specimencarpbaits.co.za Open in urlscan Pro
139.162.178.215 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://specimencarpbaits.co.za/in.immovvelt/
Submission: On April 29 via automatic, source openphish (April 29th 2022, 1:24:55 pm UTC) — Scanned from DE

Summary HTTP 24 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 24 HTTP transactions. The main IP is 139.162.178.215, located in Frankfurt am Main, Germany and belongs to LINODE-AP Linode, LLC, US. The main domain is specimencarpbaits.co.za.
TLS certificate: Issued by R3 on February 9th 2022. Valid for: 3 months.

This is the only time specimencarpbaits.co.za was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Immowelt (Real Estate)

Domain & IP information

	IP Address	AS Autonomous System
23	139.162.178.215 139.162.178.215	63949 (LINODE-AP...) (LINODE-AP Linode)
1	23.205.244.86 23.205.244.86	16625 (AKAMAI-AS) (AKAMAI-AS)
24	2

23 139.162.178.215 (Frankfurt am Main, Germany)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: depro1.fcomet.com

specimencarpbaits.co.za	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.205.244.86 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-244-86.deploy.static.akamaitechnologies.com

cdnglobal.immowelt.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	specimencarpbaits.co.za specimencarpbaits.co.za	145 KB
1	immowelt.org cdnglobal.immowelt.org — Cisco Umbrella Rank: 219312	2 KB
24	2

	Domain	Requested by
23	specimencarpbaits.co.za	specimencarpbaits.co.za
1	cdnglobal.immowelt.org	specimencarpbaits.co.za
24	2

This site contains no links.

Subject Issuer	Validity	Valid
specimencarpbaits.co.za R3	`2022-02-09` - `2022-05-10`	3 months	crt.sh
*.immowelt.org DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-17` - `2023-04-18`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://specimencarpbaits.co.za/in.immovvelt/
Frame ID: 62C5C48EFF0B483B8E28190105AEE93F
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login |

