e-proficientlab.com
Open in
urlscan Pro
103.6.198.51
Malicious Activity!
Public Scan
Effective URL: http://e-proficientlab.com/wp-includes/js/jcrop/ABSA/ABSA/v3/absa-login.html
Submission: On December 07 via api from CA
Summary
This is the only time e-proficientlab.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online) ABSA (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 148.243.225.42 148.243.225.42 | 6503 (Axtel) (Axtel) | |
5 | 103.6.198.51 103.6.198.51 | 46015 (EXABYTES-...) (EXABYTES-AS-AP Exa Bytes Network Sdn.Bhd.) | |
6 | 3 |
ASN6503 (Axtel, S.A.B. de C.V., MX)
PTR: na-148-243-225-42.static.avantel.net.mx
talaveradelaluz.com |
ASN46015 (EXABYTES-AS-AP Exa Bytes Network Sdn.Bhd., MY)
PTR: msv40-sh-cicadas.mschosting.com
e-proficientlab.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
e-proficientlab.com
e-proficientlab.com |
229 KB |
1 |
talaveradelaluz.com
talaveradelaluz.com |
440 B |
6 | 2 |
Domain | Requested by | |
---|---|---|
5 | e-proficientlab.com |
talaveradelaluz.com
e-proficientlab.com |
1 | talaveradelaluz.com | |
6 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://e-proficientlab.com/wp-includes/js/jcrop/ABSA/ABSA/v3/absa-login.html
Frame ID: F13B9DDCCA83A3FFD7D4052076AE5446
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://talaveradelaluz.com/sites/default/files/weserve.htm Page URL
- http://e-proficientlab.com/wp-includes/js/jcrop/ABSA/ABSA/v3/absa-login.html Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- headers server /php\/?([\d.]+)?/i
CentOS (Operating Systems) Expand
Detected patterns
- headers server /CentOS/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://talaveradelaluz.com/sites/default/files/weserve.htm Page URL
- http://e-proficientlab.com/wp-includes/js/jcrop/ABSA/ABSA/v3/absa-login.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
weserve.htm
talaveradelaluz.com/sites/default/files/ |
131 B 440 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
absa-login.html
e-proficientlab.com/wp-includes/js/jcrop/ABSA/ABSA/v3/ |
299 KB 221 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style1.css
e-proficientlab.com/wp-includes/js/jcrop/ABSA/ABSA/v3/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sign-in.png
e-proficientlab.com/wp-includes/js/jcrop/ABSA/ABSA/v3/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
reset.png
e-proficientlab.com/wp-includes/js/jcrop/ABSA/ABSA/v3/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
es3.png
e-proficientlab.com/wp-includes/js/jcrop/ABSA/ABSA/v3/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
223 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online) ABSA (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
e-proficientlab.com
talaveradelaluz.com
103.6.198.51
148.243.225.42
35fec8d6bc0dbbd02cca4c50051e5e9124441694af8af46fb35cd3c09cdc3c9e
695183d59ededc855458465f3d097477baf1ccb1bf77cc0feb7d5e8fe36b92ff
69846787d70241c44e0a39ae78e4620c5477f9d6f440b270e00ae1d0dcdd48a8
a51f143ff844faf2cb4e4c3127790881c29f18ded5933f80e6a5f773d0828693
a690846d7196c2a103483abdc500656da0cfed80210f09e45d9840ba3802fba4
acc255443e74441db70f7b0e937814e5a29eff153dfe85d2f3edbf888a60ef41
f1b8d65ce07c5f4f8b5f1387ee86b14e6212bc49d92b5b163572a3d6b4f16fd2