Click to jump to signature section
| Source: http://pub-d208809bd4ab41638cad37b39b3b931d.r2.dev/home.html | Avira URL Cloud: detection malicious, Label: phishing |
| Source: http://pub-d208809bd4ab41638cad37b39b3b931d.r2.dev/home.html | SlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social Engineering |
| Source: http://portal.ram.co.za/ | LLM: Score: 8 Reasons: The domain 'portal.ram.co.za' seems legitimate, but the lack of HTTPS protocol and the simplicity of the design raise some suspicions. The presence of a login form and customer care number also suggests that the site may be attempting to harvest credentials. The fact that the domain is a subdomain of.co.za, which is a common top-level domain for South African websites, adds some credibility. However, the visual LLM's conclusion that the domain'seems appropriate for the identified brand' is not sufficient to guarantee legitimacy, and further investigation is necessary to confirm the site's authenticity. The high phishing score is due to the combination of these factors, which indicate a moderate to high likelihood of phishing activity. DOM: 1.6.pages.csv |
| Source: https://pub-d208809bd4ab41638cad37b39b3b931d.r2.dev/home.html | HTTP Parser: Iframe src: ./pag1_files/saved_resource.html |
| Source: https://pub-d208809bd4ab41638cad37b39b3b931d.r2.dev/home.html | HTTP Parser: Iframe src: ./pag1_files/saved_resource(1).html |
| Source: https://pub-d208809bd4ab41638cad37b39b3b931d.r2.dev/home.html | HTTP Parser: Iframe src: ./pag1_files/saved_resource(2).html |
| Source: https://pub-d208809bd4ab41638cad37b39b3b931d.r2.dev/home.html | HTTP Parser: Iframe src: ./pag1_files/saved_resource(3).html |
| Source: https://pub-d208809bd4ab41638cad37b39b3b931d.r2.dev/home.html | HTTP Parser: Iframe src: ./pag1_files/saved_resource(4).html |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-5RMWXRB |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-5RMWXRB |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-5RMWXRB |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-5RMWXRB |
| Source: https://pub-d208809bd4ab41638cad37b39b3b931d.r2.dev/home.html | HTTP Parser: Number of links: 0 |
| Source: http://portal.ram.co.za/ | HTTP Parser: Number of links: 0 |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: <input type="password" .../> found but no <form action="... |
| Source: https://pub-d208809bd4ab41638cad37b39b3b931d.r2.dev/home.html | HTTP Parser: Total embedded image size: 109868 |
| Source: https://pub-d208809bd4ab41638cad37b39b3b931d.r2.dev/home.html | HTTP Parser: Total embedded background img size: 332903 |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: Title: Error does not match URL |
| Source: http://portal.ram.co.za/ | HTTP Parser: Has password / email / username input fields |
| Source: https://pub-d208809bd4ab41638cad37b39b3b931d.r2.dev/home.html | HTTP Parser: <input type="password" .../> found |
| Source: http://portal.ram.co.za/ | HTTP Parser: <input type="password" .../> found |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: <input type="password" .../> found |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: No favicon |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: No favicon |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: No favicon |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: No favicon |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: No favicon |
| Source: https://pub-d208809bd4ab41638cad37b39b3b931d.r2.dev/home.html | HTTP Parser: No <meta name="author".. found |
