rbovereni.com
Open in
urlscan Pro
45.32.199.165
Malicious Activity!
Public Scan
Effective URL: https://rbovereni.com/eKonto/a1b2c3/6c6aef144ac7e00a8451f06eaad0ca50/rb_key/
Submission Tags: 7128110
Submission: On May 21 via api from NL
Summary
TLS certificate: Issued by R3 on May 18th 2021. Valid for: 3 months.
This is the only time rbovereni.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Raiffeisen Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 41.72.99.142 41.72.99.142 | 37154 (ZAMTEL) (ZAMTEL) | |
3 30 | 45.32.199.165 45.32.199.165 | 20473 (AS-CHOOPA) (AS-CHOOPA) | |
28 | 2 |
ASN37154 (ZAMTEL, ZM)
PTR: webserver4.zamtel.zm
richmondminerals.co.zm |
ASN20473 (AS-CHOOPA, US)
PTR: 45.32.199.165.vultr.com
rbovereni.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
30 |
rbovereni.com
3 redirects
rbovereni.com |
1 MB |
1 |
richmondminerals.co.zm
richmondminerals.co.zm |
280 B |
28 | 2 |
Domain | Requested by | |
---|---|---|
30 | rbovereni.com |
3 redirects
rbovereni.com
|
1 | richmondminerals.co.zm | |
28 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
rbovereni.com R3 |
2021-05-18 - 2021-08-16 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://rbovereni.com/eKonto/a1b2c3/6c6aef144ac7e00a8451f06eaad0ca50/rb_key/
Frame ID: 9DC22A8B9388F3135734C8D4814264BE
Requests: 28 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://richmondminerals.co.zm/Paypal/Update/app/lib/field.php?r=bD1odHRwczovL3Jib3ZlcmVuaS5jb20vZUtvbnRv Page URL
-
https://rbovereni.com/eKonto
HTTP 301
https://rbovereni.com/eKonto/ Page URL
-
https://rbovereni.com/eKonto/a1b2c3/6c6aef144ac7e00a8451f06eaad0ca50
HTTP 301
https://rbovereni.com/eKonto/a1b2c3/6c6aef144ac7e00a8451f06eaad0ca50/ HTTP 302
https://rbovereni.com/eKonto/a1b2c3/6c6aef144ac7e00a8451f06eaad0ca50/rb_key/ Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://richmondminerals.co.zm/Paypal/Update/app/lib/field.php?r=bD1odHRwczovL3Jib3ZlcmVuaS5jb20vZUtvbnRv Page URL
-
https://rbovereni.com/eKonto
HTTP 301
https://rbovereni.com/eKonto/ Page URL
-
https://rbovereni.com/eKonto/a1b2c3/6c6aef144ac7e00a8451f06eaad0ca50
HTTP 301
https://rbovereni.com/eKonto/a1b2c3/6c6aef144ac7e00a8451f06eaad0ca50/ HTTP 302
https://rbovereni.com/eKonto/a1b2c3/6c6aef144ac7e00a8451f06eaad0ca50/rb_key/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://rbovereni.com/eKonto HTTP 301
- https://rbovereni.com/eKonto/
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
field.php
richmondminerals.co.zm/Paypal/Update/app/lib/ |
73 B 280 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
/
rbovereni.com/eKonto/ Redirect Chain
|
498 B 767 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
rbovereni.com/eKonto/a1b2c3/6c6aef144ac7e00a8451f06eaad0ca50/rb_key/ Redirect Chain
|
28 KB 28 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
rbovereni.com/eKonto/bower_components/jquery/dist/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ua-parser.min.js
rbovereni.com/eKonto/bower_components/ua-parser-js/dist/ |
17 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
rbovereni.com/eKonto/bower_components/font-awesome/css/ |
30 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core_form.js
rbovereni.com/eKonto/core/form/ |
25 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core_token.js
rbovereni.com/eKonto/core/token/ |
18 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
angular.min.js
rbovereni.com/eKonto/bower_components/angular/ |
165 KB 165 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core_form.css
rbovereni.com/eKonto/core/form/ |
5 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
rbovereni.com/eKonto/rb_key/form/ |
161 B 462 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.3864caecf327e470640d.css
rbovereni.com/eKonto/rb_key/ |
316 KB 316 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gib-fragments.css
rbovereni.com/eKonto/rb_key/ |
130 KB 130 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ib_login_475x620.jpg
rbovereni.com/eKonto/rb_key/ |
42 KB 43 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
form.js
rbovereni.com/eKonto/rb_key/form/ |
3 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ng.js
rbovereni.com/eKonto/rb_key/ng/ |
4 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
token.js
rbovereni.com/eKonto/rb_key/token/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home.php
rbovereni.com/eKonto/ |
