urlscan.io logo urlscan.io
SecurityTrails logo

saico-223.ml Open in urlscan Pro
51.158.191.165  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://saico-223.ml/fg/NedBank/
Effective URL: http://saico-223.ml/fg/NedBank/63d44b1228a46d6f9c972225e53dbaf1/ned.php?cmd=login_submit&id=6c5f57ff2a1d283093d61552...
Submission: On April 22 via manual from ZA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 38 HTTP transactions. The main IP is 51.158.191.165, located in United Kingdom and belongs to AS12876, FR. The main domain is saico-223.ml.
This is the only time saico-223.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

IP Address AS Autonomous System
3 5 51.158.191.165 12876 (AS12876)
38 2
Apex Domain
Subdomains		 Transfer
5 saico-223.ml
saico-223.ml
361 KB
0 nedsecure.co.za Failed
netbank.nedsecure.co.za Failed
38 2
Domain Requested by
5 saico-223.ml 3 redirects saico-223.ml
0 netbank.nedsecure.co.za Failed saico-223.ml
38 2

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://saico-223.ml/fg/NedBank/63d44b1228a46d6f9c972225e53dbaf1/ned.php?cmd=login_submit&id=6c5f57ff2a1d283093d6155298f4f94f6c5f57ff2a1d283093d6155298f4f94f&session=6c5f57ff2a1d283093d6155298f4f94f6c5f57ff2a1d283093d6155298f4f94f
Frame ID: A6C3CA9CAA20E8A6C9624F48B242D55F
Requests: 38 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://saico-223.ml/fg/NedBank/ HTTP 302
    http://saico-223.ml/fg/NedBank/63d44b1228a46d6f9c972225e53dbaf1?cmd=login=account-service.com/ac... HTTP 301
    http://saico-223.ml/fg/NedBank/63d44b1228a46d6f9c972225e53dbaf1/?cmd=login=account-service.com/a... HTTP 302
    http://saico-223.ml/fg/NedBank/63d44b1228a46d6f9c972225e53dbaf1/ned.php?cmd=login_submit&id=6c5f... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

38
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

360 kB
Transfer

359 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://saico-223.ml/fg/NedBank/ HTTP 302
    http://saico-223.ml/fg/NedBank/63d44b1228a46d6f9c972225e53dbaf1?cmd=login=account-service.com/account/service HTTP 301
    http://saico-223.ml/fg/NedBank/63d44b1228a46d6f9c972225e53dbaf1/?cmd=login=account-service.com/account/service HTTP 302
    http://saico-223.ml/fg/NedBank/63d44b1228a46d6f9c972225e53dbaf1/ned.php?cmd=login_submit&id=6c5f57ff2a1d283093d6155298f4f94f6c5f57ff2a1d283093d6155298f4f94f&session=6c5f57ff2a1d283093d6155298f4f94f6c5f57ff2a1d283093d6155298f4f94f Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

38 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ned.php
saico-223.ml/fg/NedBank/63d44b1228a46d6f9c972225e53dbaf1/
Redirect Chain
  • http://saico-223.ml/fg/NedBank/
  • http://saico-223.ml/fg/NedBank/63d44b1228a46d6f9c972225e53dbaf1?cmd=login=account-service.com/account/service
  • http://saico-223.ml/fg/NedBank/63d44b1228a46d6f9c972225e53dbaf1/?cmd=login=account-service.com/account/service
  • http://saico-223.ml/fg/NedBank/63d44b1228a46d6f9c972225e53dbaf1/ned.php?cmd=login_submit&id=6c5f57ff2a1d283093d6155298f4f94f6c5f57ff2a1d283093d6155298f4f94f&session=6c5f57ff2a1d283093d6155298f4f94f...
357 KB
357 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://saico-223.ml/fg/NedBank/63d44b1228a46d6f9c972225e53dbaf1/ned.php?cmd=login_submit&id=6c5f57ff2a1d283093d6155298f4f94f6c5f57ff2a1d283093d6155298f4f94f&session=6c5f57ff2a1d283093d6155298f4f94f6c5f57ff2a1d283093d6155298f4f94f
Protocol
HTTP/1.1
Server
51.158.191.165 , United Kingdom, ASN12876 (AS12876, FR),
Reverse DNS
165-191-158-51.rev.cloud.scaleway.com
Software
Apache /
Resource Hash
ad8b5c8d56cfc152da83a2f10a01430885cc89a8aaf29316f38ffb16d33fca4a

