921826080.r.worldcdn.net Open in urlscan Pro
50.7.89.210 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html
Submission: On March 08 via manual (March 8th 2022, 5:53:01 am UTC) from ZA — Scanned from DE

Summary HTTP 26 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 26 HTTP transactions. The main IP is 50.7.89.210, located in Frankfurt am Main, Germany and belongs to COGENT-174, US. The main domain is 921826080.r.worldcdn.net.
TLS certificate: Issued by R3 on January 13th 2022. Valid for: 3 months.

This is the only time 921826080.r.worldcdn.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nedbank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
26	50.7.89.210 50.7.89.210		174 (COGENT-174) (COGENT-174)
26	1

26 50.7.89.210 (Frankfurt am Main, Germany)

ASN174 (COGENT-174, US)

921826080.r.worldcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	worldcdn.net 921826080.r.worldcdn.net	110 KB
26	1

	Domain	Requested by
26	921826080.r.worldcdn.net	921826080.r.worldcdn.net
26	1

This site contains no links.

Subject Issuer	Validity	Valid
*.r.worldcdn.net R3	`2022-01-13` - `2022-04-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html
Frame ID: 2A32678877391A7B8535C417497ED687
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online Banking

Page Statistics

26
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

110 kB
Transfer

504 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.html Show response 921826080.r.worldcdn.net/ravoshack/css/hn/	164 KB 18 KB	396ms 358ms	Document text/html	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash `eb74d7e3ebec1cba3b911c7520d734f5f2f078a79752f086dab78021d8cd8e27` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers server nginx date Tue, 08 Mar 2022 05:52:56 GMT content-type text/html last-modified Sat, 13 Mar 2021 01:25:14 GMT vary Accept-Encoding x-server-cache true x-proxy-cache HIT x-age 6767 x-cache REVALIDATED x-storage 288759129:8011 content-encoding gzip x-edge-ip 50.7.89.210 x-edge-location Frankfurt, DE
GET H2	200	styles.69c808d6592742aa893c.css 921826080.r.worldcdn.net/ravoshack/css/hn/css/	233 KB 42 KB	287ms 287ms	Stylesheet text/css	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash `8ebbb4a62679405cfe3f3e50e737e53b42011fb0957acb80a2e68f7d2b15fd15` Request headers Accept-Language de-DE,de;q=0.9 Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip last-modified Fri, 12 Mar 2021 22:26:24 GMT server nginx x-edge-location Frankfurt, DE vary Accept-Encoding x-cache REVALIDATED content-type text/css x-edge-ip 50.7.89.210 x-age 4547 x-storage 288759129:8010
GET H2	200	NedbankExperience.svg 921826080.r.worldcdn.net/ravoshack/css/hn/images/	12 KB 4 KB	270ms 269ms	Image image/svg+xml	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Show image Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/images/NedbankExperience.svg Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash `3bf07d30c5c5867acf6a3ec763086a9c3d1ea5c7e6783c1550e1309c67e59bf3` Request headers Accept-Language de-DE,de;q=0.9 Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip last-modified Sat, 13 Mar 2021 00:56:00 GMT server nginx x-edge-location Frankfurt, DE x-cache REVALIDATED content-type image/svg+xml x-edge-ip 50.7.89.210 x-age 4547 x-storage 288759129:8008
GET H2	200	login-fast.svg 921826080.r.worldcdn.net/ravoshack/css/hn/images/	5 KB 2 KB	262ms 260ms	Image image/svg+xml	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Show image Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/images/login-fast.svg Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash `e79680516f7aebb8535d875afb21b608dc955fa48f3084502858ea7513ba547c` Request headers Accept-Language de-DE,de;q=0.9 Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip last-modified Sat, 13 Mar 2021 00:56:32 GMT server nginx x-edge-location Frankfurt, DE x-cache REVALIDATED content-type image/svg+xml x-edge-ip 50.7.89.210 x-age 4547 x-storage 288759129:8005
GET H2	200	login-easy.svg 921826080.r.worldcdn.net/ravoshack/css/hn/images/	4 KB 2 KB	264ms 262ms	Image image/svg+xml	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Show image Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/images/login-easy.svg Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash `9731178a65895ad7a2835bb97c7d3e1fbb030448ce0af77fad66d45559beee0d` Request headers Accept-Language de-DE,de;q=0.9 Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip last-modified Sat, 13 Mar 2021 00:56:42 GMT server nginx x-edge-location Frankfurt, DE x-cache REVALIDATED content-type image/svg+xml x-edge-ip 50.7.89.210 x-age 4547 x-storage 288759129:8007
