pub-fff55ee1f1384746a834e5b239120cff.r2.dev
Open in
urlscan Pro
2606:4700::6812:323
Malicious Activity!
Public Scan
Effective URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html
Submission: On March 01 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by E1 on February 6th 2024. Valid for: 3 months.
This is the only time pub-fff55ee1f1384746a834e5b239120cff.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Truist Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3030::6815:24cc | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 6 | 2606:4700:303... 2606:4700:3031::ac43:c74b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.244.42.69 104.244.42.69 | 13414 (TWITTER) (TWITTER) | |
2 | 2606:4700::68... 2606:4700::6812:323 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
17 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 152.199.19.160 152.199.19.160 | 15133 (EDGECAST) (EDGECAST) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
25 | 6 |
ASN13335 (CLOUDFLARENET, US)
pub-fff55ee1f1384746a834e5b239120cff.r2.dev |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
pages.dev
template-5ql.pages.dev |
194 KB |
7 |
trimmer.to
4 redirects
trimmer.to |
8 KB |
2 |
r2.dev
pub-fff55ee1f1384746a834e5b239120cff.r2.dev |
359 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 228 |
5 KB |
1 |
aspnetcdn.com
ajax.aspnetcdn.com — Cisco Umbrella Rank: 2467 |
30 KB |
1 |
t.co
t.co — Cisco Umbrella Rank: 674 |
601 B |
25 | 6 |
Domain | Requested by | |
---|---|---|
17 | template-5ql.pages.dev |
pub-fff55ee1f1384746a834e5b239120cff.r2.dev
|
7 | trimmer.to |
4 redirects
trimmer.to
|
2 | pub-fff55ee1f1384746a834e5b239120cff.r2.dev |
t.co
pub-fff55ee1f1384746a834e5b239120cff.r2.dev |
1 | cdnjs.cloudflare.com |
pub-fff55ee1f1384746a834e5b239120cff.r2.dev
|
1 | ajax.aspnetcdn.com |
pub-fff55ee1f1384746a834e5b239120cff.r2.dev
|
1 | t.co | |
25 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
dias.bank.truist.com |
www.nmlsconsumeraccess.org |
www.finra.org |
www.sipc.org |
www.nyc.gov |
www.truist.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
trimmer.to Cloudflare Inc ECC CA-3 |
2023-12-26 - 2024-12-25 |
a year | crt.sh |
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-01-07 - 2025-01-06 |
a year | crt.sh |
*.r2.dev E1 |
2024-02-06 - 2024-05-06 |
3 months | crt.sh |
template-5ql.pages.dev GTS CA 1P5 |
2024-02-04 - 2024-05-04 |
3 months | crt.sh |
*.vo.msecnd.net DigiCert SHA2 Secure Server CA |
2024-01-30 - 2025-01-30 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html
Frame ID: F38ED03D32B13869CD2103B5CC233FD6
Requests: 22 HTTP requests in this frame
Frame:
https://trimmer.to/cdn-cgi/challenge-platform/h/g/scripts/jsd/a0d8959cb7d0/main.js
Frame ID: E2550CF3EC835DE0227D9CB126D49DD1
Requests: 2 HTTP requests in this frame
Frame:
https://template-5ql.pages.dev/css/dest5.htm
Frame ID: DC250AF2DEBEF2E9BD8F978DC43C619C
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Truist Online Banking Login | TruistPage URL History Show full URLs
-
http://trimmer.to/JeTBB
HTTP 301
https://trimmer.to/JeTBB Page URL
-
https://trimmer.to/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=12961078
HTTP 302
https://trimmer.to/JeTBB HTTP 301
https://t.co/4uSF3USLse Page URL
- https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
11 Outgoing links
These are links going to different origins than the main page.
Title: Forgot User ID
Search URL Search Domain Scan URL
Title: Forgot Password
Search URL Search Domain Scan URL
Title: Skip to main content
Search URL Search Domain Scan URL
Title: Search the NMLS Registry.
