login1.emiratesnbd.com.sa
Open in
urlscan Pro
185.76.205.155
Malicious Activity!
Public Scan
Effective URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Submission: On December 07 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on December 5th 2019. Valid for: 2 years.
This is the only time login1.emiratesnbd.com.sa was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Emirates NBD (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 185.76.205.154 185.76.205.154 | 201340 (ENBD) (ENBD) | |
9 | 185.76.205.155 185.76.205.155 | 201340 (ENBD) (ENBD) | |
10 | 185.76.207.124 185.76.207.124 | 201340 (ENBD) (ENBD) | |
2 | 52.222.214.123 52.222.214.123 | 16509 (AMAZON-02) (AMAZON-02) | |
21 | 3 |
ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-123.fra56.r.cloudfront.net
cdn.appdynamics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
emiratesnbd.com
obcdn.emiratesnbd.com |
1 MB |
10 |
emiratesnbd.com.sa
1 redirects
login.emiratesnbd.com.sa login1.emiratesnbd.com.sa |
423 KB |
2 |
appdynamics.com
cdn.appdynamics.com |
35 KB |
21 | 3 |
Domain | Requested by | |
---|---|---|
10 | obcdn.emiratesnbd.com |
login1.emiratesnbd.com.sa
obcdn.emiratesnbd.com |
9 | login1.emiratesnbd.com.sa |
login1.emiratesnbd.com.sa
cdn.appdynamics.com |
2 | cdn.appdynamics.com |
login1.emiratesnbd.com.sa
cdn.appdynamics.com |
1 | login.emiratesnbd.com.sa | 1 redirects |
21 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
login.emiratesnbd.com.sa DigiCert SHA2 Extended Validation Server CA |
2019-12-05 - 2021-12-09 |
2 years | crt.sh |
obcdn.emiratesnbd.com DigiCert SHA2 Secure Server CA |
2020-01-22 - 2022-01-26 |
2 years | crt.sh |
*.appdynamics.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-06-21 - 2022-07-22 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Frame ID: E8576495EAA07E02EC69C1EF0EDC0191
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
Emirates NBDPage URL History Show full URLs
-
https://login.emiratesnbd.com.sa/
HTTP 302
https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://login.emiratesnbd.com.sa/
HTTP 302
https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
banknet.jsf
login1.emiratesnbd.com.sa/obweb/common/ Redirect Chain
|
22 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
primefaces.css.jsf
login1.emiratesnbd.com.sa/obweb/javax.faces.resource/ |
69 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js.jsf
login1.emiratesnbd.com.sa/obweb/javax.faces.resource/jquery/ |
105 KB 48 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
primefaces.js.jsf
login1.emiratesnbd.com.sa/obweb/javax.faces.resource/ |
342 KB 111 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-plugins.js.jsf
login1.emiratesnbd.com.sa/obweb/javax.faces.resource/jquery/ |
237 KB 87 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ksa-all-min.js
obcdn.emiratesnbd.com/ksaobresources/resources/js/ |
2 MB 451 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ksa-all-min.css
obcdn.emiratesnbd.com/ksaobresources/resources/css/ |
2 MB 294 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg-login5.jpg
login1.emiratesnbd.com.sa/obweb/resources/img/ |
126 KB 127 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-new.png
obcdn.emiratesnbd.com/ksaobresources/resources/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
flag-sa.png
login1.emiratesnbd.com.sa/obweb/resources/img/flags/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
customerservicenum.png
obcdn.emiratesnbd.com/ksaobresources/resources/img/ |
49 KB 50 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
contactusaddress.png
obcdn.emiratesnbd.com/ksaobresources/resources/img/ |
57 KB 57 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adrum-4.3.1.0.js
cdn.appdynamics.com/adrum/ |
43 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Frutiger%20LT%2045%20Light.woff2
obcdn.emiratesnbd.com/ksaobresources/resources/fonts/frutiger/ |
38 KB 40 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
emirates-nbd-icons.ttf
obcdn.emiratesnbd.com/ksaobresources/resources/fonts/icons/ |
110 KB 111 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
050898914_main_xxl.mp4
obcdn.emiratesnbd.com/ksaobresources/resources/videos/ |
55 KB 0 |
Media
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
enbd-en.json
login1.emiratesnbd.com.sa/obweb/resources/js/i18n/ |
2 KB 1 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
050898914_main_xxl.mp4
obcdn.emiratesnbd.com/ksaobresources/resources/videos/ |
28 KB 29 KB |
Media
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
050898914_main_xxl.mp4
obcdn.emiratesnbd.com/ksaobresources/resources/videos/ |
967 KB 0 |
Media
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adrum-ext.4d2b0f335973eea91d9eb690f40ef388.js
cdn.appdynamics.com/ |
47 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
adrum
login1.emiratesnbd.com.sa/eumcollector/beacons/browser/v1/APPDYNAMICKEY/ |
