la-ix.com Open in urlscan Pro
107.180.2.27 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg...
Submission Tags: @ipnigh
Submission: On February 15 via api (February 15th 2020, 12:24:40 am UTC) from GB

Summary HTTP 13 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 13 HTTP transactions. The main IP is 107.180.2.27, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is la-ix.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on October 24th 2018. Valid for: 2 years.

This is the only time la-ix.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Chase (Banking)

Domain & IP information

	IP Address		AS Autonomous System
11	107.180.2.27 107.180.2.27		26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
2	159.53.113.168 159.53.113.168		7743 (AS-7743) (AS-7743)
13	2

11 107.180.2.27 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-107-180-2-27.ip.secureserver.net

la-ix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.53.113.168 (United States)

ASN7743 (AS-7743, US)

www.chase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	la-ix.com la-ix.com	288 KB
2	chase.com www.chase.com	132 KB
13	2

	Domain	Requested by
11	la-ix.com	la-ix.com
2	www.chase.com	la-ix.com
13	2

This site contains no links.

Subject Issuer	Validity	Valid
www.la-ix.com Go Daddy Secure Certificate Authority - G2	`2018-10-24` - `2020-10-24`	2 years	crt.sh
www.chase.com Entrust Certification Authority - L1M	`2019-03-21` - `2020-03-21`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
Frame ID: 17CB07E52B8A57D4DA57A3C78624AB22
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link [^>]+(?:\/([\d.]+)\/)?animate\.(?:min\.)?css/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

420 kB
Transfer

1007 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request online.php Show response
la-ix.com/.secure/app-billing/signin/1C46B99DDD/ 3 KB
1 KB 409ms
143ms Document
text/html 107.180.2.27
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.2.27 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-107-180-2-27.ip.secureserver.net
Software: Apache / PHP/7.2.26
Resource Hash: 1a79f0c52cebc014cf3a0d76573439a3406bd86ab162e312aa9dc1e00fb40f25

Request headers

:method: GET
:authority: la-ix.com
:scheme: https
:path: /.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: document
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

status: 200
date: Sat, 15 Feb 2020 00:24:22 GMT
server: Apache
x-powered-by: PHP/7.2.26
set-cookie: PHPSESSID=70e024dd262090cb0730f4d8f2be9d2f; path=/
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1207
content-type: text/html; charset=UTF-8

GET
H2 200 style.css
la-ix.com/.secure/app-billing/signin/1C46B99DDD/cs/ 6 KB
2 KB 102ms
101ms Stylesheet
text/css 107.180.2.27
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/cs/style.css
Requested by: Host: la-ix.com
URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.2.27 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-107-180-2-27.ip.secureserver.net
Software: Apache /
Resource Hash: 4e804d85ceb4c1a66d1da7cc4c8ed6cf65bd29c04d5c5c1c0dfb79353e60548f

Request headers

Referer: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Sat, 15 Feb 2020 00:24:22 GMT
content-encoding: gzip
last-modified: Wed, 04 Sep 2019 17:30:13 GMT
server: Apache
etag: "90e22e7-1946-591bd8ec1c06f-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 1694

GET
H2 200 animate.css
la-ix.com/.secure/app-billing/signin/1C46B99DDD/cs/ 25 KB
3 KB 103ms
102ms Stylesheet
text/css 107.180.2.27
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/cs/animate.css
Requested by: Host: la-ix.com
URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.2.27 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-107-180-2-27.ip.secureserver.net
Software: Apache /
Resource Hash: cb09ab0572c6a6549a782e2843218c00285cb737ae50fe29a5061ca96aff0234

Request headers

Referer: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Sat, 15 Feb 2020 00:24:22 GMT
content-encoding: gzip
last-modified: Wed, 04 Sep 2019 17:30:13 GMT
server: Apache
etag: "90e22e8-6353-591bd8ec1c06f-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 2964

GET
H2 200 font-awesome.css
la-ix.com/.secure/app-billing/signin/1C46B99DDD/cs/ 28 KB
7 KB 180ms
179ms Stylesheet
text/css 107.180.2.27
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/cs/font-awesome.css
Requested by: Host: la-ix.com
URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.2.27 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-107-180-2-27.ip.secureserver.net
Software: Apache /
Resource Hash: a87d4a4d40583c35087e6af0246f7e54156def5837f14ef2551d89fb9c1330fa

Request headers

Referer: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Sat, 15 Feb 2020 00:24:22 GMT
content-encoding: gzip
last-modified: Wed, 04 Sep 2019 17:30:13 GMT
server: Apache
etag: "90e22e9-7057-591bd8ec1c06f-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 6594

