sollybadats.co.za Open in urlscan Pro
196.41.123.62 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.cerradodaloba.pt/File.downloader/redon.php
Effective URL:
https://sollybadats.co.za/Quotationsdocumment.html/Document.image/Document.image/One-Drive.doc/index.html
Submission: On April 26 via manual (April 26th 2018, 3:45:25 pm UTC) from GB

Summary HTTP 5 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 196.41.123.62, located in South Africa and belongs to Cybersmart, ZA. The main domain is sollybadats.co.za.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 14th 2018. Valid for: 3 months.

This is the only time sollybadats.co.za was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	109.71.40.117 109.71.40.117	24768 (ALMOUROLTEC) (ALMOUROLTEC)
1	196.41.123.62 196.41.123.62	36874 (Cybersmart) (Cybersmart)
5	3

1 109.71.40.117 (Lisbon, Portugal)

ASN24768 (ALMOUROLTEC, PT)
PTR: cp42.webserver.pt

www.cerradodaloba.pt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 196.41.123.62 (South Africa)

ASN36874 (Cybersmart, ZA)
PTR: cpanel6.mywebserver.co.za

sollybadats.co.za	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	sollybadats.co.za sollybadats.co.za	3 KB
1	cerradodaloba.pt www.cerradodaloba.pt	613 B
0	googleapis.com Failed fonts.googleapis.com Failed
5	3

	Domain	Requested by
1	sollybadats.co.za	sollybadats.co.za
1	www.cerradodaloba.pt
0	fonts.googleapis.com Failed	sollybadats.co.za
5	3

This site contains no links.

Subject Issuer	Validity	Valid
cerradodaloba.pt Let's Encrypt Authority X3	`2018-03-31` - `2018-06-29`	3 months	crt.sh
sollybadats.co.za Let's Encrypt Authority X3	`2018-03-14` - `2018-06-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://sollybadats.co.za/Quotationsdocumment.html/Document.image/Document.image/One-Drive.doc/index.html
Frame ID: 59E986C9F43AD0AA11D10A4695C98FFC
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.cerradodaloba.pt/File.downloader/redon.php Page URL
https://sollybadats.co.za/Quotationsdocumment.html/Document.image/Document.image/One-Drive.doc/index.html Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

5
Requests

40 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

4 kB
Transfer

3 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.cerradodaloba.pt/File.downloader/redon.php Page URL
https://sollybadats.co.za/Quotationsdocumment.html/Document.image/Document.image/One-Drive.doc/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	redon.php Show response www.cerradodaloba.pt/File.downloader/	237 B 613 B	280ms 121ms	Document text/html	109.71.40.117 ALMOUROLTEC
General Check archive.org Show headers Download Go to Full URL https://www.cerradodaloba.pt/File.downloader/redon.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 109.71.40.117 Lisbon, Portugal, ASN24768 (ALMOUROLTEC, PT), Reverse DNS cp42.webserver.pt Software nginx / PHP/5.4.45 Resource Hash `609ca1465771b9f39114d78bc152353934b211f6f6de1e55e8450ba4568ece0e` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.cerradodaloba.pt Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Thu, 26 Apr 2018 15:45:15 GMT Content-Encoding gzip Server nginx X-Powered-By PHP/5.4.45 Vary Accept-Encoding Access-Control-Allow-Methods PUT, GET, POST, DELETE, OPTIONS Content-Type text/html Access-Control-Allow-Origin * Transfer-Encoding chunked Connection keep-alive Access-Control-Allow-Headers origin, x-requested-with, x-http-method-override, content-type
GET H/1.1	200 OK	Primary Request index.html Show response sollybadats.co.za/Quotationsdocumment.html/Document.image/Document.image/One-Drive.doc/	3 KB 3 KB	647ms 158ms	Document text/html	196.41.123.62 Cybersmart
General Check archive.org Show headers Download Go to Full URL https://sollybadats.co.za/Quotationsdocumment.html/Document.image/Document.image/One-Drive.doc/index.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 196.41.123.62 , South Africa, ASN36874 (Cybersmart, ZA), Reverse DNS cpanel6.mywebserver.co.za Software Apache / Resource Hash `8ddc1547760987b5dfe1918352edd4f4d7590e8a6eea8c16defb3cadf45a6574` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host sollybadats.co.za Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer https://www.cerradodaloba.pt/File.downloader/redon.php Connection keep-alive Cache-Control no-cache Upgrade-Insecure-Requests 1 Referer https://www.cerradodaloba.pt/File.downloader/redon.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Thu, 26 Apr 2018 15:45:20 GMT Last-Modified Thu, 05 Oct 2017 11:06:42 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=30 Content-Length 2967
GET		css fonts.googleapis.com/	0 0

GET		style.css sollybadats.co.za/Quotationsdocumment.html/Document.image/Document.image/One-Drive.doc/css/	0 0

GET		css fonts.googleapis.com/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:600

Domain: sollybadats.co.za
URL: https://sollybadats.co.za/Quotationsdocumment.html/Document.image/Document.image/One-Drive.doc/css/style.css

Domain: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:600

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
sollybadats.co.za
www.cerradodaloba.pt
fonts.googleapis.com
sollybadats.co.za
109.71.40.117
196.41.123.62
609ca1465771b9f39114d78bc152353934b211f6f6de1e55e8450ba4568ece0e
8ddc1547760987b5dfe1918352edd4f4d7590e8a6eea8c16defb3cadf45a6574

sollybadats.co.za Open in urlscan Pro 196.41.123.62 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

40 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

4 kBTransfer

3 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

0 Cookies

Indicators

sollybadats.co.za Open in urlscan Pro
196.41.123.62 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

40 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

4 kB
Transfer

3 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions