URL: https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1...
Submission: On January 03 via manual from ZA

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 102.130.115.253, located in South Africa and belongs to xneelo, ZA. The main domain is sl3940.gq.
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 2nd 2020. Valid for: 3 months.
This is the only time sl3940.gq was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nedbank (Banking)

Domain & IP information

IP Address AS Autonomous System
3 102.130.115.253 37153 (xneelo)
10 168.142.204.82 3741 (IS)
1 103.21.58.60 394695 (PUBLIC-DO...)
14 3
Apex Domain
Subdomains
Transfer
10 nedbank.co.za
secured.nedbank.co.za
125 KB
3 sl3940.gq
sl3940.gq
234 KB
1 walideqp.com
walideqp.com
163 KB
14 3
Domain Requested by
10 secured.nedbank.co.za sl3940.gq
3 sl3940.gq sl3940.gq
1 walideqp.com sl3940.gq
14 3

This site contains no links.

Subject Issuer Validity Valid
sl3940.gq
cPanel, Inc. Certification Authority
2020-01-02 -
2020-04-01
3 months crt.sh
secured.nedbank.co.za
Entrust Certification Authority - L1M
2019-10-09 -
2021-10-09
2 years crt.sh
walideqp.com
Let's Encrypt Authority X3
2019-12-07 -
2020-03-06
3 months crt.sh

This page contains 1 frames:

Primary Page: https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
Frame ID: 8677F56D37EC054F30C5C599F7F6FE94
Requests: 14 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

522 kB
Transfer

588 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request 0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/
79 KB
10 KB
Document
General
Full URL
https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
102.130.115.253 , South Africa, ASN37153 (xneelo, ZA),
Reverse DNS
Software
Apache /
Resource Hash
edf726401ec042525fd5690f5473e444fc73adca3a6f4c3a672983a9bf2167b3

Request headers

Host
sl3940.gq
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1

Response headers

Date
Fri, 03 Jan 2020 15:51:26 GMT
Server
Apache
Content-Encoding
gzip
Vary
Accept-Encoding
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
styles.css
sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/cellnumber...
173 KB
173 KB
Stylesheet
General
Full URL
https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/cellnumber_capture_files/styles.css
Requested by
Host: sl3940.gq
URL: https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
102.130.115.253 , South Africa, ASN37153 (xneelo, ZA),
Reverse DNS
Software
Apache /
Resource Hash
8887a3e0dea10c649e723d160fcac04d7432910580a8c0f2726c0c27ef8ee9cc

Request headers

Referer
https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 03 Jan 2020 15:51:26 GMT
Last-Modified
Mon, 24 Jun 2019 04:51:58 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
177164
logo.PNG
sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/cellnumber...
50 KB
50 KB
Image
General
Full URL
https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/cellnumber_capture_files/logo.PNG
Requested by
Host: sl3940.gq
URL: https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
102.130.115.253 , South Africa, ASN37153 (xneelo, ZA),
Reverse DNS
Software
Apache /
Resource Hash
387eb324b928bd34df5a8e5ec66bd548c64598c979c16a4bd100269d46940c0d

Request headers

Referer
https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 03 Jan 2020 15:51:27 GMT
Last-Modified
Sat, 13 Jul 2019 06:08:12 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
51356
NedbankIcon.ef111dcaf7b1952d120f.svg
secured.nedbank.co.za/
0
0
Image
General
Full URL
https://secured.nedbank.co.za/NedbankIcon.ef111dcaf7b1952d120f.svg
Requested by
Host: sl3940.gq
URL: https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.142.204.82 , South Africa, ASN3741 (IS, ZA),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

location-blank-green.4b8e66bca4aac4a2aad6.svg
secured.nedbank.co.za/
0
0
Image
General
Full URL
https://secured.nedbank.co.za/location-blank-green.4b8e66bca4aac4a2aad6.svg
Requested by
Host: sl3940.gq
URL: https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.142.204.82 , South Africa, ASN3741 (IS, ZA),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

contact-blank-green.a180fba4b897921edd0b.svg
secured.nedbank.co.za/
0
0
Image
General
Full URL
https://secured.nedbank.co.za/contact-blank-green.a180fba4b897921edd0b.svg
Requested by
Host: sl3940.gq
URL: https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.142.204.82 , South Africa, ASN3741 (IS, ZA),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

