ifiik.bzqgn.yoaucenmsda.ycnjsvu.fzqmwlnv.sgjqalnqdsjrtb.upgx.pbhw.fdgrergfddf.duckdns.org
Open in
urlscan Pro
23.94.5.213
Malicious Activity!
Public Scan
Effective URL: http://ifiik.bzqgn.yoaucenmsda.ycnjsvu.fzqmwlnv.sgjqalnqdsjrtb.upgx.pbhw.fdgrergfddf.duckdns.org/559449huntington/07a4ec04cf3a2cc56d4302b38be2a4ab/dlektbv?email=%3Cspan%20style=%27color:green%2...
Submission: On June 14 via manual from US
Summary
This is the only time ifiik.bzqgn.yoaucenmsda.ycnjsvu.fzqmwlnv.sgjqalnqdsjrtb.upgx.pbhw.fdgrergfddf.duckdns.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Huntington Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 192.3.251.32 192.3.251.32 | 36352 (AS-COLOCR...) (AS-COLOCROSSING) | |
1 | 23.94.5.213 23.94.5.213 | 36352 (AS-COLOCR...) (AS-COLOCROSSING) | |
17 | 2.16.186.139 2.16.186.139 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
5 | 2.16.186.147 2.16.186.147 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 52.189.67.17 52.189.67.17 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
24 | 4 |
ASN36352 (AS-COLOCROSSING, US)
PTR: 192-3-251-32-host.colocrossing.com
prestigeinhornecare.com |
ASN36352 (AS-COLOCROSSING, US)
PTR: 23-94-5-213-host.colocrossing.com
ifiik.bzqgn.yoaucenmsda.ycnjsvu.fzqmwlnv.sgjqalnqdsjrtb.upgx.pbhw.fdgrergfddf.duckdns.org |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-139.deploy.static.akamaitechnologies.com
onlinebanking.huntington.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-147.deploy.static.akamaitechnologies.com
www.huntington.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
huntingtonbank.inq.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
huntington.com
onlinebanking.huntington.com www.huntington.com |
70 KB |
1 |
inq.com
huntingtonbank.inq.com |
7 KB |
1 |
duckdns.org
ifiik.bzqgn.yoaucenmsda.ycnjsvu.fzqmwlnv.sgjqalnqdsjrtb.upgx.pbhw.fdgrergfddf.duckdns.org |
11 KB |
1 |
prestigeinhornecare.com
1 redirects
prestigeinhornecare.com |
1 KB |
24 | 4 |
Domain | Requested by | |
---|---|---|
17 | onlinebanking.huntington.com |
ifiik.bzqgn.yoaucenmsda.ycnjsvu.fzqmwlnv.sgjqalnqdsjrtb.upgx.pbhw.fdgrergfddf.duckdns.org
onlinebanking.huntington.com |
5 | www.huntington.com |
ifiik.bzqgn.yoaucenmsda.ycnjsvu.fzqmwlnv.sgjqalnqdsjrtb.upgx.pbhw.fdgrergfddf.duckdns.org
www.huntington.com |
1 | huntingtonbank.inq.com |
www.huntington.com
|
1 | ifiik.bzqgn.yoaucenmsda.ycnjsvu.fzqmwlnv.sgjqalnqdsjrtb.upgx.pbhw.fdgrergfddf.duckdns.org | |
1 | prestigeinhornecare.com | 1 redirects |
24 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.huntington.com |
selfservice.huntington.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
huntington.com GeoTrust EV RSA CA 2018 |
2020-07-08 - 2022-07-13 |
2 years | crt.sh |
*.inq.com GeoTrust RSA CA 2018 |
2019-10-30 - 2021-12-08 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
http://ifiik.bzqgn.yoaucenmsda.ycnjsvu.fzqmwlnv.sgjqalnqdsjrtb.upgx.pbhw.fdgrergfddf.duckdns.org/559449huntington/07a4ec04cf3a2cc56d4302b38be2a4ab/dlektbv?email=%3Cspan%20style=%27color:green%27%20title=%27Will%20be%20replaced%20with%20the%20subscriber%27s%20email%20address%27%3E[EMAIL%20ADDRESS%20GOES%20HERE]%3C/span%3E
Frame ID: B523DBDCF138222DE11BEF942F84560D
Requests: 23 HTTP requests in this frame
Frame:
https://onlinebanking.huntington.com/nuance/nuanceChat.html?IFRAME&nuance-frame-ac=0
Frame ID: 16548014E87FBA4AE296BC8A87ECAA8C
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://prestigeinhornecare.com/log/degkijzvponhtxq/dlektbv/559449huntington/07a4ec04cf3a2cc56d4302b38be2a4a...
