services.ird.govt.nz-portal.digiman.co.za Open in urlscan Pro
41.185.8.146 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://services.ird.govt.nz-portal.digiman.co.za/ird/
Submission Tags: 7005948
Submission: On March 08 via api (March 8th 2021, 12:46:39 am UTC) from NL

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 41.185.8.146, located in South Africa and belongs to ZA-1-Grid, ZA. The main domain is services.ird.govt.nz-portal.digiman.co.za.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 5th 2021. Valid for: 3 months.

This is the only time services.ird.govt.nz-portal.digiman.co.za was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NZ Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
9	41.185.8.146 41.185.8.146	36943 (ZA-1-Grid) (ZA-1-Grid)
1	138.235.100.13 138.235.100.13	4771 (SPARKNZ S...) (SPARKNZ Spark New Zealand Trading Ltd.)
10	2

9 41.185.8.146 (South Africa)

ASN36943 (ZA-1-Grid, ZA)
PTR: srv46.hostserv.co.za

services.ird.govt.nz-portal.digiman.co.za	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 138.235.100.13 (New Zealand)

ASN4771 (SPARKNZ Spark New Zealand Trading Ltd., NZ)

services.ird.govt.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	digiman.co.za services.ird.govt.nz-portal.digiman.co.za	343 KB
1	ird.govt.nz services.ird.govt.nz	5 KB
10	2

	Domain	Requested by
9	services.ird.govt.nz-portal.digiman.co.za	services.ird.govt.nz-portal.digiman.co.za
1	services.ird.govt.nz	services.ird.govt.nz-portal.digiman.co.za
10	2

This site contains no links.

Subject Issuer	Validity	Valid
services.ird.govt.nz-portal.digiman.co.za cPanel, Inc. Certification Authority	`2021-03-05` - `2021-06-03`	3 months	crt.sh
services.ird.govt.nz DigiCert TLS RSA SHA256 2020 CA1	`2020-12-22` - `2022-01-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://services.ird.govt.nz-portal.digiman.co.za/ird/
Frame ID: 0DBA6449A485FF073E28243709F8A6A5
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

