signin.information.signin-robinhood.as36874.net Open in urlscan Pro
162.240.162.190 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://signin.information.signin-robinhood.as36874.net/
Effective URL:
https://signin.information.signin-robinhood.as36874.net/login/?sessions=14dd6e22725fdf3ce2c04f7817827a83&id_session=1890ca9cf3bebf5596e8dfccc827f54a1f57...
Submission: On April 30 via manual (April 30th 2024, 7:04:45 pm UTC) from US — Scanned from DE

Summary HTTP 5 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 5 HTTP transactions. The main IP is 162.240.162.190, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is signin.information.signin-robinhood.as36874.net.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 30th 2024. Valid for: 3 months.

This is the only time signin.information.signin-robinhood.as36874.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Robinhood (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 5	162.240.162.190 162.240.162.190	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	18.66.102.52 18.66.102.52	16509 (AMAZON-02) (AMAZON-02)
5	3

5 162.240.162.190 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-240-162-190.unifiedlayer.com

signin.information.signin-robinhood.as36874.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.102.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-52.fra56.r.cloudfront.net

cdn.robinhood.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	as36874.net 1 redirects signin.information.signin-robinhood.as36874.net	3 MB
1	robinhood.com cdn.robinhood.com — Cisco Umbrella Rank: 17679	379 KB
5	2

	Domain	Requested by
5	signin.information.signin-robinhood.as36874.net	1 redirects signin.information.signin-robinhood.as36874.net
1	cdn.robinhood.com	signin.information.signin-robinhood.as36874.net
5	2

This site contains no links.

Subject Issuer	Validity	Valid
signin.information.signin-robinhood.as36874.net cPanel, Inc. Certification Authority	`2024-04-30` - `2024-07-29`	3 months	crt.sh
*.robinhood.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-18` - `2025-02-17`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://signin.information.signin-robinhood.as36874.net/login/?sessions=14dd6e22725fdf3ce2c04f7817827a83&id_session=1890ca9cf3bebf5596e8dfccc827f54a1f57a605
Frame ID: D106058F656284086D6B9EF7276AB9F5
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Update your password | Robinhood

Page URL History Show full URLs

https://signin.information.signin-robinhood.as36874.net/ Page URL
https://signin.information.signin-robinhood.as36874.net/login?sessions=14dd6e22725fdf3ce2c04f7817827a83&id_session=1890ca9cf3bebf559... HTTP 301
https://signin.information.signin-robinhood.as36874.net/login/?sessions=14dd6e22725fdf3ce2c04f7817827a83&id_session=1890ca9cf3bebf55... Page URL

