urlscan.io logo urlscan.io
SecurityTrails logo

securelyschwab.com Open in urlscan Pro
95.214.26.208  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://securelyschwab.com/
Effective URL: https://securelyschwab.com/login.php
Submission Tags: @ecarlesi threat phishing charlesschwab Search All
Submission: On November 30 via api from IT — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 95.214.26.208, located in Netherlands and belongs to AS-MATRIXTELECOM, GB. The main domain is securelyschwab.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on November 29th 2023. Valid for: 3 months.
This is the only time securelyschwab.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Charles Schwab (Financial)

Domain & IP information

IP Address AS Autonomous System
1 2 95.214.26.208 216419 (AS-MATRIX...)
1 2
Apex Domain
Subdomains		 Transfer
2 securelyschwab.com
securelyschwab.com
252 KB
1 1
Domain Requested by
2 securelyschwab.com 1 redirects
1 1
Subject Issuer Validity Valid
securelyschwab.com
ZeroSSL RSA Domain Secure Site CA		 2023-11-29 -
2024-02-27		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://securelyschwab.com/login.php
Frame ID: CB6E59C5FC5318C35B127C6E5BE94D9A
Requests: 10 HTTP requests in this frame

Frame: data://truncated
Frame ID: E530E19E0E4B5651B1FDA661359AF45A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login | Charles Schwab Functionality Unavailable | Charles Schwab

Page URL History Show full URLs

  1. https://securelyschwab.com/ HTTP 302
    https://securelyschwab.com/login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

273 kB
Transfer

620 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://securelyschwab.com/ HTTP 302
    https://securelyschwab.com/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.php
securelyschwab.com/
Redirect Chain
  • https://securelyschwab.com/
  • https://securelyschwab.com/login.php
382 KB
251 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://securelyschwab.com/login.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.214.26.208 , Netherlands, ASN216419 (AS-MATRIXTELECOM, GB),
Reverse DNS
Software
Apache /
Resource Hash
d8c07fe5cb7b953107c404738baa67a4ad25b937817e13ac84f79b3a0ee8a4b3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Thu, 30 Nov 2023 11:05:02 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=99
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Thu, 30 Nov 2023 11:05:02 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Location
login.php
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked
Vary
Accept-Encoding
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2ccc4d3be744a29473fefe2f313fdae488f460b85a47e8427f748358a54ba048

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		46 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4f5b35239a5b6cdaeac327f090a14bdcc0957d526250ca369762fa0e74c23f30

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		110 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3c1e405db9fdc7ea43f4ac748a546bd54161bdecec8b8756b4e29b1359f2c856

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5272a114b9742bd1c8ffca7fd3980832553913770dfd5a2a1c0e12361680cec0

Request headers

Referer
Origin
https://securelyschwab.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
application/x-font-woff
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5b3d40617ea482e661594c80e78ffdd133b0597307cae938369a465ba049a8b1

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/avif
truncated
/ 		17 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
63fb2c080599f9074b3e70cc98ed2a03d761b43ca8022f27cfa29738038dbeb0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/webp
truncated
/ 		14 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d94f1b404ced8425c1c0e76a33e33b1b2c359fbefa2f1456f330f2f82a0eec58

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/webp
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0c1f7d2d3fa4ed7ec3cf2519cd017ddb5bc8de757e00ed8f84cd8991059a0631

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e5020e9d3506bfdccffd4524bea8b99cf2cf4932e9f01b68d2a20a6dcc7ecffd

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame E530 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2662967d7063779967a04c5dad1e33c94e9d20115771a96f7cb4e8fd22642621

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Charles Schwab (Financial)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| documentPictureInPicture

1 Cookies

Domain/Path Name / Value
securelyschwab.com/ Name: PHPSESSID
Value: e353e76cdee0b32dadfcacdd5b2d29f6