metalusa.dev.loba.com Open in urlscan Pro
89.114.215.36 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen
Submission: On April 13 via automatic, source openphish (April 13th 2023, 4:34:20 am UTC) — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 15 HTTP transactions. The main IP is 89.114.215.36, located in Porto, Portugal and belongs to VODAFONE-PT Vodafone Portugal, PT. The main domain is metalusa.dev.loba.com.
TLS certificate: Issued by R3 on March 6th 2023. Valid for: 3 months.

This is the only time metalusa.dev.loba.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Cox (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
2 14	89.114.215.36 89.114.215.36	12353 (VODAFONE-...) (VODAFONE-PT Vodafone Portugal)
2	18.66.147.4 18.66.147.4	16509 (AMAZON-02) (AMAZON-02)
1	18.66.147.25 18.66.147.25	16509 (AMAZON-02) (AMAZON-02)
15	3

14 89.114.215.36 (Porto, Portugal) 2 redirects

ASN12353 (VODAFONE-PT Vodafone Portugal, PT)
PTR: 36.215.114.89.rev.vodafone.pt

metalusa.dev.loba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.147.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-4.fra60.r.cloudfront.net

global.oktacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-25.fra60.r.cloudfront.net

gateway.foresee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	loba.com 2 redirects metalusa.dev.loba.com	664 KB
2	oktacdn.com global.oktacdn.com — Cisco Umbrella Rank: 10844	47 KB
1	foresee.com gateway.foresee.com — Cisco Umbrella Rank: 5751	3 KB
15	3

	Domain	Requested by
14	metalusa.dev.loba.com	2 redirects metalusa.dev.loba.com
2	global.oktacdn.com	metalusa.dev.loba.com global.oktacdn.com
1	gateway.foresee.com	metalusa.dev.loba.com
15	3

This site contains no links.

Subject Issuer	Validity	Valid
metalusa.dev.loba.com R3	`2023-03-06` - `2023-06-04`	3 months	crt.sh
*.oktacdn.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-03` - `2024-01-02`	a year	crt.sh
foresee.com Amazon RSA 2048 M01	`2023-03-01` - `2023-06-26`	4 months	crt.sh

This page contains 1 frames:

Primary Page: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen
Frame ID: 4A874C24B69E41BF3F3FD7E4034DB88E
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cox Login - Sign Into Your Cox Account

Page URL History Show full URLs

https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen HTTP 302
https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/ HTTP 302
https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen Page URL

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

713 kB
Transfer

886 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen HTTP 302
https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/ HTTP 302
https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request authen Show response
metalusa.dev.loba.com/wp-admin/includes/cox1/0/
Redirect Chain

https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen
https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/
https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen

27 KB
5 KB

128ms
128ms

Document
text/html

89.114.215.36
VODAFONE-PT Vodaf...

General

Check archive.org

Show headers Download Go to

Full URL

https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

89.114.215.36 Porto, Portugal, ASN12353 (VODAFONE-PT Vodafone Portugal, PT),

Reverse DNS

36.215.114.89.rev.vodafone.pt

Software

nginx / PHP/7.4.33 PleskLin

Resource Hash

0bb8f63fe74d7fe2c42695d4976ce4ac46398e2d0364a88d7e7e20a91e8d7a60

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 4775
Content-Type: text/html; charset=UTF-8
Date: Thu, 13 Apr 2023 04:34:15 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=15768000; includeSubDomains
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.33 PleskLin
X-Robots-Tag: noindex,nofollow

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Thu, 13 Apr 2023 04:34:15 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=15768000; includeSubDomains
X-Powered-By: PHP/7.4.33 PleskLin
X-Robots-Tag: noindex,nofollow

GET
H2 200 okta-sign-in.min.css
global.oktacdn.com/okta-signin-widget/3.8.2/css/ 180 KB
26 KB 53ms
8ms Stylesheet
text/css 18.66.147.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://global.oktacdn.com/okta-signin-widget/3.8.2/css/okta-sign-in.min.css

Requested by

Host: metalusa.dev.loba.com
URL: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.4 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-4.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

68ef764e2d683a2b137e78e7b4a96cc195e229729bf9f82ad7b92eb0892b3a06

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metalusa.dev.loba.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: VioymT0ami6RAq5l.msmhnEwxweXAIS1
strict-transport-security: max-age=315360000
x-content-type-options: nosniff
date: Thu, 13 Apr 2023 04:25:25 GMT
content-encoding: gzip
x-amz-cf-pop: FRA60-P4
age: 1701
via: 1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 20 Mar 2020 02:19:40 GMT
server: AmazonS3
etag: W/"92cb194fd7896eb0997c23a4a3dbb596"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public,max-age=31536000,s-maxage=1814400
x-amz-cf-id: -eUJkC5UbFaZSCpEvzxqEYJrsJ72cjcy4HnAryEGR2HctqBar6y97w==

GET
H/1.1 200
OK flex-presentation.css
metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/ 173 KB
173 KB 139ms
138ms Stylesheet
text/css 89.114.215.36
VODAFONE-PT Vodaf...

