www.unihealthnepal.com
Open in
urlscan Pro
2606:4700:30::6812:216d
Malicious Activity!
Public Scan
URL:
http://www.unihealthnepal.com/vendor/php-http/curl-client/ib.a1.za/~AbsaOnline.htm
Submission Tags: @ipnigh
Submission: On October 24 via api from GB
Submission Tags: @ipnigh
Submission: On October 24 via api from GB
Summary
This website contacted 4 IPs
in 2 countries
across 4 domains to perform 19 HTTP transactions.
The main IP is 2606:4700:30::6812:216d, located in
United States and
belongs to CLOUDFLARENET - Cloudflare, Inc., US.
The main domain is www.unihealthnepal.com.
This is the only time www.unihealthnepal.com was scanned on urlscan.io!
This is the only time www.unihealthnepal.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ABSA (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 9 | 2606:4700:30:... 2606:4700:30::6812:216d | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:819::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 1 | 206.72.196.155 206.72.196.155 | 19318 (IS-AS-1) (IS-AS-1 - Interserver) | |
| 2 2 | 2606:4700:30:... 2606:4700:30::6812:206d | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 19 | 4 |
9
2606:4700:30::6812:216d
(United States)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| www.unihealthnepal.com |
1
2a00:1450:4001:819::200a
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE - Google LLC, US)
ASN15169 (GOOGLE - Google LLC, US)
| ajax.googleapis.com |
1
206.72.196.155
(Secaucus, United States)
ASN19318 (IS-AS-1 - Interserver, Inc, US)
PTR: server.skeero.com
ASN19318 (IS-AS-1 - Interserver, Inc, US)
PTR: server.skeero.com
| www.mail-99056.cf |
2
2606:4700:30::6812:206d
(United States)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| unihealthnepal.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 11 |
unihealthnepal.com
2 redirects
www.unihealthnepal.com unihealthnepal.com |
53 KB |
| 1 |
mail-99056.cf
www.mail-99056.cf |
44 KB |
| 1 |
googleapis.com
ajax.googleapis.com |
34 KB |
| 0 |
absa.co.za
Failed
ib.absa.co.za Failed |
|
| 19 | 4 |
| Domain | Requested by | |
|---|---|---|
| 9 | www.unihealthnepal.com |
www.unihealthnepal.com
|
| 2 | unihealthnepal.com | 2 redirects |
| 1 | www.mail-99056.cf |
ajax.googleapis.com
|
| 1 | ajax.googleapis.com |
www.unihealthnepal.com
|
| 0 | ib.absa.co.za Failed |
www.unihealthnepal.com
|
| 19 | 5 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| ib.absa.co.za |
| www.absa.co.za |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.googleapis.com GTS CA 1O1 |
2019-10-10 - 2020-01-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://www.unihealthnepal.com/vendor/php-http/curl-client/ib.a1.za/~AbsaOnline.htm
Frame ID: C401D450445B457F7BA615BCA74549A5
Requests: 19 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /^cloudflare$/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
14 Outgoing links
These are links going to different origins than the main page.
URL: https://ib.absa.co.za/absa-online/registration/?lang=en
Title: Registration
Title: Registration
Search URL Search Domain Scan URL
URL: http://www.absa.co.za/
Title: Absa home page
Title: Absa home page
Search URL Search Domain Scan URL
URL: https://www.absa.co.za/security-centre/online-security
Title: Absa's online security measures
Title: Absa's online security measures
Search URL Search Domain Scan URL
URL: https://www.absa.co.za/security-centre/scams/
Title: Latest scams
Title: Latest scams
Search URL Search Domain Scan URL
URL: https://www.absa.co.za/security-centre/absa-tools/
Title: Latest internet security software
Title: Latest internet security software
Search URL Search Domain Scan URL
URL: https://www.absa.co.za/media-centre/press-statements/2016/old-interface-switched-off/
Title: Old interface switched off
Title: Old interface switched off
Search URL Search Domain Scan URL
URL: https://www.absa.co.za/media-centre/press-statements/2016/absa-listed-beneficiaries-accounts-closed/
Title: Absa Listed Beneficiaries - accounts closed
Title: Absa Listed Beneficiaries - accounts closed
Search URL Search Domain Scan URL
URL: https://www.absa.co.za/media-centre/press-statements/absa-online-payments-issue-notice
Title: Inter-Bank Payment delay
Title: Inter-Bank Payment delay
Search URL Search Domain Scan URL
URL: https://www.absa.co.za/talk-to-us/
Title: Contact us
Title: Contact us
Search URL Search Domain Scan URL
URL: https://www.absa.co.za/offers/safety-and-security/
Search URL Search Domain Scan URL
URL: https://www.absa.co.za/offers/faq-on-the-improved-online-banking-design/
Search URL Search Domain Scan URL
URL: https://www.absa.co.za/legal-and-compliance/terms-of-use/
Title: Terms of use
Title: Terms of use
Search URL Search Domain Scan URL
URL: https://www.absa.co.za/legal-and-compliance/browser-requirements
Title: Software requirements
Title: Software requirements
Search URL Search Domain Scan URL
URL: https://www.absa.co.za/about-us/absa-bank/corporate-information
Title: Banking regulations
Title: Banking regulations
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- http://unihealthnepal.com/vendor/php-http/client-common/images/dot_002.gif HTTP 302
