nedbank.pay-secure.gq
Open in
urlscan Pro
2606:4700:3035::ac43:c9c3
Malicious Activity!
Public Scan
Effective URL: https://nedbank.pay-secure.gq/code.html
Submission: On October 22 via manual from ZA — Scanned from DE
Summary
TLS certificate: Issued by E1 on October 6th 2022. Valid for: 3 months.
This is the only time nedbank.pay-secure.gq was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nedbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 11 | 2606:4700:303... 2606:4700:3035::ac43:c9c3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a02:26f0:350... 2a02:26f0:3500:11::215:14ca | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
3 | 2a02:26f0:350... 2a02:26f0:3500:587::1e80 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 99.86.1.159 99.86.1.159 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 143.204.214.41 143.204.214.41 | 16509 (AMAZON-02) (AMAZON-02) | |
19 | 168.142.204.82 168.142.204.82 | 3741 (IS) (IS) | |
9 | 168.142.204.15 168.142.204.15 | 3741 (IS) (IS) | |
1 | 2a00:1450:400... 2a00:1450:4001:827::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 54.76.60.98 54.76.60.98 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 18.203.13.19 18.203.13.19 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 13.36.218.177 13.36.218.177 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 52.212.190.143 52.212.190.143 | 16509 (AMAZON-02) (AMAZON-02) | |
61 | 13 |
ASN20940 (AKAMAI-ASN1, NL)
websdk.appsflyer.com |
ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com |
ASN16509 (AMAZON-02, US)
PTR: server-99-86-1-159.fra6.r.cloudfront.net
d3rnm236tp90vs.cloudfront.net |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-214-41.fra53.r.cloudfront.net
d21ctq9anmk97c.cloudfront.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-60-98.eu-west-1.compute.amazonaws.com
nedbank.demdex.net | |
dpm.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-13-19.eu-west-1.compute.amazonaws.com
wa.onelink.me |
ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
nedbank.d3.sc.omtrdc.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-190-143.eu-west-1.compute.amazonaws.com
wa.appsflyer.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
28 |
nedbank.co.za
secured.nedbank.co.za www.nedbank.co.za — Cisco Umbrella Rank: 557474 |
2 MB |
11 |
pay-secure.gq
1 redirects
nedbank.pay-secure.gq |
33 KB |
3 |
cloudfront.net
d3rnm236tp90vs.cloudfront.net d21ctq9anmk97c.cloudfront.net |
61 KB |
3 |
adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 490 |
71 KB |
2 |
omtrdc.net
nedbank.d3.sc.omtrdc.net |
471 B |
2 |
onelink.me
wa.onelink.me — Cisco Umbrella Rank: 9586 |
831 B |
2 |
demdex.net
nedbank.demdex.net dpm.demdex.net — Cisco Umbrella Rank: 214 |
5 KB |
2 |
appsflyer.com
websdk.appsflyer.com — Cisco Umbrella Rank: 5075 wa.appsflyer.com — Cisco Umbrella Rank: 6622 |
10 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 306 |
31 KB |
61 | 9 |
Domain | Requested by | |
---|---|---|
19 | secured.nedbank.co.za |
nedbank.pay-secure.gq
secured.nedbank.co.za |
11 | nedbank.pay-secure.gq |
1 redirects
nedbank.pay-secure.gq
|
9 | www.nedbank.co.za |
nedbank.pay-secure.gq
|
3 | assets.adobedtm.com |
nedbank.pay-secure.gq
|
2 | nedbank.d3.sc.omtrdc.net |
assets.adobedtm.com
nedbank.pay-secure.gq |
2 | wa.onelink.me |
websdk.appsflyer.com
|
2 | d3rnm236tp90vs.cloudfront.net |
nedbank.pay-secure.gq
d3rnm236tp90vs.cloudfront.net |
1 | wa.appsflyer.com |
websdk.appsflyer.com
|
1 | dpm.demdex.net |
assets.adobedtm.com
|
1 | nedbank.demdex.net |
nedbank.pay-secure.gq
|
1 | ajax.googleapis.com |
nedbank.pay-secure.gq
|
1 | d21ctq9anmk97c.cloudfront.net |
nedbank.pay-secure.gq
|
1 | websdk.appsflyer.com |
nedbank.pay-secure.gq
|
61 | 13 |
This site contains links to these domains. Also see Links.
