urlscan.io logo urlscan.io
SecurityTrails logo

login1.emiratesnbd.com.sa Open in urlscan Pro
185.76.205.155  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://login.emiratesnbd.com.sa/
Effective URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Submission: On December 07 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 21 HTTP transactions. The main IP is 185.76.205.155, located in United Arab Emirates and belongs to ENBD, AE. The main domain is login1.emiratesnbd.com.sa.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on December 5th 2019. Valid for: 2 years.
This is the only time login1.emiratesnbd.com.sa was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Emirates NBD (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 185.76.205.154 201340 (ENBD)
9 185.76.205.155 201340 (ENBD)
10 185.76.207.124 201340 (ENBD)
2 52.222.214.123 16509 (AMAZON-02)
21 3
Domain Requested by
10 obcdn.emiratesnbd.com login1.emiratesnbd.com.sa
obcdn.emiratesnbd.com
9 login1.emiratesnbd.com.sa login1.emiratesnbd.com.sa
cdn.appdynamics.com
2 cdn.appdynamics.com login1.emiratesnbd.com.sa
cdn.appdynamics.com
1 login.emiratesnbd.com.sa 1 redirects
21 4

This site contains no links.

Subject Issuer Validity Valid
login.emiratesnbd.com.sa
DigiCert SHA2 Extended Validation Server CA		 2019-12-05 -
2021-12-09		 2 years crt.sh
obcdn.emiratesnbd.com
DigiCert SHA2 Secure Server CA		 2020-01-22 -
2022-01-26		 2 years crt.sh
*.appdynamics.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-06-21 -
2022-07-22		 a year crt.sh

This page contains 1 frames:

Primary Page: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Frame ID: E8576495EAA07E02EC69C1EF0EDC0191
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Emirates NBD

Page URL History Show full URLs

  1. https://login.emiratesnbd.com.sa/ HTTP 302
    https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf Page URL

Page Statistics

21
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

1495 kB
Transfer

6199 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://login.emiratesnbd.com.sa/ HTTP 302
    https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request banknet.jsf
login1.emiratesnbd.com.sa/obweb/common/
Redirect Chain
  • https://login.emiratesnbd.com.sa/
  • https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.205.155 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
820e78debe4ede17bccb82aff2ff8ab3eed85a2b3b14936589a29f2045f822cc
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache,no-store,must-revalidate
Date
Tue, 07 Dec 2021 10:54:02 GMT
Pragma
no-cache
Content-Type
text/html;charset=UTF-8
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Charset
ISO-8859-1,UTF-8;q=0.7,*;q=0.3
X-FRAME-OPTIONS
SAMEORIGIN
Accept-Language
en-US,en;q=0.8,ar-ae;q=0.7
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
7469
Connection
Keep-Alive

