indalofuel.co.za Open in urlscan Pro
154.66.197.59 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://indalofuel.co.za/emb/i/index.php?flecg=abuse@obifecftbhhwg.dqv
Effective URL:
http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid...
Submission: On March 10 via automatic, source phishtank (March 10th 2017, 4:05:38 am UTC)

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 12 HTTP transactions. The main IP is 154.66.197.59, located in South Africa and belongs to DIAMATRIX, ZA. The main domain is indalofuel.co.za.

This is the only time indalofuel.co.za was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

	IP Address	AS Autonomous System
9	154.66.197.59 154.66.197.59	327979 (DIAMATRIX) (DIAMATRIX)
1	2a00:1450:400... 2a00:1450:400f:803::200a	15169 (GOOGLE) (GOOGLE - Google Inc.)
2	2a00:1450:400... 2a00:1450:400f:803::2003	15169 (GOOGLE) (GOOGLE - Google Inc.)
12	3

9 154.66.197.59 (South Africa)

ASN327979 (DIAMATRIX, ZA)
PTR: 59.197.cloud.net.za

indalofuel.co.za	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400f:803::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400f:803::2003 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	indalofuel.co.za indalofuel.co.za	19 KB
2	gstatic.com fonts.gstatic.com	31 KB
1	googleapis.com fonts.googleapis.com	1 KB
12	3

	Domain	Requested by
9	indalofuel.co.za	indalofuel.co.za
2	fonts.gstatic.com	indalofuel.co.za
1	fonts.googleapis.com	indalofuel.co.za
12	3

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Frame ID: 23038.1
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

12
Requests

0 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

51 kB
Transfer

88 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request xnbkh0261minlwuh3chil9av.php Show response
indalofuel.co.za/emb/i/others/
Redirect Chain

http://indalofuel.co.za/emb/i/others/?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1...
http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&userna...

3 KB
1 KB

284ms
284ms

Document
text/html

154.66.197.59
DIAMATRIX

General

Check archive.org

Show headers Download Go to

Full URL: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol: HTTP/1.1
Server: 154.66.197.59 , South Africa, ASN327979 (DIAMATRIX, ZA),
Reverse DNS: 59.197.cloud.net.za
Software: Apache / PHP/5.5.37
Resource Hash: f97ea6caf756672f50db1e76aa07365d466373e14d31824476316dbb1d8d5e12

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: indalofuel.co.za
Accept-Language: en-US,en;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Cache-Control: no-cache
Cookie: PHPSESSID=bca2573a4a8be853f02f0de31aaa3c5c
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Fri, 10 Mar 2017 04:05:30 GMT
Content-Encoding: gzip
Server: Apache
X-Powered-By: PHP/5.5.37
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 1295

Redirect headers

Pragma: no-cache
Date: Fri, 10 Mar 2017 04:05:30 GMT
Server: Apache
X-Powered-By: PHP/5.5.37
Vary: User-Agent
Content-Type: text/html
Location: xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4#n=1252899642&fid=1&fav=1
Set-Cookie: PHPSESSID=bca2573a4a8be853f02f0de31aaa3c5c; path=/
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 0
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK style.css
indalofuel.co.za/emb/i/others/css/ 7 KB
2 KB 195ms
194ms Stylesheet
text/css 154.66.197.59
DIAMATRIX

General

Check archive.org

Show headers Download Go to

Full URL: http://indalofuel.co.za/emb/i/others/css/style.css
Requested by: Host: indalofuel.co.za
URL: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol: HTTP/1.1
Server: 154.66.197.59 , South Africa, ASN327979 (DIAMATRIX, ZA),
Reverse DNS: 59.197.cloud.net.za
Software: Apache /
Resource Hash: 28c56f8e69548de232f09ecbb3ee4ee588f4c0de2fc38bae67502acca183f758

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: indalofuel.co.za
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Cookie: PHPSESSID=bca2573a4a8be853f02f0de31aaa3c5c
Connection: keep-alive
Cache-Control: no-cache
Referer: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Fri, 10 Mar 2017 04:05:31 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Nov 2016 14:30:42 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 1935

