nab-protection.com Open in urlscan Pro
49.51.137.228 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://nab-protection.com/login/
Submission: On February 07 via automatic, source phishtank (February 7th 2019, 8:59:20 am UTC)

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 20 HTTP transactions. The main IP is 49.51.137.228, located in Beijing, China and belongs to TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN. The main domain is nab-protection.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on February 7th 2019. Valid for: 3 months.

This is the only time nab-protection.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NAB Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
20	49.51.137.228 49.51.137.228		132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
20	1

20 49.51.137.228 (Beijing, China)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

nab-protection.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	nab-protection.com nab-protection.com	132 KB
20	1

	Domain	Requested by
20	nab-protection.com	nab-protection.com
20	1

This site contains no links.

Subject Issuer	Validity	Valid
nab-protection.com Let's Encrypt Authority X3	`2019-02-07` - `2019-05-08`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://nab-protection.com/login/
Frame ID: 7BC71B2FABE8DCED8571FBBDD4A9730F
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+font-awesome(?:\.min)?\.css/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i

Page Statistics

20
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

132 kB
Transfer

226 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
nab-protection.com/login/ 10 KB
3 KB 578ms
539ms Document
text/html 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL

https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx / PHP/7.0.32

Resource Hash

b27f7bb9ffcd9390517e839827e2a690d91c724f06c9fa9f25ea8d445a47bc73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Host: nab-protection.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Server: nginx
Date: Thu, 07 Feb 2019 08:59:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.0.32
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip

GET
H/1.1 200
OK index.css
nab-protection.com/login/ 17 KB
4 KB 297ms
296ms Stylesheet
text/css 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL

https://nab-protection.com/login/index.css

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

060013a92433f5976a8dd7b0e416003a8845e9fb836a68c013a70df049d427af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://nab-protection.com/login/
Connection: keep-alive
Cache-Control: no-cache
Referer: https://nab-protection.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 08:59:04 GMT
Content-Encoding: gzip
Last-Modified: Fri, 24 Aug 2018 19:03:40 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000;

GET
H/1.1 200
OK font-awesome.min.css
nab-protection.com/bower_components/font-awesome/css/ 30 KB
7 KB 675ms
377ms Stylesheet
text/css 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL

https://nab-protection.com/bower_components/font-awesome/css/font-awesome.min.css

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://nab-protection.com/login/
Connection: keep-alive
Cache-Control: no-cache
Referer: https://nab-protection.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 08:59:04 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Jun 2018 20:14:24 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000;

GET
H/1.1 200
OK jquery.min.js Show response
nab-protection.com/bower_components/jquery/dist/ 85 KB
30 KB 948ms
590ms Script
application/javascript 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL

https://nab-protection.com/bower_components/jquery/dist/jquery.min.js

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://nab-protection.com/login/
Connection: keep-alive
Cache-Control: no-cache
Referer: https://nab-protection.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 08:59:04 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Jun 2018 20:14:24 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000;

GET
H/1.1 200
OK logo_nab.png
nab-protection.com/login/ 5 KB
5 KB 570ms
211ms Image
image/png 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nab-protection.com/login/logo_nab.png

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

c8b5c36b604b175f0c6be6b98f40c5b82c05b0a76aadd383a61b0f4fe0b3d264

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://nab-protection.com/login/
Connection: keep-alive
Cache-Control: no-cache
Referer: https://nab-protection.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 08:59:04 GMT
Last-Modified: Thu, 14 Jun 2018 20:14:24 GMT
Server: nginx
ETag: "5b22cca0-134f"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4943

GET
H/1.1 200
OK nab_defence.gif
nab-protection.com/login/ 3 KB
3 KB 570ms
211ms Image
image/gif 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nab-protection.com/login/nab_defence.gif

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

c4d9a3125d8ae44072e64b39bacde45a74d6157c5d8b7e965b9a919739338e84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://nab-protection.com/login/
Connection: keep-alive
Cache-Control: no-cache
Referer: https://nab-protection.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 08:59:04 GMT
Last-Modified: Thu, 14 Jun 2018 20:14:24 GMT
Server: nginx
ETag: "5b22cca0-ab5"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2741

GET
H/1.1 200
OK gr_arrow-1.png
nab-protection.com/login/ 154 B
430 B 456ms
456ms Image
image/png 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nab-protection.com/login/gr_arrow-1.png

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

c7a299c1e3976b682508aeac5138f2f31b289d350e94bbd3ccc4f7570b67dcd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://nab-protection.com/login/index.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://nab-protection.com/login/index.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 08:59:05 GMT
Last-Modified: Thu, 14 Jun 2018 20:14:24 GMT
Server: nginx
ETag: "5b22cca0-9a"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 154

GET
H/1.1 200
OK bg_banner-2.jpg
nab-protection.com/login/ 19 KB
19 KB 300ms
300ms Image
image/jpeg 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nab-protection.com/login/bg_banner-2.jpg