GET
H/1.1 200
OK site.min.css
www.chase.com/c/071317/etc/designs/chase-ux/css/ 584 KB
118 KB 893ms
248ms Stylesheet
text/css 159.53.113.168
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/c/071317/etc/designs/chase-ux/css/site.min.css

Requested by

Host: la-ix.com
URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.113.168 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

/

Resource Hash

053bcf99ec1a9d71252b8b7b3adcb8f26468d478c29ce2da7ce482ccbf90dfbb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Sat, 15 Feb 2020 00:22:16 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 127
Connection: Keep-Alive
Content-Length: 120195
x-xss-protection: 1; mode=block
Last-Modified: Sat, 08 Feb 2020 06:01:49 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=300,s-maxage=300
Content-Security-Policy: frame-ancestors 'none'
Accept-Ranges: bytes
X-Content-Security-Policy: frame-ancestors 'none'

GET
H2 200 jquery.js Show response
la-ix.com/.secure/app-billing/signin/1C46B99DDD/js/ 94 KB
33 KB 182ms
181ms Script
application/javascript 107.180.2.27
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/js/jquery.js
Requested by: Host: la-ix.com
URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.2.27 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-107-180-2-27.ip.secureserver.net
Software: Apache /
Resource Hash: e8fbccfcac07bb996f74fd19e77f601372a374b3f756a2d8389e931271945c2a

Request headers

Referer: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 00:24:22 GMT
content-encoding: gzip
last-modified: Wed, 04 Sep 2019 17:30:13 GMT
server: Apache
etag: "90e2305-176fc-591bd8ec1d00f-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 33308

GET
H2 200 script.js Show response
la-ix.com/.secure/app-billing/signin/1C46B99DDD/js/ 5 KB
1 KB 102ms
101ms Script
application/javascript 107.180.2.27
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/js/script.js
Requested by: Host: la-ix.com
URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.2.27 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-107-180-2-27.ip.secureserver.net
Software: Apache /
Resource Hash: 5d4c43cb02b846e5d038ff35dd9314d71bf71668ab8bb8de81ccd7045f48de96

Request headers

Referer: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 00:24:22 GMT
content-encoding: gzip
last-modified: Wed, 04 Sep 2019 17:30:13 GMT
server: Apache
etag: "90e2306-1596-591bd8ec1d00f-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 1363

GET
H2 200 logo.png
la-ix.com/.secure/app-billing/signin/1C46B99DDD/im/ 4 KB
4 KB 101ms
100ms Image
image/png 107.180.2.27
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/im/logo.png
Requested by: Host: la-ix.com
URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.2.27 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-107-180-2-27.ip.secureserver.net
Software: Apache /
Resource Hash: 9a9df97152649fae2c15b5292eb771b4dd85aed0705655085107729e5f86f688

Request headers

Referer: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 15 Feb 2020 00:24:22 GMT
last-modified: Wed, 04 Sep 2019 17:30:13 GMT
server: Apache
etag: "90e22ff-f6e-591bd8ec1cc27"
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 3950

GET
H2 200 ie_alert.png
la-ix.com/.secure/app-billing/signin/1C46B99DDD/im/ 532 B
585 B 102ms
102ms Image
image/png 107.180.2.27
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/im/ie_alert.png
Requested by: Host: la-ix.com
URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.2.27 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-107-180-2-27.ip.secureserver.net
Software: Apache /
Resource Hash: b6b9b5583acd9ac8da8ec4b19a7ef4a4b04a241ce25e149b742047d2fd17b587

Request headers

Referer: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 15 Feb 2020 00:24:22 GMT
last-modified: Wed, 04 Sep 2019 17:30:13 GMT
server: Apache
etag: "90e2300-214-591bd8ec1cc27"
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 532

GET
H2 200 lndr.png
la-ix.com/.secure/app-billing/signin/1C46B99DDD/im/ 596 B
649 B 162ms
161ms Image
image/png 107.180.2.27
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/im/lndr.png
Requested by: Host: la-ix.com
URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.2.27 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-107-180-2-27.ip.secureserver.net
Software: Apache /
Resource Hash: 4200e7ed3a5d68ca9c76511e6beedab55d94fd593112dfaf7895da72c9ad0edb

Request headers

Referer: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/online.php?id=334488jkhdvhjbjbd3353jhhj24jhk-d34ef-mkjmkdg-88998_jona=hg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 15 Feb 2020 00:24:22 GMT
last-modified: Wed, 04 Sep 2019 17:30:13 GMT
server: Apache
etag: "90e2302-254-591bd8ec1cc27"
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 596

