www.infotechnes.com Open in urlscan Pro
62.149.238.12 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.infotechnes.com/cache/mod_rokslideshow/autheticate/
Submission: On August 01 via automatic, source openphish (August 1st 2017, 11:03:33 pm UTC)

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 62.149.238.12, located in Arezzo, Italy and belongs to ARUBA-ASN, IT. The main domain is www.infotechnes.com.

This is the only time www.infotechnes.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Scotiabank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	62.149.238.12 62.149.238.12	31034 (ARUBA-ASN) (ARUBA-ASN)
11	202.6.19.50 202.6.19.50	24299 (ISSP-AS I...) (ISSP-AS Internet Solution & Service Provider Co.)
13	3

1 62.149.238.12 (Arezzo, Italy)

ASN31034 (ARUBA-ASN, IT)
PTR: host12-238-149-62.serverdedicati.aruba.it

www.infotechnes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 202.6.19.50 (Thailand)

ASN24299 (ISSP-AS Internet Solution & Service Provider Co., Ltd, TH)
PTR: 202.6.19.50.sta.isp-thailand.com

www.itd.co.th	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	itd.co.th www.itd.co.th Failed	513 KB
1	infotechnes.com www.infotechnes.com	200 B
13	2

	Domain	Requested by
11	www.itd.co.th	www.infotechnes.com www.itd.co.th
1	www.infotechnes.com
13	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 2 frames:

Frame: http://www.itd.co.th/images/M_images/sort/web/
Frame ID: 29734.1
Requests: 2 HTTP requests in this frame

Frame: http://www.itd.co.th/images/M_images/sort/web/
Frame ID: 29760.1
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

13
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

513 kB
Transfer

513 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response www.infotechnes.com/cache/mod_rokslideshow/autheticate/	290 B 200 B	140ms 32ms	Document text/html	62.149.238.12 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL http://www.infotechnes.com/cache/mod_rokslideshow/autheticate/ Protocol HTTP/1.1 Server 62.149.238.12 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS host12-238-149-62.serverdedicati.aruba.it Software Apache/2.2.3 (CentOS) / Resource Hash `5d7930f76c61ae358b6e4728dd531a85aae89aadb49def5f921698f16e0b255b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Tue, 01 Aug 2017 23:03:17 GMT Content-Encoding gzip Server Apache/2.2.3 (CentOS) Vary Accept-Encoding,User-Agent Content-Type text/html; charset=UTF-8 Cache-Control max-age=3600 Connection close Content-Length 200 Expires Wed, 02 Aug 2017 00:03:17 GMT
GET		/ www.itd.co.th/images/M_images/sort/web/	0 0