348 kB
Transfer

345 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response services.ird.govt.nz-portal.digiman.co.za/ird/	4 KB 4 KB	508ms 171ms	Document text/html	41.185.8.146 ZA-1-Grid
General Check archive.org Show headers Download Go to Full URL https://services.ird.govt.nz-portal.digiman.co.za/ird/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 41.185.8.146 , South Africa, ASN36943 (ZA-1-Grid, ZA), Reverse DNS srv46.hostserv.co.za Software Apache / PHP/7.1.33 Resource Hash `90a5717f249f41aee8ca19f7cc08dc68c3545bacc91db13e624e62880b58f7b0` Request headers Host services.ird.govt.nz-portal.digiman.co.za Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 08 Mar 2021 00:46:21 GMT Server Apache X-Powered-By PHP/7.1.33 Content-Length 3945 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	bootstrap.css services.ird.govt.nz-portal.digiman.co.za/ird/dev/	170 KB 170 KB	166ms 165ms	Stylesheet text/css	41.185.8.146 ZA-1-Grid
General Check archive.org Show headers Download Go to Full URL https://services.ird.govt.nz-portal.digiman.co.za/ird/dev/bootstrap.css Requested by Host: services.ird.govt.nz-portal.digiman.co.za URL: https://services.ird.govt.nz-portal.digiman.co.za/ird/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 41.185.8.146 , South Africa, ASN36943 (ZA-1-Grid, ZA), Reverse DNS srv46.hostserv.co.za Software Apache / Resource Hash `7bce1816c1a043accc42ee2a38bf2a76db546095ccb1bb6238a2ef0c4aab5a73` Request headers Referer https://services.ird.govt.nz-portal.digiman.co.za/ird/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 08 Mar 2021 00:46:21 GMT Last-Modified Fri, 05 Mar 2021 20:44:49 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 173669
GET H/1.1	200 OK	login-base.css services.ird.govt.nz-portal.digiman.co.za/ird/dev/	15 KB 15 KB	496ms 165ms	Stylesheet text/css	41.185.8.146 ZA-1-Grid
General Check archive.org Show headers Download Go to Full URL https://services.ird.govt.nz-portal.digiman.co.za/ird/dev/login-base.css Requested by Host: services.ird.govt.nz-portal.digiman.co.za URL: https://services.ird.govt.nz-portal.digiman.co.za/ird/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 41.185.8.146 , South Africa, ASN36943 (ZA-1-Grid, ZA), Reverse DNS srv46.hostserv.co.za Software Apache / Resource Hash `6329fd443cca71e3a277dde01700f5dffcb71cdf4ac4ee8840627933ce8167ba` Request headers Referer https://services.ird.govt.nz-portal.digiman.co.za/ird/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 08 Mar 2021 00:46:21 GMT Last-Modified Fri, 05 Mar 2021 20:44:49 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 15339
GET H/1.1	200 OK	login-sm.css services.ird.govt.nz-portal.digiman.co.za/ird/dev/	4 KB 4 KB	497ms 166ms	Stylesheet text/css	41.185.8.146 ZA-1-Grid
General Check archive.org Show headers Download Go to Full URL https://services.ird.govt.nz-portal.digiman.co.za/ird/dev/login-sm.css Requested by Host: services.ird.govt.nz-portal.digiman.co.za URL: https://services.ird.govt.nz-portal.digiman.co.za/ird/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 41.185.8.146 , South Africa, ASN36943 (ZA-1-Grid, ZA), Reverse DNS srv46.hostserv.co.za Software Apache / Resource Hash `17b96e6d03aba2594e49eb8fe8221db23b2bb66a3b7617fafdec0a357a73e468` Request headers Referer https://services.ird.govt.nz-portal.digiman.co.za/ird/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 08 Mar 2021 00:46:21 GMT Last-Modified Fri, 05 Mar 2021 20:44:49 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3587
GET H/1.1	200 OK	login-md.css services.ird.govt.nz-portal.digiman.co.za/ird/dev/	4 KB 4 KB	499ms 166ms	Stylesheet text/css	41.185.8.146 ZA-1-Grid
General Check archive.org Show headers Download Go to Full URL https://services.ird.govt.nz-portal.digiman.co.za/ird/dev/login-md.css Requested by Host: services.ird.govt.nz-portal.digiman.co.za URL: https://services.ird.govt.nz-portal.digiman.co.za/ird/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 41.185.8.146 , South Africa, ASN36943 (ZA-1-Grid, ZA), Reverse DNS srv46.hostserv.co.za Software Apache / Resource Hash `e3540248ae0c8f518d0664eca5a882f7381e89b7e840abcdfb228d58d93d1449` Request headers Referer https://services.ird.govt.nz-portal.digiman.co.za/ird/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 08 Mar 2021 00:46:21 GMT Last-Modified Fri, 05 Mar 2021 20:44:49 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3936
GET H/1.1	200 OK	login-lg.css services.ird.govt.nz-portal.digiman.co.za/ird/dev/	4 KB 4 KB	500ms 165ms	Stylesheet text/css	41.185.8.146 ZA-1-Grid
General Check archive.org Show headers Download Go to Full URL https://services.ird.govt.nz-portal.digiman.co.za/ird/dev/login-lg.css Requested by Host: services.ird.govt.nz-portal.digiman.co.za URL: https://services.ird.govt.nz-portal.digiman.co.za/ird/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 41.185.8.146 , South Africa, ASN36943 (ZA-1-Grid, ZA), Reverse DNS srv46.hostserv.co.za Software Apache / Resource Hash `928003200786af6e466683e2576f23c3d888d86135dbdbde4dccfdf15a95cd2d` Request headers Referer https://services.ird.govt.nz-portal.digiman.co.za/ird/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 08 Mar 2021 00:46:21 GMT Last-Modified Fri, 05 Mar 2021 20:44:49 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3949
GET H/1.1	200 OK	logo-myir-lg.png services.ird.govt.nz/irsso/resources/img/	5 KB 5 KB	2150ms 292ms	Image image/png	138.235.100.13 SPARKNZ Spark New...
General Check archive.org Show headers Download Go to Show image Full URL https://services.ird.govt.nz/irsso/resources/img/logo-myir-lg.png Requested by Host: services.ird.govt.nz-portal.digiman.co.za URL: https://services.ird.govt.nz-portal.digiman.co.za/ird/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 138.235.100.13 , New Zealand, ASN4771 (SPARKNZ Spark New Zealand Trading Ltd., NZ), Reverse DNS Software / Resource Hash `a867943372f6f7a9ad62e54eef1fc0116dea05e68873c9b886cc0ba05cd0ec2b` Request headers Referer https://services.ird.govt.nz-portal.digiman.co.za/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers X-OAUTH-IDENTITY-DOMAIN-NAME PROD_IRDomain, PROD_IRDomain Last-Modified Thu, 18 Feb 2021 05:32:26 GMT Date Mon, 08 Mar 2021 00:46:23 GMT X-ORACLE-DMS-ECID 005jFj3KK7kBd5O5yjx0iW000Dsq0000IB Content-Type image/png X-ORACLE-DMS-RID 0:1 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=31, max=100 Content-Length 4823
GET H/1.1	200 OK	New_Zealand_Government_logo.svg services.ird.govt.nz-portal.digiman.co.za/ird/dev/	6 KB 7 KB	167ms 166ms	Image image/svg+xml	41.185.8.146 ZA-1-Grid
General Check archive.org Show headers Download Go to Show image Full URL https://services.ird.govt.nz-portal.digiman.co.za/ird/dev/New_Zealand_Government_logo.svg Requested by Host: services.ird.govt.nz-portal.digiman.co.za URL: https://services.ird.govt.nz-portal.digiman.co.za/ird/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 41.185.8.146 , South Africa, ASN36943 (ZA-1-Grid, ZA), Reverse DNS srv46.hostserv.co.za Software Apache / Resource Hash `4d407be54018aec8b0377456de982568ba3e889643af298bc411a306f089562f` Request headers Referer https://services.ird.govt.nz-portal.digiman.co.za/ird/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 08 Mar 2021 00:46:21 GMT Last-Modified Fri, 05 Mar 2021 20:44:49 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 6475
GET H/1.1	200 OK	jquery-3.3.1.min.js Show response services.ird.govt.nz-portal.digiman.co.za/ird/dev/	85 KB 85 KB	500ms 166ms	Script application/javascript	41.185.8.146 ZA-1-Grid
General Check archive.org Show headers Download Go to Full URL https://services.ird.govt.nz-portal.digiman.co.za/ird/dev/jquery-3.3.1.min.js Requested by Host: services.ird.govt.nz-portal.digiman.co.za URL: https://services.ird.govt.nz-portal.digiman.co.za/ird/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 41.185.8.146 , South Africa, ASN36943 (ZA-1-Grid, ZA), Reverse DNS srv46.hostserv.co.za Software Apache / Resource Hash `160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef` Request headers Referer https://services.ird.govt.nz-portal.digiman.co.za/ird/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 08 Mar 2021 00:46:21 GMT Last-Modified Fri, 05 Mar 2021 20:44:49 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 86927
GET H/1.1	200 OK	bootstrap.min.js Show response services.ird.govt.nz-portal.digiman.co.za/ird/dev/	50 KB 50 KB	166ms 166ms	Script application/javascript	41.185.8.146 ZA-1-Grid
General Check archive.org Show headers Download Go to Full URL https://services.ird.govt.nz-portal.digiman.co.za/ird/dev/bootstrap.min.js Requested by Host: services.ird.govt.nz-portal.digiman.co.za URL: https://services.ird.govt.nz-portal.digiman.co.za/ird/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 41.185.8.146 , South Africa, ASN36943 (ZA-1-Grid, ZA), Reverse DNS srv46.hostserv.co.za Software Apache / Resource Hash `8713b8c06dbd3b459163d11eef03ef255e09013d8b4bf89b840a5ea411a52753` Request headers Referer https://services.ird.govt.nz-portal.digiman.co.za/ird/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 08 Mar 2021 00:46:21 GMT Last-Modified Fri, 05 Mar 2021 20:44:49 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 50998

