216.83.35.89 Open in urlscan Pro
216.83.35.89 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://216.83.35.89/
Submission: On November 08 via manual (November 8th 2023, 7:45:47 am UTC) from IL — Scanned from DE

Summary HTTP 21 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 21 HTTP transactions. The main IP is 216.83.35.89, located in United States and belongs to BCPL-SG BGPNET Global ASN, SG. The main domain is 216.83.35.89.
TLS certificate: Issued by R3 on November 3rd 2023. Valid for: 3 months.

This is the only time 216.83.35.89 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank Hapoalim (Banking)

Domain & IP information

	IP Address	AS Autonomous System
20	216.83.35.89 216.83.35.89	64050 (BCPL-SG B...) (BCPL-SG BGPNET Global ASN)
1	45.60.207.1 45.60.207.1	19551 (INCAPSULA) (INCAPSULA)
21	2

20 216.83.35.89 (United States)

ASN64050 (BCPL-SG BGPNET Global ASN, SG)

216.83.35.89	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.60.207.1 (United States)

ASN19551 (INCAPSULA, US)

login.bankhapoalim.co.il	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	bankhapoalim.co.il login.bankhapoalim.co.il — Cisco Umbrella Rank: 591632	932 B
21	1

	Domain	Requested by
1	login.bankhapoalim.co.il	216.83.35.89
21	1

This site contains links to these domains. Also see Links.

Domain
www.bankhapoalim.co.il

Subject Issuer	Validity	Valid
login.banknapoalln.cc R3	`2023-11-03` - `2024-02-01`	3 months	crt.sh
login.bankhapoalim.co.il DigiCert SHA2 Extended Validation Server CA	`2022-11-15` - `2023-12-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://216.83.35.89/
Frame ID: 2F57470E0E97093EC5EE4ECFB25C5770
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

בנק הפועלים - כניסה לחשבונך

Page Statistics

21
Requests

5 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

337 kB
Transfer

628 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bankhapoalim.co.il/?skip=yes

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
216.83.35.89/ 67 KB
15 KB 785ms
260ms Document
text/html 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to

Full URL

https://216.83.35.89/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),

Reverse DNS

Software

nginx /

Resource Hash

480ff73391b9081d153cdb98bf515248d0b940dbb88713e9bb9e59836ce4daa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html
date: Wed, 08 Nov 2023 07:12:58 GMT
etag: W/"64c77678-10b1b"
last-modified: Mon, 31 Jul 2023 08:53:12 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding

GET
H2 200 styles.004a7928836ed054.css
216.83.35.89/index_files/ 316 KB
74 KB 264ms
262ms Stylesheet
text/css 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to

Full URL

https://216.83.35.89/index_files/styles.004a7928836ed054.css

Requested by

Host: 216.83.35.89
URL: https://216.83.35.89/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),

Reverse DNS

Software

nginx /

Resource Hash

2ede51fe68e8a2726e60309e9af28ce18d40ca7efb19de40641d5d66584d0f31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://216.83.35.89/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:12:58 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Mon, 31 Jul 2023 07:28:58 GMT
server: nginx
etag: W/"64c762ba-4ee5c"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Wed, 08 Nov 2023 19:12:58 GMT

GET
H2 200 poalim-bold.afaa78f0219b396c.woff2
216.83.35.89/index_files/ 44 KB
44 KB 631ms
630ms Font
font/woff2 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to

Full URL

https://216.83.35.89/index_files/poalim-bold.afaa78f0219b396c.woff2

Requested by

Host: 216.83.35.89
URL: https://216.83.35.89/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),

Reverse DNS

Software

nginx /

Resource Hash

19ccb677bfdda6fd06d103b274f6ff209a4833cdee04e66ec186963abbed181e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://216.83.35.89/
Origin: https://216.83.35.89
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:12:58 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 31 Jul 2023 07:07:34 GMT
server: nginx
etag: "64c75db6-ae98"
content-type: font/woff2
accept-ranges: bytes
content-length: 44696

GET
H2 200 poalim-light.94c40d09d3a944c7.woff2
216.83.35.89/index_files/ 44 KB
44 KB 631ms
630ms Font
font/woff2 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to