GET H/1.1	200 OK	/ Show response www.itd.co.th/images/M_images/sort/web/ Frame 2976	9 KB 9 KB	2938ms 230ms	Document text/html	202.6.19.50 ISSP-AS Internet ...
General Check archive.org Show headers Download Go to Full URL http://www.itd.co.th/images/M_images/sort/web/ Protocol HTTP/1.1 Server 202.6.19.50 , Thailand, ASN24299 (ISSP-AS Internet Solution & Service Provider Co., Ltd, TH), Reverse DNS 202.6.19.50.sta.isp-thailand.com Software nginx / PleskLin Resource Hash `68df756539a57c6698803cd5625e0af13cf3f621d2037492cceba37d5d68720e` Request headers Upgrade-Insecure-Requests 1 Referer http://www.infotechnes.com/cache/mod_rokslideshow/autheticate/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Tue, 01 Aug 2017 23:02:23 GMT Server nginx Connection keep-alive X-Powered-By PleskLin Transfer-Encoding chunked Content-Type text/html
GET H/1.1	200 OK	loader.css www.itd.co.th/images/M_images/sort/web/css/ Frame 2976	365 KB 365 KB	217ms 217ms	Stylesheet text/css	202.6.19.50 ISSP-AS Internet ...
General Check archive.org Show headers Download Go to Full URL http://www.itd.co.th/images/M_images/sort/web/css/loader.css Requested by Host: www.itd.co.th URL: http://www.itd.co.th/images/M_images/sort/web/ Protocol HTTP/1.1 Server 202.6.19.50 , Thailand, ASN24299 (ISSP-AS Internet Solution & Service Provider Co., Ltd, TH), Reverse DNS 202.6.19.50.sta.isp-thailand.com Software nginx / PleskLin Resource Hash `ac7fbb9bd136744c1f93344fb339203864c8de8644baa94af0f54658bce8ddc1` Request headers Referer http://www.itd.co.th/images/M_images/sort/web/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Tue, 01 Aug 2017 23:02:23 GMT Last-Modified Tue, 01 Aug 2017 12:31:21 GMT Server nginx X-Powered-By PleskLin ETag "59807499-5b56e" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 374126
GET H/1.1	200 OK	logo-group-bw.gif www.itd.co.th/images/M_images/sort/web/images/ Frame 2976	2 KB 2 KB	222ms 222ms	Image image/gif	202.6.19.50 ISSP-AS Internet ...
General Check archive.org Show headers Download Go to Show image Full URL http://www.itd.co.th/images/M_images/sort/web/images/logo-group-bw.gif Requested by Host: www.itd.co.th URL: http://www.itd.co.th/images/M_images/sort/web/ Protocol HTTP/1.1 Server 202.6.19.50 , Thailand, ASN24299 (ISSP-AS Internet Solution & Service Provider Co., Ltd, TH), Reverse DNS 202.6.19.50.sta.isp-thailand.com Software nginx / PleskLin Resource Hash `b48583bc5878d27332c6f751cfd7c9be9268330fb3f61d8af683ba0fa205f58a` Request headers Referer http://www.itd.co.th/images/M_images/sort/web/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Tue, 01 Aug 2017 23:02:23 GMT Last-Modified Tue, 01 Aug 2017 12:31:33 GMT Server nginx X-Powered-By PleskLin ETag "598074a5-9f6" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 2550
GET H/1.1	200 OK	icon_help.png www.itd.co.th/images/M_images/sort/web/images/ Frame 2976	643 B 643 B	222ms 222ms	Image image/png	202.6.19.50 ISSP-AS Internet ...
General Check archive.org Show headers Download Go to Show image Full URL http://www.itd.co.th/images/M_images/sort/web/images/icon_help.png Requested by Host: www.itd.co.th URL: http://www.itd.co.th/images/M_images/sort/web/ Protocol HTTP/1.1 Server 202.6.19.50 , Thailand, ASN24299 (ISSP-AS Internet Solution & Service Provider Co., Ltd, TH), Reverse DNS 202.6.19.50.sta.isp-thailand.com Software nginx / PleskLin Resource Hash `408f07113d8d08430067b70f17a6b248ce774dbe7fbf5fefd9037ff517889fd5` Request headers Referer http://www.itd.co.th/images/M_images/sort/web/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Tue, 01 Aug 2017 23:02:23 GMT ETag "122548c-283-555b053ae79e5" Last-Modified Tue, 01 Aug 2017 12:31:30 GMT Server nginx X-Powered-By PleskLin Content-Type image/png X-Accel-Version 0.01 Connection keep-alive Accept-Ranges bytes Content-Length 643
GET H/1.1	200 OK	ad-digitalchannels-loginleft-en.png www.itd.co.th/images/M_images/sort/web/images/ Frame 2976	51 KB 51 KB	222ms 222ms	Image image/png	202.6.19.50 ISSP-AS Internet ...
General Check archive.org Show headers Download Go to Show image Full URL http://www.itd.co.th/images/M_images/sort/web/images/ad-digitalchannels-loginleft-en.png Requested by Host: www.itd.co.th URL: http://www.itd.co.th/images/M_images/sort/web/ Protocol HTTP/1.1 Server 202.6.19.50 , Thailand, ASN24299 (ISSP-AS Internet Solution & Service Provider Co., Ltd, TH), Reverse DNS 202.6.19.50.sta.isp-thailand.com Software nginx / PleskLin Resource Hash `77f06337a11b32cb6b5b5485ccdd2608307076c3eeba86af7dd8ea6eb5c3a694` Request headers Referer http://www.itd.co.th/images/M_images/sort/web/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Tue, 01 Aug 2017 23:02:24 GMT Last-Modified Tue, 01 Aug 2017 12:31:11 GMT Server nginx X-Powered-By PleskLin ETag "5980748f-ca24" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 51748
GET H/1.1	200 OK	ad-springlending-loginright-en.png www.itd.co.th/images/M_images/sort/web/images/ Frame 2976	76 KB 76 KB	222ms 222ms	Image image/png	202.6.19.50 ISSP-AS Internet ...
General Check archive.org Show headers Download Go to Show image Full URL http://www.itd.co.th/images/M_images/sort/web/images/ad-springlending-loginright-en.png Requested by Host: www.itd.co.th URL: http://www.itd.co.th/images/M_images/sort/web/ Protocol HTTP/1.1 Server 202.6.19.50 , Thailand, ASN24299 (ISSP-AS Internet Solution & Service Provider Co., Ltd, TH), Reverse DNS 202.6.19.50.sta.isp-thailand.com Software nginx / PleskLin Resource Hash `c14670dddee711e0fad488861dd21cb5cb3f41d853f23a779400f46e08dda4bf` Request headers Referer http://www.itd.co.th/images/M_images/sort/web/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Tue, 01 Aug 2017 23:02:24 GMT Last-Modified Tue, 01 Aug 2017 12:31:21 GMT Server nginx X-Powered-By PleskLin ETag "59807499-12fbf" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 77759