GET
H2 200 back1.jpg
la-ix.com/.secure/app-billing/signin/1C46B99DDD/im/ 169 KB
171 KB 100ms
100ms Image
image/jpeg 107.180.2.27
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/im/back1.jpg
Requested by: Host: la-ix.com
URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/js/jquery.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.2.27 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-107-180-2-27.ip.secureserver.net
Software: Apache /
Resource Hash: afc77b9cfc834b9811c5833c9d5eea852b248a5bf5813e297e68280248ae3929

Request headers

Referer: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/cs/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 15 Feb 2020 00:24:23 GMT
last-modified: Wed, 04 Sep 2019 17:30:13 GMT
server: Apache
etag: "90e2301-2a5fd-591bd8ec1cc27"
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 173565

GET
H/1.1 200
OK smc.ttf
www.chase.com/c/071317/etc/designs/chase-ux/css/fonts/ 22 KB
14 KB 649ms
153ms Font
font/ttf 159.53.113.168
AS-7743

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chase.com/c/071317/etc/designs/chase-ux/css/fonts/smc.ttf

Requested by

Host: la-ix.com
URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/js/jquery.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.53.113.168 , United States, ASN7743 (AS-7743, US),

Reverse DNS

Software

/

Resource Hash

83e2f0e4029d90194a54326031f5975e12b199a0d61e443ecb25e2071baaa601

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chase.com/c/071317/etc/designs/chase-ux/css/site.min.css
Origin: https://la-ix.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 15 Feb 2020 00:24:24 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 0
Connection: Keep-Alive
Content-Length: 13290
x-xss-protection: 1; mode=block
Last-Modified: Sat, 08 Feb 2020 06:02:33 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000
Content-Type: font/ttf
Access-Control-Allow-Origin: *
Cache-Control: max-age=300,s-maxage=300
Content-Security-Policy: frame-ancestors 'none'
Accept-Ranges: bytes
X-Content-Security-Policy: frame-ancestors 'none'

GET
H2 200 fontawesome-webfont.woff2
la-ix.com/.secure/app-billing/signin/1C46B99DDD/fonts/ 65 KB
66 KB 336ms
335ms Font
font/woff2 107.180.2.27
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/fonts/fontawesome-webfont.woff2?v=4.6.0
Requested by: Host: la-ix.com
URL: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/js/jquery.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.2.27 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-107-180-2-27.ip.secureserver.net
Software: Apache /
Resource Hash: ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Request headers

Referer: https://la-ix.com/.secure/app-billing/signin/1C46B99DDD/cs/font-awesome.css
Origin: https://la-ix.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 00:24:23 GMT
content-encoding: gzip
last-modified: Wed, 04 Sep 2019 17:30:13 GMT
server: Apache
etag: "90e22f3-10440-591bd8ec1c457-gzip"
vary: Accept-Encoding,User-Agent
content-type: font/woff2
status: 200
accept-ranges: bytes

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Chase (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			la-ix.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 70e024dd262090cb0730f4d8f2be9d2f

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

la-ix.com
www.chase.com
107.180.2.27
159.53.113.168
053bcf99ec1a9d71252b8b7b3adcb8f26468d478c29ce2da7ce482ccbf90dfbb
1a79f0c52cebc014cf3a0d76573439a3406bd86ab162e312aa9dc1e00fb40f25
4200e7ed3a5d68ca9c76511e6beedab55d94fd593112dfaf7895da72c9ad0edb
4e804d85ceb4c1a66d1da7cc4c8ed6cf65bd29c04d5c5c1c0dfb79353e60548f
5d4c43cb02b846e5d038ff35dd9314d71bf71668ab8bb8de81ccd7045f48de96
83e2f0e4029d90194a54326031f5975e12b199a0d61e443ecb25e2071baaa601
9a9df97152649fae2c15b5292eb771b4dd85aed0705655085107729e5f86f688
a87d4a4d40583c35087e6af0246f7e54156def5837f14ef2551d89fb9c1330fa
afc77b9cfc834b9811c5833c9d5eea852b248a5bf5813e297e68280248ae3929
b6b9b5583acd9ac8da8ec4b19a7ef4a4b04a241ce25e149b742047d2fd17b587
cb09ab0572c6a6549a782e2843218c00285cb737ae50fe29a5061ca96aff0234
e8fbccfcac07bb996f74fd19e77f601372a374b3f756a2d8389e931271945c2a
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995