afrimogroup.co.za Open in urlscan Pro
196.40.97.167 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://d-g.co.za/0.php?40217637844021763784
Effective URL:
https://afrimogroup.co.za/Swiss-ch/travldssd/pass/
Submission: On September 21 via api (September 21st 2024, 6:30:37 pm UTC) from US — Scanned from CH

Summary HTTP 23 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 7 domains to perform 23 HTTP transactions. The main IP is 196.40.97.167, located in South Africa and belongs to xneelo, ZA. The main domain is afrimogroup.co.za.
TLS certificate: Issued by R10 on September 14th 2024. Valid for: 3 months.

This is the only time afrimogroup.co.za was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Schweizerische Bundesbahnen (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 3	196.22.142.153 196.22.142.153	37153 (xneelo) (xneelo)
8	196.40.97.167 196.40.97.167	37153 (xneelo) (xneelo)
4	2606:4700::68... 2606:4700::6812:562a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.158.64.200 35.158.64.200	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
23	6

3 196.22.142.153 (South Africa) 1 redirects

ASN37153 (xneelo, ZA)
PTR: www406.jnb1.host-h.net

d-g.co.za	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 196.40.97.167 (South Africa)

ASN37153 (xneelo, ZA)
PTR: www67.cpt1.host-h.net

afrimogroup.co.za	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:562a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.158.64.200 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-64-200.eu-central-1.compute.amazonaws.com

cdn.app.sbb.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	afrimogroup.co.za afrimogroup.co.za	334 KB
4	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 313	119 KB
3	d-g.co.za 1 redirects d-g.co.za	26 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 487	304 B
1	sbb.ch cdn.app.sbb.ch — Cisco Umbrella Rank: 402227	14 KB
0	Failed function sub() { [native code] }. Failed
0	adobedtm.com Failed assets.adobedtm.com Failed
23	7

	Domain	Requested by
8	afrimogroup.co.za	afrimogroup.co.za
4	cdn.cookielaw.org	afrimogroup.co.za cdn.cookielaw.org
3	d-g.co.za	1 redirects
1	geolocation.onetrust.com	cdn.cookielaw.org
1	cdn.app.sbb.ch	afrimogroup.co.za
0	102.165.14.4 Failed	d-g.co.za
0	assets.adobedtm.com Failed	afrimogroup.co.za
23	7

This site contains no links.

Subject Issuer	Validity	Valid
d-g.co.za R11	`2024-08-25` - `2024-11-23`	3 months	crt.sh
afrimogroup.co.za R10	`2024-09-14` - `2024-12-13`	3 months	crt.sh
cookielaw.org WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh
*.app.sbb.ch Amazon RSA 2048 M02	`2024-07-16` - `2025-08-14`	a year	crt.sh
geolocation.onetrust.com WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/
Frame ID: FD975DE1922BF4ED730C1ED65650630D
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Anmeldung | SwissPass

Page URL History Show full URLs

https://d-g.co.za/0.php?40217637844021763784 Page URL
https://afrimogroup.co.za/Swiss-ch/travldssd/pass/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

23
Requests

65 %
HTTPS

40 %
IPv6

7
Domains

7
Subdomains

6
IPs

3
Countries

493 kB
Transfer

1327 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://d-g.co.za/0.php?40217637844021763784 Page URL
https://afrimogroup.co.za/Swiss-ch/travldssd/pass/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://d-g.co.za/favicon.ico HTTP 302
https://d-g.co.za/wp-content/uploads/2022/09/DG-Logo-150x150.png

23 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK 0.php Show response
d-g.co.za/ 162 B
411 B 746ms
261ms Document
text/html 196.22.142.153
xneelo

General

Check archive.org

Show headers Download Go to

Full URL: https://d-g.co.za/0.php?40217637844021763784
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 196.22.142.153 , South Africa, ASN37153 (xneelo, ZA),
Reverse DNS: www406.jnb1.host-h.net
Software: Apache /
Resource Hash: 53f1e93b7b08ef78baba90182d7d3e009860e8557b8d920a3ad9168be8eae2cd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Connection: Upgrade, Keep-Alive
Content-Encoding: gzip
Content-Length: 149
Content-Type: text/html; charset=UTF-8
Date: Sat, 21 Sep 2024 18:30:28 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Upgrade: h2,h2c
Vary: Accept-Encoding