GET H2	200	login-secure.svg 921826080.r.worldcdn.net/ravoshack/css/hn/images/	5 KB 2 KB	266ms 264ms	Image image/svg+xml	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Show image Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/images/login-secure.svg Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash `5c6c8d8c0e52c66587d5f15d69de975d84894fc26afc864cd7b3eebde68b426c` Request headers Accept-Language de-DE,de;q=0.9 Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip last-modified Sat, 13 Mar 2021 00:56:54 GMT server nginx x-edge-location Frankfurt, DE x-cache REVALIDATED content-type image/svg+xml x-edge-ip 50.7.89.210 x-age 4547 x-storage 288759129:8010
GET H2	200	entrust_site_seal_ssl.png 921826080.r.worldcdn.net/ravoshack/css/hn/images/	18 KB 19 KB	284ms 282ms	Image image/png	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Show image Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/images/entrust_site_seal_ssl.png Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash `203680b7945ca5c9f3697881f9af9c8ed160354675055d22fc34545910cd4d54` Request headers Accept-Language de-DE,de;q=0.9 Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT last-modified Fri, 12 Mar 2021 22:27:10 GMT server nginx x-edge-location Frankfurt, DE x-cache REVALIDATED content-type image/png x-edge-ip 50.7.89.210 x-age 4547 accept-ranges bytes content-length 18758 x-storage 288759129:8009
GET H2	200	GooglePlay.svg 921826080.r.worldcdn.net/ravoshack/css/hn/images/	22 KB 5 KB	265ms 263ms	Image image/svg+xml	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Show image Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/images/GooglePlay.svg Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash `00ff1bb43d0a271618cd1f626e0530c4e9efb344058b85744e569306c93ecc42` Request headers Accept-Language de-DE,de;q=0.9 Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip last-modified Sat, 13 Mar 2021 00:57:28 GMT server nginx x-edge-location Frankfurt, DE x-cache REVALIDATED content-type image/svg+xml x-edge-ip 50.7.89.210 x-age 4547 x-storage 288759129:8009
GET H2	200	AppStoreBadge.svg 921826080.r.worldcdn.net/ravoshack/css/hn/images/	12 KB 5 KB	272ms 271ms	Image image/svg+xml	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Show image Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/images/AppStoreBadge.svg Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash `4cfabcfdbec9a5cd903190f150028743f38c3533b53ea21c6e4dd35a52a80383` Request headers Accept-Language de-DE,de;q=0.9 Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip last-modified Sat, 13 Mar 2021 00:57:38 GMT server nginx x-edge-location Frankfurt, DE x-cache REVALIDATED content-type image/svg+xml x-edge-ip 50.7.89.210 x-age 4547 x-storage 288759129:8010
GET H2	200	HuaweiStoreBadge.svg 921826080.r.worldcdn.net/ravoshack/css/hn/images/	22 KB 8 KB	138ms 136ms	Image image/svg+xml	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Show image Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/images/HuaweiStoreBadge.svg Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash `1ff2a8671111fb294acbd910e0ff757971eaeb4b381206de8ebabb38e259ca15` Request headers Accept-Language de-DE,de;q=0.9 Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip last-modified Sat, 13 Mar 2021 00:57:50 GMT server nginx x-edge-location Frankfurt, DE x-cache REVALIDATED content-type image/svg+xml x-edge-ip 50.7.89.210 x-age 4547 x-storage 288759129:8011
GET H2	200	NedbankIcon.7492cce283df004f1ef8.svg 921826080.r.worldcdn.net/ravoshack/css/hn/images/	1 KB 850 B	263ms 262ms	Image image/svg+xml	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Show image Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/images/NedbankIcon.7492cce283df004f1ef8.svg Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash `f7baf6fab8ed8563ffcf45e566735dc4adf36fd5243d0c2ffdf472905bc7e018` Request headers Accept-Language de-DE,de;q=0.9 Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip last-modified Fri, 12 Mar 2021 22:28:18 GMT server nginx x-edge-location Frankfurt, DE x-cache REVALIDATED content-type image/svg+xml x-edge-ip 50.7.89.210 x-age 4547 x-storage 288759129:8002
GET H2	200	icon-chat-thin.e1e44890317f84171fc1.svg 921826080.r.worldcdn.net/ravoshack/css/hn/images/	736 B 560 B	257ms 257ms	Image image/svg+xml	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Show image Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/images/icon-chat-thin.e1e44890317f84171fc1.svg Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash `d88fedad79f51cae5be17cd5ee16ea706978380791b34100beade1881a5974f4` Request headers Accept-Language de-DE,de;q=0.9 Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip last-modified Sat, 13 Mar 2021 00:55:12 GMT server nginx x-edge-location Frankfurt, DE x-cache REVALIDATED content-type image/svg+xml x-edge-ip 50.7.89.210 x-age 4547 x-storage 288759129:8002
