api.pseconect.win - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 2606:4700:3036::ac43:855b, located in United States and belongs to CLOUDFLARENET, US. The main domain is api.pseconect.win.

This is the only time api.pseconect.win was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Scotiabank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
6	2606:4700:303... 2606:4700:3036::ac43:855b		13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	1

6 2606:4700:3036::ac43:855b (United States)

ASN13335 (CLOUDFLARENET, US)

api.pseconect.win	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	pseconect.win api.pseconect.win	109 KB
6	1

	Domain	Requested by
6	api.pseconect.win	api.pseconect.win
6	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://api.pseconect.win/virtual/login/?key=d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.1&__hssc=d5d7772cc88bf780645f51f990085390.1.d5d7772cc88bf780645f51f9...~311~...d7772cc88bf780645f51f990085390
Frame ID: 33651C44BF4A351A2FF9B3CBA9D33450
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Virtual

Page Statistics

6
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

109 kB
Transfer

165 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response api.pseconect.win/virtual/login/	59 KB 7 KB	261ms 227ms	Document text/html	2606:4700:3036::ac43:855b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://api.pseconect.win/virtual/login/?key=d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.1&__hssc=d5d7772cc88bf780645f51f990085390.1.d5d7772cc88bf780645f51f9...~311~...d7772cc88bf780645f51f990085390 Protocol HTTP/1.1 Server 2606:4700:3036::ac43:855b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.33 Resource Hash `1d7a6cb684ffc4acfcbf4060bdc868bd21453124fa667c757e5839057288790a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 accept-language en-US,en;q=0.9 Response headers CF-Cache-Status DYNAMIC CF-RAY 86683239ac17433f-EWR Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Mon, 18 Mar 2024 21:08:07 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B0gcNWs47xL9w2hc816bV2%2B7fcUXaDoWfp2WuJP6gYE43aGLuS%2FS1xsgipl%2Fnj9bcU2BUZPBId62Rw2dPCBB%2B5n3rrgK%2BkxCR56XtyhDn90%2FDkg5nv8j029tyft%2BAn4wYK6trp9ReOL2khYbsq%2BwNA%3D%3D"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked X-Powered-By PHP/7.4.33 alt-svc h3=":443"; ma=86400
GET H/1.1	200 OK	logo-red.svg api.pseconect.win/canvas/svgs/logos/	12 KB 5 KB	22ms 21ms	Image image/svg+xml	2606:4700:3036::ac43:855b CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://api.pseconect.win/canvas/svgs/logos/logo-red.svg Requested by Host: api.pseconect.win URL: http://api.pseconect.win/virtual/login/?key=d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.1&__hssc=d5d7772cc88bf780645f51f990085390.1.d5d7772cc88bf780645f51f9...~311~...d7772cc88bf780645f51f990085390 Protocol HTTP/1.1 Server 2606:4700:3036::ac43:855b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2933c5c27784b1869ba9534af1f8ebd72d151dd5a7e581b588d5a36406c8956e` Request headers accept-language en-US,en;q=0.9 Referer http://api.pseconect.win/virtual/login/?key=d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.1&__hssc=d5d7772cc88bf780645f51f990085390.1.d5d7772cc88bf780645f51f9...~311~...d7772cc88bf780645f51f990085390 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Mon, 18 Mar 2024 21:08:07 GMT Content-Encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 1942 Transfer-Encoding chunked Connection keep-alive alt-svc h3=":443"; ma=86400 Last-Modified Tue, 03 Oct 2023 19:43:26 GMT Server cloudflare ETag W/"2e95-606d51ab2f380" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kI8B53S6pRUaOscoknFuToZ2AXuaLwwmjLwrdqtEz3r%2FZ5Bpv7KxXp%2FW4sVMsFyJBfATdmOyt5mhIk0itA2ePR7HPC0X7PxvmOOeA8DJsKT1bnQLckFECeLiKO%2FN3pnhteI8PpLiI5o1FUM%2BGIGgcA%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type image/svg+xml Cache-Control max-age=14400 CF-RAY 8668323b3df2433f-EWR
