netbank.nedsecure.co.za
Open in
urlscan Pro
168.142.204.33
Malicious Activity!
Public Scan
Effective URL: https://netbank.nedsecure.co.za/Logoff.bank
Submission Tags: 6049248
Submission: On May 21 via api from PL
Summary
TLS certificate: Issued by Entrust Certification Authority - L1M on October 22nd 2018. Valid for: 2 years.
This is the only time netbank.nedsecure.co.za was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nedbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 91.212.150.100 91.212.150.100 | 43350 (NFORCE) (NFORCE) | |
19 | 168.142.204.33 168.142.204.33 | 3741 (IS) (IS) | |
25 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
nedsecure.co.za
netbank.nedsecure.co.za |
204 KB |
6 |
votehumanist.com
votehumanist.com |
23 KB |
25 | 2 |
Domain | Requested by | |
---|---|---|
19 | netbank.nedsecure.co.za |
netbank.nedsecure.co.za
|
6 | votehumanist.com |
votehumanist.com
|
25 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
votehumanist.com cPanel, Inc. Certification Authority |
2019-05-20 - 2019-08-18 |
3 months | crt.sh |
netbank.nedsecure.co.za Entrust Certification Authority - L1M |
2018-10-22 - 2020-10-22 |
2 years | crt.sh |
This page contains 3 frames:
Primary Page:
https://netbank.nedsecure.co.za/Logoff.bank
Frame ID: F9ACEAD2D46B065B12FC2A1EED423BAE
Requests: 23 HTTP requests in this frame
Frame:
https://netbank.nedsecure.co.za/Browser/Common/blank.htm
Frame ID: E6CA0A849E4F0EB672B513D5B57D84CB
Requests: 1 HTTP requests in this frame
Frame:
https://netbank.nedsecure.co.za/Browser/Common/blank.htm
Frame ID: CDF2FDE8B1BFDDEA8633AF89F9DCF60C
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://votehumanist.com/NedBank/success.php Page URL
- https://netbank.nedsecure.co.za/Logoff.bank Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
- script /jquery-ui.*\.js/i
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- script /jquery-ui.*\.js/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://votehumanist.com/NedBank/success.php Page URL
- https://netbank.nedsecure.co.za/Logoff.bank Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
success.php
votehumanist.com/NedBank/ |
5 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NedbankLogo.gif
votehumanist.com/NedBank/images/ |
5 KB 5 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
contactus_up.gif
votehumanist.com/NedBank/images/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
help_up.gif
votehumanist.com/NedBank/images/ |
355 B 596 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logoff_up.gif
votehumanist.com/NedBank/images/ |
383 B 625 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading.gif
votehumanist.com/NedBank/ |
9 KB 10 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
Logoff.bank
netbank.nedsecure.co.za/ |
326 KB 74 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui-1.8.16.custom.css
netbank.nedsecure.co.za/App_Themes/NedbankTheme/ |
22 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Nedbank.css
netbank.nedsecure.co.za/App_Themes/NedbankTheme/ |
20 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
JQuery.js
netbank.nedsecure.co.za/Browser/Common/SDK/Scripts/Common/ |
70 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui.min.js
netbank.nedsecure.co.za/Browser/Common/SDK/Scripts/Common/ |
197 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
USSDDialog2016.js
netbank.nedsecure.co.za/Browser/Common/Scripts/USSDAuth/ |
27 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
USSDPolling2016.js
netbank.nedsecure.co.za/Browser/Common/Scripts/USSDAuth/ |
68 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Indemnityflow.js
netbank.nedsecure.co.za/Browser/Common/Scripts/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MyFinancialLife.js
netbank.nedsecure.co.za/Browser/Common/Scripts/MyFinancialLife/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
RTCCutoff.js
netbank.nedsecure.co.za/Browser/Common/Scripts/Payments/ |
2 KB 926 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DarkHours.js
netbank.nedsecure.co.za/Browser/Common/Scripts/Payments/ |
2 KB 923 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BankAccountProducts.js
netbank.nedsecure.co.za/Browser/Common/Scripts/ApplyOnline/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blank.htm
netbank.nedsecure.co.za/Browser/Common/ Frame E6CA |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
LoadScript.aspx
netbank.nedsecure.co.za/Browser/Common/Utils/ |
17 KB 5 KB |
XHR
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blank.gif
netbank.nedsecure.co.za/Browser/Common/Scripts/Menu/ |
43 B 338 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ui-bg_flat_75_ffffff_40x100.png
netbank.nedsecure.co.za/App_Themes/NedbankTheme/images/ |
178 B 474 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ui-icons_222222_256x240.png
netbank.nedsecure.co.za/App_Themes/NedbankTheme/images/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ui-bg_highlight-soft_75_005641_1x100.png
netbank.nedsecure.co.za/App_Themes/NedbankTheme/images/ |
133 B 429 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blank.htm
netbank.nedsecure.co.za/Browser/Common/ Frame CDF2 |
