lentsk.co.za
Open in
urlscan Pro
41.185.8.199
Malicious Activity!
Public Scan
Submission: On January 26 via api from ZA — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 16th 2021. Valid for: 3 months.
This is the only time lentsk.co.za was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online) Sharepoint (Online) Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 9 | 41.185.8.199 41.185.8.199 | 36943 (ZA-1-Grid) (ZA-1-Grid) | |
1 | 2a02:26f0:f7:... 2a02:26f0:f7::5c7b:e01b | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 40.108.200.53 40.108.200.53 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2a02:26f0:f7:... 2a02:26f0:f7::5c7b:e012 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 92.123.195.42 92.123.195.42 | () () | |
10 | 6 |
ASN20940 (AKAMAI-ASN1, NL)
statica.akamai.odsp.cdn.office.net |
ASN20940 (AKAMAI-ASN1, NL)
modernb.akamai.odsp.cdn.office.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
lentsk.co.za
4 redirects
lentsk.co.za |
78 KB |
2 |
office.net
statica.akamai.odsp.cdn.office.net — Cisco Umbrella Rank: 2390 modernb.akamai.odsp.cdn.office.net — Cisco Umbrella Rank: 1291 |
44 KB |
1 |
akamaihd.net
spoprod-a.akamaihd.net |
956 B |
1 |
sharepoint.com
etclocal.sharepoint.com |
4 KB |
10 | 4 |
Domain | Requested by | |
---|---|---|
9 | lentsk.co.za |
4 redirects
lentsk.co.za
|
1 | spoprod-a.akamaihd.net | |
1 | modernb.akamai.odsp.cdn.office.net |
statica.akamai.odsp.cdn.office.net
|
1 | etclocal.sharepoint.com |
lentsk.co.za
|
1 | statica.akamai.odsp.cdn.office.net |
lentsk.co.za
|
10 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
go.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
lentsk.co.za cPanel, Inc. Certification Authority |
2021-12-16 - 2022-03-16 |
3 months | crt.sh |
wildcard.akamai.odsp.cdn.office.net Microsoft RSA TLS CA 01 |
2021-07-01 - 2022-07-01 |
a year | crt.sh |
*.sharepoint.com DigiCert Cloud Services CA-1 |
2021-10-01 - 2022-09-30 |
a year | crt.sh |
a248.e.akamai.net DigiCert SHA2 Secure Server CA |
2021-07-15 - 2022-07-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://lentsk.co.za/wp-content/themes/sharedLink/wamp.php?cramp=020202
Frame ID: 938DB2E7F01F6ABCB02FA215AEE8BD2B
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
Sharing Link ValidationDetected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
PHP (Programming Languages) Expand
Detected patterns
- \.php(?:$|\?)
RequireJS (JavaScript Frameworks) Expand
Detected patterns
- require.*\.js
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://lentsk.co.za/WebResource.axd?d=Qs65voE5fUXYfAfe9FCso3azNMg8FH5cT7jTN0Md_F4-xf1I30zTNPuUeDQCxvzU2nSUT9K3lM-pAMCx9Z21rnIyV_ebAE1Oo4M3UZf3FrI1&t=637453780754849868 HTTP 302
- https://lentsk.co.za/new/res/
- https://lentsk.co.za/ScriptResource.axd?d=HkzKV09UcV-qT5FWFlFhgk6oYcVSkMngxKlH26n9jutn1NzTyM19bFxKVaDe9bvQ64nivu94ZUSKiuB5G0yI2U6PmfjCrqBrLRFi8J6fol9d2orBA5G30NhrigYP1iaVD_8mbmyrrFzPI7PUqhRVZ1t7NGHgwKA4ReFKxl2KEGw1&t=ffffffffe191061b HTTP 302
- https://lentsk.co.za/new/res/
- https://lentsk.co.za/ScriptResource.axd?d=frunyKRPLQoGcObJNetAaZ6eW2bd4L077b-NQgcg9skEot1muJ1wW0FRoVr7VZWK5vmj_C0q43V7OrVTM_48Bm4BWRDOYv7lP6YgnDvKiq9WRbpkXs9H3MyoAXVhf1B1mhX9h_2gwwyS_hEpHMW0cSGQ7RXIipVIQuy9uZz1_IMHBn4PqGyVSgM1wNB3Rw1u0&t=363be08 HTTP 302
- https://lentsk.co.za/new/res/
- https://lentsk.co.za/ScriptResource.axd?d=LmaDwiwq6zCl2m6G3oBReavrHqzb93W_7xrqIAgYoRSXWf_x_LqmI9aBBn5pjJ-ZVFufeao_m5Tx4VuWv6oniNCk4y5-xnGUe2emdVVCWdCOmzxvh0EYmcf8PAxF2NqVp8JIxogy90FaQkQLUro4zUJ5dffASG7BGp1a_tVop7qHLxLVQooYBoUKnAxA_x5X0&t=363be08 HTTP 302
- https://lentsk.co.za/new/res/
- https://lentsk.co.za/_layouts/15/images/microsoft-logo.png HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
wamp.php
lentsk.co.za/wp-content/themes/sharedLink/ |
43 KB 43 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
lentsk.co.za/new/res/ Redirect Chain
|
8 KB 9 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
require.js
statica.akamai.odsp.cdn.office.net/bld/_layouts/15/16.0.21701.12006/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
lentsk.co.za/new/res/ Redirect Chain
|
8 KB 9 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
lentsk.co.za/new/res/ Redirect Chain
|
8 KB 9 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
lentsk.co.za/new/res/ Redirect Chain
|
8 KB 9 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft-logo.png
etclocal.sharepoint.com/_layouts/15/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 2 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spoguestaccess-74b74b08.js
modernb.akamai.odsp.cdn.office.net/files/odsp-web-prod_2021-09-03.002/brotli/ |
158 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pdf.png
spoprod-a.akamaihd.net/files/fabric-cdn-prod_20210115.001/assets/item-types/32/ |
433 B 956 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- lentsk.co.za
- URL
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online) Sharepoint (Online) Microsoft (Consumer)59 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| __tti number| g_responseEnd object| FabricConfig string| __odsp_culture object| __odspSriHashes object| __odsp_libraryScripts object| _spModuleLink function| setImageUrl function| _spBodyOnLoad undefined| theForm function| __doPostBack string| MSOWebPartPageFormName function| requirejs function| require function| define function| WebForm_OnSubmit function| _spFormOnSubmitWrapper function| onFormSubmit object| checkboxes function| onInputChange function| showToastNotification object| dismiss function| dismissNotification undefined| validateFunction function| ValidateCode object| Page_Validators object| RequireTOAACode object| ValidateTOAACodeText object| InvalidTOAACode boolean| _fV4UI boolean| Page_ValidationActive function| ValidatorOnSubmit string| __backupBaseUrl object| __cdnFailOverState function| __assign function| __extends function| __rest function| __decorate function| __param function| __metadata function| __awaiter function| __generator function| __exportStar function| __values function| __read function| __spread function| __spreadArrays function| __await function| __asyncGenerator function| __asyncDelegator function| __asyncValues function| __makeTemplateObject function| __importStar function| __importDefault object| __packages__ object| __themeState__ object| __stylesheet__ number| __currentId__ object| __globalSettings__0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
etclocal.sharepoint.com
lentsk.co.za
modernb.akamai.odsp.cdn.office.net
spoprod-a.akamaihd.net
statica.akamai.odsp.cdn.office.net
lentsk.co.za
2a02:26f0:f7::5c7b:e012
2a02:26f0:f7::5c7b:e01b
40.108.200.53
41.185.8.199
92.123.195.42
29b7a9358abdc68c51db5a5af4a4f4e2e041a67527adee2366b1f84f116fe9a5
2d92f0ce8491d2f9a27ea16d261a15089c4a9be879d1eedcb6f4a3859e7f1999
5c9817ef0859ab7e478e89e9c9a598fb1e5ae2e8247a0df946615d1a3c9f26a6
6cbf091cca3e7a547130fbcd66f193a63a6fdb164906ab7050a013df7754da77
825de044d5ac6442a094ff95099f9f67e9249a8110a2fbd57128285776632adb
841ca1cac49331dbed7e9a0c8324935fe3ba4ba92f00aada1dc7f46e0ac0c0a0
c496f9c13d0bab6c5055b9c536125a5a06fc8aac29f1e35a0119f1181bde6b67