alexpedsurgery.com
Open in
urlscan Pro
104.225.220.185
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On July 25 via api from GB
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on July 6th 2019. Valid for: 3 months.
This is the only time alexpedsurgery.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ABSA (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 104.225.220.185 104.225.220.185 | 54540 (INCERO-HVVC) (INCERO-HVVC - HIVELOCITY) | |
1 | 2a00:1450:400... 2a00:1450:4001:820::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
9 | 96.125.173.185 96.125.173.185 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
15 | 4 |
ASN54540 (INCERO-HVVC - HIVELOCITY, Inc., US)
alexpedsurgery.com |
ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: sco.scootershop.com
orchidacupuncture.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
orchidacupuncture.com
orchidacupuncture.com |
167 KB |
2 |
alexpedsurgery.com
alexpedsurgery.com |
10 KB |
1 |
googleapis.com
ajax.googleapis.com |
33 KB |
15 | 3 |
Domain | Requested by | |
---|---|---|
9 | orchidacupuncture.com |
alexpedsurgery.com
|
2 | alexpedsurgery.com |
alexpedsurgery.com
|
1 | ajax.googleapis.com |
alexpedsurgery.com
|
15 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
ib.absa.co.za |
www.absa.co.za |
Subject Issuer | Validity | Valid | |
---|---|---|---|
alexpedsurgery.com Let's Encrypt Authority X3 |
2019-07-06 - 2019-10-04 |
3 months | crt.sh |
*.googleapis.com Google Internet Authority G3 |
2019-06-18 - 2019-09-10 |
3 months | crt.sh |
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh |
This page contains 1 frames:
Primary Page:
https://alexpedsurgery.com/home2/auth.htm
Frame ID: F3DA0A75A820678EDC47210A30EF7117
Requests: 15 HTTP requests in this frame
Screenshot
Detected technologies
Ubuntu (Operating Systems) ExpandDetected patterns
- headers server /Ubuntu/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
15 Outgoing links
These are links going to different origins than the main page.
Title: Registration
Search URL Search Domain Scan URL
Title: Absa home page
Search URL Search Domain Scan URL
Title: Old interface switched off
Search URL Search Domain Scan URL
Title: Absa Listed Beneficiaries - accounts closed
Search URL Search Domain Scan URL
Title: Inter-Bank Payment delay
Search URL Search Domain Scan URL
Title: Security enhancement
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Latest scams
Search URL Search Domain Scan URL
Title: Latest internet security software
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Software requirements
Search URL Search Domain Scan URL
Title: Banking regulations
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
auth.htm
alexpedsurgery.com/home2/ |
44 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ |
95 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ajax-loader-2.gif
orchidacupuncture.com/komt/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
absa-logo-2018.png
orchidacupuncture.com/komt/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ao-logo2.png
orchidacupuncture.com/komt/images/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dot_002.gif
orchidacupuncture.com/komt/images/ |
43 B 364 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
locale_en.gif
orchidacupuncture.com/komt/images/ |
70 B 391 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Express_banking_eng.png
orchidacupuncture.com/komt/images/ |
28 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
APB2.jpg
orchidacupuncture.com/komt/images/ |
20 KB 20 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Secure_en_2017.jpg
orchidacupuncture.com/komt/images/ |
37 KB 38 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Secmon_eng.jpg
orchidacupuncture.com/komt/images/ |
64 KB 64 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
absa.css
orchidacupuncture.com/komt/cssStyles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
login.css
orchidacupuncture.com/komt/cssStyles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jcaptcha.css
orchidacupuncture.com/komt/cssStyles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-questionmark-grey.png
alexpedsurgery.com/home2/static/style/resources/ |
338 B 338 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- orchidacupuncture.com
- URL
- http://orchidacupuncture.com/komt/cssStyles/absa.css
- Domain
- orchidacupuncture.com
- URL
- http://orchidacupuncture.com/komt/cssStyles/login.css
- Domain
- orchidacupuncture.com
- URL
- http://orchidacupuncture.com/komt/cssStyles/jcaptcha.css
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ABSA (Banking)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery string| siteURL function| loginContinue2 function| onForm1Submit object| absa function| surecheckConfirmation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
alexpedsurgery.com
orchidacupuncture.com
orchidacupuncture.com
104.225.220.185
2a00:1450:4001:820::200a
96.125.173.185
264284f295cf47a40cde4ef8663a4dadbe303f1ff210e9dc52d2ac91cb6b104c
3c243a2d63452b7a8392cdf93e637ec423b3241149831b2082283063d1e34413
3f596c191ddbe25572cfb3ace361b84724d6dd5ac3a486ed5cbbfde21865163f
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6e3dd4ad3c47a12c07c157b681105a79f8474ab466f96d5fbbe719fe3ae47a2a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6b693de4c17c014dad29abe5294359606104283674d45ee8348e9dc731ff540
b90e9d891c1b60bbb442d0c18a93bef607f0c49854a151e204bb66ca409ca1e4
c13ed7206949e17b49b3ff0672d68533ed4d43c9660fc31b09e9564835861754
ca557e0f61a59f2511a11104bde0080ba24e6de61587b8d6e48356cff4701c08
ee8f5af250e7df71b88df4ed3c0244096f7b16408053555d46a02d5130c3bf01
f2d5a074eb2d091c1421ea266a6e2ac8871e4be01dd941b71f95e25c32b7dce0