jpaa.aiou.edu.pk Open in urlscan Pro
45.64.25.22 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://jpaa.aiou.edu.pk/wp-includes/content/Attachment%2020220428_2049.pdf.html
Submission Tags: tweet @atomspam #phishing #nedbank #nedbankgroup #bank #infosec #cybersecurity #atomspam Search All
Submission: On April 08 via api (April 8th 2023, 2:31:55 pm UTC) from FI — Scanned from FI

Summary HTTP 33 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 33 HTTP transactions. The main IP is 45.64.25.22, located in Abdul Hakim, Pakistan and belongs to HECPERN-AS-PK PERN AS Content Servie Provider, Islamabad, Pakistan, PK. The main domain is jpaa.aiou.edu.pk.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 15th 2022. Valid for: a year.

This is the only time jpaa.aiou.edu.pk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nedbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	45.64.25.22 45.64.25.22	45773 (HECPERN-A...) (HECPERN-AS-PK PERN AS Content Servie Provider)
22	154.53.45.43 154.53.45.43	40021 (CONTABO) (CONTABO)
1	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
33	4

1 45.64.25.22 (Abdul Hakim, Pakistan)

ASN45773 (HECPERN-AS-PK PERN AS Content Servie Provider, Islamabad, Pakistan, PK)

jpaa.aiou.edu.pk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 154.53.45.43 (St Louis, United States)

ASN40021 (CONTABO, US)
PTR: vmi866139.contaboserver.net

medicolospinos.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	medicolospinos.com medicolospinos.com	830 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 357	31 KB
1	aiou.edu.pk jpaa.aiou.edu.pk	932 B
33	3

	Domain	Requested by
22	medicolospinos.com	jpaa.aiou.edu.pk medicolospinos.com
1	ajax.googleapis.com	jpaa.aiou.edu.pk
1	jpaa.aiou.edu.pk
33	3

This site contains links to these domains. Also see Links.

Domain
medicolospinos.com
www.entrust.net
www.nedbank.co.za
onlinesharetrading.nedbank.co.za
play.google.com
itunes.apple.com

Subject Issuer	Validity	Valid
*.aiou.edu.pk Sectigo RSA Domain Validation Secure Server CA	`2022-08-15` - `2023-09-15`	a year	crt.sh
medicolospinos.com cPanel, Inc. Certification Authority	`2023-03-26` - `2023-06-24`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-20` - `2023-06-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://jpaa.aiou.edu.pk/wp-includes/content/Attachment%2020220428_2049.pdf.html
Frame ID: 615A3720263D52901D95B05B575154A2
Requests: 33 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online Banking

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

33
Requests

73 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

862 kB
Transfer

912 kB
Size

0
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://medicolospinos.com/wp-includes/content/

Search URL Search Domain Scan URL

URL: https://www.entrust.net/customer/profile.cfm?domain=secured.nedbank.co.za

Search URL Search Domain Scan URL

URL: https://www.nedbank.co.za/content/nedbank/desktop/gt/en/aboutus/legal/fraud-awareness/how-to-keep-safe-online-banking.html
Title: Learn more →

Search URL Search Domain Scan URL

URL: https://www.nedbank.co.za/content/nedbank/desktop/gt/en/aboutus/legal/fraud-awareness.html
Title: Fraud awareness

Search URL Search Domain Scan URL

URL: https://onlinesharetrading.nedbank.co.za/#/overview
Title: Online share trading

Search URL Search Domain Scan URL

URL: https://www.nedbank.co.za/content/nedbank/desktop/gt/en/personal/tools-and-guidance/bank-anytime-anywhere/trusteer-rapport-security.html
Title: Trusteer Rapport security

Search URL Search Domain Scan URL

URL: https://www.nedbank.co.za/content/nedbank/desktop/gt/en/aboutus/legal/terms-conditions.html
Title: terms and conditions.

Search URL Search Domain Scan URL

URL: https://www.nedbank.co.za/content/nedbank/desktop/gt/en/personal/nedbank-money.html
Title: Nedbank Money app

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=za.co.nedbank

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/us/app/nedbank-money/id1260981758?ls=1&mt=8

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

33 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Attachment%2020220428_2049.pdf.html Show response
jpaa.aiou.edu.pk/wp-includes/content/ 1 KB
932 B 2945ms
270ms Document
text/html 45.64.25.22
HECPERN-AS-PK PER...