GET H2	200	location-blank-green.a212a0d3423c5f200809.svg 921826080.r.worldcdn.net/ravoshack/css/hn/images/	1 KB 764 B	146ms 146ms	Image image/svg+xml	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Show image Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/images/location-blank-green.a212a0d3423c5f200809.svg Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash `8fd778cf8be190de02f1a95bb0a3d1ba158c4041b109fa8ac002c245056e06dc` Request headers Accept-Language de-DE,de;q=0.9 Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip last-modified Sat, 13 Mar 2021 00:55:24 GMT server nginx x-edge-location Frankfurt, DE x-cache REVALIDATED content-type image/svg+xml x-edge-ip 50.7.89.210 x-age 4547 x-storage 288759129:8010
GET H2	200	contact-blank-green.0dde8e4b338f10363bc5.svg 921826080.r.worldcdn.net/ravoshack/css/hn/images/	1 KB 798 B	296ms 296ms	Image image/svg+xml	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Show image Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/images/contact-blank-green.0dde8e4b338f10363bc5.svg Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash `b56bd2aeb39c48bb1732623689421c02c93461a6024a657124450d5664bbbb56` Request headers Accept-Language de-DE,de;q=0.9 Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip last-modified Sat, 13 Mar 2021 00:55:34 GMT server nginx x-edge-location Frankfurt, DE x-cache REVALIDATED content-type image/svg+xml x-edge-ip 50.7.89.210 x-age 4547 x-storage 288759129:8007
GET H2	404	demo-icon.c37a3a5686101cd3521a.svg 921826080.r.worldcdn.net/ravoshack/css/hn/	315 B 315 B	267ms 267ms	Image text/html	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Show image Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/demo-icon.c37a3a5686101cd3521a.svg Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers Accept-Language de-DE,de;q=0.9 Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip server nginx x-edge-location Frankfurt, DE x-cache MISS content-type text/html; charset=iso-8859-1 x-edge-ip 50.7.89.210 x-storage 288759129:8004
GET H2	404	Arrow.941e2f83c935ad00fedf.svg 921826080.r.worldcdn.net/ravoshack/css/hn/	315 B 315 B	137ms 137ms	Image text/html	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Show image Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/Arrow.941e2f83c935ad00fedf.svg Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers Accept-Language de-DE,de;q=0.9 Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip server nginx x-edge-location Frankfurt, DE x-cache MISS content-type text/html; charset=iso-8859-1 x-edge-ip 50.7.89.210 x-storage 288759129:8011
GET H2	200	outline-cheque.fe9bf6957964461d3cd2.svg 921826080.r.worldcdn.net/ravoshack/css/hn/images/	256 B 410 B	286ms 286ms	Image image/svg+xml	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Show image Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/images/outline-cheque.fe9bf6957964461d3cd2.svg Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash `a33198f43372edb1be7a4f6694fcce80b8ddccbe3a7da64745d14c74ad061179` Request headers Accept-Language de-DE,de;q=0.9 Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip last-modified Sat, 13 Mar 2021 00:56:12 GMT server nginx x-edge-location Frankfurt, DE x-cache REVALIDATED content-type image/svg+xml x-edge-ip 50.7.89.210 x-age 4547 x-storage 288759129:8007
GET H2	404	FontFont%20-%20MarkPro.12d6724a254d3be629fc.otf 921826080.r.worldcdn.net/ravoshack/css/hn/css/	0 0	158ms 157ms	Font text/html	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/css/FontFont%20-%20MarkPro.12d6724a254d3be629fc.otf Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash Request headers Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Origin https://921826080.r.worldcdn.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip server nginx x-edge-location Frankfurt, DE x-cache MISS content-type text/html; charset=iso-8859-1 x-edge-ip 50.7.89.210 x-storage 288759129:8010
GET H2	404	FontFont%20-%20MarkPro-Medium.8531ae94f5ad973be8b7.otf 921826080.r.worldcdn.net/ravoshack/css/hn/css/	0 0	313ms 312ms	Font text/html	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/css/FontFont%20-%20MarkPro-Medium.8531ae94f5ad973be8b7.otf Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash Request headers Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Origin https://921826080.r.worldcdn.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip server nginx x-edge-location Frankfurt, DE x-cache MISS content-type text/html; charset=iso-8859-1 x-edge-ip 50.7.89.210 x-storage 288759129:8003