| Source: http://portal.ram.co.za/ | HTTP Parser: No <meta name="author".. found |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: No <meta name="author".. found |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: No <meta name="author".. found |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: No <meta name="author".. found |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: No <meta name="author".. found |
| Source: https://pub-d208809bd4ab41638cad37b39b3b931d.r2.dev/home.html | HTTP Parser: No <meta name="copyright".. found |
| Source: http://portal.ram.co.za/ | HTTP Parser: No <meta name="copyright".. found |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: No <meta name="copyright".. found |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: No <meta name="copyright".. found |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: No <meta name="copyright".. found |
| Source: https://www.ram.co.za/information-act.html | HTTP Parser: No <meta name="copyright".. found |
| Source: unknown | HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49725 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49726 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49728 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49748 version: TLS 1.2 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
| Source: global traffic | HTTP traffic detected: HTTP/1.1 200 OKCache-Control: no-cache, max-age=0Pragma: no-cacheContent-Type: text/html; charset=utf-8Content-Encoding: gzipExpires: -1Vary: Accept-EncodingServer: Microsoft-IIS/10.0Set-Cookie: ASP.NET_SessionId=nm1b0lehiozbinemjw0n04d2; path=/; HttpOnly; SameSite=LaxX-AspNet-Version: 4.0.30319X-Powered-By: ASP.NETDate: Fri, 30 Aug 2024 22:44:43 GMTContent-Length: 5405Set-Cookie: cookiesession1=678A3E2D7A2577381AA0A53EF397821F;Expires=Sat, 30 Aug 2025 22:44:43 GMT;Path=/;HttpOnlyX-FWB-Acceleration: 1.0Data Raw: 1f 8b 08 00 00 00 00 00 04 03 b2 51 74 f1 77 0e 89 0c 70 55 c8 28 c9 cd b1 e3 b2 01 51 0a 15 b9 39 79 c5 b6 4a 19 25 25 05 56 fa fa e5 e5 e5 7a e5 c6 7a f9 45 e9 fa 86 96 96 96 fa 15 20 35 4a 76 36 19 a9 89 29 0a 99 29 b6 4a 1e a9 89 29 86 4a 76 36 39 99 79 d9 0a 19 45 a9 69 70 ad 05 f9 45 25 89 39 7a 45 89 b9 7a c9 f9 7a 55 89 fa 8e 05 05 f1 21 19 a9 b9 a9 c5 fa 41 8e be fa be a9 79 a5 c1 25 95 39 a9 7a c9 c5 c5 f6 65 b6 46 06 46 46 06 16 06 46 06 46 06 a6 26 46 4a 0a 25 95 05 a9 b6 4a 25 a9 15 25 fa c9 c5 c5 4a 0a 45 a9 39 b6 4a c5 20 0d c5 19 a9 a9 25 64 d9 19 e4 e8 4b 47 db 4a 12 93 8a e9 6b 9d 6e 09 38 7c c9 b6 b4 24 b3 24 27 d5 8e 97 8b 33 c8 d1 57 c1 b9 b4 b8 24 3f 37 b5 48 21 00 1c 93 0a 1e f9 b9 a9 bc 5c 36 fa 10 45 36 b9 a9 25 89 0a a0 64 a2 9b 5a 58 9a 59 66 ab 14 a1 1b ea a8 eb 9c 9f 5b 90 58 92 99 94 93 aa a4 90 9c 9f 57 92 9a 57 62 ab e4 e9 6a eb 9a 92 9e 0a 8b 32 48 4c 66 e4 17 95 24 97 96 28 64 26 e7 e7 c1 62 3b 33 37 31 3d 55 bf 42 17 22 86 3f 39 a5 25 96 81 94 e9 65 26 e7 2b d9 d9 14 27 17 65 16 94 28 14 17 25 e3 4e 80 c1 60 35 c5 fa 59 85 a5 a9 45 95 ba 86 7a 16 7a c6 7a b9 99 79 7a 59 e8 e9 cf d4 02 e6 22 70 fa cb 4a 2c 4b 84 58 a0 64 67 a3 0f 61 91 65 65 69 a6 ae a1 9e a1 81 9e 81 5e 32 38 70 b1 da 6e 66 60 40 6d db 8b f3 f3 8c e8 e0 4b df c4 e2 ec d4 14 cf bc 82 d2 12 68 20 eb e5 82 85 32 41 42 ba 86 7a 46 7a 86 18 ce a0 be 77 83 33 12 8b 52 53 e0 16 19 1b 58 18 9a 18 98 18 98 9b 10 13 ae 44 14 64 e0 52 0b 5c 08 15 eb 17 25 e6 26 17 40 b2 1d d4 cb ba 58 23 19 a3 8c 33 33 30 c1 2c d3 d0 0b 3d a2 ca 55 64 e7 f8 a5 96 07 39 fa 82 45 30 0b 01 22 ad d4 07 15 ee 76 36 49 f9 29 95 76 36 69 f9 45 b9 0a b9 a9 25 19 f9 29 b6 4a 05 f9 c5 25 4a 0a 89 c9 25 99 f9 79 b6 4a 7a fa 4a e0 2a 20 37 31 33 cf 2d bf 28 57 c9 ce 26 25 b3 4c 21 39 27 b1 b8 d8 56 29 b1 b8 c0 2f b5 c4 23 33 25 25 35 4f c9 ce 06 9c 02 a0 de cb 80 08 2a e4 25 e6 a6 da 2a c5 c7 87 79 ba 86 07 87 38 86 b8 42 cc 43 11 28 4b cc 29 4d b |
Edit tour
chrome.exe (PID: 1856 cmdline: 
