kiosk5.com
Open in
urlscan Pro
185.159.153.11
Malicious Activity!
Public Scan
Effective URL: https://kiosk5.com/bank/document/pdf/ba805eda146e3c4d065300ba3a9d9cec/index2.php?l=_JeHFUq_VJOXK0QWHtoGYDw177425641...
Submission: On November 21 via manual from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on October 5th 2019. Valid for: 3 months.
This is the only time kiosk5.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2620:101:2005... 2620:101:2005:11f0::1001 | 16417 (IRONPORT-...) (IRONPORT-SYSTEMS-INC - Cisco Systems Ironport Division) | |
2 3 | 107.190.142.122 107.190.142.122 | 33182 (DIMENOC) (DIMENOC - HostDime.com) | |
1 | 185.55.225.50 185.55.225.50 | 201999 (SERVERPARS) (SERVERPARS) | |
1 2 | 185.159.153.129 185.159.153.129 | 201999 (SERVERPARS) (SERVERPARS) | |
2 10 | 185.159.153.11 185.159.153.11 | 201999 (SERVERPARS) (SERVERPARS) | |
12 | 5 |
ASN16417 (IRONPORT-SYSTEMS-INC - Cisco Systems Ironport Division, US)
secure-web.cisco.com |
ASN33182 (DIMENOC - HostDime.com, Inc., US)
PTR: server.gcomhosting.com
www.santacruzcomputer.com.bo |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
kiosk5.com
2 redirects
kiosk5.com |
932 KB |
3 |
santacruzcomputer.com.bo
2 redirects
www.santacruzcomputer.com.bo |
937 B |
2 |
ozdilek.ir
1 redirects
ozdilek.ir |
562 B |
1 |
softmoble.ir
softmoble.ir |
322 B |
1 |
cisco.com
1 redirects
secure-web.cisco.com |
315 B |
0 |
googleapis.com
Failed
fonts.googleapis.com Failed |
|
12 | 6 |
Domain | Requested by | |
---|---|---|
10 | kiosk5.com |
2 redirects
ozdilek.ir
kiosk5.com |
3 | www.santacruzcomputer.com.bo | 2 redirects |
2 | ozdilek.ir |
1 redirects
softmoble.ir
|
1 | softmoble.ir |
www.santacruzcomputer.com.bo
|
1 | secure-web.cisco.com | 1 redirects |
0 | fonts.googleapis.com Failed |
kiosk5.com
|
12 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
santacruzcomputer.com.bo cPanel, Inc. Certification Authority |
2019-10-20 - 2020-01-18 |
3 months | crt.sh |
softmoble.ir Let's Encrypt Authority X3 |
2019-11-16 - 2020-02-14 |
3 months | crt.sh |
ozdilek.ir Let's Encrypt Authority X3 |
2019-10-11 - 2020-01-09 |
3 months | crt.sh |
kiosk5.com Let's Encrypt Authority X3 |
2019-10-05 - 2020-01-03 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://kiosk5.com/bank/document/pdf/ba805eda146e3c4d065300ba3a9d9cec/index2.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=pbsdks@earthlink.net
Frame ID: B05E61921D6E39DB783FCB53992BC0F8
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://secure-web.cisco.com/1p5pG9KMQr2pJArEi21PAluO-njs08ScWCYTdHi8qGw_Ufmeqz1c0PooT3haLpY7JZYOX2XQ-0XD...
HTTP 302
https://www.santacruzcomputer.com.bo/loading?email=pbsdks@earthlink.net HTTP 301
https://www.santacruzcomputer.com.bo/loading/?email=pbsdks@earthlink.net HTTP 302
https://www.santacruzcomputer.com.bo/loading/3fbf32baaaa38f71f4c9caa13f0f3ec2/index.php?email=pbsdks@earthlink.net Page URL
- https://softmoble.ir/online/service/?email=pbsdks@earthlink.net Page URL
-
https://ozdilek.ir/check/?email=pbsdks@earthlink.net
HTTP 302
https://ozdilek.ir/check/3ced6439ac8205ce11bcfd8bbded9a81/index.php?email=pbsdks@earthlink.net Page URL
-
https://kiosk5.com/bank/document/pdf/?email=pbsdks@earthlink.net
HTTP 302
https://kiosk5.com/bank/document/pdf/ba805eda146e3c4d065300ba3a9d9cec/index.php?email=pbsdks@ea... HTTP 302
https://kiosk5.com/bank/document/pdf/ba805eda146e3c4d065300ba3a9d9cec/index2.php?l=_JeHFUq_VJOX... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://secure-web.cisco.com/1p5pG9KMQr2pJArEi21PAluO-njs08ScWCYTdHi8qGw_Ufmeqz1c0PooT3haLpY7JZYOX2XQ-0XDMFBi97XxE9B1q5ecHPCUGnyrCwX2GAPtPV_jaCZuXUMbBtbdl_ARubm6j-qU6oqKwu4TWdQkjM4VsG7FiAQ_YE0V4zjECarTsaYDvxy-bq4CV9-nhkMzvlZ7Pr-ZV21nZLJ84h_XBJv3miRKV4P2mON5lrBhCDKoc8kF_NXZwwTHWb3NQhyifKbA-mgW0Q_Juzmq4AHt_atjQtqKO5wQA-WGklu7puxoTk9hYajtxQtF-qT6nMTgJ/https%3A%2F%2Fwww.santacruzcomputer.com.bo%2Floading%3Femail%3Dpbsdks%40earthlink.net
HTTP 302
https://www.santacruzcomputer.com.bo/loading?email=pbsdks@earthlink.net HTTP 301
https://www.santacruzcomputer.com.bo/loading/?email=pbsdks@earthlink.net HTTP 302
https://www.santacruzcomputer.com.bo/loading/3fbf32baaaa38f71f4c9caa13f0f3ec2/index.php?email=pbsdks@earthlink.net Page URL
- https://softmoble.ir/online/service/?email=pbsdks@earthlink.net Page URL
-
https://ozdilek.ir/check/?email=pbsdks@earthlink.net
HTTP 302