GET H2	404	FontFont%20-%20MarkPro-Bold.476d44b0f6c8939bb885.otf 921826080.r.worldcdn.net/ravoshack/css/hn/css/	0 0	303ms 302ms	Font text/html	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/css/FontFont%20-%20MarkPro-Bold.476d44b0f6c8939bb885.otf Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash Request headers Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Origin https://921826080.r.worldcdn.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip server nginx x-edge-location Frankfurt, DE x-cache MISS content-type text/html; charset=iso-8859-1 x-edge-ip 50.7.89.210 x-storage 288759129:8006
GET H2	404	FFMarkWebProRegular.734ec8bb2cae535b25e2.ttf 921826080.r.worldcdn.net/ravoshack/css/hn/css/	0 0	278ms 277ms	Font text/html	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/css/FFMarkWebProRegular.734ec8bb2cae535b25e2.ttf Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash Request headers Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Origin https://921826080.r.worldcdn.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip server nginx x-edge-location Frankfurt, DE x-cache MISS content-type text/html; charset=iso-8859-1 x-edge-ip 50.7.89.210 x-storage 288759129:8001
GET H2	404	FFMarkWebProMedium.372af743edc702191fa3.ttf 921826080.r.worldcdn.net/ravoshack/css/hn/css/	0 0	153ms 152ms	Font text/html	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/css/FFMarkWebProMedium.372af743edc702191fa3.ttf Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash Request headers Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Origin https://921826080.r.worldcdn.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip server nginx x-edge-location Frankfurt, DE x-cache MISS content-type text/html; charset=iso-8859-1 x-edge-ip 50.7.89.210 x-storage 288759129:8002
GET H2	404	FFMarkWebProRegular.b11ee9d5cc2d0d30c9d9.woff 921826080.r.worldcdn.net/ravoshack/css/hn/css/	0 0	135ms 135ms	Font text/html	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/css/FFMarkWebProRegular.b11ee9d5cc2d0d30c9d9.woff Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash Request headers Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Origin https://921826080.r.worldcdn.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip server nginx x-edge-location Frankfurt, DE x-cache MISS content-type text/html; charset=iso-8859-1 x-edge-ip 50.7.89.210 x-storage 288759129:8002
GET H2	404	FFMarkWebProMedium.4f815f53bf394a53bca5.woff 921826080.r.worldcdn.net/ravoshack/css/hn/css/	0 0	138ms 138ms	Font text/html	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/css/FFMarkWebProMedium.4f815f53bf394a53bca5.woff Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash Request headers Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Origin https://921826080.r.worldcdn.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:56 GMT content-encoding gzip server nginx x-edge-location Frankfurt, DE x-cache MISS content-type text/html; charset=iso-8859-1 x-edge-ip 50.7.89.210 x-storage 288759129:8001
GET H2	404	FFMarkWebProRegular.56bf69b60979b6a003ec.woff2 921826080.r.worldcdn.net/ravoshack/css/hn/css/	0 0	135ms 135ms	Font text/html	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/css/FFMarkWebProRegular.56bf69b60979b6a003ec.woff2 Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash Request headers Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Origin https://921826080.r.worldcdn.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:57 GMT content-encoding gzip server nginx x-edge-location Frankfurt, DE x-cache MISS content-type text/html; charset=iso-8859-1 x-edge-ip 50.7.89.210 x-storage 288759129:8007
GET H2	404	FFMarkWebProMedium.b5e3a5ab2b897ea3877f.woff2 921826080.r.worldcdn.net/ravoshack/css/hn/css/	0 0	139ms 138ms	Font text/html	50.7.89.210 COGENT-174
General Check archive.org Show headers Download Go to Full URL https://921826080.r.worldcdn.net/ravoshack/css/hn/css/FFMarkWebProMedium.b5e3a5ab2b897ea3877f.woff2 Requested by Host: 921826080.r.worldcdn.net URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.7.89.210 Frankfurt am Main, Germany, ASN174 (COGENT-174, US), Reverse DNS Software nginx / Resource Hash Request headers Referer https://921826080.r.worldcdn.net/ravoshack/css/hn/css/styles.69c808d6592742aa893c.css Origin https://921826080.r.worldcdn.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 05:52:57 GMT content-encoding gzip server nginx x-edge-location Frankfurt, DE x-cache MISS content-type text/html; charset=iso-8859-1 x-edge-ip 50.7.89.210 x-storage 288759129:8011

