a0319559.xsph.ru
Open in
urlscan Pro
2a0a:2b43:e6:4182::
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On July 15 via api from GB
Summary
This is the only time a0319559.xsph.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Suntrust (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
14 | 2a0a:2b43:e6:... 2a0a:2b43:e6:4182:: | 35278 (SPRINTHOST) (SPRINTHOST) | |
2 | 18.196.132.206 18.196.132.206 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
22 | 3 |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-196-132-206.eu-central-1.compute.amazonaws.com
nexus.ensighten.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
xsph.ru
a0319559.xsph.ru |
319 KB |
2 |
ensighten.com
nexus.ensighten.com |
1 KB |
0 |
liveperson.net
Failed
lptag.liveperson.net Failed |
|
0 |
suntrust.com
Failed
somni.suntrust.com Failed onlinebanking.suntrust.com Failed |
|
22 | 4 |
Domain | Requested by | |
---|---|---|
14 | a0319559.xsph.ru |
a0319559.xsph.ru
|
2 | nexus.ensighten.com |
a0319559.xsph.ru
|
0 | lptag.liveperson.net Failed |
a0319559.xsph.ru
|
0 | onlinebanking.suntrust.com Failed |
a0319559.xsph.ru
|
0 | somni.suntrust.com Failed |
a0319559.xsph.ru
|
22 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
nexus.ensighten.com DigiCert SHA2 Secure Server CA |
2018-10-17 - 2020-01-05 |
a year | crt.sh |
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh |
This page contains 1 frames:
Primary Page:
http://a0319559.xsph.ru/SunTrustOnline-Zelle/Online/login/Data/6r2gfb6sfh6b14s6w546bh541tsw64b1hsw/1/1.html?PL=_4cf48b6edc7968f64f8215c627e3d5c4=Poland
Frame ID: 5D9B05BCB92CCF172C6683F41DC82558
Requests: 22 HTTP requests in this frame
Screenshot
Detected technologies
Lua (Programming Languages) ExpandDetected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
OpenResty (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
1.html
a0319559.xsph.ru/SunTrustOnline-Zelle/Online/login/Data/6r2gfb6sfh6b14s6w546bh541tsw64b1hsw/1/ |
13 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
s72735887657314
somni.suntrust.com/b/ss/suntrustprod/10/JS-1.8.0/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c27de289d852dd27cd857fa2ce10cfaf.js
nexus.ensighten.com/suntrust/olb/code/ |
24 B 371 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
serverComponent.php
nexus.ensighten.com/suntrust/olb/ |
520 B 757 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dtagent639__1009.js
a0319559.xsph.ru/SunTrustOnline-Zelle/Online/login/Data/6r2gfb6sfh6b14s6w546bh541tsw64b1hsw/1/T.Goe/ |
37 KB 16 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
com-suntrust-olb.min.css
onlinebanking.suntrust.com/UI/assetsbuild/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modernizr.js
a0319559.xsph.ru/SunTrustOnline-Zelle/Online/login/Data/6r2gfb6sfh6b14s6w546bh541tsw64b1hsw/1/T.Goe/ |
11 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.css
a0319559.xsph.ru/SunTrustOnline-Zelle/Online/login/Data/6r2gfb6sfh6b14s6w546bh541tsw64b1hsw/1/T.Goe/ |
315 KB 53 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Bootstrap.js
nexus.ensighten.com/suntrust/olb/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rsalibsmin.js
a0319559.xsph.ru/SunTrustOnline-Zelle/Online/login/Data/6r2gfb6sfh6b14s6w546bh541tsw64b1hsw/1/T.Goe/ |
39 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
require.js
a0319559.xsph.ru/SunTrustOnline-Zelle/Online/login/Data/6r2gfb6sfh6b14s6w546bh541tsw64b1hsw/1/T.Goe/ |
15 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Config.js
a0319559.xsph.ru/SunTrustOnline-Zelle/Online/login/Data/6r2gfb6sfh6b14s6w546bh541tsw64b1hsw/1/T.Goe/ |
19 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
le2-mtagconfig.js
a0319559.xsph.ru/SunTrustOnline-Zelle/Online/login/Data/6r2gfb6sfh6b14s6w546bh541tsw64b1hsw/1/T.Goe/ |
2 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LPAttributes.js
a0319559.xsph.ru/SunTrustOnline-Zelle/Online/login/Data/6r2gfb6sfh6b14s6w546bh541tsw64b1hsw/1/T.Goe/ |
4 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LiveEngageChatSSO.js
a0319559.xsph.ru/SunTrustOnline-Zelle/Online/login/Data/6r2gfb6sfh6b14s6w546bh541tsw64b1hsw/1/T.Goe/ |
300 B 621 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
CommonModule.js
a0319559.xsph.ru/SunTrustOnline-Zelle/Online/login/Data/6r2gfb6sfh6b14s6w546bh541tsw64b1hsw/1/T.Goe/ |
