www.nabbsecure.com.au
Open in
urlscan Pro
193.142.59.163
Malicious Activity!
Public Scan
Effective URL: https://www.nabbsecure.com.au/na
Submission: On November 23 via manual from AU — Scanned from AU
Summary
TLS certificate: Issued by R3 on November 22nd 2022. Valid for: 3 months.
This is the only time www.nabbsecure.com.au was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NAB Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 8 | 193.142.59.163 193.142.59.163 | 208046 (COLOCATIO...) (COLOCATIONX-DATACENTER Dedicated Server Provider) | |
1 | 69.16.175.42 69.16.175.42 | 20446 (STACKPATH...) (STACKPATH-CDN) | |
1 | 104.87.106.110 104.87.106.110 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
9 | 4 |
ASN208046 (COLOCATIONX-DATACENTER Dedicated Server Provider, GB)
www.nabbsecure.com.au |
ASN16625 (AKAMAI-AS, US)
PTR: a104-87-106-110.deploy.static.akamaitechnologies.com
nabconnect.nab.com.au |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
nabbsecure.com.au
1 redirects
www.nabbsecure.com.au |
468 KB |
1 |
nab.com.au
nabconnect.nab.com.au |
277 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 677 |
31 KB |
9 | 3 |
Domain | Requested by | |
---|---|---|
8 | www.nabbsecure.com.au |
1 redirects
www.nabbsecure.com.au
code.jquery.com |
1 | nabconnect.nab.com.au |
www.nabbsecure.com.au
|
1 | code.jquery.com |
www.nabbsecure.com.au
|
9 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.nabbsecure.com.au R3 |
2022-11-22 - 2023-02-20 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
prod.nabconnect.nab.com.au Entrust Certification Authority - L1M |
2022-03-21 - 2023-03-22 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.nabbsecure.com.au/na
Frame ID: B53250D9BF6B16883D5D98D3E65813F3
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
Login to NAB ConnectPage URL History Show full URLs
-
https://www.nabbsecure.com.au/
HTTP 302
https://www.nabbsecure.com.au/na Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.nabbsecure.com.au/
HTTP 302
https://www.nabbsecure.com.au/na Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
na
www.nabbsecure.com.au/ Redirect Chain
|
14 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
www.nabbsecure.com.au/assets/na/ |
808 KB 453 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
actions.js
www.nabbsecure.com.au/assets/js/ |
644 B 636 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.svg
www.nabbsecure.com.au/assets/na/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main3.svg
www.nabbsecure.com.au/assets/na/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main2.svg
www.nabbsecure.com.au/assets/na/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-bg.85e775f7.jpg
nabconnect.nab.com.au/static/media/ |
277 KB 277 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
13 KB 13 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 14 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
18 KB 18 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
29 KB 29 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
29 KB 29 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 14 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
29 KB 29 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
action
www.nabbsecure.com.au/apis/lr/ |
25 B 338 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NAB Bank (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery string| lrbank string| lrinfo2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.nabbsecure.com.au/ | Name: PHPSESSID Value: 60ji0s2j3kjpspd7kfq83fk6fc |
|
nabconnect.nab.com.au/ | Name: akacd_nabconnect-prod_nabc_ext_nab_com_au Value: 3846682875~rv=87~id=cf258ceb9d60e03a4e31b5822df64089 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
nabconnect.nab.com.au
www.nabbsecure.com.au
104.87.106.110
193.142.59.163
69.16.175.42
1516e6b886bc6416bfec631059887732b3e34b4109380384a7fe83af0558f739
15435827eb508b00a5a473032738918ece0a1a6baba4f2a8832d9e8b8d886587
3160a5af41fcdd11075c6d9e50c91790151aefd58e4a1416ab5fd9ef230e0033
572e0ebdd6520be130332d2bdc5f19f8daffbc7a3c282b46463fe01703e8ff82
599d93e0748728edc6bd55a82a52bff61196b149d566a67d4ed86d55d9c520aa
7e3dbb4e443fa31a4fee238ac5b5403efbc93561fd782d2fd16fcfe590613ba5
853f501c07636c1cf0ab27ea73f4e5845b495f950ded2b2fcd603d377a8b547c
870bac924afae020eb02ab31761276eeba579f7e433637fbc42bbcc2053fd7a1
895b2a4707f964bde44b6543d155f6dc43ddf4bcff2dc46094789a7e313e07f0
9c4f537a2271f8f77d9470e8f9db9857bcb2802cb7499d4494f584603db9c775
a07b6772c9e702f6f2b7b83e02f76515970eb54aeec4b7b7b00450a3b35594f3
a97d10cefd0d747b1db289932dddd94f0e651b70a60af08de5e254539cb4ddec
c1cbbd152a050ee0dc982af665d16b3508db3942527b4b1d65aff0127244ac9e
db23f96e265a441082c50587b660ba7ee4729cc78e01c887bfa1c00bbf97d045
ea07872aaed934e600a19b6a02dbe59d12b79b1df101a65d365625646db3b273
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e