urlscan.io logo urlscan.io
SecurityTrails logo

jislak.work.gd Open in urlscan Pro
141.148.230.80  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://l.ead.me/29SJ9U2SNDE?id=47839218
Effective URL: https://jislak.work.gd/wp-content/themes/twentytwentytwo/assets/f/id47382938/
Submission: On May 22 via api from GB — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 5 HTTP transactions. The main IP is 141.148.230.80, located in Amsterdam, Netherlands and belongs to ORACLE-BMC-31898, US. The main domain is jislak.work.gd.
TLS certificate: Issued by R3 on May 17th 2023. Valid for: 3 months.
This is the only time jislak.work.gd was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DKB (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 13.225.78.127 16509 (AMAZON-02)
1 151.101.0.64 54113 (FASTLY)
2 3 141.148.230.80 31898 (ORACLE-BM...)
3 2a02:cb40:200... 20546 (SOPRADO-ANY)
5 4
Apex Domain
Subdomains		 Transfer
3 dkb.de
www.dkb.de — Cisco Umbrella Rank: 225014
223 KB
3 work.gd
jislak.work.gd
11 KB
1 disq.us
disq.us — Cisco Umbrella Rank: 26817
767 B
1 ead.me
l.ead.me — Cisco Umbrella Rank: 264249
628 B
5 4
Domain Requested by
3 www.dkb.de jislak.work.gd
3 jislak.work.gd 2 redirects disq.us
1 disq.us
1 l.ead.me 1 redirects
5 4
Subject Issuer Validity Valid
disq.us
GlobalSign Atlas R3 DV TLS CA 2022 Q4		 2022-11-01 -
2023-12-03		 a year crt.sh
jislak.work.gd
R3		 2023-05-17 -
2023-08-15		 3 months crt.sh
www.dkb.de
DKB CA 1O1		 2022-09-26 -
2023-10-26		 a year crt.sh

This page contains 1 frames:

Primary Page: https://jislak.work.gd/wp-content/themes/twentytwentytwo/assets/f/id47382938/
Frame ID: 6306B44C40B7755825301A0D79409C70
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

DKB - Deutsche Kreditbank AG - Internet Banking

Page URL History Show full URLs

  1. http://l.ead.me/29SJ9U2SNDE?id=47839218 HTTP 302
    https://disq.us/?url=https%3A%2F%2Fjislak.work.gd%2Fwp-content%2Fthemes%2Ftwentytwentytwo%2F... Page URL
  2. https://jislak.work.gd/wp-content/themes/twentytwentytwo/assets/f/ HTTP 302
    https://jislak.work.gd/wp-content/themes/twentytwentytwo/assets/f/id47382938 HTTP 301
    https://jislak.work.gd/wp-content/themes/twentytwentytwo/assets/f/id47382938/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Page Statistics

5
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

235 kB
Transfer

1166 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://l.ead.me/29SJ9U2SNDE?id=47839218 HTTP 302
    https://disq.us/?url=https%3A%2F%2Fjislak.work.gd%2Fwp-content%2Fthemes%2Ftwentytwentytwo%2Fassets%2Ff%2F&key=rwqXkhmWapy5VFCrjf_uYw Page URL
  2. https://jislak.work.gd/wp-content/themes/twentytwentytwo/assets/f/ HTTP 302
    https://jislak.work.gd/wp-content/themes/twentytwentytwo/assets/f/id47382938 HTTP 301
    https://jislak.work.gd/wp-content/themes/twentytwentytwo/assets/f/id47382938/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://l.ead.me/29SJ9U2SNDE?id=47839218 HTTP 302
  • https://disq.us/?url=https%3A%2F%2Fjislak.work.gd%2Fwp-content%2Fthemes%2Ftwentytwentytwo%2Fassets%2Ff%2F&key=rwqXkhmWapy5VFCrjf_uYw

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
disq.us/
Redirect Chain
  • http://l.ead.me/29SJ9U2SNDE?id=47839218
  • https://disq.us/?url=https%3A%2F%2Fjislak.work.gd%2Fwp-content%2Fthemes%2Ftwentytwentytwo%2Fassets%2Ff%2F&key=rwqXkhmWapy5VFCrjf_uYw
373 B
767 B 		Document
General
Check archive.org
Download Go to
Full URL
https://disq.us/?url=https%3A%2F%2Fjislak.work.gd%2Fwp-content%2Fthemes%2Ftwentytwentytwo%2Fassets%2Ff%2F&key=rwqXkhmWapy5VFCrjf_uYw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
de-DE,de;q=0.9

