www.directleaflets.co.uk Open in urlscan Pro
79.170.40.45 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.directleaflets.co.uk/nter.php
Submission: On September 21 via automatic, source openphish (September 21st 2017, 8:18:35 am UTC)

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 79.170.40.45, located in United Kingdom and belongs to AS20738, GB. The main domain is www.directleaflets.co.uk.

This is the only time www.directleaflets.co.uk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Capitec Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	79.170.40.45 79.170.40.45	20738 (AS20738) (AS20738)
11	104.193.173.100 104.193.173.100	54643 (IDIGITAL) (IDIGITAL - Idigital Internet Inc.)
13	3

1 79.170.40.45 (United Kingdom)

ASN20738 (AS20738, GB)
PTR: web45.extendcp.co.uk

www.directleaflets.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.193.173.100 (Vancouver, Canada)

ASN54643 (IDIGITAL - Idigital Internet Inc., CA)
PTR: cwh23.canadianwebhosting.com

www.humairarahman.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	humairarahman.com www.humairarahman.com Failed	54 KB
1	directleaflets.co.uk www.directleaflets.co.uk	142 B
13	2

	Domain	Requested by
11	www.humairarahman.com	www.humairarahman.com
1	www.directleaflets.co.uk
13	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 2 frames:

Frame: http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php
Frame ID: 24849.1
Requests: 2 HTTP requests in this frame

Frame: http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php
Frame ID: 24862.1
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

UNIX (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Unix/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

13
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

54 kB
Transfer

54 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request nter.php Show response www.directleaflets.co.uk/	131 B 142 B	159ms 70ms	Document text/html	79.170.40.45 AS20738
General Check archive.org Show headers Download Go to Full URL http://www.directleaflets.co.uk/nter.php Protocol HTTP/1.1 Server 79.170.40.45 , United Kingdom, ASN20738 (AS20738, GB), Reverse DNS web45.extendcp.co.uk Software Apache/2.4.27 (Unix) / PHP/5.6.31 Resource Hash `d56ed62c1da9a2e85981808178bfd8c163b7e9984138a7e1c3c778c04bc20763` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Thu, 21 Sep 2017 08:18:25 GMT Server Apache/2.4.27 (Unix) X-Powered-By PHP/5.6.31 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET		dors.php www.humairarahman.com/nheb/nasi.refi/smc/	0 0

