nab.verify-login.info
Open in
urlscan Pro
52.187.206.86
Malicious Activity!
Public Scan
Summary
This is the only time nab.verify-login.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NAB Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 52.187.206.86 52.187.206.86 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
1 | 104.103.219.56 104.103.219.56 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 | 34.241.198.89 34.241.198.89 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
2 | 66.117.29.227 66.117.29.227 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
1 2 | 66.117.29.225 66.117.29.225 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
13 | 6 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
nab.verify-login.info |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-103-219-56.deploy.static.akamaitechnologies.com
ib.nab.com.au |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-241-198-89.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN15224 (OMNITURE - Adobe Systems Inc., US)
westpacbankinggroup.sc.omtrdc.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
verify-login.info
nab.verify-login.info |
2 MB |
2 |
westpac.com.au
1 redirects
metrics.westpac.com.au |
3 KB |
2 |
omtrdc.net
westpacbankinggroup.sc.omtrdc.net |
1 KB |
1 |
demdex.net
dpm.demdex.net |
968 B |
1 |
nab.com.au
ib.nab.com.au banking.nab.com.au Failed |
2 KB |
13 | 5 |
Domain | Requested by | |
---|---|---|
7 | nab.verify-login.info |
nab.verify-login.info
|
2 | metrics.westpac.com.au | 1 redirects |
2 | westpacbankinggroup.sc.omtrdc.net |
nab.verify-login.info
|
1 | dpm.demdex.net |
nab.verify-login.info
|
1 | ib.nab.com.au |
nab.verify-login.info
|
0 | banking.nab.com.au Failed |
nab.verify-login.info
|
13 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
banking.nab.com.au |
www.nab.com.au |
Subject Issuer | Validity | Valid | |
---|---|---|---|
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh | |
ib.nab.com.au Entrust Certification Authority - L1M |
2018-01-11 - 2020-01-11 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://nab.verify-login.info/
Frame ID: 4D2ED0E97ECCB32EA57F33CFFF4B9158
Requests: 13 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- headers server /php\/?([\d.]+)?/i
Windows Server (Operating Systems) Expand
Detected patterns
- headers server /Win32|Win64/i
OpenSSL (Web Server Extensions) Expand
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
8 Outgoing links
These are links going to different origins than the main page.
Title: Register
Search URL Search Domain Scan URL
Title: Our website
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Sign in again
Search URL Search Domain Scan URL
Title: Forgot your customer ID?
Search URL Search Domain Scan URL
Title: Customer ID
Search URL Search Domain Scan URL
Title: Sign out
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 10- http://metrics.westpac.com.au/b/ss/westpac-mob-dev/1/H.27.5/s128842726705?AQB=1&ndh=1&t=18%2F5%2F2019%204%3A24%3A50%202%200&ts=1560831891&fid=787E8F885B4FE5E2-3DFF43FE7A2DCBA7&ce=UTF-8&ns=westpac&cdp=3&pageName=%28not%20set%29%3A%28not%20set%29%3Alogin%3Aolb%3Aenter%20your%20customer%20id&g=http%3A%2F%2Fnab.verify-login.info%2F&c.&pageDetails=%7B%22formName%22%3A%22olb%22%2C%22autoImpr%22%3A%22TRUE%22%2C%22pageStep%22%3A%22start%22%2C%22src%22%3A%2220190220-mob%22%2C%22pageName%22%3A%22enter%20your%20customer%20id%22%2C%22pageType%22%3A%22login%22%2C%22siteVersion%22%3A%221.192.758.0%22%2C%22experience%22%3A%22titan%22%2C%22pageKey%22%3A%22login%22%2C%22_nameKey%22%3A%22logintitanolb0enter%20your%20customer%20idlogin000%22%7D&.c&cc=AUD&ch=D%3Dv7&server=nab.verify-login.info&events=event1%2Cevent50%3D11934%2Cevent55%2Cevent6&c1=D%3Dv1&v1=%28not%20set%29%3A%28not%20set%29&c2=D%3Dv2&v2=%28not%20set%29%3A%28not%20set%29%3Alogin&c3=D%3Dv3&v3=%28not%20set%29%3A%28not%20set%29%3Alogin%3Aolb&c4=D%3DpageName&v4=D%3DpageName&c5=D%3DpageName&v5=D%3DpageName&c6=D%3Dv6&v6=%28not%20set%29&c7=login&v7=mob&v8=1%20%28ext.