Domain |
---|
personal.nedbank.co.za |
www.nedbank.co.za |
www.avo.africa |
www.entrust.net |
onlinesharetrading.nedbank.co.za |
play.google.com |
itunes.apple.com |
appgallery5.huawei.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.pay-secure.gq E1 |
2022-10-06 - 2023-01-04 |
3 months | crt.sh |
*.appsflyer.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-09-22 - 2023-09-24 |
a year | crt.sh |
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-07-19 - 2023-08-19 |
a year | crt.sh |
*.cloudfront.net Amazon |
2022-02-01 - 2023-01-31 |
a year | crt.sh |
secured.nedbank.co.za Entrust Certification Authority - L1M |
2022-09-05 - 2023-10-04 |
a year | crt.sh |
*.nedbank.co.za Entrust Certification Authority - L1K |
2022-10-10 - 2023-10-10 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-09-26 - 2022-12-19 |
3 months | crt.sh |
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-09-26 - 2023-10-27 |
a year | crt.sh |
*.onelink.me Amazon |
2022-03-06 - 2023-04-04 |
a year | crt.sh |
*.d3.sc.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-02-17 - 2023-03-07 |
a year | crt.sh |
*.appsflyersdk.com Amazon |
2022-05-11 - 2023-06-09 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://nedbank.pay-secure.gq/code.html
Frame ID: ECA236BCCA85E136B66C81F08F5B27D6
Requests: 60 HTTP requests in this frame
Frame:
https://nedbank.demdex.net/dest5.html?d_nsid=0
Frame ID: 233B2BB8FC436519106B0C95F1DE68EB
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Online BankingPage URL History Show full URLs
-
http://nedbank.pay-secure.gq/code.html
HTTP 301
https://nedbank.pay-secure.gq/code.html Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
21 Outgoing links
These are links going to different origins than the main page.
Title: Add your card to Google Walletâ„¢ and pay using Google Payâ„¢. Find out more
Search URL Search Domain Scan URL
Title: Enjoy the convenience of Online Banking. Have you registered yet?... Find out more
Search URL Search Domain Scan URL
Title: New feature: Don’t miss out on rewards by using Bill Payments. Find out more
Search URL Search Domain Scan URL
Title: Keep the lights on with Nedbank Solar Finance, powered by MFC. Find out more
Search URL Search Domain Scan URL
Title: Get more cash back when you shop. Find out more
Search URL Search Domain Scan URL
Title: Win a trip for two to the FIFA World Cupâ„¢, thanks to Visa. Find out more
Search URL Search Domain Scan URL
Title: Get R200 cash back every month. T&Cs apply. Find out more
Search URL Search Domain Scan URL
Title: Get R30 000 funeral cover for only R3 a day. Find out more
Search URL Search Domain Scan URL
Title: Shop for everything, everywhere, in one go on Avo SuperShop. Find out more
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Learn more →
Search URL Search Domain Scan URL
Title: Fraud awareness
Search URL Search Domain Scan URL
Title: Verify payments
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Title: Online share trading
Search URL Search Domain Scan URL
Title: Privacy notice
Search URL Search Domain Scan URL
Title: PAIA
Search URL Search Domain Scan URL
Title: Nedbank Money app
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://nedbank.pay-secure.gq/code.html
HTTP 301
https://nedbank.pay-secure.gq/code.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
61 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
