nefaki.com
Open in
urlscan Pro
103.42.224.93
Malicious Activity!
Public Scan
Submission: On August 03 via api from CA
Summary
This is the only time nefaki.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Chase (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
23 | 103.42.224.93 103.42.224.93 | 133525 (SERVERMUL...) (SERVERMULE-AS-AP Nimbus2 Pty Ltd) | |
1 | 192.186.220.3 192.186.220.3 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
24 | 2 |
ASN133525 (SERVERMULE-AS-AP Nimbus2 Pty Ltd, AU)
PTR: iris.networkkinetics.com.au
nefaki.com |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-192-186-220-3.ip.secureserver.net
www.csscheckbox.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
23 |
nefaki.com
nefaki.com |
899 KB |
1 |
csscheckbox.com
www.csscheckbox.com |
685 B |
24 | 2 |
Domain | Requested by | |
---|---|---|
23 | nefaki.com |
nefaki.com
|
1 | www.csscheckbox.com |
nefaki.com
|
24 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://nefaki.com/test/chase/chaseupdate/login.php
Frame ID: 11713.1
Requests: 24 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request 22- http://csscheckbox.com/checkboxes/u/csscheckbox_223900261a338fd8271b9f203ca6c4c0.png
- http://www.csscheckbox.com/checkboxes/u/csscheckbox_223900261a338fd8271b9f203ca6c4c0.png
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
nefaki.com/test/chase/chaseupdate/ |
8 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas4.png
nefaki.com/test/chase/chaseupdate/images/ |
114 KB 114 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas5.png
nefaki.com/test/chase/chaseupdate/images/ |
127 KB 127 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas3.png
nefaki.com/test/chase/chaseupdate/images/ |
21 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas6.png
nefaki.com/test/chase/chaseupdate/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas7.png
nefaki.com/test/chase/chaseupdate/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas8.png
nefaki.com/test/chase/chaseupdate/images/ |
88 KB 88 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas9.png
nefaki.com/test/chase/chaseupdate/images/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas10.png
nefaki.com/test/chase/chaseupdate/images/ |
81 KB 81 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas12.png
nefaki.com/test/chase/chaseupdate/images/ |
45 KB 45 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas13.png
nefaki.com/test/chase/chaseupdate/images/ |
85 KB 85 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas14.png
nefaki.com/test/chase/chaseupdate/images/ |
116 KB 116 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas16.png
nefaki.com/test/chase/chaseupdate/images/ |
113 KB 113 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas17.png
nefaki.com/test/chase/chaseupdate/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas18.png
nefaki.com/test/chase/chaseupdate/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas19.png
nefaki.com/test/chase/chaseupdate/images/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas20.png
nefaki.com/test/chase/chaseupdate/images/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas21.png
nefaki.com/test/chase/chaseupdate/images/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas22.png
nefaki.com/test/chase/chaseupdate/images/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cas23.png
nefaki.com/test/chase/chaseupdate/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
csa1.png
nefaki.com/test/chase/chaseupdate/images/ |
519 B 519 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
csa2.png
nefaki.com/test/chase/chaseupdate/images/ |
530 B 530 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
signin.png
nefaki.com/test/chase/chaseupdate/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
csscheckbox_223900261a338fd8271b9f203ca6c4c0.png
www.csscheckbox.com/checkboxes/u/ Redirect Chain
|
685 B 685 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Chase (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
nefaki.com
www.csscheckbox.com
103.42.224.93
192.186.220.3
05c8d8f3738ff40b4db710e6325ede29b9e3ab783c14e02c3ef9cd6bebd694f8
08fc524aadde0506c8f13eea4d4a6b6af9d347a29c5acf11b549e9cbe03081fd
0dd9b7902456f2f9165f1d0ad79af2cdb708a3e238ee69236cec308a963d8531
1653728ce86d9f1dce61ff1aac137d14b6f63b8232e6f3fbfeb7ec70344b5c1d
1ba5a9ec193fe0773c0d566573f034877583f61426195932a7194919e4a05d14
1daae6dbf4646ed1df1315875d5b95830932437ae5628f847d832cabc01ccfd6
25a9e6088030ca32d926dc2ba22c1c86172e2bbe141fe6ca2ac61845a5c199d9
3bba411eed71ef893e7246086f42298b5b81672a0a9807a600f362dc2dedf2b6
3eb885063cc62d1a5dea41b9eeb92136a78fcff55d3924af3e622039dad162f2
40b61ae2e76c4e7ca74bc2d5b6379409d21c9ba074e9d3329ac87b1030f25cd4
6703b32e5dd0dfe85f4287b5945076c3a86c43a06b00b9a5adc88329db634adf
6ac908765e518306bb3db39c1b67d306b306e022d20afb04c680586395be6a1f
727668abdf04da57402ae71e664cd6ec8b75f39c1fbb28db9b4192960efa68c6
8d2ec6f225e5d83fe8864df6d3fa02b33c63dec0ccd790ff4cbf7e59abd8fc4a
8e4cbe58bd60b62faa4660db7322e971536b8ced72da5d053e26d804a534f147
92fba89798eb04e1364615d71a8bd36f2b37cdb6c709b573d25abe166d28824c
c61726f000f26c3274d9cc0a01585d6dd5b04399e961171c47d8b1725fda3b5a
c75a966b86bff9ce85366b68fcbf6cab65793f55b2d39b67a9ad5f1bf8fada11
e2f6a7b606471ca9b78ff7673e103598d2d72a9aa2e523436bbc98a1b48e37f7
e7d7727c9355330e0984818918a3c01721c3c2117b8ee10523962361b93c9018
ec438769aa82abcb27f7fad48fb0528e7bef513eb76a86be6702df9469fcde41
f1e692f30d59f81d88afe309babef191c06a3a6a50d4fed01cd2d7d3d061bbfe
f4b5cf5a7903efc24c5b60bafa6e6209f2d04d95e40f4d9d14c2013ae3fba04a
f8740d30adc261227afbe0757a4c1ec3249235e045f1d1692c950571ad4585f5