www.optec-industries.com Open in urlscan Pro
185.123.84.74 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://mattstransport.com.au/wp-content/keybn/dr.php
Effective URL:
https://www.optec-industries.com/themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true
Submission: On March 18 via manual (March 18th 2021, 2:07:01 pm UTC) from US

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 13 HTTP transactions. The main IP is 185.123.84.74, located in Lent, France and belongs to ALTINEA-AS, FR. The main domain is www.optec-industries.com.
TLS certificate: Issued by R3 on February 21st 2021. Valid for: 3 months.

This is the only time www.optec-industries.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: KeyBank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	104.247.74.39 104.247.74.39	22611 (INMOTION) (INMOTION)
1 10	185.123.84.74 185.123.84.74	41405 (ALTINEA-AS) (ALTINEA-AS)
2	104.108.144.153 104.108.144.153	16625 (AKAMAI-AS) (AKAMAI-AS)
13	4

1 104.247.74.39 (United States)

ASN22611 (INMOTION, US)
PTR: ded3531.inmotionhosting.com

mattstransport.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.123.84.74 (Lent, France) 1 redirects

ASN41405 (ALTINEA-AS, FR)
PTR: prod01.publipresse.ovh

www.optec-industries.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.108.144.153 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-144-153.deploy.static.akamaitechnologies.com

8f544770ae5b7cfb8345-6636004133269479b2733e2a336860f6.ssl.cf2.rackcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	optec-industries.com 1 redirects www.optec-industries.com	668 KB
2	rackcdn.com 8f544770ae5b7cfb8345-6636004133269479b2733e2a336860f6.ssl.cf2.rackcdn.com
1	mattstransport.com.au mattstransport.com.au	346 B
0	sitepoint.com Failed www.sitepoint.com Failed
13	4

	Domain	Requested by
10	www.optec-industries.com	1 redirects www.optec-industries.com
2	8f544770ae5b7cfb8345-6636004133269479b2733e2a336860f6.ssl.cf2.rackcdn.com	www.optec-industries.com
1	mattstransport.com.au
0	www.sitepoint.com Failed	www.optec-industries.com
13	4

This site contains no links.

Subject Issuer	Validity	Valid
mattstransport.com.au cPanel, Inc. Certification Authority	`2021-03-18` - `2021-06-16`	3 months	crt.sh
optec-industries.com R3	`2021-02-21` - `2021-05-22`	3 months	crt.sh
*.ssl.cf2.rackcdn.com DigiCert SHA2 Secure Server CA	`2020-02-18` - `2021-05-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.optec-industries.com/themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true
Frame ID: 52D6096388C5FB23532636C9C98FD4F3
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://mattstransport.com.au/wp-content/keybn/dr.php Page URL
https://www.optec-industries.com/themes/Keybank/Keybank/ HTTP 302
https://www.optec-industries.com/themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

13
Requests

92 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

667 kB
Transfer

1692 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://mattstransport.com.au/wp-content/keybn/dr.php Page URL
https://www.optec-industries.com/themes/Keybank/Keybank/ HTTP 302
https://www.optec-industries.com/themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 dr.php Show response
mattstransport.com.au/wp-content/keybn/ 273 B
346 B 467ms
158ms Document
text/html 104.247.74.39
INMOTION

General

Check archive.org

Show headers Download Go to

Full URL: https://mattstransport.com.au/wp-content/keybn/dr.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.247.74.39 , United States, ASN22611 (INMOTION, US),
Reverse DNS: ded3531.inmotionhosting.com
Software: Apache /
Resource Hash: bd3a3d872e16ebb99339dc58e9be5aa41d01d076fc2ca6699c9537e103ed77a5

Request headers

:method: GET
:authority: mattstransport.com.au
:scheme: https
:path: /wp-content/keybn/dr.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 14:06:41 GMT
server: Apache
content-type: text/html; charset=UTF-8

GET
H2

200

Primary Request login.php Show response
www.optec-industries.com/themes/Keybank/Keybank/
Redirect Chain

https://www.optec-industries.com/themes/Keybank/Keybank/
https://www.optec-industries.com/themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true

13 KB
4 KB

61ms
61ms

Document
text/html

185.123.84.74
ALTINEA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.optec-industries.com/themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.123.84.74 Lent, France, ASN41405 (ALTINEA-AS, FR),