GET H/1.1	200 OK	nav-bg.png www.itd.co.th/images/M_images/sort/web/images// Frame 2976	3 KB 3 KB	216ms 216ms	Image image/png	202.6.19.50 ISSP-AS Internet ...
General Check archive.org Show headers Download Go to Show image Full URL http://www.itd.co.th/images/M_images/sort/web/images//nav-bg.png Requested by Host: www.itd.co.th URL: http://www.itd.co.th/images/M_images/sort/web/ Protocol HTTP/1.1 Server 202.6.19.50 , Thailand, ASN24299 (ISSP-AS Internet Solution & Service Provider Co., Ltd, TH), Reverse DNS 202.6.19.50.sta.isp-thailand.com Software nginx / PleskLin Resource Hash `2290c1d1c885e7ffc5213c5f84fa864552c3640e35b5bfb45140d9f4356a6093` Request headers Referer http://www.itd.co.th/images/M_images/sort/web/css/loader.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Tue, 01 Aug 2017 23:02:25 GMT Last-Modified Tue, 01 Aug 2017 12:31:34 GMT Server nginx X-Powered-By PleskLin ETag "598074a6-b3c" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 2876
GET H/1.1	200 OK	logo-group.gif www.itd.co.th/images/M_images/sort/web/images/ Frame 2976	3 KB 3 KB	221ms 221ms	Image image/gif	202.6.19.50 ISSP-AS Internet ...
General Check archive.org Show headers Download Go to Show image Full URL http://www.itd.co.th/images/M_images/sort/web/images/logo-group.gif Requested by Host: www.itd.co.th URL: http://www.itd.co.th/images/M_images/sort/web/ Protocol HTTP/1.1 Server 202.6.19.50 , Thailand, ASN24299 (ISSP-AS Internet Solution & Service Provider Co., Ltd, TH), Reverse DNS 202.6.19.50.sta.isp-thailand.com Software nginx / PleskLin Resource Hash `4320b7969df049d2ac843edc9d3b5611a6fee6802bde8bcfd97d1cbbafb7b45e` Request headers Referer http://www.itd.co.th/images/M_images/sort/web/css/loader.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Tue, 01 Aug 2017 23:02:25 GMT Last-Modified Tue, 01 Aug 2017 12:31:33 GMT Server nginx X-Powered-By PleskLin ETag "598074a5-b18" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 2840
GET H/1.1	200 OK	bg_vertical_dotted_line1.png www.itd.co.th/images/M_images/sort/web/images/ Frame 2976	77 B 77 B	420ms 210ms	Image image/png	202.6.19.50 ISSP-AS Internet ...
General Check archive.org Show headers Download Go to Show image Full URL http://www.itd.co.th/images/M_images/sort/web/images/bg_vertical_dotted_line1.png Requested by Host: www.itd.co.th URL: http://www.itd.co.th/images/M_images/sort/web/ Protocol HTTP/1.1 Server 202.6.19.50 , Thailand, ASN24299 (ISSP-AS Internet Solution & Service Provider Co., Ltd, TH), Reverse DNS 202.6.19.50.sta.isp-thailand.com Software nginx / PleskLin Resource Hash `c6cbdb8e854f700eeb987e01ff817004ed07596e74675b628f1611fe91213369` Request headers Referer http://www.itd.co.th/images/M_images/sort/web/css/loader.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Tue, 01 Aug 2017 23:02:25 GMT ETag "1225489-4d-555b0538f9b8d" Last-Modified Tue, 01 Aug 2017 12:31:28 GMT Server nginx X-Powered-By PleskLin Content-Type image/png X-Accel-Version 0.01 Connection keep-alive Accept-Ranges bytes Content-Length 77
GET H/1.1	200 OK	bg_signon.png www.itd.co.th/images/M_images/sort/web/images/ Frame 2976	121 B 121 B	434ms 216ms	Image image/png	202.6.19.50 ISSP-AS Internet ...
General Check archive.org Show headers Download Go to Show image Full URL http://www.itd.co.th/images/M_images/sort/web/images/bg_signon.png Requested by Host: www.itd.co.th URL: http://www.itd.co.th/images/M_images/sort/web/ Protocol HTTP/1.1 Server 202.6.19.50 , Thailand, ASN24299 (ISSP-AS Internet Solution & Service Provider Co., Ltd, TH), Reverse DNS 202.6.19.50.sta.isp-thailand.com Software nginx / PleskLin Resource Hash `229def774e0909f6ae8d9938c0799f85f9f0d542f4026b68fb7d0d32a0df0ec3` Request headers Referer http://www.itd.co.th/images/M_images/sort/web/css/loader.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Tue, 01 Aug 2017 23:02:25 GMT ETag "1225488-79-555b0538d22bd" Last-Modified Tue, 01 Aug 2017 12:31:27 GMT Server nginx X-Powered-By PleskLin Content-Type image/png X-Accel-Version 0.01 Connection keep-alive Accept-Ranges bytes Content-Length 121
GET H/1.1	200 OK	lock.png www.itd.co.th/images/M_images/sort/web/images/ Frame 2976	4 KB 4 KB	432ms 216ms	Image image/png	202.6.19.50 ISSP-AS Internet ...
General Check archive.org Show headers Download Go to Show image Full URL http://www.itd.co.th/images/M_images/sort/web/images/lock.png Requested by Host: www.itd.co.th URL: http://www.itd.co.th/images/M_images/sort/web/ Protocol HTTP/1.1 Server 202.6.19.50 , Thailand, ASN24299 (ISSP-AS Internet Solution & Service Provider Co., Ltd, TH), Reverse DNS 202.6.19.50.sta.isp-thailand.com Software nginx / PleskLin Resource Hash `1dc148caf3ae416b653bfdcd9847da3642546e9683e164e2e0dc5c0aad6af87f` Request headers Referer http://www.itd.co.th/images/M_images/sort/web/css/loader.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Tue, 01 Aug 2017 23:02:25 GMT Last-Modified Tue, 01 Aug 2017 12:31:33 GMT Server nginx X-Powered-By PleskLin ETag "598074a5-e56" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 3670

