attmailingupdate5537verifyredirect373838383738.ubpages.com
Open in
urlscan Pro
104.18.41.137
Malicious Activity!
Public Scan
Submission Tags: phishing
Submission: On March 20 via api from US — Scanned from DE
Summary
TLS certificate: Issued by E1 on February 5th 2024. Valid for: 3 months.
This is the only time attmailingupdate5537verifyredirect373838383738.ubpages.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AT&T (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 104.18.41.137 104.18.41.137 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 13.35.58.23 13.35.58.23 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 52.222.137.27 52.222.137.27 | 16509 (AMAZON-02) (AMAZON-02) | |
9 | 4 |
ASN13335 (CLOUDFLARENET, US)
attmailingupdate5537verifyredirect373838383738.ubpages.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-35-58-23.fra60.r.cloudfront.net
builder-assets.unbounce.com |
ASN16509 (AMAZON-02, US)
PTR: server-52-222-137-27.ams50.r.cloudfront.net
d9hhrg4mnvzow.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
cloudfront.net
d9hhrg4mnvzow.cloudfront.net |
11 KB |
3 |
ubpages.com
attmailingupdate5537verifyredirect373838383738.ubpages.com |
20 KB |
2 |
unbounce.com
builder-assets.unbounce.com — Cisco Umbrella Rank: 36816 |
43 KB |
9 | 3 |
Domain | Requested by | |
---|---|---|
3 | d9hhrg4mnvzow.cloudfront.net |
attmailingupdate5537verifyredirect373838383738.ubpages.com
|
3 | attmailingupdate5537verifyredirect373838383738.ubpages.com |
attmailingupdate5537verifyredirect373838383738.ubpages.com
|
2 | builder-assets.unbounce.com |
attmailingupdate5537verifyredirect373838383738.ubpages.com
|
9 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ubpages.com E1 |
2024-02-05 - 2024-05-05 |
3 months | crt.sh |
*.unbounce.com Amazon RSA 2048 M03 |
2023-12-10 - 2025-01-07 |
a year | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2023-10-10 - 2024-09-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://attmailingupdate5537verifyredirect373838383738.ubpages.com/6c65804a-e69b-11ee-9f8c-b24a52366dce/
Frame ID: 0430753C12B093594CF1242EA4910A57
Requests: 10 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
attmailingupdate5537verifyredirect373838383738.ubpages.com/6c65804a-e69b-11ee-9f8c-b24a52366dce/ |
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-7b78720.z.css
builder-assets.unbounce.com/published-css/ |
15 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bbd2c1606ea463f3010917a5cf4e7db1ce886192.js
attmailingupdate5537verifyredirect373838383738.ubpages.com/_ub/static/ts/ |
43 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.bundle-4ea5d01.z.js
builder-assets.unbounce.com/published-js/ |
125 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
i
attmailingupdate5537verifyredirect373838383738.ubpages.com/_ub/ |
2 B 217 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
cc46e5e4-df09-4aa2-93f2-36fb50207b42
https://attmailingupdate5537verifyredirect373838383738.ubpages.com/ |
5 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m0gsb9-screenshot-2024-02-27-at-20-16-24-login-screen_10a405e000000000000028.png
d9hhrg4mnvzow.cloudfront.net/attmailingupdate5537verifyredirect373838383738.ubpages.com/6c65804a-e69b-11ee-9f8c-b24a52366dce/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1pd9wxi-screenshot-2024-02-27-at-20-16-44-login-screen_10be02x000000000000028.png
d9hhrg4mnvzow.cloudfront.net/attmailingupdate5537verifyredirect373838383738.ubpages.com/6c65804a-e69b-11ee-9f8c-b24a52366dce/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1ljwfc5-screenshot-2024-02-27-at-20-16-59-login-screen_10x202z000000000000028.png
d9hhrg4mnvzow.cloudfront.net/attmailingupdate5537verifyredirect373838383738.ubpages.com/6c65804a-e69b-11ee-9f8c-b24a52366dce/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AT&T (Telecommunication)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ub object| module function| ubSnowplow boolean| ubSnowplowInitialized function| setImmediate function| clearImmediate boolean| VimeoPlayerResizeEmbeds_ boolean| VimeoSeoMetadataAppended boolean| VimeoCheckedUrlTimeParam4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
attmailingupdate5537verifyredirect373838383738.ubpages.com/6c65804a-e69b-11ee-9f8c-b24a52366dce/ | Name: ubpv Value: a%2C6c65804a-e69b-11ee-9f8c-b24a52366dce |
|
attmailingupdate5537verifyredirect373838383738.ubpages.com/ | Name: ubvs Value: cdf2da5d-d73f-4d3a-85b0-56ec38db92f1 |
|
.ubpages.com/ | Name: ubvt Value: v2%7Ccdf2da5d-d73f-4d3a-85b0-56ec38db92f1%7C6c65804a-e69b-11ee-9f8c-b24a52366dce%3Aa%3Asingle |
|
.ubpages.com/ | Name: __cf_bm Value: 0jZxCAJFTYFZrmsZ.PqQY1KcIuIksV2WvXW.btNRDvU-1710957640-1.0.1.1-8.eSWiMMan1BQPRbvQoP4IZ.LpoGH58p.4WHH.0PHxvxs7vKVaFBxxerCTRgVxjJU_HTB9A4sDF3tSxBXBjKjg |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
attmailingupdate5537verifyredirect373838383738.ubpages.com
builder-assets.unbounce.com
d9hhrg4mnvzow.cloudfront.net
104.18.41.137
13.35.58.23
52.222.137.27
00ee2a14dbde4361b87ee179eb2f13a28a2a82631efa215b4d22a255f5d0c9cc
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
4ea5d010a87ac4f32be233cec4099eac5d1d2d89df8c9016bb0457167effeee0
69df697036f1c4b54742b19182894a7b2c558c6f2940784dbdc2a76a7311db24
7b787207f29ffd5672ab91b95f681b387b4d6433081cc8b47070f1d564827863
b332b9c2068a643b359e3bee240c682583624ea2d9575a2c38ccd37f93360fd2
b66507f5e45846b241d26ff729d056950e4e178dbd95eabe8ddf928b3b9354c3
d36d6643cc4302252f8f04382729518e231fb1087a0cf7c8dbb441ce7f07b623
d6bd0181c47b7bd42a39889b5d7ca79527cdb8654329bb6c52efef5374ebab2e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629