www.egnc.cu.edu.eg
Open in
urlscan Pro
195.246.42.200
Malicious Activity!
Public Scan
Submission: On April 13 via automatic, source openphish
Summary
This is the only time www.egnc.cu.edu.eg was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ING Group (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 195.246.42.200 195.246.42.200 | 2561 (EUN) (EUN) | |
36 | 185.98.131.141 185.98.131.141 | 16347 (RMI-FITECH) (RMI-FITECH) | |
38 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
36 |
almohdi.com
almohdi.com |
665 KB |
1 |
cu.edu.eg
www.egnc.cu.edu.eg |
16 KB |
38 | 2 |
Domain | Requested by | |
---|---|---|
36 | almohdi.com |
www.egnc.cu.edu.eg
|
1 | www.egnc.cu.edu.eg | |
38 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ing.it |
Subject Issuer | Validity | Valid | |
---|---|---|---|
almohdi.com Let's Encrypt Authority X3 |
2019-03-04 - 2019-06-02 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://www.egnc.cu.edu.eg/css/6d99f4a7854dd3b50c89c76a82bc90bc/sms.php
Frame ID: B6A44CF6A8B753E36F1AE3AFA1960715
Requests: 37 HTTP requests in this frame
Frame:
https://almohdi.com/ing/2/sms_files/dest5.html
Frame ID: 2ECD6393E451516C052614F37B6C0556
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Windows Server (Operating Systems) Expand
Detected patterns
- html /<input[^>]+name="__VIEWSTATE/i
Microsoft ASP.NET (Web Frameworks) Expand
Detected patterns
- html /<input[^>]+name="__VIEWSTATE/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
IIS (Web Servers) Expand
Detected patterns
- html /<input[^>]+name="__VIEWSTATE/i
Google Tag Manager (Tag Managers) Expand
Detected patterns
- env /^google_tag_manager$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
- script /jquery-ui.*\.js/i
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- script /jquery-ui.*\.js/i
Twitter Bootstrap () Expand
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
- script /(?:twitter\.github\.com\/bootstrap|bootstrap(?:\.js|\.min\.js))/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Todo sobre seguridad
Search URL Search Domain Scan URL
Title: Preguntas Frecuentes
Search URL Search Domain Scan URL
Title: Aviso Legal
Search URL Search Domain Scan URL
Title: PolĂtica de cookies
Search URL Search Domain Scan URL
Title: Mapa
Search URL Search Domain Scan URL
Title: Info Legal
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
38 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
sms.php
www.egnc.cu.edu.eg/css/6d99f4a7854dd3b50c89c76a82bc90bc/ |
15 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adrum-ext.0114d8ab0f03303bd16d4030c6be92a6.js
almohdi.com/ing/2/sms_files/ |
45 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
almohdi.com/ing/2/sms_files/ |
42 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adrum-ext.0114d8ab0f03303bd16d4030c6be92a6.js(1)
almohdi.com/ing/2/sms_files/ |
0 1 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js(1)
almohdi.com/ing/2/sms_files/ |
42 KB 43 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adrum-ext.0114d8ab0f03303bd16d4030c6be92a6.js(2)
almohdi.com/ing/2/sms_files/ |
45 KB 45 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js(2)
almohdi.com/ing/2/sms_files/ |
42 KB 43 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s27916448132066
almohdi.com/ing/2/sms_files/ |
71 B 141 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
almohdi.com/ing/2/sms_files/ |
111 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-theme.min.css
almohdi.com/ing/2/sms_files/ |
19 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
almohdi.com/ing/2/sms_files/ |
43 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
almohdi.com/ing/2/sms_files/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui.min.js
almohdi.com/ing/2/sms_files/ |
235 KB 64 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
almohdi.com/ing/2/sms_files/ |
35 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
normalizzatore.js
almohdi.com/ing/2/sms_files/ |
28 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.js
almohdi.com/ing/2/sms_files/ |
23 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application.js
almohdi.com/ing/2/sms_files/ |
0 74 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PostbackManager.js
almohdi.com/ing/2/sms_files/ |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LoginAttivazione.js
almohdi.com/ing/2/sms_files/ |
3 KB 953 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js(1)
almohdi.com/ing/2/sms_files/ |
81 KB 82 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LoginAttivazione.css
almohdi.com/ing/2/sms_files/ |
796 B 601 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logoING.svg
almohdi.com/ing/2/sms_files/ |
16 KB 16 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
verisign24.svg
almohdi.com/ing/2/sms_files/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lucchetto24.svg
