speedfitufh.co.za
Open in
urlscan Pro
156.38.175.59
Malicious Activity!
Public Scan
Submission: On April 15 via manual from US
Summary
TLS certificate: Issued by R3 on February 24th 2021. Valid for: 3 months.
This is the only time speedfitufh.co.za was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Charles Schwab (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 156.38.175.59 156.38.175.59 | 37153 (xneelo) (xneelo) | |
1 | 23.79.157.84 23.79.157.84 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:2b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 | 2606:4700::68... 2606:4700::6810:135e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:82b::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 35.244.174.68 35.244.174.68 | 15169 (GOOGLE) (GOOGLE) | |
1 | 52.30.177.128 52.30.177.128 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 54.76.54.153 54.76.54.153 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 23.79.147.199 23.79.147.199 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
15 | 11 |
ASN37153 (xneelo, ZA)
PTR: hestia.thishost.co.za
speedfitufh.co.za |
ASN16625 (AKAMAI-AS, US)
PTR: a23-79-157-84.deploy.static.akamaitechnologies.com
www.schwab.com |
ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com | |
stackpath.bootstrapcdn.com |
ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
di.rlcdn.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-177-128.eu-west-1.compute.amazonaws.com
insight.adsrvr.org |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-54-153.eu-west-1.compute.amazonaws.com
schwab.demdex.net |
ASN16625 (AKAMAI-AS, US)
PTR: a23-79-147-199.deploy.static.akamaitechnologies.com
content.schwab.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
speedfitufh.co.za
speedfitufh.co.za |
66 KB |
3 |
schwab.com
www.schwab.com content.schwab.com |
78 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com |
26 KB |
1 |
demdex.net
schwab.demdex.net |
3 KB |
1 |
adsrvr.org
insight.adsrvr.org |
261 B |
1 |
rlcdn.com
di.rlcdn.com |
66 B |
1 |
googleapis.com
ajax.googleapis.com |
29 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
7 KB |
1 |
jquery.com
code.jquery.com |
24 KB |
15 | 9 |
Domain | Requested by | |
---|---|---|
4 | speedfitufh.co.za |
speedfitufh.co.za
|
2 | content.schwab.com |
speedfitufh.co.za
|
1 | schwab.demdex.net |
speedfitufh.co.za
|
1 | insight.adsrvr.org |
speedfitufh.co.za
|
1 | di.rlcdn.com |
speedfitufh.co.za
|
1 | stackpath.bootstrapcdn.com |
speedfitufh.co.za
|
1 | ajax.googleapis.com |
speedfitufh.co.za
|
1 | maxcdn.bootstrapcdn.com |
speedfitufh.co.za
|
1 | cdnjs.cloudflare.com |
speedfitufh.co.za
|
1 | code.jquery.com |
speedfitufh.co.za
|
1 | www.schwab.com |
speedfitufh.co.za
|
15 | 11 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cpcalendars.speedfitufh.co.za R3 |
2021-02-24 - 2021-05-25 |
3 months | crt.sh |
www.schwab.com DigiCert SHA2 Extended Validation Server CA |
2020-04-20 - 2021-05-13 |
a year | crt.sh |
jquery.org Sectigo RSA Domain Validation Secure Server CA |
2020-10-06 - 2021-10-16 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-21 - 2021-10-20 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-03-16 - 2021-06-08 |
3 months | crt.sh |
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA |
2021-02-25 - 2022-03-28 |
a year | crt.sh |
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020 |
2021-03-18 - 2022-04-19 |
a year | crt.sh |
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1 |
2020-12-02 - 2022-01-02 |
a year | crt.sh |
content.schwab.com DigiCert SHA2 Extended Validation Server CA |
2020-07-07 - 2021-07-19 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
https://speedfitufh.co.za/bgj/
Frame ID: 7A4218468456AC492BA72CBB075110AD
Requests: 13 HTTP requests in this frame
Frame:
https://di.rlcdn.com/458599.html?pdata=urlpath%3DcLogin
Frame ID: A29A8B43548239A7DB32D0019AA4797E
Requests: 1 HTTP requests in this frame
Frame:
https://insight.adsrvr.org/track/evnt/?ct=0:2ovpoyp&adv=trd1yy4&fmt=4
Frame ID: 0D06A3943EFFEEDD9BDC279585E643BB
Requests: 1 HTTP requests in this frame
Frame:
https://schwab.demdex.net/dest5.html?d_nsid=0
Frame ID: B10AAD04BC4A35A572EDA4339B958D2F
Requests: 1 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
speedfitufh.co.za/bgj/ |
21 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
main.css
speedfitufh.co.za/bgj/css/ |
26 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
login-component-responsive-secondary.css
speedfitufh.co.za/bgj/css/ |
51 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SCH-AMEX-55-BAU_2020DualBanner_0720-0RS4.png
www.schwab.com/public/file/P-10712105/ |
14 KB 15 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
458599.html
di.rlcdn.com/ Frame A29A |
0 66 B |
Document
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
insight.adsrvr.org/track/evnt/ Frame 0D06 |
70 B 261 B |
Document
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dest5.html
schwab.demdex.net/ Frame B10A |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
icons.png
speedfitufh.co.za/bgj/images/ |
46 KB 46 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
schwabsafe_logo.svg
content.schwab.com/web/login/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background_image_exblur_dev2b.jpg
content.schwab.com/web/login/ |
61 KB 61 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Charles Schwab (Financial)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| Popper object| bootstrap0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdnjs.cloudflare.com
code.jquery.com
content.schwab.com
di.rlcdn.com
insight.adsrvr.org
maxcdn.bootstrapcdn.com
schwab.demdex.net
speedfitufh.co.za
stackpath.bootstrapcdn.com
www.schwab.com
156.38.175.59
2001:4de0:ac18::1:a:2b
23.79.147.199
23.79.157.84
2606:4700::6810:135e
2606:4700::6812:bcf
2a00:1450:4001:82b::200a
35.244.174.68
52.30.177.128
54.76.54.153
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0af1b8f95cdbc2ab5c95be1a0b5e550f343f6c80bdde3ff645dfee89b2d2bbab
0c1f7d2d3fa4ed7ec3cf2519cd017ddb5bc8de757e00ed8f84cd8991059a0631
2ccc4d3be744a29473fefe2f313fdae488f460b85a47e8427f748358a54ba048
4f1c666dd0c465931a25fcca204f0e0913828b2acae46a5386f592b5de7b837a
4f5b35239a5b6cdaeac327f090a14bdcc0957d526250ca369762fa0e74c23f30
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
689137464c584b5cc1afb209ecf7e0ef9b0ac8648b0d0945561edaf46f650c40
69956546b189eee14c0fb675f03ec33fc504fc2c274dc196e858edd5d1f12273
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
e87107962df2fa9db2bfb003dcb609f364cc8964242f1a7f8af98239e44ca472