Report - ktzz.lkd.rabo-dashboard.com/document/d/e/2PACX-1vRjdN7evVMs_U5iXxG50PWwx7LK5Z1Y4Dpq7-Mj4WQBBuLGk73NAjnsq171VExX-6wXzP3Eb4Nzku7O

Report Overview

Visited public
2025-02-01 04:01:35
Tags
Submit Tags
URL
ktzz.lkd.rabo-dashboard.com/document/d/e/2PACX-1vRjdN7evVMs_U5iXxG50PWwx7LK5Z1Y4Dpq7-Mj4WQBBuLGk73NAjnsq171VExX-6wXzP3Eb4Nzku7O
Finishing URL
ktzz.lkd.rabo-dashboard.com/document/d/e/2PACX-1vRjdN7evVMs_U5iXxG50PWwx7LK5Z1Y4Dpq7-Mj4WQBBuLGk73NAjnsq171VExX-6wXzP3Eb4Nzku7O
IP / ASN
172.104.251.198
#63949 Akamai Connected Cloud
Title
rabo-dashboard.com

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ktzz.lkd.rabo-dashboard.com	unknown	2021-03-11	2025-02-01	2025-02-01	3.0 kB	33 kB	172.104.251.198
www.google.com	7	1997-09-15	2015-05-10	2025-01-29	453 B	148 kB	142.250.74.100

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-02-01	medium	rabo-dashboard.com	Sinkholed
2025-02-01	medium	rabo-dashboard.com	Sinkholed
2025-02-01	medium	rabo-dashboard.com	Sinkholed
2025-02-01	medium	rabo-dashboard.com	Sinkholed
2025-02-01	medium	rabo-dashboard.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	ktzz.lkd.rabo-dashboard.com/_static/nrb.js	ScriptElement	58 kB	2024-11-25	2025-03-20
Pretty URL ktzz.lkd.rabo-dashboard.com/_static/nrb.js IP 172.104.251.198 ASN #63949 Akamai Connected Cloud Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-25 18:02 Last Seen2025-03-20 08:27 Times Seen209 Hash f4a0a3a460819eab368e5694bf433934 6c23f97262a87333a6cb367628b634463841966f 9a9622bf899b7d4a0e3e56f1051aeb09114f1d19cebd4e4b2e6f498d1283b687 Loading...

	ktzz.lkd.rabo-dashboard.com/_static/deliver.js	ScriptElement	16 kB	2025-01-31	2025-02-12
Pretty URL ktzz.lkd.rabo-dashboard.com/_static/deliver.js IP 172.104.251.198 ASN #63949 Akamai Connected Cloud Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-31 12:02 Last Seen2025-02-12 06:30 Times Seen31 Hash 4ff021fcd1b79243fea45f3447c5647a d11b627663807ba846d5fbda774d64ec356d56ff 7aa2a16207d31e993bf84afbeb9501f4fd5f2b5972c04f7540a3f695407ebe2b Loading...

	www.google.com/adsense/domains/caf.js?abp=1&abpgo=true	ScriptElement	147 kB	2025-01-31	2025-02-03
Pretty URL www.google.com/adsense/domains/caf.js?abp=1&abpgo=true IP 142.250.74.100 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-31 16:13 Last Seen2025-02-03 14:52 Times Seen235 Hash 9e8360fa37ee381c895ec88627927e5f 45c357685373a70867bb16fc33758450f45ea991 00a853fd0b575f72ba84495cb1f339bce3c788c33a910a6845eea77852904d0d Loading...

HTTP Transactions (6)

URL IP Response Size

GET ktzz.lkd.rabo-dashboard.com/document/d/e/2PACX-1vRjdN7evVMs_U5iXxG50PWwx7LK5Z1Y4Dpq7-Mj4WQBBuLGk73NAjnsq171VExX-6wXzP3Eb4Nzku7O

172.104.251.198

200 OK

924 B

URL User Request GET
ktzz.lkd.rabo-dashboard.com/document/d/e/2PACX-1vRjdN7evVMs_U5iXxG50PWwx7LK5Z1Y4Dpq7-Mj4WQBBuLGk73NAjnsq171VExX-6wXzP3Eb4Nzku7O
IP
172.104.251.198:0
ASN
#63949 Akamai Connected Cloud

File type
HTML document, ASCII text, with very long lines (1761), with no line terminators
Size
924 B (924 bytes)
Hash
db4a10356997bca4ebef35ad4adcf44e
96b6104349dd1bd1e7f38b708373e39798aa46f5
8c88ee7c40a98d8410f9c0d0fa1b151bcf0e18ac2d11f6aff210ee00cfc99317

