annelevig.com
Open in
urlscan Pro
2606:4700:30::681c:10ad
Malicious Activity!
Public Scan
Effective URL: http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/
Submission: On November 07 via manual from AU
Summary
This is the only time annelevig.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NAB Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 52.24.154.40 52.24.154.40 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 123.30.209.104 123.30.209.104 | 45899 (VNPT-AS-V...) (VNPT-AS-VN VNPT Corp) | |
2 | 2606:4700:30:... 2606:4700:30::681c:10ad | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
2 | 2606:4700:30:... 2606:4700:30::681c:11ad | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
5 | 3 |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-24-154-40.us-west-2.compute.amazonaws.com
go.sparkpostmail1.com |
ASN45899 (VNPT-AS-VN VNPT Corp, VN)
PTR: static.vnpt.vn
thegioithieunhi.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
annelevig.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
annelevig.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
annelevig.com
annelevig.com |
135 KB |
1 |
thegioithieunhi.com
thegioithieunhi.com |
459 B |
1 |
sparkpostmail1.com
1 redirects
go.sparkpostmail1.com |
232 B |
5 | 3 |
Domain | Requested by | |
---|---|---|
4 | annelevig.com |
annelevig.com
|
1 | thegioithieunhi.com | |
1 | go.sparkpostmail1.com | 1 redirects |
5 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/
Frame ID: 7544B4EB609BB71AC14B47F9469E42CF
Requests: 5 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://go.sparkpostmail1.com/f/a/b07dCYnQ5V5Q911EQdN_GQ~~/AAO4gwA~/RgRdwepDP0Q9aHR0cDovL3RoZWdpb2l0aGlldW...
HTTP 302
http://thegioithieunhi.com//content/themes/robertedmaliso.php Page URL
- http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/ Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Pure CSS (Web Frameworks) Expand
Detected patterns
- html /<link[^>]+(?:([\d.])+\/)?pure(?:-min)?\.css/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://go.sparkpostmail1.com/f/a/b07dCYnQ5V5Q911EQdN_GQ~~/AAO4gwA~/RgRdwepDP0Q9aHR0cDovL3RoZWdpb2l0aGlldW5oaS5jb20vL2NvbnRlbnQvdGhlbWVzL3JvYmVydGVkbWFsaXNvLnBocFcDc3BjQgoADkhm31sRavsDUhhtc2V0dGxlQGNpdGlwb3dlci5jb20uYXVYBAAAAAA~
HTTP 302
http://thegioithieunhi.com//content/themes/robertedmaliso.php Page URL
- http://annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://go.sparkpostmail1.com/f/a/b07dCYnQ5V5Q911EQdN_GQ~~/AAO4gwA~/RgRdwepDP0Q9aHR0cDovL3RoZWdpb2l0aGlldW5oaS5jb20vL2NvbnRlbnQvdGhlbWVzL3JvYmVydGVkbWFsaXNvLnBocFcDc3BjQgoADkhm31sRavsDUhhtc2V0dGxlQGNpdGlwb3dlci5jb20uYXVYBAAAAAA~ HTTP 302
- http://thegioithieunhi.com//content/themes/robertedmaliso.php
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
robertedmaliso.php
thegioithieunhi.com//content/themes/ Redirect Chain
|
324 B 459 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
/
annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pure-min.css
annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/ |
17 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3.PNG
annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/images/ |
129 KB 126 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4.PNG
annelevig.com/wp-content/themes/twentyfifteen/inc/nabservicea200/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NAB Bank (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| unhideBody1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.annelevig.com/ | Name: __cfduid Value: d0ce8f94eb0140771aabd884989af82991541562897 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
annelevig.com
go.sparkpostmail1.com
thegioithieunhi.com
123.30.209.104
2606:4700:30::681c:10ad
2606:4700:30::681c:11ad
52.24.154.40
255d6dfae2b0ab59f97774b8fe2a2c037e8550571af5299150cf8175ed71bac9
35a47f6b42dc6b0badb162f3c2d8cc004c2bc48bf5f477ce7320341b7be5217c
45751bf26f1306f0f96860ae81ed2e099c94534d55275a99c9ecbc6b7761f5d3
9f4d2def7113e8fea65b05d85ad0640ed35a4bd606ce38e97e753dfea94896d0
a04e2c500bba00880c1b13fc8ba614952e2b94713b1fb7cdbcded227192bd615