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

3339 kB
Transfer

3337 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://signin.information.signin-robinhood.as36874.net/ Page URL
https://signin.information.signin-robinhood.as36874.net/login?sessions=14dd6e22725fdf3ce2c04f7817827a83&id_session=1890ca9cf3bebf5596e8dfccc827f54a1f57a605 HTTP 301
https://signin.information.signin-robinhood.as36874.net/login/?sessions=14dd6e22725fdf3ce2c04f7817827a83&id_session=1890ca9cf3bebf5596e8dfccc827f54a1f57a605 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ signin.information.signin-robinhood.as36874.net/	162 B 543 B	1320ms 811ms	Document text/html	162.240.162.190 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://signin.information.signin-robinhood.as36874.net/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.240.162.190 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-240-162-190.unifiedlayer.com Software Apache / Resource Hash Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Tue, 30 Apr 2024 19:04:39 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	Primary Request / Show response signin.information.signin-robinhood.as36874.net/login/ Redirect Chain https://signin.information.signin-robinhood.as36874.net/login?sessions=14dd6e22725fdf3ce2c04f7817827a83&id_session=1890ca9cf3bebf5596e8dfccc827f54a1f57a605 https://signin.information.signin-robinhood.as36874.net/login/?sessions=14dd6e22725fdf3ce2c04f7817827a83&id_session=1890ca9cf3bebf5596e8dfccc827f54a1f57a605	3 KB 4 KB	161ms 161ms	Document text/html	162.240.162.190 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://signin.information.signin-robinhood.as36874.net/login/?sessions=14dd6e22725fdf3ce2c04f7817827a83&id_session=1890ca9cf3bebf5596e8dfccc827f54a1f57a605 Requested by Host: signin.information.signin-robinhood.as36874.net URL: https://signin.information.signin-robinhood.as36874.net/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.240.162.190 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-240-162-190.unifiedlayer.com Software Apache / Resource Hash `754e443f18bd76388f5d447993ce49ad38367ad6d9c9e0e0d1c8aae9b6c9dd1f` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://signin.information.signin-robinhood.as36874.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Tue, 30 Apr 2024 19:04:40 GMT Keep-Alive timeout=5, max=98 Server Apache Transfer-Encoding chunked Redirect headers Connection Keep-Alive Content-Length 368 Content-Type text/html; charset=iso-8859-1 Date Tue, 30 Apr 2024 19:04:40 GMT Keep-Alive timeout=5, max=99 Location https://signin.information.signin-robinhood.as36874.net/login/?sessions=14dd6e22725fdf3ce2c04f7817827a83&id_session=1890ca9cf3bebf5596e8dfccc827f54a1f57a605 Server Apache
GET H/1.1	200 OK	main.css signin.information.signin-robinhood.as36874.net/css/	3 MB 3 MB	161ms 160ms	Stylesheet text/css	162.240.162.190 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://signin.information.signin-robinhood.as36874.net/css/main.css Requested by Host: signin.information.signin-robinhood.as36874.net URL: https://signin.information.signin-robinhood.as36874.net/login/?sessions=14dd6e22725fdf3ce2c04f7817827a83&id_session=1890ca9cf3bebf5596e8dfccc827f54a1f57a605 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.240.162.190 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-240-162-190.unifiedlayer.com Software Apache / Resource Hash `226fad4850092e9f9788bd067517dfc24f348daaf3c9f8c160a08bedfcfe98f6` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://signin.information.signin-robinhood.as36874.net/login/?sessions=14dd6e22725fdf3ce2c04f7817827a83&id_session=1890ca9cf3bebf5596e8dfccc827f54a1f57a605 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 30 Apr 2024 19:04:41 GMT Last-Modified Fri, 20 Jan 2023 12:29:27 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 2949661
GET H2	200	632fcb3e7ed928b2a960f3e003d10b44.jpg cdn.robinhood.com/assets/generated_assets/	378 KB 379 KB	55ms 9ms	Image image/jpeg	18.66.102.52 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.robinhood.com/assets/generated_assets/632fcb3e7ed928b2a960f3e003d10b44.jpg Requested by Host: signin.information.signin-robinhood.as36874.net URL: https://signin.information.signin-robinhood.as36874.net/login/?sessions=14dd6e22725fdf3ce2c04f7817827a83&id_session=1890ca9cf3bebf5596e8dfccc827f54a1f57a605 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.102.52 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-102-52.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `01373b02ad74b5c99cc5abd66cc1acf1cc4fffc85a51a16212e6f40d0de3f126` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://signin.information.signin-robinhood.as36874.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 30 Apr 2024 18:48:22 GMT x-amz-version-id MYRCXXD02ceNrVceqfizNVcGeU1WXwhq via 1.1 83f1b8f73f37458f38e2ee1fc0b9e68c.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 age 979 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin content-length 387068 last-modified Mon, 25 Dec 2023 22:38:13 GMT server AmazonS3 etag "cdfcb3cb965d71cf114d0aeb8f0a50cd" content-type image/jpeg cache-control public,max-age=604800,immutable accept-ranges bytes x-amz-cf-id e11FCHjLSnJeweqXtCQucJ6Y2_MbBAsCp7B_UkfUcN80q6tNNvcQBA==
GET DATA	200 OK	truncated /	19 KB 19 KB		Font binary/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d6e0f9a85b076741a771ec8574c1278fb65fe34160e73bd8beffa2f927831302` Request headers Referer Origin https://signin.information.signin-robinhood.as36874.net Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Content-Type binary/octet-stream
GET DATA	200 OK	truncated /	19 KB 19 KB		Font binary/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6573ba5ca76b29d5ffe83d94b27a4a8a09c8d5c8d5f2ca0719aaeef6856042d8` Request headers Referer Origin https://signin.information.signin-robinhood.as36874.net Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Content-Type binary/octet-stream
GET DATA	200 OK	truncated /	17 KB 17 KB		Font binary/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c64f5747ba22330e43c7e75d3bbabaf9b11a56c46d7f98c868482d64f09e5cd6` Request headers Referer Origin https://signin.information.signin-robinhood.as36874.net Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Content-Type binary/octet-stream
GET DATA	200 OK	truncated /	17 KB 17 KB		Font binary/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0f4a23c77efcc39a00f821331bdf4790e3fd934a4b72c6b9e91f5c87787e4651` Request headers Referer Origin https://signin.information.signin-robinhood.as36874.net Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Content-Type binary/octet-stream
GET H/1.1	200 OK	icon.ico signin.information.signin-robinhood.as36874.net/img/	4 KB 4 KB	161ms 160ms	Other image/x-icon	162.240.162.190 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://signin.information.signin-robinhood.as36874.net/img/icon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.240.162.190 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-240-162-190.unifiedlayer.com Software Apache / Resource Hash `f2413a8bddf0d54c3a1080c123f4f51db1eeb03310f548a75f5ce1466aaaa30e` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://signin.information.signin-robinhood.as36874.net/login/?sessions=14dd6e22725fdf3ce2c04f7817827a83&id_session=1890ca9cf3bebf5596e8dfccc827f54a1f57a605 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 30 Apr 2024 19:04:42 GMT Last-Modified Mon, 13 Sep 2021 00:39:42 GMT Server Apache Content-Type image/x-icon Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 4286

