN553 (BELWUE BelWue-Koordination, EU),
Reverse DNS
www.theo.schulen.konstanz.de
Software
nginx / PleskLin
Resource Hash
b6fb3abc677a66e3a6575b2dbaec9950f8d8630e26922f33094afdeaba7f004e

Request headers

Referer
http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 01 Jun 2020 08:56:04 GMT
Last-Modified
Sat, 30 May 2020 15:27:04 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5ed27b48-1e25"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7717
/
www.google.com/pagead/1p-user-list/850154699/ 		42 B
119 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/850154699/?random=1532722393931&cv=9&fst=1532721600000&num=1&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=http%3A%2F%2F127.0.0.1%2FDISKbank%2Finforamtion.html&tiba=%D0%94%D0%A1%D0%9A%20%D0%94%D0%B8%D1%80%D0%B5%D0%BA%D1%82&fmt=3&is_vtc=1&random=4212186472&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: eg.schulen.konstanz.de
URL: http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jun 2020 08:56:04 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/850154699/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/850154699/?random=1532722393931&cv=9&fst=1532721600000&num=1&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=http%3A%2F%2F127.0.0.1%2FDISKbank%2Finforamtion.html&tiba=%D0%94%D0%A1%D0%9A%20%D0%94%D0%B8%D1%80%D0%B5%D0%BA%D1%82&fmt=3&is_vtc=1&random=4212186472&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: eg.schulen.konstanz.de
URL: http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jun 2020 08:56:04 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/850154699/ 		42 B
119 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/850154699/?random=1532722176071&cv=9&fst=1532721600000&num=1&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.dskdirect.bg%2FPage%2Fdefault.aspx%3Fxml_id%3D%2Fbg-BG%2F.resetPassword%26channelID%3D2000&tiba=%D0%94%D0%A1%D0%9A%20%D0%94%D0%B8%D1%80%D0%B5%D0%BA%D1%82&fmt=3&is_vtc=1&random=2262408809&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: eg.schulen.konstanz.de
URL: http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jun 2020 08:56:04 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/850154699/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/850154699/?random=1532722176071&cv=9&fst=1532721600000&num=1&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.dskdirect.bg%2FPage%2Fdefault.aspx%3Fxml_id%3D%2Fbg-BG%2F.resetPassword%26channelID%3D2000&tiba=%D0%94%D0%A1%D0%9A%20%D0%94%D0%B8%D1%80%D0%B5%D0%BA%D1%82&fmt=3&is_vtc=1&random=2262408809&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: eg.schulen.konstanz.de
URL: http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jun 2020 08:56:04 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
icons.svg
eg.schulen.konstanz.de/images/svg/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
http://eg.schulen.konstanz.de/images/svg/icons.svg
Requested by
Host: eg.schulen.konstanz.de
URL: http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
Protocol
HTTP/1.1
Server
141.37.164.183 Engen, Germany, ASN553 (BELWUE BelWue-Koordination, EU),
Reverse DNS
www.theo.schulen.konstanz.de
Software
nginx / PleskLin
Resource Hash

Request headers

Referer
http://eg.schulen.konstanz.de/EG/intranet/php/files/css/Dskbanknewstyle/dsbanknew/bg-BG/thnks.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 01 Jun 2020 08:56:04 GMT
Content-Encoding
gzip
ETag
"201ba5-3c9-4dff93fff277b"
Last-Modified
Tue, 25 Jun 2013 11:58:40 GMT
Server
nginx
X-Powered-By
PleskLin
Vary
Accept-Encoding
Content-Type
text/html
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
559

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DSK Bank (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies