dictionarromanfrancez.net Open in urlscan Pro
47.254.193.125 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://urla.ws/OdLhvJ
Effective URL:
https://dictionarromanfrancez.net/Login.php
Submission: On May 03 via api (May 3rd 2022, 11:37:07 pm UTC) from SG — Scanned from ES

Summary HTTP 17 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 17 HTTP transactions. The main IP is 47.254.193.125, located in Kuala Lumpur, Malaysia and belongs to ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN. The main domain is dictionarromanfrancez.net.
TLS certificate: Issued by R3 on May 3rd 2022. Valid for: 3 months.

This is the only time dictionarromanfrancez.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DBS Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.36.201.119 54.36.201.119	16276 (OVH) (OVH)
1 16	47.254.193.125 47.254.193.125	45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.)
1	2606:4700::68... 2606:4700::6810:a010	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	198.145.13.13 198.145.13.13	2044 (DF-PTL01) (DF-PTL01)
17	3

1 54.36.201.119 (Spain) 1 redirects

ASN16276 (OVH, FR)
PTR: urla.ws

urla.ws	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 47.254.193.125 (Kuala Lumpur, Malaysia) 1 redirects

ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)

dictionarromanfrancez.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a010 (United States)

ASN13335 (CLOUDFLARENET, US)

static.getclicky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.145.13.13 (Portland, United States)

ASN2044 (DF-PTL01, US)
PTR: getclicky.com

in.getclicky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	dictionarromanfrancez.net 1 redirects dictionarromanfrancez.net	1 MB
2	getclicky.com static.getclicky.com — Cisco Umbrella Rank: 13758 in.getclicky.com — Cisco Umbrella Rank: 11000	6 KB
1	urla.ws 1 redirects urla.ws	563 B
17	3

	Domain	Requested by
16	dictionarromanfrancez.net	1 redirects dictionarromanfrancez.net
1	in.getclicky.com	static.getclicky.com
1	static.getclicky.com	dictionarromanfrancez.net
1	urla.ws	1 redirects
17	4

This site contains links to these domains. Also see Links.

Domain
www.dbs.com.sg

Subject Issuer	Validity	Valid
cshgml.com R3	`2022-05-03` - `2022-08-01`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-05` - `2022-07-04`	a year	crt.sh
*.getclicky.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-03` - `2022-08-03`	2 years	crt.sh

This page contains 2 frames:

Primary Page: https://dictionarromanfrancez.net/Login.php
Frame ID: 4D236B9B08108C9CD8E1C3AB05B86F27
Requests: 10 HTTP requests in this frame

Frame: https://dictionarromanfrancez.net/DBS_filez/iframe.htm
Frame ID: 802EE2F387B7C9A815D50C25C9306C42
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DBS iBanking

Page URL History Show full URLs

http://urla.ws/OdLhvJ HTTP 301
https://dictionarromanfrancez.net/?utm_source=inbound&utm_medium=other&utm_campaign=Singapore&i=ODM5NTM= HTTP 302
https://dictionarromanfrancez.net/Login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Clicky (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.getclicky\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

12 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

1044 kB
Transfer

1271 kB
Size

3
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://www.dbs.com.sg/personal/ibanking/additionalinfo/faq/technical/default.page
Title: here

Search URL Search Domain Scan URL

URL: https://www.dbs.com.sg/ibanking/redirect/index.html?ref=pweb-dbs-security-and-you-phishing
Title: Security & You

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://urla.ws/OdLhvJ HTTP 301
https://dictionarromanfrancez.net/?utm_source=inbound&utm_medium=other&utm_campaign=Singapore&i=ODM5NTM= HTTP 302
https://dictionarromanfrancez.net/Login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request Login.php Show response
dictionarromanfrancez.net/
Redirect Chain

http://urla.ws/OdLhvJ
https://dictionarromanfrancez.net/?utm_source=inbound&utm_medium=other&utm_campaign=Singapore&i=ODM5NTM=
https://dictionarromanfrancez.net/Login.php

39 KB
14 KB

568ms
568ms

Document
text/html

47.254.193.125
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL

https://dictionarromanfrancez.net/Login.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

47.254.193.125 Kuala Lumpur, Malaysia, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),

Reverse DNS

Software

nginx /

Resource Hash

438f8954ef65fde354aff393a9eef3979b517392b3a7613e43f8151e6c5eca32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 03 May 2022 23:37:00 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html; charset=UTF-8
date: Tue, 03 May 2022 23:37:00 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: Login.php
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000

GET
H2 200 themes_login.css
dictionarromanfrancez.net/DBS_filez/css/ 3 KB
1 KB 284ms
283ms Stylesheet
text/css 47.254.193.125
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL

https://dictionarromanfrancez.net/DBS_filez/css/themes_login.css

Requested by

Host: dictionarromanfrancez.net
URL: https://dictionarromanfrancez.net/Login.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

47.254.193.125 Kuala Lumpur, Malaysia, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),

Reverse DNS

Software

nginx /

Resource Hash

50f7668a4b056adc343957ef61050731841f505337c2945526358bc51f166740

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://dictionarromanfrancez.net/Login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 23:37:01 GMT
content-encoding: gzip
last-modified: Thu, 14 Oct 2021 11:46:22 GMT
server: nginx
etag: W/"6168188e-b14"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
strict-transport-security: max-age=31536000
expires: Wed, 04 May 2022 11:37:01 GMT

GET
H2 200 language_login.css
dictionarromanfrancez.net/DBS_filez/css/ 3 KB
959 B 284ms
283ms Stylesheet
text/css 47.254.193.125
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL

https://dictionarromanfrancez.net/DBS_filez/css/language_login.css

Requested by

Host: dictionarromanfrancez.net
URL: https://dictionarromanfrancez.net/Login.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

47.254.193.125 Kuala Lumpur, Malaysia, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),

Reverse DNS

Software

nginx /

Resource Hash

540ee096bbfc81730a4e2208f64f79161a4153af18c16b7c2d45147a360fec91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://dictionarromanfrancez.net/Login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 23:37:01 GMT
content-encoding: gzip
last-modified: Thu, 14 Oct 2021 11:46:58 GMT
server: nginx
etag: W/"616818b2-a0b"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
strict-transport-security: max-age=31536000
expires: Wed, 04 May 2022 11:37:01 GMT

GET
H2 200 login.css
dictionarromanfrancez.net/DBS_filez/css/ 22 KB
4 KB 284ms
283ms Stylesheet
text/css 47.254.193.125
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL

https://dictionarromanfrancez.net/DBS_filez/css/login.css

Requested by

Host: dictionarromanfrancez.net
URL: https://dictionarromanfrancez.net/Login.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

47.254.193.125 Kuala Lumpur, Malaysia, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),

Reverse DNS

Software

nginx /

Resource Hash

9e93a2a40b22900dfb76bf7898c95dec13e34fe47bb143bbc40210258a6d813a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://dictionarromanfrancez.net/Login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 23:37:01 GMT
content-encoding: gzip
last-modified: Thu, 14 Oct 2021 11:35:06 GMT
server: nginx
etag: W/"616815ea-5698"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
strict-transport-security: max-age=31536000
expires: Wed, 04 May 2022 11:37:01 GMT

GET
H2 200 jquery.js Show response
dictionarromanfrancez.net/DBS_filez/js/ 87 KB
34 KB 285ms
285ms Script
application/javascript 47.254.193.125
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL

https://dictionarromanfrancez.net/DBS_filez/js/jquery.js

Requested by

Host: dictionarromanfrancez.net
URL: https://dictionarromanfrancez.net/Login.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

47.254.193.125 Kuala Lumpur, Malaysia, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),

Reverse DNS

Software

nginx /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://dictionarromanfrancez.net/Login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 23:37:01 GMT
content-encoding: gzip
last-modified: Thu, 23 Dec 2021 23:49:32 GMT
server: nginx
etag: W/"61c50b0c-15d9d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
strict-transport-security: max-age=31536000
expires: Wed, 04 May 2022 11:37:01 GMT

GET
H2 200 desktoplogo.jpg
dictionarromanfrancez.net/DBS_filez/img/ 5 KB
6 KB 283ms
283ms Image
image/jpeg 47.254.193.125
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dictionarromanfrancez.net/DBS_filez/img/desktoplogo.jpg

Requested by

Host: dictionarromanfrancez.net
URL: https://dictionarromanfrancez.net/Login.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

47.254.193.125 Kuala Lumpur, Malaysia, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),

Reverse DNS

Software

nginx /

Resource Hash

8fde3b7e7614c23b342d70797d7c1597b6955639d3422040d800051101c842fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://dictionarromanfrancez.net/Login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 23:37:01 GMT
last-modified: Thu, 14 Oct 2021 11:35:06 GMT
server: nginx
etag: "616815ea-15d8"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 5592
expires: Thu, 02 Jun 2022 23:37:01 GMT

GET
H2 200 101350339.js Show response
static.getclicky.com/ 15 KB
6 KB 664ms
585ms Script
text/javascript 2606:4700::6810:a010
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.getclicky.com/101350339.js
Requested by: Host: dictionarromanfrancez.net
URL: https://dictionarromanfrancez.net/Login.php
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a010 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 598b132459fc9c44390842438537cfe99a72fcceb112462033b706d71987b02f

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://dictionarromanfrancez.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 23:37:02 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Tue, 03 May 2022 23:37:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
expires: Tue, 10 May 2022 23:37:02 GMT
cache-control: max-age=604800
cf-ray: 705cd279bc8965f8-MAD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-proxy-cache: EXPIRED

GET
H2 200 iframe.htm Show response
dictionarromanfrancez.net/DBS_filez/ Frame 802E 4 KB
1 KB 283ms
283ms Document
text/html 47.254.193.125
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL

https://dictionarromanfrancez.net/DBS_filez/iframe.htm

Requested by

Host: dictionarromanfrancez.net
URL: https://dictionarromanfrancez.net/Login.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

47.254.193.125 Kuala Lumpur, Malaysia, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),

Reverse DNS

Software

nginx /

Resource Hash

51865ffcdb034bfda54cea8ae1752cfaa6476adabaf319e2697d68bb74bb767b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://dictionarromanfrancez.net/Login.php
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

content-encoding: gzip
content-type: text/html
date: Tue, 03 May 2022 23:37:01 GMT
etag: W/"626dd586-ffa"
last-modified: Sun, 01 May 2022 00:34:14 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding

GET
H2 200 frutigernextlt-light-webfont.woff
dictionarromanfrancez.net/DBS_filez/fonts/ 22 KB
22 KB 283ms
283ms Font
font/woff 47.254.193.125
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL

https://dictionarromanfrancez.net/DBS_filez/fonts/frutigernextlt-light-webfont.woff

Requested by

Host: dictionarromanfrancez.net
URL: https://dictionarromanfrancez.net/DBS_filez/css/language_login.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

47.254.193.125 Kuala Lumpur, Malaysia, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),

Reverse DNS

Software

nginx /

Resource Hash

f7c80617b6d6d6f26a92d758c0dce67b8513c67c40cd18e3936c8b7d6c2afbbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://dictionarromanfrancez.net/DBS_filez/css/language_login.css
Origin: https://dictionarromanfrancez.net
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 23:37:01 GMT
last-modified: Thu, 14 Oct 2021 11:45:38 GMT
server: nginx
etag: "61681862-5900"
strict-transport-security: max-age=31536000
content-type: font/woff
accept-ranges: bytes
content-length: 22784

GET
H2 200 FrutigerNextPro-Medium.woff2
dictionarromanfrancez.net/DBS_filez/fonts/ 25 KB
25 KB 283ms
283ms Font
font/woff2 47.254.193.125
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL

https://dictionarromanfrancez.net/DBS_filez/fonts/FrutigerNextPro-Medium.woff2

Requested by

Host: dictionarromanfrancez.net
URL: https://dictionarromanfrancez.net/DBS_filez/css/language_login.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

47.254.193.125 Kuala Lumpur, Malaysia, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),

Reverse DNS

Software

nginx /

Resource Hash

b60923b5232af55ca5a0e74c9488e47b421b884e1b41c79e010c104078ca8f1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://dictionarromanfrancez.net/DBS_filez/css/language_login.css
Origin: https://dictionarromanfrancez.net
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 23:37:01 GMT
last-modified: Thu, 14 Oct 2021 11:45:48 GMT
server: nginx
etag: "6168186c-64dc"
strict-transport-security: max-age=31536000
content-type: font/woff2
accept-ranges: bytes
content-length: 25820

GET
H2 200 bootstrap.css
dictionarromanfrancez.net/DBS_filez/css/ Frame 802E 131 KB
24 KB 285ms
284ms Stylesheet
text/css 47.254.193.125
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL

https://dictionarromanfrancez.net/DBS_filez/css/bootstrap.css

Requested by

Host: dictionarromanfrancez.net
URL: https://dictionarromanfrancez.net/DBS_filez/iframe.htm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

