dexconsultoria.com.br
Open in
urlscan Pro
185.169.96.240
Malicious Activity!
Public Scan
Effective URL: https://dexconsultoria.com.br/wp-admin/maint/raiffcz/fc3f19d006f47c58644b26c334381358/
Submission Tags: 6855230
Submission: On November 19 via api from NL
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on November 17th 2020. Valid for: 3 months.
This is the only time dexconsultoria.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Raiffeisen Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 103.29.215.207 103.29.215.207 | 58377 (SENTRACOL...) (SENTRACOLO-AS-ID Sentra Niaga Solusindo) | |
2 9 | 185.169.96.240 185.169.96.240 | 207002 (COPAHOST) (COPAHOST) | |
11 | 62.168.6.72 62.168.6.72 | 5588 (GTSCE GTS...) (GTSCE GTS Central Europe / Antel Germany) | |
19 | 3 |
ASN58377 (SENTRACOLO-AS-ID Sentra Niaga Solusindo, PT., ID)
PTR: iix25.sharehostserver.com
huniansyariahkarawang.com |
ASN5588 (GTSCE GTS Central Europe / Antel Germany, CZ)
online.rb.cz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
rb.cz
online.rb.cz |
390 KB |
9 |
dexconsultoria.com.br
2 redirects
dexconsultoria.com.br |
13 KB |
1 |
huniansyariahkarawang.com
huniansyariahkarawang.com |
336 B |
19 | 3 |
Domain | Requested by | |
---|---|---|
11 | online.rb.cz |
dexconsultoria.com.br
online.rb.cz |
9 | dexconsultoria.com.br |
2 redirects
huniansyariahkarawang.com
dexconsultoria.com.br |
1 | huniansyariahkarawang.com | |
19 | 3 |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.huniansyariahkarawang.com Let's Encrypt Authority X3 |
2020-10-15 - 2021-01-13 |
3 months | crt.sh |
dexconsultoria.com.br Let's Encrypt Authority X3 |
2020-11-17 - 2021-02-15 |
3 months | crt.sh |
online.rb.cz DigiCert SHA2 Extended Validation Server CA |
2020-09-21 - 2021-10-23 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://dexconsultoria.com.br/wp-admin/maint/raiffcz/fc3f19d006f47c58644b26c334381358/
Frame ID: B4B6D326FBB8F11DEAEA7EA022C73F37
Requests: 19 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://huniansyariahkarawang.com/aspx.php Page URL
-
https://dexconsultoria.com.br/wp-admin/maint/raiffcz/
HTTP 302
https://dexconsultoria.com.br/wp-admin/maint/raiffcz/fc3f19d006f47c58644b26c334381358 HTTP 301
https://dexconsultoria.com.br/wp-admin/maint/raiffcz/fc3f19d006f47c58644b26c334381358/ Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Angular (JavaScript Frameworks) Expand
Detected patterns
- html /<[^>]+ ng-version="([\d.]+)"/i
LiteSpeed (Web Servers) Expand
Detected patterns
- headers server /^LiteSpeed$/i
Dynatrace (Analytics) Expand
Detected patterns
- script /dtagent.*\.js/i
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Kontakty
Search URL Search Domain Scan URL
Title: Bezpečnost
Search URL Search Domain Scan URL
Title: Nápověda
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://huniansyariahkarawang.com/aspx.php Page URL
-
https://dexconsultoria.com.br/wp-admin/maint/raiffcz/
HTTP 302
https://dexconsultoria.com.br/wp-admin/maint/raiffcz/fc3f19d006f47c58644b26c334381358 HTTP 301
https://dexconsultoria.com.br/wp-admin/maint/raiffcz/fc3f19d006f47c58644b26c334381358/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
aspx.php
huniansyariahkarawang.com/ |
104 B 336 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
dexconsultoria.com.br/wp-admin/maint/raiffcz/fc3f19d006f47c58644b26c334381358/ Redirect Chain
|
