securelyschwab.com
Open in
urlscan Pro
95.214.26.208
Malicious Activity!
Public Scan
Effective URL: https://securelyschwab.com/login.php
Submission Tags: @ecarlesi threat phishing charlesschwab Search All
Submission: On November 30 via api from IT — Scanned from NL
Summary
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on November 29th 2023. Valid for: 3 months.
This is the only time securelyschwab.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Charles Schwab (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 95.214.26.208 95.214.26.208 | 216419 (AS-MATRIX...) (AS-MATRIXTELECOM) | |
1 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
securelyschwab.com
1 redirects
securelyschwab.com |
252 KB |
1 | 1 |
Domain | Requested by | |
---|---|---|
2 | securelyschwab.com | 1 redirects |
1 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.schwab.com |
welcome.schwab.com |
lms-mgmt.schwab.com |
client.schwab.com |
sws-gateway-nr.schwab.com |
brokercheck.finra.org |
www.sipc.org |
www.schwab-global.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
securelyschwab.com ZeroSSL RSA Domain Secure Site CA |
2023-11-29 - 2024-02-27 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://securelyschwab.com/login.php
Frame ID: CB6E59C5FC5318C35B127C6E5BE94D9A
Requests: 10 HTTP requests in this frame
Frame:
data://truncated
Frame ID: E530E19E0E4B5651B1FDA661359AF45A
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Login | Charles Schwab Functionality Unavailable | Charles SchwabPage URL History Show full URLs
-
https://securelyschwab.com/
HTTP 302
https://securelyschwab.com/login.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
16 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: create your Schwab Login ID and password first
Search URL Search Domain Scan URL
Title: Forgot login ID or password?
Search URL Search Domain Scan URL
Title: 中文網路通
Search URL Search Domain Scan URL
Title: New user?
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Client Relationship Summaries
Search URL Search Domain Scan URL
Title: Schwab Safe®
Search URL Search Domain Scan URL
Title: The Schwab Security Guarantee
Search URL Search Domain Scan URL
Title: Schwab Homepage
Search URL Search Domain Scan URL
Title: Web Browser Information
Search URL Search Domain Scan URL
Title: FINRA's BrokerCheck
Search URL Search Domain Scan URL
Title: member SIPC
Search URL Search Domain Scan URL
Title: non-U.S. residents
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://securelyschwab.com/
HTTP 302
https://securelyschwab.com/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
1 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
securelyschwab.com/ Redirect Chain
|
382 KB 251 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
46 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
110 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
22 KB 22 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
17 KB 0 |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 0 |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame E530 |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Charles Schwab (Financial)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| documentPictureInPicture1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
securelyschwab.com/ | Name: PHPSESSID Value: e353e76cdee0b32dadfcacdd5b2d29f6 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
securelyschwab.com
95.214.26.208
0c1f7d2d3fa4ed7ec3cf2519cd017ddb5bc8de757e00ed8f84cd8991059a0631
2662967d7063779967a04c5dad1e33c94e9d20115771a96f7cb4e8fd22642621
2ccc4d3be744a29473fefe2f313fdae488f460b85a47e8427f748358a54ba048
3c1e405db9fdc7ea43f4ac748a546bd54161bdecec8b8756b4e29b1359f2c856
4f5b35239a5b6cdaeac327f090a14bdcc0957d526250ca369762fa0e74c23f30
5272a114b9742bd1c8ffca7fd3980832553913770dfd5a2a1c0e12361680cec0
5b3d40617ea482e661594c80e78ffdd133b0597307cae938369a465ba049a8b1
63fb2c080599f9074b3e70cc98ed2a03d761b43ca8022f27cfa29738038dbeb0
d8c07fe5cb7b953107c404738baa67a4ad25b937817e13ac84f79b3a0ee8a4b3
d94f1b404ced8425c1c0e76a33e33b1b2c359fbefa2f1456f330f2f82a0eec58
e5020e9d3506bfdccffd4524bea8b99cf2cf4932e9f01b68d2a20a6dcc7ecffd