bilberryfreight.com
Open in
urlscan Pro
34.73.207.175
Malicious Activity!
Public Scan
Submission Tags: 7310169
Submission: On October 04 via api from US — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. ECC Certification Authority on September 13th 2021. Valid for: 3 months.
This is the only time bilberryfreight.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nedbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
14 | 34.73.207.175 34.73.207.175 | 15169 (GOOGLE) (GOOGLE) | |
14 | 1 |
ASN15169 (GOOGLE, US)
PTR: host.bilberryfreight.com
bilberryfreight.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
bilberryfreight.com
bilberryfreight.com |
535 KB |
14 | 1 |
Domain | Requested by | |
---|---|---|
14 | bilberryfreight.com |
bilberryfreight.com
|
14 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
bilberryfreight.com cPanel, Inc. ECC Certification Authority |
2021-09-13 - 2021-12-12 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bilberryfreight.com/.java/boerspay.htm
Frame ID: 3ED4C46A44693F5195D58C095E1FB437
Requests: 14 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
boerspay.htm
bilberryfreight.com/.java/ |
375 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
bilberryfreight.com/.java/metaela/ |
173 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
bilberryfreight.com/.java/metaela/ |
95 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bffdre443d2ews2317366ter54ref.php
bilberryfreight.com/.java/diskripti/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Icon.ef111dcaf7b1952d120f.svg
bilberryfreight.com/.java/ |
31 KB 31 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
location-blank-green.4b8e66bca4aac4a2aad6.svg
bilberryfreight.com/.java/ |
31 KB 31 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
contact-blank-green.a180fba4b897921edd0b.svg
bilberryfreight.com/.java/ |
31 KB 31 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KenaKahare_v2.png
bilberryfreight.com/.java/difoto/ |
100 KB 101 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Eye-Show.e1de9570f043be4db21c.svg
bilberryfreight.com/.java/metaela/ |
31 KB 31 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
contact-footer.ff0deb4d99b5c501e332.svg
bilberryfreight.com/.java/ |
60 KB 60 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
location-blank.e36d304f8628a21886d3.svg
bilberryfreight.com/.java/ |
31 KB 31 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
phoneicon.d20aa97e94487e70b840.svg
bilberryfreight.com/.java/ |
31 KB 31 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tncs.04b64534a4bbcb7c2676.svg
bilberryfreight.com/.java/ |
31 KB 31 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FontFont%20-%20MarkPro.12d6724a254d3be629fc.otf
bilberryfreight.com/.java/difonto/ |
162 KB 72 KB |
Font
font/otf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nedbank (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery string| site_Url0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
9 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests |
Strict-Transport-Security | max-age=300 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bilberryfreight.com
34.73.207.175
354cb0a75fdc0745134b7809a64030764e4b22c5161d679fdd9ad01b4d8386ca
3a647544db1601ff8ff43d6a86a6b1fc266f4189509a4934c03571e23ab83b22
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
85881ee7adcfdc0f9fe9e172e2a1eab265afe7939ad6959a548100d2eb2b71ce
859c1d3f598d481abcd2ac43d33804b04aaf19c9a8b82e2b9c98aacc3b3a973e
8887a3e0dea10c649e723d160fcac04d7432910580a8c0f2726c0c27ef8ee9cc
b2e3cf4829da7cebe6656d9a168427a372e55c57465019a74d321250383ec649
eaa561f9f8ef5b69bd39e15e332dc3700decacebf48e08b0640ad3a5d8711f65