47.254.193.125 Kuala Lumpur, Malaysia, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),

Reverse DNS

Software

nginx /

Resource Hash

1b50a9b493cabf289101372c147a9602c3be1784632d66f75ba8e47caed1f682

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://dictionarromanfrancez.net/DBS_filez/iframe.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 23:37:02 GMT
content-encoding: gzip
last-modified: Thu, 14 Oct 2021 11:35:06 GMT
server: nginx
etag: W/"616815ea-20d28"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
strict-transport-security: max-age=31536000
expires: Wed, 04 May 2022 11:37:02 GMT

GET
H2 200 themes.css
dictionarromanfrancez.net/DBS_filez/css/ Frame 802E 3 KB
1 KB 286ms
285ms Stylesheet
text/css 47.254.193.125
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL

https://dictionarromanfrancez.net/DBS_filez/css/themes.css

Requested by

Host: dictionarromanfrancez.net
URL: https://dictionarromanfrancez.net/DBS_filez/iframe.htm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

47.254.193.125 Kuala Lumpur, Malaysia, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),

Reverse DNS

Software

nginx /

Resource Hash

6997e0f41b077dd9b56d962701ccbc02421fa35456c1ce77c3512c5da6ac96f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://dictionarromanfrancez.net/DBS_filez/iframe.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 23:37:02 GMT
content-encoding: gzip
last-modified: Thu, 14 Oct 2021 11:35:06 GMT
server: nginx
etag: W/"616815ea-b24"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
strict-transport-security: max-age=31536000
expires: Wed, 04 May 2022 11:37:02 GMT

GET
H2 200 language.css
dictionarromanfrancez.net/DBS_filez/css/ Frame 802E 2 KB
862 B 286ms
285ms Stylesheet
text/css 47.254.193.125
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL

https://dictionarromanfrancez.net/DBS_filez/css/language.css

Requested by

Host: dictionarromanfrancez.net
URL: https://dictionarromanfrancez.net/DBS_filez/iframe.htm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

47.254.193.125 Kuala Lumpur, Malaysia, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),

Reverse DNS

Software

nginx /

Resource Hash

f79ef6be6d1aaf6aaf955a8eba176ca38cae7912ba9254419135764be74e4b72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://dictionarromanfrancez.net/DBS_filez/iframe.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 23:37:02 GMT
content-encoding: gzip
last-modified: Thu, 14 Oct 2021 11:35:06 GMT
server: nginx
etag: W/"616815ea-967"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
strict-transport-security: max-age=31536000
expires: Wed, 04 May 2022 11:37:02 GMT

GET
H2 200 enhanced.css
dictionarromanfrancez.net/DBS_filez/css/ Frame 802E 12 KB
3 KB 286ms
286ms Stylesheet
text/css 47.254.193.125
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL

https://dictionarromanfrancez.net/DBS_filez/css/enhanced.css

Requested by

Host: dictionarromanfrancez.net
URL: https://dictionarromanfrancez.net/DBS_filez/iframe.htm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

47.254.193.125 Kuala Lumpur, Malaysia, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),

Reverse DNS

Software

nginx /

Resource Hash

acd134fba40d04e91fdd3c0ab53ef59080b2283d60ab63fc557fa41e92d77d3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://dictionarromanfrancez.net/DBS_filez/iframe.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 23:37:02 GMT
content-encoding: gzip
last-modified: Thu, 14 Oct 2021 11:45:14 GMT
server: nginx
etag: W/"6168184a-3180"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
strict-transport-security: max-age=31536000
expires: Wed, 04 May 2022 11:37:02 GMT

GET
H2 200 Night.jpg
dictionarromanfrancez.net/DBS_filez/img/ Frame 802E 896 KB
898 KB 283ms
283ms Image
image/jpeg 47.254.193.125
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dictionarromanfrancez.net/DBS_filez/img/Night.jpg

Requested by

Host: dictionarromanfrancez.net
URL: https://dictionarromanfrancez.net/DBS_filez/css/enhanced.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

47.254.193.125 Kuala Lumpur, Malaysia, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),

Reverse DNS

Software

nginx /

Resource Hash

b938693d635c28774b136c9b1a648618130789c04258170b56f4eae91053f3ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://dictionarromanfrancez.net/DBS_filez/css/enhanced.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 23:37:02 GMT
last-modified: Thu, 14 Oct 2021 11:40:44 GMT
server: nginx
etag: "6168173c-e01c2"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 917954
expires: Thu, 02 Jun 2022 23:37:02 GMT

GET
H2 200 dbsicons.woff
dictionarromanfrancez.net/DBS_filez/fonts/ Frame 802E 2 KB
2 KB 848ms
848ms Font
font/woff 47.254.193.125
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL

https://dictionarromanfrancez.net/DBS_filez/fonts/dbsicons.woff

Requested by

Host: dictionarromanfrancez.net
URL: https://dictionarromanfrancez.net/DBS_filez/css/themes.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

