securerobinh0oodverify.com
Open in
urlscan Pro
2001:df1:7800:2::e064
Malicious Activity!
Public Scan
Submission: On March 03 via automatic, source openphish — Scanned from DE
Summary
This is the only time securerobinh0oodverify.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Robinhood (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2001:df1:7800... 2001:df1:7800:2::e064 | 58487 (CRI-AS-AP...) (CRI-AS-AP CV. Rumahweb Indonesia) | |
1 | 143.204.55.113 143.204.55.113 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 3 |
ASN58487 (CRI-AS-AP CV. Rumahweb Indonesia, ID)
securerobinh0oodverify.com |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-55-113.osl50.r.cloudfront.net
cdn.robinhood.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
securerobinh0oodverify.com
securerobinh0oodverify.com |
3 MB |
1 |
robinhood.com
cdn.robinhood.com — Cisco Umbrella Rank: 17977 |
379 KB |
3 | 2 |
Domain | Requested by | |
---|---|---|
2 | securerobinh0oodverify.com |
securerobinh0oodverify.com
|
1 | cdn.robinhood.com |
securerobinh0oodverify.com
|
3 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.robinhood.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-03-29 - 2023-04-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://securerobinh0oodverify.com/login/?sessions=97a42595fbf5c568fb80eace5fbb1495&id_session=ea7b0c3afaa86df49e517507a6e42df3c6bc30c4
Frame ID: 060ED9188F9FABF78730F704B331FB8A
Requests: 8 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
securerobinh0oodverify.com/login/ |
3 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
securerobinh0oodverify.com/css/ |
3 MB 3 MB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
632fcb3e7ed928b2a960f3e003d10b44.jpg
cdn.robinhood.com/assets/generated_assets/ |
378 KB 379 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
19 KB 19 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
19 KB 19 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
17 KB 17 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
17 KB 17 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
17 KB 17 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Robinhood (Financial)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.robinhood.com
securerobinh0oodverify.com
143.204.55.113
2001:df1:7800:2::e064
01373b02ad74b5c99cc5abd66cc1acf1cc4fffc85a51a16212e6f40d0de3f126
0f4a23c77efcc39a00f821331bdf4790e3fd934a4b72c6b9e91f5c87787e4651
226fad4850092e9f9788bd067517dfc24f348daaf3c9f8c160a08bedfcfe98f6
4d48f3e554379b6d395df85361f5dc612be123f135706def265808c0ab02d4b0
6573ba5ca76b29d5ffe83d94b27a4a8a09c8d5c8d5f2ca0719aaeef6856042d8
9f008fbf30ea35ee63d658fb297dd10e4d76b731dbbfb11b5bc16f3f0399e5a8
c64f5747ba22330e43c7e75d3bbabaf9b11a56c46d7f98c868482d64f09e5cd6
d6e0f9a85b076741a771ec8574c1278fb65fe34160e73bd8beffa2f927831302