%29&c10=D%3Dv10&v10=Tue%2004%3A00&c13=%28not%20set%29%3A20190220-mob%3Alogin&c18=D%3DpageName&v21=D%3DpageName&c23=D%3Dv23&v23=%28not%20set%29%3A%28not%20set%29%3Alogin%3Aolb&c25=D%3Ds_vi&v25=D%3Ds_vi&c26=D%3Dg&v26=D%3DReferer%2B%22%22&v29=First%20Visit%20%28ext.%29&c34=D%3Ds_wbc-gi&v34=D%3Ds_wbc-gi&c35=D%3Ds_wbc-ti&v35=D%3Ds_wbc-ti&c36=D%3Dv36&v36=Aware%20%28ext.%29&c39=D%3D%22H.27.5%2020170510%20prd%20%22%2BHost&c40=public&c43=D%3Dv43&v43=t%3A0%7Cr%3A0%7Cs%3A10%2B&c47=D%3Ds_wbc-pi&v47=D%3Ds_wbc-pi&c48=D%3Ds_wbc-ses&v48=D%3Ds_wbc-ses&c52=D%3Dv52&v52=%28not%20set%29%3A1.192.758.0&c63=en&h1=D%3DpageName&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
- http://metrics.westpac.com.au/b/ss/westpac-mob-dev/1/H.27.5/s128842726705?AQB=1&pccr=true&vidn=2E8433C98530956C-4000030080038375&&ndh=1&t=18%2F5%2F2019%204%3A24%3A50%202%200&ts=1560831891&fid=787E8F885B4FE5E2-3DFF43FE7A2DCBA7&ce=UTF-8&ns=westpac&cdp=3&pageName=%28not%20set%29%3A%28not%20set%29%3Alogin%3Aolb%3Aenter%20your%20customer%20id&g=http%3A%2F%2Fnab.verify-login.info%2F&c.&pageDetails=%7B%22formName%22%3A%22olb%22%2C%22autoImpr%22%3A%22TRUE%22%2C%22pageStep%22%3A%22start%22%2C%22src%22%3A%2220190220-mob%22%2C%22pageName%22%3A%22enter%20your%20customer%20id%22%2C%22pageType%22%3A%22login%22%2C%22siteVersion%22%3A%221.192.758.0%22%2C%22experience%22%3A%22titan%22%2C%22pageKey%22%3A%22login%22%2C%22_nameKey%22%3A%22logintitanolb0enter%20your%20customer%20idlogin000%22%7D&.c&cc=AUD&ch=D%3Dv7&server=nab.verify-login.info&events=event1%2Cevent50%3D11934%2Cevent55%2Cevent6&c1=D%3Dv1&v1=%28not%20set%29%3A%28not%20set%29&c2=D%3Dv2&v2=%28not%20set%29%3A%28not%20set%29%3Alogin&c3=D%3Dv3&v3=%28not%20set%29%3A%28not%20set%29%3Alogin%3Aolb&c4=D%3DpageName&v4=D%3DpageName&c5=D%3DpageName&v5=D%3DpageName&c6=D%3Dv6&v6=%28not%20set%29&c7=login&v7=mob&v8=1%20%28ext.%29&c10=D%3Dv10&v10=Tue%2004%3A00&c13=%28not%20set%29%3A20190220-mob%3Alogin&c18=D%3DpageName&v21=D%3DpageName&c23=D%3Dv23&v23=%28not%20set%29%3A%28not%20set%29%3Alogin%3Aolb&c25=D%3Ds_vi&v25=D%3Ds_vi&c26=D%3Dg&v26=D%3DReferer%2B%22%22&v29=First%20Visit%20%28ext.%29&c34=D%3Ds_wbc-gi&v34=D%3Ds_wbc-gi&c35=D%3Ds_wbc-ti&v35=D%3Ds_wbc-ti&c36=D%3Dv36&v36=Aware%20%28ext.%29&c39=D%3D%22H.27.5%2020170510%20prd%20%22%2BHost&c40=public&c43=D%3Dv43&v43=t%3A0%7Cr%3A0%7Cs%3A10%2B&c47=D%3Ds_wbc-pi&v47=D%3Ds_wbc-pi&c48=D%3Ds_wbc-ses&v48=D%3Ds_wbc-ses&c52=D%3Dv52&v52=%28not%20set%29%3A1.192.758.0&c63=en&h1=D%3DpageName&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
nab.verify-login.info/ |
256 KB 257 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s58928456902727
nab.verify-login.info/mob_files/ |
147 B 431 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
000-0001combined.css.3c94b2b30f7f2d840ec885d1b479dbec34e04ebf.css
nab.verify-login.info/mob_files/ |
432 KB 432 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_legacy.gif
ib.nab.com.au/nabib/images/mobile/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0001combined.js.2670d3847519d4fabac4c047728710e9922a97f6.js
nab.verify-login.info/mob_files/ |
1 MB 1 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vk.js
nab.verify-login.info/mob_files/ |
89 KB 90 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
application.png.c5205ffa50ef5e1dd1c5d4b92ce57a6291cdff82.png
nab.verify-login.info/mob_files/images/ |
664 B 664 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
nab.verify-login.info/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
dpm.demdex.net/ |
212 B 968 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
resources
banking.nab.com.au/wbc/banking/core/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
westpacbankinggroup.sc.omtrdc.net/ |
3 B 484 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s128842726705
metrics.westpac.com.au/b/ss/westpac-mob-dev/1/H.27.5/ Redirect Chain
|
43 B 723 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s14158989459560
westpacbankinggroup.sc.omtrdc.net/b/ss/wbg-banking-dev/10/JS-2.9.0/ |
147 B 818 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- banking.nab.com.au