code.html
nedbank.pay-secure.gq/ Redirect Chain
|
289 KB 31 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
websdk.appsflyer.com/ |
34 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
launch-1bbd76e19c63.min.js
assets.adobedtm.com/6422e0f550a2/567d03ce12ec/ |
212 KB 57 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ |
33 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pqwct.js
d3rnm236tp90vs.cloudfront.net/623923/ |
66 KB 30 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
load.js
d21ctq9anmk97c.cloudfront.net/623923/ |
68 KB 30 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.7c2e2e301c8ce5e3.css
secured.nedbank.co.za/ |
139 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NedbankIcon.svg
secured.nedbank.co.za/assets/svg/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cross-Black-small.svg
secured.nedbank.co.za/assets/svg/ |
816 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
outdated-browser.svg
secured.nedbank.co.za/assets/svg/ |
49 KB 15 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Error_Orange.svg
secured.nedbank.co.za/assets/svg/ |
933 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NedbankExperience.svg
secured.nedbank.co.za/assets/svg/ |
12 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-fast.svg
secured.nedbank.co.za/assets/svg/ |
5 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-easy.svg
secured.nedbank.co.za/assets/svg/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-secure.svg
secured.nedbank.co.za/assets/svg/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FontFont%20-%20MarkPro.307179f82a6dd2a0.otf
nedbank.pay-secure.gq/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Google_Wallet_PrivateClients_appTile.jpg
www.nedbank.co.za/content/dam/NedbankMoney/globalcards/ |
64 KB 65 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
OB_register_appTile2.jpg
www.nedbank.co.za/content/dam/NedbankMoney/globalcards/ |
211 KB 212 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Bill_Payments_appTile1.jpg
www.nedbank.co.za/content/dam/NedbankMoney/globalcards/ |
55 KB 56 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Solar_Finance_appTile1.jpg
www.nedbank.co.za/content/dam/NedbankMoney/globalcards/ |
237 KB 239 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
T3_AMEX_appTile.jpg
www.nedbank.co.za/content/dam/NedbankMoney/globalcards/ |
124 KB 125 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FIFA_22_appTile.jpg
www.nedbank.co.za/content/dam/NedbankMoney/globalcards/ |
259 KB 260 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
PL_Savvy_R200_appTile.png
www.nedbank.co.za/content/dam/NedbankMoney/globalcards/ |
398 KB 399 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Funeral_Cover_T2_appTile.jpg
www.nedbank.co.za/content/dam/NedbankMoney/globalcards/ |
249 KB 251 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Avo_SuperShop_OBtile.jpg
www.nedbank.co.za/content/dam/NedbankMoney/globalcards/ |
139 KB 140 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
entrust_site_seal_ssl.png
secured.nedbank.co.za/assets/png/ |
18 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
GooglePlay.svg
secured.nedbank.co.za/assets/svg/ |
22 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AppStoreBadge.svg
secured.nedbank.co.za/assets/svg/ |
12 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
HuaweiStoreBadge.svg
