sst.opava.cz Open in urlscan Pro
213.155.232.66 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://vpcia.com.br/wp-admin/plugin.php
Effective URL:
https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html
Submission: On March 03 via manual (March 3rd 2022, 10:50:31 am UTC) from GB — Scanned from GB

Summary HTTP 26 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 26 HTTP transactions. The main IP is 213.155.232.66, located in Opava, Czech Republic and belongs to NETBOX-AS NETBOX Autonomous system, CZ. The main domain is sst.opava.cz.
TLS certificate: Issued by RapidSSL RSA CA 2018 on March 21st 2020. Valid for: 2 years.

This is the only time sst.opava.cz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NatWest (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	200.98.190.65 200.98.190.65	7162 (Universo ...) (Universo Online S.A.)
1	213.155.232.66 213.155.232.66	31246 (NETBOX-AS...) (NETBOX-AS NETBOX Autonomous system)
18	51.83.52.225 51.83.52.225	16276 (OVH) (OVH)
26	4

1 200.98.190.65 (Brazil)

ASN7162 (Universo Online S.A., BR)
PTR: opweb0008.servidorwebfacil.com

vpcia.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.155.232.66 (Opava, Czech Republic)

ASN31246 (NETBOX-AS NETBOX Autonomous system, CZ)
PTR: pc232-66.opanet.cz

sst.opava.cz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 51.83.52.225 (Lugo, Spain)

ASN16276 (OVH, FR)
PTR: com335.raiolanetworks.es

lambonadasdegalicia.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	lambonadasdegalicia.club lambonadasdegalicia.club	157 KB
1	opava.cz sst.opava.cz	11 KB
1	vpcia.com.br vpcia.com.br	610 B
26	3

	Domain	Requested by
18	lambonadasdegalicia.club	sst.opava.cz lambonadasdegalicia.club
1	sst.opava.cz
1	vpcia.com.br
26	3

This site contains no links.

Subject Issuer	Validity	Valid
sst.opava.cz RapidSSL RSA CA 2018	`2020-03-21` - `2022-03-30`	2 years	crt.sh
*.lambonadasdegalicia.club R3	`2022-01-31` - `2022-05-01`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html
Frame ID: 9CF46654C2E91614F9663B8C1FFD52DB
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log in to Online Banking

Page URL History Show full URLs

http://vpcia.com.br/wp-admin/plugin.php Page URL
https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verificat... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