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

04ff4054aedfdc46f0358f8f145717259c3d264f78837b8eb3bdb46024315947

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://nab-protection.com/login/index.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://nab-protection.com/login/index.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 08:59:05 GMT
Last-Modified: Thu, 14 Jun 2018 20:14:24 GMT
Server: nginx
ETag: "5b22cca0-4a28"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18984

GET
H/1.1 200
OK bg_input_user.gif
nab-protection.com/login/ 257 B
534 B 211ms
210ms Image
image/gif 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nab-protection.com/login/bg_input_user.gif

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

4c27e00efc3a284d6406cbe4838292288fd65fb135cb303902e682e7a7a5f473

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://nab-protection.com/login/index.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://nab-protection.com/login/index.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 08:59:04 GMT
Last-Modified: Thu, 14 Jun 2018 20:14:24 GMT
Server: nginx
ETag: "5b22cca0-101"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 257

GET
H/1.1 200
OK ico_sprite_001.gif
nab-protection.com/login/ 2 KB
2 KB 212ms
212ms Image
image/gif 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nab-protection.com/login/ico_sprite_001.gif

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

a0f7466886559e2f009b59c21c80021e45a6b9911f5e25a6e96879c16b269b72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://nab-protection.com/login/index.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://nab-protection.com/login/index.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 08:59:04 GMT
Last-Modified: Thu, 14 Jun 2018 20:14:24 GMT
Server: nginx
ETag: "5b22cca0-6ba"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1722

GET
H/1.1 200
OK img_bg_lg_btn_press.gif
nab-protection.com/login/ 307 B
584 B 211ms
211ms Image
image/gif 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nab-protection.com/login/img_bg_lg_btn_press.gif

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

0be93ba9b93250bde05417c35f0e453cc6ca03b5ad40168b63dd7f419a08a5a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://nab-protection.com/login/index.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://nab-protection.com/login/index.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 08:59:04 GMT
Last-Modified: Thu, 14 Jun 2018 20:14:24 GMT
Server: nginx
ETag: "5b22cca0-133"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 307

GET
H/1.1 200
OK bg_arrow_black.gif
nab-protection.com/login/ 100 B
376 B 665ms
210ms Image
image/gif 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nab-protection.com/login/bg_arrow_black.gif

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

4f48fca9a73368362a7356a8d3fdcc86b40a174b7b83c80b059a9322d0619e47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://nab-protection.com/login/index.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://nab-protection.com/login/index.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 08:59:05 GMT
Last-Modified: Thu, 14 Jun 2018 20:14:24 GMT
Server: nginx
ETag: "5b22cca0-64"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 100

GET
H/1.1 200
OK gr_bg_btn01_001.gif
nab-protection.com/login/ 274 B
551 B 408ms
212ms Image
image/gif 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nab-protection.com/login/gr_bg_btn01_001.gif

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

047532b80749cd876978ef5149876f804837410fbc2ad12b79857f34622e2583

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://nab-protection.com/login/index.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://nab-protection.com/login/index.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 08:59:05 GMT
Last-Modified: Thu, 14 Jun 2018 20:14:24 GMT
Server: nginx
ETag: "5b22cca0-112"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 274

GET
H/1.1 200
OK gr_dot-1.gif
nab-protection.com/login/ 68 B
343 B 495ms
212ms Image
image/gif 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nab-protection.com/login/gr_dot-1.gif

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

aded0530b852996f0f6d0bdee146023d096aa2c7990805c8f1f90456172b7892

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://nab-protection.com/login/index.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://nab-protection.com/login/index.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 08:59:05 GMT
Last-Modified: Thu, 14 Jun 2018 20:14:24 GMT
Server: nginx
ETag: "5b22cca0-44"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

GET
H/1.1 200
OK footer-icon-facebook.gif
nab-protection.com/login/ 581 B
858 B 619ms
211ms Image
image/gif 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nab-protection.com/login/footer-icon-facebook.gif

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

b59dac6fad9c97244268d80748845bb6efac3bac4999809675e742e21c0cfac4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://nab-protection.com/login/index.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://nab-protection.com/login/index.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 08:59:05 GMT
Last-Modified: Thu, 14 Jun 2018 20:14:24 GMT
Server: nginx
ETag: "5b22cca0-245"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 581

GET
H/1.1 200
OK footer-icon-twitter.gif
nab-protection.com/login/ 449 B
726 B 407ms
211ms Image
image/gif 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nab-protection.com/login/footer-icon-twitter.gif

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

740b92b37caf1906cd34828753b3c60f3f92fa7d89c172a757ae8ddb229c413b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://nab-protection.com/login/index.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://nab-protection.com/login/index.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 08:59:05 GMT
Last-Modified: Thu, 14 Jun 2018 20:14:24 GMT
Server: nginx
ETag: "5b22cca0-1c1"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 449

