sireay.com Open in urlscan Pro
101.99.66.48 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://sireay.com/wp/tax/taxb/cibc/accountConfirm.php
Submission Tags: @ipnigh
Submission: On July 21 via api (July 21st 2019, 12:01:00 am UTC) from GB

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 16 HTTP transactions. The main IP is 101.99.66.48, located in Malaysia and belongs to SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY. The main domain is sireay.com.

This is the only time sireay.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: CIBC (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1	101.99.66.48 101.99.66.48		45839 (SHINJIRU-...) (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd)
16	2

1 101.99.66.48 (Malaysia)

ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY)
PTR: mail.seaventuresdive.com

sireay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	sireay.com sireay.com	10 KB
0	cibc.mobi Failed www.cibc.mobi Failed
16	2

	Domain	Requested by
1	sireay.com
0	www.cibc.mobi Failed	sireay.com
16	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://sireay.com/wp/tax/taxb/cibc/accountConfirm.php
Frame ID: 020122FEB710DBC27766BD29334E21A8
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

16
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

10 kB
Transfer

10 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request accountConfirm.php Show response sireay.com/wp/tax/taxb/cibc/	10 KB 10 KB	8025ms 287ms	Document text/html	101.99.66.48 SHINJIRU-MY-AS-AP...
General Check archive.org Show headers Download Go to Full URL http://sireay.com/wp/tax/taxb/cibc/accountConfirm.php Protocol HTTP/1.1 Server 101.99.66.48 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY), Reverse DNS mail.seaventuresdive.com Software Apache / Resource Hash `ff998c013ea6e951b5e78d6f0ffd974260a968ad3b2876fc1254c6304bf8e1e2` Request headers Host sireay.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 21 Jul 2019 00:00:30 GMT Server Apache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET		reset.css www.cibc.mobi/ebm-mobile-anp/doc/css/common/	0 0

GET		reset-brand.css www.cibc.mobi/ebm-mobile-anp/doc/css/common/	0 0

GET		global.css www.cibc.mobi/ebm-mobile-anp/doc/css/common/	0 0

GET		global-android2.css www.cibc.mobi/ebm-mobile-anp/doc/css/common/	0 0

GET		global-brand.css www.cibc.mobi/ebm-mobile-anp/doc/css/common/	0 0

GET		jquery-1.11.2.min-ver-5790EAD7AD3BA27397AEDFA3D263B867.js www.cibc.mobi/ebm-mobile-anp//doc/framework/org.apache.wicket.resource.JQueryResourceReference/jquery/	0 0

GET		wicket-event-jquery.min-ver-2A8B8EF9295A81B4FF15AA3DE14044D7.js www.cibc.mobi/ebm-mobile-anp//doc/framework/org.apache.wicket.ajax.AbstractDefaultAjaxBehavior/res/js/	0 0

GET		wicket-ajax-jquery.min-ver-E104EDF0826B33507C50375F69A9AA5D.js www.cibc.mobi/ebm-mobile-anp//doc/framework/org.apache.wicket.ajax.AbstractDefaultAjaxBehavior/res/js/	0 0

GET		profile.css www.cibc.mobi/ebm-mobile-anp/doc/css/anp/profile/	0 0

GET		ebanking-mobile-ver-D7B673BC5C37678142C8329AAE800481.js www.cibc.mobi/ebm-mobile-anp//doc/framework/com.cibc.ebanking.application.mobile.view.AbstractBasePage/	0 0

GET		global.js www.cibc.mobi/ebm-mobile-anp/doc/js/common/	0 0

GET		drawer-scroll-prevent.js www.cibc.mobi/ebm-mobile-anp/doc/js/common/	0 0

GET		s-code-universal.js www.cibc.mobi/ebm-mobile-anp/doc/js/common/	0 0

GET		drawer-menu-open.png www.cibc.mobi/ebm-mobile-anp/doc/images/common/	0 0

GET		drawer-menu-close.png www.cibc.mobi/ebm-mobile-anp/doc/images/common/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.cibc.mobi
URL: https://www.cibc.mobi/ebm-mobile-anp/doc/css/common/reset.css

Domain: www.cibc.mobi
URL: https://www.cibc.mobi/ebm-mobile-anp/doc/css/common/reset-brand.css

Domain: www.cibc.mobi
URL: https://www.cibc.mobi/ebm-mobile-anp/doc/css/common/global.css

Domain: www.cibc.mobi
URL: https://www.cibc.mobi/ebm-mobile-anp/doc/css/common/global-android2.css

Domain: www.cibc.mobi
URL: https://www.cibc.mobi/ebm-mobile-anp/doc/css/common/global-brand.css

Domain: www.cibc.mobi
URL: https://www.cibc.mobi/ebm-mobile-anp//doc/framework/org.apache.wicket.resource.JQueryResourceReference/jquery/jquery-1.11.2.min-ver-5790EAD7AD3BA27397AEDFA3D263B867.js

Domain: www.cibc.mobi
URL: https://www.cibc.mobi/ebm-mobile-anp//doc/framework/org.apache.wicket.ajax.AbstractDefaultAjaxBehavior/res/js/wicket-event-jquery.min-ver-2A8B8EF9295A81B4FF15AA3DE14044D7.js

Domain: www.cibc.mobi
URL: https://www.cibc.mobi/ebm-mobile-anp//doc/framework/org.apache.wicket.ajax.AbstractDefaultAjaxBehavior/res/js/wicket-ajax-jquery.min-ver-E104EDF0826B33507C50375F69A9AA5D.js

Domain: www.cibc.mobi
URL: https://www.cibc.mobi/ebm-mobile-anp/doc/css/anp/profile/profile.css

Domain: www.cibc.mobi
URL: https://www.cibc.mobi/ebm-mobile-anp//doc/framework/com.cibc.ebanking.application.mobile.view.AbstractBasePage/ebanking-mobile-ver-D7B673BC5C37678142C8329AAE800481.js

Domain: www.cibc.mobi
URL: https://www.cibc.mobi/ebm-mobile-anp/doc/js/common/global.js

Domain: www.cibc.mobi
URL: https://www.cibc.mobi/ebm-mobile-anp/doc/js/common/drawer-scroll-prevent.js

Domain: www.cibc.mobi
URL: https://www.cibc.mobi/ebm-mobile-anp/doc/js/common/s-code-universal.js

Domain: www.cibc.mobi
URL: https://www.cibc.mobi/ebm-mobile-anp/doc/images/common/drawer-menu-open.png

Domain: www.cibc.mobi
URL: https://www.cibc.mobi/ebm-mobile-anp/doc/images/common/drawer-menu-close.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: CIBC (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

sireay.com
www.cibc.mobi
www.cibc.mobi
101.99.66.48
ff998c013ea6e951b5e78d6f0ffd974260a968ad3b2876fc1254c6304bf8e1e2

sireay.com Open in urlscan Pro 101.99.66.48 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

16 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

10 kBTransfer

10 kBSize

0 Cookies

0 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

sireay.com Open in urlscan Pro
101.99.66.48 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

10 kB
Transfer

10 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!