feit0pravoce.rf.gd
Open in
urlscan Pro
185.27.134.210
Malicious Activity!
Public Scan
Submitted URL: http://bit.ly/2nI0WMb
Effective URL: http://feit0pravoce.rf.gd/?i=2
Submission: On February 23 via automatic, source phishtank
Effective URL: http://feit0pravoce.rf.gd/?i=2
Submission: On February 23 via automatic, source phishtank
Summary
This website contacted 2 IPs
in 3 countries
across 5 domains to perform 12 HTTP transactions.
The main IP is 185.27.134.210, located in
United Kingdom and
belongs to WILDCARD-AS Wildcard UK Limited, GB.
The main domain is feit0pravoce.rf.gd.
This is the only time feit0pravoce.rf.gd was scanned on urlscan.io!
This is the only time feit0pravoce.rf.gd was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco do Brasil (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 2 | 67.199.248.11 67.199.248.11 | 395224 (BITLY-AS) (BITLY-AS - Bitly Inc) | |
| 1 1 | 104.20.219.42 104.20.219.42 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 1 1 | 145.14.144.124 145.14.144.124 | 204915 (AWEX) (AWEX) | |
| 11 | 185.27.134.210 185.27.134.210 | 34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited) | |
| 1 | 216.58.214.42 216.58.214.42 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 12 | 2 |
1
104.20.219.42
(San Francisco, United States)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| tinyurl.com |
11
185.27.134.210
(United Kingdom)
ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
PTR: 21013427185.ifastnet.org
ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
PTR: 21013427185.ifastnet.org
| feit0pravoce.rf.gd |
1
216.58.214.42
(Mountain View, United States)
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s09-in-f10.1e100.net
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s09-in-f10.1e100.net
| ajax.googleapis.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 11 |
rf.gd
feit0pravoce.rf.gd |
515 KB |
| 2 |
bit.ly
2 redirects
bit.ly |
597 B |
| 1 |
googleapis.com
ajax.googleapis.com |
30 KB |
| 1 |
000webhostapp.com
1 redirects
fdgffgfggfdgdfgffdg.000webhostapp.com |
175 B |
| 1 |
tinyurl.com
1 redirects
tinyurl.com |
590 B |
| 12 | 5 |
| Domain | Requested by | |
|---|---|---|
| 11 | feit0pravoce.rf.gd |
feit0pravoce.rf.gd
|
| 2 | bit.ly | 2 redirects |
| 1 | ajax.googleapis.com |
feit0pravoce.rf.gd
|
| 1 | fdgffgfggfdgdfgffdg.000webhostapp.com | 1 redirects |
| 1 | tinyurl.com | 1 redirects |
| 12 | 5 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| bbseguranca.com.br |
| Subject Issuer | Validity | Valid |
|---|
This page contains 1 frames:
Primary Page:
http://feit0pravoce.rf.gd/?i=2
Frame ID: (94F6FA9F77C7BFF7574265CC85F9F3F6)
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://bit.ly/2nI0WMb
HTTP 301
http://tinyurl.com/yd9glmkz HTTP 301
https://fdgffgfggfdgdfgffdg.000webhostapp.com/redir3.php HTTP 302
http://bit.ly/2BwzrNf HTTP 301
http://feit0pravoce.rf.gd/?i=1 Page URL
- http://feit0pravoce.rf.gd/?i=2 Page URL
Detected technologies
Nginx
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- env /^jQuery$/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
URL: http://bbseguranca.com.br/
Title: Segurança
Title: Segurança
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bit.ly/2nI0WMb
HTTP 301
http://tinyurl.com/yd9glmkz HTTP 301
https://fdgffgfggfdgdfgffdg.000webhostapp.com/redir3.php HTTP 302
http://bit.ly/2BwzrNf HTTP 301
http://feit0pravoce.rf.gd/?i=1 Page URL
- http://feit0pravoce.rf.gd/?i=2 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://bit.ly/2nI0WMb HTTP 301
- http://tinyurl.com/yd9glmkz HTTP 301
- https://fdgffgfggfdgdfgffdg.000webhostapp.com/redir3.php HTTP 302
- http://bit.ly/2BwzrNf HTTP 301
- http://feit0pravoce.rf.gd/?i=1
12 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
feit0pravoce.rf.gd/ Redirect Chain
|
829 B 827 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
aes.js
feit0pravoce.rf.gd/ |
30 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
/
feit0pravoce.rf.gd/ |
12 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.css
feit0pravoce.rf.gd/html/ |
89 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
preloader.css
feit0pravoce.rf.gd/html/ |
625 B 717 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
home.png
feit0pravoce.rf.gd/html/ |
74 KB 74 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
icons_home.png
feit0pravoce.rf.gd/html/ |
172 KB 173 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
phone.png
feit0pravoce.rf.gd/html/ |
132 KB 132 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo-bb.gif
feit0pravoce.rf.gd/html/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
preloader.js
feit0pravoce.rf.gd/html/ |
109 B 505 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg.png
feit0pravoce.rf.gd/html/ |
78 KB 79 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco do Brasil (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| enviardados1 function| mascara function| pulacampo function| validar function| mascaracel function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| feit0pravoce.rf.gd/ | Name: __test Value: b431c4e0084262ac7e1c91e2625e7560 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
bit.ly
fdgffgfggfdgdfgffdg.000webhostapp.com
feit0pravoce.rf.gd
tinyurl.com
104.20.219.42
145.14.144.124
185.27.134.210
216.58.214.42
67.199.248.11
01a0585c11241c9099d04c802f4270c23a5dcaede85764c7ad75620cadc2b2e5
27d4d6d5a070432f57921fef06c4a328ad61a4c47a2d47ea56405adac576f05f
4750e9792d75a6819f44b52d36d83818be8df5f57d31196ebf0ca0fad6154759
4cd7282d95cd82048a7e21db24ec12a0d5d7d9cf043167c01015b69a93c3499b
6539573fe9d95d7f4ebc40921b8cedd8580a8cbaa6cc9a93142b6390caa384f2
6b6c753bea104eb8cfc218587749d7f21c1ba397a3e0824d48c125b8207fbdbb
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
b87363359641691039fa1e3633e3615cdab4321b7d432fb3aca953295d18b5d6
d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc
e6840968b8bf56786c5457497407561fdc171c87b16a4afb350a11827ec40129
f35e1b3823322b9be7e35c7b831176ce1e949921434c8428d1c2157cb3954fc0
fa108d009804cc68e49ad4dcce278e0b750663d6316890df626f6d681ae4c3de