Page Statistics

24
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

147 kB
Transfer

173 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response specimencarpbaits.co.za/in.immovvelt/	8 KB 2 KB	31ms 7ms	Document text/html	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://specimencarpbaits.co.za/in.immovvelt/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / Resource Hash `eca58e1ec598eec87308a207235b6b4401aaee020a57a029424e87d2a8b883a2` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-encoding br content-length 2003 content-type text/html date Fri, 29 Apr 2022 13:24:50 GMT last-modified Tue, 12 Apr 2022 11:34:00 GMT server LiteSpeed vary Accept-Encoding,User-Agent
GET H2	200	main-immowelt.css specimencarpbaits.co.za/in.immovvelt/css/	16 KB 3 KB	9ms 9ms	Stylesheet text/css	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / Resource Hash `d74a86ca6ee20bf8f0096503e084ecaa5a7e9ffa95edce755fa5d668e17b7090` Request headers accept-language de-DE,de;q=0.9 Referer https://specimencarpbaits.co.za/in.immovvelt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT content-encoding br last-modified Thu, 07 Apr 2022 09:10:26 GMT server LiteSpeed vary Accept-Encoding,User-Agent content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 2967 expires Fri, 06 May 2022 13:24:50 GMT
GET H2	200	minimal-0-header.css specimencarpbaits.co.za/in.immovvelt/css/	1006 B 392 B	9ms 9ms	Stylesheet text/css	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://specimencarpbaits.co.za/in.immovvelt/css/minimal-0-header.css Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / Resource Hash `8c643cf092aae00273e2163a89a756093f1a44bb79acefc0421f2d164806498a` Request headers accept-language de-DE,de;q=0.9 Referer https://specimencarpbaits.co.za/in.immovvelt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT content-encoding br last-modified Thu, 07 Apr 2022 08:30:34 GMT server LiteSpeed vary Accept-Encoding,User-Agent content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 336 expires Fri, 06 May 2022 13:24:50 GMT
GET H2	200	logo_immowelt.svg specimencarpbaits.co.za/in.immovvelt/css/	4 KB 2 KB	12ms 11ms	Image image/svg+xml	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://specimencarpbaits.co.za/in.immovvelt/css/logo_immowelt.svg Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / Resource Hash `23938eb4314413660e24c2a78dd20ae6bfeff839962ebea8ab2a19dee5ae226a` Request headers accept-language de-DE,de;q=0.9 Referer https://specimencarpbaits.co.za/in.immovvelt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT content-encoding br last-modified Thu, 07 Apr 2022 08:30:34 GMT server LiteSpeed vary Accept-Encoding,User-Agent content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 1608 expires Sat, 29 Apr 2023 13:24:50 GMT
GET H2	200	logo_immowelt.svg cdnglobal.immowelt.org/global-assets/4.0.1/legacy/0/images/	4 KB 2 KB	61ms 8ms	Image image/svg+xml	23.205.244.86 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cdnglobal.immowelt.org/global-assets/4.0.1/legacy/0/images/logo_immowelt.svg Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-244-86.deploy.static.akamaitechnologies.com Software Akamai Resource Optimizer / Resource Hash `23938eb4314413660e24c2a78dd20ae6bfeff839962ebea8ab2a19dee5ae226a` Request headers accept-language de-DE,de;q=0.9 Referer https://specimencarpbaits.co.za/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT content-encoding br vary Accept-Encoding server-timing cdn-cache; desc=HIT, edge; dur=1 content-length 1450 last-modified Mon, 17 Jan 2022 21:14:02 GMT server Akamai Resource Optimizer etag "12a36ea277732f464361d90291ad3224:1584713245.120842" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/svg+xml access-control-allow-origin * cache-control max-age=4989454, max-age=8640000 access-control-allow-credentials false accept-ranges bytes access-control-allow-headers *
GET H2	200	minimal-0-footer.css specimencarpbaits.co.za/in.immovvelt/css/	463 B 235 B	12ms 11ms	Stylesheet text/css	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://specimencarpbaits.co.za/in.immovvelt/css/minimal-0-footer.css Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / Resource Hash `82f4ee0332972e2ff06e0a60eb98a465865e88e0fbd24ba2a03a4114dfe68fa0` Request headers accept-language de-DE,de;q=0.9 Referer https://specimencarpbaits.co.za/in.immovvelt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT content-encoding br last-modified Thu, 07 Apr 2022 08:30:36 GMT server LiteSpeed vary Accept-Encoding,User-Agent content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 179 expires Fri, 06 May 2022 13:24:50 GMT
GET H2	200	icon-teaser-magnify.svg specimencarpbaits.co.za/in.immovvelt/css/	2 KB 919 B	12ms 12ms	Image image/svg+xml	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://specimencarpbaits.co.za/in.immovvelt/css/icon-teaser-magnify.svg Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / Resource Hash `95b6af6df04ea28daee05d78c1de48f9b386294a6a87503b9eae94d3e8ceff70` Request headers accept-language de-DE,de;q=0.9 Referer https://specimencarpbaits.co.za/in.immovvelt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT content-encoding br last-modified Thu, 07 Apr 2022 08:30:36 GMT server LiteSpeed vary Accept-Encoding,User-Agent content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 883 expires Sat, 29 Apr 2023 13:24:50 GMT
GET H2	200	icon-teaser-arrows.svg specimencarpbaits.co.za/in.immovvelt/css/	2 KB 945 B	12ms 12ms	Image image/svg+xml	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://specimencarpbaits.co.za/in.immovvelt/css/icon-teaser-arrows.svg Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / Resource Hash `667e25b67585a8da45125ea470976ef8ae9df1b8c9413388b32fc7a45549b632` Request headers accept-language de-DE,de;q=0.9 Referer https://specimencarpbaits.co.za/in.immovvelt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT content-encoding br last-modified Thu, 07 Apr 2022 08:30:38 GMT server LiteSpeed vary Accept-Encoding,User-Agent content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 888 expires Sat, 29 Apr 2023 13:24:50 GMT
GET H2	503	eye_off.svg specimencarpbaits.co.za/in.immovvelt/css/images/icons/	1 KB 1 KB	472ms 472ms	Image text/html	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://specimencarpbaits.co.za/in.immovvelt/css/images/icons/eye_off.svg Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / PHP/7.2.34 Resource Hash `c0d017d5c270f3745694b706d3c7d6c3792c3f6001aaf2620d3c9621df9a403d` Request headers accept-language de-DE,de;q=0.9 Referer https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.2.34 vary Accept-Encoding,User-Agent content-type text/html; charset=utf-8 content-length 459 retry-after 3600
GET H2	503	arrow-right.svg specimencarpbaits.co.za/in.immovvelt/css/images/icons/	1 KB 1 KB	395ms 395ms	Image text/html	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://specimencarpbaits.co.za/in.immovvelt/css/images/icons/arrow-right.svg Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / PHP/7.2.34 Resource Hash `c0d017d5c270f3745694b706d3c7d6c3792c3f6001aaf2620d3c9621df9a403d` Request headers accept-language de-DE,de;q=0.9 Referer https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.2.34 vary Accept-Encoding,User-Agent content-type text/html; charset=utf-8 content-length 459 retry-after 3600
GET H2	503	lock.svg specimencarpbaits.co.za/in.immovvelt/css/images/icons/	1 KB 1 KB	373ms 373ms	Image text/html	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://specimencarpbaits.co.za/in.immovvelt/css/images/icons/lock.svg Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / PHP/7.2.34 Resource Hash `c0d017d5c270f3745694b706d3c7d6c3792c3f6001aaf2620d3c9621df9a403d` Request headers accept-language de-DE,de;q=0.9 Referer https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.2.34 vary Accept-Encoding,User-Agent content-type text/html; charset=utf-8 content-length 459 retry-after 3600