Redirect headers

Location
https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Strict-Transport-Security
max-age=16070400
Server
BigIP
Connection
Keep-Alive
Content-Length
0
primefaces.css.jsf
login1.emiratesnbd.com.sa/obweb/javax.faces.resource/ 		69 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login1.emiratesnbd.com.sa/obweb/javax.faces.resource/primefaces.css.jsf?ln=primefaces&v=5.3
Requested by
Host: login1.emiratesnbd.com.sa
URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.205.155 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
1885a435696a5df4a5c081b1cee47d7c8ef97d947e4aee0060676be590d5c6ef
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options Sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 10:54:02 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Sun, 18 Oct 2015 19:28:52 GMT
X-Frame-Options
Sameorigin
Content-Type
text/css
Connection
Keep-Alive
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Length
18893
Expires
Wed, 08 Dec 2021 10:54:02 GMT
jquery.js.jsf
login1.emiratesnbd.com.sa/obweb/javax.faces.resource/jquery/ 		105 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login1.emiratesnbd.com.sa/obweb/javax.faces.resource/jquery/jquery.js.jsf?ln=primefaces&v=5.3
Requested by
Host: login1.emiratesnbd.com.sa
URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.205.155 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
2ea6af3faccaad66219fd15d3867f865727837c697a0847d8274f82974d8881e
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options Sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 10:54:02 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Sun, 18 Oct 2015 19:28:50 GMT
X-Frame-Options
Sameorigin
Content-Type
text/javascript
Connection
Keep-Alive
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Length
49052
Expires
Wed, 08 Dec 2021 10:54:02 GMT
primefaces.js.jsf
login1.emiratesnbd.com.sa/obweb/javax.faces.resource/ 		342 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login1.emiratesnbd.com.sa/obweb/javax.faces.resource/primefaces.js.jsf?ln=primefaces&v=5.3
Requested by
Host: login1.emiratesnbd.com.sa
URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.205.155 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
664ed730d7325f18c3b06290f65505f5d4fcc253b4e157e58f04c89f2b4db34a
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options Sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 10:54:02 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Sun, 18 Oct 2015 19:28:52 GMT
X-Frame-Options
Sameorigin
Content-Type
text/javascript
Connection
Keep-Alive
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Length
113721
Expires
Wed, 08 Dec 2021 10:54:02 GMT
jquery-plugins.js.jsf
login1.emiratesnbd.com.sa/obweb/javax.faces.resource/jquery/ 		237 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login1.emiratesnbd.com.sa/obweb/javax.faces.resource/jquery/jquery-plugins.js.jsf?ln=primefaces&v=5.3
Requested by
Host: login1.emiratesnbd.com.sa
URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.205.155 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
5a882dd4038da8c86759d54965e13957ddba018085c0c9493e403d96321666ce
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options Sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 10:54:02 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Sun, 18 Oct 2015 19:28:50 GMT
X-Frame-Options
Sameorigin
Content-Type
text/javascript
Connection
Keep-Alive
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Length
89061
Expires
Wed, 08 Dec 2021 10:54:02 GMT
ksa-all-min.js
obcdn.emiratesnbd.com/ksaobresources/resources/js/ 		2 MB
451 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://obcdn.emiratesnbd.com/ksaobresources/resources/js/ksa-all-min.js?dt=1637067703089
Requested by
Host: login1.emiratesnbd.com.sa
URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.207.124 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
418a3c3ccf5640b99871e373e0068be56ce404a0be05b534462ec8d1f2184751
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options Sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://login1.emiratesnbd.com.sa/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 10:54:02 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-PROTECTION
1; mode=block
Last-Modified
Thu, 06 Dec 2018 06:39:12 GMT
X-Frame-Options
Sameorigin
Strict-Transport-Security
max-age=16070400; includeSubDomains
Access-Control-Allow-Methods
GET,HEAD
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type, application/pdf
Expires
Wed, 17 Nov 2021 17:51:15 GMT
ksa-all-min.css
obcdn.emiratesnbd.com/ksaobresources/resources/css/ 		2 MB
294 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://obcdn.emiratesnbd.com/ksaobresources/resources/css/ksa-all-min.css?dt=1637067703089
Requested by
Host: login1.emiratesnbd.com.sa
URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.207.124 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
7ddd22364f10da63e9cba2cd30a48922ef047406e409ae8d2227e4dfc20be5f2
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options Sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://login1.emiratesnbd.com.sa/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 10:54:02 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-PROTECTION
1; mode=block
Last-Modified
Thu, 06 Dec 2018 06:39:08 GMT
X-Frame-Options
Sameorigin
Strict-Transport-Security
max-age=16070400; includeSubDomains
Access-Control-Allow-Methods
GET,HEAD
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type, application/pdf
Expires
Wed, 17 Nov 2021 17:51:15 GMT
bg-login5.jpg
login1.emiratesnbd.com.sa/obweb/resources/img/ 		126 KB
127 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login1.emiratesnbd.com.sa/obweb/resources/img/bg-login5.jpg
Requested by
Host: login1.emiratesnbd.com.sa
URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.205.155 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
d8f5afc809477483f18ddd207c1670254a35ee790196e5827283b584225fdb61
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options Sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 10:54:04 GMT
Last-Modified
Wed, 03 Nov 2021 10:43:02 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
X-Frame-Options
Sameorigin
Transfer-Encoding
chunked
Content-Type
image/jpeg
logo-new.png
obcdn.emiratesnbd.com/ksaobresources/resources/img/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://obcdn.emiratesnbd.com/ksaobresources/resources/img/logo-new.png
Requested by
Host: login1.emiratesnbd.com.sa
URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.207.124 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
1b1e118aa366f9fb3d007b32e059b0ed5220af4b50d7385f99604d3896188c15
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options Sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://login1.emiratesnbd.com.sa/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 10:54:04 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 06 Dec 2018 06:39:10 GMT
Connection
keep-alive
X-Frame-Options
Sameorigin
Access-Control-Allow-Methods
GET,HEAD
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type, application/pdf
Content-Length
3960
X-XSS-PROTECTION
1; mode=block
Expires
Wed, 17 Nov 2021 17:51:16 GMT
flag-sa.png
login1.emiratesnbd.com.sa/obweb/resources/img/flags/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login1.emiratesnbd.com.sa/obweb/resources/img/flags/flag-sa.png
Requested by
Host: login1.emiratesnbd.com.sa
URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.205.155 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
3cf93db48aef224d9465018a95355eef7d5094d5428d09b241c4307d780a7be1
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options Sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 10:54:04 GMT
Last-Modified
Wed, 03 Nov 2021 10:43:02 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
X-Frame-Options
Sameorigin
Transfer-Encoding
chunked
Content-Type
image/png
customerservicenum.png
obcdn.emiratesnbd.com/ksaobresources/resources/img/ 		49 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://obcdn.emiratesnbd.com/ksaobresources/resources/img/customerservicenum.png
Requested by
Host: login1.emiratesnbd.com.sa
URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.207.124 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
4bc1b7e864d9089db79074a9b3f1cfc68ac8ae380bcee4db96cf61c05c38d5e0
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options Sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://login1.emiratesnbd.com.sa/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 10:54:04 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 06 Dec 2018 06:39:10 GMT
Connection
keep-alive
X-Frame-Options
Sameorigin
Access-Control-Allow-Methods
GET,HEAD
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type, application/pdf
X-XSS-PROTECTION
1; mode=block
Expires
Wed, 17 Nov 2021 17:51:17 GMT
contactusaddress.png
obcdn.emiratesnbd.com/ksaobresources/resources/img/ 		57 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://obcdn.emiratesnbd.com/ksaobresources/resources/img/contactusaddress.png
Requested by
Host: login1.emiratesnbd.com.sa
URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.207.124 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
eaf66301962bca883485534a09576af92d5d821c441549db550857ea6f472fe6
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options Sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://login1.emiratesnbd.com.sa/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 10:54:04 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 06 Dec 2018 06:39:12 GMT
Connection
keep-alive
X-Frame-Options
Sameorigin
Access-Control-Allow-Methods
GET,HEAD
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type, application/pdf
X-XSS-PROTECTION
1; mode=block
Expires
Wed, 17 Nov 2021 17:51:17 GMT
adrum-4.3.1.0.js
cdn.appdynamics.com/adrum/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.appdynamics.com/adrum/adrum-4.3.1.0.js
Requested by
Host: login1.emiratesnbd.com.sa
URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-123.fra56.r.cloudfront.net
Software
nginx/1.16.1 /
Resource Hash
43deb04a30d8b678b66aea7c0836d7e5e18b69b9dc9f7ec6e685e355f686fcbf

