lowveldrugged.co.za
Open in
urlscan Pro
196.41.130.162
Malicious Activity!
Public Scan
Submission: On May 06 via automatic, source openphish
Summary
This is the only time lowveldrugged.co.za was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ASB Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 196.41.130.162 196.41.130.162 | 12258 (OPTINET) (OPTINET) | |
4 | 1 |
ASN12258 (OPTINET, ZA)
PTR: cpt-cpanel-12.mweb.co.za
lowveldrugged.co.za |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
lowveldrugged.co.za
lowveldrugged.co.za |
36 KB |
4 | 1 |
Domain | Requested by | |
---|---|---|
4 | lowveldrugged.co.za |
lowveldrugged.co.za
|
4 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://lowveldrugged.co.za/index.htm.bak.bak
Frame ID: 6B018C3B44C9E3078C8CA0FBB8870D4B
Requests: 4 HTTP requests in this frame
Screenshot
Detected technologies
Pure CSS (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+(?:([\d.])+\/)?pure(?:-min)?\.css/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.htm.bak.bak
lowveldrugged.co.za/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pure-min.css
lowveldrugged.co.za/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10.PNG
lowveldrugged.co.za/images/ |
32 KB 32 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4.PNG
lowveldrugged.co.za/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ASB Bank (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| unhideBody0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
lowveldrugged.co.za
196.41.130.162
6264b46bd0dc6cd612d27ce8c25893c477b15a4f942b6ee61b5a9134263c1bde
d72c8fd4883ab08300c762fc26d7e0d5ac96438c9388e8b59fb2177929a71d2d
deb4441d0c013d60d4c1d4da24793b70c20ba6c8c35f921927a14b72162032b3