![](/screenshots/8985f040-ce63-4c4b-9d82-4c61d9c396cd.png)
u53830.www1.webdomain.fi
Open in
urlscan Pro
2a03:e581:4::11
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On September 13 via api from GB
Summary
This is the only time u53830.www1.webdomain.fi was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ABSA (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 2a03:e581:4::11 2a03:e581:4::11 | 201057 (MULTIM) (MULTIM) | |
26 | 169.202.9.74 169.202.9.74 | 14115 (AMALGAMAT...) (AMALGAMATED-BSA) | |
5 | 74.220.204.162 74.220.204.162 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
33 | 3 |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 74-220-204-162.unifiedlayer.com
mycareerplug.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
26 |
absa.co.za
ib.absa.co.za |
225 KB |
5 |
mycareerplug.com
mycareerplug.com |
222 KB |
3 |
webdomain.fi
1 redirects
u53830.www1.webdomain.fi |
14 KB |
33 | 3 |
Domain | Requested by | |
---|---|---|
26 | ib.absa.co.za |
u53830.www1.webdomain.fi
|
5 | mycareerplug.com |
u53830.www1.webdomain.fi
|
3 | u53830.www1.webdomain.fi |
1 redirects
u53830.www1.webdomain.fi
|
33 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.absa.co.za |
www.barclays.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ib.absa.co.za DigiCert SHA2 Extended Validation Server CA |
2019-06-11 - 2021-07-03 |
2 years | crt.sh |
mycareerplug.com Let's Encrypt Authority X3 |
2019-09-08 - 2019-12-07 |
3 months | crt.sh |
*.shellit.org Sectigo RSA Domain Validation Secure Server CA |
2019-02-26 - 2021-02-25 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
http://u53830.www1.webdomain.fi/imcd.htm
Frame ID: 35579BA3ABB2BE337AD3E41E56C3389C
Requests: 32 HTTP requests in this frame
Frame:
https://ib.absa.co.za/absa-online/static/style/resources/dot.gif
Frame ID: 3E627D17B2F4820E514D32F741A985D5
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/8985f040-ce63-4c4b-9d82-4c61d9c396cd.png)
Detected technologies
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
16 Outgoing links
These are links going to different origins than the main page.
Title: Absa home page
Search URL Search Domain Scan URL
Title: Notice: Absa Listed Beneficiary
Search URL Search Domain Scan URL
Title: Notice: Sanlam Collective Investments
Search URL Search Domain Scan URL
Title: Security enhancement
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Absa's online security measures
Search URL Search Domain Scan URL
Title: Important information about phishing
Search URL Search Domain Scan URL
Title: Protect yourself online
Search URL Search Domain Scan URL
Title: Online shopping and 3D Secure
Search URL Search Domain Scan URL
Title: Latest internet security software
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Banking regulations
Search URL Search Domain Scan URL
Title: Software requirements
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 25- http://u53830.www1.webdomain.fi/static/style/resources/icon-questionmark-grey.png HTTP 301
- https://u53830.www1.webdomain.fi/static/style/resources/icon-questionmark-grey.png
33 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
imcd.htm
u53830.www1.webdomain.fi/ |
61 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
absa.css
ib.absa.co.za/absa-online/static/style/ |
125 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
ib.absa.co.za/absa-online/static/style/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jcaptcha.css
ib.absa.co.za/absa-online/static/style/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
mycareerplug.com/scd.kerp/ |
91 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
backbase.js
mycareerplug.com/scd.kerp/ |
256 KB 87 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
absa-all-base.js
mycareerplug.com/scd.kerp/ |
370 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.js
mycareerplug.com/scd.kerp/ |
16 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
absa.login.SVM.js
mycareerplug.com/scd.kerp/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ajax-loader-2.gif
ib.absa.co.za/absa-online/static/style/resources/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
absa-logo-2018.png
ib.absa.co.za/absa-online/static/style/resources/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ao-logo2.png
ib.absa.co.za/absa-online/static/style/resources/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dot.gif
ib.absa.co.za/absa-online/static/style/resources/ |
43 B 343 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
locale_en.gif
ib.absa.co.za/absa-online/static/style/resources/ |
70 B 370 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Express_banking_eng.png
ib.absa.co.za/absa-online/assets/Assets/Richmedia/Absaonline/CampaignImages/Eng/ |
28 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
APB2.jpg
ib.absa.co.za/absa-online/assets/Assets/Richmedia/Absaonline/Images/APB/ |
20 KB 20 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Secmon_eng.jpg
ib.absa.co.za/absa-online/assets/Assets/Richmedia/Absaonline/CampaignImages/Eng/ |
64 KB 64 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
barclays_logo.gif
ib.absa.co.za/absa-online/assets/Assets/Richmedia/Absacoza%20Theme/pics/footer/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dot.gif
ib.absa.co.za/absa-online/static/style/resources/ Frame 3E62 |
0 0 |
Document
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Express_banking_eng.png
ib.absa.co.za/absa-online/assets/Assets/Richmedia/Absaonline/CampaignImages/Eng/ |
28 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-navigation-rounded-2018.gif
ib.absa.co.za/absa-online/static/style/resources/ |
100 B 401 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite-titlebar-no-gradients-2018.png
ib.absa.co.za/absa-online/static/style/resources/ |
621 B 922 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite-dividers.gif
ib.absa.co.za/absa-online/static/style/resources/ |
289 B 590 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite-corners-rounded.png
ib.absa.co.za/absa-online/static/style/resources/ |
246 B 547 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gadget-bg.png
ib.absa.co.za/absa-online/static/style/resources/ |
23 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gadget-login-bg.png
ib.absa.co.za/absa-online/static/style/resources/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-questionmark-grey.png
u53830.www1.webdomain.fi/static/style/resources/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
keypad-bg.gif
ib.absa.co.za/absa-online/static/style/www.absa.co.za.2009.ui/keypad/ |
439 B 740 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
key-button.gif
ib.absa.co.za/absa-online/static/style/www.absa.co.za.2009.ui/resources/ |
379 B 680 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
keypad-backspace.png
ib.absa.co.za/absa-online/static/style/www.absa.co.za.2009.ui/resources/ |
209 B 510 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
button.png
ib.absa.co.za/absa-online/static/style/resources/ |
491 B 792 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
buttonArrowWhite.png
ib.absa.co.za/absa-online/static/style/resources/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite-icons-bar-status.png
ib.absa.co.za/absa-online/static/style/resources/ |
553 B 854 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ABSA (Banking)55 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| SOAPEnvelope function| j1_ object| JSONRequest function| JSONRequestError object| bb object| portal object| gadgets object| absa function| triggerModal4Body function| absaGadgetTemplate undefined| onReturn function| onForm1Submit function| doSubmitForm1 function| resetForm1 function| checkEntries2 function| onForm2Submit function| doSubmitForm2 function| resetForm2 function| onForm3Submit function| doSubmitForm3 function| resetForm3 function| onForm4Submit function| doSubmitForm4 function| onForm5Submit function| doSubmitForm5 function| showErrorMessage function| hideErrorMessages function| doMoveForm2Focus function| showHideHelp function| showPasswordTips function| changeLang function| getLanguage function| ajax_post_call function| ajax_post_callBack2 function| ajax_post_callBack3 function| checkField function| checkFirstCardDigitMatch function| isNumeric function| checkAccessNumber function| checkPinNumber function| removeErrorMessages function| loginContinue function| loginContinue2 function| loginContinue3 function| checkPhoneDigits function| checkRVN function| loginContinue4 function| startTimer function| showmodalWindow object| xhtml object| btl function| oldConvert function| oldGetStyle3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
u53830.www1.webdomain.fi/ | Name: JPBHFlk_QcNh Value: 7V48MGWjNw0X |
|
u53830.www1.webdomain.fi/ | Name: MZQARntlh Value: gVUv2AbCs |
|
u53830.www1.webdomain.fi/ | Name: pYObuaFVsekMiHJ Value: 62rJnH8GeaBij%5DC |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ib.absa.co.za
mycareerplug.com
u53830.www1.webdomain.fi
169.202.9.74
2a03:e581:4::11
74.220.204.162
1617f9443945fdd7e3ff09558dbc3e5ecfaf2e24bb6daf56d170913a3ee136d7
1723fd2bd8c98417e8739ab2853cb92dfb0e50113a7a9726d2cceb69d00eea05
18f1f6f67b71c269aa04036e49e5ec6f0db474938b4e1342f92e43bb9ea6ef7d
1a26395eab756d476a44492edba11fbb4dfe44d42ed1599f04fdef5ea18ac954
264284f295cf47a40cde4ef8663a4dadbe303f1ff210e9dc52d2ac91cb6b104c
31d4c1cd3bf18363ff7643f87a54fecd70376fed89cd5805ced2e323127fa334
3c243a2d63452b7a8392cdf93e637ec423b3241149831b2082283063d1e34413
3d9062add3a3419de36dac8b09af9960e412c570e256cbe5ca6c0910b30d9aef
3f596c191ddbe25572cfb3ace361b84724d6dd5ac3a486ed5cbbfde21865163f
42073c1b1763c111523ed6f46b0eb0461c9fed9989f524437a6e099c9bf92267
4c4a36be788a6c7da90427e5986cbfba7da49bc1296fb965e86da3e5282efb5f
50a67bf5b7e45c9779dd68140dff2c87c9877e8984bc64d845e99d4e6b58786d
6a1423dcdc9a531df9d5dfc5a1ea720eec868eda0a56e1580a0c71c69e79b8fe
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8ff7cdb6573e122fe3c0671e907fbedb185afc2b83157fb8142776b1907f5512
98062aa911bd81be3f5dc6c7898d5c87c3fb866adae7d04529c64750564bfa75
9f8e9f22e07c69671b529f27fbd307da8409f499fc844e686a1efe81aa74de45
a0bfd5bef65c754b35599a259b2aa7373857a385802d705f090ea4fef18470be
ada2e972abcb9493c9b709ce52c1b2122b0320a9ec37d4c5ca13a132dfda11e1
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6b693de4c17c014dad29abe5294359606104283674d45ee8348e9dc731ff540
b90e9d891c1b60bbb442d0c18a93bef607f0c49854a151e204bb66ca409ca1e4
c27aee2360a4554999091c3f4acbe28c3e0badb1484d2aee914e1d8b4f7ace1f
ca557e0f61a59f2511a11104bde0080ba24e6de61587b8d6e48356cff4701c08
cf413eadb145d61e5ff5bcdc011bdb3955623cf4b1df69b5b25a1eeece7cf307
d3dbb7567bec3fa266960ee53ee72d534e1834e481ff502a0901fcb32af7ff23
dbdc69769919eb9de6942ac447a2b029681b71b36c0154e7bee12977063b1f42
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaeed2c74530ab60fd0964b59becee22a53868b9039d430c797eadc9a1d210af
ee8f5af250e7df71b88df4ed3c0244096f7b16408053555d46a02d5130c3bf01