![](/screenshots/04f67147-615e-4851-bd1b-30269f13c90e.png)
login1.emlratesnbd.info
Open in
urlscan Pro
199.79.62.18
Malicious Activity!
Public Scan
Submission: On December 25 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on December 25th 2019. Valid for: 3 months.
This is the only time login1.emlratesnbd.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Emirates NBD (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 199.79.62.18 199.79.62.18 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY - PDR) | |
3 | 2606:4700::68... 2606:4700::6811:4104 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
7 | 23.254.226.99 23.254.226.99 | 54290 (HOSTWINDS) (HOSTWINDS - Hostwinds LLC.) | |
5 | 2606:4700:30:... 2606:4700:30::681b:b34b | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
16 | 5 |
ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US)
PTR: bh-18.webhostbox.net
login1.emlratesnbd.info |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com |
ASN54290 (HOSTWINDS - Hostwinds LLC., US)
PTR: hwsrv-657761.hostwindsdns.com
cdn.genesisapp.info |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.mybitlys.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
genesisapp.info
cdn.genesisapp.info |
3 MB |
5 |
mybitlys.com
cdn.mybitlys.com |
245 KB |
3 |
cloudflare.com
cdnjs.cloudflare.com |
49 KB |
1 |
emlratesnbd.info
login1.emlratesnbd.info |
4 KB |
16 | 4 |
Domain | Requested by | |
---|---|---|
7 | cdn.genesisapp.info |
login1.emlratesnbd.info
|
5 | cdn.mybitlys.com |
login1.emlratesnbd.info
|
3 | cdnjs.cloudflare.com |
login1.emlratesnbd.info
|
1 | login1.emlratesnbd.info | |
16 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
itunes.apple.com |
play.google.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
login1.emlratesnbd.info Let's Encrypt Authority X3 |
2019-12-25 - 2020-03-24 |
3 months | crt.sh |
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-12-05 - 2020-06-12 |
6 months | crt.sh |
cdn.genesisapp.info Let's Encrypt Authority X3 |
2019-12-25 - 2020-03-24 |
3 months | crt.sh |
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-10-17 - 2020-10-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://login1.emlratesnbd.info/
Frame ID: CBD59380F5B86DA18C7E32F8080A3D38
Requests: 18 HTTP requests in this frame
Screenshot
![](/screenshots/04f67147-615e-4851-bd1b-30269f13c90e.png)
Detected technologies
![](/vendor/wappa/icons/OpenSSL.png)
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
![](/vendor/wappa/icons/Select2.png)
Detected patterns
- script /select2(?:\.min|\.full)?\.js/i
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
- script /select2(?:\.min|\.full)?\.js/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
login1.emlratesnbd.info/ |
5 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/ |
85 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
select2.min.css
cdnjs.cloudflare.com/ajax/libs/select2/4.0.3/css/ |
15 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
cdn.genesisapp.info/assets/ |
998 KB 998 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
select2.min.js
cdnjs.cloudflare.com/ajax/libs/select2/4.0.3/js/ |
65 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.js
cdn.genesisapp.info/assets/ |
992 KB 992 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg-login5.jpg
cdn.genesisapp.info/assets/ |
371 KB 372 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-new.png
cdn.genesisapp.info/assets/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qr-code-login.png
cdn.genesisapp.info/assets/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lock.png
cdn.genesisapp.info/assets/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
715 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
apple-store.png
cdn.mybitlys.com/assets/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
google-play.png
cdn.mybitlys.com/assets/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Frutiger_LT_45_Light.woff2
cdn.mybitlys.com/assets/ |
38 KB 39 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
emirates-nbd-icons.ttf
cdn.mybitlys.com/assets/ |
110 KB 110 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
roboto-light-webfont.woff2
cdn.mybitlys.com/assets/ |
83 KB 83 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
small.webm
cdn.genesisapp.info/assets/ |
1 MB 1 MB |
Media
video/webm |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Emirates NBD (Banking)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery object| Spark function| setImmediate function| clearImmediate function| _ function| axios function| Vue object| Bus function| SparkForm function| SparkFormErrors function| IMask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.genesisapp.info
cdn.mybitlys.com
cdnjs.cloudflare.com
login1.emlratesnbd.info
199.79.62.18
23.254.226.99
2606:4700:30::681b:b34b
2606:4700::6811:4104
05446fa9f1ec2fb163e2614c64a88cbf654cff3d889e0473c3001f495ecf4491
1135c8ce088add7f11aba08a53c2005faeba0770d35fec06ed5a8bed542b6794
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1b1e118aa366f9fb3d007b32e059b0ed5220af4b50d7385f99604d3896188c15
302a1c785d38147bf258d6462665936045257a1bed89687a3e2c104b4339d679
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
66e9ff88526d987a06b961efa1ca7de3f26f1e815e69f25adc2c6b892553b409
67863ff1a44c1dec02944b1047eac13db250d07b9a870293cd87a8c731e817dc
6f0c8b7f701d26d1bbda1d4c4d8f5451c7eb168d1ef35baab3fb15ca03c6e217
90e1735c7ecc5f4caa93117432b5079781b9c08c7a320d691aac4d345956e37d
9533328bf4df732d69d4fe5a8b3c704d7a8e06d2fe7dfab1b043221db0463104
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9eba7b10bfbf0c1d541888a1da11d806d349fd577ed5ecb57aa747660ae062c4
c493991dfa712d1fee861d41c18152e5f8663807484506a23ae97917f6fbbf7b
c52ba65ef2d1892d8f14f4903a811401fdc4aa9218c6db86060ad8ffec56e78d
d348724ca2124aa563028f2c7d80e44c4f86de7b704a9a967420876c8276b636
f07ea30a9127a816538593c82db2d5c24950413e19a82620048b2295cf8bc0a5
fa659dfc6ebd4b8aad80fa304842c879502fefe16e2fcef55976a89605e7af04