u53830.www1.webdomain.fi
Open in
urlscan Pro
2a03:e581:4::11
Malicious Activity!
Public Scan
URL:
http://u53830.www1.webdomain.fi/imcd.htm
Submission Tags: @ipnigh
Submission: On September 13 via api from GB
Submission Tags: @ipnigh
Submission: On September 13 via api from GB
Summary
This website contacted 3 IPs
in 3 countries
across 3 domains to perform 33 HTTP transactions.
The main IP is 2a03:e581:4::11, located in
Finland and
belongs to MULTIM, FI.
The main domain is u53830.www1.webdomain.fi.
This is the only time u53830.www1.webdomain.fi was scanned on urlscan.io!
This is the only time u53830.www1.webdomain.fi was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ABSA (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 3 | 2a03:e581:4::11 2a03:e581:4::11 | 201057 (MULTIM) (MULTIM) | |
| 26 | 169.202.9.74 169.202.9.74 | 14115 (AMALGAMAT...) (AMALGAMATED-BSA) | |
| 5 | 74.220.204.162 74.220.204.162 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
| 33 | 3 |
5
74.220.204.162
(Provo, United States)
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 74-220-204-162.unifiedlayer.com
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 74-220-204-162.unifiedlayer.com
| mycareerplug.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 26 |
absa.co.za
ib.absa.co.za |
225 KB |
| 5 |
mycareerplug.com
mycareerplug.com |
222 KB |
| 3 |
webdomain.fi
1 redirects
u53830.www1.webdomain.fi |
14 KB |
| 33 | 3 |
| Domain | Requested by | |
|---|---|---|
| 26 | ib.absa.co.za |
u53830.www1.webdomain.fi
|
| 5 | mycareerplug.com |
u53830.www1.webdomain.fi
|
| 3 | u53830.www1.webdomain.fi |
1 redirects
u53830.www1.webdomain.fi
|
| 33 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.absa.co.za |
| www.barclays.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| ib.absa.co.za DigiCert SHA2 Extended Validation Server CA |
2019-06-11 - 2021-07-03 |
2 years | crt.sh |
| mycareerplug.com Let's Encrypt Authority X3 |
2019-09-08 - 2019-12-07 |
3 months | crt.sh |
| *.shellit.org Sectigo RSA Domain Validation Secure Server CA |
2019-02-26 - 2021-02-25 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
http://u53830.www1.webdomain.fi/imcd.htm
Frame ID: 35579BA3ABB2BE337AD3E41E56C3389C
Requests: 32 HTTP requests in this frame
Frame:
https://ib.absa.co.za/absa-online/static/style/resources/dot.gif
Frame ID: 3E627D17B2F4820E514D32F741A985D5
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
16 Outgoing links
These are links going to different origins than the main page.
URL: http://www.absa.co.za/
Title: Absa home page
Title: Absa home page
Search URL Search Domain Scan URL
URL: http://www.absa.co.za/Absacoza/Media-Centre/Press-Statements/Pretoria-Municipality-Absa-Beneficiary
Title: Notice: Absa Listed Beneficiary
Title: Notice: Absa Listed Beneficiary
Search URL Search Domain Scan URL
URL: http://www.absa.co.za/Absacoza/Media-Centre/Press-Statements/Listed-Beneficiary-Clean-up
Title: Notice: Sanlam Collective Investments
Title: Notice: Sanlam Collective Investments
Search URL Search Domain Scan URL
URL: http://www.absa.co.za/Absacoza/Security-Centre/Online-Security/SureCheck
Title: Security enhancement
Title: Security enhancement
Search URL Search Domain Scan URL
URL: http://www.absa.co.za/Absacoza/Individual/Ways-to-Bank/Anytime%2C-Anywhere/Absa-Online
Title: Contact us
Title: Contact us
Search URL Search Domain Scan URL
URL: http://www.absa.co.za/Absacoza/Offers/Featured-Solutions/AOL-Express
Search URL Search Domain Scan URL
URL: http://www.absa.co.za/Absacoza/
Search URL Search Domain Scan URL
URL: http://www.absa.co.za/Absacoza/Security-Centre/Online-Security/Absa-Online-Security-Measures
Title: Absa's online security measures
Title: Absa's online security measures
Search URL Search Domain Scan URL
URL: http://www.absa.co.za/Absacoza/Security-Centre/Banking-Security/Phishing-Scams
Title: Important information about phishing
Title: Important information about phishing
Search URL Search Domain Scan URL
URL: http://www.absa.co.za/Absacoza/Security-Centre/Online-Security/Protect-Yourself-Online
Title: Protect yourself online
Title: Protect yourself online
Search URL Search Domain Scan URL
URL: http://www.absa.co.za/Absacoza/Security-Centre/Online-Security/Online-Shopping-and-3D-Secure
Title: Online shopping and 3D Secure
Title: Online shopping and 3D Secure
Search URL Search Domain Scan URL