NedbankLogin_v4.png
secured.nedbank.co.za/assets/png/
124 KB
125 KB
Image
General
Full URL
https://secured.nedbank.co.za/assets/png/NedbankLogin_v4.png
Requested by
Host: sl3940.gq
URL: https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.142.204.82 , South Africa, ASN3741 (IS, ZA),
Reverse DNS
Software
/
Resource Hash
b5c2c79c0685b427201fa0d18a8f04568bf8524fa84579ecab48db0f82e0d45e
Security Headers
Name Value
Content-Security-Policy default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' *
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' *
X-Content-Type-Options
nosniff
Last-Modified
Tue, 12 Nov 2019 07:01:34 GMT
ETag
"bba4052799d51:0"
X-Frame-Options
DENY
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Date
Fri, 03 Jan 2020 15:51:27 GMT
Strict-Transport-Security
max-age=31536000
Accept-Ranges
bytes
Content-Length
127240
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Expires
Wed, 05 Jul 2017 00:00:00 GMT,0
Error.63d9ff08640e6fe4b4ce.svg
secured.nedbank.co.za/
0
0
Image
General
Full URL
https://secured.nedbank.co.za/Error.63d9ff08640e6fe4b4ce.svg
Requested by
Host: sl3940.gq
URL: https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.142.204.82 , South Africa, ASN3741 (IS, ZA),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

close-gray.4741697794b7aa526c3e.svg
secured.nedbank.co.za/
0
0
Image
General
Full URL
https://secured.nedbank.co.za/close-gray.4741697794b7aa526c3e.svg
Requested by
Host: sl3940.gq
URL: https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.142.204.82 , South Africa, ASN3741 (IS, ZA),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

contact-footer.ff0deb4d99b5c501e332.svg
secured.nedbank.co.za/
0
0
Image
General
Full URL
https://secured.nedbank.co.za/contact-footer.ff0deb4d99b5c501e332.svg
Requested by
Host: sl3940.gq
URL: https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.142.204.82 , South Africa, ASN3741 (IS, ZA),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

location-blank.e36d304f8628a21886d3.svg
secured.nedbank.co.za/
0
0
Image
General
Full URL
https://secured.nedbank.co.za/location-blank.e36d304f8628a21886d3.svg
Requested by
Host: sl3940.gq
URL: https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.142.204.82 , South Africa, ASN3741 (IS, ZA),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

phoneicon.d20aa97e94487e70b840.svg
secured.nedbank.co.za/
0
0
Image
General
Full URL
https://secured.nedbank.co.za/phoneicon.d20aa97e94487e70b840.svg
Requested by
Host: sl3940.gq
URL: https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.142.204.82 , South Africa, ASN3741 (IS, ZA),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

tncs.04b64534a4bbcb7c2676.svg
secured.nedbank.co.za/
0
0
Image
General
Full URL
https://secured.nedbank.co.za/tncs.04b64534a4bbcb7c2676.svg
Requested by
Host: sl3940.gq
URL: https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.142.204.82 , South Africa, ASN3741 (IS, ZA),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

FontFont%20-%20MarkPro.12d6724a254d3be629fc.otf
walideqp.com/nouitio/secominuo/fonts/
162 KB
163 KB
Font
General
Full URL
https://walideqp.com/nouitio/secominuo/fonts/FontFont%20-%20MarkPro.12d6724a254d3be629fc.otf
Requested by
Host: sl3940.gq
URL: https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.21.58.60 Mumbai, India, ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US),
Reverse DNS
bh-in-4.webhostbox.net
Software
Apache/2.4.39 (cPanel) OpenSSL/1.0.2r mod_bwlimited/1.4 Phusion_Passenger/5.3.7 /
Resource Hash
eaa561f9f8ef5b69bd39e15e332dc3700decacebf48e08b0640ad3a5d8711f65

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://sl3940.gq/WliLXBvcG92ZXItaHRtbC1wb3B1cF0ucG9wb3Zlci5yaWdodC1ib3R0b20gPiAuYXJyb3csW3VpYi1wb3BvdmVyLXR/FzZS1pbi1vdXQgbGVmdH08L3N0eWxlPg0KICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj5AY2hhcnNldCA/0eXBlPSJidXR0b24iIHN0eWxlPSJkaXNwbGF5OiBub25lOyI_ver5.php
Origin
https://sl3940.gq

Response headers

date
Fri, 03 Jan 2020 15:51:27 GMT
last-modified
Fri, 21 Jun 2019 05:48:20 GMT
server
Apache/2.4.39 (cPanel) OpenSSL/1.0.2r mod_bwlimited/1.4 Phusion_Passenger/5.3.7
access-control-allow-origin
*
etag
"21201d7-28614-58bcf028ecb6a"
access-control-allow-methods
GET,PUT,POST,DELETE
content-type
font/otf
status
200
accept-ranges
bytes
access-control-allow-headers
Content-Type, Authorization
content-length
165396

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nedbank (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies