online.bankfab.com.studiolegalelolli.com
Open in
urlscan Pro
89.252.166.50
Malicious Activity!
Public Scan
Effective URL: http://online.bankfab.com.studiolegalelolli.com/PersonalBankingWeb/login/7f099518e07aa91cf3fae3755c466e5e/
Submission: On January 21 via manual from IN
Summary
This is the only time online.bankfab.com.studiolegalelolli.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: First Abu Dhabi Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2620:101:2005... 2620:101:2005:11f0::1001 | 16417 (IRONPORT-...) (IRONPORT-SYSTEMS-INC) | |
1 1 | 62.149.128.157 62.149.128.157 | 31034 (ARUBA-ASN) (ARUBA-ASN) | |
1 1 | 62.149.128.45 62.149.128.45 | 31034 (ARUBA-ASN) (ARUBA-ASN) | |
2 12 | 89.252.166.50 89.252.166.50 | 51559 (NETINTERN...) (NETINTERNET Netinternet Bilisim Teknolojileri AS) | |
4 | 2a00:1450:400... 2a00:1450:4001:800::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:2b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
15 | 3 |
ASN51559 (NETINTERNET Netinternet Bilisim Teknolojileri AS, TR)
PTR: zkim2kli.ni.net.tr
online.bankfab.com.studiolegalelolli.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
studiolegalelolli.com
2 redirects
online.bankfab.com.studiolegalelolli.com |
1 MB |
4 |
googleapis.com
maps.googleapis.com |
262 KB |
2 |
palmastudio.it
2 redirects
palmastudio.it www.palmastudio.it |
551 B |
1 |
jquery.com
code.jquery.com |
33 KB |
1 |
cisco.com
1 redirects
secure-web.cisco.com |
266 B |
15 | 5 |
Domain | Requested by | |
---|---|---|
12 | online.bankfab.com.studiolegalelolli.com |
2 redirects
online.bankfab.com.studiolegalelolli.com
|
4 | maps.googleapis.com |
online.bankfab.com.studiolegalelolli.com
maps.googleapis.com |
1 | code.jquery.com |
online.bankfab.com.studiolegalelolli.com
|
1 | www.palmastudio.it | 1 redirects |
1 | palmastudio.it | 1 redirects |
1 | secure-web.cisco.com | 1 redirects |
15 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
upload.video.google.com GTS CA 1O1 |
2020-12-15 - 2021-03-09 |
3 months | crt.sh |
jquery.org Sectigo RSA Domain Validation Secure Server CA |
2020-10-06 - 2021-10-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://online.bankfab.com.studiolegalelolli.com/PersonalBankingWeb/login/7f099518e07aa91cf3fae3755c466e5e/
Frame ID: 514779EE39FCE3878F7A70183B019002
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://secure-web.cisco.com/1hXwkAD0-SY846B3ouq7JlDv8W4-lk8peJDohmeWhHOFeFQ6GMRgPs4ns6SIVXT07V8BMfzMlMNv...
HTTP 302
http://palmastudio.it/ HTTP 301
http://www.palmastudio.it/ HTTP 301
http://online.bankfab.com.studiolegalelolli.com/PersonalBankingWeb/login/ HTTP 302
http://online.bankfab.com.studiolegalelolli.com/PersonalBankingWeb/login/7f099518e07aa91cf3fae3755c466e5e HTTP 301
http://online.bankfab.com.studiolegalelolli.com/PersonalBankingWeb/login/7f099518e07aa91cf3fae3755c466e5e/ Page URL
Detected technologies
Google Maps (Maps) ExpandDetected patterns
- script /\/\/maps\.googleapis\.com\/maps\/api\/js/i
Windows Server (Operating Systems) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Angular (JavaScript Frameworks) Expand
Detected patterns
- html /<[^>]+ ng-version="([\d.]+)"/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://secure-web.cisco.com/1hXwkAD0-SY846B3ouq7JlDv8W4-lk8peJDohmeWhHOFeFQ6GMRgPs4ns6SIVXT07V8BMfzMlMNv7t_1tD3QSVjZjDOZPVDU-GAePFcLbBTyOJK06f7OB18ixvFMIxiXb9vSqmgzCZa8x07UNboYiqXNrnZSvEHC1lHF2dz7uQAcnw5F8tyfznDTy9iFBfCXOItX5bG3IMGuxVarDGqk36VWvWbvKyUuxPEPbYk0jQ79LOe2F7hy1lQcTtHxrX4igvRl-28Uo4GfnxRVgp7frrYObKxxS3Q83NmnZhE_pP5fXwd4hMkjr760D9dKkgQ_Vp5KHvn9XO1ZOTuxbnc5jCiK0LOeSv2BIicuCvEg-YyGe0Z9EjNz-_fYU2bSfFyhys1qytU7nSYlBbgBLpbJhCdgVOQ8x-YqgQZ9wbqbOCrwjBU-4P5pYl6wtnYoxXYSMWtWG6gjkHZEdVKP3W36-wEgkGvR9foisBncN6INNsrgDPTAkDs3StVQG-s12HccS-5jvZAfsvXTkaOkMPSE9iA/http%3A%2F%2Fpalmastudio.it%2F
HTTP 302
http://palmastudio.it/ HTTP 301
http://www.palmastudio.it/ HTTP 301
http://online.bankfab.com.studiolegalelolli.com/PersonalBankingWeb/login/ HTTP 302