Full URL

https://216.83.35.89/index_files/poalim-light.94c40d09d3a944c7.woff2

Requested by

Host: 216.83.35.89
URL: https://216.83.35.89/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),

Reverse DNS

Software

nginx /

Resource Hash

1acaabb6c8ee4f0d8f99c74fea90c7672195649d3c56447063a34d5299c64f7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://216.83.35.89/
Origin: https://216.83.35.89
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:12:58 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 31 Jul 2023 07:07:34 GMT
server: nginx
etag: "64c75db6-ae58"
content-type: font/woff2
accept-ranges: bytes
content-length: 44632

GET
H2 200 poalim-regular.46327a7442c79f9e.woff2
216.83.35.89/index_files/ 43 KB
44 KB 631ms
630ms Font
font/woff2 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to

Full URL

https://216.83.35.89/index_files/poalim-regular.46327a7442c79f9e.woff2

Requested by

Host: 216.83.35.89
URL: https://216.83.35.89/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),

Reverse DNS

Software

nginx /

Resource Hash

13a1b4a7b14c76d24ca6610a2eef91832e6bd23ec4751a20bccf9caedeaa2f3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://216.83.35.89/
Origin: https://216.83.35.89
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:12:58 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 31 Jul 2023 07:07:34 GMT
server: nginx
etag: "64c75db6-adc0"
content-type: font/woff2
accept-ranges: bytes
content-length: 44480

GET
H2 200 poalimsans-medium-webfont_new.67327ee7a94acf21.woff2
216.83.35.89/index_files/ 0
141 B 631ms
631ms Font
font/woff2 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to

Full URL

https://216.83.35.89/index_files/poalimsans-medium-webfont_new.67327ee7a94acf21.woff2

Requested by

Host: 216.83.35.89
URL: https://216.83.35.89/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://216.83.35.89/
Origin: https://216.83.35.89
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:12:58 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 31 Jul 2023 07:07:34 GMT
server: nginx
etag: "64c75db6-0"
content-type: font/woff2
accept-ranges: bytes
content-length: 0

GET
H2 200 logo.3346d6f0406804d7.svg
216.83.35.89/index_files/ 2 KB
2 KB 451ms
448ms Image
image/svg+xml 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://216.83.35.89/index_files/logo.3346d6f0406804d7.svg

Requested by

Host: 216.83.35.89
URL: https://216.83.35.89/index_files/styles.004a7928836ed054.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),

Reverse DNS

Software

nginx /

Resource Hash

0f39ee3bac769c1c7bcaa3013b8ae8cea45517c22aea30e572be79ac17070faf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://216.83.35.89/index_files/styles.004a7928836ed054.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:12:59 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 31 Jul 2023 06:59:34 GMT
server: nginx
etag: "64c75bd6-937"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 2359

GET
H2 200 support.d40c81f48cce7d01.svg
216.83.35.89/index_files/ 1 KB
1 KB 452ms
449ms Image
image/svg+xml 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://216.83.35.89/index_files/support.d40c81f48cce7d01.svg

Requested by

Host: 216.83.35.89
URL: https://216.83.35.89/index_files/styles.004a7928836ed054.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),

Reverse DNS

Software

nginx /

Resource Hash

acbfcf66d3385bb4d17486072edebfbbd3d247fb072344f28b02fe339301f368

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://216.83.35.89/index_files/styles.004a7928836ed054.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:12:59 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 31 Jul 2023 06:59:32 GMT
server: nginx
etag: "64c75bd4-468"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 1128

GET
H2 200 secure-account.c3be546968f82799.svg
216.83.35.89/index_files/ 902 B
1 KB 452ms
449ms Image
image/svg+xml 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://216.83.35.89/index_files/secure-account.c3be546968f82799.svg

Requested by

Host: 216.83.35.89
URL: https://216.83.35.89/index_files/styles.004a7928836ed054.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),

Reverse DNS

Software

nginx /

Resource Hash

004f2e4754fa91fc5e68cc42b43bec798e6f634a49024138eaf0821a9823a912

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://216.83.35.89/index_files/styles.004a7928836ed054.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:12:59 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 31 Jul 2023 06:59:32 GMT
server: nginx
etag: "64c75bd4-386"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 902