Request headers

Host
saico-223.ml
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 22 Apr 2019 15:28:46 GMT
Server
Apache
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Mon, 22 Apr 2019 15:28:46 GMT
Server
Apache
location
ned.php?cmd=login_submit&id=6c5f57ff2a1d283093d6155298f4f94f6c5f57ff2a1d283093d6155298f4f94f&session=6c5f57ff2a1d283093d6155298f4f94f6c5f57ff2a1d283093d6155298f4f94f
Keep-Alive
timeout=5, max=98
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
style1.css
saico-223.ml/fg/NedBank/63d44b1228a46d6f9c972225e53dbaf1/css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://saico-223.ml/fg/NedBank/63d44b1228a46d6f9c972225e53dbaf1/css/style1.css
Requested by
Host: saico-223.ml
URL: http://saico-223.ml/fg/NedBank/63d44b1228a46d6f9c972225e53dbaf1/ned.php?cmd=login_submit&id=6c5f57ff2a1d283093d6155298f4f94f6c5f57ff2a1d283093d6155298f4f94f&session=6c5f57ff2a1d283093d6155298f4f94f6c5f57ff2a1d283093d6155298f4f94f
Protocol
HTTP/1.1
Server
51.158.191.165 , United Kingdom, ASN12876 (AS12876, FR),
Reverse DNS
165-191-158-51.rev.cloud.scaleway.com
Software
Apache /
Resource Hash
f1b8d65ce07c5f4f8b5f1387ee86b14e6212bc49d92b5b163572a3d6b4f16fd2

