secureaffirmverification.ixafrica.1-grid-website-design.co.za
Open in
urlscan Pro
41.185.8.42
Malicious Activity!
Public Scan
Effective URL: https://secureaffirmverification.ixafrica.1-grid-website-design.co.za/
Submission Tags: @ecarlesi possiblethreat Search All
Submission: On August 29 via api from CA — Scanned from CA
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 29th 2023. Valid for: 3 months.
This is the only time secureaffirmverification.ixafrica.1-grid-website-design.co.za was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Affirm (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 4 | 41.185.8.42 41.185.8.42 | 36943 (ZA-1-Grid) (ZA-1-Grid) | |
6 | 151.101.194.133 151.101.194.133 | 54113 (FASTLY) (FASTLY) | |
3 | 3.160.5.100 3.160.5.100 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 69.16.175.10 69.16.175.10 | 20446 (STACKPATH...) (STACKPATH-CDN) | |
2 | 23.21.145.8 23.21.145.8 | 14618 (AMAZON-AES) (AMAZON-AES) | |
15 | 5 |
ASN36943 (ZA-1-Grid, ZA)
PTR: lnxwsd-dev01-monitor.hostserv.co.za
secureaffirmverification.ixafrica.1-grid-website-design.co.za |
ASN16509 (AMAZON-02, US)
PTR: server-3-160-5-100.cmh68.r.cloudfront.net
www.affirm.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-145-8.compute-1.amazonaws.com
mpsnare.iesnare.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
affirm.com
cdn1.affirm.com — Cisco Umbrella Rank: 7193 www.affirm.com — Cisco Umbrella Rank: 6903 |
465 KB |
4 |
1-grid-website-design.co.za
1 redirects
secureaffirmverification.ixafrica.1-grid-website-design.co.za |
82 KB |
2 |
iesnare.com
mpsnare.iesnare.com — Cisco Umbrella Rank: 5838 |
2 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 736 |
83 KB |
15 | 4 |
Domain | Requested by | |
---|---|---|
6 | cdn1.affirm.com |
secureaffirmverification.ixafrica.1-grid-website-design.co.za
|
4 | secureaffirmverification.ixafrica.1-grid-website-design.co.za |
1 redirects
secureaffirmverification.ixafrica.1-grid-website-design.co.za
|
3 | www.affirm.com |
secureaffirmverification.ixafrica.1-grid-website-design.co.za
|
2 | mpsnare.iesnare.com |
secureaffirmverification.ixafrica.1-grid-website-design.co.za
|
1 | code.jquery.com |
secureaffirmverification.ixafrica.1-grid-website-design.co.za
|
15 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
secureaffirmverification.ixafrica.1-grid-website-design.co.za cPanel, Inc. Certification Authority |
2023-08-29 - 2023-11-27 |
3 months | crt.sh |
cdn1.affirm.com R3 |
2023-08-29 - 2023-11-27 |
3 months | crt.sh |
affirm.com Amazon RSA 2048 M01 |
2023-02-28 - 2023-12-18 |
10 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
mpsnare.iesnare.com DigiCert SHA2 High Assurance Server CA |
2023-05-01 - 2024-05-29 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://secureaffirmverification.ixafrica.1-grid-website-design.co.za/
Frame ID: 15C2292F26AE7982DFF96313D2870B82
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
Affirm ProtectionPage URL History Show full URLs
-
http://secureaffirmverification.ixafrica.1-grid-website-design.co.za/
HTTP 301
https://secureaffirmverification.ixafrica.1-grid-website-design.co.za/ Page URL
Detected technologies
React (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+data-react
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://secureaffirmverification.ixafrica.1-grid-website-design.co.za/
HTTP 301
https://secureaffirmverification.ixafrica.1-grid-website-design.co.za/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
secureaffirmverification.ixafrica.1-grid-website-design.co.za/ Redirect Chain
|
27 KB 27 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microfrontend.js
cdn1.affirm.com/assets/product_flows/master/ |
1 MB 320 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microfrontend.css
cdn1.affirm.com/assets/product_flows/master/ |
102 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
calibre-bold.woff2
www.affirm.com/fonts/src/ |
28 KB 28 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
calibre-regular.woff2
www.affirm.com/fonts/src/ |
27 KB 27 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
calibre-semibold.woff2
www.affirm.com/fonts/src/ |
27 KB 27 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
intl-copy-US-json-a1ca8f2fe53fd1e38302.js
cdn1.affirm.com/assets/identity_app/master/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-344d885493e3af0993f3.css
cdn1.affirm.com/assets/identity_app/master/ |
123 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.11.3.js
code.jquery.com/ |
278 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MobileDownloadBanner-64833ec1487ac202d803.css
cdn1.affirm.com/assets/product_flows/master/ |
4 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DesktopSnackbar-64833ec1487ac202d803.css
cdn1.affirm.com/assets/product_flows/master/ |
8 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
secureaffirmverification.ixafrica.1-grid-website-design.co.za/apps/prefetch/v1/user_portal/index/ |
0 27 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
secureaffirmverification.ixafrica.1-grid-website-design.co.za/apps/prefetch/v1/user_portal/index/ |
0 27 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
time.mp3
mpsnare.iesnare.com/ |
504 B 881 B |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
time.mp3
mpsnare.iesnare.com/ |
504 B 881 B |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Affirm (Financial)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn1.affirm.com
code.jquery.com
mpsnare.iesnare.com
secureaffirmverification.ixafrica.1-grid-website-design.co.za
www.affirm.com
151.101.194.133
23.21.145.8
3.160.5.100
41.185.8.42
69.16.175.10
0332e2e1b144a06dd640a2b96b68bb4f81edf1052a2ad8b242ac0647a4eb62b4
0786f1f1c2ac8789c0e8a8a4640a24ef01f508f82ed86967d8d175c3ef4a9d16
19eb15a82c7d57da840702df09105cec7a6e5c5c9edef82b5ce2b05ce0e5dcac
1bb841d490596b1116ad105a3b5972dbef4cc5371af722cd75920d8db0a67078
2065aecca0fb9b0567358d352ed5f1ab72fce139bf449b4d09805f5d9c3725ed
77accfb685af26e3283da4844fbdef11cdc3b5adc94d326f6fcd9a94c4446cc5
a937a7277bd56cde0321127b4c0aedfb6d99f14b1e37bacc579ee87451c649ec
d011a5c437242af919ca8c96751dc101efd1695fbeec4c19d8753d4aa82b80e8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e99aa959d27092cf1f0f0997b396a66ea7e85327f9502ab4a944eabcc2dbb79f
eb9fc8bab80de0146a30a781d47795251a570e5d11aacf42d480cf20124f96bf
ee3870b5bf1ffe3c9b8bbb0bdcbbe64538cff5c706d01e61c51d23f67e16144c
f7ef33d5409f1df4c9de8584bfa411c53a891f9ac2dd81819de1ed3f5e1842c9