dzd.rksmb.org
Open in
urlscan Pro
138.68.26.102
Malicious Activity!
Public Scan
Submitted URL: http://division.dwr.go.th/pr/wp-content/languages/plugins/--/https:/www.recadastroibbpf.com.br/?cliente=rodrigo.indeo@br.z...
Effective URL: https://dzd.rksmb.org/conf11/--/https:/www.dispositivobb.com.br/
Submission: On March 06 via automatic, source phishtank
Effective URL: https://dzd.rksmb.org/conf11/--/https:/www.dispositivobb.com.br/
Submission: On March 06 via automatic, source phishtank
Summary
This website contacted 4 IPs
in 3 countries
across 5 domains to perform 14 HTTP transactions.
The main IP is 138.68.26.102, located in
Santa Clara, United States and
belongs to DIGITALOCEAN-ASN, US.
The main domain is dzd.rksmb.org.
TLS certificate: Issued by Let's Encrypt Authority X3 on February 12th 2020. Valid for: 3 months.
This is the only time dzd.rksmb.org was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on February 12th 2020. Valid for: 3 months.
This is the only time dzd.rksmb.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco do Brasil (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 2001:c38:904a... 2001:c38:904a::8:45 | 9931 (CAT-AP Th...) (CAT-AP The Communication Authoity of Thailand) | |
| 9 | 138.68.26.102 138.68.26.102 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:818::200a | 15169 (GOOGLE) (GOOGLE) | |
| 2 | 23.111.9.35 23.111.9.35 | 33438 (HIGHWINDS2) (HIGHWINDS2) | |
| 2 | 2a00:1450:400... 2a00:1450:4001:800::2003 | 15169 (GOOGLE) (GOOGLE) | |
| 14 | 4 |
1
2001:c38:904a::8:45
(Thailand)
ASN9931 (CAT-AP The Communication Authoity of Thailand, CAT, TH)
ASN9931 (CAT-AP The Communication Authoity of Thailand, CAT, TH)
| division.dwr.go.th |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 9 |
rksmb.org
dzd.rksmb.org |
832 KB |
| 2 |
gstatic.com
fonts.gstatic.com |
18 KB |
| 2 |
fontawesome.com
use.fontawesome.com |
87 KB |
| 1 |
googleapis.com
fonts.googleapis.com |
892 B |
| 1 |
dwr.go.th
1 redirects
division.dwr.go.th |
374 B |
| 14 | 5 |
| Domain | Requested by | |
|---|---|---|
| 9 | dzd.rksmb.org |
dzd.rksmb.org
|
| 2 | fonts.gstatic.com |
dzd.rksmb.org
|
| 2 | use.fontawesome.com |
dzd.rksmb.org
|
| 1 | fonts.googleapis.com |
dzd.rksmb.org
|
| 1 | division.dwr.go.th | 1 redirects |
| 14 | 5 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| dzd.rksmb.org Let's Encrypt Authority X3 |
2020-02-12 - 2020-05-12 |
3 months | crt.sh |
| *.storage.googleapis.com GTS CA 1O1 |
2020-02-12 - 2020-05-06 |
3 months | crt.sh |
| *.fontawesome.com DigiCert SHA2 Secure Server CA |
2019-10-28 - 2020-12-23 |
a year | crt.sh |
| *.google.com GTS CA 1O1 |
2020-02-12 - 2020-05-06 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://dzd.rksmb.org/conf11/--/https:/www.dispositivobb.com.br/
Frame ID: 2C0142614784C9B6B8C74F9614A0B7E8
Requests: 14 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://division.dwr.go.th/pr/wp-content/languages/plugins/--/https:/www.recadastroibbpf.com.br/?client...
HTTP 302
https://dzd.rksmb.org/conf11/--/https:/www.dispositivobb.com.br/ Page URL
Detected technologies
Ubuntu
(Operating Systems)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /Ubuntu/i
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]* href="https:\/\/use\.fontawesome\.com\/releases\/v([^>]+)\/css\//i
Google Font API
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://division.dwr.go.th/pr/wp-content/languages/plugins/--/https:/www.recadastroibbpf.com.br/?cliente=rodrigo.indeo@br.zurich.com
HTTP 302
https://dzd.rksmb.org/conf11/--/https:/www.dispositivobb.com.br/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
dzd.rksmb.org/conf11/--/https:/www.dispositivobb.com.br/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
all.css
dzd.rksmb.org/conf11/--/https:/www.dispositivobb.com.br/styles/ |
15 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
10 KB 892 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
all.css
use.fontawesome.com/releases/v5.8.1/css/ |
54 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.min.js
dzd.rksmb.org/conf11/--/https:/www.dispositivobb.com.br/javascripts/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
all.js
dzd.rksmb.org/conf11/--/https:/www.dispositivobb.com.br/javascripts/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.jpg
dzd.rksmb.org/conf11/--/https:/www.dispositivobb.com.br/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
destaque_home.jpg
dzd.rksmb.org/conf11/--/https:/www.dispositivobb.com.br/images/ |
430 KB 430 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
destaque_baixo_home.jpg
dzd.rksmb.org/conf11/--/https:/www.dispositivobb.com.br/images/ |
116 KB 116 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ico_cadeado.png
dzd.rksmb.org/conf11/--/https:/www.dispositivobb.com.br/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
background_home.png
dzd.rksmb.org/conf11/--/https:/www.dispositivobb.com.br/images/ |
244 KB 244 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fa-solid-900.woff2
use.fontawesome.com/releases/v5.8.1/webfonts/ |
73 KB 73 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco do Brasil (Banking)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| alt_message function| check_cici function| check_codigo function| check_fone function| check_login function| checkCard function| FormataDado function| mask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
division.dwr.go.th
dzd.rksmb.org
fonts.googleapis.com
fonts.gstatic.com
use.fontawesome.com
138.68.26.102
2001:c38:904a::8:45
23.111.9.35
2a00:1450:4001:800::2003
2a00:1450:4001:818::200a
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
3c4b40e2a67ae5ffa8ff3678622543d4373c863d84b690344925e6e847bd4c50
4bef633a14d8cd356215b0ed9a855edf666048dfa068f4600a510063a9bd276a
521936c864f7a1d096e47566673e6f3696a6ab7b8fb638ceca5082d7534e9114
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
560103460357da86aae6b424553ba97806a8a0feb42ff5acdd4f99c606cdf084
6c4cb1bd0d81036b1ab624c7f396c80ecd0d454c5ea2e29f07a715e77d415935
89ac351147aec12359e5c68d4c3bb936e658fff87ce2337f04a5050fe75719c1
943be30447b2871f86d7ec4dbc2af7e14ddcac2be014ab2e5be805cfcd463258
b6cad66d3275431f13cceabc09d830db05eb1043105c276da3678a98b5001cd1
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3
f18c486a80175cf02fee0e05c2b4acd86c04cdbaecec61c1ef91f920509b5efe
fc1c5d8c9aa750b035f80171038766b502616cd3f1b52abbff668a712c485274