HTTP 302
http://ifiik.bzqgn.yoaucenmsda.ycnjsvu.fzqmwlnv.sgjqalnqdsjrtb.upgx.pbhw.fdgrergfddf.duckdns.org/559449huntington/07a4ec04cf3a2cc56d4302b38be2a4ab/dlektbv?email=%3Cspan%20st... Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- html /<input[^>]+name="__VIEWSTATE/i
Microsoft ASP.NET (Web Frameworks) Expand
Detected patterns
- html /<input[^>]+name="__VIEWSTATE/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- html /<input[^>]+name="__VIEWSTATE/i
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Title: Contact Us
Search URL Search Domain Scan URL
Title: Forgot Password?
Search URL Search Domain Scan URL
Title: Enroll in Online Banking
Search URL Search Domain Scan URL
Title: Identity Protection
Search URL Search Domain Scan URL
Title: Security
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Online Guarantee
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://prestigeinhornecare.com/log/degkijzvponhtxq/dlektbv/559449huntington/07a4ec04cf3a2cc56d4302b38be2a4ab?email=%3Cspan%20style=%27color:green%27%20title=%27Will%20be%20replaced%20with%20the%20subscriber%27s%20email%20address%27%3E%5BEMAIL%20ADDRESS%20GOES%20HERE%5D%3C/span%3E
HTTP 302
http://ifiik.bzqgn.yoaucenmsda.ycnjsvu.fzqmwlnv.sgjqalnqdsjrtb.upgx.pbhw.fdgrergfddf.duckdns.org/559449huntington/07a4ec04cf3a2cc56d4302b38be2a4ab/dlektbv?email=%3Cspan%20style=%27color:green%27%20title=%27Will%20be%20replaced%20with%20the%20subscriber%27s%20email%20address%27%3E[EMAIL%20ADDRESS%20GOES%20HERE]%3C/span%3E Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
dlektbv
ifiik.bzqgn.yoaucenmsda.ycnjsvu.fzqmwlnv.sgjqalnqdsjrtb.upgx.pbhw.fdgrergfddf.duckdns.org/559449huntington/07a4ec04cf3a2cc56d4302b38be2a4ab/ Redirect Chain
|
30 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
reset.css
onlinebanking.huntington.com/rol/Styles/Structure/960/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
text.css
onlinebanking.huntington.com/rol/Styles/Structure/960/ |
1 KB 900 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
960_16_col.css
onlinebanking.huntington.com/rol/Styles/Structure/960/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
huntington-rol.css
onlinebanking.huntington.com/rol/Styles/Presentation/ |
57 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
propertyClasses.css
onlinebanking.huntington.com/rol/Styles/Presentation/ |
598 B 918 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
widgets.css
onlinebanking.huntington.com/rol/Styles/Presentation/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
NavBar.css
onlinebanking.huntington.com/rol/Styles/Navigation/ |
2 KB 990 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui-1.8.9.custom.css
onlinebanking.huntington.com/rol/Styles/JQueryUIThemes/custom-theme/ |
59 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modal-dialog.css
onlinebanking.huntington.com/rol/Styles/Presentation/ |
1 KB 920 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hnb.aria.common.css
onlinebanking.huntington.com/rol/Styles/ |
574 B 894 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Auth.css
onlinebanking.huntington.com/rol/Styles/Presentation/Auth/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
site-survey.min.css
www.huntington.com/Presentation/Styles/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oo_icon_retina_black.gif
www.huntington.com/Presentation/onlineopinionV5/ |
552 B 951 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chat-fab.js
