zaonutrition.co.za Open in urlscan Pro
41.185.64.125 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
Submission: On August 02 via manual (August 2nd 2017, 9:25:28 am UTC) from GB

Summary HTTP 15 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 4 IPs in 4 countries across 4 domains to perform 15 HTTP transactions. The main IP is 41.185.64.125, located in South Africa and belongs to webafrica, ZA. The main domain is zaonutrition.co.za.

This is the only time zaonutrition.co.za was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

	IP Address	AS Autonomous System
10	41.185.64.125 41.185.64.125	36943 (webafrica) (webafrica)
3	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	217.160.86.157 217.160.86.157	8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48)
1	2a02:26f0:122... 2a02:26f0:122:38b::1d8e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
15	4

10 41.185.64.125 (South Africa)

ASN36943 (webafrica, ZA)
PTR: aeh77-cvps01monitor.cpt.wa.co.za

zaonutrition.co.za	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::200e (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.160.86.157 (Germany)

ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)
PTR: ias.static-1and1.com

ias.static-1and1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:122:38b::1d8e (European Union)

ASN20940 (AKAMAI-ASN1, US)

officehome.msocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	zaonutrition.co.za zaonutrition.co.za	263 KB
3	google-analytics.com www.google-analytics.com	16 KB
1	msocdn.com officehome.msocdn.com	155 KB
1	static-1and1.com ias.static-1and1.com	6 KB
15	4

	Domain	Requested by
10	zaonutrition.co.za	zaonutrition.co.za
3	www.google-analytics.com	zaonutrition.co.za
1	officehome.msocdn.com	zaonutrition.co.za
1	ias.static-1and1.com	zaonutrition.co.za
15	4

This site contains links to these domains. Also see Links.

Domain
www.coursesites.com

Subject Issuer	Validity	Valid
*.google-analytics.com Google Internet Authority G2	`2017-07-19` - `2017-10-11`	3 months	crt.sh
ias.static-1and1.com GeoTrust SSL CA - G3	`2017-05-09` - `2018-05-09`	a year	crt.sh
*.msocdn.com Symantec Class 3 Secure Server CA - G4	`2017-06-26` - `2018-09-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
Frame ID: 30458.1
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

15
Requests

33 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

4
Countries

439 kB
Transfer

465 kB
Size

5
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.coursesites.com/webapps/Bb-sites-course-creation-BBLEARN/pages/index.html
Title:

Search URL Search Domain Scan URL

URL: https://www.coursesites.com/webapps/blackboard/password
Title: Forgot Your Password?

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request 7

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

Request 11

http://www.google-analytics.com/r/__utm.gif?utmwv=5.6.3&utms=1&utmn=246458567&utmhn=zaonutrition.co.za&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmhid=16...
https://www.google-analytics.com/r/__utm.gif?utmwv=5.6.3&utms=1&utmn=246458567&utmhn=zaonutrition.co.za&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmhid=1...

Request 12

http://www.google-analytics.com/__utm.gif?utmwv=5.6.3&utms=2&utmn=74771785&utmhn=zaonutrition.co.za&utmt=event&utme=5(Login*Login%20Attempt)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit...
https://www.google-analytics.com/__utm.gif?utmwv=5.6.3&utms=2&utmn=74771785&utmhn=zaonutrition.co.za&utmt=event&utme=5(Login*Login%20Attempt)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bi...

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request mycours.php Show response
zaonutrition.co.za/simcard/course/ 28 KB
28 KB 511ms
194ms Document
text/html 41.185.64.125
webafrica

General

Check archive.org

Show headers Download Go to

Full URL: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
Protocol: HTTP/1.1
Server: 41.185.64.125 , South Africa, ASN36943 (webafrica, ZA),
Reverse DNS: aeh77-cvps01monitor.cpt.wa.co.za
Software: Apache /
Resource Hash: 9c9dcab7abdaedff01b4bc2ec270a57be4d54248ec3c42040c70fad6bf599e15

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 02 Aug 2017 09:25:14 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ga.js Show response
zaonutrition.co.za/simcard/course/www.coursesites.com_files/ 40 KB
40 KB 159ms
158ms Script
application/javascript 41.185.64.125
webafrica

General

Check archive.org

Show headers Download Go to

Full URL: http://zaonutrition.co.za/simcard/course/www.coursesites.com_files/ga.js
Requested by: Host: zaonutrition.co.za
URL: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
Protocol: HTTP/1.1
Server: 41.185.64.125 , South Africa, ASN36943 (webafrica, ZA),
Reverse DNS: aeh77-cvps01monitor.cpt.wa.co.za
Software: Apache /
Resource Hash: 54210e4001e71dc204bdd71ff0a24f5c5526d5a9d652053464af3f270593eb89