Request headers

Referer
https://login1.emiratesnbd.com.sa/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Fri, 26 Nov 2021 16:18:41 GMT
content-encoding
gzip
age
930924
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Thu, 04 May 2017 00:09:29 GMT
server
nginx/1.16.1
etag
W/"590a7139-ad2e"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
via
1.1 bafba29f1325f15932567e0ae2d444a5.cloudfront.net (CloudFront)
cache-control
public, max-age=2678400, s-max-age=14400
x-amz-cf-pop
FRA56-P3
timing-allow-origin
*
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
Z8zFoJmOn-OqGl0GlrYIFvUDoCqGgxvpmfvtWOSaFVvcxhlXAgxDBg==
Frutiger%20LT%2045%20Light.woff2
obcdn.emiratesnbd.com/ksaobresources/resources/fonts/frutiger/ 		38 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://obcdn.emiratesnbd.com/ksaobresources/resources/fonts/frutiger/Frutiger%20LT%2045%20Light.woff2
Requested by
Host: obcdn.emiratesnbd.com
URL: https://obcdn.emiratesnbd.com/ksaobresources/resources/css/ksa-all-min.css?dt=1637067703089
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.207.124 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
d348724ca2124aa563028f2c7d80e44c4f86de7b704a9a967420876c8276b636
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options Sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://obcdn.emiratesnbd.com/ksaobresources/resources/css/ksa-all-min.css?dt=1637067703089
Origin
https://login1.emiratesnbd.com.sa
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 10:54:04 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 06 Dec 2018 06:39:12 GMT
Connection
keep-alive
X-Frame-Options
Sameorigin
Access-Control-Allow-Methods
GET,HEAD
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type, application/pdf
X-XSS-PROTECTION
1; mode=block
Expires
Wed, 17 Nov 2021 17:51:17 GMT
emirates-nbd-icons.ttf
obcdn.emiratesnbd.com/ksaobresources/resources/fonts/icons/ 		110 KB
111 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://obcdn.emiratesnbd.com/ksaobresources/resources/fonts/icons/emirates-nbd-icons.ttf
Requested by
Host: obcdn.emiratesnbd.com
URL: https://obcdn.emiratesnbd.com/ksaobresources/resources/css/ksa-all-min.css?dt=1637067703089
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.207.124 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
9eba7b10bfbf0c1d541888a1da11d806d349fd577ed5ecb57aa747660ae062c4
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options Sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://obcdn.emiratesnbd.com/ksaobresources/resources/css/ksa-all-min.css?dt=1637067703089
Origin
https://login1.emiratesnbd.com.sa
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 10:54:04 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 06 Dec 2018 06:39:12 GMT
Connection
keep-alive
X-Frame-Options
Sameorigin
Access-Control-Allow-Methods
GET,HEAD
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type, application/pdf
X-XSS-PROTECTION
1; mode=block
Expires
Wed, 17 Nov 2021 17:51:17 GMT
050898914_main_xxl.mp4
obcdn.emiratesnbd.com/ksaobresources/resources/videos/ 		55 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://obcdn.emiratesnbd.com/ksaobresources/resources/videos/050898914_main_xxl.mp4
Requested by
Host: login1.emiratesnbd.com.sa
URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.207.124 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options Sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://login1.emiratesnbd.com.sa/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Range
bytes=0-