GET
H/1.1 200
OK css
fonts.googleapis.com/ 11 KB
1 KB 79ms
48ms Stylesheet
text/css 2a00:1450:400f:803::200a
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.googleapis.com/css?family=Oxygen:400,300,700|Open+Sans:400,300,600,700

Requested by

Host: indalofuel.co.za
URL: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4

Protocol

HTTP/1.1

Server

2a00:1450:400f:803::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

ESF /

Resource Hash

d0ec8c4f30fd00ef3427c7976993831d3161a3293b09bd88992095ef01b3fef0

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: fonts.googleapis.com
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Connection: keep-alive
Cache-Control: no-cache
Referer: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Fri, 10 Mar 2017 04:05:31 GMT
Content-Encoding: gzip
Last-Modified: Fri, 10 Mar 2017 04:05:31 GMT
Server: ESF
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
X-XSS-Protection: 1; mode=block
Expires: Fri, 10 Mar 2017 04:05:31 GMT

GET
H/1.1 200
OK user.png
indalofuel.co.za/emb/i/others/images/ 477 B
477 B 310ms
195ms Image
image/png 154.66.197.59
DIAMATRIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://indalofuel.co.za/emb/i/others/images/user.png
Requested by: Host: indalofuel.co.za
URL: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol: HTTP/1.1
Server: 154.66.197.59 , South Africa, ASN327979 (DIAMATRIX, ZA),
Reverse DNS: 59.197.cloud.net.za
Software: Apache /
Resource Hash: 2fe86269cf17fcbd74dccdfe6f64cb18294bc0db29fd5c4be8f5c8ac8f174b6e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: indalofuel.co.za
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Cookie: PHPSESSID=bca2573a4a8be853f02f0de31aaa3c5c
Connection: keep-alive
Cache-Control: no-cache
Referer: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Fri, 10 Mar 2017 04:05:31 GMT
Last-Modified: Thu, 03 Nov 2016 14:30:42 GMT
Server: Apache
Vary: User-Agent
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 477

GET
H/1.1 200
OK favicon.ico
indalofuel.co.za/emb/i/others/files/ 5 KB
3 KB 383ms
194ms Image
image/x-icon 154.66.197.59
DIAMATRIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://indalofuel.co.za/emb/i/others/files/favicon.ico
Requested by: Host: indalofuel.co.za
URL: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol: HTTP/1.1
Server: 154.66.197.59 , South Africa, ASN327979 (DIAMATRIX, ZA),
Reverse DNS: 59.197.cloud.net.za
Software: Apache /
Resource Hash: 74368197cb53191e522e3a73aab974d53eae8e38da694a1ed2cfa06f39176e58

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: indalofuel.co.za
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Cookie: PHPSESSID=bca2573a4a8be853f02f0de31aaa3c5c
Connection: keep-alive
Cache-Control: no-cache
Referer: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Fri, 10 Mar 2017 04:05:31 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Nov 2016 14:30:42 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: image/x-icon
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 2989

GET
H/1.1 200
OK OLFav.ico
indalofuel.co.za/emb/i/others/files/ 1 KB
226 B 381ms
190ms Image
image/x-icon 154.66.197.59
DIAMATRIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://indalofuel.co.za/emb/i/others/files/OLFav.ico
Requested by: Host: indalofuel.co.za
URL: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol: HTTP/1.1
Server: 154.66.197.59 , South Africa, ASN327979 (DIAMATRIX, ZA),
Reverse DNS: 59.197.cloud.net.za
Software: Apache /
Resource Hash: 9c67b0e23063c5082d8f10a915549ca59ec7e33befae52813b70d76d0894dae0

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: indalofuel.co.za
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Cookie: PHPSESSID=bca2573a4a8be853f02f0de31aaa3c5c
Connection: keep-alive
Cache-Control: no-cache
Referer: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Fri, 10 Mar 2017 04:05:31 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Nov 2016 14:30:42 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: image/x-icon
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 226

