lentsk.co.za
Open in
urlscan Pro
41.185.8.199
Malicious Activity!
Public Scan
URL:
https://lentsk.co.za/wp-content/themes/sharedLink/wamp.php?cramp=020202
Submission: On September 21 via api from US — Scanned from US
Submission: On September 21 via api from US — Scanned from US
Summary
This website contacted 6 IPs
in 2 countries
across 4 domains to perform 10 HTTP transactions.
The main IP is 41.185.8.199, located in
South Africa and
belongs to ZA-1-Grid, ZA.
The main domain is lentsk.co.za.
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 23rd 2023. Valid for: 3 months.
This is the only time lentsk.co.za was scanned on urlscan.io!
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 23rd 2023. Valid for: 3 months.
This is the only time lentsk.co.za was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online) Sharepoint (Online) Microsoft (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 4 9 | 41.185.8.199 41.185.8.199 | 36943 (ZA-1-Grid) (ZA-1-Grid) | |
| 1 | 2600:1400:900... 2600:1400:9000::687e:7748 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 | 2620:1ec:8fa::8 2620:1ec:8fa::8 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
| 1 | 2600:141b:b00... 2600:141b:b000::1737:ebf2 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 | 104.117.182.43 104.117.182.43 | () () | |
| 10 | 6 |
1
2600:1400:9000::687e:7748
(New York, United States)
ASN20940 (AKAMAI-ASN1, NL)
ASN20940 (AKAMAI-ASN1, NL)
| statica.akamai.odsp.cdn.office.net |
1
2600:141b:b000::1737:ebf2
(Newark, United States)
ASN20940 (AKAMAI-ASN1, NL)
ASN20940 (AKAMAI-ASN1, NL)
| modernb.akamai.odsp.cdn.office.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 9 |
lentsk.co.za
4 redirects
lentsk.co.za |
79 KB |
| 2 |
office.net
statica.akamai.odsp.cdn.office.net — Cisco Umbrella Rank: 165066 modernb.akamai.odsp.cdn.office.net — Cisco Umbrella Rank: 58133 |
44 KB |
| 1 |
akamaihd.net
spoprod-a.akamaihd.net |
947 B |
| 1 |
sharepoint.com
etclocal.sharepoint.com |
4 KB |
| 10 | 4 |
| Domain | Requested by | |
|---|---|---|
| 9 | lentsk.co.za |
4 redirects
lentsk.co.za
|
| 1 | spoprod-a.akamaihd.net | |
| 1 | modernb.akamai.odsp.cdn.office.net |
statica.akamai.odsp.cdn.office.net
|
| 1 | etclocal.sharepoint.com |
lentsk.co.za
|
| 1 | statica.akamai.odsp.cdn.office.net |
lentsk.co.za
|
| 10 | 5 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| go.microsoft.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| lentsk.co.za cPanel, Inc. Certification Authority |
2023-08-23 - 2023-11-21 |
3 months | crt.sh |
| wildcard.akamai.odsp.cdn.office.net DigiCert SHA2 Secure Server CA |
2023-05-08 - 2024-05-08 |
a year | crt.sh |
| *.sharepoint.com DigiCert Cloud Services CA-1 |
2022-11-29 - 2023-11-28 |
a year | crt.sh |
| a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1 |
2023-05-16 - 2024-05-15 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://lentsk.co.za/wp-content/themes/sharedLink/wamp.php?cramp=020202
Frame ID: 301AC48454EBC6813EEC66D5C42E181D
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
Sharing Link ValidationDetected technologies
WordPress
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /wp-(?:content|includes)/
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
RequireJS
(JavaScript Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- require.*\.js
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
URL: https://go.microsoft.com/fwlink/?linkid=845480
Title: Privacy & Cookies
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://lentsk.co.za/WebResource.axd?d=Qs65voE5fUXYfAfe9FCso3azNMg8FH5cT7jTN0Md_F4-xf1I30zTNPuUeDQCxvzU2nSUT9K3lM-pAMCx9Z21rnIyV_ebAE1Oo4M3UZf3FrI1&t=637453780754849868 HTTP 302
- https://lentsk.co.za/new/res/
- https://lentsk.co.za/ScriptResource.axd?d=HkzKV09UcV-qT5FWFlFhgk6oYcVSkMngxKlH26n9jutn1NzTyM19bFxKVaDe9bvQ64nivu94ZUSKiuB5G0yI2U6PmfjCrqBrLRFi8J6fol9d2orBA5G30NhrigYP1iaVD_8mbmyrrFzPI7PUqhRVZ1t7NGHgwKA4ReFKxl2KEGw1&t=ffffffffe191061b HTTP 302
- https://lentsk.co.za/new/res/
- https://lentsk.co.za/ScriptResource.axd?d=frunyKRPLQoGcObJNetAaZ6eW2bd4L077b-NQgcg9skEot1muJ1wW0FRoVr7VZWK5vmj_C0q43V7OrVTM_48Bm4BWRDOYv7lP6YgnDvKiq9WRbpkXs9H3MyoAXVhf1B1mhX9h_2gwwyS_hEpHMW0cSGQ7RXIipVIQuy9uZz1_IMHBn4PqGyVSgM1wNB3Rw1u0&t=363be08 HTTP 302
