fitnfab.in
Open in
urlscan Pro
151.139.243.10
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On October 08 via api from GB
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 29th 2019. Valid for: a year.
This is the only time fitnfab.in was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bank of America (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
15 | 151.139.243.10 151.139.243.10 | 33438 (HIGHWINDS2) (HIGHWINDS2 - Highwinds Network Group) | |
1 | 2.20.21.198 2.20.21.198 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 104.109.78.72 104.109.78.72 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
17 | 3 |
ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)
fitnfab.in |
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-20-21-198.deploy.static.akamaitechnologies.com
img1.wsimg.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-78-72.deploy.static.akamaitechnologies.com
img.secureserver.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
fitnfab.in
fitnfab.in |
65 KB |
1 |
secureserver.net
img.secureserver.net |
631 B |
1 |
wsimg.com
img1.wsimg.com |
5 KB |
17 | 3 |
Domain | Requested by | |
---|---|---|
15 | fitnfab.in |
fitnfab.in
|
1 | img.secureserver.net | |
1 | img1.wsimg.com |
fitnfab.in
|
17 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
fitnfab.in Sectigo RSA Domain Validation Secure Server CA |
2019-05-29 - 2020-05-28 |
a year | crt.sh |
*.wsimg.com Starfield Secure Certificate Authority - G2 |
2018-09-25 - 2020-09-25 |
2 years | crt.sh |
*.secureserver.net Starfield Secure Certificate Authority - G2 |
2016-11-01 - 2019-11-01 |
3 years | crt.sh |
This page contains 2 frames:
Primary Page:
https://fitnfab.in/securedboa/bankofamerica/step3.php
Frame ID: 528CEB1EC1D5C24E86305C90A0EA4D1E
Requests: 14 HTTP requests in this frame
Frame:
https://fitnfab.in/sbbi/?sbbpg=sbbShell&gprid=Kh
Frame ID: 86ACFC53929C7F648C6634F4B0304CDB
Requests: 3 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
step3.php
fitnfab.in/securedboa/bankofamerica/ |
21 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
k2.png
fitnfab.in/securedboa/bankofamerica/images/ |
355 B 355 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b8.png
fitnfab.in/securedboa/bankofamerica/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bo28.png
fitnfab.in/securedboa/bankofamerica/images/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bo29.png
fitnfab.in/securedboa/bankofamerica/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b7.png
fitnfab.in/securedboa/bankofamerica/images/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b9.png
fitnfab.in/securedboa/bankofamerica/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b10.png
fitnfab.in/securedboa/bankofamerica/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
r1.png
fitnfab.in/securedboa/bankofamerica/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
r2.png
fitnfab.in/securedboa/bankofamerica/images/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cnf.png
fitnfab.in/securedboa/bankofamerica/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tcc_l.combined.1.0.6.min.js
img1.wsimg.com/tcc/ |
12 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
fitnfab.in/sbbi/ Frame 86AC |
35 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
fitnfab.in/sbbi/ |
43 B 214 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
fitnfab.in/sbbi/ Frame 86AC |
516 B 552 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
fitnfab.in/sbbi/ Frame 86AC |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
event
img.secureserver.net/t/1/tl/ |
43 B 631 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bank of America (Banking)35 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate string| sbbvscc string| sbbgscc function| genPid function| nsbbfetch function| sbbgc function| addmg function| addprid function| sbbeccf function| m2vr function| sbbls string| y string| x string| gprid object| sbbeccfi string| sbbgs object| _trfd function| tcg function| tcp object| perfhandler object| TCCTracker object| _trfq object| true number| lX number| lY string| csr object| otr object| cnv string| lk__ function| setUGEvals number| tt number| sbbtstflgsbbhbka boolean| sbbhbka boolean| sbrmp6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
fitnfab.in/ | Name: PRLST Value: Kh |
|
fitnfab.in/ | Name: adOtr Value: 238216e9315 |
|
fitnfab.in/ | Name: sp_lit Value: q9VTehecojar7ihN1mmDKw== |
|
fitnfab.in/ | Name: spcsrf Value: 289ff4c08a96520d33ffd5905a36a0c2 |
|
fitnfab.in/ | Name: UTGv2 Value: h432a3c9b1db95ab07db90dd39db019ebd55 |
|
fitnfab.in/ | Name: SPSI Value: 18e32236951f0eaaf722b8c9ac214664 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fitnfab.in
img.secureserver.net
img1.wsimg.com
104.109.78.72
151.139.243.10
2.20.21.198
13d52d8aa36cb38261ad4dbe587869ed3c31c7af7d62bc7239e01acc68b687bb
165effc61cb51e8b81ebb94897a29f10cd4577215f565b481d39b4e679bb4676
3aaf6382202cfacab4f26379f33994e1efdcd9839638b3626fd070077ba352b4
3f30a8aab972b0b808073478b3fc31648e60731750064d638445d8ad4ff63bc3
40784ccba851d649ae89f757b9768bbfbb63345ba70266c1d87be61cf4e9e9a9
411048c04907015a04f8d913f1f5f57a26dbf7ec719a82d9ef07cfd604eef4ee
44f9fcdaf0581ddbb603c540f544773de770ced3444d0af611705a7dedc6cdfc
66b07bc89b7918c6f31fb5b3504a2b182a62560f070c7af878beb8aa407b8bbf
6fc9410fd9e25e08f8f7bedb8904b3538578d4bd7b56a3ee4001ebe4ffb0f5f4
aa5c1ec4d2ea00eb517eadeb3b65e55b577b7a5ed42d7c2611d15d9050c18350
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
d155160aea288964eebe06a362795ab879ed657ca75f7ca60d5a1c8e9fe05d7b
d32527a3374bdd83ee998af5f6242651354d5d0091bb4f83dcf2b808be5b1841
d7d1fbd4a2f7f719edffa8ff93ebef1433d4520badab743900f0af3b0c86d3d3
eabdebf659809444f4829669d373cece9d12e80d13f54eec73055c7e41d0c35d
f9106fe08a5265a140a369470d6212418e9420e1b9af1f08ea0d402ad587f817