sst.opava.cz
Open in
urlscan Pro
213.155.232.66
Malicious Activity!
Public Scan
Effective URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html
Submission: On March 03 via manual from GB — Scanned from GB
Summary
TLS certificate: Issued by RapidSSL RSA CA 2018 on March 21st 2020. Valid for: 2 years.
This is the only time sst.opava.cz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NatWest (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 200.98.190.65 200.98.190.65 | 7162 (Universo ...) (Universo Online S.A.) | |
1 | 213.155.232.66 213.155.232.66 | 31246 (NETBOX-AS...) (NETBOX-AS NETBOX Autonomous system) | |
18 | 51.83.52.225 51.83.52.225 | 16276 (OVH) (OVH) | |
26 | 4 |
ASN7162 (Universo Online S.A., BR)
PTR: opweb0008.servidorwebfacil.com
vpcia.com.br |
ASN31246 (NETBOX-AS NETBOX Autonomous system, CZ)
PTR: pc232-66.opanet.cz
sst.opava.cz |
ASN16276 (OVH, FR)
PTR: com335.raiolanetworks.es
lambonadasdegalicia.club |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
lambonadasdegalicia.club
lambonadasdegalicia.club |
157 KB |
1 |
opava.cz
sst.opava.cz |
11 KB |
1 |
vpcia.com.br
vpcia.com.br |
610 B |
26 | 3 |
Domain | Requested by | |
---|---|---|
18 | lambonadasdegalicia.club |
sst.opava.cz
lambonadasdegalicia.club |
1 | sst.opava.cz | |
1 | vpcia.com.br | |
26 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sst.opava.cz RapidSSL RSA CA 2018 |
2020-03-21 - 2022-03-30 |
2 years | crt.sh |
*.lambonadasdegalicia.club R3 |
2022-01-31 - 2022-05-01 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html
Frame ID: 9CF46654C2E91614F9663B8C1FFD52DB
Requests: 26 HTTP requests in this frame
Screenshot
Page Title
Log in to Online BankingPage URL History Show full URLs
- http://vpcia.com.br/wp-admin/plugin.php Page URL
- https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verificat... Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://vpcia.com.br/wp-admin/plugin.php Page URL
- https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
plugin.php
vpcia.com.br/wp-admin/ |
331 B 610 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
twwek.html
sst.opava.cz/wordpress/wp-content/uploads/2019/09/ |
42 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
master.css
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
223 KB 40 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
master_mobile.css
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
47 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
npc.css
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
46 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overlayPromptMaster.css
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
1 KB 516 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overlayPrompt.css
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
76 B 123 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.css
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
21 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
panel-defaults.css
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
9 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
2 KB 569 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-2.2.3.js
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
253 KB 73 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
n-w-logo.svg
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
plogo.png
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
error-marker.png
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
white-lock.png
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
285 B 323 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
li5_outer_frame_top_curve.gif
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
5 KB 5 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
radio-selected.png
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
RNHouseSansW05-Regular.woff2
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
RNHouseSansW05-Bold.woff2
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
check-box.png
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
157 B 194 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
down-chevron.png
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
295 B 333 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
combined-shape.png
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
359 B 397 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
RNHouseSansW05-Bold.woff
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
RNHouseSansW05-Regular.woff
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
RNHouseSansW05-Bold.ttf
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
RNHouseSansW05-Regular.ttf
lambonadasdegalicia.club/wp-includes/IXR/na/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- lambonadasdegalicia.club
- URL
- https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.woff2
- Domain
- lambonadasdegalicia.club
- URL
- https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.woff2
- Domain
- lambonadasdegalicia.club
- URL
- https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.woff
- Domain
- lambonadasdegalicia.club
- URL
- https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.woff
- Domain
- lambonadasdegalicia.club
- URL
- https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.ttf
- Domain
- lambonadasdegalicia.club
- URL
- https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NatWest (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored function| $ function| jQuery function| sd5e95e572 string| k0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
lambonadasdegalicia.club
sst.opava.cz
vpcia.com.br
lambonadasdegalicia.club
200.98.190.65
213.155.232.66
51.83.52.225
043d64ad39164b2b6d031cbaf82d44542b3904b814ffb4ae9738f0953e32f143
258b07e0e514a4714099f1f345a3333f7338589e19413a06ccd319e7436d3e4b
27f324f2ad60091d5e8f76adfef83f9122dc8aa8df29d0a8d970bfe06aaa5005
42e70c32efffee33a1d8bddf152d6b754fa8abb83c6166444b8d41b217d9dae6
4f5a022467e927b5b385cc335e58434a49bad0520ed018fc059075069d695c79
762a7161fafb519ada43534e1e4aa7fd8f5ae402d21cdbb3aff8ff569b29ad6a
7960e821069d9da7073b2f14ee920bb25084cd2ab79ccad46f735772ae3d0f3b
81f2ad4f142602793f02bfd7c8da05a126127a3711516bbb7c967a0c510bbb41
8d667d58aa56215b23d233ade3af0c7f6b7962c75410d6c103e0c324e4e958ca
95a5d6b46c9da70a89f0903e5fdc769a2c266a22a19fcb5598e5448a044db4fe
b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2
b618b1630fe11a6fee0232601cc91ac7e7cd56ec8d4ab7353846e493d8764778
d1c878b4e69d9da5292c53b1f46708de74c435144895bdfd697208406466a814
d2955b58d801a021737f025d1716a68fd2a143ddac3e0b749fcc053deba6e082
d81db57832f4742b67755f90f8c3d37735cb9f58dbb10e312f931343d27552c6
e12d5ccd589774a3edb76dbff05d8629c8e2cf8d74e8841e180a0af000d36593
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef7db794b4a6b5c42d2535919d91fb11da1e5cd1147f35196db382197b35fdee
f2b557317fb851b3ed73c2d8203192e9ed433bd006ca5025ccb3317ef15e1b8d
fd95c8280efb163e28db031c70d09296f3276a3b5170a36fef3c70f3029b3cac