ScanMalware.com

Security Scan Report: scanned.page

Redirected to: https://cpo.qeb.temporary.site/.DAK/187287/828927882/login.php

Site favicon
Submitted: Feb 4, 2026, 4:58:01 PMCompleted: Feb 4, 2026, 4:59:32 PMpubliccompleted
Loading additional data...

Summary

This website contacted 9 IPs in 1 country across 9 domains to perform 1 HTTP transaction. The main domain is cpo.qeb.temporary.site and was registered NaN years ago.

Submitted URL: https://scanned.page/kS3AkM

Effective URL: https://cpo.qeb.temporary.site/.DAK/187287/828927882/login.phpRedirected

The Cisco Umbrella rank of the primary domain is #275,364 of the top 1 million websites

AI Security Verdict

Confirmed Scam

Confidence: 96%

10
Risk Score

Impersonates DKB banking, hosts a credential‑stealing form and is linked to a known malicious IP – confirmed phishing scam.

Risk Factors
Malicious IP indicator of compromise
Credential harvesting form (email and password)
Brand impersonation of DKB on untrusted domain
Low ranking for brand claim (rank > 100k)
Redirect to suspicious temporary domain
Domain age information unavailable

Details

Page Title

DKB Banking

Scan Type

public

Language

🇩🇪

German

(50% confidence)

Category

finance banking

(60%)

Domain Information

The domain name 'scanned.page' uses the .page top-level domain while skipping any subdomain. The second-level label 'scanned' is 7 characters long containing two vowels alongside 5 consonants. Segmentation suggests 1 word: scanned. Average segment length settles at 7 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://scanned.page/kS3AkM

Page Load Overview

22.37s
Total Load Time
46
HTTP Requests
9
Domains
1.4 MB
Total Size

Language Analysis

Primary Language

🇩🇪German
Code: de
Confidence:50%
Script:Latin
Direction:ltr

Detection Details

Language Code:de
Detection Confidence:50%
Script Type:Latin
Text Length:257 chars
Detector Agreement:100%

Website Classification

Primary Category

finance banking60% confidence
Type: webapp
Method: ml+structural

All Detected Categories

finance banking
60%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
6142.251.141.67United States
AS15169Google LLC
5162.144.4.212United States
AS46606Unified Layer
5172.66.43.22United States
AS13335Cloudflare, Inc.
5172.66.41.48United States
AS13335
5104.17.25.14United States
AS13335Cloudflare, Inc.
5104.16.79.73United States
AS13335Cloudflare, Inc.
5142.250.201.74United States
AS15169Google LLC
5104.16.175.226United States
AS13335Cloudflare, Inc.
5151.101.2.137United States
AS54113Fastly, Inc.
469--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T151916224A4F4183B118360A97EA62A0EBE96D50BC80D490135FC1EDC1FC7E97CDB365E

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

96:ZZcGe9oNJPIf6bj318GmFVs9O6Ej6oZjhhtz0fw:ZyGe9oNJwExmFO9yj6oZjhhtz0fw

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:4411:oABmECFQQTDAEJEBBABAAQqCIAABgAAqIoKUECCBAAIiAKAAiZIAAxARShQAoAAIAIQCAYyIQAAFzjBAIJAkgAkBQRgAgAIQ

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffffffe7e700ffff
Perceptual Hash:b3e2cc1de6e219c8
Difference Hash:9409284d4c380408
Wavelet Hash:70e52f2726000f0f
Color Hash:#d22d48

Other Hashes

Crop Resistant:8c102848304d4d30,0000000000000000,00100c32b2b20c10,04431a1a1a180000

Scan History

Scan history not available

Unable to load historical scan data