usc1.contabostorage.com

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 209.126.15.85, located in St Louis, United States and belongs to NL-811-40021, US. The main domain is usc1.contabostorage.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on April 23rd 2024. Valid for: 3 months.

This is the only time usc1.contabostorage.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Standard Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	209.126.15.85 209.126.15.85	40021 (NL-811-40021) (NL-811-40021)
3	41.185.8.76 41.185.8.76	36943 (ZA-1-Grid) (ZA-1-Grid)
5	3

1 209.126.15.85 (St Louis, United States)

ASN40021 (NL-811-40021, US)
PTR: usc1.contabostorage.com

usc1.contabostorage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 41.185.8.76 (South Africa)

ASN36943 (ZA-1-Grid, ZA)
PTR: srv78.hostserv.co.za

diatheke.sbs	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	diatheke.sbs diatheke.sbs	56 KB
1	contabostorage.com usc1.contabostorage.com	2 KB
0	standardbank.co.za Failed onlinebanking.standardbank.co.za Failed
5	3

	Domain	Requested by
3	diatheke.sbs	usc1.contabostorage.com
1	usc1.contabostorage.com
0	onlinebanking.standardbank.co.za Failed	usc1.contabostorage.com
5	3

This site contains no links.

Subject Issuer	Validity	Valid
*.contabostorage.com ZeroSSL RSA Domain Secure Site CA	`2024-04-23` - `2024-07-22`	3 months	crt.sh
*.roarbar.sbs R3	`2024-05-18` - `2024-08-16`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://usc1.contabostorage.com/a29eefb78e3d43e8a546f40552573775:debit-order-cancellation-276a4edc1/debit-order-cancellation-298a642dc-01.html
Frame ID: BF34E63F50A200AE7EEAD6E8FA584A2B
Requests: 4 HTTP requests in this frame

Frame: https://onlinebanking.standardbank.co.za/
Frame ID: 79F74E94C8701D074533794FB0F0266D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign inStandard Bank Online Banking

Page Statistics

5
Requests

80 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

58 kB
Transfer

59 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://diatheke.sbs/25278/well-known/app/index.php HTTP 302
https://onlinebanking.standardbank.co.za/

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request debit-order-cancellation-298a642dc-01.html Show response
usc1.contabostorage.com/a29eefb78e3d43e8a546f40552573775:debit-order-cancellation-276a4edc1/ 4 KB
2 KB 424ms
134ms Document
text/html 209.126.15.85
NL-811-40021

General

Check archive.org

Show headers Download Go to

Full URL

https://usc1.contabostorage.com/a29eefb78e3d43e8a546f40552573775:debit-order-cancellation-276a4edc1/debit-order-cancellation-298a642dc-01.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

209.126.15.85 St Louis, United States, ASN40021 (NL-811-40021, US),

Reverse DNS

usc1.contabostorage.com

Software

nginx /

Resource Hash

b6d28e0a18f64433b680bd09b694f64bb5b3a24a27c4b1475c210023ff24c523

Security Headers

Name	Value
Strict-Transport-Security	max-age=16000000; includeSubDomains; preload;

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 03 Jun 2024 21:43:14 GMT
etag: W/"45b4c47c6cbe601f3fc6c673afb26e6f"
last-modified: Thu, 30 May 2024 17:24:52 GMT
ratelimit-limit: 250
ratelimit-remaining: 249
ratelimit-reset: 1
server: nginx
strict-transport-security: max-age=16000000; includeSubDomains; preload;
transfer-encoding: chunked
x-amz-request-id: tx0000009bed99f7a87d240-00665da8ff-472c32-default
x-proxy-cache: HIT
x-ratelimit-limit-second: 250
x-ratelimit-remaining-second: 249
x-rgw-object-type: Normal

GET
H/1.1 200
OK bundle.css
diatheke.sbs/25278/well-known/libraries/css/ 11 KB
12 KB 1017ms
171ms Stylesheet
text/css 41.185.8.76
ZA-1-Grid