Response headers

Age
201
Cache-Control
max-age=3600
Connection
keep-alive
Content-Length
373
Content-Type
text/html
Cross-Origin-Resource-Policy
cross-origin
Date
Mon, 22 May 2023 11:34:15 GMT
Disqus-Cachetype
TTL
Disqus-NoCache
1
Expires
Mon, 22 May 2023 12:30:54 GMT
Server
nginx
X-Backend
shortener
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Mon, 22 May 2023 11:34:15 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Location
https://disq.us/?url=https%3A%2F%2Fjislak.work.gd%2Fwp-content%2Fthemes%2Ftwentytwentytwo%2Fassets%2Ff%2F&key=rwqXkhmWapy5VFCrjf_uYw
Pragma
no-cache
Server
nginx
Transfer-Encoding
chunked
Via
1.1 04ce5a607a98db6d08257633417b84d6.cloudfront.net (CloudFront)
X-Amz-Cf-Id
XrlKRct2h1VUPkQ_tkh5d3silSKcPPr270dNRfHUhAIpNhaBnzxu4w==
X-Amz-Cf-Pop
FRA2-C2
X-Cache
Miss from cloudfront
Primary Request /
jislak.work.gd/wp-content/themes/twentytwentytwo/assets/f/id47382938/
Redirect Chain
  • https://jislak.work.gd/wp-content/themes/twentytwentytwo/assets/f/
  • https://jislak.work.gd/wp-content/themes/twentytwentytwo/assets/f/id47382938
  • https://jislak.work.gd/wp-content/themes/twentytwentytwo/assets/f/id47382938/
87 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://jislak.work.gd/wp-content/themes/twentytwentytwo/assets/f/id47382938/
Requested by
Host: disq.us
URL: https://disq.us/?url=https%3A%2F%2Fjislak.work.gd%2Fwp-content%2Fthemes%2Ftwentytwentytwo%2Fassets%2Ff%2F&key=rwqXkhmWapy5VFCrjf_uYw
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
141.148.230.80 Amsterdam, Netherlands, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx / PHP/8.0.28 PleskLin
Resource Hash
06c8526737ecb6afa4ca8bf67121c6140646951d7f91be74b28fb17602c9181c

Request headers

Referer
https://disq.us/?url=https%3A%2F%2Fjislak.work.gd%2Fwp-content%2Fthemes%2Ftwentytwentytwo%2Fassets%2Ff%2F&key=rwqXkhmWapy5VFCrjf_uYw
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
10848
content-type
text/html; charset=UTF-8
date
Mon, 22 May 2023 11:34:16 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.0.28 PleskLin

Redirect headers

content-length
350
content-type
text/html; charset=iso-8859-1
date
Mon, 22 May 2023 11:34:16 GMT
location
https://jislak.work.gd/wp-content/themes/twentytwentytwo/assets/f/id47382938/
server
nginx
x-powered-by
PleskLin
dkb-global.css
www.dkb.de/wro/ 		237 KB
42 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dkb.de/wro/dkb-global.css?etag=b80d7c245ed032078394d3a431ec89fd29dc6d58
Requested by
Host: jislak.work.gd
URL: https://jislak.work.gd/wp-content/themes/twentytwentytwo/assets/f/id47382938/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:cb40:200::b0 , Germany, ASN20546 (SOPRADO-ANY, DE),
Reverse DNS
Software
myracloud /
Resource Hash
40d429f458ae28444cebb60baa66d231e696ab81a7e0425cd2361ee1bfa659d1
Security Headers
Name Value
Strict-Transport-Security max-age=15811200

