www.approvedaeronautics.com
Open in
urlscan Pro
143.95.79.237
Malicious Activity!
Public Scan
URL:
http://www.approvedaeronautics.com/secure.bankalhabib.com/T001/accDetails.php?r=2EE7C64B-C228-F24A-F1B8-D5D35F5A4D43
Submission: On August 23 via automatic, source openphish
Submission: On August 23 via automatic, source openphish
Summary
This website contacted 5 IPs
in 3 countries
across 4 domains to perform 17 HTTP transactions.
The main IP is 143.95.79.237, located in
Los Angeles, United States and
belongs to COLO4-CO - Colo4, LLC, US.
The main domain is www.approvedaeronautics.com.
This is the only time www.approvedaeronautics.com was scanned on urlscan.io!
This is the only time www.approvedaeronautics.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bank AL Habib (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 3 | 143.95.79.237 143.95.79.237 | 36024 (COLO4-CO) (COLO4-CO - Colo4) | |
| 8 | 117.20.16.130 117.20.16.130 | 38193 (TWA-AS-AP...) (TWA-AS-AP Transworld Associates (Pvt.) Ltd.) | |
| 1 | 2a03:2880:f01... 2a03:2880:f011:8:face:b00c:0:1 | 32934 (FACEBOOK) (FACEBOOK - Facebook) | |
| 2 | 2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK - Facebook) | |
| 17 | 5 |
3
143.95.79.237
(Los Angeles, United States)
ASN36024 (COLO4-CO - Colo4, LLC, US)
PTR: ip-143-95-79-237.iplocal
ASN36024 (COLO4-CO - Colo4, LLC, US)
PTR: ip-143-95-79-237.iplocal
| www.approvedaeronautics.com |
8
117.20.16.130
(Karachi, Pakistan)
ASN38193 (TWA-AS-AP Transworld Associates (Pvt.) Ltd., PK)
PTR: tw16-static130.tw1.com
ASN38193 (TWA-AS-AP Transworld Associates (Pvt.) Ltd., PK)
PTR: tw16-static130.tw1.com
| secure.bankalhabib.com |
1
2a03:2880:f011:8:face:b00c:0:1
(Ireland)
ASN32934 (FACEBOOK - Facebook, Inc., US)
ASN32934 (FACEBOOK - Facebook, Inc., US)
| connect.facebook.net |
2
2a03:2880:f11c:8183:face:b00c:0:25de
(Ireland)
ASN32934 (FACEBOOK - Facebook, Inc., US)
ASN32934 (FACEBOOK - Facebook, Inc., US)
| www.facebook.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 8 |
bankalhabib.com
secure.bankalhabib.com |
2 MB |
| 3 |
approvedaeronautics.com
www.approvedaeronautics.com |
17 KB |
| 2 |
facebook.com
www.facebook.com staticxx.facebook.com Failed |
141 B |
| 1 |
facebook.net
connect.facebook.net |
60 KB |
| 17 | 4 |
| Domain | Requested by | |
|---|---|---|
| 8 | secure.bankalhabib.com |
www.approvedaeronautics.com
secure.bankalhabib.com |
| 3 | www.approvedaeronautics.com |
www.approvedaeronautics.com
|
| 2 | www.facebook.com |
www.approvedaeronautics.com
|
| 1 | connect.facebook.net |
www.approvedaeronautics.com
|
| 0 | staticxx.facebook.com Failed |
www.approvedaeronautics.com
connect.facebook.net |
| 17 | 5 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| secure.bankalhabib.com Symantec Class 3 EV SSL CA - G3 |
2017-02-28 - 2019-04-29 |
2 years | crt.sh |
| *.facebook.com DigiCert SHA2 High Assurance Server CA |
2016-12-09 - 2018-01-25 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
http://www.approvedaeronautics.com/secure.bankalhabib.com/T001/accDetails.php?r=2EE7C64B-C228-F24A-F1B8-D5D35F5A4D43
Frame ID: 26126.1
Requests: 22 HTTP requests in this frame
Frame:
https://staticxx.facebook.com/connect/xd_arbiter/r/0sTQzbapM8j.js?version=42
Frame ID: 26126.2
Requests: 1 HTTP requests in this frame
Frame:
https://staticxx.facebook.com/connect/xd_arbiter/r/0sTQzbapM8j.js?version=42
Frame ID: 26126.3
Requests: 1 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request 18- http://connect.facebook.net/en_US/all.js
- https://connect.facebook.net/en_US/all.js
- http://staticxx.facebook.com/connect/xd_arbiter/r/0sTQzbapM8j.js?version=42
- https://staticxx.facebook.com/connect/xd_arbiter/r/0sTQzbapM8j.js?version=42
17 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
accDetails.php
www.approvedaeronautics.com/secure.bankalhabib.com/T001/ |
45 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
