monteroraimafm.com.br

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 5 HTTP transactions. The main IP is 69.162.109.242, located in Dallas, United States and belongs to LIMESTONENETWORKS - Limestone Networks, Inc., US. The main domain is monteroraimafm.com.br.

This is the only time monteroraimafm.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNZ Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	124.81.121.32 124.81.121.32	4795 (INDOSATM2...) (INDOSATM2-ID INDOSATM2 ASN)
4	69.162.109.242 69.162.109.242	46475 (LIMESTONE...) (LIMESTONENETWORKS - Limestone Networks)
5	2

1 124.81.121.32 (Indonesia)

ASN4795 (INDOSATM2-ID INDOSATM2 ASN, ID)

art.maranatha.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.162.109.242 (Dallas, United States)

ASN46475 (LIMESTONENETWORKS - Limestone Networks, Inc., US)
PTR: 242-109-162-69.static.reverse.lstn.net

monteroraimafm.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	monteroraimafm.com.br monteroraimafm.com.br	42 KB
1	maranatha.edu art.maranatha.edu	377 B
5	2

	Domain	Requested by
4	monteroraimafm.com.br	art.maranatha.edu monteroraimafm.com.br
1	art.maranatha.edu
5	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://monteroraimafm.com.br//bnz/
Frame ID: 87DB1DD9AC3ABAA4F6281B1147516A35
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://art.maranatha.edu/wp-content/bnzer/bnz.html Page URL
http://monteroraimafm.com.br//bnz/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Pure CSS (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+(?:([\d.])+\/)?pure(?:-min)?\.css/i

