urlscan.io logo urlscan.io
SecurityTrails logo

client.schwab.com Open in urlscan Pro
92.123.104.44  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://kontrolfreek.icu/
Effective URL: https://client.schwab.com/Areas/Access/Login
Submission Tags: @ecarlesi threat phishing charlesschwab Search All
Submission: On July 17 via api from IT — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 92.123.104.44, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is client.schwab.com. The Cisco Umbrella rank of the primary domain is 49287.
TLS certificate: Issued by Entrust Certification Authority - L1K on February 7th 2024. Valid for: a year.
This is the only time client.schwab.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 188.114.97.3 13335 (CLOUDFLAR...)
2 92.123.104.44 20940 (AKAMAI-ASN1)
2 1
Apex Domain
Subdomains		 Transfer
2 schwab.com
client.schwab.com — Cisco Umbrella Rank: 49287
3 KB
1 kontrolfreek.icu
kontrolfreek.icu
507 B
2 2
Domain Requested by
2 client.schwab.com
1 kontrolfreek.icu 1 redirects
2 2

This site contains no links.

Subject Issuer Validity Valid
www.schwab.com
Entrust Certification Authority - L1K		 2024-02-07 -
2025-02-05		 a year crt.sh

This page contains 1 frames:

Primary Page: https://client.schwab.com/Areas/Access/Login
Frame ID: 2B172575B820A3F0E3BB9246FE939D51
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Internal Server Error

Page URL History Show full URLs

  1. http://kontrolfreek.icu/ HTTP 307
    https://kontrolfreek.icu/ HTTP 301
    https://client.schwab.com/Areas/Access/Login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

3 kB
Transfer

2 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://kontrolfreek.icu/ HTTP 307
    https://kontrolfreek.icu/ HTTP 301
    https://client.schwab.com/Areas/Access/Login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Login
client.schwab.com/Areas/Access/
Redirect Chain
  • http://kontrolfreek.icu/
  • https://kontrolfreek.icu/
  • https://client.schwab.com/Areas/Access/Login
385 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://client.schwab.com/Areas/Access/Login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.104.44 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-104-44.deploy.static.akamaitechnologies.com
Software
AkamaiGHost /
Resource Hash
b721db78299f9aa52ff5c0c0b37d217d718900f6f4a46518dc7960a2d8634015

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-length
385
content-type
text/html
date
Wed, 17 Jul 2024 15:16:05 GMT
expires
Wed, 17 Jul 2024 15:16:05 GMT
mime-version
1.0
server
AkamaiGHost
server-timing
cdn-cache; desc=MISS edge; dur=2362 origin; dur=0 ak_p; desc="1721229363265_388605868_60576094_236160_15906_65_161_255";dur=1
x-reference-error
3.c7580317.1721229364.8732734