Reverse DNS

prod01.publipresse.ovh

Software

nginx / PHP/7.1.33 PleskLin

Resource Hash

e8201012da2f4b2802bbcd494a85eb15ba1f993a90f1b1f1916565231cc1638b

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-eval' 'unsafe-inline' https://code.jquery.com https://cdn.jsdelivr.net/ https://.google.com https://.google-analytics.com https://www.googletagmanager.com https://.gstatic.com https://.googleapis.com https://connect.facebook.net https://opt-out.ferank.eu; base-uri 'self';
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SameOrigin
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.optec-industries.com
:scheme: https
:path: /themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://mattstransport.com.au/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mattstransport.com.au/wp-content/keybn/dr.php

Response headers

server: nginx
date: Thu, 18 Mar 2021 14:06:41 GMT
content-type: text/html; charset=UTF-8
content-length: 3919
x-powered-by: PHP/7.1.33 PleskLin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff nosniff
x-frame-options: SameOrigin
strict-transport-security: max-age=15552001; includeSubDomains; preload
content-security-policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' https://code.jquery.com https://cdn.jsdelivr.net/ https://*.google.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://connect.facebook.net https://opt-out.ferank.eu; base-uri 'self';
vary: Accept-Encoding
content-encoding: gzip

Redirect headers

server: nginx
date: Thu, 18 Mar 2021 14:06:41 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/7.1.33 PleskLin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff nosniff
x-frame-options: SameOrigin
strict-transport-security: max-age=15552001; includeSubDomains; preload
content-security-policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' https://code.jquery.com https://cdn.jsdelivr.net/ https://*.google.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://connect.facebook.net https://opt-out.ferank.eu; base-uri 'self';
location: login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true

GET
H2 200 modal.js Show response
www.optec-industries.com/themes/Keybank/Keybank/login_files/ 14 KB
3 KB 63ms
62ms Script
application/javascript 185.123.84.74
ALTINEA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.optec-industries.com/themes/Keybank/Keybank/login_files/modal.js

Requested by

Host: www.optec-industries.com
URL: https://www.optec-industries.com/themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.123.84.74 Lent, France, ASN41405 (ALTINEA-AS, FR),

Reverse DNS

prod01.publipresse.ovh

Software

nginx / PleskLin

Resource Hash

8521048ffd2659447d3335e3444efa75ad217a6b865026a3a8d8a77351391d8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.optec-industries.com/themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 14:06:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 11 Jul 2017 19:31:02 GMT
server: nginx
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1209600
etag: W/"59652776-3774"
expires: Thu, 01 Apr 2021 14:06:41 GMT

GET
H2 200 bootstrap_ext.css
www.optec-industries.com/themes/Keybank/Keybank/login_files/ 603 KB
97 KB 180ms
179ms Stylesheet
text/css 185.123.84.74
ALTINEA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.optec-industries.com/themes/Keybank/Keybank/login_files/bootstrap_ext.css

Requested by

Host: www.optec-industries.com
URL: https://www.optec-industries.com/themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.123.84.74 Lent, France, ASN41405 (ALTINEA-AS, FR),

Reverse DNS

prod01.publipresse.ovh

Software

nginx / PleskLin

Resource Hash

7e7990c00e976409fc975666bd243ab1118ece2414d00e4eded9ae0a10842177

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.optec-industries.com/themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 14:06:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Jul 2017 20:25:02 GMT
server: nginx
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1209600
etag: W/"5967d71e-96caa"
expires: Thu, 01 Apr 2021 14:06:41 GMT

GET
H2 200 custom_olb.css
www.optec-industries.com/themes/Keybank/Keybank/login_files/ 576 KB
83 KB 103ms
102ms Stylesheet
text/css 185.123.84.74
ALTINEA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.optec-industries.com/themes/Keybank/Keybank/login_files/custom_olb.css

Requested by

Host: www.optec-industries.com
URL: https://www.optec-industries.com/themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.123.84.74 Lent, France, ASN41405 (ALTINEA-AS, FR),

Reverse DNS

prod01.publipresse.ovh

Software

nginx / PleskLin

Resource Hash

840759b0c3cc29cae41ddd56c5a818e64d7112b66cc50f5628882c992e145e19

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.optec-industries.com/themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 14:06:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Jul 2017 20:05:40 GMT
server: nginx
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1209600
etag: W/"5967d294-90133"
expires: Thu, 01 Apr 2021 14:06:41 GMT

