nanaimonails.com
Open in
urlscan Pro
162.241.114.172
Malicious Activity!
Public Scan
Submission: On March 31 via api from US — Scanned from US
Summary
TLS certificate: Issued by R3 on March 30th 2023. Valid for: 3 months.
This is the only time nanaimonails.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Commonwealth Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 162.241.114.172 162.241.114.172 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
1 | 173.223.57.199 173.223.57.199 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
2 | 2600:9000:20e... 2600:9000:20e9:d000:a:6cdf:4440:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2600:9000:21b... 2600:9000:21b8:c400:1e:54f1:26c0:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2600:9000:20e... 2600:9000:20e9:ec00:13:ab57:d440:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
12 | 6 |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 162-241-114-172.webhostbox.net
nanaimonails.com |
ASN16625 (AKAMAI-AS, US)
PTR: a173-223-57-199.deploy.static.akamaitechnologies.com
www.commbank.com.au |
ASN16509 (AMAZON-02, US)
1.a79ab95c1589a13f8a4cab612bc71f9f7.com |
ASN16509 (AMAZON-02, US)
1.b406929acabac9b095f124c81bdfcf57f.com |
ASN16509 (AMAZON-02, US)
1.c81358859121583b7adf2ace89cb39f44.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
nanaimonails.com
nanaimonails.com |
53 KB |
2 |
c81358859121583b7adf2ace89cb39f44.com
1.c81358859121583b7adf2ace89cb39f44.com — Cisco Umbrella Rank: 27591 |
4 KB |
2 |
b406929acabac9b095f124c81bdfcf57f.com
1.b406929acabac9b095f124c81bdfcf57f.com — Cisco Umbrella Rank: 27612 |
4 KB |
2 |
a79ab95c1589a13f8a4cab612bc71f9f7.com
1.a79ab95c1589a13f8a4cab612bc71f9f7.com — Cisco Umbrella Rank: 27590 |
4 KB |
1 |
commbank.com.au
www.commbank.com.au — Cisco Umbrella Rank: 394373 |
114 KB |
12 | 5 |
Domain | Requested by | |
---|---|---|
4 | nanaimonails.com |
nanaimonails.com
|
2 | 1.c81358859121583b7adf2ace89cb39f44.com |
www.commbank.com.au
1.c81358859121583b7adf2ace89cb39f44.com |
2 | 1.b406929acabac9b095f124c81bdfcf57f.com |
www.commbank.com.au
1.b406929acabac9b095f124c81bdfcf57f.com |
2 | 1.a79ab95c1589a13f8a4cab612bc71f9f7.com |
www.commbank.com.au
1.a79ab95c1589a13f8a4cab612bc71f9f7.com |
1 | www.commbank.com.au |
nanaimonails.com
|
12 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cpanel.nanaimonails.com R3 |
2023-03-30 - 2023-06-28 |
3 months | crt.sh |
www.commbank.com.au Entrust Certification Authority - L1M |
2022-03-29 - 2023-04-28 |
a year | crt.sh |
*.a79ab95c1589a13f8a4cab612bc71f9f7.com Sectigo RSA Domain Validation Secure Server CA |
2022-04-04 - 2023-04-04 |
a year | crt.sh |
*.b406929acabac9b095f124c81bdfcf57f.com Sectigo RSA Domain Validation Secure Server CA |
2022-04-06 - 2023-04-07 |
a year | crt.sh |
*.c81358859121583b7adf2ace89cb39f44.com Sectigo RSA Domain Validation Secure Server CA |
2022-04-06 - 2023-04-07 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
https://nanaimonails.com/netbank/info.html
Frame ID: 779F961A27DA5E07FC58740FE111061D
Requests: 6 HTTP requests in this frame
Frame:
https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Frame ID: 820D1B85718B208467B98089573976AE
Requests: 2 HTTP requests in this frame
Frame:
https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Frame ID: CCE793D961A04255EAE6A3ACFC4E171B
Requests: 2 HTTP requests in this frame
Frame:
https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Frame ID: 1913F6DEAF4ECC2D9E2A396BC20ADF7B
Requests: 2 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
info.html
nanaimonails.com/netbank/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2a817845.js
www.commbank.com.au/content/dam/netbank/resources/2a817845/ |
605 KB 114 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cba_mainlogo.ac9de6fb5214be84653367c74ba0b5f0.gif
nanaimonails.com/netbank/images/ |
5 KB 5 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
4b86ffd5-dd3f-4120-ab94-66e9d3a9d1e7
https://nanaimonails.com/ |
165 KB 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Gibson-SemiBold-webfont.woff
nanaimonails.com/netbank/useful/ |
13 KB 13 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Gibson-Regular-webfont.woff
nanaimonails.com/netbank/useful/ |
29 KB 29 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain.html
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/ Frame 820D |
221 B 555 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain.html
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/ Frame CCE7 |
221 B 557 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain.html
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/ Frame 1913 |
221 B 556 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain2.12.0.5273.b96c35cc.min.js
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/ Frame 820D |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain2.12.0.5273.b96c35cc.min.js
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/ Frame 1913 |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain2.12.0.5273.b96c35cc.min.js
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/ Frame CCE7 |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Commonwealth Bank (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| cdwpb object| cdApi3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.nanaimonails.com/ | Name: cdContextId Value: 1 |
|
.nanaimonails.com/ | Name: bmuid Value: 1680275689059-0D90F9EB-15DC-4A25-B643-491B9E8E7EA4 |
|
.nanaimonails.com/ | Name: cdSNum Value: 1680275689805-sjn0000371-427a626e-f033-4d55-9c27-ddd7b6fa92b0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
1.a79ab95c1589a13f8a4cab612bc71f9f7.com
1.b406929acabac9b095f124c81bdfcf57f.com
1.c81358859121583b7adf2ace89cb39f44.com
nanaimonails.com
www.commbank.com.au
162.241.114.172
173.223.57.199
2600:9000:20e9:d000:a:6cdf:4440:93a1
2600:9000:20e9:ec00:13:ab57:d440:93a1
2600:9000:21b8:c400:1e:54f1:26c0:93a1
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
25e521f17135f161c1f02f0555af227292ab009967c461380e3135c414f288e6
389ce47140455bb1366a2c1c4c8276f7cce5fe3f9ff9f4c563ddae7492a4e3fa
4620bea7b8db9ffe1747e9c29910d7ea2ec84a7a3c7416e7a8a70e450073d820
62bf9fc196aa1584fd3aca64d97184afa3f5f2774b2a37a56a5f2b0a74b64720
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
9dbd8cbade59eda5d820084b37dc1fd83a2673dc0e5057929ea66916ab0c345d
b53bb4b9e5085690fb4bfbf9e06d9d1b244fbf10458cf6d139e1a89860acba0c