GET
H/1.1 200
OK Primary Request / Show response
afrimogroup.co.za/Swiss-ch/travldssd/pass/ 27 KB
6 KB 2397ms
1508ms Document
text/html 196.40.97.167
xneelo

General

Check archive.org

Show headers Download Go to

Full URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 196.40.97.167 , South Africa, ASN37153 (xneelo, ZA),
Reverse DNS: www67.cpt1.host-h.net
Software: Apache /
Resource Hash: bfa22cef0aec0e54c10c274d6cea6370258d3ec307b4f57192989d9e2b8b28ea

Request headers

Referer: https://d-g.co.za/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Connection: Upgrade, Keep-Alive
Content-Encoding: gzip
Content-Length: 5675
Content-Type: text/html; charset=UTF-8
Date: Sat, 21 Sep 2024 18:30:30 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Upgrade: h2,h2c
Vary: Accept-Encoding

GET
H/1.1

200
OK

DG-Logo-150x150.png
d-g.co.za/wp-content/uploads/2022/09/
Redirect Chain

https://d-g.co.za/favicon.ico
https://d-g.co.za/wp-content/uploads/2022/09/DG-Logo-150x150.png

25 KB
25 KB

201ms
201ms

Other
image/png

196.22.142.153
xneelo

General

Check archive.org

Show headers Download Go to

Full URL: https://d-g.co.za/wp-content/uploads/2022/09/DG-Logo-150x150.png
Protocol: HTTP/1.1
Server: 196.22.142.153 , South Africa, ASN37153 (xneelo, ZA),
Reverse DNS: www406.jnb1.host-h.net
Software: Apache /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://d-g.co.za/0.php?40217637844021763784

Response headers

ETag: "62f1-5e93ed0731380"
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 25329
Keep-Alive: timeout=5, max=98
Date: Sat, 21 Sep 2024 18:30:29 GMT
Last-Modified: Thu, 22 Sep 2022 07:14:38 GMT
Content-Type: image/png
Server: Apache

Redirect headers

X-Redirect-By: WordPress
Link: <https://d-g.co.za/wp-json/>; rel="https://api.w.org/"
Location: https://d-g.co.za/wp-content/uploads/2022/09/DG-Logo-150x150.png
Connection: Keep-Alive
Content-Length: 0
Keep-Alive: timeout=5, max=99
Date: Sat, 21 Sep 2024 18:30:29 GMT
Content-Type: text/html; charset=UTF-8
Server: Apache

GET
H/1.1 200
OK sso.min-20200819.css
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/css/normal/app/ 180 KB
23 KB 190ms
189ms Stylesheet
text/css 196.40.97.167
xneelo

General

Check archive.org

Show headers Download Go to

Full URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/css/normal/app/sso.min-20200819.css
Requested by: Host: afrimogroup.co.za
URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 196.40.97.167 , South Africa, ASN37153 (xneelo, ZA),
Reverse DNS: www67.cpt1.host-h.net
Software: Apache /
Resource Hash: df1e617507098c8826a05c6487106c27e13f067537dbaf4f44d0de4f7d5e8ee3

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/

Response headers

Content-Encoding: gzip
ETag: "2cedf-612047424c580-gzip"
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 23716
Keep-Alive: timeout=5, max=99
Date: Sat, 21 Sep 2024 18:30:31 GMT
Last-Modified: Fri, 23 Feb 2024 03:49:58 GMT
Vary: Accept-Encoding
Server: Apache
Content-Type: text/css

GET
H/1.1 200
OK modernizr-20200819.js Show response
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/js/vendor/head/modernizr/ 8 KB
4 KB 514ms
176ms Script
application/javascript 196.40.97.167
xneelo

General

Check archive.org

Show headers Download Go to

Full URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/js/vendor/head/modernizr/modernizr-20200819.js
Requested by: Host: afrimogroup.co.za
URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 196.40.97.167 , South Africa, ASN37153 (xneelo, ZA),
Reverse DNS: www67.cpt1.host-h.net
Software: Apache /
Resource Hash: 7a9fa521a58ee93001981f3a7db498c589233d8cc616e8d09af0119388a865bc