Response headers

Date
Tue, 07 Dec 2021 10:54:04 GMT
X-Content-Type-Options
nosniff
Content-Range
bytes 0-1044345/1044346
Connection
keep-alive
Content-Length
1044346
X-XSS-PROTECTION
1; mode=block
Last-Modified
Thu, 06 Dec 2018 06:39:12 GMT
X-Frame-Options
Sameorigin
Strict-Transport-Security
max-age=16070400; includeSubDomains
Access-Control-Allow-Methods
GET,HEAD
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type, application/pdf
Expires
Wed, 17 Nov 2021 17:51:17 GMT
enbd-en.json
login1.emiratesnbd.com.sa/obweb/resources/js/i18n/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://login1.emiratesnbd.com.sa/obweb/resources/js/i18n/enbd-en.json?dt=1637067703089
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-4.3.1.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.205.155 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
f1bc97037cdd8c8e53fd0e60fb980cade3a73fbb54ade36379b6ea1109fc6fd4
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 10:54:04 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Nov 2021 10:43:02 GMT
Vary
Accept-Encoding
Connection
Keep-Alive
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
939
050898914_main_xxl.mp4
obcdn.emiratesnbd.com/ksaobresources/resources/videos/ 		28 KB
29 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://obcdn.emiratesnbd.com/ksaobresources/resources/videos/050898914_main_xxl.mp4
Requested by
Host: login1.emiratesnbd.com.sa
URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.207.124 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
4759a5d99f432558b90cf9a192b3475f177a7d3110cb2baaaf1363e055e2e343
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options Sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://login1.emiratesnbd.com.sa/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Range
bytes=1015808-

Response headers

Date
Tue, 07 Dec 2021 10:54:04 GMT
X-Content-Type-Options
nosniff
Content-Range
bytes 1015808-1044345/1044346
Connection
keep-alive
Content-Length
28538
X-XSS-PROTECTION
1; mode=block
Last-Modified
Thu, 06 Dec 2018 06:39:12 GMT
X-Frame-Options
Sameorigin
Strict-Transport-Security
max-age=16070400; includeSubDomains
Access-Control-Allow-Methods
GET,HEAD
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type, application/pdf
Expires
Wed, 17 Nov 2021 17:51:17 GMT
050898914_main_xxl.mp4
obcdn.emiratesnbd.com/ksaobresources/resources/videos/ 		967 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://obcdn.emiratesnbd.com/ksaobresources/resources/videos/050898914_main_xxl.mp4
Requested by
Host: login1.emiratesnbd.com.sa
URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.207.124 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options Sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://login1.emiratesnbd.com.sa/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Range
bytes=32768-