GET
H2 200 mistake.c8466751ff2fa3cd.svg
216.83.35.89/index_files/ 399 B
557 B 452ms
449ms Image
image/svg+xml 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://216.83.35.89/index_files/mistake.c8466751ff2fa3cd.svg

Requested by

Host: 216.83.35.89
URL: https://216.83.35.89/index_files/styles.004a7928836ed054.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),

Reverse DNS

Software

nginx /

Resource Hash

aba3c743dec5725402d16cb868f9de3d2aaa326a155f919d6c574d49d0925cc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://216.83.35.89/index_files/styles.004a7928836ed054.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:12:59 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 31 Jul 2023 06:59:34 GMT
server: nginx
etag: "64c75bd6-18f"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 399

GET
H2 200 terms.87258e67eddd0616.svg
216.83.35.89/index_files/ 494 B
651 B 453ms
451ms Image
image/svg+xml 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://216.83.35.89/index_files/terms.87258e67eddd0616.svg

Requested by

Host: 216.83.35.89
URL: https://216.83.35.89/index_files/styles.004a7928836ed054.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),

Reverse DNS

Software

nginx /

Resource Hash

34e1900f057ed5328e75081733ee773284dd1f7b0185ed6bca60460e14a26ad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://216.83.35.89/index_files/styles.004a7928836ed054.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:12:59 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 31 Jul 2023 06:59:34 GMT
server: nginx
etag: "64c75bd6-1ee"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 494

GET
H2 200 roles.a19c94d938dbd87b.svg
216.83.35.89/index_files/ 315 B
472 B 454ms
451ms Image
image/svg+xml 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://216.83.35.89/index_files/roles.a19c94d938dbd87b.svg

Requested by

Host: 216.83.35.89
URL: https://216.83.35.89/index_files/styles.004a7928836ed054.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),

Reverse DNS

Software

nginx /

Resource Hash

a1613d6529962f6aa4fffa96c826204b9e5d8d010f1330301b9347c5fdf21c00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://216.83.35.89/index_files/styles.004a7928836ed054.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:12:59 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 31 Jul 2023 06:59:32 GMT
server: nginx
etag: "64c75bd4-13b"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 315

GET
H2 200 login-bg.c481e68402934b4a.jpg
216.83.35.89/index_files/ 101 KB
102 KB 506ms
504ms Image
image/jpeg 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://216.83.35.89/index_files/login-bg.c481e68402934b4a.jpg

Requested by

Host: 216.83.35.89
URL: https://216.83.35.89/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),

Reverse DNS

Software

nginx /

Resource Hash

04b7557edbc28f452036aeb10c49a78b8ab769cfcdbb2c3fff2c01005bc0c72d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://216.83.35.89/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:12:59 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 31 Jul 2023 07:01:24 GMT
server: nginx
etag: "64c75c44-1951f"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 103711
expires: Fri, 08 Dec 2023 07:12:59 GMT

GET
H2 200 login-info.6d29c1576d501131.svg
login.bankhapoalim.co.il/ng-portals/auth/he/ 668 B
932 B 121ms
23ms Image
image/svg+xml 45.60.207.1
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.bankhapoalim.co.il/ng-portals/auth/he/login-info.6d29c1576d501131.svg

Requested by

Host: 216.83.35.89
URL: https://216.83.35.89/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.207.1 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

f97a8355f3c25f081be45a01270fe845891a688194249759ff4181f3eade2980

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://216.83.35.89/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:45:36 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Mon, 11 Sep 2023 10:24:15 GMT
etag: W/"29c-18a83c53adf"
content-type: image/svg+xml
x-iinfo: 12-93741459-93737258 2CNN RT(1699429536589 12) q(0 0 0 8) r(0 0)
cache-control: max-age=0
x-incap-sess-cookie-hdr: 6g86YCzbKWEy5YhHEebfEaA8S2UAAAAATM3DFis/bj4ViUujubmuig==
content-length: 420

