drestamenshroup.aba.ae
Open in
urlscan Pro
85.17.26.65
Malicious Activity!
Public Scan
Effective URL: http://drestamenshroup.aba.ae/bb64adedbe18d8a9c020d080bb32f570/
Submission: On December 10 via manual from IE
Summary
This is the only time drestamenshroup.aba.ae was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ABSA (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.118.35 167.89.118.35 | 11377 (SENDGRID) (SENDGRID - SendGrid) | |
18 | 169.202.9.74 169.202.9.74 | 14115 (AMALGAMAT...) (AMALGAMATED-BSA) | |
2 8 | 85.17.26.65 85.17.26.65 | 60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands) | |
24 | 2 |
ASN11377 (SENDGRID - SendGrid, Inc., US)
PTR: o16789118x35.outbound-mail.sendgrid.net
u9038887.ct.sendgrid.net |
ASN14115 (AMALGAMATED-BSA, ZA)
PTR: ib.absa.co.za
ib.absa.co.za |
ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: mail.aba.ae
drestamenshroup.aba.ae |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
absa.co.za
ib.absa.co.za |
312 KB |
8 |
aba.ae
2 redirects
drestamenshroup.aba.ae |
103 KB |
1 |
sendgrid.net
1 redirects
u9038887.ct.sendgrid.net |
358 B |
24 | 3 |
Domain | Requested by | |
---|---|---|
18 | ib.absa.co.za |
ib.absa.co.za
|
8 | drestamenshroup.aba.ae |
2 redirects
ib.absa.co.za
drestamenshroup.aba.ae |
1 | u9038887.ct.sendgrid.net | 1 redirects |
24 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.aba.ae |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ib.absa.co.za DigiCert SHA2 Extended Validation Server CA |
2018-08-14 - 2019-07-04 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://drestamenshroup.aba.ae/bb64adedbe18d8a9c020d080bb32f570/
Frame ID: FDEC0D92E920455B3F100564340E75A1
Requests: 24 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://u9038887.ct.sendgrid.net/wf/click?upn=IFPjPVQATbS-2BWNbQUG8wAzBnhgEODOOhfrb-2BENFc1lLU8AWZFi3rSA3Xd5q...
HTTP 302
https://ib.absa.co.za/absa-online/index-osf.jsp?gid=g301014537537%27%3bwindow.location.href=%22htt... Page URL
-
http://drestamenshroup.aba.ae/
HTTP 302
http://drestamenshroup.aba.ae/bb64adedbe18d8a9c020d080bb32f570 HTTP 301
http://drestamenshroup.aba.ae/bb64adedbe18d8a9c020d080bb32f570/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: استضافة مجانية
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u9038887.ct.sendgrid.net/wf/click?upn=IFPjPVQATbS-2BWNbQUG8wAzBnhgEODOOhfrb-2BENFc1lLU8AWZFi3rSA3Xd5qbYGGnoaI-2FNtrz5lwcIvZRyDVdu0mSSvIt78BCx1dRYHZNt8N-2Fg-2FVrr0HuWVCUbYdz1aauIlSabfWgmkU2csaiU6iQYvtjLMMt6k4a1wmWDEKtgTsOh7nUN-2Bf4v0sEWe2Wr4Q1TR-2FEzw9-2BPcZTeL1R7JkHbw-3D-3D_nyz2CgSinkhLLXKE5y9NvQwFoCaRpK6kgizSRhCePLQxWqdT-2FFYdUN6s3LcXcI2gHMVjHXWIEAfX066W8chy8OfY2NMB2WzexZKgvCowxwBqZzfwDCtfZeQ4omiPS9qNQh4xlCbQezoFuRAaYH8eXsLWLKOgl3uZqhMi5clkwJwBACzFIxr1zn4eVRZ36QaRsYMbsz36fteQ2ha4FgfVMbEzM4g23UZLaA8aA4B9iLH6MrErbH2he-2FYNze3fepFE-2FEneJ-2FSvMKD6g7Sso-2FelxXcxwX1Yy5GL6rf-2B6Ctkej8TZRbNC-2FAOzAHK9J6yo040bBWEQX0FEl3C61GkUfBMdCjIUeXnJhFS4vO9rzOGOBrSIzeCQaOfwKxRvaifh8J8-2BFsKetnWZloq30wuhM068ltYA0mhh5HpqIK-2BGpqmVKY-3D
HTTP 302
https://ib.absa.co.za/absa-online/index-osf.jsp?gid=g301014537537%27%3bwindow.location.href=%22http://drestamenshroup.aba.ae%22;%2f%2f733&unie=23sd Page URL
-
http://drestamenshroup.aba.ae/
HTTP 302
http://drestamenshroup.aba.ae/bb64adedbe18d8a9c020d080bb32f570 HTTP 301
http://drestamenshroup.aba.ae/bb64adedbe18d8a9c020d080bb32f570/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://u9038887.ct.sendgrid.net/wf/click?upn=IFPjPVQATbS-2BWNbQUG8wAzBnhgEODOOhfrb-2BENFc1lLU8AWZFi3rSA3Xd5qbYGGnoaI-2FNtrz5lwcIvZRyDVdu0mSSvIt78BCx1dRYHZNt8N-2Fg-2FVrr0HuWVCUbYdz1aauIlSabfWgmkU2csaiU6iQYvtjLMMt6k4a1wmWDEKtgTsOh7nUN-2Bf4v0sEWe2Wr4Q1TR-2FEzw9-2BPcZTeL1R7JkHbw-3D-3D_nyz2CgSinkhLLXKE5y9NvQwFoCaRpK6kgizSRhCePLQxWqdT-2FFYdUN6s3LcXcI2gHMVjHXWIEAfX066W8chy8OfY2NMB2WzexZKgvCowxwBqZzfwDCtfZeQ4omiPS9qNQh4xlCbQezoFuRAaYH8eXsLWLKOgl3uZqhMi5clkwJwBACzFIxr1zn4eVRZ36QaRsYMbsz36fteQ2ha4FgfVMbEzM4g23UZLaA8aA4B9iLH6MrErbH2he-2FYNze3fepFE-2FEneJ-2FSvMKD6g7Sso-2FelxXcxwX1Yy5GL6rf-2B6Ctkej8TZRbNC-2FAOzAHK9J6yo040bBWEQX0FEl3C61GkUfBMdCjIUeXnJhFS4vO9rzOGOBrSIzeCQaOfwKxRvaifh8J8-2BFsKetnWZloq30wuhM068ltYA0mhh5HpqIK-2BGpqmVKY-3D HTTP 302
- https://ib.absa.co.za/absa-online/index-osf.jsp?gid=g301014537537%27%3bwindow.location.href=%22http://drestamenshroup.aba.ae%22;%2f%2f733&unie=23sd
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
index-osf.jsp
ib.absa.co.za/absa-online/ Redirect Chain
|
