uat-xam.b5test.com
Open in
urlscan Pro
52.201.43.31
Malicious Activity!
Public Scan
Submission: On July 31 via api from US — Scanned from CA
Summary
TLS certificate: Issued by Amazon RSA 2048 M02 on May 24th 2024. Valid for: a year.
This is the only time uat-xam.b5test.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 1Password (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 52.201.43.31 52.201.43.31 | 14618 (AMAZON-AES) (AMAZON-AES) | |
21 | 52.85.61.57 52.85.61.57 | 16509 (AMAZON-02) (AMAZON-02) | |
4 | 18.164.96.45 18.164.96.45 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 3.229.106.176 3.229.106.176 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 35.182.188.87 35.182.188.87 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 35.156.37.211 35.156.37.211 | 16509 (AMAZON-02) (AMAZON-02) | |
32 | 6 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-201-43-31.compute-1.amazonaws.com
uat-xam.b5test.com | |
accounts.b5test.com |
ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-57.ewr53.r.cloudfront.net
app.b5test.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-164-96-45.jfk50.r.cloudfront.net
b5test.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-229-106-176.compute-1.amazonaws.com
accounts.b5test.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-182-188-87.ca-central-1.compute.amazonaws.com
accounts.b5test.ca |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-37-211.eu-central-1.compute.amazonaws.com
accounts.b5test.eu |
Apex Domain Subdomains |
Transfer | |
---|---|---|
30 |
b5test.com
uat-xam.b5test.com app.b5test.com b5test.com accounts.b5test.com |
3 MB |
1 |
b5test.eu
accounts.b5test.eu |
2 KB |
1 |
b5test.ca
accounts.b5test.ca |
2 KB |
32 | 3 |
Domain | Requested by | |
---|---|---|
21 | app.b5test.com |
uat-xam.b5test.com
app.b5test.com |
4 | b5test.com |
app.b5test.com
b5test.com |
3 | uat-xam.b5test.com |
app.b5test.com
|
2 | accounts.b5test.com |
app.b5test.com
|
1 | accounts.b5test.eu |
app.b5test.com
|
1 | accounts.b5test.ca |
app.b5test.com
|
32 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
my.b5test.com |
start.b5test.com |
app-updates.agilebits.com |
1password.com |
support.1password.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.b5test.com Amazon RSA 2048 M02 |
2024-05-24 - 2025-06-22 |
a year | crt.sh |
app.b5test.com Amazon RSA 2048 M02 |
2024-02-20 - 2025-03-20 |
a year | crt.sh |
b5test.com Amazon RSA 2048 M03 |
2024-02-08 - 2025-03-08 |
a year | crt.sh |
*.b5test.ca Amazon RSA 2048 M02 |
2024-05-06 - 2025-06-04 |
a year | crt.sh |
*.b5test.eu Amazon RSA 2048 M02 |
2024-05-08 - 2025-06-06 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://uat-xam.b5test.com/signin?redirect-uri=%2Fidp%2Foidc%2Fcontinue&sso=true&state=baea140e-343e-4a5b-9b39-fbf097094325
Frame ID: 7BFF265095328A9F82CCB67903EFC74C
Requests: 27 HTTP requests in this frame
Frame:
https://b5test.com/signin/whats-new/
Frame ID: 28A1C0C17433B92717586B2A820E7131
Requests: 4 HTTP requests in this frame
7 Outgoing links
These are links going to different origins than the main page.
Title: Sign in to another account
Search URL Search Domain Scan URL
Title: Create a new account
Search URL Search Domain Scan URL
Title: Version 1797
Search URL Search Domain Scan URL
Title: 1Password
Search URL Search Domain Scan URL
Title: learn how to fix the problem
Search URL Search Domain Scan URL
Title: get your Secret Key
Search URL Search Domain Scan URL
Title: Contact 1Password Support.