URL: http://www.absa.co.za/Absacoza/Security-Centre/Antivirus-Software/Antivirus-software
Title: Latest internet security software
Title: Latest internet security software
Search URL Search Domain Scan URL
URL: http://www.absa.co.za/Absacoza/Security-Centre
Search URL Search Domain Scan URL
URL: http://www.absa.co.za/Absacoza/About-Absa/Absa-Bank/Corporate-Governance
Title: Banking regulations
Title: Banking regulations
Search URL Search Domain Scan URL
URL: http://www.absa.co.za/Absacoza/Legal/Browser-Requirements
Title: Software requirements
Title: Software requirements
Search URL Search Domain Scan URL
URL: http://www.barclays.com/
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 25- http://u53830.www1.webdomain.fi/static/style/resources/icon-questionmark-grey.png HTTP 301
- https://u53830.www1.webdomain.fi/static/style/resources/icon-questionmark-grey.png
33 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
imcd.htm
u53830.www1.webdomain.fi/ |
61 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
absa.css
ib.absa.co.za/absa-online/static/style/ |
125 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
login.css
ib.absa.co.za/absa-online/static/style/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jcaptcha.css
ib.absa.co.za/absa-online/static/style/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
mycareerplug.com/scd.kerp/ |
91 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
backbase.js
mycareerplug.com/scd.kerp/ |
256 KB 87 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
absa-all-base.js
mycareerplug.com/scd.kerp/ |
370 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login.js
mycareerplug.com/scd.kerp/ |
16 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
absa.login.SVM.js
mycareerplug.com/scd.kerp/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ajax-loader-2.gif
ib.absa.co.za/absa-online/static/style/resources/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
absa-logo-2018.png
ib.absa.co.za/absa-online/static/style/resources/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ao-logo2.png
ib.absa.co.za/absa-online/static/style/resources/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
dot.gif
ib.absa.co.za/absa-online/static/style/resources/ |
43 B 343 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
locale_en.gif
ib.absa.co.za/absa-online/static/style/resources/ |
70 B 370 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Express_banking_eng.png
ib.absa.co.za/absa-online/assets/Assets/Richmedia/Absaonline/CampaignImages/Eng/ |
28 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
APB2.jpg
ib.absa.co.za/absa-online/assets/Assets/Richmedia/Absaonline/Images/APB/ |
20 KB 20 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Secmon_eng.jpg
ib.absa.co.za/absa-online/assets/Assets/Richmedia/Absaonline/CampaignImages/Eng/ |
64 KB 64 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
barclays_logo.gif
ib.absa.co.za/absa-online/assets/Assets/Richmedia/Absacoza%20Theme/pics/footer/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
dot.gif
ib.absa.co.za/absa-online/static/style/resources/ Frame 3E62 |
0 0 |
Document
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Express_banking_eng.png
ib.absa.co.za/absa-online/assets/Assets/Richmedia/Absaonline/CampaignImages/Eng/ |
28 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main-navigation-rounded-2018.gif
ib.absa.co.za/absa-online/static/style/resources/ |
100 B 401 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sprite-titlebar-no-gradients-2018.png
ib.absa.co.za/absa-online/static/style/resources/ |
621 B 922 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sprite-dividers.gif
ib.absa.co.za/absa-online/static/style/resources/ |
289 B 590 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sprite-corners-rounded.png
ib.absa.co.za/absa-online/static/style/resources/ |
246 B 547 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
gadget-bg.png
ib.absa.co.za/absa-online/static/style/resources/ |
23 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
gadget-login-bg.png
ib.absa.co.za/absa-online/static/style/resources/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
icon-questionmark-grey.png
u53830.www1.webdomain.fi/static/style/resources/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
keypad-bg.gif
ib.absa.co.za/absa-online/static/style/www.absa.co.za.2009.ui/keypad/ |