GET
H/1.1 200
OK footer-icon-gplus.gif
nab-protection.com/login/ 1 KB
1 KB 619ms
212ms Image
image/gif 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nab-protection.com/login/footer-icon-gplus.gif

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

345e5797bde0b78107d25a3ab912482a2009a90dcc37c61e10f04bdf90a5c9e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://nab-protection.com/login/index.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://nab-protection.com/login/index.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 08:59:05 GMT
Last-Modified: Thu, 14 Jun 2018 20:14:24 GMT
Server: nginx
ETag: "5b22cca0-416"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1046

GET
H/1.1 200
OK footer-icon-youtube.gif
nab-protection.com/login/ 1 KB
1 KB 568ms
212ms Image
image/gif 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nab-protection.com/login/footer-icon-youtube.gif

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

4b0f8a88bea8e8300faf9c6eb50d989aed7b008262dd482f78ed3e340251adc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://nab-protection.com/login/index.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://nab-protection.com/login/index.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 08:59:05 GMT
Last-Modified: Thu, 14 Jun 2018 20:14:24 GMT
Server: nginx
ETag: "5b22cca0-4b0"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1200

GET
H/1.1 200
OK corpid-b-webfont_001.woff
nab-protection.com/login/ 25 KB
25 KB 369ms
344ms Font
application/octet-stream 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL

https://nab-protection.com/login/corpid-b-webfont_001.woff

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

38db52c7406151339645f1d9e6642be7e31f97457fad34b541bcee77e58d54ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Origin: https://nab-protection.com
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://nab-protection.com/login/index.css
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://nab-protection.com/login/index.css
Origin: https://nab-protection.com

Response headers

Date: Thu, 07 Feb 2019 08:59:05 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Jun 2018 20:14:24 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/plain
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000;

GET
H/1.1 200
OK corpid-l-webfont_001.woff
nab-protection.com/login/ 27 KB
27 KB 550ms
344ms Font
application/octet-stream 49.51.137.228
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL

https://nab-protection.com/login/corpid-l-webfont_001.woff

Requested by

Host: nab-protection.com
URL: https://nab-protection.com/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

49.51.137.228 Beijing, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),

Reverse DNS

Software

nginx /

Resource Hash

680ebc1aecd70eb8791e9fca7d92e873fc94f820c3c22fd38441da7a266db279

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Origin: https://nab-protection.com
Accept-Encoding: gzip, deflate, br
Host: nab-protection.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://nab-protection.com/login/index.css
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://nab-protection.com/login/index.css
Origin: https://nab-protection.com

Response headers

Date: Thu, 07 Feb 2019 08:59:05 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Jun 2018 20:14:24 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/plain
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000;

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NAB Bank (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

nab-protection.com
49.51.137.228
047532b80749cd876978ef5149876f804837410fbc2ad12b79857f34622e2583
04ff4054aedfdc46f0358f8f145717259c3d264f78837b8eb3bdb46024315947
060013a92433f5976a8dd7b0e416003a8845e9fb836a68c013a70df049d427af
0be93ba9b93250bde05417c35f0e453cc6ca03b5ad40168b63dd7f419a08a5a2
345e5797bde0b78107d25a3ab912482a2009a90dcc37c61e10f04bdf90a5c9e6
38db52c7406151339645f1d9e6642be7e31f97457fad34b541bcee77e58d54ac
4b0f8a88bea8e8300faf9c6eb50d989aed7b008262dd482f78ed3e340251adc5
4c27e00efc3a284d6406cbe4838292288fd65fb135cb303902e682e7a7a5f473
4f48fca9a73368362a7356a8d3fdcc86b40a174b7b83c80b059a9322d0619e47
680ebc1aecd70eb8791e9fca7d92e873fc94f820c3c22fd38441da7a266db279
740b92b37caf1906cd34828753b3c60f3f92fa7d89c172a757ae8ddb229c413b
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
a0f7466886559e2f009b59c21c80021e45a6b9911f5e25a6e96879c16b269b72
aded0530b852996f0f6d0bdee146023d096aa2c7990805c8f1f90456172b7892
b27f7bb9ffcd9390517e839827e2a690d91c724f06c9fa9f25ea8d445a47bc73
b59dac6fad9c97244268d80748845bb6efac3bac4999809675e742e21c0cfac4
c4d9a3125d8ae44072e64b39bacde45a74d6157c5d8b7e965b9a919739338e84
c7a299c1e3976b682508aeac5138f2f31b289d350e94bbd3ccc4f7570b67dcd0
c8b5c36b604b175f0c6be6b98f40c5b82c05b0a76aadd383a61b0f4fe0b3d264

nab-protection.com Open in urlscan Pro 49.51.137.228 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

132 kBTransfer

226 kBSize

0 Cookies

0 Outgoing links

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

nab-protection.com Open in urlscan Pro
49.51.137.228 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

132 kB
Transfer

226 kB
Size

0
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!