GET
H2 200 anim-in-out.css
www.optec-industries.com/themes/Keybank/Keybank/login_files/ 8 KB
1 KB 63ms
63ms Stylesheet
text/css 185.123.84.74
ALTINEA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.optec-industries.com/themes/Keybank/Keybank/login_files/anim-in-out.css

Requested by

Host: www.optec-industries.com
URL: https://www.optec-industries.com/themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.123.84.74 Lent, France, ASN41405 (ALTINEA-AS, FR),

Reverse DNS

prod01.publipresse.ovh

Software

nginx / PleskLin

Resource Hash

19a6ca895a160f34f86cde6c0a881edca81385e936482049ac94986889428f90

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.optec-industries.com/themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 14:06:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Jul 2017 20:05:40 GMT
server: nginx
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1209600
etag: W/"5967d294-213b"
expires: Thu, 01 Apr 2021 14:06:41 GMT

GET MaskedPassword.js
www.sitepoint.com/examples/password/MaskedPassword/ 0
0

GET
H2 200 background_day_IN_high.jpg
www.optec-industries.com/themes/Keybank/Keybank/login_files/ 241 KB
242 KB 60ms
60ms Image
image/jpeg 185.123.84.74
ALTINEA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.optec-industries.com/themes/Keybank/Keybank/login_files/background_day_IN_high.jpg

Requested by

Host: www.optec-industries.com
URL: https://www.optec-industries.com/themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.123.84.74 Lent, France, ASN41405 (ALTINEA-AS, FR),

Reverse DNS

prod01.publipresse.ovh

Software

nginx / PleskLin

Resource Hash

b27e2cc646f47a6593b0f11a575993637490dfdc9bcf5ab2f1e779bb0cd3ae94

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.optec-industries.com/themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 14:06:41 GMT
x-content-type-options: nosniff
last-modified: Fri, 03 Nov 2017 00:00:10 GMT
server: nginx
x-powered-by: PleskLin
content-type: image/jpeg
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 247086
etag: "59fbb18a-3c52e"
expires: Thu, 01 Apr 2021 14:06:41 GMT

GET
H/1.1 404
Not Found v4llpaneltoggler.png
8f544770ae5b7cfb8345-6636004133269479b2733e2a336860f6.ssl.cf2.rackcdn.com//rely/resources/images/v4llpanel/ 0
0 297ms
151ms Image
text/html 104.108.144.153
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://8f544770ae5b7cfb8345-6636004133269479b2733e2a336860f6.ssl.cf2.rackcdn.com//rely/resources/images/v4llpanel/v4llpaneltoggler.png
Requested by: Host: www.optec-industries.com
URL: https://www.optec-industries.com/themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.108.144.153 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-153.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.optec-industries.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 404
Not Found v4llpanellogo.png
8f544770ae5b7cfb8345-6636004133269479b2733e2a336860f6.ssl.cf2.rackcdn.com//rely/resources/images/v4llpanel/ 0
0 340ms
195ms Image
text/html 104.108.144.153
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://8f544770ae5b7cfb8345-6636004133269479b2733e2a336860f6.ssl.cf2.rackcdn.com//rely/resources/images/v4llpanel/v4llpanellogo.png
Requested by: Host: www.optec-industries.com
URL: https://www.optec-industries.com/themes/Keybank/Keybank/login.php?&sessionid=1e700fd3b56d5e5ac77e1b415f1437b5&securessl=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.108.144.153 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-153.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.optec-industries.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 keybank-icons.ttf
www.optec-industries.com/themes/Keybank/Keybank/login_files/ 144 KB
144 KB 99ms
98ms Font
application/font-sfnt 185.123.84.74
ALTINEA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.optec-industries.com/themes/Keybank/Keybank/login_files/keybank-icons.ttf

Requested by

Host: www.optec-industries.com
URL: https://www.optec-industries.com/themes/Keybank/Keybank/login_files/bootstrap_ext.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.123.84.74 Lent, France, ASN41405 (ALTINEA-AS, FR),

Reverse DNS

prod01.publipresse.ovh

Software

nginx / PleskLin

Resource Hash

d71384cf0cc3bd3d055caa8a56877e345cc49e1febd963e3e6fb854062b72b74

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.optec-industries.com
Referer: https://www.optec-industries.com/themes/Keybank/Keybank/login_files/bootstrap_ext.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 14:06:41 GMT
x-content-type-options: nosniff
last-modified: Thu, 13 Jul 2017 20:21:38 GMT
server: nginx
x-powered-by: PleskLin
content-type: application/font-sfnt
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 147440
etag: "5967d652-23ff0"
expires: Thu, 01 Apr 2021 14:06:41 GMT

