login.bnm.gov.my
Open in
urlscan Pro
203.115.236.169
Malicious Activity!
Public Scan
Submission: On November 28 via api from US — Scanned from US
Summary
TLS certificate: Issued by Entrust Certification Authority - L1K on November 8th 2022. Valid for: a year.
This is the only time login.bnm.gov.my was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
21 | 203.115.236.169 203.115.236.169 | 10204 (ARCNET-NT...) (ARCNET-NTTMSC-MY Arcnet NTT MSC ISP) | |
1 | 2600:141b:1c0... 2600:141b:1c00:682::33e7 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
22 | 3 |
ASN10204 (ARCNET-NTTMSC-MY Arcnet NTT MSC ISP, MY)
login.bnm.gov.my |
ASN20940 (AKAMAI-ASN1, NL)
static2.sharepointonline.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
bnm.gov.my
login.bnm.gov.my |
2 MB |
1 |
sharepointonline.com
static2.sharepointonline.com — Cisco Umbrella Rank: 1790 |
116 KB |
22 | 2 |
Domain | Requested by | |
---|---|---|
21 | login.bnm.gov.my |
login.bnm.gov.my
|
1 | static2.sharepointonline.com |
login.bnm.gov.my
|
22 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
login.bnm.gov.my Entrust Certification Authority - L1K |
2022-11-08 - 2023-12-03 |
a year | crt.sh |
privatecdn.sharepointonline.com DigiCert SHA2 Secure Server CA |
2023-09-05 - 2024-09-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://login.bnm.gov.my/Account/Login?ReturnUrl=SPInitiated%3Fclient_id%3Dhttps%3A%2F%2Fbnmprod.service-now.com%26SAML_id%3DSNCb050271e0d632c95b46962ee34f134fe
Frame ID: D7B84E44F4B7C5CF4B4972DD44C7B03B
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
Sign InDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Login
login.bnm.gov.my/Account/ |
32 KB 34 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
login.bnm.gov.my/css/ |
156 KB 157 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Login.css
login.bnm.gov.my/css/ |
18 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
account_login.css
login.bnm.gov.my/css/ |
32 KB 33 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MFAStylesheet.css
login.bnm.gov.my/css/ |
7 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.6.0.js
login.bnm.gov.my/js/ |
292 KB 293 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
login.bnm.gov.my/js/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MFAScript.js
login.bnm.gov.my/js/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cancel.png
login.bnm.gov.my/images/alerts/ |
250 B 1017 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Singpass-logo.png
login.bnm.gov.my/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fabric.min.css
login.bnm.gov.my/css/ |
434 KB 435 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FluentSystemIcons-Regular.css
login.bnm.gov.my/css/ |
209 KB 210 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
10 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cancel.png
login.bnm.gov.my/images/alerts/ |
250 B 1017 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.svg
login.bnm.gov.my/images/background/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fabricmdl2icons-2.68.woff2
static2.sharepointonline.com/files/fabric/assets/icons/ |
115 KB 116 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FluentSystemIcons-Regular.ttf
login.bnm.gov.my/Fluent-Font/ |
717 KB 718 KB |
Font
application/x-font-ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FooterData
login.bnm.gov.my/_Layout/ |
1 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_Layout
login.bnm.gov.my/ |
3 KB 4 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
globalLanguageLoad
login.bnm.gov.my/_Layout/ |
1 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
InfoIcon.svg
login.bnm.gov.my/images/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
CloseIcon.svg
login.bnm.gov.my/images/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.jpg
login.bnm.gov.my/images/Background/ |
82 KB 82 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery function| ShowMFA function| HideMFA function| receiveMessage function| hideLoader string| appThemeColor string| appButtonThemeColor string| appLinktextThemeColor string| borderTop string| backgroundcolor string| bordercolor undefined| color function| loadSingpassQrCode function| checkforSingpassLogin function| closeSingpasslogin function| toggleSection function| loadGlobalLanguages function| CloseannocementDiv3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
login.bnm.gov.my/ | Name: ReturnURL Value: SPInitiated%3Fclient_id%3Dhttps%3A%2F%2Fbnmprod.service-now.com%26SAML_id%3DSNCb050271e0d632c95b46962ee34f134fe |
|
login.bnm.gov.my/ | Name: .AspNetCore.Antiforgery.0bZsA4U5JO8 Value: CfDJ8NK1z3LBjwhAgv5oWRQbQFAvdHMIaqBszC9tudkcQrwXYqmQnYNSRnc6V2JaicH_bUHm2TWLA_TukXNOssrY58ZurWuMwUnvRZ62vccSxRgQZ-3KNAK726bnwVmLuOMX8DLNsgY34UUuI2SmnI4dyuE |
|
login.bnm.gov.my/ | Name: TS01e6b05a Value: 012be42521bd4c4419a4777e6e6d7052f618326dfec853e836afc5c7362a5468b5f23cce8920066d68af4e231dd0ff5cbcca20b9f2d0c623706ba7d193ea6df23833fcb66df5640070518d9547e0bd7f041ffe6dcaa0e92817eb2723a30d55ec28b3b54e66 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | img-src '* 'self' data: https:' default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN DENY |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.bnm.gov.my
static2.sharepointonline.com
203.115.236.169
2600:141b:1c00:682::33e7
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
149bec6823ed5f308290d30690e8e3147f9aa35fb400e477b3ac10dab08dc095
15ddd944792c0a8f51ec51214352bae44a3d3188d1babefd378b050d1ab7ea2f
18e9019fa46664172211701701bb181f0e037ffcf36bc871bfacc409b8f5103f
239c5f82736a4f7340f88016adaf285f40c49f2f9be571f02064bd65fd6af158
24884b602c62d44f34fd2c99268fed28b494606036266e89bc9bc1994f1c7989
29223fdf1c42ac27b10aea5dcd02513f507a22a83ed8d03e5f6bb7f1c41daaaf
31268c5e83a3d6528dfc18561208e25f45f168b37d23c5f06804dfa680f34fef
4bfb856ee6001372783b0e287035a3435eb6f8abecb40671b0c6a98b07f0f6b0
61154e7db9cf253c748a7e4926f59beb02837de30185e2d657a4ca29c5e55684
6e78f3e1a9eda733662a26f5ad3e3f20247cd5c7abd37894066e3f61b558b92b
741fbdb443459d82b68d259eace09280946912871056581d9f5d73e055144510
7d58bbdbda9bf785d1edd79a97187a75e8e818a9b49ba0842c91982360d34064
81bd9c6953694abf461e6f47173b09535424d58f3764515d2d1a9f409594559a
b0876e1416c20b9767cd81afab01dcfa2c6b17b1c89a045c01c6ae9d6e3e6675
bdbd4c1bb636ecb132f33f6afce36a052875c378bbbfda57c736901bbdb8cef2
d32753a8f2fbf579df840cc24699bd3439c7c00d1ae1cc5d1222f3733ed92732
d9c89feb07a2583e27ce1ecd9eb89271f88d1a6a87982abe6cd2e9e9905868da
df095c75d1648801e90ae47be8625fdebe43ab1534542221d6a7e005d2ee1a2b
f2532cb8aab616fd3cbf115501536fcdbce309f6c5a90ff28731376f94303ec1
f4833ed01479225967ddc0c0b0f9ee7971a845553dfc94feb2b2449b9d476dfe