GET
H2 200 eye-3.7ef89a9bc1f70eba.svg
216.83.35.89/index_files/ 575 B
733 B 761ms
760ms Image
image/svg+xml 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://216.83.35.89/index_files/eye-3.7ef89a9bc1f70eba.svg

Requested by

Host: 216.83.35.89
URL: https://216.83.35.89/index_files/styles.004a7928836ed054.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),

Reverse DNS

Software

nginx /

Resource Hash

c394c633dfae55a91df2da2c3a4e0d9bb9638fd3298ba2fae95d2980809a0683

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://216.83.35.89/index_files/styles.004a7928836ed054.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:12:59 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 31 Jul 2023 06:59:34 GMT
server: nginx
etag: "64c75bd6-23f"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 575

GET
H2 200 cookies.7e2764121ad06e19.svg
216.83.35.89/index_files/ 7 KB
7 KB 762ms
760ms Image
image/svg+xml 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://216.83.35.89/index_files/cookies.7e2764121ad06e19.svg

Requested by

Host: 216.83.35.89
URL: https://216.83.35.89/index_files/styles.004a7928836ed054.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),

Reverse DNS

Software

nginx /

Resource Hash

0b9018f0d2a3302b501d3458369e20fde74a607bbb167792b9ae8a248d736ee7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://216.83.35.89/index_files/styles.004a7928836ed054.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:12:59 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 31 Jul 2023 06:59:34 GMT
server: nginx
etag: "64c75bd6-1b37"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 6967

GET
H2 200 arrow-left-red_1.784aa4b0d9b61eb4.svg
216.83.35.89/index_files/ 584 B
742 B 762ms
761ms Image
image/svg+xml 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://216.83.35.89/index_files/arrow-left-red_1.784aa4b0d9b61eb4.svg

Requested by

Host: 216.83.35.89
URL: https://216.83.35.89/index_files/styles.004a7928836ed054.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),

Reverse DNS

Software

nginx /

Resource Hash

554dd3598b4f533e1bb5b4a23fa1026643965fb2a39f85e7aa9dd2403553c11a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://216.83.35.89/index_files/styles.004a7928836ed054.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:12:59 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 31 Jul 2023 06:59:34 GMT
server: nginx
etag: "64c75bd6-248"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 584

GET
H2 404 poalim-mobile-regular.556770fab42322eb.ttf
216.83.35.89/index_files/ 0
0 714ms
713ms Font
text/html 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to

Full URL: https://216.83.35.89/index_files/poalim-mobile-regular.556770fab42322eb.ttf
Requested by: Host: 216.83.35.89
URL: https://216.83.35.89/index_files/styles.004a7928836ed054.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://216.83.35.89/index_files/styles.004a7928836ed054.css
Origin: https://216.83.35.89
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:12:59 GMT
server: nginx
content-length: 548
content-type: text/html

GET
H2 404 poalim-mobile-light.ec4ed52c53df7bf0.ttf
216.83.35.89/index_files/ 0
0 714ms
714ms Font
text/html 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to

Full URL: https://216.83.35.89/index_files/poalim-mobile-light.ec4ed52c53df7bf0.ttf
Requested by: Host: 216.83.35.89
URL: https://216.83.35.89/index_files/styles.004a7928836ed054.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://216.83.35.89/index_files/styles.004a7928836ed054.css
Origin: https://216.83.35.89
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:12:59 GMT
server: nginx
content-length: 548
content-type: text/html

GET
H2 404 poalimsans-medium-webfont_new.e5a8cf2b0ba21640.woff
216.83.35.89/index_files/ 0
0 261ms
260ms Font
text/html 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to

Full URL: https://216.83.35.89/index_files/poalimsans-medium-webfont_new.e5a8cf2b0ba21640.woff
Requested by: Host: 216.83.35.89
URL: https://216.83.35.89/index_files/styles.004a7928836ed054.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://216.83.35.89/index_files/styles.004a7928836ed054.css
Origin: https://216.83.35.89
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:13:00 GMT
server: nginx
content-length: 548
content-type: text/html

GET
H2 404 poalimsans-medium-webfont_new.b833c5a8994deed1.ttf
216.83.35.89/index_files/ 0
0 261ms
260ms Font
text/html 216.83.35.89
BCPL-SG BGPNET Gl...

