sl3940.gq
Open in
urlscan Pro
102.130.115.253
Malicious Activity!
Public Scan
Submission: On January 03 via manual from ZA
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 2nd 2020. Valid for: 3 months.
This is the only time sl3940.gq was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nedbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 102.130.115.253 102.130.115.253 | 37153 (xneelo) (xneelo) | |
10 | 168.142.204.82 168.142.204.82 | 3741 (IS) (IS) | |
1 | 103.21.58.60 103.21.58.60 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY - PDR) | |
14 | 3 |
ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US)
PTR: bh-in-4.webhostbox.net
walideqp.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
nedbank.co.za
secured.nedbank.co.za |
125 KB |
3 |
sl3940.gq
sl3940.gq |
234 KB |
1 |
walideqp.com
walideqp.com |
163 KB |
14 | 3 |
Domain | Requested by | |
---|---|---|
10 | secured.nedbank.co.za |
sl3940.gq
|
3 | sl3940.gq |
sl3940.gq
|
1 | walideqp.com |
sl3940.gq
|
14 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sl3940.gq cPanel, Inc. Certification Authority |
2020-01-02 - 2020-04-01 |
3 months | crt.sh |
secured.nedbank.co.za Entrust Certification Authority - L1M |
2019-10-09 - 2021-10-09 |
2 years | crt.sh |
walideqp.com Let's Encrypt Authority X3 |
2019-12-07 - 2020-03-06 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
Frame ID: 8677F56D37EC054F30C5C599F7F6FE94
Requests: 14 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/ |
79 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/cellnumber... |
173 KB 173 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.PNG
sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/cellnumber... |
50 KB 50 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NedbankIcon.ef111dcaf7b1952d120f.svg
secured.nedbank.co.za/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
location-blank-green.4b8e66bca4aac4a2aad6.svg
secured.nedbank.co.za/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
contact-blank-green.a180fba4b897921edd0b.svg
secured.nedbank.co.za/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NedbankLogin_v4.png
secured.nedbank.co.za/assets/png/ |
124 KB 125 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Error.63d9ff08640e6fe4b4ce.svg
secured.nedbank.co.za/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
close-gray.4741697794b7aa526c3e.svg
secured.nedbank.co.za/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
contact-footer.ff0deb4d99b5c501e332.svg
secured.nedbank.co.za/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
location-blank.e36d304f8628a21886d3.svg
secured.nedbank.co.za/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
phoneicon.d20aa97e94487e70b840.svg
secured.nedbank.co.za/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tncs.04b64534a4bbcb7c2676.svg
secured.nedbank.co.za/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FontFont%20-%20MarkPro.12d6724a254d3be629fc.otf
walideqp.com/nouitio/secominuo/fonts/ |
162 KB 163 KB |
Font
font/otf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nedbank (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
secured.nedbank.co.za
sl3940.gq
walideqp.com
102.130.115.253
103.21.58.60
168.142.204.82
387eb324b928bd34df5a8e5ec66bd548c64598c979c16a4bd100269d46940c0d
8887a3e0dea10c649e723d160fcac04d7432910580a8c0f2726c0c27ef8ee9cc
b5c2c79c0685b427201fa0d18a8f04568bf8524fa84579ecab48db0f82e0d45e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaa561f9f8ef5b69bd39e15e332dc3700decacebf48e08b0640ad3a5d8711f65
edf726401ec042525fd5690f5473e444fc73adca3a6f4c3a672983a9bf2167b3