urlscan.io logo urlscan.io
SecurityTrails logo

khwallet.net Open in urlscan Pro
2606:4700:3037::6812:25f9  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Submission: On January 24 via automatic, source phishtank
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 20 HTTP transactions. The main IP is 2606:4700:3037::6812:25f9, located in United States and belongs to CLOUDFLARENET, US. The main domain is khwallet.net.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on December 5th 2019. Valid for: 10 months.
This is the only time khwallet.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ABSA (Banking)

Domain & IP information

IP Address AS Autonomous System
20 2606:4700:303... 13335 (CLOUDFLAR...)
20 1
Apex Domain
Subdomains		 Transfer
20 khwallet.net
khwallet.net
325 KB
20 1
Domain Requested by
20 khwallet.net khwallet.net
20 1

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2019-12-05 -
2020-10-09		 10 months crt.sh

This page contains 1 frames:

Primary Page: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Frame ID: 0D1B9F4885E2406770418A9745DF9464
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

20
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

325 kB
Transfer

1059 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request sbip.php
khwallet.net/mtsn/chm.nerc/pages/absa/ 		34 KB
26 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad209831e01a1cbfef9d634a9ac4d35cf80a608b0ad4a9036ca130be19306108
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
khwallet.net
:scheme
https
:path
/mtsn/chm.nerc/pages/absa/sbip.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User
?1