GET H/1.1	200 OK	dors.php Show response www.humairarahman.com/nheb/nasi.refi/smc/ Frame 2486	15 KB 15 KB	335ms 194ms	Document text/html	104.193.173.100 Idigital Internet...
General Check archive.org Show headers Download Go to Full URL http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php Protocol HTTP/1.1 Server 104.193.173.100 Vancouver, Canada, ASN54643 (IDIGITAL - Idigital Internet Inc., CA), Reverse DNS cwh23.canadianwebhosting.com Software Apache / PHP/5.4.45 Resource Hash `d5b6ef7b05ec6ae22a2f94957af31ad894188c14db1f9e8142cb2caf93b837e9` Request headers Upgrade-Insecure-Requests 1 Referer http://www.directleaflets.co.uk/nter.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Pragma no-cache Date Thu, 21 Sep 2017 08:18:28 GMT Server Apache X-Powered-By PHP/5.4.45 Transfer-Encoding chunked Content-Type text/html Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection Keep-Alive Keep-Alive timeout=3, max=120 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	jquery-ui-1.8.10.custom.min.css www.humairarahman.com/nheb/nasi.refi/smc/css/ Frame 2486	14 KB 14 KB	141ms 141ms	Stylesheet text/css	104.193.173.100 Idigital Internet...
General Check archive.org Show headers Download Go to Full URL http://www.humairarahman.com/nheb/nasi.refi/smc/css/jquery-ui-1.8.10.custom.min.css Requested by Host: www.humairarahman.com URL: http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php Protocol HTTP/1.1 Server 104.193.173.100 Vancouver, Canada, ASN54643 (IDIGITAL - Idigital Internet Inc., CA), Reverse DNS cwh23.canadianwebhosting.com Software Apache / Resource Hash `3288291ba0b0bcc44644918ad6206575eac323f07a4a984e19bc72063ac240d3` Request headers Referer http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Thu, 21 Sep 2017 08:18:28 GMT Last-Modified Thu, 21 Sep 2017 07:16:58 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=119 Content-Length 14712
GET H/1.1	200 OK	default-1.4.css www.humairarahman.com/nheb/nasi.refi/smc/css/ Frame 2486	7 KB 7 KB	283ms 143ms	Stylesheet text/css	104.193.173.100 Idigital Internet...
General Check archive.org Show headers Download Go to Full URL http://www.humairarahman.com/nheb/nasi.refi/smc/css/default-1.4.css Requested by Host: www.humairarahman.com URL: http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php Protocol HTTP/1.1 Server 104.193.173.100 Vancouver, Canada, ASN54643 (IDIGITAL - Idigital Internet Inc., CA), Reverse DNS cwh23.canadianwebhosting.com Software Apache / Resource Hash `1d4ab112f4a90ce5ce7bf58450abb5d98b79ad9a53cfd693ace46216612a35b7` Request headers Referer http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Thu, 21 Sep 2017 08:18:28 GMT Last-Modified Thu, 21 Sep 2017 07:16:58 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=120 Content-Length 7470
GET H/1.1	200 OK	Capitec.Logo.gif www.humairarahman.com/nheb/nasi.refi/smc/images/ Frame 2486	3 KB 3 KB	141ms 141ms	Image image/gif	104.193.173.100 Idigital Internet...
General Check archive.org Show headers Download Go to Show image Full URL http://www.humairarahman.com/nheb/nasi.refi/smc/images/Capitec.Logo.gif Requested by Host: www.humairarahman.com URL: http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php Protocol HTTP/1.1 Server 104.193.173.100 Vancouver, Canada, ASN54643 (IDIGITAL - Idigital Internet Inc., CA), Reverse DNS cwh23.canadianwebhosting.com Software Apache / Resource Hash `22a57fb27dd282fa8cd3832ba2cb8e1622ad1b06fdae9558fc22fc43a436fe74` Request headers Referer http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Thu, 21 Sep 2017 08:18:28 GMT Last-Modified Thu, 21 Sep 2017 07:16:58 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=118 Content-Length 3274
GET H/1.1	200 OK	textarea_bg.png www.humairarahman.com/nheb/nasi.refi/smc/ Frame 2486	3 KB 3 KB	141ms 141ms	Image image/png	104.193.173.100 Idigital Internet...
General Check archive.org Show headers Download Go to Show image Full URL http://www.humairarahman.com/nheb/nasi.refi/smc/textarea_bg.png Requested by Host: www.humairarahman.com URL: http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php Protocol HTTP/1.1 Server 104.193.173.100 Vancouver, Canada, ASN54643 (IDIGITAL - Idigital Internet Inc., CA), Reverse DNS cwh23.canadianwebhosting.com Software Apache / Resource Hash `96b785522c9210e45461bf5748a1e23299710657c5a2a092fdbe0bd2efadce6d` Request headers Referer http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Thu, 21 Sep 2017 08:18:28 GMT Last-Modified Thu, 21 Sep 2017 07:16:58 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=117 Content-Length 2989
GET H/1.1	200 OK	blueWrap_dark.gif www.humairarahman.com/nheb/nasi.refi/smc/ Frame 2486	6 KB 6 KB	141ms 141ms	Image image/gif	104.193.173.100 Idigital Internet...
General Check archive.org Show headers Download Go to Show image Full URL http://www.humairarahman.com/nheb/nasi.refi/smc/blueWrap_dark.gif Requested by Host: www.humairarahman.com URL: http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php Protocol HTTP/1.1 Server 104.193.173.100 Vancouver, Canada, ASN54643 (IDIGITAL - Idigital Internet Inc., CA), Reverse DNS cwh23.canadianwebhosting.com Software Apache / Resource Hash `cb8e6cb8952b1ecbb34847f0aa5a496875716bdca6ff1fb9c816d358206f39b9` Request headers Referer http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Thu, 21 Sep 2017 08:18:28 GMT Last-Modified Thu, 21 Sep 2017 07:16:58 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=119 Content-Length 6234
GET H/1.1	200 OK	proceed.gif www.humairarahman.com/nheb/nasi.refi/smc/images/ Frame 2486	97 B 97 B	283ms 142ms	Image image/gif	104.193.173.100 Idigital Internet...
General Check archive.org Show headers Download Go to Show image Full URL http://www.humairarahman.com/nheb/nasi.refi/smc/images/proceed.gif Requested by Host: www.humairarahman.com URL: http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php Protocol HTTP/1.1 Server 104.193.173.100 Vancouver, Canada, ASN54643 (IDIGITAL - Idigital Internet Inc., CA), Reverse DNS cwh23.canadianwebhosting.com Software Apache / Resource Hash `dc1d4ce2776571a5ad112b5a23bb0c4ff6fa8ab98d8c0bdaf09ad46cdf633049` Request headers Referer http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Thu, 21 Sep 2017 08:18:28 GMT Last-Modified Thu, 21 Sep 2017 07:16:58 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=120 Content-Length 97
GET H/1.1	200 OK	SSL-certificate-seal-ssl-animated.gif www.humairarahman.com/nheb/nasi.refi/smc/ Frame 2486	3 KB 3 KB	282ms 142ms	Image image/gif	104.193.173.100 Idigital Internet...
General Check archive.org Show headers Download Go to Show image Full URL http://www.humairarahman.com/nheb/nasi.refi/smc/SSL-certificate-seal-ssl-animated.gif Requested by Host: www.humairarahman.com URL: http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php Protocol HTTP/1.1 Server 104.193.173.100 Vancouver, Canada, ASN54643 (IDIGITAL - Idigital Internet Inc., CA), Reverse DNS cwh23.canadianwebhosting.com Software Apache / Resource Hash `aae304e25813c81be17fd70ef4bf31f572ac3f807bb53987a31e9606534bbf41` Request headers Referer http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Thu, 21 Sep 2017 08:18:28 GMT Last-Modified Thu, 21 Sep 2017 07:16:58 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=120 Content-Length 2975
GET H/1.1	200 OK	menu.bar.left.png www.humairarahman.com/nheb/nasi.refi/smc/images/ Frame 2486	868 B 868 B	282ms 141ms	Image image/png	104.193.173.100 Idigital Internet...
General Check archive.org Show headers Download Go to Show image Full URL http://www.humairarahman.com/nheb/nasi.refi/smc/images/menu.bar.left.png Requested by Host: www.humairarahman.com URL: http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php Protocol HTTP/1.1 Server 104.193.173.100 Vancouver, Canada, ASN54643 (IDIGITAL - Idigital Internet Inc., CA), Reverse DNS cwh23.canadianwebhosting.com Software Apache / Resource Hash `4bf2cbc27a02e95e2b888e0ca1482e31f4beb7bce8b2b3ab6be84e5911ecfc4b` Request headers Referer http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Thu, 21 Sep 2017 08:18:28 GMT Last-Modified Thu, 21 Sep 2017 07:16:58 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=118 Content-Length 868
GET H/1.1	200 OK	menu.bar.fill.png www.humairarahman.com/nheb/nasi.refi/smc/images/ Frame 2486	167 B 167 B	282ms 141ms	Image image/png	104.193.173.100 Idigital Internet...
General Check archive.org Show headers Download Go to Show image Full URL http://www.humairarahman.com/nheb/nasi.refi/smc/images/menu.bar.fill.png Requested by Host: www.humairarahman.com URL: http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php Protocol HTTP/1.1 Server 104.193.173.100 Vancouver, Canada, ASN54643 (IDIGITAL - Idigital Internet Inc., CA), Reverse DNS cwh23.canadianwebhosting.com Software Apache / Resource Hash `c8f7d05c56fe37628fae32f40ef17b9dbbfad21877488d057c44c79682ea2537` Request headers Referer http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Thu, 21 Sep 2017 08:18:28 GMT Last-Modified Thu, 21 Sep 2017 07:16:58 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=120 Content-Length 167
GET H/1.1	200 OK	menu.bar.right.png www.humairarahman.com/nheb/nasi.refi/smc/images/ Frame 2486	919 B 919 B	271ms 141ms	Image image/png	104.193.173.100 Idigital Internet...
General Check archive.org Show headers Download Go to Show image Full URL http://www.humairarahman.com/nheb/nasi.refi/smc/images/menu.bar.right.png Requested by Host: www.humairarahman.com URL: http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php Protocol HTTP/1.1 Server 104.193.173.100 Vancouver, Canada, ASN54643 (IDIGITAL - Idigital Internet Inc., CA), Reverse DNS cwh23.canadianwebhosting.com Software Apache / Resource Hash `973cf55d023167f230def965f4aab0e3413ecb6ae8ebecc01bf8b4922fc550b6` Request headers Referer http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Thu, 21 Sep 2017 08:18:28 GMT Last-Modified Thu, 21 Sep 2017 07:16:58 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=116 Content-Length 919

