cityosity.com
Open in
urlscan Pro
72.52.149.230
Malicious Activity!
Public Scan
Submission: On May 29 via automatic, source phishtank
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on May 4th 2020. Valid for: 3 months.
This is the only time cityosity.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ABSA (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 72.52.149.230 72.52.149.230 | 32244 (LIQUIDWEB) (LIQUIDWEB) | |
16 | 1 |
ASN32244 (LIQUIDWEB, US)
PTR: host.trafficality.com
cityosity.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
cityosity.com
cityosity.com |
307 KB |
16 | 1 |
Domain | Requested by | |
---|---|---|
16 | cityosity.com |
cityosity.com
|
16 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.absa.co.za |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cityosity.com Let's Encrypt Authority X3 |
2020-05-04 - 2020-08-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://cityosity.com/rnco/nsra.html
Frame ID: B44D6C913F345E76CA5D686C8EA5A67A
Requests: 16 HTTP requests in this frame
Screenshot
Detected technologies
OpenSSL (Web Server Extensions) ExpandDetected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Absa home page
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
nsra.html
cityosity.com/rnco/ |
20 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
absa.css
cityosity.com/rnco/provea/ |
153 KB 155 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.css
cityosity.com/rnco/provea/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jcaptcha.css
cityosity.com/rnco/provea/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ajax-loader-2.gif
cityosity.com/rnco/provea/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-red.png
cityosity.com/rnco/provea/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
keypad.jpg
cityosity.com/rnco/provea/ |
19 KB 19 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
locale_en.gif
cityosity.com/rnco/provea/ |
70 B 143 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
campaigne_1_ENG.png
cityosity.com/rnco/provea/ |
45 KB 46 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
covid19_en.jpg
cityosity.com/rnco/provea/ |
25 KB 26 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DebiCheck_ATM_Eng.jpg
cityosity.com/rnco/provea/ |
24 KB 25 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
campaigne_3b_post_golive_EN.jpg
cityosity.com/rnco/provea/ |
0 71 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-questionmark-grey_2019.png
cityosity.com/rnco/static/style/resources/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite-corners-rounded.png
cityosity.com/rnco/provea/resources/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
keypad-bg.gif
cityosity.com/rnco/provea/www.absa.co.za.2009.ui/keypad/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite-icons-bar-status_2019.png
cityosity.com/rnco/provea/resources/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ABSA (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cityosity.com
72.52.149.230
062db08a8434447c9e87a62c6e7c07c96186ad481aeae1c62171044d2111dd4f
19cb62082ac0a8db712222ca0ba62e4c0f5186cd8bb78ad1320b22d158937aca
2475e5a8484d34ecc67df87f2098bb33604db075833a5179eb164bd5c64ec03f
26b23caa9b6647e334b3178c3b232e53867a11a25806560da41ef44271e12d98
2b67da14e2725a72a8cccb22bb4913bcfca77c3f68caa39b912bf2567990cd94
3c243a2d63452b7a8392cdf93e637ec423b3241149831b2082283063d1e34413
6de7e0fbfa97a6f107816f83dc7ff68246c4b27804279d1319e39dbeaeac3863
86c3ec119fc6352ca80ccc5b6e2e8fa76c924adecaf33de65da1b892e7b1aa3e
a0bea01376317891721ab98aefda0c14b331fffaed604afff00ea803f0d8e69d
b6b693de4c17c014dad29abe5294359606104283674d45ee8348e9dc731ff540
cb45d428c00e88ea0e73eca797ebb0222173c4bb22a86935a4d94137695a42ef
cfc8d1cac57c28080424e0352c91061277f42b819ac9280ec163095e9ed5d61b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855