Search URL Search Domain Scan URL
Title: FINRA
Search URL Search Domain Scan URL
Title: SIPC
Search URL Search Domain Scan URL
Title: http://www.nyc.gov/dca
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Fraud & security
Search URL Search Domain Scan URL
Title: Terms and conditions
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://trimmer.to/JeTBB
HTTP 301
https://trimmer.to/JeTBB Page URL
-
https://trimmer.to/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=12961078
HTTP 302
https://trimmer.to/JeTBB HTTP 301
https://t.co/4uSF3USLse Page URL
- https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://trimmer.to/JeTBB HTTP 301
- https://trimmer.to/JeTBB
- https://trimmer.to/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://trimmer.to/cdn-cgi/challenge-platform/h/g/scripts/jsd/a0d8959cb7d0/main.js
- https://trimmer.to/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=12961078 HTTP 302
- https://trimmer.to/JeTBB HTTP 301
- https://t.co/4uSF3USLse
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
JeTBB
trimmer.to/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
trimmer.to/cdn-cgi/challenge-platform/h/g/scripts/jsd/a0d8959cb7d0/ Frame E255 Redirect Chain
|
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4uSF3USLse
t.co/ Redirect Chain
|
428 B 601 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
85da0909cedcabde
trimmer.to/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame E255 |
0 630 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Truist_secureme_notification_alert.html
pub-fff55ee1f1384746a834e5b239120cff.r2.dev/ |
359 KB 359 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s16901390859996.js
template-5ql.pages.dev/css/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dbc-min.js
template-5ql.pages.dev/css/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.300dc7a1784cb961.css
template-5ql.pages.dev/css/ |
72 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
launch-866a03735382.min.js
template-5ql.pages.dev/css/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles_r.css
template-5ql.pages.dev/css/ |
156 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement.min.js
template-5ql.pages.dev/css/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement_Module_AudienceManagement.min.js
template-5ql.pages.dev/css/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
truist_common.js
template-5ql.pages.dev/css/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
trulogo_horz-trupurple.png
template-5ql.pages.dev/css/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
trulogo_horz-white.png
template-5ql.pages.dev/css/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tru_lg_hrz_rgb_wht_rev.png
template-5ql.pages.dev/css/ |
14 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
runtime.24e47bcca0e5b8df.js
template-5ql.pages.dev/css/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfills.87d6b856162b755f.js
template-5ql.pages.dev/css/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scripts.1c82821384a86f51.js
template-5ql.pages.dev/css/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.6b2b5be7c0191f9e.js
template-5ql.pages.dev/css/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ |
20 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tru-core-icon-sprite.svg
pub-fff55ee1f1384746a834e5b239120cff.r2.dev/assets/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dest5.htm
template-5ql.pages.dev/css/ Frame DC25 |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
father-son.png
template-5ql.pages.dev/css/ |
137 KB 137 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Truist Bank (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| $ function| jQuery number| count number| counts5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.trimmer.to/ | Name: wschkid Value: ca68da7ab51dbdb3910f346a1b8e9b1a6e311814.1709391822.1 |
|
.trimmer.to/ | Name: cf_clearance Value: oVmVWg7zmj2_AwUm9LnI6JmEDZjkVXjq43ScUmk_jA8-1709305422-1.0.1.1-TqWGyMZDqo1z7zeNh3MY7OsvBZ2WpuFgomEa4.y8A7AeMSZPg89josM66ntqw1qKDzJhPCNHADyMPJWlbFunmg |
|
trimmer.to/ | Name: PHPSESSID Value: gi0opa8uu31jg6d02gu70u0m46 |
|
trimmer.to/ | Name: short_4317 Value: 1 |
|
.t.co/ | Name: muc Value: 5d6f3c93-269c-40da-a234-10fcdc453304 |
14 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.aspnetcdn.com
cdnjs.cloudflare.com
pub-fff55ee1f1384746a834e5b239120cff.r2.dev
t.co
template-5ql.pages.dev
trimmer.to
104.244.42.69
152.199.19.160
2606:4700:3030::6815:24cc
2606:4700:3031::ac43:c74b
2606:4700::6811:180e
2606:4700::6812:323
2a06:98c1:3120::3
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2fb0edc4309fcb422b5a0a0649b316449435e6a4f9ae2f3dc294d4c207028d25
3298955245d7912cfe82f3cb67dc8e40c9ca08a1c0106ac68e4813f721d75523
a513858a2963cc53d939080c9915b8b3813cb3f324050498b5398bf05dd62ad7
b9be43d6b02b6a6905473e14b0386e3e0f624d1718bafa23bab0f94b6abe622c
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
d2e2e20fc9729fb0389392bde5a8fd1b4cb390dd8689ce7a1c3fe83cc91b0d52
d938ee89009d30e5f4abe089c40c5d3ef3b4ae7e1965d451faadb7e61ccc32d9
ec49b86b06d2f7c62d5f4c7ce1aff7e7158550db6c0048565345b67152bc7604
f87b567095229d6c5298353136c8c7c1b268fe1b8d996b7ab29b07f7ae97ec08
fdeec756eeb5e1678d56c408ab7b587cffdc028141bb321e6f9fc2ab07434f94