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jislak.work.gd/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma
date
Mon, 22 May 2023 11:34:16 GMT
content-encoding
gzip
strict-transport-security
max-age=15811200
server
myracloud
x-cdn
1
etag
"9b9a5402bfdca7a80bdfde84cf57e86abb3d47e1"
vary
accept-encoding
content-type
text/css;charset=UTF-8
x-oneagent-js-injection
true
cache-control
max-age=31536000
server-timing
dtSInfo;desc="0", dtRpid;desc="952437245"
content-length
42382
expires
Mon, 20 May 2024 10:55:43 GMT
dkb_responsive.min.css
www.dkb.de/responsive/scss_generated/ 		603 KB
147 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dkb.de/responsive/scss_generated/dkb_responsive.min.css?etag=822113dd
Requested by
Host: jislak.work.gd
URL: https://jislak.work.gd/wp-content/themes/twentytwentytwo/assets/f/id47382938/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:cb40:200::b0 , Germany, ASN20546 (SOPRADO-ANY, DE),
Reverse DNS
Software
myracloud /
Resource Hash
12d24edea4bb27aa757e8b666d91c9f38c80293464fb2266cdc38d034fc41e01
Security Headers
Name Value
Strict-Transport-Security max-age=15811200

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jislak.work.gd/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma
date
Mon, 22 May 2023 11:34:16 GMT
strict-transport-security
max-age=15811200
content-encoding
gzip
last-modified
Tue, 09 May 2023 10:06:34 GMT
server
myracloud
x-cdn
1
etag
W/"617202-1683626794079"
vary
accept-encoding
content-type
text/css
x-oneagent-js-injection
true
cache-control
max-age=31536000
server-timing
dtSInfo;desc="0", dtRpid;desc="868083280"
expires
Mon, 20 May 2024 10:55:43 GMT
dkb-global-print.css
www.dkb.de/wro/ 		221 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dkb.de/wro/dkb-global-print.css?etag=54227e26510baa998d9fbc6d8508f57ff8b334f2
Requested by
Host: jislak.work.gd
URL: https://jislak.work.gd/wp-content/themes/twentytwentytwo/assets/f/id47382938/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:cb40:200::b0 , Germany, ASN20546 (SOPRADO-ANY, DE),
Reverse DNS
Software
myracloud /
Resource Hash
06f7edf3277d44924c26cdb4f3a9a5bdff10471b49b886a34a1544fa37a2a40d
Security Headers
Name Value
Strict-Transport-Security max-age=15811200

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jislak.work.gd/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma
date
Mon, 22 May 2023 11:34:16 GMT
content-encoding
gzip
strict-transport-security
max-age=15811200
server
myracloud
x-cdn
1
etag
"95bfb8756f8f0744e469dac6160972513631d43f"
vary
accept-encoding
content-type
text/css;charset=UTF-8
x-oneagent-js-injection
true
cache-control
max-age=31536000
server-timing
dtSInfo;desc="0", dtRpid;desc="-1754657862"
content-length
34787
expires
Mon, 20 May 2024 10:55:43 GMT
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6095c4b2fc25c6534e68ddcbcd1fb58f2634036f75262042c215c74a9285bc79

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/ 		475 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
24483b4771b2128af4110c159a9dcb59d15557460f8ecbf0bd0805f0fad5816e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/ 		948 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0fe9650923b3c4d5d1b829c47a2a4eb9b6931a06132036a02c570e355f53ec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/ 		846 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3192ba93cb31f7fecf507ab899b4279ced7d91716f9fd5e3b200410375a6cbf0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/ 		686 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0b969bfdbb0496aa56664660247d76c9696b29a6e79a126c38acb9983e058ee9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/ 		944 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fe73e87e02eadba5240358a4eeebeb334e6d8e7eaa9d024f41644241f3adaadd

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/ 		856 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d75a13cddae198bbb040efae849b4daa89b3059e03d928714b074c37a4a8ecf7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/ 		669 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a30c546ea7a8f0861fbe49a030bc0fcc707c7de128c265881d4010906d1e5fcb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/ 		864 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
44916913841d34baa376b3b72911ed27f16629909ed5c4f1a59be98af036e8af

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/ 		871 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
54d31025c9536bf38b4f89d7fdc5261bb87dfe924d7445a7d56b43533c86e8cb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1c9524bad0ee009f3f9e6af79cf3363acbcd6a4f03eec2ca8c16ff794358d81d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5aa97ee206d9655910ece7996d461dc1cdf1550a4487a53d04815c5570bb78ae

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DKB (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| mailboxUnreadCounterMap

1 Cookies

Domain/Path Name / Value
jislak.work.gd/ Name: PHPSESSID
Value: of4fgv96mfv0ms9khv7bco4bs2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block