GET
H/1.1 200
OK logo_strip_2x.png
indalofuel.co.za/emb/i/others/files/ 11 KB
11 KB 390ms
195ms Image
image/png 154.66.197.59
DIAMATRIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://indalofuel.co.za/emb/i/others/files/logo_strip_2x.png
Requested by: Host: indalofuel.co.za
URL: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol: HTTP/1.1
Server: 154.66.197.59 , South Africa, ASN327979 (DIAMATRIX, ZA),
Reverse DNS: 59.197.cloud.net.za
Software: Apache /
Resource Hash: a97200185f4992c536e4b269f2b8a727c65a25795b99805d80e61bf135f2d4ca

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: indalofuel.co.za
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Cookie: PHPSESSID=bca2573a4a8be853f02f0de31aaa3c5c
Connection: keep-alive
Cache-Control: no-cache
Referer: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Fri, 10 Mar 2017 04:05:31 GMT
Last-Modified: Thu, 03 Nov 2016 14:30:42 GMT
Server: Apache
Vary: User-Agent
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 11156

GET
H/1.1 200
OK outlook.ico
indalofuel.co.za/emb/i/others/files/ 17 KB
540 B 391ms
196ms Image
image/x-icon 154.66.197.59
DIAMATRIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://indalofuel.co.za/emb/i/others/files/outlook.ico?v=2
Requested by: Host: indalofuel.co.za
URL: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol: HTTP/1.1
Server: 154.66.197.59 , South Africa, ASN327979 (DIAMATRIX, ZA),
Reverse DNS: 59.197.cloud.net.za
Software: Apache /
Resource Hash: 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: indalofuel.co.za
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Cookie: PHPSESSID=bca2573a4a8be853f02f0de31aaa3c5c
Connection: keep-alive
Cache-Control: no-cache
Referer: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Fri, 10 Mar 2017 04:05:31 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Nov 2016 14:30:42 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: image/x-icon
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 540

GET
H/1.1 200
OK domain.ico
indalofuel.co.za/emb/i/others/files/ 1 KB
725 B 402ms
201ms Image
image/x-icon 154.66.197.59
DIAMATRIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://indalofuel.co.za/emb/i/others/files/domain.ico
Requested by: Host: indalofuel.co.za
URL: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol: HTTP/1.1
Server: 154.66.197.59 , South Africa, ASN327979 (DIAMATRIX, ZA),
Reverse DNS: 59.197.cloud.net.za
Software: Apache /
Resource Hash: 8436b8d56ce0596f7df21bb46cac82344d082d6a1f481bd9ad3e08fe7834bf25

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: indalofuel.co.za
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Cookie: PHPSESSID=bca2573a4a8be853f02f0de31aaa3c5c
Connection: keep-alive
Cache-Control: no-cache
Referer: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Fri, 10 Mar 2017 04:05:31 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Nov 2016 14:30:42 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: image/x-icon
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 725

GET
H/1.1 200
OK 163.ico
indalofuel.co.za/emb/i/others/files/ 318 B
187 B 262ms
195ms Image
image/x-icon 154.66.197.59
DIAMATRIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://indalofuel.co.za/emb/i/others/files/163.ico
Requested by: Host: indalofuel.co.za
URL: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol: HTTP/1.1
Server: 154.66.197.59 , South Africa, ASN327979 (DIAMATRIX, ZA),
Reverse DNS: 59.197.cloud.net.za
Software: Apache /
Resource Hash: 43c6594eb74940c6e0fb38d55c634425860093660f4eb0cb89334608dd9947eb

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: indalofuel.co.za
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Cookie: PHPSESSID=bca2573a4a8be853f02f0de31aaa3c5c
Connection: keep-alive
Cache-Control: no-cache
Referer: http://indalofuel.co.za/emb/i/others/xnbkh0261minlwuh3chil9av.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&username=&username1=&domain=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Fri, 10 Mar 2017 04:05:31 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Nov 2016 14:30:42 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: image/x-icon
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 187

GET
H/1.1 200
OK MTP_ySUJH_bn48VBG8sNSugdm0LZdjqr5-oayXSOefg.woff2
fonts.gstatic.com/s/opensans/v13/ 16 KB
16 KB 30ms
30ms Font
font/woff2 2a00:1450:400f:803::2003
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/opensans/v13/MTP_ySUJH_bn48VBG8sNSugdm0LZdjqr5-oayXSOefg.woff2