GET
H2 200 530dee22-e3c1-4e9f-bf62-c31d510d9656.woff
www.optec-industries.com/themes/Keybank/Keybank/login_files/ 55 KB
56 KB 92ms
91ms Font
application/font-woff 185.123.84.74
ALTINEA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.optec-industries.com/themes/Keybank/Keybank/login_files/530dee22-e3c1-4e9f-bf62-c31d510d9656.woff

Requested by

Host: www.optec-industries.com
URL: https://www.optec-industries.com/themes/Keybank/Keybank/login_files/bootstrap_ext.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.123.84.74 Lent, France, ASN41405 (ALTINEA-AS, FR),

Reverse DNS

prod01.publipresse.ovh

Software

nginx / PleskLin

Resource Hash

1e1ac677a9e917935dcd25ca6300c1f038c1fcc3cb82ec79eb64a844e16fa828

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.optec-industries.com
Referer: https://www.optec-industries.com/themes/Keybank/Keybank/login_files/bootstrap_ext.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 14:06:41 GMT
x-content-type-options: nosniff
last-modified: Thu, 13 Jul 2017 20:21:26 GMT
server: nginx
x-powered-by: PleskLin
content-type: application/font-woff
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 56736
etag: "5967d646-dda0"
expires: Thu, 01 Apr 2021 14:06:41 GMT

GET
H2 200 14ff6081-326d-4dae-b778-d7afa66166fc.woff
www.optec-industries.com/themes/Keybank/Keybank/login_files/ 37 KB
37 KB 79ms
78ms Font
application/font-woff 185.123.84.74
ALTINEA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.optec-industries.com/themes/Keybank/Keybank/login_files/14ff6081-326d-4dae-b778-d7afa66166fc.woff

Requested by

Host: www.optec-industries.com
URL: https://www.optec-industries.com/themes/Keybank/Keybank/login_files/bootstrap_ext.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.123.84.74 Lent, France, ASN41405 (ALTINEA-AS, FR),

Reverse DNS

prod01.publipresse.ovh

Software

nginx / PleskLin

Resource Hash

90973db3f26fe86b648ec735f3183b44902e5cedf2b1a042402bac39da70404f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.optec-industries.com
Referer: https://www.optec-industries.com/themes/Keybank/Keybank/login_files/bootstrap_ext.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 14:06:41 GMT
x-content-type-options: nosniff
last-modified: Thu, 13 Jul 2017 20:21:48 GMT
server: nginx
x-powered-by: PleskLin
content-type: application/font-woff
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 37560
etag: "5967d65c-92b8"
expires: Thu, 01 Apr 2021 14:06:41 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.sitepoint.com
URL: https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: KeyBank (Banking)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8f544770ae5b7cfb8345-6636004133269479b2733e2a336860f6.ssl.cf2.rackcdn.com
mattstransport.com.au
www.optec-industries.com
www.sitepoint.com
www.sitepoint.com
104.108.144.153
104.247.74.39
185.123.84.74
19a6ca895a160f34f86cde6c0a881edca81385e936482049ac94986889428f90
1e1ac677a9e917935dcd25ca6300c1f038c1fcc3cb82ec79eb64a844e16fa828
7e7990c00e976409fc975666bd243ab1118ece2414d00e4eded9ae0a10842177
840759b0c3cc29cae41ddd56c5a818e64d7112b66cc50f5628882c992e145e19
8521048ffd2659447d3335e3444efa75ad217a6b865026a3a8d8a77351391d8f
90973db3f26fe86b648ec735f3183b44902e5cedf2b1a042402bac39da70404f
b27e2cc646f47a6593b0f11a575993637490dfdc9bcf5ab2f1e779bb0cd3ae94
bd3a3d872e16ebb99339dc58e9be5aa41d01d076fc2ca6699c9537e103ed77a5
d71384cf0cc3bd3d055caa8a56877e345cc49e1febd963e3e6fb854062b72b74
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8201012da2f4b2802bbcd494a85eb15ba1f993a90f1b1f1916565231cc1638b

www.optec-industries.com Open in urlscan Pro 185.123.84.74 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

92 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

667 kBTransfer

1692 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

0 Cookies

Indicators

www.optec-industries.com Open in urlscan Pro
185.123.84.74 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

92 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

667 kB
Transfer

1692 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!