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, max-age=0
cf-cache-status
DYNAMIC
cf-ray
8a4b30de1d7a5d42-FRA
content-type
text/html; charset=UTF-8
date
Wed, 17 Jul 2024 15:16:03 GMT
location
https://client.schwab.com/Areas/Access/Login
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PWt%2FKKJzc5Ei%2B50olx6pDYe4Lhv7f4vI0zeYAy%2Fczx0sTCB2GzA0COzCTTUkbWNsX3OkJwXNs7o1HDYRl%2Ba8FrFS%2BUSqqIxjUR0smEAs7le0JOVMxlcwmnc80vLKh4slA8A%2F"}],"group":"cf-nel","max_age":604800}
server
cloudflare
favicon.ico
client.schwab.com/ 		1 KB
636 B 		Other
General
Check archive.org
Download Go to
Full URL
https://client.schwab.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.104.44 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-104-44.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
11c9dd52aa0864cd40fa2ab09029613f615aa3f486eb7deb5057db755edd0c20
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://client.schwab.com/Areas/Access/Login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
date
Wed, 17 Jul 2024 15:16:05 GMT
f5ip
162.93.220.100
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1721229365924_388605868_60578470_39_12313_56_0_219";dur=1
content-length
247
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Fri, 28 Jun 2024 23:26:50 GMT
etag
"0d9c2a6b2c9da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/x-icon
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
expires
Wed, 17 Jul 2024 15:16:05 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Domain/Path Name / Value
.schwab.com/ Name: _abck
Value: F134CA8ACDFCE7510DA1DD75813D19AD~-1~YAAQrKcpF+2oK72QAQAALdJDwQz5QLfvQFSDOFmbNQCbFTYstjKfCqLJ7Sb4wRlgapdMGDbRVi4s7dBVaBNfzySrPd2g0Qu4MsybEakH4w3b6BE7qOEY/lIvYLIV/cyaXYH6Ejd+bDuHihw06wnfaHwaEEMQ6vY1oL4BmhMmdTZDRo3pyChJTDFNmLmGlcPTJBAcCrvhfN9W6TH4Iq7MK/nt7rTXBd5loND/IpfV9r7r5GowZaJSJh9R39fI2+C+4PjEcXPXQEhi0XHyRH139pmQdGzyyhI/yk1w/X1kqokhDUtJ1OobtLUub0Znr1+rFcGvdfrTTUMmNBrRBxCUGq7eRjY7wvwZ/oJMymOQbOhWcZLKKkuT6WOHBA==~-1~-1~-1
.schwab.com/ Name: ak_bmsc
Value: 6D2EC7F54E14DE5403570020C3243314~000000000000000000000000000000~YAAQrKcpF+6oK72QAQAALdJDwRiXhxZOQlk4cQYFC/9k8aLV45NSpnr6X/RtljXBSdxhHzRp7jz2gIBv9qb+/B/6fqfRM/8IquRsTFkqOoIMbdtWTl3acfF3sntu2tIhUjWxgFqF4C9ZUchyxDYmK8CaVpiyv7w0PEuf5fvRdkDAgX4/Uq6UfPld0BZTGKW4IP1qZnowI7tBKCHVmVmyk7o7m18mi6vBKHu3HTj/30OX6HP+2Ru+aYR3RQ5zxFQOg+F7cW2EexazafwxPvrWsWDrWwWRh8+CwR9JFBOyBPtifMMV4slz9rKoNPgzDSkF257a1bU8OkAW5chBYOpVEj9/vfOalw8xtfh4sUAG/mrQRs5RPh/dbBRxt4LtWTD7AN0+WF2vFfuhBw==
.schwab.com/ Name: bm_sz
Value: CB352E5FD8197A1AB84FCDA3F865BD88~YAAQrKcpF++oK72QAQAALdJDwRjezVL/g5iPsCFXOKqO2hD0+83XpnP4TU78+gzVowgptb/GCHYYVY5PIudwPIhW12Xy21LSQIW/aNPzZBHi3YYvR0Eh75GCCvP2z4enbHDIAoPIVFKoL1h9KlqILIDccnIrGW+1I/bQRGtWG7jA65eY5RhyhLAMLz4fc9hk8FlhFAOzS4XJb3y9bvTIUwYwbK8AW/2ilnBJSbh/K8vr92L88iffL5oTq0TiLzL9jhgDV2ayX7U3yMMIBSRbtZSAFtv+En28Wr9Lpf5qLwp5PaWC4zo7iQ/Z0RTw41PI1O07VhVKQ3oaEtt0dDRNTAY8C7wgBnmEi+RIQCWKLUPO86U9P05fBkHYKbh08fWdaFBget88zR+VDsETqA==~4272697~4408889

1 Console Messages

Source Level URL
Text
network error URL: https://client.schwab.com/Areas/Access/Login
Message:
Failed to load resource: the server responded with a status of 500 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

client.schwab.com
kontrolfreek.icu
188.114.97.3
92.123.104.44
11c9dd52aa0864cd40fa2ab09029613f615aa3f486eb7deb5057db755edd0c20
b721db78299f9aa52ff5c0c0b37d217d718900f6f4a46518dc7960a2d8634015