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /document/d/e/2PACX-1vRjdN7evVMs_U5iXxG50PWwx7LK5Z1Y4Dpq7-Mj4WQBBuLGk73NAjnsq171VExX-6wXzP3Eb4Nzku7O HTTP/1.1
Host: ktzz.lkd.rabo-dashboard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.27.1.1
Date: Sat, 01 Feb 2025 04:01:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: session_id=8e0d1860f651a58e4b804431c9113004; Path=/; HttpOnly; Max-Age=86400; Expires=Saturday, 01-Feb-2025 04:01:05 GMT
Content-Encoding: gzip

GET ktzz.lkd.rabo-dashboard.com/_static/deliver.js

172.104.251.198

200 OK

4.4 kB

URL GET HTTP/1.1
ktzz.lkd.rabo-dashboard.com/_static/deliver.js
IP
172.104.251.198:80
ASN
#63949 Akamai Connected Cloud

Requested by
http://ktzz.lkd.rabo-dashboard.com/document/d/e/2PACX-1vRjdN7evVMs_U5iXxG50PWwx7LK5Z1Y4Dpq7-Mj4WQBBuLGk73NAjnsq171VExX-6wXzP3Eb4Nzku7O

File type
ASCII text
Size
4.4 kB (4417 bytes)
Hash
4ff021fcd1b79243fea45f3447c5647a
d11b627663807ba846d5fbda774d64ec356d56ff
7aa2a16207d31e993bf84afbeb9501f4fd5f2b5972c04f7540a3f695407ebe2b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_static/deliver.js HTTP/1.1
Host: ktzz.lkd.rabo-dashboard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ktzz.lkd.rabo-dashboard.com/document/d/e/2PACX-1vRjdN7evVMs_U5iXxG50PWwx7LK5Z1Y4Dpq7-Mj4WQBBuLGk73NAjnsq171VExX-6wXzP3Eb4Nzku7O
Cookie: session_id=8e0d1860f651a58e4b804431c9113004
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.27.1.1
Date: Sat, 01 Feb 2025 04:01:06 GMT
Content-Type: text/javascript
Last-Modified: Thu, 30 Jan 2025 15:53:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"679ba062-3eb0"
Strict-Transport-Security: max-age=0; includeSubDomains; preload
Content-Encoding: gzip

GET ktzz.lkd.rabo-dashboard.com/_static/nrb.js

172.104.251.198

200 OK

20 kB

URL GET HTTP/1.1
ktzz.lkd.rabo-dashboard.com/_static/nrb.js
IP
172.104.251.198:80
ASN
#63949 Akamai Connected Cloud

Requested by
http://ktzz.lkd.rabo-dashboard.com/document/d/e/2PACX-1vRjdN7evVMs_U5iXxG50PWwx7LK5Z1Y4Dpq7-Mj4WQBBuLGk73NAjnsq171VExX-6wXzP3Eb4Nzku7O

File type
JavaScript source, ASCII text, with very long lines (57633)
Size
20 kB (19741 bytes)
Hash
f4a0a3a460819eab368e5694bf433934
6c23f97262a87333a6cb367628b634463841966f
9a9622bf899b7d4a0e3e56f1051aeb09114f1d19cebd4e4b2e6f498d1283b687

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_static/nrb.js HTTP/1.1
Host: ktzz.lkd.rabo-dashboard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ktzz.lkd.rabo-dashboard.com/document/d/e/2PACX-1vRjdN7evVMs_U5iXxG50PWwx7LK5Z1Y4Dpq7-Mj4WQBBuLGk73NAjnsq171VExX-6wXzP3Eb4Nzku7O
Cookie: session_id=8e0d1860f651a58e4b804431c9113004
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.27.1.1
Date: Sat, 01 Feb 2025 04:01:06 GMT
Content-Type: text/javascript
Last-Modified: Mon, 23 Dec 2024 22:29:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6769e42d-e308"
Strict-Transport-Security: max-age=0; includeSubDomains; preload
Content-Encoding: gzip

GET ktzz.lkd.rabo-dashboard.com/apple-touch-icon.png

172.104.251.198

200 OK

6.2 kB

URL GET HTTP/1.1
ktzz.lkd.rabo-dashboard.com/apple-touch-icon.png
IP
172.104.251.198:80
ASN
#63949 Akamai Connected Cloud

Requested by
http://ktzz.lkd.rabo-dashboard.com/document/d/e/2PACX-1vRjdN7evVMs_U5iXxG50PWwx7LK5Z1Y4Dpq7-Mj4WQBBuLGk73NAjnsq171VExX-6wXzP3Eb4Nzku7O

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
6.2 kB (6179 bytes)
Hash
266ff4c4e42767bc54caf86fd6fa0b15
50ce487af8b2ed276b1d639ea07f7d2e819c6bc3
448781b6fddc7baaeac158f636127500ccb68308654effa83087d659a1831135