26
Requests

73 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

169 kB
Transfer

665 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://vpcia.com.br/wp-admin/plugin.php Page URL
https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	plugin.php Show response vpcia.com.br/wp-admin/	331 B 610 B	892ms 207ms	Document text/html	200.98.190.65 Universo Online S.A.
General Check archive.org Show headers Download Go to Full URL http://vpcia.com.br/wp-admin/plugin.php Protocol HTTP/1.1 Server 200.98.190.65 , Brazil, ASN7162 (Universo Online S.A., BR), Reverse DNS opweb0008.servidorwebfacil.com Software Microsoft-IIS/8.0 / ASP.NET Resource Hash `fd95c8280efb163e28db031c70d09296f3276a3b5170a36fef3c70f3029b3cac` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language en-GB,en;q=0.9 Response headers Content-Type text/html Content-Encoding gzip Vary Accept-Encoding Server Microsoft-IIS/8.0 X-Powered-By ASP.NET X-Powered-By-Plesk PleskWin Date Thu, 03 Mar 2022 10:50:25 GMT Content-Length 381
GET H/1.1	200 OK	Primary Request twwek.html Show response sst.opava.cz/wordpress/wp-content/uploads/2019/09/	42 KB 11 KB	436ms 185ms	Document text/html	213.155.232.66 NETBOX-AS NETBOX ...
General Check archive.org Show headers Download Go to Full URL https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 213.155.232.66 Opava, Czech Republic, ASN31246 (NETBOX-AS NETBOX Autonomous system, CZ), Reverse DNS pc232-66.opanet.cz Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `e12d5ccd589774a3edb76dbff05d8629c8e2cf8d74e8841e180a0af000d36593` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language en-GB,en;q=0.9 Referer http://vpcia.com.br/ Response headers Content-Type text/html Content-Encoding gzip Last-Modified Wed, 02 Mar 2022 11:29:32 GMT Accept-Ranges bytes ETag "4bf75c9282ed81:0" Vary Accept-Encoding Server Microsoft-IIS/8.5 X-Powered-By ASP.NET Date Thu, 03 Mar 2022 10:52:45 GMT Content-Length 11038
GET H2	200	master.css lambonadasdegalicia.club/wp-includes/IXR/na/media/	223 KB 40 KB	381ms 225ms	Stylesheet text/css	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/master.css Requested by Host: sst.opava.cz URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `7960e821069d9da7073b2f14ee920bb25084cd2ab79ccad46f735772ae3d0f3b` Request headers Accept-Language en-GB,en;q=0.9 Referer https://sst.opava.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 10:50:26 GMT content-encoding br referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "37d6e-5f3baf5a-0;br" vary Accept-Encoding content-type text/css cache-control public, max-age=31536000 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 40925 expires Fri, 03 Mar 2023 10:50:26 GMT
GET H2	200	master_mobile.css lambonadasdegalicia.club/wp-includes/IXR/na/media/	47 KB 11 KB	276ms 121ms	Stylesheet text/css	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/master_mobile.css Requested by Host: sst.opava.cz URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `762a7161fafb519ada43534e1e4aa7fd8f5ae402d21cdbb3aff8ff569b29ad6a` Request headers Accept-Language en-GB,en;q=0.9 Referer https://sst.opava.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 10:50:26 GMT content-encoding br referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "bc61-5f3baf5a-0;br" vary Accept-Encoding content-type text/css cache-control public, max-age=31536000 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 11336 expires Fri, 03 Mar 2023 10:50:26 GMT
GET H2	200	npc.css lambonadasdegalicia.club/wp-includes/IXR/na/media/	46 KB 9 KB	523ms 368ms	Stylesheet text/css	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css Requested by Host: sst.opava.cz URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `b618b1630fe11a6fee0232601cc91ac7e7cd56ec8d4ab7353846e493d8764778` Request headers Accept-Language en-GB,en;q=0.9 Referer https://sst.opava.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 10:50:26 GMT content-encoding br referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "b8de-5f3baf5a-0;br" vary Accept-Encoding content-type text/css cache-control public, max-age=31536000 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 9296 expires Fri, 03 Mar 2023 10:50:26 GMT
GET H2	200	overlayPromptMaster.css lambonadasdegalicia.club/wp-includes/IXR/na/media/	1 KB 516 B	522ms 367ms	Stylesheet text/css	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/overlayPromptMaster.css Requested by Host: sst.opava.cz URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `42e70c32efffee33a1d8bddf152d6b754fa8abb83c6166444b8d41b217d9dae6` Request headers Accept-Language en-GB,en;q=0.9 Referer https://sst.opava.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 10:50:26 GMT content-encoding br referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "562-5f3baf5a-0;br" vary Accept-Encoding content-type text/css cache-control public, max-age=31536000 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 465 expires Fri, 03 Mar 2023 10:50:26 GMT
GET H2	200	overlayPrompt.css lambonadasdegalicia.club/wp-includes/IXR/na/media/	76 B 123 B	277ms 122ms	Stylesheet text/css	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/overlayPrompt.css Requested by Host: sst.opava.cz URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `ef7db794b4a6b5c42d2535919d91fb11da1e5cd1147f35196db382197b35fdee` Request headers Accept-Language en-GB,en;q=0.9 Referer https://sst.opava.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 10:50:26 GMT referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "4c-5f3baf5a-0;;;" content-type text/css cache-control public, max-age=31536000 accept-ranges bytes content-length 76 expires Fri, 03 Mar 2023 10:50:26 GMT
GET H2	200	font-awesome.css lambonadasdegalicia.club/wp-includes/IXR/na/media/	21 KB 5 KB	523ms 369ms	Stylesheet text/css	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/font-awesome.css Requested by Host: sst.opava.cz URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `043d64ad39164b2b6d031cbaf82d44542b3904b814ffb4ae9738f0953e32f143` Request headers Accept-Language en-GB,en;q=0.9 Referer https://sst.opava.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 10:50:26 GMT content-encoding br referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "55b3-5f3baf5a-0;br" vary Accept-Encoding content-type text/css cache-control public, max-age=31536000 accept-ranges bytes content-length 4725 expires Fri, 03 Mar 2023 10:50:26 GMT
GET H2	200	panel-defaults.css lambonadasdegalicia.club/wp-includes/IXR/na/media/	9 KB 2 KB	277ms 123ms	Stylesheet text/css	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/panel-defaults.css Requested by Host: sst.opava.cz URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `258b07e0e514a4714099f1f345a3333f7338589e19413a06ccd319e7436d3e4b` Request headers Accept-Language en-GB,en;q=0.9 Referer https://sst.opava.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 10:50:26 GMT content-encoding br referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "2545-5f3baf5a-0;br" vary Accept-Encoding content-type text/css cache-control public, max-age=31536000 accept-ranges bytes content-length 1801 expires Fri, 03 Mar 2023 10:50:26 GMT
GET H2	200	main.css lambonadasdegalicia.club/wp-includes/IXR/na/media/	2 KB 569 B	277ms 123ms	Stylesheet text/css	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/main.css Requested by Host: sst.opava.cz URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `81f2ad4f142602793f02bfd7c8da05a126127a3711516bbb7c967a0c510bbb41` Request headers Accept-Language en-GB,en;q=0.9 Referer https://sst.opava.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 10:50:26 GMT content-encoding br referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "925-5f3baf5a-0;br" vary Accept-Encoding content-type text/css cache-control public, max-age=31536000 accept-ranges bytes content-length 519 expires Fri, 03 Mar 2023 10:50:26 GMT
GET H2	200	jquery-2.2.3.js Show response lambonadasdegalicia.club/wp-includes/IXR/na/media/	253 KB 73 KB	523ms 369ms	Script application/x-javascript	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/jquery-2.2.3.js Requested by Host: sst.opava.cz URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `95a5d6b46c9da70a89f0903e5fdc769a2c266a22a19fcb5598e5448a044db4fe` Request headers Accept-Language en-GB,en;q=0.9 Referer https://sst.opava.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 10:50:26 GMT content-encoding br referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "3f258-5f3baf5a-0;br" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=31536000 accept-ranges bytes content-length 74654 expires Fri, 03 Mar 2023 10:50:26 GMT
GET H2	200	n-w-logo.svg lambonadasdegalicia.club/wp-includes/IXR/na/media/	5 KB 2 KB	238ms 236ms	Image image/svg+xml	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/n-w-logo.svg Requested by Host: sst.opava.cz URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `8d667d58aa56215b23d233ade3af0c7f6b7962c75410d6c103e0c324e4e958ca` Request headers Accept-Language en-GB,en;q=0.9 Referer https://sst.opava.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 10:50:26 GMT content-encoding br referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "1308-5f3baf5a-0;br" vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=31536000 accept-ranges bytes content-length 1582 expires Fri, 03 Mar 2023 10:50:26 GMT
GET H3	200	plogo.png lambonadasdegalicia.club/wp-includes/IXR/na/media/	6 KB 6 KB	52ms 52ms	Image image/png	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/plogo.png Requested by Host: sst.opava.cz URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Protocol H3 Security QUIC, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `f2b557317fb851b3ed73c2d8203192e9ed433bd006ca5025ccb3317ef15e1b8d` Request headers Accept-Language en-GB,en;q=0.9 Referer https://sst.opava.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 10:50:27 GMT referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "162f-5f3baf5a-0;;;" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 5679 expires Fri, 03 Mar 2023 10:50:27 GMT
GET H3	200	error-marker.png lambonadasdegalicia.club/wp-includes/IXR/na/media/	1 KB 1 KB	51ms 51ms	Image image/png	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/error-marker.png Requested by Host: sst.opava.cz URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Protocol H3 Security QUIC, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `27f324f2ad60091d5e8f76adfef83f9122dc8aa8df29d0a8d970bfe06aaa5005` Request headers Accept-Language en-GB,en;q=0.9 Referer https://sst.opava.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 10:50:27 GMT referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "442-5f3baf5a-0;;;" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 1090 expires Fri, 03 Mar 2023 10:50:27 GMT
GET H3	200	white-lock.png lambonadasdegalicia.club/wp-includes/IXR/na/media/	285 B 323 B	53ms 53ms	Image image/png	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/white-lock.png Requested by Host: lambonadasdegalicia.club URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css Protocol H3 Security QUIC, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2` Request headers Accept-Language en-GB,en;q=0.9 Referer https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 10:50:27 GMT referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "11d-5f3baf5a-0;;;" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 285 expires Fri, 03 Mar 2023 10:50:27 GMT
GET H3	200	li5_outer_frame_top_curve.gif lambonadasdegalicia.club/wp-includes/IXR/na/media/	5 KB 5 KB	53ms 53ms	Image image/gif	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/li5_outer_frame_top_curve.gif Requested by Host: lambonadasdegalicia.club URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/master.css Protocol H3 Security QUIC, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language en-GB,en;q=0.9 Referer https://lambonadasdegalicia.club/wp-includes/IXR/na/media/master.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 10:50:27 GMT referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "4484-5f3baf5a-0;;;" content-type image/gif cache-control public, max-age=31536000 accept-ranges bytes content-length 17540 expires Fri, 03 Mar 2023 10:50:27 GMT
GET H3	200	radio-selected.png lambonadasdegalicia.club/wp-includes/IXR/na/media/	2 KB 2 KB	60ms 59ms	Image image/png	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/radio-selected.png Requested by Host: lambonadasdegalicia.club URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css Protocol H3 Security QUIC, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `d81db57832f4742b67755f90f8c3d37735cb9f58dbb10e312f931343d27552c6` Request headers Accept-Language en-GB,en;q=0.9 Referer https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 10:50:27 GMT referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "661-5f3baf5a-0;;;" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 1633 expires Fri, 03 Mar 2023 10:50:27 GMT
GET		RNHouseSansW05-Regular.woff2 lambonadasdegalicia.club/wp-includes/IXR/na/media/	0 0