Page Statistics

5
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

43 kB
Transfer

55 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://art.maranatha.edu/wp-content/bnzer/bnz.html Page URL
http://monteroraimafm.com.br//bnz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	bnz.html Show response art.maranatha.edu/wp-content/bnzer/	85 B 377 B	368ms 186ms	Document text/html	124.81.121.32 INDOSATM2-ID INDO...
General Check archive.org Show headers Download Go to Full URL http://art.maranatha.edu/wp-content/bnzer/bnz.html Protocol HTTP/1.1 Server 124.81.121.32 , Indonesia, ASN4795 (INDOSATM2-ID INDOSATM2 ASN, ID), Reverse DNS Software nginx/1.7.5 / Resource Hash `559798c0b4ee89c98d3dee8ee6922080a8d1aa2350edf6d93a544b78e459964f` Request headers Host art.maranatha.edu Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Server nginx/1.7.5 Date Sun, 23 Sep 2018 22:35:06 GMT Content-Type text/html Content-Length 85 Connection keep-alive Last-Modified Sun, 23 Sep 2018 18:25:05 GMT ETag "2c0a84-55-5768dfddae240" Accept-Ranges bytes Vary Accept-Encoding Front-End-Https off
GET H/1.1	200 OK	Primary Request / Show response monteroraimafm.com.br//bnz/	2 KB 1 KB	254ms 128ms	Document text/html	69.162.109.242 Limestone Networks
General Check archive.org Show headers Download Go to Full URL http://monteroraimafm.com.br//bnz/ Requested by Host: art.maranatha.edu URL: http://art.maranatha.edu/wp-content/bnzer/bnz.html Protocol HTTP/1.1 Server 69.162.109.242 Dallas, United States, ASN46475 (LIMESTONENETWORKS - Limestone Networks, Inc., US), Reverse DNS 242-109-162-69.static.reverse.lstn.net Software Apache/2.4.20 (Unix) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 / Resource Hash `c9ce6af8a0f3ebbb4bc812c7193dee54f4f364dc4c1176c78860d2a4c74a4c4d` Request headers Host monteroraimafm.com.br Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://art.maranatha.edu/wp-content/bnzer/bnz.html Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://art.maranatha.edu/wp-content/bnzer/bnz.html Response headers Date Sun, 23 Sep 2018 22:54:49 GMT Server Apache/2.4.20 (Unix) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 Last-Modified Sun, 23 Sep 2018 18:10:52 GMT Accept-Ranges none Vary Accept-Encoding Content-Encoding gzip Cache-Control max-age=0, public Expires Sun, 23 Sep 2018 22:54:49 GMT Content-Length 876 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	pure-min.css monteroraimafm.com.br//bnz/	17 KB 4 KB	128ms 128ms	Stylesheet text/css	69.162.109.242 Limestone Networks
General Check archive.org Show headers Download Go to Full URL http://monteroraimafm.com.br//bnz/pure-min.css Requested by Host: monteroraimafm.com.br URL: http://monteroraimafm.com.br//bnz/ Protocol HTTP/1.1 Server 69.162.109.242 Dallas, United States, ASN46475 (LIMESTONENETWORKS - Limestone Networks, Inc., US), Reverse DNS 242-109-162-69.static.reverse.lstn.net Software Apache/2.4.20 (Unix) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 / Resource Hash `255d6dfae2b0ab59f97774b8fe2a2c037e8550571af5299150cf8175ed71bac9` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host monteroraimafm.com.br User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://monteroraimafm.com.br//bnz/ Connection keep-alive Cache-Control no-cache Referer http://monteroraimafm.com.br//bnz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Sun, 23 Sep 2018 22:54:50 GMT Content-Encoding gzip Last-Modified Sun, 23 Sep 2018 18:10:52 GMT Server Apache/2.4.20 (Unix) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 Vary Accept-Encoding Content-Type text/css Cache-Control max-age=31536000, public Connection Keep-Alive Accept-Ranges none Keep-Alive timeout=5, max=99 Content-Length 4085 Expires Mon, 23 Sep 2019 22:54:50 GMT
GET H/1.1	200 OK	1.PNG monteroraimafm.com.br//bnz/images/	35 KB 35 KB	253ms 127ms	Image image/png	69.162.109.242 Limestone Networks
General Check archive.org Show headers Download Go to Show image Full URL http://monteroraimafm.com.br//bnz/images/1.PNG Requested by Host: monteroraimafm.com.br URL: http://monteroraimafm.com.br//bnz/ Protocol HTTP/1.1 Server 69.162.109.242 Dallas, United States, ASN46475 (LIMESTONENETWORKS - Limestone Networks, Inc., US), Reverse DNS 242-109-162-69.static.reverse.lstn.net Software Apache/2.4.20 (Unix) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 / Resource Hash `788e569d5ef069bbc3366e4dfcf779db292effdbc88d9e3842131ae0e8e4fae0` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host monteroraimafm.com.br User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://monteroraimafm.com.br//bnz/ Connection keep-alive Cache-Control no-cache Referer http://monteroraimafm.com.br//bnz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Sun, 23 Sep 2018 22:54:50 GMT Last-Modified Sun, 23 Sep 2018 18:10:52 GMT Server Apache/2.4.20 (Unix) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 ETag "8bd4-5768dcb0e9be6" Content-Type image/png Cache-Control max-age=2592000, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 35796 Expires Tue, 23 Oct 2018 22:54:50 GMT
GET H/1.1	200 OK	22.PNG monteroraimafm.com.br//bnz/images/	1 KB 1 KB	253ms 127ms	Image image/png	69.162.109.242 Limestone Networks
General Check archive.org Show headers Download Go to Show image Full URL http://monteroraimafm.com.br//bnz/images/22.PNG Requested by Host: monteroraimafm.com.br URL: http://monteroraimafm.com.br//bnz/ Protocol HTTP/1.1 Server 69.162.109.242 Dallas, United States, ASN46475 (LIMESTONENETWORKS - Limestone Networks, Inc., US), Reverse DNS 242-109-162-69.static.reverse.lstn.net Software Apache/2.4.20 (Unix) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 / Resource Hash `3af02c7891106046be6ad35e0bfe4d0bfdf7361181fad11bfdf6b83421cdbeb0` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host monteroraimafm.com.br User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://monteroraimafm.com.br//bnz/ Connection keep-alive Cache-Control no-cache Referer http://monteroraimafm.com.br//bnz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Sun, 23 Sep 2018 22:54:50 GMT Last-Modified Sun, 23 Sep 2018 18:10:52 GMT Server Apache/2.4.20 (Unix) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 ETag "431-5768dcb0e9fce" Content-Type image/png Cache-Control max-age=2592000, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1073 Expires Tue, 23 Oct 2018 22:54:50 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNZ Bank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| unhideBody

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

art.maranatha.edu
monteroraimafm.com.br
124.81.121.32
69.162.109.242
255d6dfae2b0ab59f97774b8fe2a2c037e8550571af5299150cf8175ed71bac9
3af02c7891106046be6ad35e0bfe4d0bfdf7361181fad11bfdf6b83421cdbeb0
559798c0b4ee89c98d3dee8ee6922080a8d1aa2350edf6d93a544b78e459964f
788e569d5ef069bbc3366e4dfcf779db292effdbc88d9e3842131ae0e8e4fae0
c9ce6af8a0f3ebbb4bc812c7193dee54f4f364dc4c1176c78860d2a4c74a4c4d

monteroraimafm.com.br Open in urlscan Pro 69.162.109.242 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

43 kBTransfer

55 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

monteroraimafm.com.br Open in urlscan Pro
69.162.109.242 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

43 kB
Transfer

55 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!