www.didaweb.net
Open in
urlscan Pro
31.11.36.22
Malicious Activity!
Public Scan
Submission: On August 30 via manual from IT — Scanned from IT
Summary
TLS certificate: Issued by Actalis Domain Validation Server CA G3 on January 13th 2023. Valid for: a year.
This is the only time www.didaweb.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NatWest (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 31.11.36.22 31.11.36.22 | 31034 (ARUBA-ASN) (ARUBA-ASN) | |
1 | 69.16.175.42 69.16.175.42 | 20446 (STACKPATH...) (STACKPATH-CDN) | |
2 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 733 |
29 KB |
1 |
didaweb.net
www.didaweb.net |
127 KB |
2 | 2 |
Domain | Requested by | |
---|---|---|
1 | code.jquery.com |
www.didaweb.net
|
1 | www.didaweb.net | |
2 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.didaweb.net Actalis Domain Validation Server CA G3 |
2023-01-13 - 2024-02-13 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.didaweb.net/risorse/admin/news/index.html
Frame ID: CADC1D626DCC19FC59F76B11DAD7D82E
Requests: 19 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
2 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.html
www.didaweb.net/risorse/admin/news/ |
198 KB 127 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-2.2.4.min.js
code.jquery.com/ |
84 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
20 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
992 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
911 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
10 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
743 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NatWest (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery function| formatCardNumber0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
www.didaweb.net
31.11.36.22
69.16.175.42
03285bdf8ae7b6e9c5c2b5c177c54fa80f45c85282902d72ac13797ef70c0fce
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
070248a201dbfa8e4a8576c0e4966536bd7d0a032acb52e0a1c7554d0a758603
0bfd75bdb0b02580963ddb2ce2fafec55850b52837ca42619b754cd0054e6600
160da373d44846c0bb07f5ca7566d280c2998e45b48cd92e92d4057215faf0e7
1d90b893bafefc19de4ec421a9cfd762f370874b15a58cbf6b5fa92b6bf2df30
299e049b090dd6904f96fbde6d56e1fb270eff4044ca4ceffe6bc1a7534443b5
36aa0647ba26b54031cf8a6d6ad4504769c4e30ad49a43d1320c1833318252e4
39439b339447989a92bb100f3baf0e8853a7810fec87c28acf1dbb1e594caf76
39e04c9873784832d9d3675aae27369a440b8c5df621d7c142c39375ee0f4dcd
5e4c8bb69eb386091380d09195b931c656709bfc8687fd2887cef6a7512d0dc3
95794078859c3c312fdcda67f70e14a8a24002eae9dd3c862b05f26d0527a6c4
b5e5fe9b13be2d9a0c433907ac06f0102c3b944b906ee3785f6625bdf0013b34
d0c46b7a5cd9ef78456024a9fc5266e81727c9e4d48701b1fee7c44f16b3744a
e27f7ff05294b931f19b0b671d99e80ad490f8135760d282acc0f73a5877dd56
e63f205e2b3dc276450b50b90f22aebad35aea51251bdb8355385936744da54b
eec5f052a7b3380ef36946303eaf3967207424645715dae08120adedae2887f0
f2b557317fb851b3ed73c2d8203192e9ed433bd006ca5025ccb3317ef15e1b8d
fc7b7728dfd3af5912ffb05292105231a79219e8acb487f6089180094eae0e74