cpanel12wh.bkk1.cloud.z.com
Open in
urlscan Pro
163.44.198.61
Malicious Activity!
Public Scan
Effective URL: https://cpanel12wh.bkk1.cloud.z.com/~cp120902/cgi/de/
Submission: On May 19 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 16th 2021. Valid for: a year.
This is the only time cpanel12wh.bkk1.cloud.z.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ING Group (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 69.64.71.154 69.64.71.154 | 18501 (CODERO-DFW) (CODERO-DFW) | |
1 | 163.44.198.61 163.44.198.61 | 135161 (GMO-Z-COM...) (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co.) | |
1 | 2 |
ASN135161 (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., SG)
PTR: cpanel12wh.bkk1.cloud.z.com
cpanel12wh.bkk1.cloud.z.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
ffrd.ae
2 redirects
ffrd.ae |
515 B |
1 |
z.com
cpanel12wh.bkk1.cloud.z.com |
1 MB |
1 | 2 |
Domain | Requested by | |
---|---|---|
2 | ffrd.ae | 2 redirects |
1 | cpanel12wh.bkk1.cloud.z.com | |
1 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www |
www.ing.jobs |
www. |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cpanel12wh.bkk1.cloud.z.com cPanel, Inc. Certification Authority |
2021-07-16 - 2022-07-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cpanel12wh.bkk1.cloud.z.com/~cp120902/cgi/de/
Frame ID: 7FFA55DD5085C373CA4745DC36CED701
Requests: 5 HTTP requests in this frame
Screenshot
Page Title
DiBaPage URL History Show full URLs
-
http://ffrd.ae/cgi
HTTP 301
http://ffrd.ae/cgi/ HTTP 302
https://cpanel12wh.bkk1.cloud.z.com/~cp120902/cgi/de/ Page URL
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Mehr erfahren
Search URL Search Domain Scan URL
Title: Karriere
Search URL Search Domain Scan URL
Title: Vertriebspartner
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://ffrd.ae/cgi
HTTP 301
http://ffrd.ae/cgi/ HTTP 302
https://cpanel12wh.bkk1.cloud.z.com/~cp120902/cgi/de/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
1 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
cpanel12wh.bkk1.cloud.z.com/~cp120902/cgi/de/ Redirect Chain
|
1 MB 1 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
16 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
29 KB 29 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
44 KB 44 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
30 KB 30 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ING Group (Banking)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| savepage_ShadowLoader object| buttonLogin1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cpanel12wh.bkk1.cloud.z.com/ | Name: PHPSESSID Value: 9223d9c513c7a604007807b0375e0acf |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cpanel12wh.bkk1.cloud.z.com
ffrd.ae
163.44.198.61
69.64.71.154
36667ffd03b80dc8203f271c84ffb4a652a1c85f2f21c2d7d4bc4b8b29a88847
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
7e362edc89511035077a0331efeb759c90c5be84d979b98173c1b86397c47ca0
9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155