47.254.193.125 Kuala Lumpur, Malaysia, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),

Reverse DNS

Software

nginx /

Resource Hash

1f5244c71b03253ff5e2a4da21f13a016b0456825d5399ba583768bd12692c95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://dictionarromanfrancez.net/DBS_filez/css/themes.css
Origin: https://dictionarromanfrancez.net
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 23:37:02 GMT
last-modified: Thu, 14 Oct 2021 11:45:56 GMT
server: nginx
etag: "61681874-70c"
strict-transport-security: max-age=31536000
content-type: font/woff
accept-ranges: bytes
content-length: 1804

GET
H2 200 in.php Show response
in.getclicky.com/ 133 B
356 B 531ms
177ms Script
text/javascript 198.145.13.13
DF-PTL01

General

Check archive.org

Show headers Download Go to

Full URL: https://in.getclicky.com/in.php?site_id=101350339&type=pageview&href=%2FLogin.php&title=DBS%20iBanking&res=1600x1200&lang=en-US&tz=Etc%2FUnknown&tc=&ck=1&mime=js&x=0.18480309631194292
Requested by: Host: static.getclicky.com
URL: https://static.getclicky.com/101350339.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.145.13.13 Portland, United States, ASN2044 (DF-PTL01, US),
Reverse DNS: getclicky.com
Software: nginx /
Resource Hash: 6a742ea33fa83374ba023a16ac9512d12b34d4fb4422e010c62fcc871949aef9

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://dictionarromanfrancez.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 23:37:02 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, must-revalidate, post-check=0, pre-check=0
expires: Mon, 26 Jul 1997 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DBS Bank (Banking)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.urla.ws/OdLhvJ	1970-01-20 20:18:13	Name: cid Value: 83953
dictionarromanfrancez.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: fdeqsgoi8e7i95vs8iv9knhp46
.dictionarromanfrancez.net/	1970-01-20 11:32:37	Name: _jsuid Value: 2291362220

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dictionarromanfrancez.net
in.getclicky.com
static.getclicky.com
urla.ws
198.145.13.13
2606:4700::6810:a010
47.254.193.125
54.36.201.119
1b50a9b493cabf289101372c147a9602c3be1784632d66f75ba8e47caed1f682
1f5244c71b03253ff5e2a4da21f13a016b0456825d5399ba583768bd12692c95
438f8954ef65fde354aff393a9eef3979b517392b3a7613e43f8151e6c5eca32
50f7668a4b056adc343957ef61050731841f505337c2945526358bc51f166740
51865ffcdb034bfda54cea8ae1752cfaa6476adabaf319e2697d68bb74bb767b
540ee096bbfc81730a4e2208f64f79161a4153af18c16b7c2d45147a360fec91
598b132459fc9c44390842438537cfe99a72fcceb112462033b706d71987b02f
6997e0f41b077dd9b56d962701ccbc02421fa35456c1ce77c3512c5da6ac96f1
6a742ea33fa83374ba023a16ac9512d12b34d4fb4422e010c62fcc871949aef9
8fde3b7e7614c23b342d70797d7c1597b6955639d3422040d800051101c842fb
9e93a2a40b22900dfb76bf7898c95dec13e34fe47bb143bbc40210258a6d813a
acd134fba40d04e91fdd3c0ab53ef59080b2283d60ab63fc557fa41e92d77d3b
b60923b5232af55ca5a0e74c9488e47b421b884e1b41c79e010c104078ca8f1d
b938693d635c28774b136c9b1a648618130789c04258170b56f4eae91053f3ff
f79ef6be6d1aaf6aaf955a8eba176ca38cae7912ba9254419135764be74e4b72
f7c80617b6d6d6f26a92d758c0dce67b8513c67c40cd18e3936c8b7d6c2afbbb
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

dictionarromanfrancez.net Open in urlscan Pro 47.254.193.125 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

12 %HTTPS

25 %IPv6

3 Domains

4 Subdomains

3 IPs

3 Countries

1044 kBTransfer

1271 kBSize

3 Cookies

2 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

16 JavaScript Global Variables

3 Cookies

Security Headers

Indicators

dictionarromanfrancez.net Open in urlscan Pro
47.254.193.125 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

12 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

1044 kB
Transfer

1271 kB
Size

3
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!