urlscan.io logo urlscan.io
SecurityTrails logo

fitnfab.in Open in urlscan Pro
151.139.243.10  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://fitnfab.in/securedboa/bankofamerica/step3.php
Submission Tags: @ipnigh
Submission: On October 08 via api from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 17 HTTP transactions. The main IP is 151.139.243.10, located in Dallas, United States and belongs to HIGHWINDS2 - Highwinds Network Group, Inc., US. The main domain is fitnfab.in.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 29th 2019. Valid for: a year.
This is the only time fitnfab.in was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

IP Address AS Autonomous System
15 151.139.243.10 33438 (HIGHWINDS2)
1 2.20.21.198 20940 (AKAMAI-ASN1)
1 104.109.78.72 20940 (AKAMAI-ASN1)
17 3
Apex Domain
Subdomains		 Transfer
15 fitnfab.in
fitnfab.in
65 KB
1 secureserver.net
img.secureserver.net
631 B
1 wsimg.com
img1.wsimg.com
5 KB
17 3
Domain Requested by
15 fitnfab.in fitnfab.in
1 img.secureserver.net
1 img1.wsimg.com fitnfab.in
17 3

This site contains no links.

Subject Issuer Validity Valid
fitnfab.in
Sectigo RSA Domain Validation Secure Server CA		 2019-05-29 -
2020-05-28		 a year crt.sh
*.wsimg.com
Starfield Secure Certificate Authority - G2		 2018-09-25 -
2020-09-25		 2 years crt.sh
*.secureserver.net
Starfield Secure Certificate Authority - G2		 2016-11-01 -
2019-11-01		 3 years crt.sh

This page contains 2 frames:

Primary Page: https://fitnfab.in/securedboa/bankofamerica/step3.php
Frame ID: 528CEB1EC1D5C24E86305C90A0EA4D1E
Requests: 14 HTTP requests in this frame

Frame: https://fitnfab.in/sbbi/?sbbpg=sbbShell&gprid=Kh
Frame ID: 86ACFC53929C7F648C6634F4B0304CDB
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

70 kB
Transfer

112 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request step3.php
fitnfab.in/securedboa/bankofamerica/ 		21 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fitnfab.in/securedboa/bankofamerica/step3.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.243.10 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
nginx / PHP/7.2.20
Resource Hash
3aaf6382202cfacab4f26379f33994e1efdcd9839638b3626fd070077ba352b4

Request headers

:method
GET
:authority
fitnfab.in
:scheme
https
:path
/securedboa/bankofamerica/step3.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
server
nginx
date
Tue, 08 Oct 2019 00:19:42 GMT
content-type
text/html; charset=UTF-8
set-cookie
SPSI=18e32236951f0eaaf722b8c9ac214664; Path=/ spcsrf=289ff4c08a96520d33ffd5905a36a0c2; Expires=Tue, 08-Oct-19 02:19:41 GMT; Path=/; HttpOnly; SameSite=Strict adOtr=obsvl; Expires=Thu, 2 Aug 2001 20:47:11 UTC; Path=/ UTGv2=D-h432a3c9b1db95ab07db90dd39db019ebd55; Expires=Wed, 07-Oct-20 00:19:41 GMT; Path=/ sp_lit=q9VTehecojar7ihN1mmDKw==; Expires=Tue, 08-Oct-19 00:24:42 GMT; Path=/; HttpOnly; SameSite=Strict
x-powered-by
PHP/7.2.20
vary
Accept-Encoding,User-Agent
cache-control
private
content-encoding
gzip
x-cache
MISS
accept-ranges
bytes
k2.png
fitnfab.in/securedboa/bankofamerica/images/ 		355 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fitnfab.in/securedboa/bankofamerica/images/k2.png
Requested by
Host: fitnfab.in
URL: https://fitnfab.in/securedboa/bankofamerica/step3.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.243.10 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
6fc9410fd9e25e08f8f7bedb8904b3538578d4bd7b56a3ee4001ebe4ffb0f5f4