secured.nedbank.co.za/assets/svg/ |
22 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
form1.js
nedbank.pay-secure.gq/modules/ |
420 B 737 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
FFMarkWebProRegular.69386de63644c744.ttf
nedbank.pay-secure.gq/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
FFMarkWebProRegular.3594b4997f3f4009.woff
nedbank.pay-secure.gq/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
FFMarkWebProRegular.fb38458d0fa9adfc.woff2
nedbank.pay-secure.gq/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.7c2e2e301c8ce5e3.css
secured.nedbank.co.za/ |
139 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dest5.html
nedbank.demdex.net/ Frame 233B |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
dpm.demdex.net/ |
642 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NedbankIcon.3cee39915afd52c3.svg
secured.nedbank.co.za/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-chat-thin.aecf4aeab466cacf.svg
secured.nedbank.co.za/ |
736 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
location-blank-green.15740b1c831edc89.svg
secured.nedbank.co.za/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
contact-blank-green.36dfab02d2901e0a.svg
secured.nedbank.co.za/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
demo-icon.993a5c7bb466a7ea.svg
secured.nedbank.co.za/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-tailarrow-right.fabeb0b09e6324c8.svg
nedbank.pay-secure.gq/ |
239 B 239 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
chevron.622175d3bf669705.svg
nedbank.pay-secure.gq/ |
226 B 226 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Arrow.863bd05819ce952f.svg
nedbank.pay-secure.gq/ |
224 B 224 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
close-gray.255d2087c5e383f8.svg
nedbank.pay-secure.gq/ |
229 B 229 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
onelink
wa.onelink.me/v1/ |
13 B 323 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
id
nedbank.d3.sc.omtrdc.net/ |
2 B 270 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
FontFont%20-%20MarkPro.307179f82a6dd2a0.otf
secured.nedbank.co.za/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
FontFont%20-%20MarkPro-Medium.fc8a82ca7526157c.otf
secured.nedbank.co.za/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
events
wa.appsflyer.com/ |
77 B 529 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s34101193351453
nedbank.d3.sc.omtrdc.net/b/ss/nedbankonlinebankingprd,nedbankglobal/1/JS-2.22.4-LCXS/ |
43 B 201 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
onelink
wa.onelink.me/v1/ |
51 B 508 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
FFMarkWebProRegular.69386de63644c744.ttf
secured.nedbank.co.za/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
FFMarkWebProMedium.d044c99156118d3f.ttf
secured.nedbank.co.za/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
FFMarkWebProRegular.3594b4997f3f4009.woff
secured.nedbank.co.za/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
FFMarkWebProMedium.158709a0105616cd.woff
secured.nedbank.co.za/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
FFMarkWebProMedium.c206d31548bfa5b6.woff2
secured.nedbank.co.za/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
FFMarkWebProRegular.fb38458d0fa9adfc.woff2
secured.nedbank.co.za/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zeJc
d3rnm236tp90vs.cloudfront.net/623923/ |
