www.sun-dashboard.ml Open in urlscan Pro
91.224.23.226  Malicious Activity! Public Scan

Submitted URL: https://llk.dk/mfmrey
Effective URL: https://www.sun-dashboard.ml/SUN/index2.php?https://login.onlinebanking.suntrust.com/olb/login?ReasonCode=6004?type=pwd
Submission Tags: phishing
Submission: On June 10 via api from US

Summary

This website contacted 5 IPs in 4 countries across 4 domains to perform 11 HTTP transactions. The main IP is 91.224.23.226, located in Russian Federation and belongs to AS-REG, RU. The main domain is www.sun-dashboard.ml.
TLS certificate: Issued by R3 on June 9th 2021. Valid for: 3 months.
This is the only time www.sun-dashboard.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Suntrust (Banking)

Domain & IP information

Apex Domain
Subdomains
Transfer
5 gstatic.com
www.gstatic.com
fonts.gstatic.com
113 KB
4 sun-dashboard.ml
www.sun-dashboard.ml
65 KB
2 page.link
bb199pp.page.link
10 KB
1 llk.dk
llk.dk
617 B
11 4
Domain Requested by
4 www.sun-dashboard.ml www.gstatic.com
www.sun-dashboard.ml
4 www.gstatic.com bb199pp.page.link
www.gstatic.com
2 bb199pp.page.link www.gstatic.com
1 fonts.gstatic.com bb199pp.page.link
1 llk.dk 1 redirects
11 5

This site contains no links.

Subject Issuer Validity Valid
*.page.link
GTS CA 1O1
2021-05-17 -
2021-08-09
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2021-05-17 -
2021-08-09
3 months crt.sh
*.google.com
GTS CA 1O1
2021-05-10 -
2021-08-02
3 months crt.sh
sun-dashboard.ml
R3
2021-06-09 -
2021-09-07
3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.sun-dashboard.ml/SUN/index2.php?https://login.onlinebanking.suntrust.com/olb/login?ReasonCode=6004?type=pwd
Frame ID: 0C73DB3083074CB4F922CCF03ECBA40E
Requests: 11 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://llk.dk/mfmrey HTTP 302
    https://bb199pp.page.link/iho8?new1 Page URL
  2. https://www.sun-dashboard.ml/SUN/ Page URL
  3. https://www.sun-dashboard.ml/SUN/index2.php?https://login.onlinebanking.suntrust.com/olb/login?ReasonCode... Page URL

Page Statistics

11
Requests

100 %
HTTPS

83 %
IPv6

4
Domains

5
Subdomains

5
IPs

4
Countries

188 kB
Transfer

392 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://llk.dk/mfmrey HTTP 302
    https://bb199pp.page.link/iho8?new1 Page URL
  2. https://www.sun-dashboard.ml/SUN/ Page URL
  3. https://www.sun-dashboard.ml/SUN/index2.php?https://login.onlinebanking.suntrust.com/olb/login?ReasonCode=6004?type=pwd Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://llk.dk/mfmrey HTTP 302
  • https://bb199pp.page.link/iho8?new1

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
iho8
bb199pp.page.link/
Redirect Chain
  • https://llk.dk/mfmrey
  • https://bb199pp.page.link/iho8?new1
31 KB
10 KB
Document
General
Full URL
https://bb199pp.page.link/iho8?new1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e71d496a9e6f21b29d52f1ed9ae9ad3ff0135e2d5b24f0e0d4f6a2bf5b286ee3
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-nQs1xlRlPE75QR1KtItz8w' 'unsafe-inline';object-src 'self';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

:method
GET
:authority
bb199pp.page.link
:scheme
https
:path
/iho8?new1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Response headers

content-type
text/html; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible
IE=edge
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 10 Jun 2021 18:00:46 GMT
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
same-site
content-security-policy
script-src 'nonce-nQs1xlRlPE75QR1KtItz8w' 'unsafe-inline';object-src 'self';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self'
content-encoding
gzip
server
ESF
x-xss-protection
0
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

