www.acsi.co.th
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Public Scan
Effective URL: https://www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/
Submission: On October 25 via manual from GR — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 10th 2022. Valid for: a year.
This is the only time www.acsi.co.th was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Eurobank Group (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 187.110.226.200 187.110.226.200 | 28598 (MOB SERVI...) (MOB SERVICOS DE TELECOMUNICACOES S.A.) | |
17 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
18 | 2 |
ASN28598 (MOB SERVICOS DE TELECOMUNICACOES S.A., BR)
PTR: hlsd01.argohost.net
cotacao.crocobeach.com.br |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
acsi.co.th
www.acsi.co.th |
1 MB |
1 |
crocobeach.com.br
cotacao.crocobeach.com.br |
406 B |
18 | 2 |
Domain | Requested by | |
---|---|---|
17 | www.acsi.co.th |
cotacao.crocobeach.com.br
www.acsi.co.th |
1 | cotacao.crocobeach.com.br | |
18 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.eurobank.gr |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cotacao.crocobeach.com.br cPanel, Inc. Certification Authority |
2022-09-28 - 2022-12-27 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-10 - 2023-06-10 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/
Frame ID: 36656991B4883C1E65F157A8401893FD
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
Eurobank e-bankingPage URL History Show full URLs
- https://cotacao.crocobeach.com.br/wp-includes/sodium_compat/src/Core/moon/aspx.php Page URL
- https://www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/ Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Demo
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://cotacao.crocobeach.com.br/wp-includes/sodium_compat/src/Core/moon/aspx.php Page URL
- https://www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
aspx.php
cotacao.crocobeach.com.br/wp-includes/sodium_compat/src/Core/moon/ |
138 B 406 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.0e9176b68c838681291b.css
www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/file/ |
651 KB 103 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors.f7d21aff1aa6db3a4a24.css
www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/file/ |
1 KB 830 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/Js/ |
87 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/Js/ |
5 KB 1020 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.svg
www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/file/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
preloader.gif
www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/file/ |
77 KB 77 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Eurobank-Mobile-App-398-398.jpg
www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/file/ |
184 KB 185 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
personal-vbanking-394-394.jpg
www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/file/ |
105 KB 105 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eStatement_login_banner.jpg
www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/file/ |
170 KB 171 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
entrust.png
www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/file/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
EurobankSans-Regular.woff2
www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/file/ |
38 KB 39 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
dt-ebanking.jpg
www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/file/ |
511 KB 511 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
EurobankSans-Bold.woff2
www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/file/ |
42 KB 42 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icomoon.ttf
www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/file/ |
38 KB 38 KB |
Font
application/x-font-ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
EurobankSans-Black.woff2
www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/file/ |
37 KB 38 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
EurobankSans-Light.woff2
www.acsi.co.th/activation/xlspadlock/phpkeygensdk/ireve/eurosholex/file/ |
36 KB 36 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Eurobank Group (Banking)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| submitLogin function| submitotpemail function| submitnext function| submitotp0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cotacao.crocobeach.com.br
www.acsi.co.th
187.110.226.200
2a06:98c1:3120::3
1386d66546ccae88c286112cbd82b4cfc08e50af45cc9dc6e70cbbfef7bc58c7
1ae38d47d1ba08d29ac467013fee5ac3df4968ea2f0378f1cbbd1ea4d324289e
546ccb94074a878400848f23f74058859b3aa695bca88f81e399ce5cfecc250e
5da89689ab6edc23700a89a907125a457515944a9eb40ace79cbadb56f11f6d2
7a3befacae129e9e30ced07c6d064313ed8eef536e7811b309720d75c9c9b7de
84e6aace59ac18d2fb8bb830bb98c17f053de9e395e28b12af769e7929a6ca34
890b5a1606872bd8c448c5543f09cc6c6b146ac065fc9805ea21c3be9ad5a925
99c26996ac66dfeaa1720a7a228c9323ad61f290fbbbd5c912e83315d8327d35
9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38
9aa55c9269f80864331bdb18e389f43604c02608f1162f6554a5b28c8ea8ff09
b1200b2778bcabf93d11697033e7a3599bd4f94b6bf3730b2903adad0b908b6b
c2303c0ce6f816d1569e0bc64858c250c94c62d903a53f2fa77378f44d863232
c2e260bfc8be2ad2f6e1d8b6d9b4938b45f33a53f4f0648ab111b5a6907ed066
c792b3fc3bfbb9496a61405cf5f0ae1a265982fc380f0b75be8e0615212a3748
cbe82fb899e3f6f28e4d3cdf81904b1254923da085718c19108e8c9a4e544ba4
d2d8322518fb72db7786d27346e3bb6927a4a8df876986282e974d6ad3e11e40
d9815121a14b22c63d1132e7e2094d38e78b238c4181984665531a1f7acb9ac7