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nedbank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/Arrow.941e2f83c935ad00fedf.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/css/FontFont%20-%20MarkPro.12d6724a254d3be629fc.otf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/demo-icon.c37a3a5686101cd3521a.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/css/FontFont%20-%20MarkPro-Bold.476d44b0f6c8939bb885.otf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/css/FontFont%20-%20MarkPro-Medium.8531ae94f5ad973be8b7.otf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/css/FFMarkWebProRegular.734ec8bb2cae535b25e2.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/css/FFMarkWebProMedium.372af743edc702191fa3.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/css/FFMarkWebProRegular.b11ee9d5cc2d0d30c9d9.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/css/FFMarkWebProMedium.4f815f53bf394a53bca5.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/css/FFMarkWebProRegular.56bf69b60979b6a003ec.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://921826080.r.worldcdn.net/ravoshack/css/hn/css/FFMarkWebProMedium.b5e3a5ab2b897ea3877f.woff2 Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

921826080.r.worldcdn.net
50.7.89.210
00ff1bb43d0a271618cd1f626e0530c4e9efb344058b85744e569306c93ecc42
1ff2a8671111fb294acbd910e0ff757971eaeb4b381206de8ebabb38e259ca15
203680b7945ca5c9f3697881f9af9c8ed160354675055d22fc34545910cd4d54
3bf07d30c5c5867acf6a3ec763086a9c3d1ea5c7e6783c1550e1309c67e59bf3
4cfabcfdbec9a5cd903190f150028743f38c3533b53ea21c6e4dd35a52a80383
5c6c8d8c0e52c66587d5f15d69de975d84894fc26afc864cd7b3eebde68b426c
8ebbb4a62679405cfe3f3e50e737e53b42011fb0957acb80a2e68f7d2b15fd15
8fd778cf8be190de02f1a95bb0a3d1ba158c4041b109fa8ac002c245056e06dc
9731178a65895ad7a2835bb97c7d3e1fbb030448ce0af77fad66d45559beee0d
a33198f43372edb1be7a4f6694fcce80b8ddccbe3a7da64745d14c74ad061179
b56bd2aeb39c48bb1732623689421c02c93461a6024a657124450d5664bbbb56
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d88fedad79f51cae5be17cd5ee16ea706978380791b34100beade1881a5974f4
e79680516f7aebb8535d875afb21b608dc955fa48f3084502858ea7513ba547c
eb74d7e3ebec1cba3b911c7520d734f5f2f078a79752f086dab78021d8cd8e27
f7baf6fab8ed8563ffcf45e566735dc4adf36fd5243d0c2ffdf472905bc7e018

921826080.r.worldcdn.net Open in urlscan Pro 50.7.89.210 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

26 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

110 kBTransfer

504 kBSize

0 Cookies

0 Outgoing links

Redirected requests

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

11 Console Messages

Indicators

921826080.r.worldcdn.net Open in urlscan Pro
50.7.89.210 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

26
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

110 kB
Transfer

504 kB
Size

0
Cookies

26 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!