Request headers

Referer: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 02 Aug 2017 09:25:14 GMT
Last-Modified: Wed, 18 Feb 2015 03:04:04 GMT
Server: Apache
Connection: close
Accept-Ranges: bytes
Content-Length: 40916
Content-Type: application/javascript

GET
H/1.1 200
OK i18n.js Show response
zaonutrition.co.za/simcard/course/www.coursesites.com_files/ 2 KB
2 KB 320ms
161ms Script
application/javascript 41.185.64.125
webafrica

General

Check archive.org

Show headers Download Go to

Full URL: http://zaonutrition.co.za/simcard/course/www.coursesites.com_files/i18n.js
Requested by: Host: zaonutrition.co.za
URL: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
Protocol: HTTP/1.1
Server: 41.185.64.125 , South Africa, ASN36943 (webafrica, ZA),
Reverse DNS: aeh77-cvps01monitor.cpt.wa.co.za
Software: Apache /
Resource Hash: 56e990cbf10139197349cfe4ac2bb2d134c774dfc46ec0a953cdf15e95d86926

Request headers

Referer: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 02 Aug 2017 09:25:14 GMT
Last-Modified: Wed, 18 Feb 2015 03:04:04 GMT
Server: Apache
Connection: close
Accept-Ranges: bytes
Content-Length: 2102
Content-Type: application/javascript

GET
H/1.1 200
OK fastinit.js Show response
zaonutrition.co.za/simcard/course/www.coursesites.com_files/ 5 KB
5 KB 320ms
161ms Script
application/javascript 41.185.64.125
webafrica

General

Check archive.org

Show headers Download Go to

Full URL: http://zaonutrition.co.za/simcard/course/www.coursesites.com_files/fastinit.js
Requested by: Host: zaonutrition.co.za
URL: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
Protocol: HTTP/1.1
Server: 41.185.64.125 , South Africa, ASN36943 (webafrica, ZA),
Reverse DNS: aeh77-cvps01monitor.cpt.wa.co.za
Software: Apache /
Resource Hash: af60b9416c525f37661bdf4d5e8ec02546f7e95fe2aed1b4729381ff7912a984

Request headers

Referer: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 02 Aug 2017 09:25:14 GMT
Last-Modified: Wed, 18 Feb 2015 03:04:04 GMT
Server: Apache
Connection: close
Accept-Ranges: bytes
Content-Length: 4763
Content-Type: application/javascript

GET
H/1.1 200
OK prototype.js Show response
zaonutrition.co.za/simcard/course/www.coursesites.com_files/ 169 KB
169 KB 478ms
163ms Script
application/javascript 41.185.64.125
webafrica

General

Check archive.org

Show headers Download Go to

Full URL: http://zaonutrition.co.za/simcard/course/www.coursesites.com_files/prototype.js
Requested by: Host: zaonutrition.co.za
URL: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
Protocol: HTTP/1.1
Server: 41.185.64.125 , South Africa, ASN36943 (webafrica, ZA),
Reverse DNS: aeh77-cvps01monitor.cpt.wa.co.za
Software: Apache /
Resource Hash: 2aaa5096c7bcbb9ee6f877edce090524af183d725a203ec2b2e88895fdc8df0e

Request headers

Referer: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 02 Aug 2017 09:25:14 GMT
Last-Modified: Wed, 18 Feb 2015 03:04:04 GMT
Server: Apache
Connection: close
Accept-Ranges: bytes
Content-Length: 173119
Content-Type: application/javascript

GET
H/1.1 200
OK identityProvider.js Show response
zaonutrition.co.za/simcard/course/www.coursesites.com_files/ 1 KB
1 KB 640ms
160ms Script
application/javascript 41.185.64.125
webafrica

General

Check archive.org

Show headers Download Go to

Full URL: http://zaonutrition.co.za/simcard/course/www.coursesites.com_files/identityProvider.js
Requested by: Host: zaonutrition.co.za
URL: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
Protocol: HTTP/1.1
Server: 41.185.64.125 , South Africa, ASN36943 (webafrica, ZA),
Reverse DNS: aeh77-cvps01monitor.cpt.wa.co.za
Software: Apache /
Resource Hash: 9eeffe25c09d71df2e7109bdde49b0a425c60ef1f5d549bf0535bc61b9893ae2