520 KB 163 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Main.js
a0319559.xsph.ru/SunTrustOnline-Zelle/Online/login/Data/6r2gfb6sfh6b14s6w546bh541tsw64b1hsw/1/T.Goe/ |
187 KB 30 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jsrsasignmin.js
a0319559.xsph.ru/SunTrustOnline-Zelle/Online/login/Data/6r2gfb6sfh6b14s6w546bh541tsw64b1hsw/1/T.Goe/ |
63 KB 19 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
tag.js
lptag.liveperson.net/tag/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
.jsonp
lptag.liveperson.net/lptag/api/account/65817029/configuration/applications/taglets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
.jsonp
lptag.liveperson.net/lptag/api/account/65817029/configuration/applications/taglets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
dynaTraceMonitor
a0319559.xsph.ru/UI/ |
289 B 461 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- somni.suntrust.com
- URL
- https://somni.suntrust.com/b/ss/suntrustprod/10/JS-1.8.0/s72735887657314?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=17%2F8%2F2017%200%3A6%3A32%200%20-120&cid.&st_adobeanalytics.&id=43426087135501187330235219221809837903&.st_adobeanalytics&.cid&d.&nsid=0&jsonv=1&.d&mid=43426087135501187330235219221809837903&aamlh=6&ce=UTF-8&ns=suntrust&pageName=STcom%7COLB%7CSignOnDedicated&g=https%3A%2F%2Fonlinebanking.suntrust.com%2FUI%2Flogin%23%2F&c.&vidAPICheck=VisitorAPI%20Present&.c&cc=USD&ch=STcom&server=https%3A%2F%2Fonlinebanking.suntrust.com%2Fui%2Flogin%23%2F&aamb=NRX38WO0n5BH8Th-nqAG_A&h1=STcom%7COLB&c7=5%3A06%20PM%7CSaturday&v7=5%3A06%20PM%7CSaturday&v10=D%3Dch&c11=STcom%7COLB&c12=STcom%7COLB&c13=STcom%7COLB&c14=STcom%7COLB&v19=STcom%7COLB%7CSignOnDedicated&c30=STcom%7COLB%7CSignOnDedicated&c31=79&c32=79&c33=794&v39=p&v40=%2B1&c50=SunTrust%20s_code%20v5.8%7COmniture%20Base%20Code%20AM%201.8.0&s=1600x900&c=24&j=1.6&v=N&k=Y&bw=1600&bh=794&AQE=1
- Domain
- onlinebanking.suntrust.com
- URL
- https://onlinebanking.suntrust.com/UI/assetsbuild/css/com-suntrust-olb.min.css
- Domain
- nexus.ensighten.com
- URL
- http://nexus.ensighten.com/suntrust/olb/Bootstrap.js
- Domain
- lptag.liveperson.net
- URL
- https://lptag.liveperson.net/tag/tag.js?site=65817029
- Domain
- lptag.liveperson.net
- URL
- https://lptag.liveperson.net/lptag/api/account/65817029/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
- Domain
- lptag.liveperson.net
- URL
- https://lptag.liveperson.net/lptag/api/account/65817029/configuration/applications/taglets/.jsonp?v=2.0&df=0&ct=lpSecureStorage%2Clp_testingTool%2Clp_sdes%2Cscraper%2ClpActivityMonitor%2CrendererStub%2Clp_version_detector%2Clp_monitoringSDK%2ClpTransporter%2ClpUnifiedWindow%2CSMT%2Chooks%2Clp_SMT%2Cauthenticator%2CjsLoader&s=STcom-OLB-SignOnDedicated&b=1
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Suntrust (Banking)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| dT_ object| html5 object| Modernizr0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a0319559.xsph.ru
lptag.liveperson.net
nexus.ensighten.com
onlinebanking.suntrust.com
somni.suntrust.com
lptag.liveperson.net
nexus.ensighten.com
onlinebanking.suntrust.com
somni.suntrust.com
18.196.132.206
2a0a:2b43:e6:4182::
1107e7d28eedf3ebf1317d120085b6d2fd93f9527a7661c0d6f6bfcb6f9e80d4
1bfcd22ace15b7923a78cbdc07f693362644497281f33b3cb704a2c6aa874a3b
1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8
24e4ec1491b94968cdc7b43027554de2232c23262e1e7b0254d2098b7891d1dc
4ba95f8753ab0101fa04d04eff3d2967d5c3246621b5df4a0f17dbdd1ddec004
5c4e64fc9746cb1c02266a0a1cf33fa96ff6b1a489fb809a0846f2d2671792e5
62812e916d1dbd0eedd06b8e7f8b3219554c90512825a6b95443fe314ca2344c
a80bb2d45b2f1a9b901493f8c99dfb277a1a7ef1e16baac28ceedc459e9776a8
af718460fe963f6f22bfa6642fa5672ed88b1793e15dd52472f5ad6f77b5ef2c
cabeb51db5b6491ded215c12abb4730cf09dd6307d6eb21b22a67117e76226fe
cfe45a1ce7b20627f4bfa65e51ac405bccb051b9a2ba4f1a983b7b21f6216e06
cfef5507f7573f5aab1993e2a98032b5ebc8da9b4004b47a7c1bd0dc2c4346ac
dbbd7a3e8bb16eb44b408f3f97041cc5afdedc4d6392edee83abff6cb20872b4
e8ef4f6df5ab88980a09002c8fbba9f99914930e30a7cca174eeaa4c18e67786
efd2cb9e7bae03f20763e3aa257512723cb21d028db3969c2076c1c4a0bdd204
f2d46005669657fba83d9aa788c992a1d0f322e489d5a3fcc767c97bad777dfb