GET H/1.1	200 OK	logo-symbol-red.svg api.pseconect.win/canvas/svgs/logos/	2 KB 2 KB	38ms 26ms	Image image/svg+xml	2606:4700:3036::ac43:855b CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://api.pseconect.win/canvas/svgs/logos/logo-symbol-red.svg Requested by Host: api.pseconect.win URL: http://api.pseconect.win/virtual/login/?key=d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.1&__hssc=d5d7772cc88bf780645f51f990085390.1.d5d7772cc88bf780645f51f9...~311~...d7772cc88bf780645f51f990085390 Protocol HTTP/1.1 Server 2606:4700:3036::ac43:855b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `192acd11e276a8a6131abbf54aa56e6563eaf3203ea4b7394ad2c88227e358b8` Request headers accept-language en-US,en;q=0.9 Referer http://api.pseconect.win/virtual/login/?key=d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.1&__hssc=d5d7772cc88bf780645f51f990085390.1.d5d7772cc88bf780645f51f9...~311~...d7772cc88bf780645f51f990085390 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Mon, 18 Mar 2024 21:08:07 GMT Content-Encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 1942 Transfer-Encoding chunked Connection keep-alive alt-svc h3=":443"; ma=86400 Last-Modified Tue, 03 Oct 2023 19:46:59 GMT Server cloudflare ETag W/"9fc-606d5276512c0" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M0yH%2BGOdresKmRcKt%2FQ4TYytdrOK7%2BrIgaGkKasgkwPdkwi5swn8hCX4ugKMONNzlwzy0BA8D4gdb56A4HVSAvsn4M7yXbuIftbZzwVgmk5A3vqBD%2F1R9SmX3BiJwdEfToEy8CYVYCCTQaDAe44ZsQ%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type image/svg+xml Cache-Control max-age=14400 CF-RAY 8668323b4e437cb4-EWR
GET H/1.1	200 OK	Scotia_W_Headline.5a532caa3319ee5c.woff api.pseconect.win/virtual/login/	32 KB 32 KB	84ms 80ms	Font font/woff	2606:4700:3036::ac43:855b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://api.pseconect.win/virtual/login/Scotia_W_Headline.5a532caa3319ee5c.woff Requested by Host: api.pseconect.win URL: http://api.pseconect.win/virtual/login/?key=d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.1&__hssc=d5d7772cc88bf780645f51f990085390.1.d5d7772cc88bf780645f51f9...~311~...d7772cc88bf780645f51f990085390 Protocol HTTP/1.1 Server 2606:4700:3036::ac43:855b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `259699b7407833766a8f4e931644d014f145653439a62fc1a7167f1d3a940e25` Request headers Referer http://api.pseconect.win/virtual/login/?key=d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.1&__hssc=d5d7772cc88bf780645f51f990085390.1.d5d7772cc88bf780645f51f9...~311~...d7772cc88bf780645f51f990085390 Origin http://api.pseconect.win accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Mon, 18 Mar 2024 21:08:07 GMT CF-Cache-Status REVALIDATED Last-Modified Tue, 03 Oct 2023 19:41:05 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare ETag "7e08-606d5124b7640" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nn5VR%2FtwA0ROWWLb9ePzM8rxFHFk6arBFJjT62483J3yqJoO8bPUqnz1Qu3F1I%2BJTVs7gBaur8XivRd4MPP%2FSPm59MOVoLfmbrDirFm5%2Fpk1%2FOxZIf%2F6zPc3XmTvWY26G%2FhYvmJ8YISkNtYjnW%2F2bQ%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type font/woff Cache-Control max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 8668323b5e12433f-EWR alt-svc h3=":443"; ma=86400 Content-Length 32264