www.huntington.com/Presentation/Scripts/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
site-survey.min.js
www.huntington.com/Presentation/Scripts/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-lg.png
onlinebanking.huntington.com/rol/Images/UI/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lock.gif
onlinebanking.huntington.com/rol/images/ |
870 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hexlogo-footer-icon.png
onlinebanking.huntington.com/rol/Images/ |
333 B 654 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
huntington-rol-print.css
onlinebanking.huntington.com/rol/Styles/Presentation/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
background-960.jpg
onlinebanking.huntington.com/rol/Images/UI/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nuanceChat.html
onlinebanking.huntington.com/nuance/ Frame 1654 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inqChatLaunch10006663.js
huntingtonbank.inq.com/chatskins/launch/ |
22 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oo_engine.min.js
www.huntington.com/Presentation/Scripts/ |
45 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Huntington Bank (Banking)25 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| chatFab object| nuanceData object| siteSurvey object| OOo undefined| cookies undefined| cookie undefined| eqPos undefined| cookieName undefined| href undefined| _script function| getParentV3LanderConfig function| getOpenerV3LanderConfig function| getV3LanderConfigProperty function| evaluateLegacySettings object| v3LanderConfig object| v3Lander object| InqRegistry0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
huntingtonbank.inq.com
ifiik.bzqgn.yoaucenmsda.ycnjsvu.fzqmwlnv.sgjqalnqdsjrtb.upgx.pbhw.fdgrergfddf.duckdns.org
onlinebanking.huntington.com
prestigeinhornecare.com
www.huntington.com
192.3.251.32
2.16.186.139
2.16.186.147
23.94.5.213
52.189.67.17
15f5836e52324d46e89eed325a5de5158f0d9bb29d59e1ffc381d961a1f6980d
1bf7836282cf0a1f1cae452a2b7d03f4857827aa682e36562831fe3bc34f30a5
22d1d430fb9575bcf54932ea71e39ccaccd62c19ca67270d56ef30f56d56f67e
24cf21f193e68d68b904cbaee94a24ee60140d7e570a6873e3e4f45724c74ef5
2f9215b9ab85c0e224d2d0b37b77be86fed52ded385e96aff0f1beb32f3fe5cc
3de2992764859f7d334186c4166f0c16cfb6f38da0e1fdb0f477b7c6a08485dd
408236bad13858212891ee9591c5f10f4e11b891f6001f5327c146afe9d10d45
4183be66219d8fcbeefc40c65029ae45cd6c27e3fb469cf85633af1876b8bebf
4e397d4cdd3f6b1da8992479abdeb0443f24d852e63ec5c0c7ed2dd3f0fdc34b
5004955beb1117ea2bab2134cb77fa518336aeedc87d69d618b8ec0ccfe59765
5651db6cf27864f6a9fc7b44bce870b799057c58d7fc0e32f5a640172a88a7e3
65916412ccdbd807d52915f418c2d5ea5451a2bc1af904ab8702634e88e54991
70c00dd2e53aff643a9cd3f6bd7fcecf934056d5c076c3540b89c9d05a96e012
7d24af619103660b68ae10e64670d3393f5a9e679ef9d69e72a7479071aeb806
88f039834ad283597f08b9dc10a59c598a7a9f52630f49285361cc703d51da7a
895f1145b735fc25b1eb72359fa693b52b13c3e950b876799893e42ace819a36
8aa0a535b8d47209c6a2dfc8f3168f5922e84d5aafb98e8a9db0300dddadacaf
ac4c79f5ea44ab2c5a9871c08098066c6ad1d6b87293dd8f19045ce0559d2c19
bda16e261ada8f8e66d204ce57bc125ba37369576067f1bb1e22281d4340d66e
deb61527bc56e95dddf597d429991ca5a6002890ab8990b3c268926e6920b505
e226a30e910cd4638a4ff1fbf8ba8e926ef0e01678e74dfac812c334a9985328
f33405222de0255a55f814166c7e8ee6ae8f6bc168566c711420c177b2f18feb
f35791a298f11f56a270a7fe6e0eec32c073de76e1ba54e126b6a765ff3ae200