Response headers

Date
Tue, 07 Dec 2021 10:54:04 GMT
X-Content-Type-Options
nosniff
Content-Range
bytes 32768-1044345/1044346
Connection
keep-alive
Content-Length
1011578
X-XSS-PROTECTION
1; mode=block
Last-Modified
Thu, 06 Dec 2018 06:39:12 GMT
X-Frame-Options
Sameorigin
Strict-Transport-Security
max-age=16070400; includeSubDomains
Access-Control-Allow-Methods
GET,HEAD
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type, application/pdf
Expires
Wed, 17 Nov 2021 17:51:17 GMT
adrum-ext.4d2b0f335973eea91d9eb690f40ef388.js
cdn.appdynamics.com/ 		47 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.appdynamics.com/adrum-ext.4d2b0f335973eea91d9eb690f40ef388.js
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-4.3.1.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-123.fra56.r.cloudfront.net
Software
nginx/1.16.1 /
Resource Hash
3e89c9518b9f459131bade1463fd2af975259c18e7d1f0d4dfd1c4f975be2ecd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://login1.emiratesnbd.com.sa/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 18:45:37 GMT
content-encoding
gzip
age
1526908
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Wed, 28 Jun 2017 03:32:05 GMT
server
nginx/1.16.1
etag
W/"59532335-ba2d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
via
1.1 bafba29f1325f15932567e0ae2d444a5.cloudfront.net (CloudFront)
cache-control
public, max-age=2678400, s-max-age=14400
x-amz-cf-pop
FRA56-P3
timing-allow-origin
*
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
TKLAJI_tLILI6uaXCPktBe2iZoMcxrwuGCL5teUcPGCip8agr5Va0A==
adrum
login1.emiratesnbd.com.sa/eumcollector/beacons/browser/v1/APPDYNAMICKEY/ 		4 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://login1.emiratesnbd.com.sa/eumcollector/beacons/browser/v1/APPDYNAMICKEY/adrum
Requested by
Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum-ext.4d2b0f335973eea91d9eb690f40ef388.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.76.205.155 , United Arab Emirates, ASN201340 (ENBD, AE),
Reverse DNS
Software
/
Resource Hash
d44343f10012fcf5af7f68475a3f5e254391e1432244060689c03a4c3d0c2fd1
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

Referer
https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
text/plain

Response headers

Pragma
no-cache
Strict-Transport-Security
max-age=16070400; includeSubDomains
Cache-Control
no-cache
Connection
close
Content-Length
3743
Content-Type
text/html; charset=utf-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Emirates NBD (Banking)

108 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery function| PF object| PrimeFaces function| Class function| autosize function| _createClass function| _classCallCheck function| DateFormatter object| AB_MAPPING object| app function| clickCommandLink function| opendialog function| closedialog function| openUrlInNewWindow function| closeimageuploaddialog function| closefileuploaddialog function| invokeHeartBeat function| openVideoBanking function| openFacebookAuthUrl function| openAuthCodeDialog function| manualacctoggle function| manualacctoggleUp function| handleRedirectRequestFindBank function| isDigitCheck function| isNumber function| isNumberwithoutspecialChar function| closeDialogAfterValidation function| openSecondaryRMConfirmDialog function| onboardingmodeon function| _defineProperty function| sectionUpdate function| handleRedirectRequest function| openSuccessOnReg function| openRegistrationTnCDialog function| handleRedirectRequestFxcardIssuance function| openDisclaimerOnOtpConfirm function| openSuccessDialogOnBenfAddition function| openSiEnbdTransfersDisclaimerOnOtpConfirm function| openSiBenfTermsDialog function| loadPersonalLoanExistingApplDialogue function| doverticalslide function| goToSlide function| changeContainerHeight function| initialCarousel function| resetToDefaults function| openBalanceConfirmTermsDialog function| openBalanceConfirmTermsBankDialog function| handleRedirectSiDeleteDialog function| openPartialTermsDialog function| openPartialTermsBankDialog function| openEarlyTermsDialog function| openEarlyTermsBankDialog function| openbalanceConversionDialog function| openCashAdvanceTermsDialog function| openIppConfirmTermsDialog function| openGoalSuccessFailureDialogue function| openCreateGoalPopupForSbaDialog function| genericTermsAndCondtionDialog function| openLocTermsDialogue function| openGenericDialog function| openpurposecodesdialog function| openInterTermsDialog function| openDrTermsDialog function| openSuccessOnForgetUISecret function| openSuccessOnForgetSec function| validateAndOpenDialogue function| validateAndOpenDialoguePrepaid function| validateAndOpenDialogueForSavingAcct function| validateAndOpenDialogueForEmiratesnbd function| validateAndOpenDialogueForSarie function| validateAndOpenDialogueForGoal function| validateAndOpenDialogueBalanceConfm function| validateAndOpenDialogueForHdfc function| validateAndOpenDialogueForIcici function| validateCardComparison function| changeCard function| imitateClick function| initializesleek function| validateAndOpenDialogueDDS boolean| submitted boolean| mCustomScrollbar object| jQuery111303990496488774036 object| Foundation object| commonJsStrict function| Croppie object| d3 object| angular object| _enbd object| croppie function| moment function| daterangepicker function| wNumb object| FB string| appDynamicsURL string| appDynamicsURLSSL number| adrum-start-time object| adrum-config object| ADRUM string| allowOrigin string| allowMethods function| enbdGlobalConfig object| enbdLocale object| $keyboard