General

Check archive.org

Show headers Download Go to

Full URL: https://216.83.35.89/index_files/poalimsans-medium-webfont_new.b833c5a8994deed1.ttf
Requested by: Host: 216.83.35.89
URL: https://216.83.35.89/index_files/styles.004a7928836ed054.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 216.83.35.89 , United States, ASN64050 (BCPL-SG BGPNET Global ASN, SG),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://216.83.35.89/index_files/styles.004a7928836ed054.css
Origin: https://216.83.35.89
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:13:00 GMT
server: nginx
content-length: 548
content-type: text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank Hapoalim (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| bnhpApp

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.bankhapoalim.co.il/	1970-01-21 00:48:54	Name: visid_incap_2405249 Value: WQEmEUgbSmaT7P6kPBLbsaA8S2UAAAAAQUIPAAAAAACZF5GnbIS79mCemBFhmD4Z
			.bankhapoalim.co.il/	1969-12-31 23:59:59	Name: incap_ses_1288_2405249 Value: o6G5aA96J04y5YhHEebfEaA8S2UAAAAAvUUIb6X9fHkwz1kneXF9lA==

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://216.83.35.89/ Message: Failed to decode downloaded font: https://216.83.35.89/index_files/poalimsans-medium-webfont_new.67327ee7a94acf21.woff2
other	warning	URL: https://216.83.35.89/ Message: Failed to decode downloaded font: https://216.83.35.89/index_files/poalimsans-medium-webfont_new.67327ee7a94acf21.woff2
network	error	URL: https://216.83.35.89/index_files/poalim-mobile-regular.556770fab42322eb.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://216.83.35.89/index_files/poalim-mobile-light.ec4ed52c53df7bf0.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://216.83.35.89/index_files/poalimsans-medium-webfont_new.e5a8cf2b0ba21640.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://216.83.35.89/index_files/poalimsans-medium-webfont_new.b833c5a8994deed1.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login.bankhapoalim.co.il
216.83.35.89
45.60.207.1
004f2e4754fa91fc5e68cc42b43bec798e6f634a49024138eaf0821a9823a912
04b7557edbc28f452036aeb10c49a78b8ab769cfcdbb2c3fff2c01005bc0c72d
0b9018f0d2a3302b501d3458369e20fde74a607bbb167792b9ae8a248d736ee7
0f39ee3bac769c1c7bcaa3013b8ae8cea45517c22aea30e572be79ac17070faf
13a1b4a7b14c76d24ca6610a2eef91832e6bd23ec4751a20bccf9caedeaa2f3f
19ccb677bfdda6fd06d103b274f6ff209a4833cdee04e66ec186963abbed181e
1acaabb6c8ee4f0d8f99c74fea90c7672195649d3c56447063a34d5299c64f7c
2ede51fe68e8a2726e60309e9af28ce18d40ca7efb19de40641d5d66584d0f31
34e1900f057ed5328e75081733ee773284dd1f7b0185ed6bca60460e14a26ad3
480ff73391b9081d153cdb98bf515248d0b940dbb88713e9bb9e59836ce4daa2
554dd3598b4f533e1bb5b4a23fa1026643965fb2a39f85e7aa9dd2403553c11a
a1613d6529962f6aa4fffa96c826204b9e5d8d010f1330301b9347c5fdf21c00
aba3c743dec5725402d16cb868f9de3d2aaa326a155f919d6c574d49d0925cc8
acbfcf66d3385bb4d17486072edebfbbd3d247fb072344f28b02fe339301f368
c394c633dfae55a91df2da2c3a4e0d9bb9638fd3298ba2fae95d2980809a0683
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f97a8355f3c25f081be45a01270fe845891a688194249759ff4181f3eade2980

216.83.35.89 Open in urlscan Pro 216.83.35.89 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

21 Requests

5 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

337 kBTransfer

628 kBSize

2 Cookies

1 Outgoing links

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

2 Cookies

6 Console Messages

Security Headers

Indicators

216.83.35.89 Open in urlscan Pro
216.83.35.89 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

5 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

337 kB
Transfer

628 kB
Size

2
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!