streetservants.com
Open in
urlscan Pro
192.185.119.94
Malicious Activity!
Public Scan
Effective URL: http://streetservants.com/wp-snapshots/Payment%20Confirmation.html
Submission: On June 01 via automatic, source phishtank
Summary
This is the only time streetservants.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Standard Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2a02:6b8::221 2a02:6b8::221 | 13238 (YANDEX) (YANDEX) | |
1 1 | 2a02:6b8::232 2a02:6b8::232 | 13238 (YANDEX) (YANDEX) | |
1 | 192.185.119.94 192.185.119.94 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 2a00:1450:400... 2a00:1450:4001:81c::200a | 15169 (GOOGLE) (GOOGLE) | |
2 2 | 2a00:1450:400... 2a00:1450:4001:817::200e | 15169 (GOOGLE) (GOOGLE) | |
2 4 | 2a00:1450:400... 2a00:1450:4001:806::2004 | 15169 (GOOGLE) (GOOGLE) | |
4 | 4 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-119-94.unifiedlayer.com
streetservants.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
google.com
4 redirects
google.com www.google.com |
1 KB |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
1 |
streetservants.com
streetservants.com |
1 MB |
1 |
yandex.net
1 redirects
sba.yandex.net |
324 B |
1 |
clck.ru
1 redirects
clck.ru |
399 B |
4 | 5 |
Domain | Requested by | |
---|---|---|
4 | www.google.com |
2 redirects
streetservants.com
|
2 | google.com | 2 redirects |
1 | ajax.googleapis.com |
streetservants.com
|
1 | streetservants.com | |
1 | sba.yandex.net | 1 redirects |
1 | clck.ru | 1 redirects |
4 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.google.com GTS CA 1O1 |
2020-05-05 - 2020-07-28 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
http://streetservants.com/wp-snapshots/Payment%20Confirmation.html
Frame ID: 94300B9C4B69DCEAAE4A48D2FA60971E
Requests: 13 HTTP requests in this frame
Frame:
https://www.google.com/?gws_rd=ssl
Frame ID: 730505F483E4E1BE86222CD0686640C2
Requests: 1 HTTP requests in this frame
Frame:
https://www.google.com/?gws_rd=ssl
Frame ID: 950DEB84D906BCAFA7B7258DCB3F96A7
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://clck.ru/NP8Qm
HTTP 302
https://sba.yandex.net/redirect?url=http%3A%2F%2Fstreetservants.com%2Fwp-snapshots%2FPayment%2520Co... HTTP 302
http://streetservants.com/wp-snapshots/Payment%20Confirmation.html Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://clck.ru/NP8Qm
HTTP 302
https://sba.yandex.net/redirect?url=http%3A%2F%2Fstreetservants.com%2Fwp-snapshots%2FPayment%2520Confirmation.html&client=clck&sign=baa96ac9dde26f6c27df78dfd4c13519 HTTP 302
http://streetservants.com/wp-snapshots/Payment%20Confirmation.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 11- http://google.com/ HTTP 301
- http://www.google.com/ HTTP 302
- https://www.google.com/?gws_rd=ssl
- http://google.com/ HTTP 301
- http://www.google.com/ HTTP 302
- https://www.google.com/?gws_rd=ssl
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Payment%20Confirmation.html
streetservants.com/wp-snapshots/ Redirect Chain
|
2 MB 1 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
133 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
815 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
118 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
647 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
84 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
12 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
85 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
123 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
129 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.com/ Frame 7305 Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.com/ Frame 950D Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
314 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Standard Bank (Banking)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate string| day string| month string| ampm number| ampmhour number| myweekday number| year object| mydate number| myday number| mymonth number| weekday number| myyear number| myhours number| mytime string| myminutes function| myFunction function| myFunctionn function| myFunctionnn function| myFunctionnnn function| myFunctionnnnn function| myFunctionnnnnn function| myFunctionnnnnnn function| myFunctionnnnnnnn function| myFunctionnnnnnnnn function| myFunctionnnnnnnnnn function| redirect function| $ function| jQuery3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.google.com/ | Name: NID Value: 204=sNMK7llxIz6_g4ipB2Vgn6yInA5t034EnKDZTkMBcCzQz2BG9WJpQLiY_fAJkafS5bHa3styjOAbXjay14qsVkw2srwZqcxCU_ZF4ovU024I7eKZy1s_uLOVYsYbQMzDUHEc-iGASoCh8c4E1DMjJkXMFq41v42evUQz_j6T2cU |
|
.google.com/ | Name: CONSENT Value: WP.287610 |
|
.google.com/ | Name: 1P_JAR Value: 2020-06-01-08 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
clck.ru
google.com
sba.yandex.net
streetservants.com
www.google.com
192.185.119.94
2a00:1450:4001:806::2004
2a00:1450:4001:817::200e
2a00:1450:4001:81c::200a
2a02:6b8::221
2a02:6b8::232
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
3ed469ac2b6a768d4abac629c5e8789575895428c980fbfe12e5697c365070ca
4332865cac365fc9ff02ef855a2776c9b55be980e24de4a10df7264aac86af52
4ce8b27c1a3b584fb2a885f37e6ea6311a17bb5024707072ffa8a88ff5dad90e
50ded9570fa6f2a244d56fb49094b56bbe1026bb59ccf22b9b333b1697d4c46c
62b0e172787c23a5d95b618b3da78faa3590d359d056196d701e54fc2912ee37
8422e770120191902cee354770a45b2978e50d2d4fbc9f9b5f985a18b23e8916
90877757aeb6c3b8ee264d8a6f24c21b1cbfad2cb4bb2e9b6a439f90b4a56767
92268fdc9a3d052dbcb1ce93ccf6d682df0f70957fe22b82a84adcb7e31b24fc
b3e4e739b69654c19e64794b7e25c5a21bd0dddbf256e4d1ffceb6ccf70c7dc4
bc7db2f4321427cf9432cc54aa9279a5489c8d704a07a0fcdfcc71d8081ab3af
dd39d839b8f701e426c559dcae87eb66827fb8a72a3fb0bc47d679e580945cc3
f8c98548fb3a5835c37ffb7cc2a85e5f28862c85e881e045e618cb369c56c97b