90 B 650 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- secured.nedbank.co.za
- URL
- https://secured.nedbank.co.za/FontFont%20-%20MarkPro.307179f82a6dd2a0.otf
- Domain
- secured.nedbank.co.za
- URL
- https://secured.nedbank.co.za/FontFont%20-%20MarkPro-Medium.fc8a82ca7526157c.otf
- Domain
- secured.nedbank.co.za
- URL
- https://secured.nedbank.co.za/FFMarkWebProRegular.69386de63644c744.ttf
- Domain
- secured.nedbank.co.za
- URL
- https://secured.nedbank.co.za/FFMarkWebProMedium.d044c99156118d3f.ttf
- Domain
- secured.nedbank.co.za
- URL
- https://secured.nedbank.co.za/FFMarkWebProRegular.3594b4997f3f4009.woff
- Domain
- secured.nedbank.co.za
- URL
- https://secured.nedbank.co.za/FFMarkWebProMedium.158709a0105616cd.woff
- Domain
- secured.nedbank.co.za
- URL
- https://secured.nedbank.co.za/FFMarkWebProMedium.c206d31548bfa5b6.woff2
- Domain
- secured.nedbank.co.za
- URL
- https://secured.nedbank.co.za/FFMarkWebProRegular.fb38458d0fa9adfc.woff2
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nedbank (Banking)41 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| goToNedbankHome string| AppsFlyerSdkObject function| AF object| global function| inIframe object| tokenValue function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq function| AppMeasurement_Module_ActivityMap object| ___sc623923 object| ___so623923 number| CLIWHIT string| PSESSIONID string| SSESSIONID string| LSESSIONID object| __tp number| __gt function| target function| $ function| jQuery object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in object| AF_SDK object| s_i_nedbankonlinebankingprd_nedbankglobal10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
nedbank.pay-secure.gq/ | Name: LSESSIONID Value: eyJpIjoiNnYzcVF5aUMyckRaY3Y5dHQxWUZYUT09IiwiZSI6IlwvSlBpRk9lTGV6ZVFsbXdheDVMaWRKMTFHYkR2cmR2ZkRNVlwvV2UyTlwvXC9SVGp1N3BWZE9lOUNDTmlOb2gyRkxrZmg1MEp2VWtFNldJNkg5amJWVGFiTHFuRXBVV0hPem9kNE0xWGN0YXRcL1dybEZQUGJxdERQcUczcFZlRzdBckFwcHB5ZG1kQ0F0bTNNcGtHQU9iXC9wQT09In0%3D.f416b5866c345da9.NmNhMjcxMjcwYTI0NGU5ZDdhNDM1NDQ3ZDNhOTYyNDI5ZTUwYmI5MTljN2UwMDcxMWQ4MTQxNTg0MmZmMjk1Yg%3D%3D |
|
.demdex.net/ | Name: demdex Value: 12858496340756600102836507389174783861 |
|
.pay-secure.gq/ | Name: AMCVS_5B5243A15589607E7F000101%40AdobeOrg Value: 1 |
|
.pay-secure.gq/ | Name: AMCV_5B5243A15589607E7F000101%40AdobeOrg Value: 1176715910%7CMCIDTS%7C19288%7CMCMID%7C12854490483875071382833846108766962269%7CMCAAMLH-1667077631%7C6%7CMCAAMB-1667077631%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1666480031s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0 |
|
.pay-secure.gq/ | Name: s_cc Value: true |
|
.appsflyer.com/ | Name: af_id Value: ea777c9f-278b-4d09-aeb7-7aa9ceba2f38-p |
|
.pay-secure.gq/ | Name: afUserId Value: ea777c9f-278b-4d09-aeb7-7aa9ceba2f38-p |
|
.onelink.me/ | Name: af_id Value: ea777c9f-278b-4d09-aeb7-7aa9ceba2f38-p |
|
.pay-secure.gq/ | Name: AF_SYNC Value: 1666472831649 |
|
nedbank.pay-secure.gq/ | Name: ___so623923 Value: eyJsc2giOjIzMDQ0OTMzMDIsInJlZmVycmVyIjoiaHR0cHM6Ly9uZWRiYW5rLnBheS1zZWN1cmUuZ3EvY29kZS5odG1sIiwic2QiOm51bGwsInNkYyI6bnVsbCwiZSI6eyJuIjozLCJhIjpbeyIxNSI6dHJ1ZSwiMTYiOnRydWUsInNyIjoiIn0sIjE2Il0sInJpZCI6MC44MDA3MzgxNzEyODAzMjgxfSwiY2lzaWciOjM5NDU2Mzc0NjB9 |
26 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
assets.adobedtm.com
d21ctq9anmk97c.cloudfront.net
d3rnm236tp90vs.cloudfront.net
dpm.demdex.net
