afrimogroup.co.za
Open in
urlscan Pro
196.40.97.167
Malicious Activity!
Public Scan
Effective URL: https://afrimogroup.co.za/Swiss-ch/travldssd/pass/
Submission: On September 21 via api from US — Scanned from CH
Summary
TLS certificate: Issued by R10 on September 14th 2024. Valid for: 3 months.
This is the only time afrimogroup.co.za was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Schweizerische Bundesbahnen (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 196.22.142.153 196.22.142.153 | 37153 (xneelo) (xneelo) | |
8 | 196.40.97.167 196.40.97.167 | 37153 (xneelo) (xneelo) | |
4 | 2606:4700::68... 2606:4700::6812:562a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 35.158.64.200 35.158.64.200 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2606:4700:440... 2606:4700:4400::6812:2089 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
23 | 6 |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-64-200.eu-central-1.compute.amazonaws.com
cdn.app.sbb.ch |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
afrimogroup.co.za
afrimogroup.co.za |
334 KB |
4 |
cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 313 |
119 KB |
3 |
d-g.co.za
1 redirects
d-g.co.za |
26 KB |
1 |
onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 487 |
304 B |
1 |
sbb.ch
cdn.app.sbb.ch — Cisco Umbrella Rank: 402227 |
14 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
0 |
adobedtm.com
Failed
assets.adobedtm.com Failed |
|
23 | 7 |
Domain | Requested by | |
---|---|---|
8 | afrimogroup.co.za |
afrimogroup.co.za
|
4 | cdn.cookielaw.org |
afrimogroup.co.za
cdn.cookielaw.org |
3 | d-g.co.za | 1 redirects |
1 | geolocation.onetrust.com |
cdn.cookielaw.org
|
1 | cdn.app.sbb.ch |
afrimogroup.co.za
|
0 | 102.165.14.4 Failed |
d-g.co.za
|
0 | assets.adobedtm.com Failed |
afrimogroup.co.za
|
23 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
d-g.co.za R11 |
2024-08-25 - 2024-11-23 |
3 months | crt.sh |
afrimogroup.co.za R10 |
2024-09-14 - 2024-12-13 |
3 months | crt.sh |
cookielaw.org WE1 |
2024-08-13 - 2024-11-11 |
3 months | crt.sh |
*.app.sbb.ch Amazon RSA 2048 M02 |
2024-07-16 - 2025-08-14 |
a year | crt.sh |
geolocation.onetrust.com WE1 |
2024-08-13 - 2024-11-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://afrimogroup.co.za/Swiss-ch/travldssd/pass/
Frame ID: FD975DE1922BF4ED730C1ED65650630D
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
Anmeldung | SwissPassPage URL History Show full URLs
- https://d-g.co.za/0.php?40217637844021763784 Page URL
- https://afrimogroup.co.za/Swiss-ch/travldssd/pass/ Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
Modernizr (JavaScript Libraries) Expand
Detected patterns
- ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
OneTrust (Cookie compliance) Expand
Detected patterns
- cdn\.cookielaw\.org
- otSDKStub\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://d-g.co.za/0.php?40217637844021763784 Page URL
- https://afrimogroup.co.za/Swiss-ch/travldssd/pass/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://d-g.co.za/favicon.ico HTTP 302
- https://d-g.co.za/wp-content/uploads/2022/09/DG-Logo-150x150.png
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
0.php
d-g.co.za/ |
162 B 411 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
afrimogroup.co.za/Swiss-ch/travldssd/pass/ |
27 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DG-Logo-150x150.png
d-g.co.za/wp-content/uploads/2022/09/ Redirect Chain
|
25 KB 25 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sso.min-20200819.css
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/css/normal/app/ |
180 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modernizr-20200819.js
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/js/vendor/head/modernizr/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
launch-6cc731e967aa.min.js
assets.adobedtm.com/15ff638fdec4/7a0c4d63ddff/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modernizr-20200820.js
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/js/vendor/head/modernizr/ |
360 KB 122 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_text_de-20200819.svg
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/img/ |
137 KB 137 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-20200819.svg
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/img/ |
7 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loader-20200819.png
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/img/ |
272 B 540 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-20200819.js
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/primefaces/jquery/ |
95 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
vendor.min-20200819.js
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/js/vendor/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
swisspass.min-20200819.js
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SBBWeb-Light.woff2
cdn.app.sbb.ch/fonts/v1_6_subset/ |
14 KB 14 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json
cdn.cookielaw.org/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/ |
4 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ |
67 B 304 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202405.1.0/ |
450 KB 109 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
receive_token
102.165.14.4/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
login_bg.jpg
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
icomoon.woff2
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/fonts/icomoon/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
de-ch.json
cdn.cookielaw.org/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/5110be45-f188-4259-b399-086eddac6e56/ |
0 0 |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
icomoon.ttf
afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/fonts/icomoon/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- assets.adobedtm.com
- URL
- https://assets.adobedtm.com/15ff638fdec4/7a0c4d63ddff/launch-6cc731e967aa.min.js
- Domain
- afrimogroup.co.za
- URL
- https://afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/js/vendor/vendor.min-20200819.js
- Domain
- afrimogroup.co.za
- URL
- https://afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/js/swisspass.min-20200819.js
- Domain
- 102.165.14.4
- URL
- http://102.165.14.4:5000/receive_token?referrer=loco
- Domain
- afrimogroup.co.za
- URL
- https://afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/img/login_bg.jpg
- Domain
- afrimogroup.co.za
- URL
- https://afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/fonts/icomoon/icomoon.woff2?7m5yri
- Domain
- afrimogroup.co.za
- URL
- https://afrimogroup.co.za/Swiss-ch/travldssd/pass/resources/fonts/icomoon/icomoon.ttf?7m5yri
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Schweizerische Bundesbahnen (Transportation)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| token object| digitalDataLayer object| html5 object| Modernizr object| digitalData object| dataLayerEvent function| OptanonWrapper string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData string| tokens string| url object| data function| validateForm function| closeModal function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
102.165.14.4
afrimogroup.co.za
assets.adobedtm.com
cdn.app.sbb.ch
cdn.cookielaw.org
d-g.co.za
geolocation.onetrust.com
102.165.14.4
afrimogroup.co.za
assets.adobedtm.com
196.22.142.153
196.40.97.167
2606:4700:4400::6812:2089
2606:4700::6812:562a
35.158.64.200
15c179af6a66be10fa288925824cbf9fea1e277066233e55425c119dd01db43e
1e91e62490f19fae2907ddbfae2a95990ca18631d5386fa9de60311dd777ae4e
2b2485b0669a2f73c4846e82eb5a37421358591a8ac8ba21d8149bfb88adcbfb
53f1e93b7b08ef78baba90182d7d3e009860e8557b8d920a3ad9168be8eae2cd
5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf
68326103e6c23a5d0b3901ce10ebc111f0c4cbc24a2764c7baac20702454ad3f
7a9fa521a58ee93001981f3a7db498c589233d8cc616e8d09af0119388a865bc
91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f
bfa22cef0aec0e54c10c274d6cea6370258d3ec307b4f57192989d9e2b8b28ea
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07
dc750f921cf29a7897435f868856c4c63e22f7fd66ac456a72ced5f6eca584e7
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909
df1e617507098c8826a05c6487106c27e13f067537dbaf4f44d0de4f7d5e8ee3
f766c7457c6ec463eaa85778aa47261344f1772e0b7cf1987ad212f889f472f5