GET H/1.1	200 OK	Scotia_W_Rg.a53c6af4aaff8c13.woff api.pseconect.win/virtual/login/	30 KB 31 KB	196ms 186ms	Font font/woff	2606:4700:3036::ac43:855b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://api.pseconect.win/virtual/login/Scotia_W_Rg.a53c6af4aaff8c13.woff Requested by Host: api.pseconect.win URL: http://api.pseconect.win/virtual/login/?key=d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.1&__hssc=d5d7772cc88bf780645f51f990085390.1.d5d7772cc88bf780645f51f9...~311~...d7772cc88bf780645f51f990085390 Protocol HTTP/1.1 Server 2606:4700:3036::ac43:855b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5f45b253b0621b40b352b1ec52c4b2066bca8e71c5ac54d922459fc8109d9366` Request headers Referer http://api.pseconect.win/virtual/login/?key=d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.1&__hssc=d5d7772cc88bf780645f51f990085390.1.d5d7772cc88bf780645f51f9...~311~...d7772cc88bf780645f51f990085390 Origin http://api.pseconect.win accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Mon, 18 Mar 2024 21:08:07 GMT CF-Cache-Status REVALIDATED Last-Modified Tue, 03 Oct 2023 19:41:07 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare ETag "77c0-606d51269fac0" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MTtbggAgbyaIhZKf%2FdNqOPo2jl6F5jaanOU9uZ3KZ%2BAX3YAYmV21mkPfLWHr0haLIs62Bp6oGaACpTCe9zqnp%2BXrgBTM%2B0ewMruvQlGpBTPaufHPTxlz6iioUwszTJi7PrPyBPdL91DHoUn%2F07zf3A%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type font/woff Cache-Control max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 8668323b6b8b8ce6-EWR alt-svc h3=":443"; ma=86400 Content-Length 30656
GET H/1.1	200 OK	Scotia_W_Bd.627aff1c32d06c15.woff api.pseconect.win/virtual/login/	31 KB 32 KB	165ms 164ms	Font font/woff	2606:4700:3036::ac43:855b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://api.pseconect.win/virtual/login/Scotia_W_Bd.627aff1c32d06c15.woff Requested by Host: api.pseconect.win URL: http://api.pseconect.win/virtual/login/?key=d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.1&__hssc=d5d7772cc88bf780645f51f990085390.1.d5d7772cc88bf780645f51f9...~311~...d7772cc88bf780645f51f990085390 Protocol HTTP/1.1 Server 2606:4700:3036::ac43:855b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5037b298c4193baf7e920bee2999d2ab852db7a3b6b09a38c25a78db92baf69b` Request headers Referer http://api.pseconect.win/virtual/login/?key=d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.d5d7772cc88bf780645f51f990085390.1&__hssc=d5d7772cc88bf780645f51f990085390.1.d5d7772cc88bf780645f51f9...~311~...d7772cc88bf780645f51f990085390 Origin http://api.pseconect.win accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Mon, 18 Mar 2024 21:08:07 GMT CF-Cache-Status REVALIDATED Last-Modified Tue, 03 Oct 2023 19:41:02 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare ETag "7c34-606d5121daf80" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n6A7jgkbEYixLhnspPbegJLUU2cegwKfMWpIsTAN1GG6rmw%2FMaFshVfEc799F8LgtYt07NEXgpTtrK5avp1qbYcvkj4IJT%2Ba0kDhQn901eHCAmoSyC50TdNohVpgW%2Fj%2B9fwQPfvOeCAKACwhzp2brA%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type font/woff Cache-Control max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 8668323b6e290fa8-EWR alt-svc h3=":443"; ma=86400 Content-Length 31796

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Scotiabank (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| validateForm function| validatePassword

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.pseconect.win
2606:4700:3036::ac43:855b
192acd11e276a8a6131abbf54aa56e6563eaf3203ea4b7394ad2c88227e358b8
1d7a6cb684ffc4acfcbf4060bdc868bd21453124fa667c757e5839057288790a
259699b7407833766a8f4e931644d014f145653439a62fc1a7167f1d3a940e25
2933c5c27784b1869ba9534af1f8ebd72d151dd5a7e581b588d5a36406c8956e
5037b298c4193baf7e920bee2999d2ab852db7a3b6b09a38c25a78db92baf69b
5f45b253b0621b40b352b1ec52c4b2066bca8e71c5ac54d922459fc8109d9366

api.pseconect.win Open in urlscan Pro 2606:4700:3036::ac43:855b Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

6 Requests

0 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

109 kBTransfer

165 kBSize

0 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

api.pseconect.win Open in urlscan Pro
2606:4700:3036::ac43:855b Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

109 kB
Transfer

165 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!