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.humairarahman.com
URL: http://www.humairarahman.com/nheb/nasi.refi/smc/dors.php

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Capitec Bank (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.humairarahman.com/	1970-01-01 00:00:00	Name: PHPSESSID Value: 7f81f9bb192e52bdea2713659dc49004

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.directleaflets.co.uk
www.humairarahman.com
www.humairarahman.com
104.193.173.100
79.170.40.45
1d4ab112f4a90ce5ce7bf58450abb5d98b79ad9a53cfd693ace46216612a35b7
22a57fb27dd282fa8cd3832ba2cb8e1622ad1b06fdae9558fc22fc43a436fe74
3288291ba0b0bcc44644918ad6206575eac323f07a4a984e19bc72063ac240d3
4bf2cbc27a02e95e2b888e0ca1482e31f4beb7bce8b2b3ab6be84e5911ecfc4b
96b785522c9210e45461bf5748a1e23299710657c5a2a092fdbe0bd2efadce6d
973cf55d023167f230def965f4aab0e3413ecb6ae8ebecc01bf8b4922fc550b6
aae304e25813c81be17fd70ef4bf31f572ac3f807bb53987a31e9606534bbf41
c8f7d05c56fe37628fae32f40ef17b9dbbfad21877488d057c44c79682ea2537
cb8e6cb8952b1ecbb34847f0aa5a496875716bdca6ff1fb9c816d358206f39b9
d56ed62c1da9a2e85981808178bfd8c163b7e9984138a7e1c3c778c04bc20763
d5b6ef7b05ec6ae22a2f94957af31ad894188c14db1f9e8142cb2caf93b837e9
dc1d4ce2776571a5ad112b5a23bb0c4ff6fa8ab98d8c0bdaf09ad46cdf633049

www.directleaflets.co.uk Open in urlscan Pro 79.170.40.45 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

13 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

54 kBTransfer

54 kBSize

1 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

www.directleaflets.co.uk Open in urlscan Pro
79.170.40.45 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

54 kB
Transfer

54 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!