date
Thu, 10 Jun 2021 18:00:46 GMT
content-type
text/html
location
https://bb199pp.page.link/iho8?new1
x-content-type-options
nosniff
simplycom-server
Apache
cf-cache-status
DYNAMIC
cf-request-id
0a98ae7c2e000016ee24278000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=BwKP8De7wy5LAS%2Bd8maQoEWoTYmuxNexFGxoGb2a32fjhuzZXkhX81xv0XlXBWgg1%2FQ9DrjIV4cszn%2BpoqRPAhz4eGOvewDkwKx%2FYwIQ8cnsF76wn%2BDYRwiS7SoYeOO3"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
65d480404b2216ee-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
m=_b,_tp
www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.6QoAfG_DSBI.es5.O/am=BAAC/d=1/excm=_b,_tp,viewddl/ed=1/dg=0/wt=2/rs=ADpVLP4-V9hDmaN3LysqMgjvhZicWjAGNw/
152 KB
53 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.6QoAfG_DSBI.es5.O/am=BAAC/d=1/excm=_b,_tp,viewddl/ed=1/dg=0/wt=2/rs=ADpVLP4-V9hDmaN3LysqMgjvhZicWjAGNw/m=_b,_tp
Requested by
Host: bb199pp.page.link
URL: https://bb199pp.page.link/iho8?new1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c8bb8dacee25aba08cf413657624bc8d6376bcf6f0bfdc4f5bf7f3314489d02b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bb199pp.page.link/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 08 Jun 2021 17:12:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
175672
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/devplatform-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54498
x-xss-protection
0
last-modified
Fri, 04 Jun 2021 00:28:52 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 08 Jun 2022 17:12:54 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v18/
10 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: bb199pp.page.link
URL: https://bb199pp.page.link/iho8?new1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://bb199pp.page.link
Referer
https://bb199pp.page.link/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 08 Jun 2021 15:06:09 GMT
x-content-type-options
nosniff
age
183277
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10748
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:51 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 15:06:09 GMT
m=byfTOb,lsjVmc,LEikZe
www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.6QoAfG_DSBI.es5.O/ck=boq-devplatform.DurableDeepLinkUi.ZBLSWfMKOK0.L.W1.O/am=BAAC/d=1/exm=_b,_tp/excm=_b,_tp,vie...
36 KB
13 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.6QoAfG_DSBI.es5.O/ck=boq-devplatform.DurableDeepLinkUi.ZBLSWfMKOK0.L.W1.O/am=BAAC/d=1/exm=_b,_tp/excm=_b,_tp,viewddl/ed=1/wt=2/rs=ADpVLP6CYUI8-6IUsZ1wUnYpIjGLJbFu_A/m=byfTOb,lsjVmc,LEikZe
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.6QoAfG_DSBI.es5.O/am=BAAC/d=1/excm=_b,_tp,viewddl/ed=1/dg=0/wt=2/rs=ADpVLP4-V9hDmaN3LysqMgjvhZicWjAGNw/m=_b,_tp
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
52fe1335ad217c28d5ce777c653cbfff9d0342a04b093b64f07d36145ecf41e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bb199pp.page.link/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 08 Jun 2021 16:49:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
177075
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/devplatform-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13336
x-xss-protection
0
last-modified
Thu, 03 Jun 2021 20:30:21 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 08 Jun 2022 16:49:32 GMT
m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,NwH0H,OmgaI,NpD4ec,x60fie,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,iTsyac,KG2eXe,tfTN8c,xcPxA
www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.6QoAfG_DSBI.es5.O/ck=boq-devplatform.DurableDeepLinkUi.ZBLSWfMKOK0.L.W1.O/am=BAAC/d=1/exm=LEikZe,_b,_tp,byfTOb,l...
80 KB
29 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.6QoAfG_DSBI.es5.O/ck=boq-devplatform.DurableDeepLinkUi.ZBLSWfMKOK0.L.W1.O/am=BAAC/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,viewddl/ed=1/wt=2/rs=ADpVLP6CYUI8-6IUsZ1wUnYpIjGLJbFu_A/m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,NwH0H,OmgaI,NpD4ec,x60fie,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,iTsyac,KG2eXe,tfTN8c,xcPxA
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.6QoAfG_DSBI.es5.O/am=BAAC/d=1/excm=_b,_tp,viewddl/ed=1/dg=0/wt=2/rs=ADpVLP4-V9hDmaN3LysqMgjvhZicWjAGNw/m=_b,_tp
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7ee33a91668b72fa1434698e042cbd178ed2b8514e35dfa526c22cffd850ab82
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bb199pp.page.link/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 08 Jun 2021 17:56:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
173061
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/devplatform-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29255
x-xss-protection
0
last-modified
Thu, 03 Jun 2021 20:30:21 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 08 Jun 2022 17:56:26 GMT
batchexecute
bb199pp.page.link/_/DurableDeepLinkUi/data/
145 B
176 B
XHR
General
Full URL
https://bb199pp.page.link/_/DurableDeepLinkUi/data/batchexecute?rpcids=C2fiEc&f.sid=-3222554577794129181&bl=boq_durabledeeplinkserver_20210603.14_p0&hl=en-US&_reqid=72048&rt=c
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.6QoAfG_DSBI.es5.O/am=BAAC/d=1/excm=_b,_tp,viewddl/ed=1/dg=0/wt=2/rs=ADpVLP4-V9hDmaN3LysqMgjvhZicWjAGNw/m=_b,_tp
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-fetch-mode
cors
x-same-domain
1
origin
https://bb199pp.page.link
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
empty
content-length
367
:path
/_/DurableDeepLinkUi/data/batchexecute?rpcids=C2fiEc&f.sid=-3222554577794129181&bl=boq_durabledeeplinkserver_20210603.14_p0&hl=en-US&_reqid=72048&rt=c
pragma
no-cache
user-agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1
content-type
application/x-www-form-urlencoded;charset=UTF-8
accept
*/*
cache-control
no-cache
:authority
bb199pp.page.link
referer
https://bb199pp.page.link/
:scheme
https
sec-fetch-site
same-origin
:method
POST
X-Same-Domain
1
Referer
https://bb199pp.page.link/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 10 Jun 2021 18:00:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
cross-origin-opener-policy
same-origin-allow-popups; report-to="DurableDeepLinkUi"
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy
same-site
content-disposition
attachment; filename="response.bin"; filename*=UTF-8''response.bin
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
m=Wt6vjf,_latency,FCpbqb,WhJNk
www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.6QoAfG_DSBI.es5.O/ck=boq-devplatform.DurableDeepLinkUi.ZBLSWfMKOK0.L.W1.O/am=BAAC/d=1/exm=COQbmf,KG2eXe,LEikZe,N...
18 KB
7 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.6QoAfG_DSBI.es5.O/ck=boq-devplatform.DurableDeepLinkUi.ZBLSWfMKOK0.L.W1.O/am=BAAC/d=1/exm=COQbmf,KG2eXe,LEikZe,NpD4ec,NwH0H,OmgaI,PQaYAf,U0aPgd,ZfAoz,_b,_tp,aurFic,blwjVc,byfTOb,fKUV3e,gychg,iTsyac,lPKSwe,lfpdyf,lsjVmc,tfTN8c,ws9Tlc,x60fie,xUdipf,xcPxA,yDVVkb/excm=_b,_tp,viewddl/ed=1/wt=2/rs=ADpVLP6CYUI8-6IUsZ1wUnYpIjGLJbFu_A/m=Wt6vjf,_latency,FCpbqb,WhJNk
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.6QoAfG_DSBI.es5.O/am=BAAC/d=1/excm=_b,_tp,viewddl/ed=1/dg=0/wt=2/rs=ADpVLP4-V9hDmaN3LysqMgjvhZicWjAGNw/m=_b,_tp
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6a85f3cea5fab74ad30d04c86f34fa31c4d8275824c4463ee1605701843fe236
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bb199pp.page.link/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 08 Jun 2021 23:32:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
152898
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/devplatform-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7465
x-xss-protection
0
last-modified
Thu, 03 Jun 2021 20:30:21 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 08 Jun 2022 23:32:29 GMT
/
www.sun-dashboard.ml/SUN/
181 B
471 B
Document
General
Full URL
https://www.sun-dashboard.ml/SUN/
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.6QoAfG_DSBI.es5.O/am=BAAC/d=1/excm=_b,_tp,viewddl/ed=1/dg=0/wt=2/rs=ADpVLP4-V9hDmaN3LysqMgjvhZicWjAGNw/m=_b,_tp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.224.23.226 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
mskf23-226-v.komtet.ru
Software
nginx/1.16.1 / PHP/5.4.16
Resource Hash
7d69b56a5410edd61624b8b843352db239f8d1eefd02399794576800bf4625e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:method
GET
:authority
www.sun-dashboard.ml
:scheme
https
:path
/SUN/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://bb199pp.page.link/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1
Referer
https://bb199pp.page.link/

