cpanel12wh.bkk1.cloud.z.com

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 1 HTTP transactions. The main IP is 163.44.198.61, located in Bangkok, Thailand and belongs to GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., SG. The main domain is cpanel12wh.bkk1.cloud.z.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 16th 2021. Valid for: a year.

This is the only time cpanel12wh.bkk1.cloud.z.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 2	69.64.71.154 69.64.71.154	18501 (CODERO-DFW) (CODERO-DFW)
1	163.44.198.61 163.44.198.61	135161 (GMO-Z-COM...) (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co.)
1	2

2 69.64.71.154 (United States) 2 redirects

ASN18501 (CODERO-DFW, US)
PTR: server.esmarthosts.com

ffrd.ae	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.44.198.61 (Bangkok, Thailand)

ASN135161 (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., SG)
PTR: cpanel12wh.bkk1.cloud.z.com

cpanel12wh.bkk1.cloud.z.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	ffrd.ae 2 redirects ffrd.ae	515 B
1	z.com cpanel12wh.bkk1.cloud.z.com	1 MB
1	2

	Domain	Requested by
2	ffrd.ae	2 redirects
1	cpanel12wh.bkk1.cloud.z.com
1	2

This site contains links to these domains. Also see Links.

Domain
www
www.ing.jobs
www.

Subject Issuer	Validity	Valid
cpanel12wh.bkk1.cloud.z.com cPanel, Inc. Certification Authority	`2021-07-16` - `2022-07-16`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://cpanel12wh.bkk1.cloud.z.com/~cp120902/cgi/de/
Frame ID: 7FFA55DD5085C373CA4745DC36CED701
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DiBa

Page URL History Show full URLs

http://ffrd.ae/cgi HTTP 301
http://ffrd.ae/cgi/ HTTP 302
https://cpanel12wh.bkk1.cloud.z.com/~cp120902/cgi/de/ Page URL

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1348 kB
Transfer

1363 kB
Size

1
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www/
Title: Mehr erfahren

Search URL Search Domain Scan URL

URL: https://www.ing.jobs/Deutschland/home.htm
Title: Karriere

Search URL Search Domain Scan URL

URL: https://www./
Title: Vertriebspartner

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ffrd.ae/cgi HTTP 301
http://ffrd.ae/cgi/ HTTP 302
https://cpanel12wh.bkk1.cloud.z.com/~cp120902/cgi/de/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response cpanel12wh.bkk1.cloud.z.com/~cp120902/cgi/de/ Redirect Chain http://ffrd.ae/cgi http://ffrd.ae/cgi/ https://cpanel12wh.bkk1.cloud.z.com/~cp120902/cgi/de/	1 MB 1 MB	3123ms 2036ms	Document text/html	163.44.198.61 GMO-Z-COM-TH GMO-...
General Check archive.org Show headers Download Go to Full URL https://cpanel12wh.bkk1.cloud.z.com/~cp120902/cgi/de/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 163.44.198.61 Bangkok, Thailand, ASN135161 (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., SG), Reverse DNS cpanel12wh.bkk1.cloud.z.com Software Apache / PHP/7.3.29 Resource Hash `7e362edc89511035077a0331efeb759c90c5be84d979b98173c1b86397c47ca0` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Thu, 19 May 2022 13:54:15 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Server Apache Transfer-Encoding chunked X-Powered-By PHP/7.3.29 Redirect headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Thu, 19 May 2022 13:54:14 GMT Keep-Alive timeout=5, max=99 Location https://cpanel12wh.bkk1.cloud.z.com/~cp120902/cgi/de/ Server Apache Transfer-Encoding chunked
GET DATA	200 OK	truncated /	16 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	29 KB 29 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155` Request headers Referer Origin https://cpanel12wh.bkk1.cloud.z.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36 Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated /	44 KB 44 KB		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `36667ffd03b80dc8203f271c84ffb4a652a1c85f2f21c2d7d4bc4b8b29a88847` Request headers Referer Origin https://cpanel12wh.bkk1.cloud.z.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36 Response headers Content-Type application/x-font-woff
GET DATA	200 OK	truncated /	30 KB 30 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e` Request headers Referer Origin https://cpanel12wh.bkk1.cloud.z.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36 Response headers Content-Type application/font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cpanel12wh.bkk1.cloud.z.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 9223d9c513c7a604007807b0375e0acf

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cpanel12wh.bkk1.cloud.z.com
ffrd.ae
163.44.198.61
69.64.71.154
36667ffd03b80dc8203f271c84ffb4a652a1c85f2f21c2d7d4bc4b8b29a88847
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
7e362edc89511035077a0331efeb759c90c5be84d979b98173c1b86397c47ca0
9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155

cpanel12wh.bkk1.cloud.z.com Open in urlscan Pro 163.44.198.61 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

1 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

1348 kBTransfer

1363 kBSize

1 Cookies

3 Outgoing links

Page URL History

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

1 Cookies

Indicators

cpanel12wh.bkk1.cloud.z.com Open in urlscan Pro
163.44.198.61 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1348 kB
Transfer

1363 kB
Size

1
Cookies

1 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!