13 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dtagent_ICA23STVbgjpqrvx_7000200141014.js
dexconsultoria.com.br/dt/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.3864caecf327e470640d.css
online.rb.cz/gaas/authorize/login/ |
352 KB 62 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gib-fragments.css
online.rb.cz/app/gib/ |
138 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
runtime.4b3e0924272f3f1cd5b3.js
dexconsultoria.com.br/wp-admin/maint/raiffcz/fc3f19d006f47c58644b26c334381358/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
polyfills.a032d72b2e443c1a0dcc.js
dexconsultoria.com.br/wp-admin/maint/raiffcz/fc3f19d006f47c58644b26c334381358/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
scripts.541c83bb9cb6c140515c.js
dexconsultoria.com.br/wp-admin/maint/raiffcz/fc3f19d006f47c58644b26c334381358/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor.8befbc06ed70e2861191.js
dexconsultoria.com.br/wp-admin/maint/raiffcz/fc3f19d006f47c58644b26c334381358/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.c87dea3a4da0b73c1d09.js
dexconsultoria.com.br/wp-admin/maint/raiffcz/fc3f19d006f47c58644b26c334381358/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-background.cf19ccff4c94cf3a2c16.png
online.rb.cz/gaas/authorize/login/ |
86 KB 87 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.9ce9d86f5636d8765042.png
online.rb.cz/gaas/authorize/login/ |
25 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-sms-normal.a1ed23ce8a792dba46ea.png
online.rb.cz/gaas/authorize/login/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-phone-footer.8ec7664941533cb9438d.png
online.rb.cz/gaas/authorize/login/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-mail-info-footer.82d1ba035d285b0df64c.png
online.rb.cz/gaas/authorize/login/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
futuraTEE.587a70c97ad419538b01.woff
online.rb.cz/gaas/authorize/login/ |
27 KB 28 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
futuraTEEBold.35773772d311b90d2553.woff
online.rb.cz/gaas/authorize/login/ |
27 KB 28 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ionicons.e9f4c425fc377740601b.ttf
online.rb.cz/gaas/authorize/login/ |
184 KB 109 KB |
Font
application/x-font-ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FuturaTOT-Demi.6ad65ef59592bd4999f1.woff
online.rb.cz/gaas/authorize/login/ |
19 KB 21 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Raiffeisen Bank (Banking)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dexconsultoria.com.br
huniansyariahkarawang.com
online.rb.cz
103.29.215.207
185.169.96.240
62.168.6.72
0679c87b2cfcf6ce33093fa7ee14fa86a839f3f926a986e1b8b1d962ef3f0efa
0ee076fb765d7807b041a3a2685e7f052697c8a98db482ad12cd2a3135a3caaa
12a6b5848128ba46738b38fae3d992d0f36f5cdd96e69ed5921930bf53169b85
719f26fb69aac9f34d13884d48f71111087e07b6e1d353664c51a0aa4fe629b2
8a8067e4fed2986015959737f21f40485f01d2e372e3b477322192dcb472773b
8dcb5ed98908a77419bf8fb3943868fb74cefb4816c2165dfa327228cff7f2e7
abc9ebbeedf0999677259492736ed26cd3cc45055c9dc2868d1301d17fcbf7b4
b8dd58974b55e168d63e43fdfc9c21b49e51542a1d6f2d4f0f726587a8763e54
c9b82a008c17eb547ed2993d77b1ae642f4c7743f85b6b5f1fb897996182a888
eb9fdbac922d904b0128f15c23b3544c9a65e3d41f76e32da88f9f1725d4ba2f
f7c9b9e3268768128bcc27bff0af10777b1b8e2539b39d572629ee1adec71a60
fc80a2fa4ff49793f5243bb5a6a0a2b2c3ded73a4681b8294fc080645936b963
fe7c86efca3c58748cc556871ecf13f680d7157e1706112fa43ad283c8aa05df