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fitnfab.in/securedboa/bankofamerica/step3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
404
date
Tue, 08 Oct 2019 00:19:42 GMT
cache-control
private
server
nginx
content-length
355
x-cache
MISS
content-type
text/html; charset=iso-8859-1
b8.png
fitnfab.in/securedboa/bankofamerica/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fitnfab.in/securedboa/bankofamerica/images/b8.png
Requested by
Host: fitnfab.in
URL: https://fitnfab.in/securedboa/bankofamerica/step3.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.243.10 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
13d52d8aa36cb38261ad4dbe587869ed3c31c7af7d62bc7239e01acc68b687bb

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fitnfab.in/securedboa/bankofamerica/step3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 00:19:42 GMT
last-modified
Fri, 28 Jun 2019 04:38:14 GMT
server
nginx
etag
"cca127f-5e4-58c5ad8b15980"
x-cache
HIT
content-type
image/png
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
1508
expires
Wed, 09 Oct 2019 00:19:42 GMT
bo28.png
fitnfab.in/securedboa/bankofamerica/images/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fitnfab.in/securedboa/bankofamerica/images/bo28.png
Requested by
Host: fitnfab.in
URL: https://fitnfab.in/securedboa/bankofamerica/step3.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.243.10 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
165effc61cb51e8b81ebb94897a29f10cd4577215f565b481d39b4e679bb4676

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fitnfab.in/securedboa/bankofamerica/step3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 00:19:42 GMT
last-modified
Fri, 28 Jun 2019 04:38:14 GMT
server
nginx
etag
"cca1285-2217-58c5ad8b15980"
x-cache
HIT
content-type
image/png
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
8727
expires
Wed, 09 Oct 2019 00:19:42 GMT
bo29.png
fitnfab.in/securedboa/bankofamerica/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fitnfab.in/securedboa/bankofamerica/images/bo29.png
Requested by
Host: fitnfab.in
URL: https://fitnfab.in/securedboa/bankofamerica/step3.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.243.10 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
3f30a8aab972b0b808073478b3fc31648e60731750064d638445d8ad4ff63bc3

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fitnfab.in/securedboa/bankofamerica/step3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 00:19:42 GMT
last-modified
Fri, 28 Jun 2019 04:38:14 GMT
server
nginx
etag
"cca1286-429-58c5ad8b15980"
x-cache
HIT
content-type
image/png
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
1065
expires
Wed, 09 Oct 2019 00:19:42 GMT
b7.png
fitnfab.in/securedboa/bankofamerica/images/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fitnfab.in/securedboa/bankofamerica/images/b7.png
Requested by
Host: fitnfab.in
URL: https://fitnfab.in/securedboa/bankofamerica/step3.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.243.10 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
44f9fcdaf0581ddbb603c540f544773de770ced3444d0af611705a7dedc6cdfc

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fitnfab.in/securedboa/bankofamerica/step3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 00:19:42 GMT
last-modified
Fri, 28 Jun 2019 04:38:14 GMT
server
nginx
etag
"cca127e-2483-58c5ad8b15980"
x-cache
HIT
content-type
image/png
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
9347
expires
Wed, 09 Oct 2019 00:19:42 GMT
b9.png
fitnfab.in/securedboa/bankofamerica/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fitnfab.in/securedboa/bankofamerica/images/b9.png
Requested by
Host: fitnfab.in
URL: https://fitnfab.in/securedboa/bankofamerica/step3.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.243.10 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
d32527a3374bdd83ee998af5f6242651354d5d0091bb4f83dcf2b808be5b1841

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fitnfab.in/securedboa/bankofamerica/step3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 00:19:42 GMT
last-modified
Fri, 28 Jun 2019 04:38:14 GMT
server
nginx
etag
"cca1280-cba-58c5ad8b15980"
x-cache
HIT
content-type
image/png
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
3258
expires
Wed, 09 Oct 2019 00:19:42 GMT
b10.png
fitnfab.in/securedboa/bankofamerica/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fitnfab.in/securedboa/bankofamerica/images/b10.png
Requested by
Host: fitnfab.in
URL: https://fitnfab.in/securedboa/bankofamerica/step3.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.243.10 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
66b07bc89b7918c6f31fb5b3504a2b182a62560f070c7af878beb8aa407b8bbf