- URL
- https://banking.nab.com.au/wbc/banking/core/resources?checksum=true&values=true
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NAB Bank (Banking)151 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask boolean| isiPad object| _eid_promises function| TokenSigning object| html object| Fiserv function| requirejs function| require function| define function| dateFormat function| typeOf function| isEmpty object| visitor string| cookieMID object| regexMid string| currentMID object| ctid object| regAuth object| regWbcid string| wbc_id string| wbc_Auth object| util object| digital boolean| pdInSession object| pageDetails string| s3_account object| s3 string| customVisitorID function| s3_doPlugins function| s3_c_rspers function| s3_c_r function| s3_c_w function| AppMeasurement_Module_AudienceManagement function| AppMeasurement function| s3_gi function| s3_pgicq object| s_accts string| s_account object| s function| s_doPlugins string| s_code number| s_objectID function| s_gi function| s_giqf object| w_live boolean| isMid boolean| isSvi boolean| isMobileView function| Hashtable function| startsWith function| DomDataCollection function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| Timer function| randrange function| detectIE function| getRandomPort object| ProxyCollector function| BlackberryLocationCollector function| detectFields string| SEP string| PAIR string| DEV function| FingerPrint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| post_fingerprints function| add_deviceprint function| form_add_data function| form_add_deviceprint string| HTML5 string| BLACKBERRY string| UNDEFINED string| GEO_LOCATION_DEFAULT_STRUCT object| geoLocator boolean| geoLocatorStatus function| detectDeviceCollectionAPIMode function| init function| startCollection function| stopCollection function| getGeolocationStruct function| HTML5LocationCollector object| TimestampCollector object| UIEventCollector function| UIEvent function| InteractionElement function| UIElementList function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| convertTimestampToGMT function| getTimestampInMillis function| debug function| $ function| jQuery object| html5 object| Modernizr object| amplify object| ko function| moment function| _ function| Sammy object| platform object| overthrow function| Visitor object| s_c_il number| s_c_in function| DIL number| s_giq string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| jsErrors function| forceIE89Synchronicity object| SIG_EXT function| nativeBack object| config undefined| preLoadedChecksum string| dcPageName object| s_i_3_westpac string| nativeAppVersion string| voyagerLoadBalancerID string| nativeMid string| pdPreImprs string| pdPageType string| pdPageStep string| pdChannel string| pdBranchLocationCode string| pdCalculatorName string| pdCalculatorType string| pdBtAdviserID string| pdPanoramaID string| pdAddEvents string| pageNameDynamicVariable string| eventSerialisationKey string| wbcfromQuerystring string| wbcSearchType string| f0 object| s_i_wbg-banking-dev number| lastPixelLength0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
banking.nab.com.au
dpm.demdex.net
ib.nab.com.au
metrics.westpac.com.au
nab.verify-login.info
westpacbankinggroup.sc.omtrdc.net
banking.nab.com.au
104.103.219.56
34.241.198.89
52.187.206.86
66.117.29.225
66.117.29.227
1e041a171bec85c9a1b028585a3f2c10a7e418186b935e66d14b249741a41d50
2b78dc76dbcfc281862f67e012487c9217f91442c20361077e15e0e2850b65c2
35cf02af1fa5ce5c1dc50e92a87355f86b855c34fd7a0f56e4a8418900f542d4
36637ff7d1dca4d9d8e16c56eee714f6f06e324e04464cd99749e59d56c92a4d
40bd92e5e68b339187e4d51826b59fb033a8a308c7ab1aca0b5ba46e0a294c2c
4c4f5204c875a72e561570b5abaff99e334c9762468c37ca030ea2dd3bbebf10
6ce5e2de0bd2c074576aca301c24206fc45265659185421ad1da84e466aea181
80a3f54f9f948372ba8345d4243366f4e6fc452715474df983213d905f402fb1
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d21b6c8fd9e038c669f8686839378a9b5f2e144b10bdd9878c95b4e502a15315
d9ff719c8d989237db83812b4a654740042556e6a4bc38fd3ed9c98b75ed2be6