4 KB 4 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Emirates NBD (Banking)108 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery function| PF object| PrimeFaces function| Class function| autosize function| _createClass function| _classCallCheck function| DateFormatter object| AB_MAPPING object| app function| clickCommandLink function| opendialog function| closedialog function| openUrlInNewWindow function| closeimageuploaddialog function| closefileuploaddialog function| invokeHeartBeat function| openVideoBanking function| openFacebookAuthUrl function| openAuthCodeDialog function| manualacctoggle function| manualacctoggleUp function| handleRedirectRequestFindBank function| isDigitCheck function| isNumber function| isNumberwithoutspecialChar function| closeDialogAfterValidation function| openSecondaryRMConfirmDialog function| onboardingmodeon function| _defineProperty function| sectionUpdate function| handleRedirectRequest function| openSuccessOnReg function| openRegistrationTnCDialog function| handleRedirectRequestFxcardIssuance function| openDisclaimerOnOtpConfirm function| openSuccessDialogOnBenfAddition function| openSiEnbdTransfersDisclaimerOnOtpConfirm function| openSiBenfTermsDialog function| loadPersonalLoanExistingApplDialogue function| doverticalslide function| goToSlide function| changeContainerHeight function| initialCarousel function| resetToDefaults function| openBalanceConfirmTermsDialog function| openBalanceConfirmTermsBankDialog function| handleRedirectSiDeleteDialog function| openPartialTermsDialog function| openPartialTermsBankDialog function| openEarlyTermsDialog function| openEarlyTermsBankDialog function| openbalanceConversionDialog function| openCashAdvanceTermsDialog function| openIppConfirmTermsDialog function| openGoalSuccessFailureDialogue function| openCreateGoalPopupForSbaDialog function| genericTermsAndCondtionDialog function| openLocTermsDialogue function| openGenericDialog function| openpurposecodesdialog function| openInterTermsDialog function| openDrTermsDialog function| openSuccessOnForgetUISecret function| openSuccessOnForgetSec function| validateAndOpenDialogue function| validateAndOpenDialoguePrepaid function| validateAndOpenDialogueForSavingAcct function| validateAndOpenDialogueForEmiratesnbd function| validateAndOpenDialogueForSarie function| validateAndOpenDialogueForGoal function| validateAndOpenDialogueBalanceConfm function| validateAndOpenDialogueForHdfc function| validateAndOpenDialogueForIcici function| validateCardComparison function| changeCard function| imitateClick function| initializesleek function| validateAndOpenDialogueDDS boolean| submitted boolean| mCustomScrollbar object| jQuery111303990496488774036 object| Foundation object| commonJsStrict function| Croppie object| d3 object| angular object| _enbd object| croppie function| moment function| daterangepicker function| wNumb object| FB string| appDynamicsURL string| appDynamicsURLSSL number| adrum-start-time object| adrum-config object| ADRUM string| allowOrigin string| allowMethods function| enbdGlobalConfig object| enbdLocale object| $keyboard3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
login1.emiratesnbd.com.sa/ | Name: JSESSIONID Value: XK-Uh2lPGc2ovlt-ezcjVrkicexfbaqL0m_USz9hmYcPIIYikPC_!-1444385779 |
|
login1.emiratesnbd.com.sa/ | Name: user_session Value: !SUz/VGMI8l22Hj3lF1szDD8gS3Q/h/xajgDzR2otZ2wh2XHC5Q3/vDXQvXz1MD5kdAl9mTujgGCIrMB74sXDym2G1k7mvQ8yDq1hLkphUw== |
|
login1.emiratesnbd.com.sa/ | Name: TS01ad0186 Value: 01cee5184c0d2c0e8d54185faec89608a77785a4cadabef606db45fb091d581e0856a067de450e1f7b7a6602e855220025eda90475dd30f6d8c906e52e9eed2dbe5cdbbf3eff7b860630475e667cfd9580bd37e533 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=16070400; includeSubDomains |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.appdynamics.com
login.emiratesnbd.com.sa
login1.emiratesnbd.com.sa
obcdn.emiratesnbd.com
185.76.205.154
185.76.205.155
185.76.207.124
52.222.214.123
1885a435696a5df4a5c081b1cee47d7c8ef97d947e4aee0060676be590d5c6ef
1b1e118aa366f9fb3d007b32e059b0ed5220af4b50d7385f99604d3896188c15
2ea6af3faccaad66219fd15d3867f865727837c697a0847d8274f82974d8881e
3cf93db48aef224d9465018a95355eef7d5094d5428d09b241c4307d780a7be1
3e89c9518b9f459131bade1463fd2af975259c18e7d1f0d4dfd1c4f975be2ecd
418a3c3ccf5640b99871e373e0068be56ce404a0be05b534462ec8d1f2184751
43deb04a30d8b678b66aea7c0836d7e5e18b69b9dc9f7ec6e685e355f686fcbf
4759a5d99f432558b90cf9a192b3475f177a7d3110cb2baaaf1363e055e2e343
4bc1b7e864d9089db79074a9b3f1cfc68ac8ae380bcee4db96cf61c05c38d5e0
5a882dd4038da8c86759d54965e13957ddba018085c0c9493e403d96321666ce
664ed730d7325f18c3b06290f65505f5d4fcc253b4e157e58f04c89f2b4db34a
7ddd22364f10da63e9cba2cd30a48922ef047406e409ae8d2227e4dfc20be5f2
820e78debe4ede17bccb82aff2ff8ab3eed85a2b3b14936589a29f2045f822cc
9eba7b10bfbf0c1d541888a1da11d806d349fd577ed5ecb57aa747660ae062c4
d348724ca2124aa563028f2c7d80e44c4f86de7b704a9a967420876c8276b636
d44343f10012fcf5af7f68475a3f5e254391e1432244060689c03a4c3d0c2fd1
d8f5afc809477483f18ddd207c1670254a35ee790196e5827283b584225fdb61
eaf66301962bca883485534a09576af92d5d821c441549db550857ea6f472fe6
f1bc97037cdd8c8e53fd0e60fb980cade3a73fbb54ade36379b6ea1109fc6fd4