Request headers

Referer: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 02 Aug 2017 09:25:15 GMT
Last-Modified: Wed, 18 Feb 2015 03:04:04 GMT
Server: Apache
Connection: close
Accept-Ranges: bytes
Content-Length: 1512
Content-Type: application/javascript

GET
H/1.1 200
OK dropdown.css
zaonutrition.co.za/simcard/course/www.coursesites.com_files/ 5 KB
5 KB 318ms
161ms Stylesheet
text/css 41.185.64.125
webafrica

General

Check archive.org

Show headers Download Go to

Full URL: http://zaonutrition.co.za/simcard/course/www.coursesites.com_files/dropdown.css
Requested by: Host: zaonutrition.co.za
URL: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
Protocol: HTTP/1.1
Server: 41.185.64.125 , South Africa, ASN36943 (webafrica, ZA),
Reverse DNS: aeh77-cvps01monitor.cpt.wa.co.za
Software: Apache /
Resource Hash: c284f5da684705336b20fa040be37579af67819b64d2825ceba23506b153df49

Request headers

Referer: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 02 Aug 2017 09:25:14 GMT
Last-Modified: Wed, 18 Feb 2015 03:04:04 GMT
Server: Apache
Connection: close
Accept-Ranges: bytes
Content-Length: 5302
Content-Type: text/css

GET
H/1.1 200
OK uniform.css
zaonutrition.co.za/simcard/course/www.coursesites.com_files/ 8 KB
8 KB 319ms
161ms Stylesheet
text/css 41.185.64.125
webafrica

General

Check archive.org

Show headers Download Go to

Full URL: http://zaonutrition.co.za/simcard/course/www.coursesites.com_files/uniform.css
Requested by: Host: zaonutrition.co.za
URL: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
Protocol: HTTP/1.1
Server: 41.185.64.125 , South Africa, ASN36943 (webafrica, ZA),
Reverse DNS: aeh77-cvps01monitor.cpt.wa.co.za
Software: Apache /
Resource Hash: 7896a666ab390e10ef5ec469dcef5a4ddddf6231551d2f347da6958c8620293d

Request headers

Referer: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 02 Aug 2017 09:25:14 GMT
Last-Modified: Wed, 18 Feb 2015 03:04:04 GMT
Server: Apache
Connection: close
Accept-Ranges: bytes
Content-Length: 8562
Content-Type: text/css

GET
S

200

ga.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

42 KB
16 KB

17ms
5ms

Script
text/javascript

2a00:1450:4001:812::200e
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/ga.js

Requested by

Host: zaonutrition.co.za
URL: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:812::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

Golfe2 /

Resource Hash

4e2ed635abf0b2dcbac3ea04d16ccf58bb2195364d65b76190f03da0f43255c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 06 Jun 2017 00:25:39 GMT
server: Golfe2
age: 5678
date: Wed, 02 Aug 2017 07:50:39 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 16022
expires: Wed, 02 Aug 2017 09:50:39 GMT

Redirect headers

Location: https://www.google-analytics.com/ga.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK cookie.js Show response
zaonutrition.co.za/simcard/course/www.coursesites.com_files/ 3 KB
3 KB 483ms
159ms Script
application/javascript 41.185.64.125
webafrica

General

Check archive.org

Show headers Download Go to

Full URL: http://zaonutrition.co.za/simcard/course/www.coursesites.com_files/cookie.js
Requested by: Host: zaonutrition.co.za
URL: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
Protocol: HTTP/1.1
Server: 41.185.64.125 , South Africa, ASN36943 (webafrica, ZA),
Reverse DNS: aeh77-cvps01monitor.cpt.wa.co.za
Software: Apache /
Resource Hash: c889a2a943033becae4f7adc8bd79b62d7f35d98b239ee456e341d0e2f143390

Request headers

Referer: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 02 Aug 2017 09:25:15 GMT
Last-Modified: Wed, 18 Feb 2015 03:04:04 GMT
Server: Apache
Connection: close
Accept-Ranges: bytes
Content-Length: 2649
Content-Type: application/javascript

GET
H/1.1 200
OK validate_login.js Show response
zaonutrition.co.za/simcard/course/www.coursesites.com_files/ 2 KB
2 KB 484ms
160ms Script
application/javascript 41.185.64.125
webafrica