banking.uri.css
secure.bankalhabib.com/T001/css/cmn/ |
2 MB 1 MB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
scrollbars.uri.css
secure.bankalhabib.com/T001/css/C_COLPAL1/ |
1 KB 286 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
virtualkeyboard.uri.css
secure.bankalhabib.com/T001/css/cmn/ |
2 KB 478 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-includes.js
secure.bankalhabib.com/T001/JS/combined/ |
601 KB 156 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
common.js
secure.bankalhabib.com/T001/jsdir/ |
29 KB 7 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
virtualkeyboard.js
secure.bankalhabib.com/T001/jsdir/ |
8 KB 2 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
rsa_compiled.js
secure.bankalhabib.com/T001/jsdir/ |
8 KB 3 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fb.js
secure.bankalhabib.com/T001/jsdir/ |
18 KB 5 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-includes.js
www.approvedaeronautics.com/secure.bankalhabib.com/T001/JS/combined/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
Roboto-Light.ttf
secure.bankalhabib.com/T001/css/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-includes.js
www.approvedaeronautics.com/secure.bankalhabib.com/T001/JS/combined/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
34 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
all.js
connect.facebook.net/en_US/ Redirect Chain
|
197 KB 60 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
/
www.facebook.com/impression.php/f323a97939bd434/ |
43 B 66 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
/
www.facebook.com/impression.php/fb33f2d947bbb4/ |
43 B 75 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
0sTQzbapM8j.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame 2612 Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
0sTQzbapM8j.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame 2612 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- secure.bankalhabib.com
- URL
- https://secure.bankalhabib.com/T001/css/fonts/Roboto-Light.ttf
- Domain
- staticxx.facebook.com
- URL
- https://staticxx.facebook.com/connect/xd_arbiter/r/0sTQzbapM8j.js?version=42
- Domain
- staticxx.facebook.com
- URL
- https://staticxx.facebook.com/connect/xd_arbiter/r/0sTQzbapM8j.js?version=42
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bank AL Habib (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
connect.facebook.net
secure.bankalhabib.com
staticxx.facebook.com
www.approvedaeronautics.com
www.facebook.com
secure.bankalhabib.com
staticxx.facebook.com
117.20.16.130
143.95.79.237
2a03:2880:f011:8:face:b00c:0:1
2a03:2880:f11c:8183:face:b00c:0:25de
02ea0a3ed0a6bf974462db9bc4767cb95e72a81b59e2d54bab7ce54fa1fb94e8
083a3c65e8f133d5b5da9b387ea4cc969cb90d231656ac219ea16fb0bb02b9d1
0da176a4b1c07f0353e61f30f14f72f7cd21c9f3963fbd528696fe220030cf79
0e46f5023a6287cb88deb4ec543e02068df3865476dbd0882c0bb682d8fe2993
1d1c77ff50644be5493cce781cdbecf8d084d9f1b9f725f374192168dcbc75e5
224cb317b3d31f58294b6523f37c28c99dc3e20cd92e7c8e4e77a59482fb5ba1
39eb514373689012a877cd1d0ec94b7270aa15405806af7edb28867ad54e588f
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
6508db97988c4a25313e365e68888da188ce91d22632cfd81e26a49df2f9c6c0
66b9c89e4d1f070ffeddfe9c208b3aaf80c71affcd1116c7f40089f40c726058
6c6110aa4b4b4f75a42a46460aced12ddcd8d74a1a616e35658c70fac152e710
7400cbe9cfc2749338143d4af4a9719ae4d1c55b2d50895d6af628a313314606
8cb6fffac123f5a2fc50057967748c48cb102509f2bf08fc2b3f2005732aafac
974c7c5fdb37d035d4e4a1e5ff4671e38e6a4673608c4c04fe150231518b8cae
c6321e185451cf74042315f177605e6aecd14e03513533c2e5d3d24738a76abd
cef637b6200f4e367f1999982dba8c572b3b2e7a1e64fa6bd9059455a7ae8669
d23db1895d52ad4414f1979bb66a947ed7950953f16ca276a6c8f2d1ac3bcde2
d3ea4ce324f9aac0545af8d2805e0a56f09d71237f91c0e0aeb1c01e396aa618