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/

Response headers

Upgrade: h2,h2c
Content-Encoding: gzip
ETag: "1e5c-612047424c580-gzip"
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Length: 3453
Keep-Alive: timeout=5, max=100
Date: Sat, 21 Sep 2024 18:30:31 GMT
Last-Modified: Fri, 23 Feb 2024 03:49:58 GMT
Vary: Accept-Encoding
Server: Apache
Content-Type: application/javascript

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 107ms
45ms Script
application/javascript 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: afrimogroup.co.za
URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://afrimogroup.co.za/

Response headers

content-md5: jwlUUXc1HMPClYXMpY+NPQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCD8E0A0C68C67
x-ms-lease-status: unlocked
age: 38823
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Sun, 22 Sep 2024 07:43:28 GMT
date: Sat, 21 Sep 2024 18:30:31 GMT
content-type: application/javascript
last-modified: Thu, 19 Sep 2024 19:24:06 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 272231be-201e-00d7-738d-0bd9ad000000
cf-ray: 8c6c207fa8cf1d88-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6881
x-ms-blob-type: BlockBlob
server: cloudflare

GET launch-6cc731e967aa.min.js
assets.adobedtm.com/15ff638fdec4/7a0c4d63ddff/ 0
0

GET
H/1.1 200
OK modernizr-20200820.js Show response
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/js/vendor/head/modernizr/ 360 KB
122 KB 560ms
216ms Script
application/javascript 196.40.97.167
xneelo

General

Check archive.org

Show headers Download Go to

Full URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/js/vendor/head/modernizr/modernizr-20200820.js
Requested by: Host: afrimogroup.co.za
URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 196.40.97.167 , South Africa, ASN37153 (xneelo, ZA),
Reverse DNS: www67.cpt1.host-h.net
Software: Apache /
Resource Hash: 15c179af6a66be10fa288925824cbf9fea1e277066233e55425c119dd01db43e

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/

Response headers

Upgrade: h2,h2c
Transfer-Encoding: chunked
Content-Encoding: gzip
ETag: "5a16d-612047424c580-gzip"
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Date: Sat, 21 Sep 2024 18:30:31 GMT
Last-Modified: Fri, 23 Feb 2024 03:49:58 GMT
Vary: Accept-Encoding
Server: Apache
Content-Type: application/javascript

GET
H/1.1 200
OK logo_text_de-20200819.svg
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/img/ 137 KB
137 KB 539ms
189ms Image
image/svg+xml 196.40.97.167
xneelo

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/img/logo_text_de-20200819.svg
Requested by: Host: afrimogroup.co.za
URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 196.40.97.167 , South Africa, ASN37153 (xneelo, ZA),
Reverse DNS: www67.cpt1.host-h.net
Software: Apache /
Resource Hash: c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/

Response headers

Upgrade: h2,h2c
ETag: "222c3-612047424c580"
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Length: 139971
Keep-Alive: timeout=5, max=100
Date: Sat, 21 Sep 2024 18:30:31 GMT
Last-Modified: Fri, 23 Feb 2024 03:49:58 GMT
Content-Type: image/svg+xml
Server: Apache

GET
H/1.1 200
OK logo-20200819.svg
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/img/ 7 KB
7 KB 547ms
194ms Image
image/svg+xml 196.40.97.167
xneelo

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/img/logo-20200819.svg
Requested by: Host: afrimogroup.co.za
URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 196.40.97.167 , South Africa, ASN37153 (xneelo, ZA),
Reverse DNS: www67.cpt1.host-h.net
Software: Apache /
Resource Hash: deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/

Response headers

Upgrade: h2,h2c
ETag: "1cce-612047424c580"
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Length: 7374
Keep-Alive: timeout=5, max=100
Date: Sat, 21 Sep 2024 18:30:31 GMT
Last-Modified: Fri, 23 Feb 2024 03:49:58 GMT
Content-Type: image/svg+xml
Server: Apache

GET
H/1.1 200
OK loader-20200819.png
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/img/ 272 B
540 B 189ms
188ms Image
image/png 196.40.97.167
xneelo

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/img/loader-20200819.png
Requested by: Host: afrimogroup.co.za
URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 196.40.97.167 , South Africa, ASN37153 (xneelo, ZA),
Reverse DNS: www67.cpt1.host-h.net
Software: Apache /
Resource Hash: f766c7457c6ec463eaa85778aa47261344f1772e0b7cf1987ad212f889f472f5