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: ktzz.lkd.rabo-dashboard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ktzz.lkd.rabo-dashboard.com/document/d/e/2PACX-1vRjdN7evVMs_U5iXxG50PWwx7LK5Z1Y4Dpq7-Mj4WQBBuLGk73NAjnsq171VExX-6wXzP3Eb4Nzku7O
Cookie: session_id=8e0d1860f651a58e4b804431c9113004
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.27.1.1
Date: Sat, 01 Feb 2025 04:01:06 GMT
Content-Type: image/png
Content-Length: 6179
Last-Modified: Mon, 23 Dec 2024 22:29:01 GMT
Connection: keep-alive
ETag: "6769e42d-1823"
Strict-Transport-Security: max-age=0; includeSubDomains; preload
Accept-Ranges: bytes

POST ktzz.lkd.rabo-dashboard.com/_d

172.104.251.198

200 OK

430 B

URL POST HTTP/1.1
ktzz.lkd.rabo-dashboard.com/_d
IP
172.104.251.198:80
ASN
#63949 Akamai Connected Cloud

Requested by
http://ktzz.lkd.rabo-dashboard.com/document/d/e/2PACX-1vRjdN7evVMs_U5iXxG50PWwx7LK5Z1Y4Dpq7-Mj4WQBBuLGk73NAjnsq171VExX-6wXzP3Eb4Nzku7O

File type
JSON text data
Size
430 B (430 bytes)
Hash
3c7f5c98d80dd49018dbb7b31015cfcf
acb2de85328b167da25defe1ebda4f2348982eeb
ea7de53e6dc0b7d0cc663469ca478a8296e208438e297acb6a9eb4175055c530

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_d HTTP/1.1
Host: ktzz.lkd.rabo-dashboard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ktzz.lkd.rabo-dashboard.com/document/d/e/2PACX-1vRjdN7evVMs_U5iXxG50PWwx7LK5Z1Y4Dpq7-Mj4WQBBuLGk73NAjnsq171VExX-6wXzP3Eb4Nzku7O
content-type: application/json
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjcwMjEzNSIsImFwIjoiNzE4Mzg3MTMyIiwiaWQiOiJiYTY0ZWMzNjYzNzkxMzkzIiwidHIiOiI3YzFiM2ZhZWZhZDQ5NjA5ZmEwZDRmNjRkMjM3YzRmZiIsInRpIjoxNzM4MzgyNDY2MTkwfX0=
traceparent: 00-7c1b3faefad49609fa0d4f64d237c4ff-ba64ec3663791393-01
tracestate: 702135@nr=0-1-702135-718387132-ba64ec3663791393----1738382466190
Content-Length: 582
Origin: http://ktzz.lkd.rabo-dashboard.com
DNT: 1
Connection: keep-alive
Cookie: session_id=8e0d1860f651a58e4b804431c9113004
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.27.1.1
Date: Sat, 01 Feb 2025 04:01:06 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=0; includeSubDomains; preload
Content-Encoding: gzip

GET www.google.com/adsense/domains/caf.js?abp=1&abpgo=true

142.250.74.100

200 OK

147 kB

URL GET HTTP/2
www.google.com/adsense/domains/caf.js?abp=1&abpgo=true
IP
142.250.74.100:443
ASN
#15169 GOOGLE

Requested by
http://ktzz.lkd.rabo-dashboard.com/document/d/e/2PACX-1vRjdN7evVMs_U5iXxG50PWwx7LK5Z1Y4Dpq7-Mj4WQBBuLGk73NAjnsq171VExX-6wXzP3Eb4Nzku7O
Certificate
IssuerGoogle Trust Services
Subjectwww.google.com
FingerprintA5:8A:8C:6D:C5:D6:86:EA:BD:43:96:00:02:99:B8:C6:97:0C:AF:E5
ValidityMon, 20 Jan 2025 08:37:54 GMT - Mon, 14 Apr 2025 08:37:53 GMT

File type
JavaScript source, ASCII text, with very long lines (1869)
Size
147 kB (147300 bytes)
Hash
9e8360fa37ee381c895ec88627927e5f
45c357685373a70867bb16fc33758450f45ea991
00a853fd0b575f72ba84495cb1f339bce3c788c33a910a6845eea77852904d0d

HTTP Headers

GET /adsense/domains/caf.js?abp=1&abpgo=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ktzz.lkd.rabo-dashboard.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sat, 01 Feb 2025 04:01:06 GMT
expires: Sat, 01 Feb 2025 04:01:06 GMT
cache-control: private, max-age=3600
etag: "17763354172817630338"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (6)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL POST HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP