SafeMode - Analysis: ibank.fedbonline.com

Captura Visual

No screenshot available

Información de Detección

https://ibank.fedbonline.com

Detected Brand

Federal Bank

Country

USA

Confianza

100%

HTTP Status

200

Report ID

8b9c792d-8d0…

Analyzed

2026-01-26 10:38

Final URL (after redirects)

https://ibank.fedbonline.com/

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T19A63443C63C0563550CB87F2E5949F2AD29DCBDADB27AD8BF2ACC247178AC458F51260
CONTENT ssdeep	768:hzwFf/qPtZebfXHwo4xBg28lsFx1v3PZuGEWbDDTNeLwBo:sfSPlHx1v3PfEWbho

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	a9afd0b2c2ead2d0
VISUAL aHash	ff0b0b1303030100
VISUAL dHash	dbd7d3d3d7d79b90
VISUAL wHash	ff1b1b3b1303035a
VISUAL colorHash	07600008040
VISUAL cropResistant	6bdfd3d3f3d7d7b3,2040838b73a36393,dfd3d3f3d7d39a90

Análisis de Código

Risk Score 82/100

Nivel de Amenaza BAJO

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Portal de banca en línea potencialmente no deseado.
• Objetivo: Clientes de Federal Bank.
• Método: El sitio web solicita a los usuarios que inicien sesión o abran una cuenta.
• Exfil: Desconocido, se necesita un análisis más profundo de JavaScript para confirmar la exfiltración de datos.
• Indicadores: El nombre de dominio contiene una variación del nombre de la marca, JavaScript ofuscado y envío de formularios Javascript.
• Riesgo: BAJO - Requiere un análisis más profundo del comportamiento del sitio web para confirmar la intención maliciosa.

🔒 Obfuscation Detected

fromCharCode
hex_escape
unicode_escape
base64_strings

🎯 Kit Endpoints

https://ibank.fedbonline.com/login
https://ibank.fedbonline.com/verify
https://ibank.fedbonline.com/send-money

📡 API Calls Detected

https://libretranslate.com/translate
GET

📊 Desglose de Puntuación de Riesgo

Total Risk Score

100/100

Contributing Factors

Active Phishing Kit

Detected multiple phishing kit types: Credential Harvester, OTP Stealer, Card Stealer, and Banking-specific modules.

Brand Impersonation

Domain ibank.fedbonline.com closely mimics Federal Bank's official branding, targeting Banking customers.

Obfuscation

61 obfuscation techniques detected in loader.js, indicating evasion of static analysis.

Malicious JavaScript

Loader.js (0.5 MB) contains obfuscated code, likely for credential interception or exfiltration.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Banking Credential Harvester

Objetivo

Federal Bank users (USA)

Método de Ataque

obfuscated JavaScript

Canal de Exfiltración

Unknown

Evaluación de Riesgo

CRITICAL - Automated credential harvesting with Unknown

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
61 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand

Federal Bank

Official Website

https://www.federalbank.co.in

Fake Service

Online Banking Login Portal

Fraudulent Claims

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The phishing page mimics Federal Bank's login portal to capture usernames, passwords, and session tokens. Harvested credentials are likely exfiltrated in real-time to attacker-controlled servers via obfuscated JavaScript.

Secondary Method: OTP Interception

The OTP Stealer module suggests the kit is designed to capture one-time passwords (OTPs) or 2FA codes, enabling attackers to bypass multi-factor authentication and gain unauthorized access to victim accounts.

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Dominio

ibank.fedbonline.com

Registered

2025-07-30 09:53:03+00:00

Registrar

Dynadot Inc

Estado

Active (180 days old)

🦠 Malicious Files

Main File

File Size

Obfuscated JavaScript file containing 61 obfuscation techniques, likely used for credential harvesting and exfiltration.

📊 Diagrama de Flujo de Ataque

Here's a generic ASCII art attack flow diagram for the phishing attack:

```
┌──────────────────────────────────────────────────────────┐
│ 1. INITIAL ACCESS                                        │
│    - Victim receives phishing message                    │
│    - Directed to fake Federal Bank page                  │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE LOGIN PAGE                                       │
│    - Displays convincing bank login interface            │
│    - Mimics legitimate Federal Bank design               │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL CAPTURE                                    │
│    - Victim enters Banking credentials                   │
│    - Data collected in fake form                         │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA EXFILTRATION                                     │
│    - Stolen credentials sent via HTTP POST               │
│    - Standard form submission to attacker server         │
└──────────────────────────────────────────────────────────┘
```

🔬 JavaScript Deep Analysis

Operator Language

English (1%)

Total Code Size

516,9 KB

🔗 API Endpoints Detected

Other

26

🔐 Obfuscation Detected

: Light
: Moderate

🤖 AI-Extracted Threat Intelligence

📊 Attack Flow

Here's a generic ASCII art attack flow diagram for the phishing attack:

```
┌──────────────────────────────────────────────────────────┐
│ 1. INITIAL ACCESS                                        │
│    - Victim receives phishing message                    │
│    - Directed to fake Federal Bank page                  │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE LOGIN PAGE                                       │
│    - Displays convincing bank login interface            │
│    - Mimics legitimate Federal Bank design               │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL CAPTURE                                    │
│    - Victim enters Banking credentials                   │
│    - Data collected in fake form                         │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA EXFILTRATION                                     │
│    - Stolen credentials sent via HTTP POST               │
│    - Standard form submission to attacker server         │
└──────────────────────────────────────────────────────────┘
```