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/

Response headers

ETag: "110-612047424c580"
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 272
Keep-Alive: timeout=5, max=99
Date: Sat, 21 Sep 2024 18:30:32 GMT
Last-Modified: Fri, 23 Feb 2024 03:49:58 GMT
Content-Type: image/png
Server: Apache

GET
H/1.1 200
OK jquery-20200819.js Show response
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/primefaces/jquery/ 95 KB
33 KB 190ms
189ms Script
application/javascript 196.40.97.167
xneelo

General

Check archive.org

Show headers Download Go to

Full URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/primefaces/jquery/jquery-20200819.js
Requested by: Host: afrimogroup.co.za
URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 196.40.97.167 , South Africa, ASN37153 (xneelo, ZA),
Reverse DNS: www67.cpt1.host-h.net
Software: Apache /
Resource Hash: 2b2485b0669a2f73c4846e82eb5a37421358591a8ac8ba21d8149bfb88adcbfb

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/

Response headers

Content-Encoding: gzip
ETag: "17c58-612047424c580-gzip"
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 33859
Keep-Alive: timeout=5, max=98
Date: Sat, 21 Sep 2024 18:30:32 GMT
Last-Modified: Fri, 23 Feb 2024 03:49:58 GMT
Vary: Accept-Encoding
Server: Apache
Content-Type: application/javascript

GET vendor.min-20200819.js
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/js/vendor/ 0
0

GET swisspass.min-20200819.js
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/js/ 0
0

GET
H2 200 SBBWeb-Light.woff2
cdn.app.sbb.ch/fonts/v1_6_subset/ 14 KB
14 KB 110ms
48ms Font
application/font-woff2 35.158.64.200
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Light.woff2
Requested by: Host: afrimogroup.co.za
URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/css/normal/app/sso.min-20200819.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.158.64.200 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-64-200.eu-central-1.compute.amazonaws.com
Software: nginx/1.27.1 /
Resource Hash: 5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Origin: https://afrimogroup.co.za
Referer: https://afrimogroup.co.za/

Response headers

access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With
cache-control: max-age=31536000, public, private
content-encoding: br
etag: W/"65ba1d94-3784"
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
expires: Sun, 21 Sep 2025 18:30:32 GMT
access-control-allow-origin: *
date: Sat, 21 Sep 2024 18:30:32 GMT
content-type: application/font-woff2
last-modified: Wed, 31 Jan 2024 10:14:44 GMT
server: nginx/1.27.1
vary: Accept-Encoding

GET
H2 200 e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json Show response
cdn.cookielaw.org/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/ 4 KB
2 KB 130ms
83ms XHR
application/json 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68326103e6c23a5d0b3901ce10ebc111f0c4cbc24a2764c7baac20702454ad3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://afrimogroup.co.za/

Response headers

content-md5: CRGkGflVgN7sEH2sTzT/TQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: 0x8DC8B8A2923FCEC
x-ms-lease-status: unlocked
x-ms-version: 2009-09-19
x-content-type-options: nosniff
date: Sat, 21 Sep 2024 18:30:32 GMT
content-type: application/json
last-modified: Thu, 13 Jun 2024 09:21:09 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: 11913d5d-401e-00e5-5954-0c817d000000
cf-ray: 8c6c2082fc2bd27a-FRA
access-control-allow-origin: *
content-length: 1619
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 67 B
304 B 119ms
55ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e91e62490f19fae2907ddbfae2a95990ca18631d5386fa9de60311dd777ae4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept: application/json
Referer: https://afrimogroup.co.za/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
access-control-allow-methods: GET, OPTIONS
cf-ray: 8c6c2083e97d9b39-FRA
access-control-allow-origin: *
date: Sat, 21 Sep 2024 18:30:32 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: Content-Type

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202405.1.0/ 450 KB
109 KB 44ms
44ms Script
application/javascript 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202405.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc750f921cf29a7897435f868856c4c63e22f7fd66ac456a72ced5f6eca584e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://afrimogroup.co.za/

Response headers

content-md5: FvJhOHkAv4E9FRANYIql4g==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCA5E2E4131AEC
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 73184
x-content-type-options: nosniff
date: Sat, 21 Sep 2024 18:30:32 GMT
content-type: application/javascript
last-modified: Tue, 16 Jul 2024 22:01:48 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 1588e6db-901e-0002-1ccc-d79170000000
cf-ray: 8c6c20861b2a1d88-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 111551
x-ms-blob-type: BlockBlob
server: cloudflare