GET H2	200	login-default-lgm.jpg specimencarpbaits.co.za/in.immovvelt/css/	132 KB 132 KB	13ms 13ms	Image image/jpeg	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://specimencarpbaits.co.za/in.immovvelt/css/login-default-lgm.jpg Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / Resource Hash `eee230b896f349558bb52c66ffe6d2428452a5f0de5860fc3ac57c3e161bfb5a` Request headers accept-language de-DE,de;q=0.9 Referer https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT last-modified Thu, 07 Apr 2022 09:02:08 GMT server LiteSpeed vary User-Agent content-type image/jpeg cache-control public, max-age=2592000 accept-ranges bytes content-length 135408 expires Sun, 29 May 2022 13:24:50 GMT
GET H2	503	OpenSans-Light.woff2 specimencarpbaits.co.za/in.immovvelt/css/fonts/	0 0	473ms 472ms	Font text/html	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Light.woff2 Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / PHP/7.2.34 Resource Hash Request headers Referer https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Origin https://specimencarpbaits.co.za accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.2.34 vary Accept-Encoding,User-Agent content-type text/html; charset=utf-8 content-length 459 retry-after 3600
GET H2	503	OpenSans-Regular.woff2 specimencarpbaits.co.za/in.immovvelt/css/fonts/	0 0	507ms 506ms	Font text/html	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Regular.woff2 Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / PHP/7.2.34 Resource Hash Request headers Referer https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Origin https://specimencarpbaits.co.za accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.2.34 vary Accept-Encoding,User-Agent content-type text/html; charset=utf-8 content-length 459 retry-after 3600
GET H2	503	OpenSans-Bold.woff2 specimencarpbaits.co.za/in.immovvelt/css/fonts/	0 0	447ms 446ms	Font text/html	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Bold.woff2 Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / PHP/7.2.34 Resource Hash Request headers Referer https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Origin https://specimencarpbaits.co.za accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.2.34 vary Accept-Encoding,User-Agent content-type text/html; charset=utf-8 content-length 459 retry-after 3600
GET H2	503	OpenSans-Semibold.woff2 specimencarpbaits.co.za/in.immovvelt/css/fonts/	0 0	486ms 486ms	Font text/html	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Semibold.woff2 Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / PHP/7.2.34 Resource Hash Request headers Referer https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Origin https://specimencarpbaits.co.za accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.2.34 vary Accept-Encoding,User-Agent content-type text/html; charset=utf-8 content-length 459 retry-after 3600
GET H3	503	OpenSans-Bold.woff specimencarpbaits.co.za/in.immovvelt/css/fonts/	0 0	327ms 326ms	Font text/html	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Bold.woff Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Protocol H3 Security QUIC, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / PHP/7.2.34 Resource Hash Request headers Referer https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Origin https://specimencarpbaits.co.za accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.2.34 vary Accept-Encoding,User-Agent content-type text/html; charset=utf-8 alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 459 retry-after 3600
GET H3	503	OpenSans-Light.woff specimencarpbaits.co.za/in.immovvelt/css/fonts/	0 0	285ms 285ms	Font text/html	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Light.woff Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Protocol H3 Security QUIC, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / PHP/7.2.34 Resource Hash Request headers Referer https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Origin https://specimencarpbaits.co.za accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.2.34 vary Accept-Encoding,User-Agent content-type text/html; charset=utf-8 content-length 459 retry-after 3600
GET H3	503	OpenSans-Semibold.woff specimencarpbaits.co.za/in.immovvelt/css/fonts/	0 0	323ms 323ms	Font text/html	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Semibold.woff Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Protocol H3 Security QUIC, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / PHP/7.2.34 Resource Hash Request headers Referer https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Origin https://specimencarpbaits.co.za accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.2.34 vary Accept-Encoding,User-Agent content-type text/html; charset=utf-8 content-length 459 retry-after 3600
GET H3	503	OpenSans-Regular.woff specimencarpbaits.co.za/in.immovvelt/css/fonts/	0 0	398ms 398ms	Font text/html	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Regular.woff Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Protocol H3 Security QUIC, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / PHP/7.2.34 Resource Hash Request headers Referer https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Origin https://specimencarpbaits.co.za accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:50 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.2.34 vary Accept-Encoding,User-Agent content-type text/html; charset=utf-8 content-length 459 retry-after 3600
GET H3	503	OpenSans-Light.ttf specimencarpbaits.co.za/in.immovvelt/css/fonts/	0 0	375ms 375ms	Font text/html	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Light.ttf Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Protocol H3 Security QUIC, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / PHP/7.2.34 Resource Hash Request headers Referer https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Origin https://specimencarpbaits.co.za accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:51 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.2.34 vary Accept-Encoding,User-Agent content-type text/html; charset=utf-8 content-length 459 retry-after 3600
GET H3	503	OpenSans-Bold.ttf specimencarpbaits.co.za/in.immovvelt/css/fonts/	0 0	311ms 311ms	Font text/html	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Bold.ttf Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Protocol H3 Security QUIC, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / PHP/7.2.34 Resource Hash Request headers Referer https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Origin https://specimencarpbaits.co.za accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:51 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.2.34 vary Accept-Encoding,User-Agent content-type text/html; charset=utf-8 content-length 459 retry-after 3600
GET H3	503	OpenSans-Semibold.ttf specimencarpbaits.co.za/in.immovvelt/css/fonts/	0 0	342ms 342ms	Font text/html	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Semibold.ttf Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Protocol H3 Security QUIC, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / PHP/7.2.34 Resource Hash Request headers Referer https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Origin https://specimencarpbaits.co.za accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:51 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.2.34 vary Accept-Encoding,User-Agent content-type text/html; charset=utf-8 content-length 459 retry-after 3600
GET H3	503	OpenSans-Regular.ttf specimencarpbaits.co.za/in.immovvelt/css/fonts/	0 0	312ms 311ms	Font text/html	139.162.178.215 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Regular.ttf Requested by Host: specimencarpbaits.co.za URL: https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Protocol H3 Security QUIC, , AES_128_GCM Server 139.162.178.215 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS depro1.fcomet.com Software LiteSpeed / PHP/7.2.34 Resource Hash Request headers Referer https://specimencarpbaits.co.za/in.immovvelt/css/main-immowelt.css Origin https://specimencarpbaits.co.za accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Fri, 29 Apr 2022 13:24:51 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.2.34 vary Accept-Encoding,User-Agent content-type text/html; charset=utf-8 content-length 459 retry-after 3600

