steelltreu.com
Open in
urlscan Pro
91.234.99.223
Malicious Activity!
Public Scan
Submission: On August 24 via manual from HU
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on August 11th 2020. Valid for: 3 months.
This is the only time steelltreu.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 91.234.99.223 91.234.99.223 | 213058 (PIHL-AS) (PIHL-AS) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:1b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
7 | 2606:4700::68... 2606:4700::6810:7eaf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
12 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
unpkg.com
unpkg.com |
8 KB |
4 |
steelltreu.com
steelltreu.com |
23 KB |
1 |
jquery.com
code.jquery.com |
30 KB |
12 | 3 |
Domain | Requested by | |
---|---|---|
7 | unpkg.com |
steelltreu.com
unpkg.com |
4 | steelltreu.com |
steelltreu.com
|
1 | code.jquery.com |
steelltreu.com
|
12 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.steelltreu.com Let's Encrypt Authority X3 |
2020-08-11 - 2020-11-09 |
3 months | crt.sh |
jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-08-02 - 2021-08-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://steelltreu.com/up/da/te/?email=user@host
Frame ID: 2260F0B7FBC2CB2060A992827839FA23
Requests: 12 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
steelltreu.com/up/da/te/ |
2 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
skeleton.css
steelltreu.com/up/da/te/css/ |
11 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
normalize.css
steelltreu.com/up/da/te/css/ |
8 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
skin.css
steelltreu.com/up/da/te/css/ |
566 B 807 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionicons.js
unpkg.com/ionicons@5.1.2/dist/ |
962 B 451 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionicons.esm.js
unpkg.com/ionicons@5.1.2/dist/ionicons/ |
291 B 325 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p-6f4eae92.js
unpkg.com/ionicons@5.1.2/dist/ionicons/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p-4372c4bc.js
unpkg.com/ionicons@5.1.2/dist/ionicons/ |
1 KB 726 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p-7815a89a.entry.js
unpkg.com/ionicons@5.1.2/dist/ionicons/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p-27972752.js
unpkg.com/ionicons@5.1.2/dist/ionicons/ |
807 B 552 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mail-outline.svg
unpkg.com/ionicons@5.1.2/dist/ionicons/svg/ |
370 B 268 B |
Fetch
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| __sc_import_ionicons object| Ionicons0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
steelltreu.com
unpkg.com
2001:4de0:ac19::1:b:1b
2606:4700::6810:7eaf
91.234.99.223
556d58b6bb7765a2e765ab463f697eaa4bd1e6a6d08104723d45f792361d5f86
6767311b869d6f91af9a9adddf6239ecfb0e51ff1feb72a92a244dbfa5a1b064
88432d4a953719ca1962f867cc4166caf9e6cdf2da51a540991256d63935fded
8e0e725e5b2423057a9030f062096fc91b93c9f800cecdac21d2b7c989fd22d8
937e1da6a3f1f5f56d7c7f68d47217686d4d73881a6332607eb9769f9e50bc5e
998017d8e261ff05c8beb90beacc69fd6c8071b1695ed87a9a6d33a3b3caa7f5
b763726786f77aa79a0d1e262133b54fb20a4b75f1882a393192933e13408665
d5d3af5437719d1184f672cae7c042ef5d9206a4213fe5de7dddbb8e9a3f42b2
e2ba419e2ea72d3a031f477a09d4ea15d9ab88d8712da4651d06794335c9dfc9
f11a52755120a48fb7ff157530d87a11eea3247736ca2633af62ed9df7b21fe4
f4d7e8250f8f124f8b7d087e5e260766a34b079fddc43e7b20d8c18ca1e92e51
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d