- http://www.unihealthnepal.com/404.php
- http://unihealthnepal.com/vendor/php-http/client-common/images/locale_en.gif HTTP 302
- http://www.unihealthnepal.com/404.php
19 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
 Cookie set
~AbsaOnline.htm
www.unihealthnepal.com/vendor/php-http/curl-client/ib.a1.za/ |
15 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
absa.css
www.unihealthnepal.com/vendor/php-http/curl-client/ib.a1.za/css/ |
149 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
login.css
www.unihealthnepal.com/vendor/php-http/curl-client/ib.a1.za/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jcaptcha.css
www.unihealthnepal.com/vendor/php-http/curl-client/ib.a1.za/css/ |
1 KB 916 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ |
95 KB 34 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
absajslogo.php
www.unihealthnepal.com/vendor/php-http/curl-client/ib.a1.za/php2/ |
15 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ajax-loader-2.gif
www.unihealthnepal.com/vendor/php-http/curl-client/ib.a1.za/images/ |
3 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo-red.png
www.unihealthnepal.com/vendor/php-http/curl-client/ib.a1.za/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
sprite-corners-rounded.png
ib.absa.co.za/absa-online/static/style/resources/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ajax_load_jsonp.php
www.mail-99056.cf/WRkTG9hZEV2ZW50KGZ1bmMpIHsNCiAgICA/ib.a1.za/php2/ |
44 KB 44 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
404.php
www.unihealthnepal.com/ Redirect Chain
|
7 KB 7 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
404.php
www.unihealthnepal.com/ Redirect Chain
|
7 KB 7 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
campaigne_1_ENG.png
ib.absa.co.za/absa-online/assets/Assets/Richmedia/Absaonline/Images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
campaigne_3_post_golive_EN.jpg
ib.absa.co.za/absa-online/assets/Assets/Richmedia/Absaonline/CampaignImages/Eng/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
icon-questionmark-grey_2019.png
ib.absa.co.za/absa-online/static/style/resources/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
keypad-bg.gif
ib.absa.co.za/absa-online/static/style/www.absa.co.za.2009.ui/keypad/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
key-button.gif
ib.absa.co.za/absa-online/static/style/www.absa.co.za.2009.ui/resources/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
keypad-backspace.png
ib.absa.co.za/absa-online/static/style/www.absa.co.za.2009.ui/resources/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
sprite-icons-bar-status_2019.png
ib.absa.co.za/absa-online/static/style/resources/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ib.absa.co.za
- URL
- https://ib.absa.co.za/absa-online/static/style/resources/sprite-corners-rounded.png
- Domain
- ib.absa.co.za
- URL
- https://ib.absa.co.za/absa-online/assets/Assets/Richmedia/Absaonline/Images/campaigne_1_ENG.png
- Domain
- ib.absa.co.za
- URL
- https://ib.absa.co.za/absa-online/assets/Assets/Richmedia/Absaonline/CampaignImages/Eng/campaigne_3_post_golive_EN.jpg
- Domain
- ib.absa.co.za
- URL
- https://ib.absa.co.za/absa-online/static/style/resources/icon-questionmark-grey_2019.png
- Domain
- ib.absa.co.za
- URL
- https://ib.absa.co.za/absa-online/static/style/www.absa.co.za.2009.ui/keypad/keypad-bg.gif
- Domain
- ib.absa.co.za
- URL
- https://ib.absa.co.za/absa-online/static/style/www.absa.co.za.2009.ui/resources/key-button.gif
- Domain
- ib.absa.co.za
- URL
- https://ib.absa.co.za/absa-online/static/style/www.absa.co.za.2009.ui/resources/keypad-backspace.png
- Domain
- ib.absa.co.za
- URL
- https://ib.absa.co.za/absa-online/static/style/resources/sprite-icons-bar-status_2019.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ABSA (Banking)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| checkPwd function| heartBeatPasswordPAGE function| loginContinue2 function| onForm1Submit object| absa function| google function| doMoveForm2Focus function| checkEntries2 function| loginContinue3 function| showErrorMessage function| hideErrorMessage function| loginContinue4 function| googleAdsense function| googleAdsenseGoogle string| siteURL0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
ib.absa.co.za
unihealthnepal.com
www.mail-99056.cf
www.unihealthnepal.com
ib.absa.co.za
206.72.196.155
2606:4700:30::6812:206d
2606:4700:30::6812:216d
2a00:1450:4001:819::200a
01612d4b504b355b22ea89edb2723da571101610a0b0bd51f4b2682e9df24e24
049a656d597967fc0e932012a59878df828150d07f1de23f3cf90e9fe26ac5f7
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
86c3ec119fc6352ca80ccc5b6e2e8fa76c924adecaf33de65da1b892e7b1aa3e
8fbb328f787e5f47226b102aab299e1a8a99cd7d5a3d5fa0fb46bbce909f198c
9320033e00f75a970921d286fe0e5be3a600b106a5c8e7437687437de8660e82
b6b693de4c17c014dad29abe5294359606104283674d45ee8348e9dc731ff540
cfc8d1cac57c28080424e0352c91061277f42b819ac9280ec163095e9ed5d61b
e072a105f5e62a871d7b761c07d2f4890423d4eab301afa6bc60606b43306070
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855