annelevig.com - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 2606:4700:30::681c:10ad, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is annelevig.com.

This is the only time annelevig.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NAB Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	52.24.154.40 52.24.154.40	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	123.30.209.104 123.30.209.104	45899 (VNPT-AS-V...) (VNPT-AS-VN VNPT Corp)
2	2606:4700:30:... 2606:4700:30::681c:10ad	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2606:4700:30:... 2606:4700:30::681c:11ad	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
5	3

1 52.24.154.40 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-24-154-40.us-west-2.compute.amazonaws.com

go.sparkpostmail1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 123.30.209.104 (Hanoi, Viet Nam)

ASN45899 (VNPT-AS-VN VNPT Corp, VN)
PTR: static.vnpt.vn

thegioithieunhi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:30::681c:10ad (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

annelevig.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:30::681c:11ad (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

annelevig.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	annelevig.com annelevig.com	135 KB
1	thegioithieunhi.com thegioithieunhi.com	459 B
1	sparkpostmail1.com 1 redirects go.sparkpostmail1.com	232 B
5	3

	Domain	Requested by
4	annelevig.com	annelevig.com
1	thegioithieunhi.com
1	go.sparkpostmail1.com	1 redirects
5	3

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/
Frame ID: 7544B4EB609BB71AC14B47F9469E42CF
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://go.sparkpostmail1.com/f/a/b07dCYnQ5V5Q911EQdN_GQ~~/AAO4gwA~/RgRdwepDP0Q9aHR0cDovL3RoZWdpb2l0aGlldW... HTTP 302
http://thegioithieunhi.com//content/themes/robertedmaliso.php Page URL
http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Pure CSS (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+(?:([\d.])+\/)?pure(?:-min)?\.css/i

Page Statistics

5
Requests

0 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

135 kB
Transfer

150 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://go.sparkpostmail1.com/f/a/b07dCYnQ5V5Q911EQdN_GQ~~/AAO4gwA~/RgRdwepDP0Q9aHR0cDovL3RoZWdpb2l0aGlldW5oaS5jb20vL2NvbnRlbnQvdGhlbWVzL3JvYmVydGVkbWFsaXNvLnBocFcDc3BjQgoADkhm31sRavsDUhhtc2V0dGxlQGNpdGlwb3dlci5jb20uYXVYBAAAAAA~ HTTP 302
http://thegioithieunhi.com//content/themes/robertedmaliso.php Page URL
http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://go.sparkpostmail1.com/f/a/b07dCYnQ5V5Q911EQdN_GQ~~/AAO4gwA~/RgRdwepDP0Q9aHR0cDovL3RoZWdpb2l0aGlldW5oaS5jb20vL2NvbnRlbnQvdGhlbWVzL3JvYmVydGVkbWFsaXNvLnBocFcDc3BjQgoADkhm31sRavsDUhhtc2V0dGxlQGNpdGlwb3dlci5jb20uYXVYBAAAAAA~ HTTP 302
http://thegioithieunhi.com//content/themes/robertedmaliso.php