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
32 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
signin
uat-xam.b5test.com/ |
13 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
knox-styles-c772304d6da5f1ebaf52.css
app.b5test.com/css/ |
463 KB 56 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-other-30c64520ce8cdaea13f9.css
app.b5test.com/css/ |
161 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
global-css-3662ca878e2bd9e0f91d.css
app.b5test.com/css/ |
811 KB 107 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app-d554a87906221c2bd909.css
app.b5test.com/css/ |
205 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
runtime-6d1dca7b4128e2068597.min.js
app.b5test.com/js/ |
10 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
knox-styles-7eacfb0e6b16a69f75ae.min.js
app.b5test.com/js/ |
450 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-other-7b646e9093d60aa0e425.min.js
app.b5test.com/js/ |
951 KB 279 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-react-fe0a5f2c17f92308db87.min.js
app.b5test.com/js/ |
722 KB 196 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-1password-36a16337859726bd36f1.min.js
app.b5test.com/js/ |
2 MB 341 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webapi-328de026809274378d99.min.js
app.b5test.com/js/ |
827 KB 214 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-lodash-98d9835fc98d256a42c8.min.js
app.b5test.com/js/ |
97 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-moment-5ec05486d0cb6c705034.min.js
app.b5test.com/js/ |
75 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
global-css-8e98b5f23078b9bcb75f.min.js
app.b5test.com/js/ |
451 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app-6560836a844fdc61456d.min.js
app.b5test.com/js/ |
2 MB 559 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
b5test.com/signin/whats-new/ Frame 28A1 |
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
accountcookies
accounts.b5test.com/api/v1/ Frame |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
accountcookies
accounts.b5test.ca/api/v1/ |
2 B 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
accountcookies
accounts.b5test.eu/api/v1/ |
2 B 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
accountcookies
accounts.b5test.com/api/v1/ |
2 B 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1password-lock-ring-gradient-ada44fd83113f99f823b.svg
app.b5test.com/images/ |
333 B 986 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1password-faceplate-4703699ac91c05d63811.svg
app.b5test.com/images/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1password-keyhole.png
app.b5test.com/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spinner-black.svg
app.b5test.com/images/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
methods
uat-xam.b5test.com/api/v2/auth/ |
85 B 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
app.b5test.com/images/ |
18 KB 18 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
pre-registration-features
uat-xam.b5test.com/api/v2/ |
92 B 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
whats-new.174baf6bc5da80e43684d602924d5ba9.css
b5test.com/css/signin/ Frame 28A1 |
15 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
whats-new.bundle.7d98604c4c14447ab2b16795a2ee287a.js
b5test.com/js/ Frame 28A1 |
118 B 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
soc-v1.svg
b5test.com/signin/ Frame 28A1 |
68 KB 18 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
unlocked.imported-styles.9319d20a0f8fb773276d.css
app.b5test.com/css/ |
211 KB 38 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
unlocked-475bfa86c4ad932d8338.min.js
app.b5test.com/js/ |