General

Check archive.org

Show headers Download Go to

Full URL: http://zaonutrition.co.za/simcard/course/www.coursesites.com_files/validate_login.js
Requested by: Host: zaonutrition.co.za
URL: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
Protocol: HTTP/1.1
Server: 41.185.64.125 , South Africa, ASN36943 (webafrica, ZA),
Reverse DNS: aeh77-cvps01monitor.cpt.wa.co.za
Software: Apache /
Resource Hash: e13d19fc6733405a15349cc0f5d5580e4f2ee5a34b7dd3f95ce0ef4ba34272ec

Request headers

Referer: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 02 Aug 2017 09:25:15 GMT
Last-Modified: Wed, 18 Feb 2015 03:04:04 GMT
Server: Apache
Connection: close
Accept-Ranges: bytes
Content-Length: 1574
Content-Type: application/javascript

GET
H/1.1 200
OK office-small.png
ias.static-1and1.com/media/uk/LOGIN_OFFICE365/DEFAULT/ 6 KB
6 KB 35ms
6ms Image
image/png 217.160.86.157
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ias.static-1and1.com/media/uk/LOGIN_OFFICE365/DEFAULT/office-small.png
Requested by: Host: zaonutrition.co.za
URL: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 217.160.86.157 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS: ias.static-1and1.com
Software: Apache /
Resource Hash: f276a3b6ba849c27a24ce3e77e64c0ce44f5e4d0fd4e35ef2c22d1ae2913b874

Request headers

Referer: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Wed, 02 Aug 2017 09:25:17 GMT
Last-Modified: Tue, 01 Aug 2017 14:03:26 GMT
Server: Apache
ETag: W/"5708-1501596206000"
X-Cache-Status: HIT
Content-Type: image/png
Cache-Control: public, max-age=2628000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=15
Content-Length: 5708

GET
S

200

__utm.gif
www.google-analytics.com/r/
Redirect Chain

http://www.google-analytics.com/r/__utm.gif?utmwv=5.6.3&utms=1&utmn=246458567&utmhn=zaonutrition.co.za&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmhid=16...
https://www.google-analytics.com/r/__utm.gif?utmwv=5.6.3&utms=1&utmn=246458567&utmhn=zaonutrition.co.za&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmhid=1...

35 B
53 B

14ms
14ms

Image
image/gif

2a00:1450:4001:812::200e
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/__utm.gif?utmwv=5.6.3&utms=1&utmn=246458567&utmhn=zaonutrition.co.za&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmhid=1654838265&utmr=-&utmp=%2Fsimcard%2Fcourse%2Fmycours.php%3Femail%3Dinfo%40arma.com&utmht=1501665917445&utmac=UA-21199057-1&utmcc=__utma%3D149841085.1117945929.1501665917.1501665917.1501665917.1%3B%2B__utmz%3D149841085.1501665917.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=512124933&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: zaonutrition.co.za
URL: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:812::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Aug 2017 09:25:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/r/__utm.gif?utmwv=5.6.3&utms=1&utmn=246458567&utmhn=zaonutrition.co.za&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmhid=1654838265&utmr=-&utmp=%2Fsimcard%2Fcourse%2Fmycours.php%3Femail%3Dinfo%40arma.com&utmht=1501665917445&utmac=UA-21199057-1&utmcc=__utma%3D149841085.1117945929.1501665917.1501665917.1501665917.1%3B%2B__utmz%3D149841085.1501665917.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=512124933&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
Non-Authoritative-Reason: HSTS

GET
S

200

__utm.gif
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/__utm.gif?utmwv=5.6.3&utms=2&utmn=74771785&utmhn=zaonutrition.co.za&utmt=event&utme=5(Login*Login%20Attempt)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit...
https://www.google-analytics.com/__utm.gif?utmwv=5.6.3&utms=2&utmn=74771785&utmhn=zaonutrition.co.za&utmt=event&utme=5(Login*Login%20Attempt)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bi...

35 B
44 B

5ms
5ms

Image
image/gif

2a00:1450:4001:812::200e
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/__utm.gif?utmwv=5.6.3&utms=2&utmn=74771785&utmhn=zaonutrition.co.za&utmt=event&utme=5(Login*Login%20Attempt)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmhid=1654838265&utmr=-&utmp=%2Fsimcard%2Fcourse%2Fmycours.php%3Femail%3Dinfo%40arma.com&utmht=1501665917447&utmac=UA-21199057-1&utmcc=__utma%3D149841085.1117945929.1501665917.1501665917.1501665917.1%3B%2B__utmz%3D149841085.1501665917.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=&utmu=6AAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: zaonutrition.co.za
URL: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:812::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jul 2017 19:17:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 482872
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/__utm.gif?utmwv=5.6.3&utms=2&utmn=74771785&utmhn=zaonutrition.co.za&utmt=event&utme=5(Login*Login%20Attempt)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmhid=1654838265&utmr=-&utmp=%2Fsimcard%2Fcourse%2Fmycours.php%3Femail%3Dinfo%40arma.com&utmht=1501665917447&utmac=UA-21199057-1&utmcc=__utma%3D149841085.1117945929.1501665917.1501665917.1501665917.1%3B%2B__utmz%3D149841085.1501665917.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=&utmu=6AAAAAAAAAAAAAAAAAAAAAAE~
Non-Authoritative-Reason: HSTS