439 B 740 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
key-button.gif
ib.absa.co.za/absa-online/static/style/www.absa.co.za.2009.ui/resources/ |
379 B 680 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
keypad-backspace.png
ib.absa.co.za/absa-online/static/style/www.absa.co.za.2009.ui/resources/ |
209 B 510 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
button.png
ib.absa.co.za/absa-online/static/style/resources/ |
491 B 792 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
buttonArrowWhite.png
ib.absa.co.za/absa-online/static/style/resources/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sprite-icons-bar-status.png
ib.absa.co.za/absa-online/static/style/resources/ |
553 B 854 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ABSA (Banking)55 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| SOAPEnvelope function| j1_ object| JSONRequest function| JSONRequestError object| bb object| portal object| gadgets object| absa function| triggerModal4Body function| absaGadgetTemplate undefined| onReturn function| onForm1Submit function| doSubmitForm1 function| resetForm1 function| checkEntries2 function| onForm2Submit function| doSubmitForm2 function| resetForm2 function| onForm3Submit function| doSubmitForm3 function| resetForm3 function| onForm4Submit function| doSubmitForm4 function| onForm5Submit function| doSubmitForm5 function| showErrorMessage function| hideErrorMessages function| doMoveForm2Focus function| showHideHelp function| showPasswordTips function| changeLang function| getLanguage function| ajax_post_call function| ajax_post_callBack2 function| ajax_post_callBack3 function| checkField function| checkFirstCardDigitMatch function| isNumeric function| checkAccessNumber function| checkPinNumber function| removeErrorMessages function| loginContinue function| loginContinue2 function| loginContinue3 function| checkPhoneDigits function| checkRVN function| loginContinue4 function| startTimer function| showmodalWindow object| xhtml object| btl function| oldConvert function| oldGetStyle3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| u53830.www1.webdomain.fi/ | Name: JPBHFlk_QcNh Value: 7V48MGWjNw0X |
|
| u53830.www1.webdomain.fi/ | Name: MZQARntlh Value: gVUv2AbCs |
|
| u53830.www1.webdomain.fi/ | Name: pYObuaFVsekMiHJ Value: 62rJnH8GeaBij%5DC |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ib.absa.co.za
mycareerplug.com
u53830.www1.webdomain.fi
169.202.9.74
2a03:e581:4::11
74.220.204.162
1617f9443945fdd7e3ff09558dbc3e5ecfaf2e24bb6daf56d170913a3ee136d7
1723fd2bd8c98417e8739ab2853cb92dfb0e50113a7a9726d2cceb69d00eea05
18f1f6f67b71c269aa04036e49e5ec6f0db474938b4e1342f92e43bb9ea6ef7d
1a26395eab756d476a44492edba11fbb4dfe44d42ed1599f04fdef5ea18ac954
264284f295cf47a40cde4ef8663a4dadbe303f1ff210e9dc52d2ac91cb6b104c
31d4c1cd3bf18363ff7643f87a54fecd70376fed89cd5805ced2e323127fa334
3c243a2d63452b7a8392cdf93e637ec423b3241149831b2082283063d1e34413
3d9062add3a3419de36dac8b09af9960e412c570e256cbe5ca6c0910b30d9aef
3f596c191ddbe25572cfb3ace361b84724d6dd5ac3a486ed5cbbfde21865163f
42073c1b1763c111523ed6f46b0eb0461c9fed9989f524437a6e099c9bf92267
4c4a36be788a6c7da90427e5986cbfba7da49bc1296fb965e86da3e5282efb5f
50a67bf5b7e45c9779dd68140dff2c87c9877e8984bc64d845e99d4e6b58786d
6a1423dcdc9a531df9d5dfc5a1ea720eec868eda0a56e1580a0c71c69e79b8fe
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8ff7cdb6573e122fe3c0671e907fbedb185afc2b83157fb8142776b1907f5512
98062aa911bd81be3f5dc6c7898d5c87c3fb866adae7d04529c64750564bfa75
9f8e9f22e07c69671b529f27fbd307da8409f499fc844e686a1efe81aa74de45
a0bfd5bef65c754b35599a259b2aa7373857a385802d705f090ea4fef18470be
ada2e972abcb9493c9b709ce52c1b2122b0320a9ec37d4c5ca13a132dfda11e1
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6b693de4c17c014dad29abe5294359606104283674d45ee8348e9dc731ff540
b90e9d891c1b60bbb442d0c18a93bef607f0c49854a151e204bb66ca409ca1e4
c27aee2360a4554999091c3f4acbe28c3e0badb1484d2aee914e1d8b4f7ace1f
ca557e0f61a59f2511a11104bde0080ba24e6de61587b8d6e48356cff4701c08
cf413eadb145d61e5ff5bcdc011bdb3955623cf4b1df69b5b25a1eeece7cf307
d3dbb7567bec3fa266960ee53ee72d534e1834e481ff502a0901fcb32af7ff23
dbdc69769919eb9de6942ac447a2b029681b71b36c0154e7bee12977063b1f42
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaeed2c74530ab60fd0964b59becee22a53868b9039d430c797eadc9a1d210af
ee8f5af250e7df71b88df4ed3c0244096f7b16408053555d46a02d5130c3bf01