137 KB 24 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
absa.css
ib.absa.co.za/absa-online/static/style/ |
125 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.css
ib.absa.co.za/absa-online/static/style/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
backbase.js
ib.absa.co.za/absa-online/static/lib/bcf/4_4_9_1/engine/ |
256 KB 74 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
absa-all-base-osf.jsp
ib.absa.co.za/absa-online/static/script/ |
382 KB 89 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
absa-all-gadgets-osf.jsp
ib.absa.co.za/absa-online/static/script/ |
12 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index-osf.js
ib.absa.co.za/absa-online/static/script/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
absa.jcaptcha.js
ib.absa.co.za/absa-online/static/script/absa/ |
2 KB 849 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ajax-loader-2.gif
ib.absa.co.za/absa-online/static/style/resources/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
absa-logo-2018.png
ib.absa.co.za/absa-online/static/style/resources/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
secure_2018.jpg
ib.absa.co.za/absa-online/static/style/resources/ |
5 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
retirementAnnuityAll.js
ib.absa.co.za/absa-online/gadgets/apply/retirementAnnuity/ |
193 KB 30 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
investmentAccountAll.js
ib.absa.co.za/absa-online/gadgets/apply/investmentAccountOsf/ |
249 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
businessBankingAll.js
ib.absa.co.za/absa-online/gadgets/apply/businessBanking/ |
437 B 634 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
osfSwitchingAll.js
ib.absa.co.za/absa-online/gadgets/profile/osfSwitching/ |
35 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pebbleAll.js
ib.absa.co.za/absa-online/gadgets/apply/pebble/ |
27 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
valueBundleAll.js
ib.absa.co.za/absa-online/gadgets/apply/valueBundle/ |
79 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
barclays_logo.gif
ib.absa.co.za/absa-online/assets/Assets/Richmedia/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
/
drestamenshroup.aba.ae/bb64adedbe18d8a9c020d080bb32f570/ Redirect Chain
|
18 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
signin.css
drestamenshroup.aba.ae/bb64adedbe18d8a9c020d080bb32f570/res/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
signin.js
drestamenshroup.aba.ae/bb64adedbe18d8a9c020d080bb32f570/res/ |
11 KB 4 KB |
Stylesheet
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.1.1.js
drestamenshroup.aba.ae/bb64adedbe18d8a9c020d080bb32f570/res/ |
261 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
signin.js
drestamenshroup.aba.ae/bb64adedbe18d8a9c020d080bb32f570/res/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logoDesktop.svg
drestamenshroup.aba.ae/bb64adedbe18d8a9c020d080bb32f570/res/img/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ABSA (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| _0xe3171 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
drestamenshroup.aba.ae/ | Name: PHPSESSID Value: c98934a0989428b171e8a1b0c80bf193 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
drestamenshroup.aba.ae
ib.absa.co.za
u9038887.ct.sendgrid.net
167.89.118.35
169.202.9.74
85.17.26.65
15eb307e7cc877657c2f2ac1d790e4cdd87b39d047a4bd81c00721cea6369e1c
37368773bc0c669e784ffb4a63e77227e27074e84815eb99789b90020009866e
42073c1b1763c111523ed6f46b0eb0461c9fed9989f524437a6e099c9bf92267
913d59285fa43e620fb3f0046975f28e834e7921d54df8db0c3544fb0f0bb82d
98d14a3cf8722356fde4a8ae67a0cbd04449217039f7a33b3fbdc72a384929a2
a873e29b5bc1f0895bd022efaa97f035bcd500b8166c1b61edaceb8156d5cb45
aa11b52eff74b0ba1f677872828e23ab5e46d4c69eae18dc982bdefcb7b17eb5
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
b67e84f935d3bb36432ddaeea11409503ba191cfe53c2e42721cc95026823185
b6b693de4c17c014dad29abe5294359606104283674d45ee8348e9dc731ff540
b90e9d891c1b60bbb442d0c18a93bef607f0c49854a151e204bb66ca409ca1e4
d7a71d3dd740e95755227ba6446a3a21b8af6c4444f29ec2411dc7cd306e10b0
e3fd636d169bb386289b9fc193aa53e89910a334b03b02af71f092351acfce0f
ea678cb4a9e66b711beee6ce34e3f564a891fa78f29248533f4bdbd3f6505a93
f0975b5b48e4b063d3af61d4ed68c913e0962c70341eab089333bf4dedf56b89
fc0d83f56efb077ed9148b4661972789411b5bc449d70721d72e1dd978f47741
ff8cd11b8e42727e514757ffc2167b1e67d59643c764aa58126e17d9112b39c0