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fitnfab.in/securedboa/bankofamerica/step3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 00:19:42 GMT
last-modified
Fri, 28 Jun 2019 04:38:14 GMT
server
nginx
etag
"cca127a-4bc-58c5ad8b15980"
x-cache
HIT
content-type
image/png
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
1212
expires
Wed, 09 Oct 2019 00:19:42 GMT
r1.png
fitnfab.in/securedboa/bankofamerica/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fitnfab.in/securedboa/bankofamerica/images/r1.png
Requested by
Host: fitnfab.in
URL: https://fitnfab.in/securedboa/bankofamerica/step3.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.243.10 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
f9106fe08a5265a140a369470d6212418e9420e1b9af1f08ea0d402ad587f817

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fitnfab.in/securedboa/bankofamerica/step3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 00:19:42 GMT
last-modified
Fri, 28 Jun 2019 04:38:14 GMT
server
nginx
etag
"cca12a2-1459-58c5ad8b15980"
x-cache
HIT
content-type
image/png
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
5209
expires
Wed, 09 Oct 2019 00:19:42 GMT
r2.png
fitnfab.in/securedboa/bankofamerica/images/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fitnfab.in/securedboa/bankofamerica/images/r2.png
Requested by
Host: fitnfab.in
URL: https://fitnfab.in/securedboa/bankofamerica/step3.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.243.10 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
411048c04907015a04f8d913f1f5f57a26dbf7ec719a82d9ef07cfd604eef4ee

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fitnfab.in/securedboa/bankofamerica/step3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 00:19:42 GMT
last-modified
Fri, 28 Jun 2019 04:38:14 GMT
server
nginx
etag
"cca12a3-1acf-58c5ad8b15980"
x-cache
HIT
content-type
image/png
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
6863
expires
Wed, 09 Oct 2019 00:19:42 GMT
cnf.png
fitnfab.in/securedboa/bankofamerica/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fitnfab.in/securedboa/bankofamerica/images/cnf.png
Requested by
Host: fitnfab.in
URL: https://fitnfab.in/securedboa/bankofamerica/step3.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.243.10 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
40784ccba851d649ae89f757b9768bbfbb63345ba70266c1d87be61cf4e9e9a9

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fitnfab.in/securedboa/bankofamerica/step3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 00:19:42 GMT
last-modified
Fri, 28 Jun 2019 04:38:14 GMT
server
nginx
etag
"cca128a-4a9-58c5ad8b15980"
x-cache
HIT
content-type
image/png
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
1193
expires
Wed, 09 Oct 2019 00:19:42 GMT
tcc_l.combined.1.0.6.min.js
img1.wsimg.com/tcc/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js
Requested by
Host: fitnfab.in
URL: https://fitnfab.in/securedboa/bankofamerica/step3.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.21.198 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-20-21-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
aa5c1ec4d2ea00eb517eadeb3b65e55b577b7a5ed42d7c2611d15d9050c18350

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fitnfab.in/securedboa/bankofamerica/step3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 00:19:42 GMT
content-encoding
gzip
last-modified
Fri, 31 Mar 2017 16:26:41 GMT
status
200
etag
"52ef5c943baad21:0"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
content-length
4564
expires
Wed, 07 Oct 2020 00:19:42 GMT
/
fitnfab.in/sbbi/ Frame 86AC 		35 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fitnfab.in/sbbi/?sbbpg=sbbShell&gprid=Kh&sbbgs=h432a3c9b1db95ab07db90dd39db019ebd55&ddl=1
Requested by
Host: fitnfab.in
URL: https://fitnfab.in/securedboa/bankofamerica/step3.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.243.10 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
d7d1fbd4a2f7f719edffa8ff93ebef1433d4520badab743900f0af3b0c86d3d3

