secure-payment-review.com
Open in
urlscan Pro
176.123.0.55
Malicious Activity!
Public Scan
Submission Tags: https://phish.report @phish_report Search All
Submission: On August 06 via api from FI — Scanned from FI
Summary
This is the only time secure-payment-review.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Suncorp (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
13 | 176.123.0.55 176.123.0.55 | 200019 (ALEXHOST) (ALEXHOST) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1b | 20446 (STACKPATH...) (STACKPATH-CDN) | |
1 | 92.123.8.114 92.123.8.114 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
15 | 3 |
ASN200019 (ALEXHOST, MD)
PTR: hosting2.alexhost.md
secure-payment-review.com |
ASN16625 (AKAMAI-AS, US)
PTR: a92-123-8-114.deploy.static.akamaitechnologies.com
bank.barclays.co.uk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
secure-payment-review.com
secure-payment-review.com |
184 KB |
1 |
barclays.co.uk
bank.barclays.co.uk — Cisco Umbrella Rank: 140166 |
4 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 615 |
83 KB |
15 | 3 |
Domain | Requested by | |
---|---|---|
13 | secure-payment-review.com |
secure-payment-review.com
code.jquery.com |
1 | bank.barclays.co.uk |
secure-payment-review.com
|
1 | code.jquery.com |
secure-payment-review.com
|
15 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
bank.barclays.co.uk Entrust Certification Authority - L1M |
2021-08-19 - 2022-08-19 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
http://secure-payment-review.com/
Frame ID: 30D293CA9043F673E3F9724E4FD6B3D7
Requests: 14 HTTP requests in this frame
Frame:
http://secure-payment-review.com/assets/index_1.html
Frame ID: 1139FD1C093EDB38DBD3CC9A32936FFF
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
LoginDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
secure-payment-review.com/ |
14 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
normalize.css
secure-payment-review.com/assets/ |
8 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
suncorpnew-uama.css
secure-payment-review.com/assets/ |
902 KB 71 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.js
code.jquery.com/ |
281 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
secure-payment-review.com/static/ |
59 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bdlLogin.bootstrap.min.js
bank.barclays.co.uk/authlogin/ |
19 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Logo-header.svg
secure-payment-review.com/assets/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Icon-lock.svg
secure-payment-review.com/assets/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AtlasGrotesk-Light.woff2
secure-payment-review.com/assets/ |
40 KB 41 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Icon-question.svg
secure-payment-review.com/assets/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Icon-arrowRight.svg
secure-payment-review.com/assets/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AtlasGrotesk-Medium.woff2
secure-payment-review.com/assets/ |
41 KB 41 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index_1.html
secure-payment-review.com/assets/ Frame 1139 |
329 B 660 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Icon-security--default-security.svg
secure-payment-review.com/assets/ |
920 B 963 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
activity.php
secure-payment-review.com/files/ |
18 B 532 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Suncorp (Banking)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| $ function| jQuery object| bootstrap object| browser_detect function| mboxDefine function| mboxUpdate string| pathref object| dataLayer function| isNumber number| interval function| heartbeat1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
secure-payment-review.com/ | Name: PHPSESSID Value: d834ea9aa5a3a064a2e401133bd604b9 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bank.barclays.co.uk
code.jquery.com
secure-payment-review.com
176.123.0.55
2001:4de0:ac18::1:a:1b
92.123.8.114
16efa0045fc1e922b93e0ea23804a92efa16131280b3bdc81914883cab8e88a5
1d8c0d3b12f76437fa553aee3abb2808bd87ecec668ef0bc81c66655b52c59c4
286a88db98714cf5ce1d294185c82413ac47d50fe014e27d9904fa54c4438264
38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff
416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37
44e037ac5f4adb28ae5509dc5e060d3fc953d3ad6c280ec554ce46065248ad5a
5835a08874348f1c21b5eb17bd19b9d4787feaeb008180deca1382cb77ba0851
69fcf7682b771176634dc54deb0c412cf9ec40df931d56a0480ee51b47ed1598
6d6f077395745312ca210f70e2e556215368c029d3578bca5c2e91690d292ddf
8b88a65fb3fdd70ae7faf24c850be4049f80a47889895fb2e11d491f58df0ada
94f9149f1315d2a1b9f44a7fd18360f4ef65b7255fbde2d926619c00b37fcbe9
c77e7d6856c1b403934d2e0fbd39e4fceca4aa72b3f2ffd82a319114faba4446
c8c4081a06ec353877cd55f30584ba3aab40fdccb40cd237861b7039dbe945b3
efe6f81f302ef297b8c14a9982542add4b97348bfa78ed151f4e93a797dc2630
fca63a7a3eb5d2b14c03d129964c75182fbedf12ac40f123ea52daa277d5f4a2