https://ozdilek.ir/check/3ced6439ac8205ce11bcfd8bbded9a81/index.php?email=pbsdks@earthlink.net Page URL
-
https://kiosk5.com/bank/document/pdf/?email=pbsdks@earthlink.net
HTTP 302
https://kiosk5.com/bank/document/pdf/ba805eda146e3c4d065300ba3a9d9cec/index.php?email=pbsdks@earthlink.net HTTP 302
https://kiosk5.com/bank/document/pdf/ba805eda146e3c4d065300ba3a9d9cec/index2.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=pbsdks@earthlink.net Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://secure-web.cisco.com/1p5pG9KMQr2pJArEi21PAluO-njs08ScWCYTdHi8qGw_Ufmeqz1c0PooT3haLpY7JZYOX2XQ-0XDMFBi97XxE9B1q5ecHPCUGnyrCwX2GAPtPV_jaCZuXUMbBtbdl_ARubm6j-qU6oqKwu4TWdQkjM4VsG7FiAQ_YE0V4zjECarTsaYDvxy-bq4CV9-nhkMzvlZ7Pr-ZV21nZLJ84h_XBJv3miRKV4P2mON5lrBhCDKoc8kF_NXZwwTHWb3NQhyifKbA-mgW0Q_Juzmq4AHt_atjQtqKO5wQA-WGklu7puxoTk9hYajtxQtF-qT6nMTgJ/https%3A%2F%2Fwww.santacruzcomputer.com.bo%2Floading%3Femail%3Dpbsdks%40earthlink.net HTTP 302
- https://www.santacruzcomputer.com.bo/loading?email=pbsdks@earthlink.net HTTP 301
- https://www.santacruzcomputer.com.bo/loading/?email=pbsdks@earthlink.net HTTP 302
- https://www.santacruzcomputer.com.bo/loading/3fbf32baaaa38f71f4c9caa13f0f3ec2/index.php?email=pbsdks@earthlink.net
- https://ozdilek.ir/check/?email=pbsdks@earthlink.net HTTP 302
- https://ozdilek.ir/check/3ced6439ac8205ce11bcfd8bbded9a81/index.php?email=pbsdks@earthlink.net
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
index.php
www.santacruzcomputer.com.bo/loading/3fbf32baaaa38f71f4c9caa13f0f3ec2/ Redirect Chain
|
123 B 337 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
softmoble.ir/online/service/ |
115 B 322 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
ozdilek.ir/check/3ced6439ac8205ce11bcfd8bbded9a81/ Redirect Chain
|
124 B 305 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
index2.php
kiosk5.com/bank/document/pdf/ba805eda146e3c4d065300ba3a9d9cec/ Redirect Chain
|
4 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
theDocs.all.min.css
kiosk5.com/bank/document/pdf/ba805eda146e3c4d065300ba3a9d9cec/assets/css/ |
203 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom.css
kiosk5.com/bank/document/pdf/ba805eda146e3c4d065300ba3a9d9cec/assets/css/ |
966 KB 713 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
kiosk5.com/bank/document/pdf/ba805eda146e3c4d065300ba3a9d9cec/assets/img/ |
21 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
word.png
kiosk5.com/bank/document/pdf/ba805eda146e3c4d065300ba3a9d9cec/assets/img/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
theDocs.all.min.js
kiosk5.com/bank/document/pdf/ba805eda146e3c4d065300ba3a9d9cec/assets/js/ |
222 KB 75 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom.js
kiosk5.com/bank/document/pdf/ba805eda146e3c4d065300ba3a9d9cec/assets/js/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
css
fonts.googleapis.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
693 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont5b62.html
kiosk5.com/bank/document/pdf/ba805eda146e3c4d065300ba3a9d9cec/assets/fonts/ |
70 KB 70 KB |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- fonts.googleapis.com
- URL
- http://fonts.googleapis.com/css?family=Raleway:100,300,400,500%7CLato:300,400
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| _self object| Prism object| httpLanguages string| contentType object| options function| $ function| jQuery function| lity function| script function| click_to_download function| make_the_delay function| redirect_the function| now_download0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
kiosk5.com
ozdilek.ir
secure-web.cisco.com
softmoble.ir
www.santacruzcomputer.com.bo
fonts.googleapis.com
107.190.142.122
185.159.153.11
185.159.153.129
185.55.225.50
2620:101:2005:11f0::1001
0432e9166719153eb8e1d84634545237ad1b5b3efb740682b51896006f0dfac0
08371f94497962b22d208c8927cdbffc4215d3fa9b0c481c5f3e4329c5f41c94
29af1538e8e76ea4999023fcc047561177af89ff1b9ba021668044dea47f4611
3ae10ed925ca3203f6f4907da618fa90061d565b0b38af565b2fc5396477361a
508036b9b081960d56b7fea7ca3be041d706feae72f4979a5a6ad401b688f50c
5f05e34713bc756ca443576ccc75bc9cd5b92ed3b7303aa9aadea8ace9f1ae17
772f31eb3484aa2d4fb0e92a3990f5b3cc2c6ac5fb4e5324e95a0a3727c4190c
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
8178c795d51417ec3e73ea0be8fcd1d051cfbf684b83e782d7b05644762b968f
f81e12f67f4c6f10ed89f3be4a9f7f4685c1e746cae88373f1e5f823980601fb