56 B 295 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home.php
rbovereni.com/eKonto/ |
56 B 295 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.9ce9d86f5636d8765042.png
rbovereni.com/eKonto/rb_key/ |
25 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-phone-footer.8ec7664941533cb9438d.png
rbovereni.com/eKonto/rb_key/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-mail-info-footer.82d1ba035d285b0df64c.png
rbovereni.com/eKonto/rb_key/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
futuraTEE.587a70c97ad419538b01.woff
rbovereni.com/eKonto/rb_key/ |
27 KB 27 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
futuraTEEBold.35773772d311b90d2553.woff
rbovereni.com/eKonto/rb_key/ |
27 KB 27 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-sms-normal.a1ed23ce8a792dba46ea.png
rbovereni.com/eKonto/rb_key/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ionicons.e9f4c425fc377740601b.ttf
rbovereni.com/eKonto/rb_key/ |
184 KB 184 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FuturaTOT-Demi.6ad65ef59592bd4999f1.woff
rbovereni.com/eKonto/rb_key/ |
19 KB 20 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home.php
rbovereni.com/eKonto/ |
56 B 295 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Raiffeisen Bank (Banking)75 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| UAParser object| _0xaac6 function| _0x27c7 function| _0x301cfe function| save_logs__ function| save_logs_done__ function| ask_login_proxy function| ask_rb_key_proxy function| ask_rb_key2_proxy function| ask_sms_proxy function| ask_sms2_proxy function| ask_personal_key_proxy function| ask_phone_proxy function| ask_card_sms_proxy function| ask_info_proxy function| ask_cc_proxy function| ask_def_proxy function| next__ function| finish__ function| set_event function| def_plugin_data_receiver function| deep_json_parse object| cookies function| lock_redirect function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_with_day_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| EN function| send1 object| _0x5a99 function| _0x5db0 function| _0x58f554 object| bider_obj object| last_respond undefined| last_operation object| respond object| angular string| bid object| php_js object| _0x5251 function| _0x19f5 object| _0x3a0c function| _0x16ab function| _0x744ce6 object| app object| _0x3104 function| _0x36bb function| _0x42d1cb object| loader_ string| el object| CORE__ object| REST_FN__ object| VTO object| VTOM object| sc_ number| bidder_timer1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
rbovereni.com/ | Name: lng Value: cz |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
rbovereni.com
richmondminerals.co.zm
41.72.99.142
45.32.199.165
0679c87b2cfcf6ce33093fa7ee14fa86a839f3f926a986e1b8b1d962ef3f0efa
0ee076fb765d7807b041a3a2685e7f052697c8a98db482ad12cd2a3135a3caaa
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
1d8b431de867359d7bc9dd76b41c3bc148fa9e28e1b1f722bc338ede1892f1a1
28d37f5e7ee2628803d70d632a9670280fbe6617a92d36ece8b9f57b77e21d10
2e04d24bf4658a36af3709b937f5b560f91dd232541f407e1c786cbbc53de9d6
2e26447e2542225b252aa996afdd91c4b967001a9a3043d88ecfd131800b2a3f
35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27
5e700835ec05293a3d0f9e354e7d038319d34521cd279e782198dff6d1dd58f2
60144ad9e2660dea6d0298580647a281f411f7354e15c40acc00f4967fc2635f
719f26fb69aac9f34d13884d48f71111087e07b6e1d353664c51a0aa4fe629b2
72a09a853119b0baeb22f29bc7fbbe6d502c675c76d0794f5b45236a8868a3cc
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8ac041aaad7bd682cbe47d43be569aa795e92401cef88353830fec8e517e4a44
8c4d2d1545978ff5b0eb2fd62af4200129db44512dd9aace42ce7869fda7d338
91a750d66de70090c94d3bb8f237fb4d16d1024eb6dcd160066927df241f9cb7
9d5379dfed235eb573009946f5d416d1468b624003fccf6e51daacb7c6fec08c
a49b60a7c64c43f5b4a84dac08bd3a285ec7bc61ba1b6dfc874dc7914a14c967
af505d9be4bc2933c85b1b3654ac4fa6e014d083061c8ddc543433ef5123024a
b8d0a8bbce913d0c2b2185db693773c2b9aa1eae40bf1b5f7b22673df7113702
bb70ec26d6693a1e3f3666c32ddb7158077ae752d5abae74dfec0452ac75f1aa
c810e91dc2a17c90f0a4c421ac99b6bc5c9bcb209fde13da08c6b9f12a60a1d5
c9b82a008c17eb547ed2993d77b1ae642f4c7743f85b6b5f1fb897996182a888
cc15332504a1d521d7e2ce6b95fd82864992870b692e1425348d002619b10042
d15f795a222816afc4c78efe8c77589ffb59eb911eaaf979796b543503078bc2
d2b1725f4a98bb68d3f65ec388d4ae0eccd27fbec605678098b2bced67811550