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	robertedmaliso.php Show response thegioithieunhi.com//content/themes/ Redirect Chain http://go.sparkpostmail1.com/f/a/b07dCYnQ5V5Q911EQdN_GQ~~/AAO4gwA~/RgRdwepDP0Q9aHR0cDovL3RoZWdpb2l0aGlldW5oaS5jb20vL2NvbnRlbnQvdGhlbWVzL3JvYmVydGVkbWFsaXNvLnBocFcDc3BjQgoADkhm31sRavsDUhhtc2V0dGxlQG... http://thegioithieunhi.com//content/themes/robertedmaliso.php	324 B 459 B	1048ms 229ms	Document text/html	123.30.209.104 VNPT-AS-VN VNPT Corp
General Check archive.org Show headers Download Go to Full URL http://thegioithieunhi.com//content/themes/robertedmaliso.php Protocol HTTP/1.1 Server 123.30.209.104 Hanoi, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN), Reverse DNS static.vnpt.vn Software nginx/1.6.2 / PHP/5.5.20 Resource Hash `a04e2c500bba00880c1b13fc8ba614952e2b94713b1fb7cdbcded227192bd615` Request headers Host thegioithieunhi.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Server nginx/1.6.2 Date Wed, 07 Nov 2018 03:54:53 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding X-Powered-By PHP/5.5.20 Content-Encoding gzip Redirect headers Content-Type text/plain Date Wed, 07 Nov 2018 03:54:54 GMT Location http://thegioithieunhi.com//content/themes/robertedmaliso.php Server msys-http Content-Length 0 Connection keep-alive
GET H/1.1	200 OK	Primary Request Cookie set / Show response annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/	2 KB 1 KB	1255ms 1223ms	Document text/html	2606:4700:30::681c:10ad Cloudflare
General Check archive.org Show headers Download Go to Full URL http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/ Protocol HTTP/1.1 Server 2606:4700:30::681c:10ad , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `9f4d2def7113e8fea65b05d85ad0640ed35a4bd606ce38e97e753dfea94896d0` Request headers Host annelevig.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://thegioithieunhi.com//content/themes/robertedmaliso.php Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://thegioithieunhi.com//content/themes/robertedmaliso.php Response headers Date Wed, 07 Nov 2018 03:54:58 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Set-Cookie __cfduid=d0ce8f94eb0140771aabd884989af82991541562897; expires=Thu, 07-Nov-19 03:54:57 GMT; path=/; domain=.annelevig.com; HttpOnly Last-Modified Tue, 27 Jun 2017 08:38:02 GMT Cache-Control max-age=7200 Expires Wed, 07 Nov 2018 05:54:58 GMT Vary Accept-Encoding X-Endurance-Cache-Level 2 X-Acc-Exp 43200 X-Proxy-Cache BYPASS annelevig.com Server cloudflare CF-RAY 475cdc8a476d64f3-FRA Content-Encoding gzip
GET H/1.1	200 OK	pure-min.css annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/	17 KB 5 KB	352ms 351ms	Stylesheet text/css	2606:4700:30::681c:10ad Cloudflare
General Check archive.org Show headers Download Go to Full URL http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/pure-min.css Requested by Host: annelevig.com URL: http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/ Protocol HTTP/1.1 Server 2606:4700:30::681c:10ad , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `255d6dfae2b0ab59f97774b8fe2a2c037e8550571af5299150cf8175ed71bac9` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host annelevig.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/ Cookie __cfduid=d0ce8f94eb0140771aabd884989af82991541562897 Connection keep-alive Cache-Control no-cache Referer http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 07 Nov 2018 03:54:58 GMT Content-Encoding gzip CF-Cache-Status MISS X-Acc-Exp 604800 Connection keep-alive Content-Length 4708 Last-Modified Mon, 29 Jun 2015 15:32:14 GMT Server cloudflare Vary Accept-Encoding X-Endurance-Cache-Level 2 Content-Type text/css Cache-Control public, max-age=2592000 Accept-Ranges bytes CF-RAY 475cdc91f05564f3-FRA X-Proxy-Cache BYPASS annelevig.com Expires Fri, 07 Dec 2018 03:54:58 GMT
GET H/1.1	200 OK	3.PNG annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/images/	129 KB 126 KB	878ms 870ms	Image image/png	2606:4700:30::681c:11ad Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/images/3.PNG Requested by Host: annelevig.com URL: http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/ Protocol HTTP/1.1 Server 2606:4700:30::681c:11ad , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `45751bf26f1306f0f96860ae81ed2e099c94534d55275a99c9ecbc6b7761f5d3` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host annelevig.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/ Cookie __cfduid=d0ce8f94eb0140771aabd884989af82991541562897 Connection keep-alive Cache-Control no-cache Referer http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 07 Nov 2018 03:54:59 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Tue, 05 Sep 2017 03:53:24 GMT Server cloudflare Vary Accept-Encoding X-Endurance-Cache-Level 2 Content-Type image/png Expires Thu, 07 Nov 2019 03:54:58 GMT Cache-Control public, max-age=31536000 Transfer-Encoding chunked X-Acc-Exp 604800 Connection keep-alive CF-RAY 475cdc9204efc2b5-FRA X-Proxy-Cache BYPASS annelevig.com
GET H/1.1	200 OK	4.PNG annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/images/	2 KB 2 KB	372ms 364ms	Image image/png	2606:4700:30::681c:11ad Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/images/4.PNG Requested by Host: annelevig.com URL: http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/ Protocol HTTP/1.1 Server 2606:4700:30::681c:11ad , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `35a47f6b42dc6b0badb162f3c2d8cc004c2bc48bf5f477ce7320341b7be5217c` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host annelevig.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/ Cookie __cfduid=d0ce8f94eb0140771aabd884989af82991541562897 Connection keep-alive Cache-Control no-cache Referer http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 07 Nov 2018 03:54:58 GMT Content-Encoding gzip CF-Cache-Status MISS X-Acc-Exp 604800 Connection keep-alive Content-Length 1873 Last-Modified Tue, 27 Jun 2017 08:26:06 GMT Server cloudflare Vary Accept-Encoding X-Endurance-Cache-Level 2 Content-Type image/png Cache-Control public, max-age=31536000 Accept-Ranges bytes CF-RAY 475cdc9207b29700-FRA X-Proxy-Cache BYPASS annelevig.com Expires Thu, 07 Nov 2019 03:54:58 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NAB Bank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| unhideBody

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.annelevig.com/	1970-01-19 04:58:18	Name: __cfduid Value: d0ce8f94eb0140771aabd884989af82991541562897

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

annelevig.com
go.sparkpostmail1.com
thegioithieunhi.com
123.30.209.104
2606:4700:30::681c:10ad
2606:4700:30::681c:11ad
52.24.154.40
255d6dfae2b0ab59f97774b8fe2a2c037e8550571af5299150cf8175ed71bac9
35a47f6b42dc6b0badb162f3c2d8cc004c2bc48bf5f477ce7320341b7be5217c
45751bf26f1306f0f96860ae81ed2e099c94534d55275a99c9ecbc6b7761f5d3
9f4d2def7113e8fea65b05d85ad0640ed35a4bd606ce38e97e753dfea94896d0
a04e2c500bba00880c1b13fc8ba614952e2b94713b1fb7cdbcded227192bd615

annelevig.com Open in urlscan Pro 2606:4700:30::681c:10ad Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

0 %HTTPS

50 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

135 kBTransfer

150 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

Indicators

annelevig.com Open in urlscan Pro
2606:4700:30::681c:10ad Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

0 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

135 kB
Transfer

150 kB
Size

1
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!