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
saico-223.ml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://saico-223.ml/fg/NedBank/63d44b1228a46d6f9c972225e53dbaf1/ned.php?cmd=login_submit&id=6c5f57ff2a1d283093d6155298f4f94f6c5f57ff2a1d283093d6155298f4f94f&session=6c5f57ff2a1d283093d6155298f4f94f6c5f57ff2a1d283093d6155298f4f94f
Connection
keep-alive
Cache-Control
no-cache
Referer
http://saico-223.ml/fg/NedBank/63d44b1228a46d6f9c972225e53dbaf1/ned.php?cmd=login_submit&id=6c5f57ff2a1d283093d6155298f4f94f6c5f57ff2a1d283093d6155298f4f94f&session=6c5f57ff2a1d283093d6155298f4f94f6c5f57ff2a1d283093d6155298f4f94f
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 22 Apr 2019 15:28:46 GMT
Last-Modified
Mon, 22 Apr 2019 15:28:46 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
2471
info.css
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/branding/ 		0
0
main.css
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/branding/ 		0
0
jquery-ui-1.8.16.custom.css
netbank.nedsecure.co.za/App_Themes/NedbankTheme/ 		0
0
Nedbank.css
netbank.nedsecure.co.za/App_Themes/NedbankTheme/ 		0
0
jquery.min.js
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/jQuery/ 		0
0
JQuery.js
netbank.nedsecure.co.za/Browser/Common/SDK/Scripts/Common/ 		0
0
jquery-ui.min.js
netbank.nedsecure.co.za/Browser/Common/SDK/Scripts/Common/ 		0
0
USSDDialog2016.js
netbank.nedsecure.co.za/Browser/Common/Scripts/USSDAuth/ 		0
0
USSDPolling2016.js
netbank.nedsecure.co.za/Browser/Common/Scripts/USSDAuth/ 		0
0
Indemnityflow.js
netbank.nedsecure.co.za/Browser/Common/Scripts/ 		0
0
MyFinancialLife.js
netbank.nedsecure.co.za/Browser/Common/Scripts/MyFinancialLife/ 		0
0
RTCCutoff.js
netbank.nedsecure.co.za/Browser/Common/Scripts/Payments/ 		0
0
DarkHours.js
netbank.nedsecure.co.za/Browser/Common/Scripts/Payments/ 		0
0
BankAccountProducts.js
netbank.nedsecure.co.za/Browser/Common/Scripts/ApplyOnline/ 		0
0
arrow_down.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
arrow.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
NedbankLogoNew.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
menu_shadow_left.jpg
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
ResetPassword.js
netbank.nedsecure.co.za/Browser/Common/Scripts/ResetPassword/ 		0
0
Login_Top.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
Promo_Left.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
lock.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
logonButton.jpg
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
SubmitButton.jpg
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
CancelButton.png
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
Promo_Right.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
Login_Bottom.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
Promo_Top.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
banner_1.jpg
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
keyboard.jpg
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
Promo_Bottom.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
alertIcon.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
EntrustLogo.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
PSALogo.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
AskOnceLogo.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0
NedbankFooterLogo.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/branding/info.css?version=3.7.0023.0
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/branding/main.css?version=3.7.0023.0
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/App_Themes/NedbankTheme/jquery-ui-1.8.16.custom.css?version=3.7.0023.0
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/App_Themes/NedbankTheme/Nedbank.css?version=3.7.0023.0
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/jQuery/jquery.min.js?3.7.0023.0
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Common/SDK/Scripts/Common/JQuery.js?3.7.0023.0
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Common/SDK/Scripts/Common/jquery-ui.min.js?3.7.0023.0
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Common/Scripts/USSDAuth/USSDDialog2016.js?3.7.0023.0
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Common/Scripts/USSDAuth/USSDPolling2016.js?3.7.0023.0
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Common/Scripts/Indemnityflow.js?3.7.0023.0
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Common/Scripts/MyFinancialLife/MyFinancialLife.js?3.7.0023.0
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Common/Scripts/Payments/RTCCutoff.js?3.7.0023.0
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Common/Scripts/Payments/DarkHours.js?3.7.0023.0
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Common/Scripts/ApplyOnline/BankAccountProducts.js?3.7.0023.0
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/arrow_down.gif
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/arrow.gif
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/NedbankLogoNew.gif
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/menu_shadow_left.jpg
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Common/Scripts/ResetPassword/ResetPassword.js?3.7.0023.0
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/Login_Top.gif
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/Promo_Left.gif
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/lock.gif
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/logonButton.jpg
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/SubmitButton.jpg
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/CancelButton.png
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/Promo_Right.gif
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/Login_Bottom.gif
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/Promo_Top.gif
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/banner_1.jpg
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/keyboard.jpg
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/Promo_Bottom.gif
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/alertIcon.gif
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/EntrustLogo.gif
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/PSALogo.gif
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/AskOnceLogo.gif
Domain
netbank.nedsecure.co.za
URL
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/NedbankFooterLogo.gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| event object| onselectstart object| onselectionchange function| queueMicrotask function| openclose object| rn_img1on object| rn_img1off object| rn_img2on object| rn_img2off function| showtip function| hidetip function| transfer_on_confirm function| GetPage function| MaxFrameHeight

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

netbank.nedsecure.co.za
saico-223.ml
netbank.nedsecure.co.za
51.158.191.165
ad8b5c8d56cfc152da83a2f10a01430885cc89a8aaf29316f38ffb16d33fca4a
f1b8d65ce07c5f4f8b5f1387ee86b14e6212bc49d92b5b163572a3d6b4f16fd2