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Immowelt (Real Estate)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.specimencarpbaits.co.za/	1970-01-20 03:09:26	Name: PrestaShop-468ddbc716a065ce3db07dad6fcf4005 Value: def502006477521e642519fc6a6b4f01de2d76df165f7333cf4165a95378a70afe8b79b84ddc97f6d90021b6ffea2efad97613551e74e70d498a51f5ca15662c155a493fe1f9214fc9044a15f8b133cbad18d182c5ddf46bbed7508f406ff94e327b140605f49afb95dd3b18fe7b20a7cde3e30b4958f2b23125f30ba022ad9982ad37741df344006a20c559dd96d383bfc7d41ebeb5b24549be41efc566d0

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://specimencarpbaits.co.za/in.immovvelt/css/images/icons/lock.svg Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://specimencarpbaits.co.za/in.immovvelt/css/images/icons/arrow-right.svg Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Bold.woff2 Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://specimencarpbaits.co.za/in.immovvelt/css/images/icons/eye_off.svg Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Light.woff2 Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Semibold.woff2 Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Regular.woff2 Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Light.woff Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Bold.woff Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Semibold.woff Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Regular.woff Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Bold.ttf Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Light.ttf Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Semibold.ttf Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://specimencarpbaits.co.za/in.immovvelt/css/fonts/OpenSans-Regular.ttf Message: Failed to load resource: the server responded with a status of 503 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnglobal.immowelt.org
specimencarpbaits.co.za
139.162.178.215
23.205.244.86
23938eb4314413660e24c2a78dd20ae6bfeff839962ebea8ab2a19dee5ae226a
667e25b67585a8da45125ea470976ef8ae9df1b8c9413388b32fc7a45549b632
82f4ee0332972e2ff06e0a60eb98a465865e88e0fbd24ba2a03a4114dfe68fa0
8c643cf092aae00273e2163a89a756093f1a44bb79acefc0421f2d164806498a
95b6af6df04ea28daee05d78c1de48f9b386294a6a87503b9eae94d3e8ceff70
c0d017d5c270f3745694b706d3c7d6c3792c3f6001aaf2620d3c9621df9a403d
d74a86ca6ee20bf8f0096503e084ecaa5a7e9ffa95edce755fa5d668e17b7090
eca58e1ec598eec87308a207235b6b4401aaee020a57a029424e87d2a8b883a2
eee230b896f349558bb52c66ffe6d2428452a5f0de5860fc3ac57c3e161bfb5a

specimencarpbaits.co.za Open in urlscan Pro 139.162.178.215 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

24 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

147 kBTransfer

173 kBSize

1 Cookies

0 Outgoing links

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

15 Console Messages

Indicators

specimencarpbaits.co.za Open in urlscan Pro
139.162.178.215 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

147 kB
Transfer

173 kB
Size

1
Cookies

24 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!