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NZ Government (Government)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

services.ird.govt.nz
services.ird.govt.nz-portal.digiman.co.za
138.235.100.13
41.185.8.146
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
17b96e6d03aba2594e49eb8fe8221db23b2bb66a3b7617fafdec0a357a73e468
4d407be54018aec8b0377456de982568ba3e889643af298bc411a306f089562f
6329fd443cca71e3a277dde01700f5dffcb71cdf4ac4ee8840627933ce8167ba
7bce1816c1a043accc42ee2a38bf2a76db546095ccb1bb6238a2ef0c4aab5a73
8713b8c06dbd3b459163d11eef03ef255e09013d8b4bf89b840a5ea411a52753
90a5717f249f41aee8ca19f7cc08dc68c3545bacc91db13e624e62880b58f7b0
928003200786af6e466683e2576f23c3d888d86135dbdbde4dccfdf15a95cd2d
a867943372f6f7a9ad62e54eef1fc0116dea05e68873c9b886cc0ba05cd0ec2b
e3540248ae0c8f518d0664eca5a882f7381e89b7e840abcdfb228d58d93d1449

services.ird.govt.nz-portal.digiman.co.za Open in urlscan Pro 41.185.8.146 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

348 kBTransfer

345 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

0 Cookies

Indicators

services.ird.govt.nz-portal.digiman.co.za Open in urlscan Pro
41.185.8.146 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

348 kB
Transfer

345 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!