hamot35a.za.com
Open in
urlscan Pro
119.18.62.128
Malicious Activity!
Public Scan
Submission: On February 01 via api from GB — Scanned from JP
Summary
TLS certificate: Issued by R3 on January 29th 2024. Valid for: 3 months.
This is the only time hamot35a.za.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Ficohsa (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 119.18.62.128 119.18.62.128 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY) | |
14 | 2600:9000:21b... 2600:9000:21b7:5400:15:c281:3500:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
15 | 3 |
ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
PTR: 119-18-62-128.webhostbox.net
hamot35a.za.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
imagekit.io
ik.imagekit.io — Cisco Umbrella Rank: 22225 |
63 KB |
1 |
za.com
hamot35a.za.com |
514 KB |
15 | 2 |
Domain | Requested by | |
---|---|---|
14 | ik.imagekit.io |
hamot35a.za.com
ik.imagekit.io |
1 | hamot35a.za.com | |
15 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.hamot35a.za.com R3 |
2024-01-29 - 2024-04-28 |
3 months | crt.sh |
*.imagekit.io Amazon RSA 2048 M02 |
2024-01-23 - 2025-02-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://hamot35a.za.com/ficohnf/
Frame ID: D3158383BC80A94F58AC5697D6FC4237
Requests: 17 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
hamot35a.za.com/ficohnf/ |
514 KB 514 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0.c67bb0d13128c5f91471.chunk.js.descarga
ik.imagekit.io/eruobiiei/fico/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.990395a18aee052a02cb.chunk.js.descarga
ik.imagekit.io/eruobiiei/fico/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
prismaWeb.css
ik.imagekit.io/eruobiiei/fico/ |
117 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
styles51.css
ik.imagekit.io/eruobiiei/fico/ |
143 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
flecha.png
ik.imagekit.io/eruobiiei/fico/ |
174 B 594 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
eluser.png
ik.imagekit.io/eruobiiei/fico/ |
328 B 750 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
clv.png
ik.imagekit.io/eruobiiei/fico/ |
254 B 673 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
keyboardLowerCaseLowContrast.png
ik.imagekit.io/eruobiiei/fico/ |
3 KB 3 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
13f6ebd6-3a21-4455-8ac2-f131aaf35295.png
ik.imagekit.io/eruobiiei/fico/ |
3 KB 4 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
interr.png
ik.imagekit.io/eruobiiei/fico/ |
202 B 622 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cand.png
ik.imagekit.io/eruobiiei/fico/ |
168 B 586 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
prisma_fonts.css
ik.imagekit.io/css/ |
0 0 |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
10 KB 10 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
streamline.8d9b0fde522024284eb5.woff
ik.imagekit.io/eruobiiei/fico/ |
0 0 |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
streamline.e985056bc25713f2f8cd.ttf
ik.imagekit.io/eruobiiei/fico/ |
0 0 |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Ficohsa (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hamot35a.za.com
ik.imagekit.io
119.18.62.128
2600:9000:21b7:5400:15:c281:3500:93a1
185e0b4bf2388eccaaf5cfd397a89c0e2e71f5e56e3829b992cba13ce709d44d
3bdc044e799f6dd6d6e86a8e9d1bcc2fedfa2ee267a7e2bcb75e42d512341ad8
486ffc246a0861ffd04d17b5a0fbc0d3c79e203824a081f5560105fa5d6f7064
88436ee02abcde53fd08809c6e7aaec8b429ca6f74a47f0203f802c2ca7cc2de
9e91bd7c3538bc0f97a916190324979ed7e728792a48e332b2f62a0d549a75c1
a9d1ec0d5a67772b2286a2db511a84ae75e754f93ac11a37046b64d904b6a231
ad29260c8f3f981b3fb5bc1201f1998289af3538b8dfc1dcb63f6d6bb407a809
b4b73366217f915ce371320f923955fe4cfc69f362312903d1f3bb51e0895abd
c349d8e4cca391434d0b5a22b89dde6e408c77bf71c4976e1b042e3f8b3be4a1
e7dc7bc328c5d5e566c094a77c621c757febb85f8eeac4821051b6f9792a852a
fa10e688206d34d4b293b1524cc091415c551daae4b73e3cc68d7398408edf62
fc2291859c08d39231ec31383d8857cc5523ea2364b9b151a78079c983b39c40