GET		RNHouseSansW05-Bold.woff2 lambonadasdegalicia.club/wp-includes/IXR/na/media/	0 0

GET H3	200	check-box.png lambonadasdegalicia.club/wp-includes/IXR/na/media/	157 B 194 B	59ms 58ms	Image image/png	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/check-box.png Requested by Host: lambonadasdegalicia.club URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css Protocol H3 Security QUIC, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `d2955b58d801a021737f025d1716a68fd2a143ddac3e0b749fcc053deba6e082` Request headers Accept-Language en-GB,en;q=0.9 Referer https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 10:50:27 GMT referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "9d-5f3baf5a-0;;;" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 157 expires Fri, 03 Mar 2023 10:50:27 GMT
GET H3	200	down-chevron.png lambonadasdegalicia.club/wp-includes/IXR/na/media/	295 B 333 B	56ms 55ms	Image image/png	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/down-chevron.png Requested by Host: lambonadasdegalicia.club URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css Protocol H3 Security QUIC, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `4f5a022467e927b5b385cc335e58434a49bad0520ed018fc059075069d695c79` Request headers Accept-Language en-GB,en;q=0.9 Referer https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 10:50:27 GMT referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "127-5f3baf5a-0;;;" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 295 expires Fri, 03 Mar 2023 10:50:27 GMT
GET H3	200	combined-shape.png lambonadasdegalicia.club/wp-includes/IXR/na/media/	359 B 397 B	58ms 58ms	Image image/png	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/combined-shape.png Requested by Host: lambonadasdegalicia.club URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css Protocol H3 Security QUIC, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `d1c878b4e69d9da5292c53b1f46708de74c435144895bdfd697208406466a814` Request headers Accept-Language en-GB,en;q=0.9 Referer https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 10:50:27 GMT referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "167-5f3baf5a-0;;;" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 359 expires Fri, 03 Mar 2023 10:50:27 GMT
GET		RNHouseSansW05-Bold.woff lambonadasdegalicia.club/wp-includes/IXR/na/media/	0 0