3 Cookies

Domain/Path Name / Value
login1.emiratesnbd.com.sa/ Name: JSESSIONID
Value: XK-Uh2lPGc2ovlt-ezcjVrkicexfbaqL0m_USz9hmYcPIIYikPC_!-1444385779
login1.emiratesnbd.com.sa/ Name: user_session
Value: !SUz/VGMI8l22Hj3lF1szDD8gS3Q/h/xajgDzR2otZ2wh2XHC5Q3/vDXQvXz1MD5kdAl9mTujgGCIrMB74sXDym2G1k7mvQ8yDq1hLkphUw==
login1.emiratesnbd.com.sa/ Name: TS01ad0186
Value: 01cee5184c0d2c0e8d54185faec89608a77785a4cadabef606db45fb091d581e0856a067de450e1f7b7a6602e855220025eda90475dd30f6d8c906e52e9eed2dbe5cdbbf3eff7b860630475e667cfd9580bd37e533

2 Console Messages

Source Level URL
Text
javascript warning URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf(Line 41)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.appdynamics.com/adrum/adrum-4.3.1.0.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://login1.emiratesnbd.com.sa/obweb/common/banknet.jsf(Line 41)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.appdynamics.com/adrum/adrum-4.3.1.0.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.appdynamics.com
login.emiratesnbd.com.sa
login1.emiratesnbd.com.sa
obcdn.emiratesnbd.com
185.76.205.154
185.76.205.155
185.76.207.124
52.222.214.123
1885a435696a5df4a5c081b1cee47d7c8ef97d947e4aee0060676be590d5c6ef
1b1e118aa366f9fb3d007b32e059b0ed5220af4b50d7385f99604d3896188c15
2ea6af3faccaad66219fd15d3867f865727837c697a0847d8274f82974d8881e
3cf93db48aef224d9465018a95355eef7d5094d5428d09b241c4307d780a7be1
3e89c9518b9f459131bade1463fd2af975259c18e7d1f0d4dfd1c4f975be2ecd
418a3c3ccf5640b99871e373e0068be56ce404a0be05b534462ec8d1f2184751
43deb04a30d8b678b66aea7c0836d7e5e18b69b9dc9f7ec6e685e355f686fcbf
4759a5d99f432558b90cf9a192b3475f177a7d3110cb2baaaf1363e055e2e343
4bc1b7e864d9089db79074a9b3f1cfc68ac8ae380bcee4db96cf61c05c38d5e0
5a882dd4038da8c86759d54965e13957ddba018085c0c9493e403d96321666ce
664ed730d7325f18c3b06290f65505f5d4fcc253b4e157e58f04c89f2b4db34a
7ddd22364f10da63e9cba2cd30a48922ef047406e409ae8d2227e4dfc20be5f2
820e78debe4ede17bccb82aff2ff8ab3eed85a2b3b14936589a29f2045f822cc
9eba7b10bfbf0c1d541888a1da11d806d349fd577ed5ecb57aa747660ae062c4
d348724ca2124aa563028f2c7d80e44c4f86de7b704a9a967420876c8276b636
d44343f10012fcf5af7f68475a3f5e254391e1432244060689c03a4c3d0c2fd1
d8f5afc809477483f18ddd207c1670254a35ee790196e5827283b584225fdb61
eaf66301962bca883485534a09576af92d5d821c441549db550857ea6f472fe6
f1bc97037cdd8c8e53fd0e60fb980cade3a73fbb54ade36379b6ea1109fc6fd4