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.itd.co.th
URL: http://www.itd.co.th/images/M_images/sort/web/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Scotiabank (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.infotechnes.com
www.itd.co.th
www.itd.co.th
202.6.19.50
62.149.238.12
1dc148caf3ae416b653bfdcd9847da3642546e9683e164e2e0dc5c0aad6af87f
2290c1d1c885e7ffc5213c5f84fa864552c3640e35b5bfb45140d9f4356a6093
229def774e0909f6ae8d9938c0799f85f9f0d542f4026b68fb7d0d32a0df0ec3
408f07113d8d08430067b70f17a6b248ce774dbe7fbf5fefd9037ff517889fd5
4320b7969df049d2ac843edc9d3b5611a6fee6802bde8bcfd97d1cbbafb7b45e
5d7930f76c61ae358b6e4728dd531a85aae89aadb49def5f921698f16e0b255b
68df756539a57c6698803cd5625e0af13cf3f621d2037492cceba37d5d68720e
77f06337a11b32cb6b5b5485ccdd2608307076c3eeba86af7dd8ea6eb5c3a694
ac7fbb9bd136744c1f93344fb339203864c8de8644baa94af0f54658bce8ddc1
b48583bc5878d27332c6f751cfd7c9be9268330fb3f61d8af683ba0fa205f58a
c14670dddee711e0fad488861dd21cb5cb3f41d853f23a779400f46e08dda4bf
c6cbdb8e854f700eeb987e01ff817004ed07596e74675b628f1611fe91213369

www.infotechnes.com Open in urlscan Pro 62.149.238.12 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

13 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

513 kBTransfer

513 kBSize

0 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

www.infotechnes.com Open in urlscan Pro
62.149.238.12 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

513 kB
Transfer

513 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!