GET		RNHouseSansW05-Regular.woff lambonadasdegalicia.club/wp-includes/IXR/na/media/	0 0

GET		RNHouseSansW05-Bold.ttf lambonadasdegalicia.club/wp-includes/IXR/na/media/	0 0

GET		RNHouseSansW05-Regular.ttf lambonadasdegalicia.club/wp-includes/IXR/na/media/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: lambonadasdegalicia.club
URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.woff2

Domain: lambonadasdegalicia.club
URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.woff2

Domain: lambonadasdegalicia.club
URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.woff

Domain: lambonadasdegalicia.club
URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.woff

Domain: lambonadasdegalicia.club
URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.ttf

Domain: lambonadasdegalicia.club
URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NatWest (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Message: Access to font at 'https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.woff2' from origin 'https://sst.opava.cz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Message: Access to font at 'https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.woff2' from origin 'https://sst.opava.cz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Message: Access to font at 'https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.woff' from origin 'https://sst.opava.cz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Message: Access to font at 'https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.woff' from origin 'https://sst.opava.cz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Message: Access to font at 'https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.ttf' from origin 'https://sst.opava.cz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://sst.opava.cz/wordpress/wp-content/uploads/2019/09/twwek.html?/NAT_WEST_Customer.verification/error.html Message: Access to font at 'https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.ttf' from origin 'https://sst.opava.cz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.ttf Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lambonadasdegalicia.club
sst.opava.cz
vpcia.com.br
lambonadasdegalicia.club
200.98.190.65
213.155.232.66
51.83.52.225
043d64ad39164b2b6d031cbaf82d44542b3904b814ffb4ae9738f0953e32f143
258b07e0e514a4714099f1f345a3333f7338589e19413a06ccd319e7436d3e4b
27f324f2ad60091d5e8f76adfef83f9122dc8aa8df29d0a8d970bfe06aaa5005
42e70c32efffee33a1d8bddf152d6b754fa8abb83c6166444b8d41b217d9dae6
4f5a022467e927b5b385cc335e58434a49bad0520ed018fc059075069d695c79
762a7161fafb519ada43534e1e4aa7fd8f5ae402d21cdbb3aff8ff569b29ad6a
7960e821069d9da7073b2f14ee920bb25084cd2ab79ccad46f735772ae3d0f3b
81f2ad4f142602793f02bfd7c8da05a126127a3711516bbb7c967a0c510bbb41
8d667d58aa56215b23d233ade3af0c7f6b7962c75410d6c103e0c324e4e958ca
95a5d6b46c9da70a89f0903e5fdc769a2c266a22a19fcb5598e5448a044db4fe
b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2
b618b1630fe11a6fee0232601cc91ac7e7cd56ec8d4ab7353846e493d8764778
d1c878b4e69d9da5292c53b1f46708de74c435144895bdfd697208406466a814
d2955b58d801a021737f025d1716a68fd2a143ddac3e0b749fcc053deba6e082
d81db57832f4742b67755f90f8c3d37735cb9f58dbb10e312f931343d27552c6
e12d5ccd589774a3edb76dbff05d8629c8e2cf8d74e8841e180a0af000d36593
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef7db794b4a6b5c42d2535919d91fb11da1e5cd1147f35196db382197b35fdee
f2b557317fb851b3ed73c2d8203192e9ed433bd006ca5025ccb3317ef15e1b8d
fd95c8280efb163e28db031c70d09296f3276a3b5170a36fef3c70f3029b3cac

sst.opava.cz Open in urlscan Pro 213.155.232.66 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

26 Requests

73 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

3 Countries

169 kBTransfer

665 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

12 Console Messages

Indicators

sst.opava.cz Open in urlscan Pro
213.155.232.66 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

26
Requests

73 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

169 kB
Transfer

665 kB
Size

0
Cookies

26 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!