www.sales.it
Open in
urlscan Pro
109.233.126.13
Malicious Activity!
Public Scan
Submission: On April 27 via manual from ZA
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 19th 2020. Valid for: 3 months.
This is the only time www.sales.it was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nedbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 109.233.126.13 109.233.126.13 | 48815 (CRITICALCASE) (CRITICALCASE) | |
24 | 168.142.204.33 168.142.204.33 | 3741 (IS) (IS) | |
25 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
24 |
nedsecure.co.za
netbank.nedsecure.co.za |
58 KB |
1 |
sales.it
www.sales.it |
81 KB |
25 | 2 |
Domain | Requested by | |
---|---|---|
24 | netbank.nedsecure.co.za |
www.sales.it
|
1 | www.sales.it | |
25 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
netbank.nedsecure.co.za |
www.nedbank.co.za |
www.netbankdemo.co.za |
nedbankonlinetrading.nedsecure.co.za |
www.entrust.net |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sales.it cPanel, Inc. Certification Authority |
2020-02-19 - 2020-05-19 |
3 months | crt.sh |
netbank.nedsecure.co.za Entrust Certification Authority - L1M |
2018-10-22 - 2020-10-22 |
2 years | crt.sh |
This page contains 3 frames:
Primary Page:
https://www.sales.it/libraries/joomla/language/
Frame ID: BD56E0B499D8C83FFBE5E7D5B2DABC9D
Requests: 23 HTTP requests in this frame
Frame:
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/html/slider_promos.htm
Frame ID: 65729B612F6DF4A70388E10F0CC644CA
Requests: 1 HTTP requests in this frame
Frame:
https://netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/html/Welcome.htm
Frame ID: 7DBAFFAF7A3826D704E7F8C3BCBCCC06
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
18 Outgoing links
These are links going to different origins than the main page.
Title: Home
Search URL Search Domain Scan URL
Title: Online Security
Search URL Search Domain Scan URL
Title: Apply
Search URL Search Domain Scan URL
Title: NetBank Demo
Search URL Search Domain Scan URL
Title: NetBank User Guide
Search URL Search Domain Scan URL
Title: More About NetBank
Search URL Search Domain Scan URL
Title: Talk to Us
Search URL Search Domain Scan URL
Title: Personal Money Manager
Search URL Search Domain Scan URL
Title: Online Share Trading
Search URL Search Domain Scan URL
Title: Terms & Conditions
Search URL Search Domain Scan URL
Title: FAQ
Search URL Search Domain Scan URL
Title: Trusteer Rapport Security
Search URL Search Domain Scan URL
Title: Click here
Search URL Search Domain Scan URL
Title: Fees
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Home
Search URL Search Domain Scan URL
Title: Legal Requirements
Search URL Search Domain Scan URL
Title: Glossary
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.sales.it/libraries/joomla/language/ |
80 KB 81 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
info.css
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/branding/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/branding/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Nedbank.css
netbank.nedsecure.co.za/App_Themes/NEDBANKTheme/ |
20 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Nedbank_old.css
netbank.nedsecure.co.za/App_Themes/NEDBANKTheme/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/jQuery/ |
78 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow_down.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ |
56 B 350 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ |
56 B 350 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NedbankLogo.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ |
2 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
menu_shadow_left.jpg
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ |
405 B 702 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Login_Top.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ |
230 B 525 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Promo_Left.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ |
195 B 490 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lock.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ |
587 B 883 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logonButton.jpg
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Promo_Right.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ |
197 B 492 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Login_Bottom.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ |
233 B 528 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Promo_Top.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ |
244 B 539 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Promo_Bottom.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ |
247 B 542 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
alertIcon.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ |
754 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
EntrustLogo.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ |
2 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
PSALogo.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logonimages/ |
103 B 103 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AskOnceLogo.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NedbankFooterLogo.gif
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/images/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
slider_promos.htm
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/html/ Frame 6572 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Welcome.htm
netbank.nedsecure.co.za/Browser/Brands/Nedbank/Logon/html/ Frame 7DBA |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nedbank (Banking)46 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| event object| onformdata object| onpointerrawupdate function| openclose object| rn_img1on object| rn_img1off object| rn_img2on object| rn_img2off function| showtip function| hidetip function| transfer_on_confirm function| GetPage function| MaxFrameHeight function| OnLoad function| $ function| jQuery function| BigInteger object| M string| ApplicationPath string| GlobalBrand object| AJAXPageDisable function| LoadScript function| CreateNamespace object| jsCommon object| Nedbank string| sizeOfUpperFrame undefined| warningWin object| UndoValidateChanges object| ValidateCtrlParms object| ValidateCtrlIds object| ValidateTableParms object| ValidateTableIds object| BrowserDetect string| versionNum function| ContentInit function| ContentResize object| framesCommon object| logonForm boolean| hasSubmitStarted function| ValidateAndSubmit undefined| LoadTime undefined| SubmitTime function| EnterCatch function| PageGetSubmitTime object| validate_obj object| focusInput8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.nedsecure.co.za/ | Name: dtPC Value: -6$381855467_967h1p-6$381855487_361h1vGTXGQXDPGLUMONOAOFLDXYVZKYOEKSBT |
|
.nedsecure.co.za/ | Name: rxvt Value: 1587983655969|1587981855471 |
|
.nedsecure.co.za/ | Name: TS0188a3ac Value: 01db7de33734c07379e1616f2beae1f501660cab6292a163e8b04e7c691cd0e8c84fad0cfc78a8c7ded2ed7c8ab4b252d847ea75ce |
|
netbank.nedsecure.co.za/ | Name: TS01d73912 Value: 01db7de337d6f57b3ee26796830630c78225c6eff0d8a12eca99081870f1649cc2909e6c42 |
|
.nedsecure.co.za/ | Name: dtCookie Value: 7$7TG1AG2O3FVCFDCPATK2GSVSEVG1JM8C |
|
.nedsecure.co.za/ | Name: dtSa Value: - |
|
.nedsecure.co.za/ | Name: dtLatC Value: 108 |
|
.nedsecure.co.za/ | Name: rxVisitor Value: 158798185547009DQ62CGAJFHNC6OE70UNUQJAGGHMMQH |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
netbank.nedsecure.co.za
www.sales.it
109.233.126.13
168.142.204.33
1e5684f00ff66a12e9da468f21c59d240094d842f2a941c10adc9b8bf98b176c
1ff0eeb21779fdb3fa2519e017c13db776d5c53337b96d74b9431ba897414046
3a18ff487b9fcc4b10efb7bad289ff8cdf545159637b30ff3fe2bf15606d8f77
3c61003c8f643a995b119ac6f2180f29d30b80e1e2470e19187d1c417c52278a
43a9904189012ecb780451f877b2a8c158522acaadacdb8c56549eeb6ffbcebf
45f1184ff5eac46f031add376f07140c17933e7d443f941013a672dec971e979
5bbdb2f06f5f2aa872e00a0d6fcd16c409c2cfab770b5d18245fca9beec91fc4
5d6c838e884407d498f2972291b87ce84ed5095d6d3c7696182ec83a674f865e
5f5077cb7cdffe7e22862fbe4b9594099092cf655df8d7df889fcb0a2d8e0fe8
6f6cbd97fefa5dbc83b4cb4ca51e644f87a9d05f8fd7e4e73c8669ceec1fe917
811a0d96cb6b717ef578136f7097d43de2a459f727ca760626e5cefa5eff59c3
87e9bbbc46dd91eeffa515b2401303a855928189acc6c8baf65f0c7d06f6c4d6
89fdecac64019eebad7cd1121c2c83c528808f1c7fcf3832a50c7743d641ed86
90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1
9296726d409bae23e760579ce4d2f092d3940f365ecf9f02a724dee059c9f050
a82e568a648cb5517e0b5c18fb09f7c5c9db0728d6cd3293393fb908fb88bc70
b6d564c22df601ee79a04d8f4c90319ba14fd99fef56580af4a25918aca6b07a
bf100bfbc2dd803f103900a8751e466111c223630e3af9993fd1012bbe2813cc
d09c43907e99f3323be424e4d83e7ddd3072b3596580a56adb50fcbb57fc5ddf
d809db86b29fdd1bcc963f05a9031fb16cddd8d809a4a28b3ff162a4c801ecc2
f59b7978885e1ce59874d8b42ecdeeaf96eaecbe4eaa3299748805ec6c8cc5bb
fbed31fe516c5f3e20d8df909160988e65a7199781e1cf5a43b9d278629b704d