medicalghaliadam.net
Open in
urlscan Pro
198.1.90.174
Malicious Activity!
Public Scan
Submission: On May 15 via automatic, source phishtank
Summary
This is the only time medicalghaliadam.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ABSA (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 198.1.90.174 198.1.90.174 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
16 | 1 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: hostinggega.hostinggega.com
medicalghaliadam.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
medicalghaliadam.net
medicalghaliadam.net |
328 KB |
16 | 1 |
Domain | Requested by | |
---|---|---|
16 | medicalghaliadam.net |
medicalghaliadam.net
|
16 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.absa.co.za |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://medicalghaliadam.net/oncr/nsra.html
Frame ID: BCB0FF526833741D87709574FFE32ACE
Requests: 16 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Title: Absa home page
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
nsra.html
medicalghaliadam.net/oncr/ |
20 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
absa.css
medicalghaliadam.net/oncr/provea/ |
153 KB 154 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
medicalghaliadam.net/oncr/provea/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jcaptcha.css
medicalghaliadam.net/oncr/provea/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ajax-loader-2.gif
medicalghaliadam.net/oncr/provea/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-red.png
medicalghaliadam.net/oncr/provea/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
keypad.jpg
medicalghaliadam.net/oncr/provea/ |
19 KB 19 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
locale_en.gif
medicalghaliadam.net/oncr/provea/ |
70 B 310 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
campaigne_1_ENG.png
medicalghaliadam.net/oncr/provea/ |
45 KB 46 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
covid19_en.jpg
medicalghaliadam.net/oncr/provea/ |
25 KB 26 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DebiCheck_ATM_Eng.jpg
medicalghaliadam.net/oncr/provea/ |
24 KB 25 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
campaigne_3b_post_golive_EN.jpg
medicalghaliadam.net/oncr/provea/ |
0 240 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-questionmark-grey_2019.png
medicalghaliadam.net/oncr/static/style/resources/ |
4 KB 4 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite-corners-rounded.png
medicalghaliadam.net/oncr/provea/resources/ |
6 KB 6 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
keypad-bg.gif
medicalghaliadam.net/oncr/provea/www.absa.co.za.2009.ui/keypad/ |
9 KB 9 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite-icons-bar-status_2019.png
medicalghaliadam.net/oncr/provea/resources/ |
8 KB 8 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ABSA (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
medicalghaliadam.net
198.1.90.174
062db08a8434447c9e87a62c6e7c07c96186ad481aeae1c62171044d2111dd4f
19cb62082ac0a8db712222ca0ba62e4c0f5186cd8bb78ad1320b22d158937aca
1a78205eecd4514354e353cb423f3f100f93889cbd17fe5beeb6dafcad4bd23a
2475e5a8484d34ecc67df87f2098bb33604db075833a5179eb164bd5c64ec03f
26b23caa9b6647e334b3178c3b232e53867a11a25806560da41ef44271e12d98
3c243a2d63452b7a8392cdf93e637ec423b3241149831b2082283063d1e34413
4fde5645dccc4e7c220f7f67bda73ac5ea499b42345154609e294205f4c36eb2
5982f47df05e8a64750aa444c66375c91e969eefcfd53d35e906650e50f4b388
6de7e0fbfa97a6f107816f83dc7ff68246c4b27804279d1319e39dbeaeac3863
86c3ec119fc6352ca80ccc5b6e2e8fa76c924adecaf33de65da1b892e7b1aa3e
88dbaf07cd353234cb1e086f197abd92a475dd550362253750896e5c3af9623e
a0bea01376317891721ab98aefda0c14b331fffaed604afff00ea803f0d8e69d
b6b693de4c17c014dad29abe5294359606104283674d45ee8348e9dc731ff540
cb45d428c00e88ea0e73eca797ebb0222173c4bb22a86935a4d94137695a42ef
cfc8d1cac57c28080424e0352c91061277f42b819ac9280ec163095e9ed5d61b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855