GET
S 200 hero-still-image-desktop.jpg
officehome.msocdn.com/s/9b4a755b/images/ 154 KB
155 KB 42ms
7ms Image
image/jpeg 2a02:26f0:122:38b::1d8e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://officehome.msocdn.com/s/9b4a755b/images/hero-still-image-desktop.jpg

Requested by

Host: zaonutrition.co.za
URL: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:122:38b::1d8e , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

d89bb86fe481803aa172b1cd9a3993fe59f23cffcc938bd2b827c9d2e0997ca4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://zaonutrition.co.za/simcard/course/mycours.php?email=info@arma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-powered-by: ASP.NET
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
status: 200
x-cache-start: 1499511394
x-as-routekeyapplicationendpointlist: neu.office.com
content-length: 158097
x-ua-compatible: IE=edge,chrome=1
x-as-routekey: OH-neu
x-aspnetmvc-version: 5.2
last-modified: Wed, 05 Jul 2017 16:31:51 GMT
server: Microsoft-IIS/10.0
date: Wed, 02 Aug 2017 09:25:18 GMT
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: public, max-age=31536000
timing-allow-origin: *
expires: Sun, 08 Jul 2018 10:56:34 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.zaonutrition.co.za/	2018-01-31 21:25:17	Name: __utmz Value: 149841085.1501665917.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.zaonutrition.co.za/	2017-08-02 09:55:17	Name: __utmb Value: 149841085.2.9.1501665917
.zaonutrition.co.za/	2019-08-02 09:25:17	Name: __utma Value: 149841085.1117945929.1501665917.1501665917.1501665917.1
.zaonutrition.co.za/	1970-01-01 00:00:00	Name: __utmc Value: 149841085
.zaonutrition.co.za/	2017-08-02 09:35:17	Name: __utmt Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ias.static-1and1.com
officehome.msocdn.com
www.google-analytics.com
zaonutrition.co.za
217.160.86.157
2a00:1450:4001:812::200e
2a02:26f0:122:38b::1d8e
41.185.64.125
2aaa5096c7bcbb9ee6f877edce090524af183d725a203ec2b2e88895fdc8df0e
4e2ed635abf0b2dcbac3ea04d16ccf58bb2195364d65b76190f03da0f43255c5
54210e4001e71dc204bdd71ff0a24f5c5526d5a9d652053464af3f270593eb89
56e990cbf10139197349cfe4ac2bb2d134c774dfc46ec0a953cdf15e95d86926
7896a666ab390e10ef5ec469dcef5a4ddddf6231551d2f347da6958c8620293d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9c9dcab7abdaedff01b4bc2ec270a57be4d54248ec3c42040c70fad6bf599e15
9eeffe25c09d71df2e7109bdde49b0a425c60ef1f5d549bf0535bc61b9893ae2
af60b9416c525f37661bdf4d5e8ec02546f7e95fe2aed1b4729381ff7912a984
c284f5da684705336b20fa040be37579af67819b64d2825ceba23506b153df49
c889a2a943033becae4f7adc8bd79b62d7f35d98b239ee456e341d0e2f143390
d89bb86fe481803aa172b1cd9a3993fe59f23cffcc938bd2b827c9d2e0997ca4
e13d19fc6733405a15349cc0f5d5580e4f2ee5a34b7dd3f95ce0ef4ba34272ec
f276a3b6ba849c27a24ce3e77e64c0ce44f5e4d0fd4e35ef2c22d1ae2913b874

zaonutrition.co.za Open in urlscan Pro 41.185.64.125 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

15 Requests

33 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

4 IPs

4 Countries

439 kBTransfer

465 kBSize

5 Cookies

2 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

5 Cookies

Indicators

zaonutrition.co.za Open in urlscan Pro
41.185.64.125 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

33 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

4
Countries

439 kB
Transfer

465 kB
Size

5
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!