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Robinhood (Financial)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			signin.information.signin-robinhood.as36874.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: 5a1ef1cc560ac67e2ba2964b184754d7

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://signin.information.signin-robinhood.as36874.net/login/?sessions=14dd6e22725fdf3ce2c04f7817827a83&id_session=1890ca9cf3bebf5596e8dfccc827f54a1f57a605 Message: [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.robinhood.com
signin.information.signin-robinhood.as36874.net
162.240.162.190
18.66.102.52
01373b02ad74b5c99cc5abd66cc1acf1cc4fffc85a51a16212e6f40d0de3f126
0f4a23c77efcc39a00f821331bdf4790e3fd934a4b72c6b9e91f5c87787e4651
226fad4850092e9f9788bd067517dfc24f348daaf3c9f8c160a08bedfcfe98f6
6573ba5ca76b29d5ffe83d94b27a4a8a09c8d5c8d5f2ca0719aaeef6856042d8
754e443f18bd76388f5d447993ce49ad38367ad6d9c9e0e0d1c8aae9b6c9dd1f
c64f5747ba22330e43c7e75d3bbabaf9b11a56c46d7f98c868482d64f09e5cd6
d6e0f9a85b076741a771ec8574c1278fb65fe34160e73bd8beffa2f927831302
f2413a8bddf0d54c3a1080c123f4f51db1eeb03310f548a75f5ce1466aaaa30e

signin.information.signin-robinhood.as36874.net Open in urlscan Pro 162.240.162.190 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

3339 kBTransfer

3337 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

signin.information.signin-robinhood.as36874.net Open in urlscan Pro
162.240.162.190 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

3339 kB
Transfer

3337 kB
Size

1
Cookies

5 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!