http://online.bankfab.com.studiolegalelolli.com/PersonalBankingWeb/login/7f099518e07aa91cf3fae3755c466e5e HTTP 301
http://online.bankfab.com.studiolegalelolli.com/PersonalBankingWeb/login/7f099518e07aa91cf3fae3755c466e5e/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
online.bankfab.com.studiolegalelolli.com/PersonalBankingWeb/login/7f099518e07aa91cf3fae3755c466e5e/ Redirect Chain
|
11 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
maps.googleapis.com/maps/api/ |
124 KB 41 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.11.2.min.js
code.jquery.com/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.3c9a8ebbfe1d1d70190d.bundle.css
online.bankfab.com.studiolegalelolli.com/PersonalBankingWeb/login/files/ |
697 KB 697 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-small.png
online.bankfab.com.studiolegalelolli.com/PersonalBankingWeb/login/files/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.jpg
online.bankfab.com.studiolegalelolli.com/PersonalBankingWeb/login/files/ |
229 KB 229 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
new-brand-bg.13ccd1f222a52156712d.jpg
online.bankfab.com.studiolegalelolli.com/PersonalBankingWeb/login/files/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FSMatthew-Light.87474fc035d3d70e79c6.woff
online.bankfab.com.studiolegalelolli.com/PersonalBankingWeb/login/files/ |
31 KB 31 KB |
Font
font/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FSMatthew-Bold.d8bb43a4623fa531c43a.woff
online.bankfab.com.studiolegalelolli.com/PersonalBankingWeb/login/files/ |
32 KB 32 KB |
Font
font/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FSMatthew-Medium.9640afcb869f0c9a49a7.woff
online.bankfab.com.studiolegalelolli.com/PersonalBankingWeb/login/files/ |
34 KB 34 KB |
Font
font/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FSMatthew.42cc6f9c1eed3594a0c9.woff
online.bankfab.com.studiolegalelolli.com/PersonalBankingWeb/login/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FSMatthew.1c6027b680abefdfa9bb.ttf
online.bankfab.com.studiolegalelolli.com/PersonalBankingWeb/login/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.js
maps.googleapis.com/maps-api-v3/api/js/43/6/ |
75 KB 75 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
util.js
maps.googleapis.com/maps-api-v3/api/js/43/6/ |
145 KB 146 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
AuthenticationService.Authenticate
maps.googleapis.com/maps/api/js/ |
62 B 406 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: First Abu Dhabi Bank (Banking)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated object| google object| module$contents$MapsEvent_MapsEvent object| module$contents$mapsapi$overlay$OverlayView_OverlayView function| $ function| jQuery function| enlogin function| arlogin object| _xdc_0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
maps.googleapis.com
online.bankfab.com.studiolegalelolli.com
palmastudio.it
secure-web.cisco.com
www.palmastudio.it
2001:4de0:ac19::1:b:2b
2620:101:2005:11f0::1001
2a00:1450:4001:800::200a
62.149.128.157
62.149.128.45
89.252.166.50
204feb08527d33ec76b439fe94b2d5bc217f1940b8fdae4bc231b66dcde91e14
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
303382f3f424fedc1a49d241bd5c79dcc8e9a4b2c5d86955b67b1795a5f1c42f
3708cad31f6c01e8c24239471c9d90759a4deaabddee4f02b29e0601d866c947
3dd740d3fd0832fbda81b5d373825ec524b10b332b4ea23eafbb56d96254521c
69885943c0c9b43e1b918bcb1516f969bb50d0e8e85c2e8d81657f1a314b5f00
7919aaea6692d6268ed0cf4c55ca5b73e3e05f1f0a50a50caf383b7dce0085bd
8a3e4976612cff0144277a74701a801bc703665e5c033bcbb29d18fbee213fe9
8a5bbe4a819917e9cbb849eb882e1a1617d56a2b7d87d1fac48826079d9cd9e2
b85f0f35cc3b5f51593f4b4c2eda0b925de731d4504bfd6d386156bd82f23ae1
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
e88054bce5b571855b9e8d68f2a418bd9318b21cb5ae7d010e917b33414abf34
fa1604a8b53bfe82b313cbae93610dfad5e7685b00bdca61009d7022d6afd54d