- https://lentsk.co.za/new/res/
- https://lentsk.co.za/ScriptResource.axd?d=LmaDwiwq6zCl2m6G3oBReavrHqzb93W_7xrqIAgYoRSXWf_x_LqmI9aBBn5pjJ-ZVFufeao_m5Tx4VuWv6oniNCk4y5-xnGUe2emdVVCWdCOmzxvh0EYmcf8PAxF2NqVp8JIxogy90FaQkQLUro4zUJ5dffASG7BGp1a_tVop7qHLxLVQooYBoUKnAxA_x5X0&t=363be08 HTTP 302
- https://lentsk.co.za/new/res/
- https://lentsk.co.za/_layouts/15/images/microsoft-logo.png HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ HTTP 302
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/
10 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
wamp.php
lentsk.co.za/wp-content/themes/sharedLink/ |
43 KB 43 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
lentsk.co.za/new/res/ Redirect Chain
|
8 KB 9 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
require.js
statica.akamai.odsp.cdn.office.net/bld/_layouts/15/16.0.21701.12006/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
lentsk.co.za/new/res/ Redirect Chain
|
8 KB 9 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
lentsk.co.za/new/res/ Redirect Chain
|
8 KB 9 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
lentsk.co.za/new/res/ Redirect Chain
|
8 KB 9 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
microsoft-logo.png
etclocal.sharepoint.com/_layouts/15/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
/
lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
2 KB 2 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
spoguestaccess-74b74b08.js
modernb.akamai.odsp.cdn.office.net/files/odsp-web-prod_2021-09-03.002/brotli/ |
158 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pdf.png
spoprod-a.akamaihd.net/files/fabric-cdn-prod_20210115.001/assets/item-types/32/ |
433 B 947 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- lentsk.co.za
- URL
- https://lentsk.co.za/_layouts/15/images/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/new/res/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online) Sharepoint (Online) Microsoft (Consumer)60 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture object| __tti number| g_responseEnd object| FabricConfig string| __odsp_culture object| __odspSriHashes object| __odsp_libraryScripts object| _spModuleLink function| setImageUrl function| _spBodyOnLoad undefined| theForm function| __doPostBack string| MSOWebPartPageFormName function| requirejs function| require function| define function| WebForm_OnSubmit function| _spFormOnSubmitWrapper function| onFormSubmit object| checkboxes function| onInputChange function| showToastNotification object| dismiss function| dismissNotification undefined| validateFunction function| ValidateCode object| Page_Validators object| RequireTOAACode object| ValidateTOAACodeText object| InvalidTOAACode boolean| _fV4UI boolean| Page_ValidationActive function| ValidatorOnSubmit string| __backupBaseUrl object| __cdnFailOverState function| __assign function| __extends function| __rest function| __decorate function| __param function| __metadata function| __awaiter function| __generator function| __exportStar function| __values function| __read function| __spread function| __spreadArrays function| __await function| __asyncGenerator function| __asyncDelegator function| __asyncValues function| __makeTemplateObject function| __importStar function| __importDefault object| __packages__ object| __themeState__ object| __stylesheet__ number| __currentId__ object| __globalSettings__0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
etclocal.sharepoint.com
lentsk.co.za
modernb.akamai.odsp.cdn.office.net
spoprod-a.akamaihd.net
statica.akamai.odsp.cdn.office.net
lentsk.co.za
104.117.182.43
2600:1400:9000::687e:7748
2600:141b:b000::1737:ebf2
2620:1ec:8fa::8
41.185.8.199
29b7a9358abdc68c51db5a5af4a4f4e2e041a67527adee2366b1f84f116fe9a5
2d92f0ce8491d2f9a27ea16d261a15089c4a9be879d1eedcb6f4a3859e7f1999
5c9817ef0859ab7e478e89e9c9a598fb1e5ae2e8247a0df946615d1a3c9f26a6
6cbf091cca3e7a547130fbcd66f193a63a6fdb164906ab7050a013df7754da77
825de044d5ac6442a094ff95099f9f67e9249a8110a2fbd57128285776632adb
841ca1cac49331dbed7e9a0c8324935fe3ba4ba92f00aada1dc7f46e0ac0c0a0
c496f9c13d0bab6c5055b9c536125a5a06fc8aac29f1e35a0119f1181bde6b67