www.mails-083.gq
Open in
urlscan Pro
102.135.160.201
Malicious Activity!
Public Scan
Submission: On July 14 via manual
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on July 13th 2019. Valid for: 3 months.
This is the only time www.mails-083.gq was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nedbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 102.135.160.201 102.135.160.201 | 328364 (Greycell-AS) (Greycell-AS) | |
8 | 168.142.204.82 168.142.204.82 | 3741 (IS) (IS) | |
1 | 103.21.58.60 103.21.58.60 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY - PDR) | |
15 | 3 |
ASN328364 (Greycell-AS, ZA)
PTR: chs32.ampledns.com
www.mails-083.gq |
ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US)
PTR: bh-in-4.webhostbox.net
walideqp.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
nedbank.co.za
secured.nedbank.co.za |
101 KB |
6 |
mails-083.gq
www.mails-083.gq |
388 KB |
1 |
walideqp.com
walideqp.com |
163 KB |
15 | 3 |
Domain | Requested by | |
---|---|---|
8 | secured.nedbank.co.za |
www.mails-083.gq
|
6 | www.mails-083.gq |
www.mails-083.gq
|
1 | walideqp.com |
www.mails-083.gq
|
15 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
mails-083.gq Let's Encrypt Authority X3 |
2019-07-13 - 2019-10-11 |
3 months | crt.sh |
secured.nedbank.co.za Entrust Certification Authority - L1M |
2017-11-07 - 2019-11-07 |
2 years | crt.sh |
walideqp.com Let's Encrypt Authority X3 |
2019-06-07 - 2019-09-05 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.mails-083.gq/JpYSwgTWFsYXdpLCBaaW1iYWJ3ZSBhbmQgdGhlIERlbW9jcmF0aWMgUmVwdWJsaWMgb2YgQ29uZ288L2Rpdj4NCiAgICAgI/PGRpdiBzdHlsZT0nd2lkdGg6IDEwMCU7IHRleHQtYWxpZ246IGNlbnRlc/lBheUZhc3QlMjAtJTIwRW5naW5lJTIwLSUyMFBheW1lb_ver1.html
Frame ID: F6EF63BD8C929F915680232C455D0ED6
Requests: 15 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
lBheUZhc3QlMjAtJTIwRW5naW5lJTIwLSUyMFBheW1lb_ver1.html
www.mails-083.gq/JpYSwgTWFsYXdpLCBaaW1iYWJ3ZSBhbmQgdGhlIERlbW9jcmF0aWMgUmVwdWJsaWMgb2YgQ29uZ288L2Rpdj4NCiAgICAgI/PGRpdiBzdHlsZT0nd2lkdGg6IDEwMCU7IHRleHQtYWxpZ246IGNlbnRlc/ |
84 KB 85 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
www.mails-083.gq/JpYSwgTWFsYXdpLCBaaW1iYWJ3ZSBhbmQgdGhlIERlbW9jcmF0aWMgUmVwdWJsaWMgb2YgQ29uZ288L2Rpdj4NCiAgICAgI/PGRpdiBzdHlsZT0nd2lkdGg6IDEwMCU7IHRleHQtYWxpZ246IGNlbnRlc/Nedbank_Money_files/ |
173 KB 173 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js.download
www.mails-083.gq/JpYSwgTWFsYXdpLCBaaW1iYWJ3ZSBhbmQgdGhlIERlbW9jcmF0aWMgUmVwdWJsaWMgb2YgQ29uZ288L2Rpdj4NCiAgICAgI/PGRpdiBzdHlsZT0nd2lkdGg6IDEwMCU7IHRleHQtYWxpZ246IGNlbnRlc/Nedbank_Money_files/ |
95 KB 95 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.php
www.mails-083.gq/JpYSwgTWFsYXdpLCBaaW1iYWJ3ZSBhbmQgdGhlIERlbW9jcmF0aWMgUmVwdWJsaWMgb2YgQ29uZ288L2Rpdj4NCiAgICAgI/PGRpdiBzdHlsZT0nd2lkdGg6IDEwMCU7IHRleHQtYWxpZ246IGNlbnRlc/Nedbank_Money_files/ |
4 KB 4 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.PNG
www.mails-083.gq/JpYSwgTWFsYXdpLCBaaW1iYWJ3ZSBhbmQgdGhlIERlbW9jcmF0aWMgUmVwdWJsaWMgb2YgQ29uZ288L2Rpdj4NCiAgICAgI/PGRpdiBzdHlsZT0nd2lkdGg6IDEwMCU7IHRleHQtYWxpZ246IGNlbnRlc/Nedbank_Money_files/ |
30 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NedbankIcon.ef111dcaf7b1952d120f.svg
secured.nedbank.co.za/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
location-blank-green.4b8e66bca4aac4a2aad6.svg
secured.nedbank.co.za/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
contact-blank-green.a180fba4b897921edd0b.svg
secured.nedbank.co.za/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NedbankLogin_v2.png
secured.nedbank.co.za/assets/png/ |
100 KB 101 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Eye-Show.e1de9570f043be4db21c.svg
www.mails-083.gq/JpYSwgTWFsYXdpLCBaaW1iYWJ3ZSBhbmQgdGhlIERlbW9jcmF0aWMgUmVwdWJsaWMgb2YgQ29uZ288L2Rpdj4NCiAgICAgI/PGRpdiBzdHlsZT0nd2lkdGg6IDEwMCU7IHRleHQtYWxpZ246IGNlbnRlc/Nedbank_Money_files/ |
524 B 524 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
contact-footer.ff0deb4d99b5c501e332.svg
secured.nedbank.co.za/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
location-blank.e36d304f8628a21886d3.svg
secured.nedbank.co.za/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
phoneicon.d20aa97e94487e70b840.svg
secured.nedbank.co.za/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tncs.04b64534a4bbcb7c2676.svg
secured.nedbank.co.za/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FontFont%20-%20MarkPro.12d6724a254d3be629fc.otf
walideqp.com/nouitio/secominuo/fonts/ |
162 KB 163 KB |
Font
font/otf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nedbank (Banking)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask string| key function| hJKm string| source function| $ function| jQuery function| ajax_jsonp_call function| isNumberKey function| validatePassword function| untouched function| untouched2 string| site_Url0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
secured.nedbank.co.za
walideqp.com
www.mails-083.gq
102.135.160.201
103.21.58.60
168.142.204.82
115b23d7167a933e0fb7eb35c065dce97bf5a741780866024d0d07bcd7cbbbee
354cb0a75fdc0745134b7809a64030764e4b22c5161d679fdd9ad01b4d8386ca
64dd2a05ed983e0f3ee37cc7ed92174325365690e50697d4d91a73fb71bb4bc4
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
76c59cb783e71688097be850567f6f513c8b5931b91eb2e4ed0ef42ca385b5a2
7dd1c663623737589b87b6a547289a7384766036d151eb4c81a84bdacb9d72b8
8887a3e0dea10c649e723d160fcac04d7432910580a8c0f2726c0c27ef8ee9cc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaa561f9f8ef5b69bd39e15e332dc3700decacebf48e08b0640ad3a5d8711f65