Response headers

server
nginx/1.16.1
date
Thu, 10 Jun 2021 18:00:47 GMT
content-type
text/html
vary
Accept-Encoding
x-powered-by
PHP/5.4.16
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
set-cookie
PHPSESSID=cqe7r1i34fmvn2lll8i5sh44o4; path=/
strict-transport-security
max-age=31536000;
content-encoding
gzip
Primary Request index2.php
www.sun-dashboard.ml/SUN/
1 KB
1 KB
Document
General
Full URL
https://www.sun-dashboard.ml/SUN/index2.php?https://login.onlinebanking.suntrust.com/olb/login?ReasonCode=6004?type=pwd
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.224.23.226 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
mskf23-226-v.komtet.ru
Software
nginx/1.16.1 / PHP/5.4.16
Resource Hash
1bb120df2136fcc1ee69fc438b789c78a67b0cbbd9634e7447eca5b44848eba9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:method
GET
:authority
www.sun-dashboard.ml
:scheme
https
:path
/SUN/index2.php?https://login.onlinebanking.suntrust.com/olb/login?ReasonCode=6004?type=pwd
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://www.sun-dashboard.ml/SUN/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
PHPSESSID=cqe7r1i34fmvn2lll8i5sh44o4
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1
Referer
https://www.sun-dashboard.ml/SUN/

Response headers

server
nginx/1.16.1
date
Thu, 10 Jun 2021 18:00:47 GMT
content-type
text/html
vary
Accept-Encoding
x-powered-by
PHP/5.4.16
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
strict-transport-security
max-age=31536000;
content-encoding
gzip
logo.png
www.sun-dashboard.ml/SUN/temp/
58 KB
58 KB
Image
General
Full URL
https://www.sun-dashboard.ml/SUN/temp/logo.png
Requested by
Host: www.sun-dashboard.ml
URL: https://www.sun-dashboard.ml/SUN/index2.php?https://login.onlinebanking.suntrust.com/olb/login?ReasonCode=6004?type=pwd
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.224.23.226 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
mskf23-226-v.komtet.ru
Software
nginx/1.16.1 /
Resource Hash
4417a09a7b173cdf8a80de2b1315ae9db34fad053d4e6a073d0196f7452953c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/SUN/temp/logo.png
pragma
no-cache
cookie
PHPSESSID=cqe7r1i34fmvn2lll8i5sh44o4
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.sun-dashboard.ml
referer
https://www.sun-dashboard.ml/SUN/index2.php?https://login.onlinebanking.suntrust.com/olb/login?ReasonCode=6004?type=pwd
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.sun-dashboard.ml/SUN/index2.php?https://login.onlinebanking.suntrust.com/olb/login?ReasonCode=6004?type=pwd
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Response headers

date
Thu, 10 Jun 2021 18:00:47 GMT
last-modified
Mon, 07 Jun 2021 05:03:18 GMT
server
nginx/1.16.1
etag
"60bda896-e717"
strict-transport-security
max-age=31536000;
content-type
image/png
accept-ranges
bytes
content-length
59159
captcha.php
www.sun-dashboard.ml/SUN/temp/
5 KB
5 KB
Image
General
Full URL
https://www.sun-dashboard.ml/SUN/temp/captcha.php?rand=1691021797a
Requested by
Host: www.sun-dashboard.ml
URL: https://www.sun-dashboard.ml/SUN/index2.php?https://login.onlinebanking.suntrust.com/olb/login?ReasonCode=6004?type=pwd
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.224.23.226 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
mskf23-226-v.komtet.ru
Software
nginx/1.16.1 / PHP/5.4.16
Resource Hash
5adcbb88121a77ba97cce5d65a6e013237d2a8372fe96cf2ddf27b18c5c4d476
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/SUN/temp/captcha.php?rand=1691021797a
pragma
no-cache
cookie
PHPSESSID=cqe7r1i34fmvn2lll8i5sh44o4
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.sun-dashboard.ml
referer
https://www.sun-dashboard.ml/SUN/index2.php?https://login.onlinebanking.suntrust.com/olb/login?ReasonCode=6004?type=pwd
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.sun-dashboard.ml/SUN/index2.php?https://login.onlinebanking.suntrust.com/olb/login?ReasonCode=6004?type=pwd
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Response headers

pragma
no-cache
date
Thu, 10 Jun 2021 18:00:47 GMT
server
nginx/1.16.1
x-powered-by
PHP/5.4.16
strict-transport-security
max-age=31536000;
content-type
image/jpeg
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires
Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Suntrust (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated

0 Cookies

2 Console Messages

Source Level URL
Text
console-api log URL: https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.6QoAfG_DSBI.es5.O/am=BAAC/d=1/excm=_b,_tp,viewddl/ed=1/dg=0/wt=2/rs=ADpVLP4-V9hDmaN3LysqMgjvhZicWjAGNw/m=_b,_tp(Line 424)
Message:
%c%s color: red; background: yellow; font-size: 24px; WARNING!
console-api log URL: https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.6QoAfG_DSBI.es5.O/am=BAAC/d=1/excm=_b,_tp,viewddl/ed=1/dg=0/wt=2/rs=ADpVLP4-V9hDmaN3LysqMgjvhZicWjAGNw/m=_b,_tp(Line 424)
Message:
%c%s font-size: 18px; Using this console may allow attackers to impersonate you and steal your information using an attack called Self-XSS. Do not enter or paste code that you do not understand.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'nonce-nQs1xlRlPE75QR1KtItz8w' 'unsafe-inline';object-src 'self';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0