Request headers

:method
GET
:authority
fitnfab.in
:scheme
https
:path
/sbbi/?sbbpg=sbbShell&gprid=Kh&sbbgs=h432a3c9b1db95ab07db90dd39db019ebd55&ddl=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
same-origin
referer
https://fitnfab.in/securedboa/bankofamerica/step3.php
accept-encoding
gzip, deflate, br
cookie
SPSI=18e32236951f0eaaf722b8c9ac214664; spcsrf=289ff4c08a96520d33ffd5905a36a0c2; sp_lit=q9VTehecojar7ihN1mmDKw==; PRLST=Kh; UTGv2=h432a3c9b1db95ab07db90dd39db019ebd55
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://fitnfab.in/securedboa/bankofamerica/step3.php

Response headers

status
200
server
nginx
date
Tue, 08 Oct 2019 00:19:42 GMT
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding
gzip
vary
Accept-Encoding
x-cache
MISS
accept-ranges
bytes
/
fitnfab.in/sbbi/ 		43 B
214 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fitnfab.in/sbbi/?sbbpg=utMedia&vii=1h84e3322a233c699b511dfb09e5aaabf0772d2bb980cd9da3c92d1b4061694esbmdp5z5
Requested by
Host: fitnfab.in
URL: https://fitnfab.in/securedboa/bankofamerica/step3.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.243.10 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fitnfab.in/securedboa/bankofamerica/step3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 00:19:42 GMT
server
nginx
x-cache
MISS
content-type
image/gif
status
200
cache-control
no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
accept-ranges
bytes
content-length
43
/
fitnfab.in/sbbi/ Frame 86AC 		516 B
552 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fitnfab.in/sbbi/?sbbpg=sbbShell&gprid=Kh&sbbgs=h432a3c9b1db95ab07db90dd39db019ebd55&ddl=1
Requested by
Host: fitnfab.in
URL: https://fitnfab.in/sbbi/?sbbpg=sbbShell&gprid=Kh&sbbgs=h432a3c9b1db95ab07db90dd39db019ebd55&ddl=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.243.10 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
d155160aea288964eebe06a362795ab879ed657ca75f7ca60d5a1c8e9fe05d7b

Request headers

:method
POST
:authority
fitnfab.in
:scheme
https
:path
/sbbi/?sbbpg=sbbShell&gprid=Kh&sbbgs=h432a3c9b1db95ab07db90dd39db019ebd55&ddl=1
content-length
469
pragma
no-cache
cache-control
no-cache
origin
https://fitnfab.in
upgrade-insecure-requests
1
content-type
application/x-www-form-urlencoded
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
same-origin
referer
https://fitnfab.in/sbbi/?sbbpg=sbbShell&gprid=Kh&sbbgs=h432a3c9b1db95ab07db90dd39db019ebd55&ddl=1
accept-encoding
gzip, deflate, br
cookie
SPSI=18e32236951f0eaaf722b8c9ac214664; spcsrf=289ff4c08a96520d33ffd5905a36a0c2; sp_lit=q9VTehecojar7ihN1mmDKw==; PRLST=Kh; UTGv2=h432a3c9b1db95ab07db90dd39db019ebd55; adOtr=238216e9315
Origin
https://fitnfab.in
Upgrade-Insecure-Requests
1
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://fitnfab.in/sbbi/?sbbpg=sbbShell&gprid=Kh&sbbgs=h432a3c9b1db95ab07db90dd39db019ebd55&ddl=1

Response headers

status
200
server
nginx
date
Tue, 08 Oct 2019 00:19:42 GMT
content-type
text/html; charset=UTF-8
content-length
334
cache-control
no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding
gzip
vary
Accept-Encoding
x-cache
MISS
accept-ranges
bytes
/
fitnfab.in/sbbi/ Frame 86AC 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fitnfab.in/sbbi/?sbbpg=sbbShell&gprid=Kh
Requested by
Host: fitnfab.in
URL: https://fitnfab.in/sbbi/?sbbpg=sbbShell&gprid=Kh&sbbgs=h432a3c9b1db95ab07db90dd39db019ebd55&ddl=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.243.10 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
eabdebf659809444f4829669d373cece9d12e80d13f54eec73055c7e41d0c35d

