dlly.com.br
Open in
urlscan Pro
162.241.203.136
Malicious Activity!
Public Scan
Effective URL: http://dlly.com.br/aus/anz/login.php?cmd=login_submit&id=a4328673e4f67a4b3a9bd8f0904842d6a4328673e4f67a4b3a9bd8f090...
Submission: On June 05 via manual from AU — Scanned from AU
Summary
This is the only time dlly.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ANZ Bank (Banking) Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 12 | 162.241.203.136 162.241.203.136 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
1 1 | 13.33.88.53 13.33.88.53 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 185.199.111.153 185.199.111.153 | 54113 (FASTLY) (FASTLY) | |
12 | 2 |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 162-241-203-136.unifiedlayer.com
dlly.com.br |
ASN16509 (AMAZON-02, US)
PTR: server-13-33-88-53.sin2.r.cloudfront.net
www.sitepoint.com |
ASN54113 (FASTLY, US)
PTR: cdn-185-199-111-153.github.com
i2.sitepoint.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
dlly.com.br
1 redirects
dlly.com.br |
56 KB |
2 |
sitepoint.com
1 redirects
www.sitepoint.com — Cisco Umbrella Rank: 211688 i2.sitepoint.com |
6 KB |
12 | 2 |
Domain | Requested by | |
---|---|---|
12 | dlly.com.br |
1 redirects
dlly.com.br
|
1 | i2.sitepoint.com |
dlly.com.br
|
1 | www.sitepoint.com | 1 redirects |
12 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://dlly.com.br/aus/anz/login.php?cmd=login_submit&id=a4328673e4f67a4b3a9bd8f0904842d6a4328673e4f67a4b3a9bd8f0904842d6&session=a4328673e4f67a4b3a9bd8f0904842d6a4328673e4f67a4b3a9bd8f0904842d6
Frame ID: C68CB379A80098374B8072F8B49D93C3
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
ANZ Internet BankingPage URL History Show full URLs
-
http://dlly.com.br/aus/anz/index.php
HTTP 302
http://dlly.com.br/aus/anz/login.php?cmd=login_submit&id=a4328673e4f67a4b3a9bd8f0904842d6a43286... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://dlly.com.br/aus/anz/index.php
HTTP 302
http://dlly.com.br/aus/anz/login.php?cmd=login_submit&id=a4328673e4f67a4b3a9bd8f0904842d6a4328673e4f67a4b3a9bd8f0904842d6&session=a4328673e4f67a4b3a9bd8f0904842d6a4328673e4f67a4b3a9bd8f0904842d6 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js HTTP 301
- https://i2.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
dlly.com.br/aus/anz/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MaskedPassword.js
i2.sitepoint.com/examples/password/MaskedPassword/ Redirect Chain
|
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
az1.png
dlly.com.br/aus/anz/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
az2.png
dlly.com.br/aus/anz/images/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
az3.png
dlly.com.br/aus/anz/images/ |
17 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
az4.png
dlly.com.br/aus/anz/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
az5.png
dlly.com.br/aus/anz/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
az6.png
dlly.com.br/aus/anz/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
az7.png
dlly.com.br/aus/anz/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
az8.png
dlly.com.br/aus/anz/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
az9.png
dlly.com.br/aus/anz/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.png
dlly.com.br/aus/anz/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ANZ Bank (Banking) Generic (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend function| MaskedPassword function| unhideBody0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dlly.com.br
i2.sitepoint.com
www.sitepoint.com
13.33.88.53
162.241.203.136
185.199.111.153
2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825
61d4e36740d025c03a57f4d92805dd60eab90e27dffeb69e9f0e5338e99fb948
623764ee734582378c43ad20b1794ab166bb7fe22c1b3255a9d8ffb9260910f3
62c01c0e16e3c8fd43a77c36839cb7d1acab65e757142d5407b6514f6229eadc
6dbe763148af635e4d3efaef8c60c44aea21752e80f810acee8098aa7525367e
789d9ab5cc9f3d773009062cfe1f924d83cf95b029250bfe7ef9f710ad4d6be9
80981446a56ab33f13c9c58900dfe0cd18ad02240bd35429d811866bd67fc4e8
8ca336ee55c81584bc95eef71873a167e8703b1fd9986cf426680886287b3e58
9c2f9bb2f65d24597ea540114acc5566e0cf299aba6be3ce4647d37f8ebfc1dc
b66962fe46b6266dbce8b97e693d305212d89f5de50dfd809231c36386cd7d9d
ea6b6ac00dd9c355dda8d08adef7ac5456a02a6621bb31fd730e97fa360fc842
f5093dbea091d41c474e66e72b6df617ccd8a002c673dfe3afb2f1737bbbee16