POST receive_token
102.165.14.4/ 0
0

GET login_bg.jpg
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/img/ 0
0

GET icomoon.woff2
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/fonts/icomoon/ 0
0

GET
H2 200 de-ch.json
cdn.cookielaw.org/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/5110be45-f188-4259-b399-086eddac6e56/ 0
0 72ms
71ms Fetch
application/json 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/5110be45-f188-4259-b399-086eddac6e56/de-ch.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202405.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://afrimogroup.co.za/

Response headers

content-md5: rE1Ms6WgFOZZ/RSEDOWdUw==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: 0x8DC8B8A2B0FE91B
x-ms-lease-status: unlocked
x-ms-version: 2009-09-19
x-content-type-options: nosniff
date: Sat, 21 Sep 2024 18:30:32 GMT
content-type: application/json
last-modified: Thu, 13 Jun 2024 09:21:12 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: dfb042b0-801e-00f3-4354-0c40e3000000
cf-ray: 8c6c2086ba3ed27a-FRA
access-control-allow-origin: *
content-length: 14294
x-ms-blob-type: BlockBlob
server: cloudflare

GET icomoon.ttf
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/fonts/icomoon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: assets.adobedtm.com
URL: https://assets.adobedtm.com/15ff638fdec4/7a0c4d63ddff/launch-6cc731e967aa.min.js

Domain: afrimogroup.co.za
URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/js/vendor/vendor.min-20200819.js

Domain: afrimogroup.co.za
URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/js/swisspass.min-20200819.js

Domain: 102.165.14.4
URL: http://102.165.14.4:5000/receive_token?referrer=loco

Domain: afrimogroup.co.za
URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/img/login_bg.jpg

Domain: afrimogroup.co.za
URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/fonts/icomoon/icomoon.woff2?7m5yri

Domain: afrimogroup.co.za
URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/fonts/icomoon/icomoon.ttf?7m5yri

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Schweizerische Bundesbahnen (Transportation)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 2) Message: Mixed Content: The page at 'https://afrimogroup.co.za/Swiss-ch/travldssd/pass/' was loaded over HTTPS, but requested an insecure resource 'http://102.165.14.4:5000/receive_token?referrer=loco'. This request has been blocked; the content must be served over HTTPS.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

102.165.14.4
afrimogroup.co.za
assets.adobedtm.com
cdn.app.sbb.ch
cdn.cookielaw.org
d-g.co.za
geolocation.onetrust.com
102.165.14.4
afrimogroup.co.za
assets.adobedtm.com
196.22.142.153
196.40.97.167
2606:4700:4400::6812:2089
2606:4700::6812:562a
35.158.64.200
15c179af6a66be10fa288925824cbf9fea1e277066233e55425c119dd01db43e
1e91e62490f19fae2907ddbfae2a95990ca18631d5386fa9de60311dd777ae4e
2b2485b0669a2f73c4846e82eb5a37421358591a8ac8ba21d8149bfb88adcbfb
53f1e93b7b08ef78baba90182d7d3e009860e8557b8d920a3ad9168be8eae2cd
5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf
68326103e6c23a5d0b3901ce10ebc111f0c4cbc24a2764c7baac20702454ad3f
7a9fa521a58ee93001981f3a7db498c589233d8cc616e8d09af0119388a865bc
91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f
bfa22cef0aec0e54c10c274d6cea6370258d3ec307b4f57192989d9e2b8b28ea
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07
dc750f921cf29a7897435f868856c4c63e22f7fd66ac456a72ced5f6eca584e7
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909
df1e617507098c8826a05c6487106c27e13f067537dbaf4f44d0de4f7d5e8ee3
f766c7457c6ec463eaa85778aa47261344f1772e0b7cf1987ad212f889f472f5

afrimogroup.co.za Open in urlscan Pro 196.40.97.167 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

65 %HTTPS

40 %IPv6

7 Domains

7 Subdomains

6 IPs

3 Countries

493 kBTransfer

1327 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

18 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

afrimogroup.co.za Open in urlscan Pro
196.40.97.167 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

65 %
HTTPS

40 %
IPv6

7
Domains

7
Subdomains

6
IPs

3
Countries

493 kB
Transfer

1327 kB
Size

0
Cookies

23 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!