General

Check archive.org

Show headers Download Go to

Full URL: https://diatheke.sbs/25278/well-known/libraries/css/bundle.css
Requested by: Host: usc1.contabostorage.com
URL: https://usc1.contabostorage.com/a29eefb78e3d43e8a546f40552573775:debit-order-cancellation-276a4edc1/debit-order-cancellation-298a642dc-01.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 41.185.8.76 , South Africa, ASN36943 (ZA-1-Grid, ZA),
Reverse DNS: srv78.hostserv.co.za
Software: Apache /
Resource Hash: de0155180c337684426db0246ce969f3ac30caf43499f932fe45e0b7ad003628

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://usc1.contabostorage.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 03 Jun 2024 21:43:15 GMT
Last-Modified: Fri, 08 Mar 2024 11:57:04 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 11737

GET
H/1.1 200
OK ionic.bundle.css
diatheke.sbs/25278/well-known/libraries/css/ 19 KB
19 KB 1016ms
171ms Stylesheet
text/css 41.185.8.76
ZA-1-Grid

General

Check archive.org

Show headers Download Go to

Full URL: https://diatheke.sbs/25278/well-known/libraries/css/ionic.bundle.css
Requested by: Host: usc1.contabostorage.com
URL: https://usc1.contabostorage.com/a29eefb78e3d43e8a546f40552573775:debit-order-cancellation-276a4edc1/debit-order-cancellation-298a642dc-01.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 41.185.8.76 , South Africa, ASN36943 (ZA-1-Grid, ZA),
Reverse DNS: srv78.hostserv.co.za
Software: Apache /
Resource Hash: 3789296a3c60f4cfa82fd3c139d1d7ef968a06a4bab871f679562121a5869b44

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://usc1.contabostorage.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 03 Jun 2024 21:43:15 GMT
Last-Modified: Fri, 08 Mar 2024 11:57:04 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 18987

GET
H/1.1 200
OK sbg.css
diatheke.sbs/25278/well-known/libraries/css/ 26 KB
26 KB 1008ms
167ms Stylesheet
text/css 41.185.8.76
ZA-1-Grid

General

Check archive.org

Show headers Download Go to

Full URL: https://diatheke.sbs/25278/well-known/libraries/css/sbg.css
Requested by: Host: usc1.contabostorage.com
URL: https://usc1.contabostorage.com/a29eefb78e3d43e8a546f40552573775:debit-order-cancellation-276a4edc1/debit-order-cancellation-298a642dc-01.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 41.185.8.76 , South Africa, ASN36943 (ZA-1-Grid, ZA),
Reverse DNS: srv78.hostserv.co.za
Software: Apache /
Resource Hash: c38cb2bd5c5a1f6c04f18f487bc6f488454aa2668777ab0d9e515cfdac74b78b

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://usc1.contabostorage.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 03 Jun 2024 21:43:15 GMT
Last-Modified: Fri, 08 Mar 2024 11:57:04 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 26137

GET

/
onlinebanking.standardbank.co.za/ Frame 79F7
Redirect Chain

https://diatheke.sbs/25278/well-known/app/index.php
https://onlinebanking.standardbank.co.za/

0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: onlinebanking.standardbank.co.za
URL: https://onlinebanking.standardbank.co.za/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Standard Bank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=16000000; includeSubDomains; preload;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

diatheke.sbs
onlinebanking.standardbank.co.za
usc1.contabostorage.com
onlinebanking.standardbank.co.za
209.126.15.85
41.185.8.76
3789296a3c60f4cfa82fd3c139d1d7ef968a06a4bab871f679562121a5869b44
b6d28e0a18f64433b680bd09b694f64bb5b3a24a27c4b1475c210023ff24c523
c38cb2bd5c5a1f6c04f18f487bc6f488454aa2668777ab0d9e515cfdac74b78b
de0155180c337684426db0246ce969f3ac30caf43499f932fe45e0b7ad003628

usc1.contabostorage.com Open in urlscan Pro 209.126.15.85 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

5 Requests

80 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

58 kBTransfer

59 kBSize

0 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

usc1.contabostorage.com Open in urlscan Pro
209.126.15.85 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

80 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

58 kB
Transfer

59 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!