2 MB 720 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 1Password (Online)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| wasmHash function| assertTrustedWasmBytes object| _sentryDebugIds string| _sentryDebugIdIdentifier object| webpackChunk_1password_web_ui object| b5 object| sjcl function| moment object| __SENTRY__ object| renderApp boolean| b5JsDone function| displayFallback0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://csp.1passwordservices.com/report?tags=b5_tst; report-to csp-endpoint; script-src https://app.b5test.com 'wasm-unsafe-eval' 'sha256-HEuTk6zpt6TljlbFFWBRkQ3MR6hcccR48AAcdh5yl9I=' 'sha256-QdGeMQyzjPNrgyNMnVTgqPDk0Cx7qqJ0pSnrzSXKR6Y=' 'sha256-FEXQ5mHDlyFdr2daeo+oyLZn9iVL/JGMJ7HcF/r+ELg='; style-src https://app.b5test.com 'sha256-dHlRZbIBjBXo9m7/kOtIREHDoVNQWPIOPaIan9Q5iKA='; font-src https://app.b5test.com; img-src data: blob: https://c.1password.com https://cache.agilebits.com https://app.b5test.com https://a.b5test.com/ https://a.b5test.ca https://a.b5test.eu https://avatars.slack-edge.com https://mkt.1password.co; child-src 'self' https://*.duosecurity.com https://*.duofederal.com https://map.1passwordservices.com https://billing.1passwordservices.com https://duo.1passwordservices.com; worker-src 'self'; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com https://map.1passwordservices.com https://billing.1passwordservices.com https://duo.1passwordservices.com https://b5test.com https://survey.1passwordservices.dev https://email-providers.1passwordservices.dev; connect-src 'self' blob: https://watchtower.1password.com https://api.pwnedpasswords.com https://app.b5test.com wss://b5n.b5test.com https://f.b5test.com/ *.b5test.com https://*.b5test.ca https://*.b5test.eu https://a.b5test.com/ https://contact.1passwordservices.com https://flow.1passwordservices.dev https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://web-ui-sentry.1passwordservices.com https://crl.1passwordservices.dev; upgrade-insecure-requests |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.b5test.ca
accounts.b5test.com
accounts.b5test.eu
app.b5test.com
b5test.com
uat-xam.b5test.com
18.164.96.45
3.229.106.176
35.156.37.211
35.182.188.87
52.201.43.31
52.85.61.57
05e7943cedc402acf723d9434984c628d6921d2d0b8e68466d6ab3acebb9af50
1ae8c6c99b6d14e02e53bc39fd339e9da7f4b179126ba891942eceffe9dd94ab
204ae24d0b9c95793fd4a50dcd57431232686f301d2a3fe3cd90dc85fc7228f6
2d6dedba87f0cc5900b49d4c186f59aea8d954ba2d42f1e1c3a55c0ae4d35bb0
443da7205e6e372427131f19a24defbf0711781ac11b8f20f8ceb3d4a556fe7f
499e8899216079a198dc7f3855ec45c7438861df80aff1f7df9733f73461152e
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
59c9e16c52a50c59a22b8a3aef3a98ff5744ef6e60576ec307e788fb5905596e
59dfdb4d92aa72204325186ae0e49f64459cd90284b5535c754f0ea7dd263937
5af07956ca7d130f99b213984a857105f1235f29757fd5b1d722b79431b54870
65efa66684ac22f165c33ab7488ab8da14be69d31d827e368b5092537979aa00
7f05adcba59c098c010e98a639f445b3bfbb39a56dc55a6890d039bf1c1eb836
83a4b8e8bc1332768bf73945a004daae66b73a1e960e876f3bcd147589ebd185
841553787c656c77a5c958ab901fda6ac905b3957579edb3b1e4555baa219dbb
87ca36f3336ac06c83eb057d41a28ca8357343d5a1c575ffa5ded993d5b6dcec
893f2609f327b4944bfdb4acd2d9eff592bc40f03f3eb5fdae23f65c914764e7
900942b0d9e83764c8f8026c6cac5bd83f3cee827d20e09e70d4c8058ef213ad
a2862ea49f6c39feef4f84fcd08f4b6715ce34b35a541dce5c841c98b5599cad
a2973652453e53c2109afb6d32bc85d00d8c20689df8bcb9045438a2ad927cb8
a7527e1b5dc4e8da48186a4c49bdc8f0562fd2a58ad5fce6ddab316aa4d75eb2
b2e48e0f4337c2e322b2e36ec71267d05475f1c160d8991da23e2c05d5edffc8
b9876a524f0588f8580dcf814d7b54abf46f40bffe10b82b0a1a46c9712ed8bc
bdbb9560a80d61ac8da84006b6199396ad0b638c9c57d7a6bb2a9e89c98477a4
c09de2a217f9e4119d4eb0c83bc7ab4178f9a93ef408392d51d0c6b20d2f9b18
c39e7de7b43954f0d43920f07f26bfd298e742a23bbc0361bd8b332e958d9d32
db2b726cb72bfc4698d024025031ce1a81cf5e588555475c6ed8e8a99d81729e
e7bbd9e785de048c7690d7154962423f8f7a00061c8c04d9faba99aa62c9048c
eb0483130cedfa3bf1d0b8efad5337a1d57fec80144af561c66f772f6ea112a4
efde43189e5e27c12f8082f6542e813bb7bf29943bd722975bc680eb7a5c5a50