General

Source	Level	URL Text
javascript	error	URL: https://jpaa.aiou.edu.pk/wp-includes/content/Attachment%2020220428_2049.pdf.html Message: Access to font at 'https://medicolospinos.com/wp-includes/content/assets/fonts/FF%20Mark/FontFont%20-%20MarkPro.otf' from origin 'https://jpaa.aiou.edu.pk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://medicolospinos.com/wp-includes/content/assets/fonts/FF%20Mark/FontFont%20-%20MarkPro.otf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://jpaa.aiou.edu.pk/wp-includes/content/Attachment%2020220428_2049.pdf.html Message: Access to font at 'https://medicolospinos.com/wp-includes/content/assets/fonts/fonts/FFMarkWebProRegular.ttf' from origin 'https://jpaa.aiou.edu.pk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://medicolospinos.com/wp-includes/content/assets/fonts/fonts/FFMarkWebProRegular.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://jpaa.aiou.edu.pk/wp-includes/content/Attachment%2020220428_2049.pdf.html Message: Access to font at 'https://medicolospinos.com/wp-includes/content/assets/fonts/fonts/FFMarkWebProRegular.woff' from origin 'https://jpaa.aiou.edu.pk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://medicolospinos.com/wp-includes/content/assets/fonts/fonts/FFMarkWebProRegular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://jpaa.aiou.edu.pk/wp-includes/content/Attachment%2020220428_2049.pdf.html Message: Access to font at 'https://medicolospinos.com/wp-includes/content/assets/fonts/fonts/FFMarkWebProRegular.woff2' from origin 'https://jpaa.aiou.edu.pk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://medicolospinos.com/wp-includes/content/assets/fonts/fonts/FFMarkWebProRegular.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://jpaa.aiou.edu.pk/wp-includes/content/Attachment%2020220428_2049.pdf.html Message: Access to font at 'https://medicolospinos.com/wp-includes/content/assets/fonts/FF%20Mark/FontFont%20-%20MarkPro-Medium.otf' from origin 'https://jpaa.aiou.edu.pk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://medicolospinos.com/wp-includes/content/assets/fonts/FF%20Mark/FontFont%20-%20MarkPro-Medium.otf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://jpaa.aiou.edu.pk/wp-includes/content/Attachment%2020220428_2049.pdf.html Message: Access to font at 'https://medicolospinos.com/wp-includes/content/assets/fonts/fonts/FFMarkWebProMedium.ttf' from origin 'https://jpaa.aiou.edu.pk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://medicolospinos.com/wp-includes/content/assets/fonts/fonts/FFMarkWebProMedium.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://jpaa.aiou.edu.pk/wp-includes/content/Attachment%2020220428_2049.pdf.html Message: Access to font at 'https://medicolospinos.com/wp-includes/content/assets/fonts/fonts/FFMarkWebProMedium.woff' from origin 'https://jpaa.aiou.edu.pk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://medicolospinos.com/wp-includes/content/assets/fonts/fonts/FFMarkWebProMedium.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://jpaa.aiou.edu.pk/wp-includes/content/Attachment%2020220428_2049.pdf.html Message: Access to font at 'https://medicolospinos.com/wp-includes/content/assets/fonts/fonts/FFMarkWebProMedium.woff2' from origin 'https://jpaa.aiou.edu.pk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://medicolospinos.com/wp-includes/content/assets/fonts/fonts/FFMarkWebProMedium.woff2 Message: Failed to load resource: net::ERR_FAILED

jpaa.aiou.edu.pk Open in urlscan Pro 45.64.25.22 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

33 Requests

73 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

4 IPs

3 Countries

862 kBTransfer

912 kBSize

0 Cookies

10 Outgoing links

Redirected requests

33 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

0 Cookies

16 Console Messages

Indicators

jpaa.aiou.edu.pk Open in urlscan Pro
45.64.25.22 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

33
Requests

73 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

862 kB
Transfer

912 kB
Size

0
Cookies

33 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!