almohdi.com/ing/2/sms_files/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mobile-42h.svg
almohdi.com/ing/2/sms_files/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
saved_resource
almohdi.com/ing/2/sms_files/ |
51 KB 52 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Asset.php
almohdi.com/ing/2/sms_files/ |
60 KB 18 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Asset(1).php
almohdi.com/ing/2/sms_files/ |
60 KB 17 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
saved_resource(1)
almohdi.com/ing/2/sms_files/ |
51 KB 52 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Asset(2).php
almohdi.com/ing/2/sms_files/ |
60 KB 17 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Asset(3).php
almohdi.com/ing/2/sms_files/ |
60 KB 17 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Asset(4).php
almohdi.com/ing/2/sms_files/ |
60 KB 17 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Asset(5).php
almohdi.com/ing/2/sms_files/ |
60 KB 17 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Asset(6).php
almohdi.com/ing/2/sms_files/ |
60 KB 17 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Asset(7).php
almohdi.com/ing/2/sms_files/ |
60 KB 17 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chevron-right.png
almohdi.com/images/diventaclientemob/ |
0 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
FSMeWeb-Regular.woff
almohdi.com/CssSecure/Mobile/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dest5.html
almohdi.com/ing/2/sms_files/ Frame 2ECD |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- almohdi.com
- URL
- https://almohdi.com/CssSecure/Mobile/Fonts/FSMeWeb-Regular.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ING Group (Banking)68 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| google_tag_data function| ga object| gaplugins function| $ function| jQuery object| jQuery11130812787629295479 string| addrErrorMessageNoDug string| addrErrorMessageNoStreetName string| zipCodeErrorMessage function| InitNormalizzatoreAutocomplete function| init_ZipCode function| Init_City function| Init_AddressDug function| validateAddress function| writeAddress function| populateSuggestedAddr function| CheckExistsDUG function| checkZipCode number| vH string| rxpEmail string| banner_cookie_clicca_qui string| banner_cookie_chiudi string| urlDiventaClienteSetPage string| CHECK_INTENT_KO number| globalAjaxSuccess function| updateSessionAndContactIn function| fnNoBackCallback function| fnNoBack function| resizeEndSpace function| toggleError function| serializeBoxData function| setEditMode function| clearEditMode undefined| navBarExpanded function| showPopUpServiceNotAvailable function| checkEmailBox function| testRegex function| toggleErrorMes function| viewcookieadv function| setcookie function| init_stampa function| inLoad function| updateErrorBox function| enterKeyInit function| getUA function| setLabel function| serializeBoxDataToJson function| isCurrentCardBoolean undefined| abortPostbackWait function| PostbackWaitAbort function| ShowPostbackWait function| HidePostbackWait function| SetOpacity function| GetPageSize function| GetNumericSize object| rxpCF function| validaCF function| setTag object| QSI function| SIMessage function| setEDinPlaceholderWindow function| setEmbeddedData function| QSI_updatePopunderEDCallback object| google_tag_manager object| dataLayer0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
almohdi.com
www.egnc.cu.edu.eg
almohdi.com
185.98.131.141
195.246.42.200
0bbd399876c8b211d53aadce3959ca5500908b868b01095d7f58801ba39d5022
0cc66f534cb18780902f89dee743f4961d2e9b0482592ee026fa9b37f38e9c64
2def6f138728c39169c8f6970d14792800886fc84ee0a40a2605cb641a00318c
3550c070d51904b4440cb94e7fe4cfc246257bfc4244eb69512612896b364f79
3c6a77224a7ec7c6f4a7738a108c872df8cf16ffdd8cc9ff63e487e462731c63
6a33da0032067071ec105a1dab7015c530f4a3957734a6075dffb30efa940489
7655dbc3d8b8864776fe2f01854dc8a7ee67992d96f6336de01fe8b876548902
8cb05b675fe6419a9e91eb587c60902c7ed1cb6c42b8cff8ce404ef89f635cde
93ad2458f2edc0b7c0721f3d1296e03985acbec38606ee3fcc70ec2732693553
a1360f8a0523443cfb049982ef671fe929cd2ca7b7be1a93422904c12b5e8b74
a7b20ec84aadcaaa7d3f53c6fcb93348eeb392dcf9f158e22124eae321ae190b
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
b60b735a5b1c2a26e81e79bd49d42c0138c4925e99b1170c9c71f8cfe24a2840
bb4ad090ddec4b0a14a0d68d821370d70c224f823be5b84882a600922aeaac44
c270f0f7cd5ea87384fba4b935c587860a8524ef23716006754f85dbf1e9033f
c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c
cf27925b89308f421e9707e061938d74aefc95e671c064b076a3d28aa52058cb
d7a277c3249e0b7594a1d1784c6eb7348f0dcd4a7b7d3610f6754ce62cabdc5c
de2c0400f100dc0be9a0ab5d3cb55343f4e20cfe832bd2e90b02705baebc5280
df9cf1407da004a72cd772192e8e392e59856bc57ebba1483980832d51e8dec7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f971b901aeb9e55b07d472afee09bd5ae05159e1119dbd16d993e473565e7fc0
fae609742ad4e38c81f8dbf746e3c847991f48aee60e0b36c53a00b1abe62a88