Response headers

status
200
date
Fri, 24 Jan 2020 07:11:17 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=debc56b024e0133f53df065fa810481e01579849876; expires=Sun, 23-Feb-20 07:11:16 GMT; path=/; domain=.khwallet.net; HttpOnly; SameSite=Lax
x-xss-protection
1; mode=block
x-content-type-options
nosniff
strict-transport-security
max-age=0; includeSubDomains; preload
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
55a0314278b2bece-FRA
content-encoding
br
enc.js
khwallet.net/mtsn/chm.nerc/pages/absa/includes/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/includes/enc.js
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6369118b817a8a0549092cce8b77d77ac7ec88cc76a66d3ed9e32e9c4f6fb23f
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Fri, 01 Jan 2016 06:46:10 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
55a031449af5bece-FRA
vary
Accept-Encoding
x-xss-protection
1; mode=block
main.css
khwallet.net/mtsn/chm.nerc/pages/absa/media/ 		129 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/main.css
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3323897d8c29c4f0ef7fdaf1f79eb00430b7b6ceaa168feb8b1b877819d71c2c
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Mon, 30 Sep 2019 05:58:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
55a031453ba1bece-FRA
vary
Accept-Encoding
x-xss-protection
1; mode=block
login.css
khwallet.net/mtsn/chm.nerc/pages/absa/media/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/login.css
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
65fed76d4ecd97c20c9e9d26c86d53574bd073070b91590f30238c710c7e1440
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Sat, 28 Sep 2019 13:19:18 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
55a031453ba4bece-FRA
vary
Accept-Encoding
x-xss-protection
1; mode=block
jcaptcha.css
khwallet.net/mtsn/chm.nerc/pages/absa/media/ 		1 KB
471 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/jcaptcha.css
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cfc8d1cac57c28080424e0352c91061277f42b819ac9280ec163095e9ed5d61b
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Fri, 27 Sep 2019 04:22:08 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
55a031453ba5bece-FRA
vary
Accept-Encoding
x-xss-protection
1; mode=block
backbase.js
khwallet.net/mtsn/chm.nerc/pages/absa/media/ 		256 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/backbase.js
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42073c1b1763c111523ed6f46b0eb0461c9fed9989f524437a6e099c9bf92267
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Fri, 27 Sep 2019 04:22:08 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
55a031453ba6bece-FRA
vary
Accept-Encoding
x-xss-protection
1; mode=block
main-all-base.js
khwallet.net/mtsn/chm.nerc/pages/absa/media/ 		479 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/main-all-base.js
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee2c2efa1a893b8cd01dad0eef4f712ced94baef250672a90ae822de77e1762d
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Tue, 01 Oct 2019 09:10:12 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
55a031453ba8bece-FRA
vary
Accept-Encoding
x-xss-protection
1; mode=block
logo-red.png
khwallet.net/mtsn/chm.nerc/pages/absa/media/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/logo-red.png
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86c3ec119fc6352ca80ccc5b6e2e8fa76c924adecaf33de65da1b892e7b1aa3e
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Fri, 27 Sep 2019 04:22:08 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55a031453ba9bece-FRA
vary
Accept-Encoding
content-length
2079
x-xss-protection
1; mode=block
locale_en.gif
khwallet.net/mtsn/chm.nerc/pages/absa/media/ 		70 B
168 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/locale_en.gif
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c243a2d63452b7a8392cdf93e637ec423b3241149831b2082283063d1e34413
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Fri, 27 Sep 2019 04:22:08 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
image/gif
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55a031453baabece-FRA
vary
Accept-Encoding
content-length
70
x-xss-protection
1; mode=block
campaigne_1_ENG.png
khwallet.net/mtsn/chm.nerc/pages/absa/media/ 		45 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/campaigne_1_ENG.png
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb45d428c00e88ea0e73eca797ebb0222173c4bb22a86935a4d94137695a42ef
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Fri, 27 Sep 2019 04:22:08 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55a03145bc36bece-FRA
vary
Accept-Encoding
content-length
46532
x-xss-protection
1; mode=block
campaigne_3_post_golive_EN.jpg
khwallet.net/mtsn/chm.nerc/pages/absa/media/ 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/campaigne_3_post_golive_EN.jpg
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1cf91e4161358590319b72b7dc5e1f9dfa75b4b8406e33b635118d6bde0c933
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Fri, 27 Sep 2019 04:22:08 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
image/jpeg
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55a03145dc4fbece-FRA
vary
Accept-Encoding
content-length
38152
x-xss-protection
1; mode=block
ajax-loader-2.gif
khwallet.net/mtsn/chm.nerc/pages/absa/media/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/ajax-loader-2.gif
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6b693de4c17c014dad29abe5294359606104283674d45ee8348e9dc731ff540
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Fri, 27 Sep 2019 04:22:08 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
image/gif
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55a03145dc50bece-FRA
vary
Accept-Encoding
content-length
3208
x-xss-protection
1; mode=block
jquery.min.js
khwallet.net/mtsn/chm.nerc/pages/absa/media/ 		56 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/jquery.min.js
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8370a2d050359e9d505acc411e6f457a49b21360a21e6cbc9229bad3a767899
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Sun, 29 Sep 2019 04:30:26 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
55a031457bffbece-FRA
vary
Accept-Encoding
x-xss-protection
1; mode=block
keyboard.js
khwallet.net/mtsn/chm.nerc/pages/absa/media/ 		1 KB
536 B 		Script
General
Check archive.org
Download Go to
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/keyboard.js
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e8048cb9e4e573155e9aae43a721aebd1f09b4d8fcf99d87310e5958da7dd15
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Sat, 28 Sep 2019 13:38:24 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
55a031457c06bece-FRA
vary
Accept-Encoding
x-xss-protection
1; mode=block
sprite-corners-rounded.png
khwallet.net/mtsn/chm.nerc/pages/absa/media/ 		246 B
332 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/sprite-corners-rounded.png
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6a1423dcdc9a531df9d5dfc5a1ea720eec868eda0a56e1580a0c71c69e79b8fe
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Mon, 30 Sep 2019 04:35:12 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55a03145ec57bece-FRA
vary
Accept-Encoding
content-length
246
x-xss-protection
1; mode=block
icon-questionmark-grey_2019.png
khwallet.net/mtsn/chm.nerc/pages/absa/media/ 		362 B
448 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/icon-questionmark-grey_2019.png
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79fb86c959989a8d2c920e6e4550c396fcee47ec4deda2549b237aca12dd981d
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Sat, 28 Sep 2019 13:19:30 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55a03145ec58bece-FRA
vary
Accept-Encoding
content-length
362
x-xss-protection
1; mode=block
keypad-bg.gif
khwallet.net/mtsn/chm.nerc/pages/absa/media/ 		439 B
525 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/keypad-bg.gif
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31d4c1cd3bf18363ff7643f87a54fecd70376fed89cd5805ced2e323127fa334
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Sat, 28 Sep 2019 13:13:46 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
image/gif
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55a03145ec59bece-FRA
vary
Accept-Encoding
content-length
439
x-xss-protection
1; mode=block
key-button.gif
khwallet.net/mtsn/chm.nerc/pages/absa/media/ 		379 B
465 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/key-button.gif
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3dbb7567bec3fa266960ee53ee72d534e1834e481ff502a0901fcb32af7ff23
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Sat, 28 Sep 2019 13:14:00 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
image/gif
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55a03145ec5abece-FRA
vary
Accept-Encoding
content-length
379
x-xss-protection
1; mode=block
keypad-backspace.png
khwallet.net/mtsn/chm.nerc/pages/absa/media/ 		209 B
294 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/keypad-backspace.png
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1723fd2bd8c98417e8739ab2853cb92dfb0e50113a7a9726d2cceb69d00eea05
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Mon, 30 Sep 2019 04:34:04 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55a03145ec5bbece-FRA
vary
Accept-Encoding
content-length
209
x-xss-protection
1; mode=block
sprite-icons-bar-status_2019.png
khwallet.net/mtsn/chm.nerc/pages/absa/media/ 		643 B
729 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/sprite-icons-bar-status_2019.png
Requested by
Host: khwallet.net
URL: https://khwallet.net/mtsn/chm.nerc/pages/absa/sbip.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:25f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
620195c7ce8c374b49f3438ad4b3edc1aa33c7ee839d13436f202fc38a55acbb
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://khwallet.net/mtsn/chm.nerc/pages/absa/media/login.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 24 Jan 2020 07:11:17 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Sat, 28 Sep 2019 13:14:30 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55a03145fc67bece-FRA
vary
Accept-Encoding
content-length
643
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ABSA (Banking)

