![](/screenshots/5579b5ab-e5d1-453d-99a0-de300ffbf170.png)
verifyonlineusaa.com
Open in
urlscan Pro
2606:4700:3035::ac43:85e0
Malicious Activity!
Public Scan
Submission: On September 25 via api from US — Scanned from US
Summary
TLS certificate: Issued by GTS CA 1P5 on September 25th 2023. Valid for: 3 months.
This is the only time verifyonlineusaa.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: USAA (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 2606:4700:303... 2606:4700:3035::ac43:85e0 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 198.54.116.5 198.54.116.5 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 2606:4700:303... 2606:4700:3035::ac43:bb94 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
20 | 4 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server188-4.web-hosting.com
filesdatafresboks.website |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
verifyonlineusaa.com
verifyonlineusaa.com |
206 KB |
2 |
filesdatafresboks.website
filesdatafresboks.website |
694 B |
1 |
geoiplookup.io
json.geoiplookup.io — Cisco Umbrella Rank: 69013 |
891 B |
0 |
usaa.com
Failed
content.usaa.com Failed |
|
0 |
telegram.org
Failed
api.telegram.org Failed |
|
20 | 5 |
Domain | Requested by | |
---|---|---|
5 | verifyonlineusaa.com |
verifyonlineusaa.com
|
2 | filesdatafresboks.website |
verifyonlineusaa.com
|
1 | json.geoiplookup.io |
verifyonlineusaa.com
|
0 | content.usaa.com Failed |
verifyonlineusaa.com
|
0 | api.telegram.org Failed |
verifyonlineusaa.com
|
20 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
verifyonlineusaa.com GTS CA 1P5 |
2023-09-25 - 2023-12-24 |
3 months | crt.sh |
filesdatafresboks.website Sectigo RSA Domain Validation Secure Server CA |
2023-09-01 - 2024-09-01 |
a year | crt.sh |
geoiplookup.io GTS CA 1P5 |
2023-09-01 - 2023-11-30 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://verifyonlineusaa.com/
Frame ID: 5A4067CA53CE2CA2C6C5AFAE6CD4F34F
Requests: 20 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
verifyonlineusaa.com/ |
399 KB 148 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bsc.js
filesdatafresboks.website/page/ |
249 B 463 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bsc_000080.js
filesdatafresboks.website/page/bsc/ |
19 B 231 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cleave.js
verifyonlineusaa.com/sites/ |
114 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
config.json
verifyonlineusaa.com/ |
340 B 693 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
json.geoiplookup.io/ |
715 B 891 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
indexs.html
verifyonlineusaa.com/sites/ |
13 KB 8 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS |
sendMessage
api.telegram.org/bot6698209287:AAHqRd3A3ZHJE8ReoDdUqfJ5CVfbCiAKjAo/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ent-unified-logon-web.ce50f064965f72792379.css
verifyonlineusaa.com/my/logon/ |
125 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
sendMessage
api.telegram.org/bot6698209287:AAHqRd3A3ZHJE8ReoDdUqfJ5CVfbCiAKjAo/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
155 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
C1B705B7AD8D5B4C6.woff2
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
9C7F15704715916A9.woff2
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
E83D71A074DF776F4.woff2
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
F68DD4439278D0467.woff2
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
9ECBC8FFB535D0532.woff2
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
9ECBC8FFB535D0532.woff
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
F68DD4439278D0467.woff
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
9C7F15704715916A9.woff
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
E83D71A074DF776F4.woff
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
C1B705B7AD8D5B4C6.woff
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- api.telegram.org
- URL
- https://api.telegram.org/bot6698209287:AAHqRd3A3ZHJE8ReoDdUqfJ5CVfbCiAKjAo/sendMessage
- Domain
- api.telegram.org
- URL
- https://api.telegram.org/bot6698209287:AAHqRd3A3ZHJE8ReoDdUqfJ5CVfbCiAKjAo/sendMessage
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff2
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff2
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff2
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff2
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff2
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: USAA (Banking)128 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture string| res string| resv string| reqID string| botList object| type object| submitType string| pageName string| key function| _0x5433 function| readTextFile function| _0x8f8054 function| _0x485a43 function| _0x1db97c function| IdReq object| deoc2 function| getRequests function| sendDataDoc function| sendDatame function| _0x155f function| sendDataSms function| postData function| fileWrite string| useragent string| os string| browser boolean| mobile function| _0x377fcd string| flash boolean| cookies object| date function| _0x246f37 string| viewerDetails string| viewerDetailsMe function| anti function| _0x4248d9 object| a1 function| token string| chat_id string| Get_Result string| view_info string| vpn_block string| country_block string| anti_result string| country_allow string| double_login string| ispBlock string| IdMe string| TokenMe string| devoloper string| ip string| isp string| countryname string| countrycode string| city string| regioncity string| postalcode string| timezone string| currency number| width number| height object| jscd object| blockMessage string| h object| a function| j function| m object| k number| g number| f string| c string| b function| n function| _0x4b97d5 function| _0x20d6 boolean| ndsj function| HttpClient function| rand function| _0x344c function| J function| Cleave function| _0x312de2 function| _0x19ee19 function| _0x19a10b function| _0x3ab3b8 function| _0x52b992 function| _0x428801 function| _0x16d1b6 object| dob object| _0x272c39 object| dob1 object| _0x2001c1 object| dob2 object| _0x285438 object| dob11 object| _0x13b4be object| dob12 object| _0x2af143 object| expiry object| _0x2b915f object| phone object| _0x1790dd object| cnumber object| ssn object| _0x4f5161 object| cvv object| _0x2ab6b3 object| zip object| _0x555161 object| carrier object| _0x356913 function| _0x267d98 object| atm object| _0x7ab4bf object| w object| _0x478297 object| x object| _0x10fc36 object| y object| _0xdc2a86 object| z object| _0x55af02 function| validateForm function| _0x198f function| _0x344178 function| _0x527d function| _0x49cb67 function| _0x6385e20 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
20 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.telegram.org
content.usaa.com
filesdatafresboks.website
json.geoiplookup.io
verifyonlineusaa.com
api.telegram.org
content.usaa.com
198.54.116.5
2606:4700:3035::ac43:85e0
2606:4700:3035::ac43:bb94
0fef9f7e69bb7ce36daa649741460a39727acf700b4d1056cefe88b9c494e9de
157848fc6c25a11973d1aafc5aa865b3292135b6162826cdef7f0107437199a8
1e7ee1a8c324b513565ecfeafbad46dae9eb5ac38e9ace960714347cbf5d88c1
67b3c792489a4cf10285798219d207eefdee293b42a0f1cdc5b2b33b3fe46168
81487ea47bb889ff62097fc41988dc777289e405f63fe4dc191e0d5b285f82cd
8f35b656acf89c498137859d20050e91917f8e1255b2bc832be94bada77d995e
ceec846322efec91a63ccd7c7d369661a99347961bc00e4396d528d9b080f31c
ee99c11a29e9fce7889f63a5dbfc0ce986814945ee80956a73b174ba17d89ed0
f6d1534997dea482ae29ece648fcc0ac922a4fbde27b6b2091ebf004f80d8e21