nedbank.d3.sc.omtrdc.net
nedbank.demdex.net
nedbank.pay-secure.gq
secured.nedbank.co.za
wa.appsflyer.com
wa.onelink.me
websdk.appsflyer.com
www.nedbank.co.za
secured.nedbank.co.za
13.36.218.177
143.204.214.41
168.142.204.15
168.142.204.82
18.203.13.19
2606:4700:3035::ac43:c9c3
2a00:1450:4001:827::200a
2a02:26f0:3500:11::215:14ca
2a02:26f0:3500:587::1e80
52.212.190.143
54.76.60.98
99.86.1.159
00ff1bb43d0a271618cd1f626e0530c4e9efb344058b85744e569306c93ecc42
11255fcfb3fb7d6a18f1e2e9aaaa8bee0841fd565eb5ba84e8494bf84c424700
1a5a4243d5deb812322c88585c60005996d2dad53a656ed6c07595d09c877b00
1e18760ed18470f264f73c2984ea3b302a190cb29d0fe64faeb018df4860355b
1ff2a8671111fb294acbd910e0ff757971eaeb4b381206de8ebabb38e259ca15
203680b7945ca5c9f3697881f9af9c8ed160354675055d22fc34545910cd4d54
2320bae1e8e83c488651b7481eeb327d3f26992d119182952d984e5aafe01a6f
24af98f5927069908c81e519b1082493492411999b322d3297a0be59baed39ed
281c360431a2d1baa9c533a4b69b599a15dceeed26b52cee21ec37da4365fe9b
2e0828d80f1e2542b247915dbafaa268fcdd6f5c4ce4d6e57eccc0d37916752e
2faf9dd4f983809c9700b446478c89efb1db1fcdfa056001a2b4db359744b75a
38bc0f256821a9c0a02a1c0cedf8ff70c211e637ef77ac199de2fe0cf36ba9ec
39b5f1c0f6f72d7ca3c3181749b646470718a5a8eca80ce13d0b63c15edb2e7c
39c3f3a34b7b37ce5381250ecae1250377bd4a8a4afd1d5976fb7f0aac68b174
3bf07d30c5c5867acf6a3ec763086a9c3d1ea5c7e6783c1550e1309c67e59bf3
3d4e079616c1282712f54894f27baea16d199615582cd948fa8a6588a82ab622
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
443642c333c1aa7677d4217d443909557a7964858b959c5ef3b438f11874c5ee
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575
4cfabcfdbec9a5cd903190f150028743f38c3533b53ea21c6e4dd35a52a80383
52bbe8e308b21ca0939cbfbdc7bc71377740e6a23fd985f4493d0c0e4c846fad
56b87521359938f63ee4dc2ddbc1cdda2e9e70de226950a1cc085d8ba6999e4c
588400a711842caa93c2dffd2996537ddab0c2fc53015492d0f8981a78439050
5890a7bf39ba2a022ba9612c0a3c8356f36acfac4e32a5bfda52c800391ee984
5c6c8d8c0e52c66587d5f15d69de975d84894fc26afc864cd7b3eebde68b426c
66cdee716767ca9e1f894ba70d7250a709ce44ae7d3eddd3c6f9f7f9faf513a3
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
84e88c73d0170c577b25327769d7aa377486b27da409f75c03f3c2fc1abc2bd9
8fd778cf8be190de02f1a95bb0a3d1ba158c4041b109fa8ac002c245056e06dc
90f2c03f83ac9681af5f12b9b49112e905700bd752d1d697e4457c50e769d477
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
940463392d08bd335260dd336a9f25ba7377066c485c4591f190c5a8aa553313
9731178a65895ad7a2835bb97c7d3e1fbb030448ce0af77fad66d45559beee0d
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
aa5e522e1a7b02b00ebe839f3719f30b46e41d23792a597ca409d16d929a206a
b56bd2aeb39c48bb1732623689421c02c93461a6024a657124450d5664bbbb56
b83d1f07b93621fb7fbe1e29daf5487ff0bd78f6607213db56dacfbd3b11307c
bbcc325054b5b9d75f208f6f93d28b69a67070a58aad5ca8dbd6c932bc2bc9a2
bd7034bbe7767aafcd452d005ea9e244853cc0e8f9abe66779a79749461e1a5a
d0a53295ccc34fcfc8099f4527ae0df86fcd910e41a75655eced1c0ba71febf5
d4c4f3bcdff08509878d55ff3e067e99aa3ee36d01a9f6dab3d5dbfb6c926c83
d88fedad79f51cae5be17cd5ee16ea706978380791b34100beade1881a5974f4
d8d1980aafe6487ebe185f03149f7dafceba1acffebce650d58a2783534dfcea
e0813e671602c2c1ac9052c2d10432377770643e239ac6a6ff7f6fd9cf002c04
e79680516f7aebb8535d875afb21b608dc955fa48f3084502858ea7513ba547c
f7baf6fab8ed8563ffcf45e566735dc4adf36fd5243d0c2ffdf472905bc7e018
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e