Request headers

:method
GET
:authority
fitnfab.in
:scheme
https
:path
/sbbi/?sbbpg=sbbShell&gprid=Kh
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
same-origin
referer
https://fitnfab.in/sbbi/?sbbpg=sbbShell&gprid=Kh&sbbgs=h432a3c9b1db95ab07db90dd39db019ebd55&ddl=1
accept-encoding
gzip, deflate, br
cookie
SPSI=18e32236951f0eaaf722b8c9ac214664; spcsrf=289ff4c08a96520d33ffd5905a36a0c2; sp_lit=q9VTehecojar7ihN1mmDKw==; PRLST=Kh; UTGv2=h432a3c9b1db95ab07db90dd39db019ebd55; adOtr=238216e9315
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://fitnfab.in/sbbi/?sbbpg=sbbShell&gprid=Kh&sbbgs=h432a3c9b1db95ab07db90dd39db019ebd55&ddl=1

Response headers

status
200
server
nginx
date
Tue, 08 Oct 2019 00:19:42 GMT
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding
gzip
vary
Accept-Encoding
x-cache
MISS
accept-ranges
bytes
event
img.secureserver.net/t/1/tl/ 		43 B
631 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.secureserver.net/t/1/tl/event?cts=1570493983039&tce=1570493981383&tcs=1570493981383&tdc=1570493982837&tdclee=1570493982200&tdcles=1570493982200&tdi=1570493982200&tdl=1570493982080&tdle=1570493981383&tdls=1570493981383&tfs=1570493981383&tns=1570493981383&trqs=1570493981384&tre=1570493982072&trps=1570493982070&tles=1570493982837&tlee=1570493982838&ht=perf&dh=fitnfab.in&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&vci=2112740477&cv=1.0.6&z=983777573&vg=22010c1f-3040-4f84-b652-02fa7cf6a949&vtg=22010c1f-3040-4f84-b652-02fa7cf6a949&ap=cpsh&trfd=%7B%22cts%22%3A1570493982199%2C%22tccl.baseHost%22%3A%22secureserver.net%22%2C%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22sg3plcpnl0063%22%7D&dp=%2Fsecuredboa%2Fbankofamerica%2Fstep3.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.78.72 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-78-72.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fitnfab.in/securedboa/bankofamerica/step3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Date
Tue, 08 Oct 2019 00:19:43 GMT
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET, PUT, POST, DELETE, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
https://fitnfab.in, *
Access-Control-Max-Age
1000
Cache-Control
private
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
43
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate string| sbbvscc string| sbbgscc function| genPid function| nsbbfetch function| sbbgc function| addmg function| addprid function| sbbeccf function| m2vr function| sbbls string| y string| x string| gprid object| sbbeccfi string| sbbgs object| _trfd function| tcg function| tcp object| perfhandler object| TCCTracker object| _trfq object| true number| lX number| lY string| csr object| otr object| cnv string| lk__ function| setUGEvals number| tt number| sbbtstflgsbbhbka boolean| sbbhbka boolean| sbrmp

6 Cookies

Domain/Path Name / Value
fitnfab.in/ Name: PRLST
Value: Kh
fitnfab.in/ Name: adOtr
Value: 238216e9315
fitnfab.in/ Name: sp_lit
Value: q9VTehecojar7ihN1mmDKw==
fitnfab.in/ Name: spcsrf
Value: 289ff4c08a96520d33ffd5905a36a0c2
fitnfab.in/ Name: UTGv2
Value: h432a3c9b1db95ab07db90dd39db019ebd55
fitnfab.in/ Name: SPSI
Value: 18e32236951f0eaaf722b8c9ac214664