![](/screenshots/532f7402-3d45-4473-b941-febdedb975e1.png)
emiratesnbdbankonline.com
Open in
urlscan Pro
185.193.125.129
Malicious Activity!
Public Scan
Submission: On December 23 via api from DE
Summary
This is the only time emiratesnbdbankonline.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Emirates NBD (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 185.193.125.129 185.193.125.129 | 37560 (CYBERDYNE) (CYBERDYNE) | |
3 | 2606:4700::68... 2606:4700::6811:4104 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
12 | 2606:4700:30:... 2606:4700:30::681b:b24b | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
16 | 4 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.mybitlys.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
mybitlys.com
cdn.mybitlys.com |
2 MB |
3 |
cloudflare.com
cdnjs.cloudflare.com |
49 KB |
1 |
emiratesnbdbankonline.com
emiratesnbdbankonline.com |
4 KB |
16 | 3 |
Domain | Requested by | |
---|---|---|
12 | cdn.mybitlys.com |
emiratesnbdbankonline.com
|
3 | cdnjs.cloudflare.com |
emiratesnbdbankonline.com
|
1 | emiratesnbdbankonline.com | |
16 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
itunes.apple.com |
play.google.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-12-05 - 2020-06-12 |
6 months | crt.sh |
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-10-17 - 2020-10-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://emiratesnbdbankonline.com/
Frame ID: F73F3B65B7E384C231B7A84F7EE2ECB8
Requests: 18 HTTP requests in this frame
Screenshot
![](/screenshots/532f7402-3d45-4473-b941-febdedb975e1.png)
Detected technologies
![](/vendor/wappa/icons/Ubuntu.png)
Detected patterns
- headers server /Ubuntu/i
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
![](/vendor/wappa/icons/Select2.png)
Detected patterns
- script /select2(?:\.min|\.full)?\.js/i
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
- script /select2(?:\.min|\.full)?\.js/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
emiratesnbdbankonline.com/ |
5 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/ |
85 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
select2.min.css
cdnjs.cloudflare.com/ajax/libs/select2/4.0.3/css/ |
15 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.css
cdn.mybitlys.com/ |
941 KB 124 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
select2.min.js
cdnjs.cloudflare.com/ajax/libs/select2/4.0.3/js/ |
65 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
cdn.mybitlys.com/ |
1 MB 318 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg-login5.jpg
cdn.mybitlys.com/assets/ |
371 KB 372 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-new.png
cdn.mybitlys.com/assets/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qr-code-login.png
cdn.mybitlys.com/assets/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lock.png
cdn.mybitlys.com/assets/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
715 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
apple-store.png
cdn.mybitlys.com/assets/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
google-play.png
cdn.mybitlys.com/assets/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Frutiger_LT_45_Light.woff2
cdn.mybitlys.com/assets/ |
38 KB 39 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
emirates-nbd-icons.ttf
cdn.mybitlys.com/assets/ |
110 KB 110 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
roboto-light-webfont.woff2
cdn.mybitlys.com/assets/ |
83 KB 83 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
small.webm
cdn.mybitlys.com/assets/ |
1 MB 1 MB |
Media
video/webm |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Emirates NBD (Banking)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery object| Spark function| setImmediate function| clearImmediate function| _ function| axios function| Vue object| Bus function| SparkForm object| __core-js_shared__ function| SparkFormErrors object| core function| IMask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.mybitlys.com
cdnjs.cloudflare.com
emiratesnbdbankonline.com
185.193.125.129
2606:4700:30::681b:b24b
2606:4700::6811:4104
05446fa9f1ec2fb163e2614c64a88cbf654cff3d889e0473c3001f495ecf4491
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1b1e118aa366f9fb3d007b32e059b0ed5220af4b50d7385f99604d3896188c15
34752af917d9f1d7ac5eb45de16a424333c9cfdb2f015c07d2c6673932b4f7d7
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
66e9ff88526d987a06b961efa1ca7de3f26f1e815e69f25adc2c6b892553b409
67863ff1a44c1dec02944b1047eac13db250d07b9a870293cd87a8c731e817dc
6f0c8b7f701d26d1bbda1d4c4d8f5451c7eb168d1ef35baab3fb15ca03c6e217
7696a4376b50c695979739e2dfb2af93f1b6e22212dde81030935642c3c54701
90e1735c7ecc5f4caa93117432b5079781b9c08c7a320d691aac4d345956e37d
9533328bf4df732d69d4fe5a8b3c704d7a8e06d2fe7dfab1b043221db0463104
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9eba7b10bfbf0c1d541888a1da11d806d349fd577ed5ecb57aa747660ae062c4
c493991dfa712d1fee861d41c18152e5f8663807484506a23ae97917f6fbbf7b
d348724ca2124aa563028f2c7d80e44c4f86de7b704a9a967420876c8276b636
e54e066678814f913b8a1de4d926eb95de87aa4f1340e81db95b1b56c3b881e5
f07ea30a9127a816538593c82db2d5c24950413e19a82620048b2295cf8bc0a5
fa659dfc6ebd4b8aad80fa304842c879502fefe16e2fcef55976a89605e7af04