![](/screenshots/7a3b77ed-4cb6-4706-810a-2aad62a39683.png)
voiceattmessagelisteningreturninboxhes.ubpages.com
Open in
urlscan Pro
104.18.41.137
Malicious Activity!
Public Scan
Submission: On May 10 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by E1 on April 4th 2024. Valid for: 3 months.
This is the only time voiceattmessagelisteningreturninboxhes.ubpages.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AT&T (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 104.18.41.137 104.18.41.137 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 13.32.110.118 13.32.110.118 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 18.66.188.27 18.66.188.27 | 16509 (AMAZON-02) (AMAZON-02) | |
12 | 4 |
ASN13335 (CLOUDFLARENET, US)
voiceattmessagelisteningreturninboxhes.ubpages.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-32-110-118.vie50.r.cloudfront.net
builder-assets.unbounce.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-188-27.muc50.r.cloudfront.net
d9hhrg4mnvzow.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
ubpages.com
voiceattmessagelisteningreturninboxhes.ubpages.com |
20 KB |
3 |
cloudfront.net
d9hhrg4mnvzow.cloudfront.net |
11 KB |
2 |
unbounce.com
builder-assets.unbounce.com — Cisco Umbrella Rank: 23341 app.unbounce.com Failed |
44 KB |
12 | 3 |
Domain | Requested by | |
---|---|---|
4 | voiceattmessagelisteningreturninboxhes.ubpages.com |
voiceattmessagelisteningreturninboxhes.ubpages.com
|
3 | d9hhrg4mnvzow.cloudfront.net |
voiceattmessagelisteningreturninboxhes.ubpages.com
|
2 | builder-assets.unbounce.com |
voiceattmessagelisteningreturninboxhes.ubpages.com
|
0 | app.unbounce.com Failed |
voiceattmessagelisteningreturninboxhes.ubpages.com
|
12 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ubpages.com E1 |
2024-04-04 - 2024-07-03 |
3 months | crt.sh |
*.unbounce.com Amazon RSA 2048 M03 |
2023-12-10 - 2025-01-07 |
a year | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2023-10-10 - 2024-09-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://voiceattmessagelisteningreturninboxhes.ubpages.com/c28665fa-0ef2-11ef-ac9f-268d5436c7b2/
Frame ID: 832DB6038FB9E25BDAC3941F7BC8A75C
Requests: 13 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
voiceattmessagelisteningreturninboxhes.ubpages.com/c28665fa-0ef2-11ef-ac9f-268d5436c7b2/ |
15 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-59ed514.z.css
builder-assets.unbounce.com/published-css/ |
15 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e6c35f50fd3355ae56cc4292c3ae66e2e57ced28.js
voiceattmessagelisteningreturninboxhes.ubpages.com/_ub/static/ts/ |
44 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.bundle-a5a8d12.z.js
builder-assets.unbounce.com/published-js/ |
137 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
0cfbc59a-bb62-407a-bb7d-444a72d8a3de
https://app.unbounce.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
ba34517c-5cb3-478a-9693-06ee048d1c83
https://app.unbounce.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
i
voiceattmessagelisteningreturninboxhes.ubpages.com/_ub/ |
2 B 232 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
c6893cc2-10b1-4c2f-a386-6a2554bcae53
https://voiceattmessagelisteningreturninboxhes.ubpages.com/ |
5 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uj59ow-screenshot-2024-02-27-at-20-16-24-login-screen_10a405e000000000000028.png
d9hhrg4mnvzow.cloudfront.net/voiceattmessagelisteningreturninboxhes.ubpages.com/c28665fa-0ef2-11ef-ac9f-268d5436c7b2/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1t3r63v-screenshot-2024-02-27-at-20-16-44-login-screen_10be02x000000000000028.png
d9hhrg4mnvzow.cloudfront.net/voiceattmessagelisteningreturninboxhes.ubpages.com/c28665fa-0ef2-11ef-ac9f-268d5436c7b2/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2sryyw-screenshot-2024-02-27-at-20-16-59-login-screen_10x202z000000000000028.png
d9hhrg4mnvzow.cloudfront.net/voiceattmessagelisteningreturninboxhes.ubpages.com/c28665fa-0ef2-11ef-ac9f-268d5436c7b2/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
voiceattmessagelisteningreturninboxhes.ubpages.com/ |
47 B 109 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- app.unbounce.com
- URL
- blob:https://app.unbounce.com/0cfbc59a-bb62-407a-bb7d-444a72d8a3de
- Domain
- app.unbounce.com
- URL
- blob:https://app.unbounce.com/ba34517c-5cb3-478a-9693-06ee048d1c83
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AT&T (Telecommunication)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ub object| module function| ubSnowplow boolean| ubSnowplowInitialized function| setImmediate function| clearImmediate boolean| VimeoPlayerResizeEmbeds_ boolean| VimeoSeoMetadataAppended boolean| VimeoCheckedUrlTimeParam4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
voiceattmessagelisteningreturninboxhes.ubpages.com/c28665fa-0ef2-11ef-ac9f-268d5436c7b2/ | Name: ubpv Value: a%2Cc28665fa-0ef2-11ef-ac9f-268d5436c7b2 |
|
voiceattmessagelisteningreturninboxhes.ubpages.com/ | Name: ubvs Value: 7ac63fe8-7120-4c4c-bf9e-1500d17c0a44 |
|
.ubpages.com/ | Name: ubvt Value: v2%7C7ac63fe8-7120-4c4c-bf9e-1500d17c0a44%7Cc28665fa-0ef2-11ef-ac9f-268d5436c7b2%3Aa%3Asingle%3Asingle |
|
.ubpages.com/ | Name: __cf_bm Value: u64_my6TpriteJYwqecMdi83UKcMe98612odrCEwxz0-1715372877-1.0.1.1-LClcH801lgWikLeFXz2OfyNvm4CXQyU7eB5YN4NReOeBj.e5TrqByw7OAIqDXYhALBLIn0ip9jzKaykrFXm0sA |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app.unbounce.com
builder-assets.unbounce.com
d9hhrg4mnvzow.cloudfront.net
voiceattmessagelisteningreturninboxhes.ubpages.com
app.unbounce.com
104.18.41.137
13.32.110.118
18.66.188.27
00ee2a14dbde4361b87ee179eb2f13a28a2a82631efa215b4d22a255f5d0c9cc
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
3e55c65376ee0fb13479c2abc2591bff5e482ce15f18dfd66fd40644aff2c5f2
59ed514fd33b3003e22be31ac180a0b4c519d8393eed635773e00ee739f71773
a5a8d12fd14e458de67b0e0fbd68ad22a3c5fc24c46f0c22925a9defb10808a1
b332b9c2068a643b359e3bee240c682583624ea2d9575a2c38ccd37f93360fd2
b66507f5e45846b241d26ff729d056950e4e178dbd95eabe8ddf928b3b9354c3
c4ab16fd7cfc53638fd929f76fae270e35d7748278bcdd7fe7d04dd3525f4928
cd8b79123a843eee64985a23257e2fab80ef2c4c08427b688ea979671fc1c457
d36d6643cc4302252f8f04382729518e231fb1087a0cf7c8dbb441ce7f07b623
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629