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:400f:803::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

efc029e0546f49ed87c043e09393a995468c2ab1a139332b3aca0fdbe93fe51e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Origin: http://indalofuel.co.za
Accept-Encoding: gzip, deflate, sdch
Host: fonts.gstatic.com
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: */*
Referer: http://fonts.googleapis.com/css?family=Oxygen:400,300,700|Open+Sans:400,300,600,700
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Referer: http://fonts.googleapis.com/css?family=Oxygen:400,300,700|Open+Sans:400,300,600,700
Origin: http://indalofuel.co.za

Response headers

Date: Thu, 02 Mar 2017 04:53:18 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 27 Apr 2015 23:45:12 GMT
Server: sffe
Age: 688333
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Timing-Allow-Origin: *
Content-Length: 16164
X-XSS-Protection: 1; mode=block
Expires: Fri, 02 Mar 2018 04:53:18 GMT

GET
H/1.1 200
OK cJZKeOuBrn4kERxqtaUH3VtXRa8TVwTICgirnJhmVJw.woff2
fonts.gstatic.com/s/opensans/v13/ 15 KB
15 KB 62ms
30ms Font
font/woff2 2a00:1450:400f:803::2003
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/opensans/v13/cJZKeOuBrn4kERxqtaUH3VtXRa8TVwTICgirnJhmVJw.woff2

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:400f:803::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

60f9b5203842a4fe2d52f7c96f3c57b755bbf8f347535469739bcc6f95a9c4b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Origin: http://indalofuel.co.za
Accept-Encoding: gzip, deflate, sdch
Host: fonts.gstatic.com
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: */*
Referer: http://fonts.googleapis.com/css?family=Oxygen:400,300,700|Open+Sans:400,300,600,700
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Referer: http://fonts.googleapis.com/css?family=Oxygen:400,300,700|Open+Sans:400,300,600,700
Origin: http://indalofuel.co.za

Response headers

Date: Thu, 02 Mar 2017 03:03:33 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 27 Apr 2015 23:46:39 GMT
Server: sffe
Age: 694918
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Timing-Allow-Origin: *
Content-Length: 15572
X-XSS-Protection: 1; mode=block
Expires: Fri, 02 Mar 2018 03:03:33 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			indalofuel.co.za/	1970-01-01 00:00:00	Name: PHPSESSID Value: bca2573a4a8be853f02f0de31aaa3c5c

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
indalofuel.co.za
154.66.197.59
2a00:1450:400f:803::2003
2a00:1450:400f:803::200a
28c56f8e69548de232f09ecbb3ee4ee588f4c0de2fc38bae67502acca183f758
2fe86269cf17fcbd74dccdfe6f64cb18294bc0db29fd5c4be8f5c8ac8f174b6e
43c6594eb74940c6e0fb38d55c634425860093660f4eb0cb89334608dd9947eb
60f9b5203842a4fe2d52f7c96f3c57b755bbf8f347535469739bcc6f95a9c4b5
74368197cb53191e522e3a73aab974d53eae8e38da694a1ed2cfa06f39176e58
8436b8d56ce0596f7df21bb46cac82344d082d6a1f481bd9ad3e08fe7834bf25
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
9c67b0e23063c5082d8f10a915549ca59ec7e33befae52813b70d76d0894dae0
a97200185f4992c536e4b269f2b8a727c65a25795b99805d80e61bf135f2d4ca
d0ec8c4f30fd00ef3427c7976993831d3161a3293b09bd88992095ef01b3fef0
efc029e0546f49ed87c043e09393a995468c2ab1a139332b3aca0fdbe93fe51e
f97ea6caf756672f50db1e76aa07365d466373e14d31824476316dbb1d8d5e12

indalofuel.co.za Open in urlscan Pro 154.66.197.59 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

12 Requests

0 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

51 kBTransfer

88 kBSize

1 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

indalofuel.co.za Open in urlscan Pro
154.66.197.59 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

0 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

51 kB
Transfer

88 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!