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| Aes object| Base64 object| Utf8 string| hea2p string| hea2t string| output string| ctrTxt function| SOAPEnvelope function| j1_ object| JSONRequest function| JSONRequestError object| bb object| portal object| gadgets object| absa function| triggerModal4Body function| absaGadgetTemplate undefined| onReturn string| siteEnvironment string| s_account object| s function| s_getObjectID function| s_doPlugins function| getMetaContent function| getProps function| getAllProps function| getFirstProp function| addLoadEvent function| OmnitureContactUs function| OmnitureToolUsage function| OmnitureToolUsageComplete function| CustomerAction function| OmnitureSocialClick string| s_code undefined| s_objectID function| s_gi string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in function| s_onload_0 function| check function| GetNow function| $ function| jQuery object| xhtml object| btl function| oldConvert function| oldGetStyle

1 Cookies

Domain/Path Name / Value
.khwallet.net/ Name: __cfduid
Value: debc56b024e0133f53df065fa810481e01579849876

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

khwallet.net
2606:4700:3037::6812:25f9
1723fd2bd8c98417e8739ab2853cb92dfb0e50113a7a9726d2cceb69d00eea05
31d4c1cd3bf18363ff7643f87a54fecd70376fed89cd5805ced2e323127fa334
3323897d8c29c4f0ef7fdaf1f79eb00430b7b6ceaa168feb8b1b877819d71c2c
3c243a2d63452b7a8392cdf93e637ec423b3241149831b2082283063d1e34413
42073c1b1763c111523ed6f46b0eb0461c9fed9989f524437a6e099c9bf92267
620195c7ce8c374b49f3438ad4b3edc1aa33c7ee839d13436f202fc38a55acbb
6369118b817a8a0549092cce8b77d77ac7ec88cc76a66d3ed9e32e9c4f6fb23f
65fed76d4ecd97c20c9e9d26c86d53574bd073070b91590f30238c710c7e1440
6a1423dcdc9a531df9d5dfc5a1ea720eec868eda0a56e1580a0c71c69e79b8fe
79fb86c959989a8d2c920e6e4550c396fcee47ec4deda2549b237aca12dd981d
86c3ec119fc6352ca80ccc5b6e2e8fa76c924adecaf33de65da1b892e7b1aa3e
9e8048cb9e4e573155e9aae43a721aebd1f09b4d8fcf99d87310e5958da7dd15
ad209831e01a1cbfef9d634a9ac4d35cf80a608b0ad4a9036ca130be19306108
b6b693de4c17c014dad29abe5294359606104283674d45ee8348e9dc731ff540
c8370a2d050359e9d505acc411e6f457a49b21360a21e6cbc9229bad3a767899
cb45d428c00e88ea0e73eca797ebb0222173c4bb22a86935a4d94137695a42ef
cfc8d1cac57c28080424e0352c91061277f42b819ac9280ec163095e9ed5d61b
d3dbb7567bec3fa266960ee53ee72d534e1834e481ff502a0901fcb32af7ff23
ee2c2efa1a893b8cd01dad0eef4f712ced94baef250672a90ae822de77e1762d
f1cf91e4161358590319b72b7dc5e1f9dfa75b4b8406e33b635118d6bde0c933