310 B 605 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nedbank (Banking)141 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| showHelp function| $ function| jQuery function| DP_jQuery_1558419664760 object| USSDDialog object| USSDDialog1 function| SetNonceValue object| USSD object| USSD1 object| INdemnity object| IndemnityDialog object| MFL object| MFLDialog object| RTC object| RTCDialog object| Dark object| DarkHourDialog object| BankProduct object| BankProductDialog string| ApplicationPath string| GlobalBrand object| $this object| AJAXPageDisable function| LoadScript function| CreateNamespace object| jsCommon function| ProcessResetPasswordAjaxUSSD string| controlPrefix object| divErrorMsg function| AjaxErrorRetrievingResetPasswordUSSD function| EnableNewAndConfirmPassword object| Nedbank string| pageHelp object| form boolean| _isFutureDatedPayment function| Accept function| getnextUrl function| SubmitOnceOffSinglePayment function| GetPaymentDate function| CalculateAndSetReoccurrenceData function| IsFutureDatedPayment function| CalculateOccurences function| GetDailyOccurrences function| GetWeeklyOccurrences function| GetMonthlyOccurrences function| CalculateNextPaymentDate function| GetNextPaymentDateDaily function| GetNextPaymentDateWeekly function| GetSubFrequencyValue function| GetNextPaymentDateMonthly function| GetSubFrequency function| GetTodayDate function| CreateDateObject function| CalculateEndDate function| GetEndDateMonthly function| GetEndDateWeekly function| GetEndDateDaily function| GetBankApprovedBeneficiaryDropDown function| GetAccountTypeDropDown function| GetFromAccountDropDown function| GetNotificationTypeDropDown function| GetFirstLetterBeneficiaryDropDown function| GetCreditCardBankListDropdown function| GetBankListDropDown function| GetBranchNameDropDown function| GetFirstLetterBranchNameDropDown function| GetBeneficiaryId function| GetNotificationDetail function| Print function| Cancel function| AcceptBoxClicked function| ajaxNoticeInfo function| ShowMenu object| UndoValidateChanges object| ValidateCtrlParms object| ValidateCtrlIds object| ValidateTableParms object| ValidateTableIds string| buildDir boolean| ie4 boolean| ie5_mac boolean| ie55 boolean| ie9 boolean| nn4 boolean| dom boolean| opera boolean| safari string| agent undefined| version object| blank string| sizeOfUpperFrame undefined| warningWin function| ContentResize function| ContentInit function| findPosition string| LoadTime undefined| SubmitTime function| PageGetLoadTime function| PageGetSubmitTime object| BrowserDetect number| NonceValue string| captureRTC function| SelectMenuItem function| SelectRedirect function| SelectRedirect1 function| SelectRedirectToBankproduct object| PageOnLoadEvents object| FormOnSubmitEvents object| EmptyFormOnSubmitEvents function| Events object| jsHtmlControls boolean| docType undefined| bodyRef function| menu function| separator function| item function| html function| reset function| roll function| showMenu function| hideAfter number| wait undefined| hideTimer function| keepOpen function| hide function| hideAll function| debug function| floatMenu object| menus object| framesCommon object| okLink boolean| logoffUser boolean| loggedIn function| TechnicalErrorOnLoad function| ShowOnlyTechError function| WriteErrorHtml function| ClickOk object| footerTimer3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
netbank.nedsecure.co.za/ | Name: TS01d73912 Value: 01db7de3372eaf6905bd46137ffa1b1e6162cb4baf9627131ebc034edc93c09ac51b8474b5aa9ab885f2d9d7223af3054f2ef71eadfc88eefa302fb51467545775c69e0da9 |
|
netbank.nedsecure.co.za/ | Name: ASP.NET_SessionId Value: ctk2keemliab1rifkovcd5dl |
|
netbank.nedsecure.co.za/ | Name: BIGipServer~partition_so-retail~poolprd_nbr-ie-nedbank_11001 Value: 3909163180.63786.0000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
netbank.nedsecure.co.za
votehumanist.com
168.142.204.33
91.212.150.100
01b9e3d492b3d1db028325365a9b5b11e830d6a8529be61b2d0f753493d401cf
39ab7ccd9f4e82579da78a9241265df288d8eb65dbbd7cf48aed2d0129887df5
3d71963b80307efca0ccb06c8394158d0cc141f53aa9f6bee99c8b9470ca6fd7
464c928b3376e2e1baf265fd3de82ec6a7303650f02baaa4b8ff84e02bf6cad1
4b37cbf8a4c74b2744c791ee3c1581d5b725c0ff615cbed9d7d456190933572b
6cf3f6c6a740c8eb99295946b2f5b6164ee09546b7b699e2937ed54b298dfa32
6d677c61f637349c0276377b14971926c11e24786d26c8ed808849d0698dcdee
753f595016e59740a3dba95e4c71ad6c340c9123817746629d2899d463149700
7c8736463bf40b36031f0025b1c2a64a2856beb77758137355a1c873950e58c5
7f65261ef6076fdf93ab784443d5dbf9269f5d7ba0be8e1168a8ca7c8c27ff46
7ffc63987f91ebf7d27b5789c91907d6bca04278b158c0f30d9d742c4e9782cd
82574e9d8bda49e8802d8e74098c1f72d4a130e5fd144b895d58b742d89188a6
a2ccfdc001858222885a9df39200840ac7a3f479ba889727d32a10398db7918a
a63fd9e18d3dbf8a5e90f695bcf8d33ef712ca44ff1b9486cb6195aabb1e0331
a663a3aa00e6530d72f10b7e61c4ffdd57f9807f0cc9ed79f6741df7bdf99fa4
a66efe1850915f91cf7e219bc67711061446df760baa3b056647f296fbae8be3
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6d564c22df601ee79a04d8f4c90319ba14fd99fef56580af4a25918aca6b07a
d2919555fdb4f3645266b00678a2a7a8f3a5d4047b652781c16b88fd2bbc1129
de7f53c8184a04810a790a15853dd914c224bdc3e0c8e3aaa60d9725eaf90b73
df5748e607e020b5bb09d92ba17f78d1e0cd09971b3914eef217630081b9c195
e9fadc8afd38992f73991102c2c09c70ecde2458ad834e165833e0c17e16a228
ed8a49539c2ab401f972799e4bf8335ab8a61d61491223e309cab74ee04f5c3c
f750d92809d696eb13ca24509b99ec79fbcd4854b2b8ddfd85eec23e2c108a8f