urlscan.io logo urlscan.io
SecurityTrails logo

new.ustrinitycustom.com Open in urlscan Pro
64.207.176.165  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://new.ustrinitycustom.com/xBananaV3/
Effective URL: https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/myaccount/signin/?country.x=DE&locale.x=en_DE
Submission: On February 11 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 64.207.176.165, located in Culver City, United States and belongs to MEDIATEMPLE - Media Temple, Inc., US. The main domain is new.ustrinitycustom.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 24th 2018. Valid for: 3 months.
This is the only time new.ustrinitycustom.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
3 7 64.207.176.165 31815 (MEDIATEMPLE)
4 1
Apex Domain
Subdomains		 Transfer
7 ustrinitycustom.com
new.ustrinitycustom.com
40 KB
4 1
Domain Requested by
7 new.ustrinitycustom.com 3 redirects new.ustrinitycustom.com
4 1

This site contains no links.

Subject Issuer Validity Valid
new.ustrinitycustom.com
cPanel, Inc. Certification Authority		 2018-12-24 -
2019-03-24		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/myaccount/signin/?country.x=DE&locale.x=en_DE
Frame ID: 28BC79F44E84B1560F323C8902E6DEE2
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://new.ustrinitycustom.com/xBananaV3/ HTTP 302
    https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988 HTTP 301
    https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/ HTTP 302
    https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/myaccount/signin/?country.x=DE&locale.x=... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js/i
  • env /^jQuery$/i

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

39 kB
Transfer

109 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://new.ustrinitycustom.com/xBananaV3/ HTTP 302
    https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988 HTTP 301
    https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/ HTTP 302
    https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/myaccount/signin/?country.x=DE&locale.x=en_DE Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/myaccount/signin/
Redirect Chain
  • https://new.ustrinitycustom.com/xBananaV3/
  • https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988
  • https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/
  • https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/myaccount/signin/?country.x=DE&locale.x=en_DE
7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/myaccount/signin/?country.x=DE&locale.x=en_DE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.207.176.165 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
Software
Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 / PHP/5.6.40
Resource Hash
6d3d65096d7b7426ae703b2a177168788dd1b036d176f015dabd4bbd85257f40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
new.ustrinitycustom.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate, br
Cookie
PHPSESSID=331a0fcaf3096660c08c8f891b043161
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:02:57 GMT
Server
Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
X-Powered-By
PHP/5.6.40
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Content-Length
2252
Keep-Alive
timeout=5, max=97
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Mon, 11 Feb 2019 17:02:56 GMT
Server
Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
X-Powered-By
PHP/5.6.40
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
X-Frame-Options
SAMEORIGIN
LOCATION
myaccount/signin/?country.x=DE&locale.x=en_DE
Vary
User-Agent
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=98
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
L-xBanana.css
new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/lib/css/ 		13 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/lib/css/L-xBanana.css
Requested by
Host: new.ustrinitycustom.com
URL: https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/myaccount/signin/?country.x=DE&locale.x=en_DE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.207.176.165 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
Software
Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash
1bcda772b32139bbd18696ba5a08fc2da9731cecf88d6b904cb953107484f55f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
new.ustrinitycustom.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/myaccount/signin/?country.x=DE&locale.x=en_DE
Cookie
PHPSESSID=331a0fcaf3096660c08c8f891b043161
Connection
keep-alive
Cache-Control
no-cache
Referer
https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/myaccount/signin/?country.x=DE&locale.x=en_DE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:02:57 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Vary
Accept-Encoding,User-Agent
Content-Length
3306
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 11 Feb 2019 17:02:56 GMT
Server
Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
ETag
"3332-581a147b1916c-gzip"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Expires
Wed, 13 Mar 2019 17:02:57 GMT
jquery.js
new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/lib/js/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/lib/js/jquery.js
Requested by
Host: new.ustrinitycustom.com
URL: https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/myaccount/signin/?country.x=DE&locale.x=en_DE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.207.176.165 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
Software
Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash
2a1f1370eb7b24a307312112427dfd544fb838a8bef66babc936f5e870a22e52
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
new.ustrinitycustom.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/myaccount/signin/?country.x=DE&locale.x=en_DE
Cookie
PHPSESSID=331a0fcaf3096660c08c8f891b043161
Connection
keep-alive
Cache-Control
no-cache
Referer
https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/myaccount/signin/?country.x=DE&locale.x=en_DE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:02:57 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Vary
Accept-Encoding,User-Agent
Content-Length
30011
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 11 Feb 2019 17:02:56 GMT
Server
Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
ETag
"15147-581a147b181cc-gzip"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Expires
Wed, 13 Mar 2019 17:02:57 GMT
kl_h4aXX6987PO.svg
new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/lib/img/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/lib/img/kl_h4aXX6987PO.svg
Requested by
Host: new.ustrinitycustom.com
URL: https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/myaccount/signin/?country.x=DE&locale.x=en_DE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.207.176.165 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
Software
Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
new.ustrinitycustom.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/lib/css/L-xBanana.css
Cookie
PHPSESSID=331a0fcaf3096660c08c8f891b043161
Connection
keep-alive
Cache-Control
no-cache
Referer
https://new.ustrinitycustom.com/xBananaV3/customer_center/Secure988/lib/css/L-xBanana.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:02:57 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Vary
Accept-Encoding,User-Agent
Content-Length
1929
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 11 Feb 2019 17:02:56 GMT
Server
Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
ETag
"1351-581a147b17de4-gzip"
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=95
Expires
Wed, 13 Mar 2019 17:02:57 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery

1 Cookies

Domain/Path Name / Value
new.ustrinitycustom.com/ Name: PHPSESSID
Value: 331a0fcaf3096660c08c8f891b043161

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block