usaatest.z13.web.core.windows.net
Open in
urlscan Pro
52.239.221.65
Malicious Activity!
Public Scan
Submission: On June 21 via manual from NG — Scanned from DE
Summary
TLS certificate: Issued by Microsoft RSA TLS CA 01 on May 11th 2022. Valid for: a year.
This is the only time usaatest.z13.web.core.windows.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: USAA (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 52.239.221.65 52.239.221.65 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
7 | 192.185.173.9 192.185.173.9 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 2a00:1450:400... 2a00:1450:400e:80c::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::2003 | 15169 (GOOGLE) (GOOGLE) | |
10 | 4 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
usaatest.z13.web.core.windows.net |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-173-9.unifiedlayer.com
moralesconstructora.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
moralesconstructora.com
moralesconstructora.com |
310 KB |
1 |
gstatic.com
fonts.gstatic.com |
21 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 67 |
1 KB |
1 |
windows.net
usaatest.z13.web.core.windows.net |
21 KB |
10 | 4 |
Domain | Requested by | |
---|---|---|
7 | moralesconstructora.com |
usaatest.z13.web.core.windows.net
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
usaatest.z13.web.core.windows.net
|
1 | usaatest.z13.web.core.windows.net | |
10 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.web.core.windows.net Microsoft RSA TLS CA 01 |
2022-05-11 - 2023-05-11 |
a year | crt.sh |
*.moralesconstructora.com R3 |
2022-05-15 - 2022-08-13 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-05-30 - 2022-08-22 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-05-30 - 2022-08-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://usaatest.z13.web.core.windows.net/
Frame ID: E80F0A5D58AFA6AB6061393EB289710A
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Member Account Login | USAADetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
usaatest.z13.web.core.windows.net/ |
20 KB 21 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
moralesconstructora.com/git/f1l3s/ |
84 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.1.1.min.js
moralesconstructora.com/git/f1l3s/ |
85 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.js
moralesconstructora.com/git/f1l3s/ |
265 KB 104 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
7 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.slim.min.js
moralesconstructora.com/git/f1l3s/ |
68 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
moralesconstructora.com/git/f1l3s/ |
19 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
moralesconstructora.com/git/f1l3s/ |
48 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
capture.PNG
moralesconstructora.com/git/f1l3s/ |
73 KB 73 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2sDcZGJYnIjSi6H75xkzaGW5.woff2
fonts.gstatic.com/s/assistant/v16/ |
20 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: USAA (Banking)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| $ function| jQuery function| Popper object| bootstrap0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
moralesconstructora.com
usaatest.z13.web.core.windows.net
192.185.173.9
2a00:1450:4001:80b::2003
2a00:1450:400e:80c::200a
52.239.221.65
02265528674f039e9e297c8cecbda39443f13efbd56e2aac9bfa4d76b3c62c78
70df67cc45846d7a2d50107748cf804b82ca3eafd46711614a40768e3b37c16c
7f78dfd00224df0efd3496e38d3da4d2adb2092d6d79cfaf4b7983849acd284d
97b3b5971a90d1974b7d0cfe17458ae558c2797373f0ddaa4a2307f635c78f61
9fdce601969d5ddcaf6a997e6843d92e5096e83b165ece04d907655b74945b21
b1442b3a321852a7f6d31cbd9108d34e762b2de9254be62a3ecf574019e0063a
cc325a58d284f47cf0ddde0ce30da6c97dabfd9e15faa8bb6c436665ccb105ef
d7cd4d1a6654e3389b5478e90cd06a943d73cd1dedeef26d7aeb59819fe38b5d
d81d0633ee25696c3aa66c1de9175b823810d8a6c30c32f7c3cd4c11eb1ee12c
fcdcc7b2b448f8cd3949ed48b2b81a413e6d09208edee70b8988e7f6cf3ad189