good.webmainsecure.name.ng Open in urlscan Pro
92.223.105.136  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response good.webmainsecure.name.ng/secure/	71 KB 14 KB	263ms 248ms	Document text/html	92.223.105.136 GHOST
General Check archive.org Show headers Download Go to Full URL http://good.webmainsecure.name.ng/secure/ Protocol HTTP/1.1 Server 92.223.105.136 Luxembourg, Luxembourg, ASN202422 (GHOST, LU), Reverse DNS namaboynamalove9.example.com Software Apache / Resource Hash 12f29ec8ed5a42b789475d6851371b349b998043d9478d9d5248e3249832f2d0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Tue, 16 Nov 2021 09:02:59 GMT Server Apache Vary Accept-Encoding Content-Encoding gzip Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	Flag_eng.svg www.nemid.nu/system/modules/dk.nemid.oc/resources/images/	2 KB 3 KB	297ms 139ms	Image image/svg+xml	104.111.240.169 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.nemid.nu/system/modules/dk.nemid.oc/resources/images/Flag_eng.svg Requested by Host: good.webmainsecure.name.ng URL: http://good.webmainsecure.name.ng/secure/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.111.240.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-240-169.deploy.static.akamaitechnologies.com Software Apache / Resource Hash d068057066a05d6d8ab5b6e37b96f8f6963ae259c7b748a7214c1a6feacd649e Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' policy.cookiereports.com https://pbs.122.2o7.net https://ssl.siteimprove.com; font-src 'self' data:; frame-ancestors 'self'; Strict-Transport-Security max-age=31536000;includeSubDomains X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' policy.cookiereports.com https://pbs.122.2o7.net https://ssl.siteimprove.com; font-src 'self' data:; frame-ancestors 'self'; X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer http://good.webmainsecure.name.ng/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Strict-Transport-Security max-age=31536000;includeSubDomains X-Content-Type-Options nosniff Last-Modified Thu, 09 Sep 2021 07:44:06 GMT Server Apache ETag "4009d-775-5cb8b29da56c9" Content-Type image/svg+xml Date Tue, 16 Nov 2021 09:03:00 GMT Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' policy.cookiereports.com https://pbs.122.2o7.net https://ssl.siteimprove.com; font-src 'self' data:; frame-ancestors 'self'; Connection keep-alive Accept-Ranges bytes Content-Length 1909 X-XSS-Protection 1; mode=block X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' policy.cookiereports.com https://pbs.122.2o7.net https://ssl.siteimprove.com; font-src 'self' data:; frame-ancestors 'self';
GET H/1.1	200 OK	nemid_white.svg www.nemid.nu//system/modules/dk.nemid.oc/resources/images/	63 KB 63 KB	314ms 156ms	Image image/svg+xml	104.111.240.169 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.nemid.nu//system/modules/dk.nemid.oc/resources/images/nemid_white.svg Requested by Host: good.webmainsecure.name.ng URL: http://good.webmainsecure.name.ng/secure/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.111.240.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-240-169.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 91913fcb4fbad92ce1eac54d08b86de6c26fe0e148bd02f56826b2cc5f90ca03 Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' policy.cookiereports.com https://pbs.122.2o7.net https://ssl.siteimprove.com; font-src 'self' data:; frame-ancestors 'self'; Strict-Transport-Security max-age=31536000;includeSubDomains X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' policy.cookiereports.com https://pbs.122.2o7.net https://ssl.siteimprove.com; font-src 'self' data:; frame-ancestors 'self'; X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer http://good.webmainsecure.name.ng/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Strict-Transport-Security max-age=31536000;includeSubDomains X-Content-Type-Options nosniff Last-Modified Thu, 09 Sep 2021 07:44:06 GMT Server Apache ETag "4009e-fa6b-5cb8b29db02a9" Content-Type image/svg+xml Date Tue, 16 Nov 2021 09:03:00 GMT Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' policy.cookiereports.com https://pbs.122.2o7.net https://ssl.siteimprove.com; font-src 'self' data:; frame-ancestors 'self'; Connection keep-alive Accept-Ranges bytes Content-Length 64107 X-XSS-Protection 1; mode=block X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' policy.cookiereports.com https://pbs.122.2o7.net https://ssl.siteimprove.com; font-src 'self' data:; frame-ancestors 'self';
GET H/1.1	200 OK	keycard-image.png good.webmainsecure.name.ng/secure/	450 KB 450 KB	21ms 21ms	Image image/png	92.223.105.136 GHOST
General Check archive.org Show headers Download Go to Show image Full URL http://good.webmainsecure.name.ng/secure/keycard-image.png Requested by Host: good.webmainsecure.name.ng URL: http://good.webmainsecure.name.ng/secure/ Protocol HTTP/1.1 Server 92.223.105.136 Luxembourg, Luxembourg, ASN202422 (GHOST, LU), Reverse DNS namaboynamalove9.example.com Software Apache / Resource Hash 6f1497ada6130f0621c0be65d76d578c5a85b1a72af6e1e8bd4cb93efab8d7ee Request headers Accept-Language de-DE,de;q=0.9 Referer http://good.webmainsecure.name.ng/secure/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Tue, 16 Nov 2021 09:03:00 GMT Last-Modified Mon, 15 Nov 2021 16:10:48 GMT Server Apache ETag "7066c-5d0d60d50c7ce" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 460396
GET H/1.1	404 Not Found	speaker.png good.webmainsecure.name.ng/images/	196 B 196 B	22ms 12ms	Image text/html	92.223.105.136 GHOST
General Check archive.org Show headers Download Go to Show image Full URL http://good.webmainsecure.name.ng/images/speaker.png Requested by Host: good.webmainsecure.name.ng URL: http://good.webmainsecure.name.ng/secure/ Protocol HTTP/1.1 Server 92.223.105.136 Luxembourg, Luxembourg, ASN202422 (GHOST, LU), Reverse DNS namaboynamalove9.example.com Software Apache / Resource Hash 80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880 Request headers Accept-Language de-DE,de;q=0.9 Referer http://good.webmainsecure.name.ng/secure/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Tue, 16 Nov 2021 09:03:00 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 196 Content-Type text/html; charset=iso-8859-1

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NemID (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://good.webmainsecure.name.ng/images/speaker.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

good.webmainsecure.name.ng
www.nemid.nu
104.111.240.169
92.223.105.136
12f29ec8ed5a42b789475d6851371b349b998043d9478d9d5248e3249832f2d0
6f1497ada6130f0621c0be65d76d578c5a85b1a72af6e1e8bd4cb93efab8d7ee
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
91913fcb4fbad92ce1eac54d08b86de6c26fe0e148bd02f56826b2cc5f90ca03
d068057066a05d6d8ab5b6e37b96f8f6963ae259c7b748a7214c1a6feacd649e