General

Check archive.org

Show headers Download Go to

Full URL

https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/flex-presentation.css

Requested by

Host: metalusa.dev.loba.com
URL: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

89.114.215.36 Porto, Portugal, ASN12353 (VODAFONE-PT Vodafone Portugal, PT),

Reverse DNS

36.215.114.89.rev.vodafone.pt

Software

nginx / PleskLin

Resource Hash

4456f76512cd54420bbc6cd0b1f92db6f087ca96ca2cde36974f7cd6b3edb4f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 13 Apr 2023 04:34:15 GMT
Strict-Transport-Security: max-age=15768000; includeSubDomains
Last-Modified: Tue, 24 Aug 2021 05:57:06 GMT
Server: nginx
ETag: "61248a32-2b22b"
X-Powered-By: PleskLin
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 176683

GET
H/1.1 200
OK cox-residential-aemapp.css
metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/ 424 KB
425 KB 232ms
140ms Stylesheet
text/css 89.114.215.36
VODAFONE-PT Vodaf...

General

Check archive.org

Show headers Download Go to

Full URL

https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/cox-residential-aemapp.css

Requested by

Host: metalusa.dev.loba.com
URL: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

89.114.215.36 Porto, Portugal, ASN12353 (VODAFONE-PT Vodafone Portugal, PT),

Reverse DNS

36.215.114.89.rev.vodafone.pt

Software

nginx / PleskLin

Resource Hash

c762adc41ad599e970d9abfa68241385a659911d11e96f152670620995d68f5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 13 Apr 2023 04:34:15 GMT
Strict-Transport-Security: max-age=15768000; includeSubDomains
Last-Modified: Tue, 24 Aug 2021 05:57:04 GMT
Server: nginx
ETag: "61248a30-6a177"
X-Powered-By: PleskLin
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 434551

GET
H/1.1 200
OK flex2text-styles.min.css
metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/ 5 KB
5 KB 187ms
95ms Stylesheet
text/css 89.114.215.36
VODAFONE-PT Vodaf...

General

Check archive.org

Show headers Download Go to

Full URL

https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/flex2text-styles.min.css

Requested by

Host: metalusa.dev.loba.com
URL: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

89.114.215.36 Porto, Portugal, ASN12353 (VODAFONE-PT Vodafone Portugal, PT),

Reverse DNS

36.215.114.89.rev.vodafone.pt

Software

nginx / PleskLin

Resource Hash

b4929a2cc0087f4dc4362c4560fd1fb087168a026c0e798bbc869072ba0c2376

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 13 Apr 2023 04:34:15 GMT
Strict-Transport-Security: max-age=15768000; includeSubDomains
Last-Modified: Tue, 24 Aug 2021 05:57:06 GMT
Server: nginx
ETag: "61248a32-1407"
X-Powered-By: PleskLin
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5127

GET
H/1.1 200
OK overrides.min.css
metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/ 49 KB
49 KB 235ms
142ms Stylesheet
text/css 89.114.215.36
VODAFONE-PT Vodaf...

General

Check archive.org

Show headers Download Go to

Full URL

https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/overrides.min.css

Requested by

Host: metalusa.dev.loba.com
URL: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

89.114.215.36 Porto, Portugal, ASN12353 (VODAFONE-PT Vodafone Portugal, PT),

Reverse DNS

36.215.114.89.rev.vodafone.pt

Software

nginx / PleskLin

Resource Hash

8c4a03e412933e80d79287abd90e2674bf51d408c30e49b850239b2378d7e899

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 13 Apr 2023 04:34:15 GMT
Strict-Transport-Security: max-age=15768000; includeSubDomains
Last-Modified: Tue, 24 Aug 2021 05:57:08 GMT
Server: nginx
ETag: "61248a34-c45e"
X-Powered-By: PleskLin
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 50270

GET
H/1.1 200
OK shield-keyhole.svg
metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/img/ 3 KB
3 KB 190ms
99ms Image
image/svg+xml 89.114.215.36
VODAFONE-PT Vodaf...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/img/shield-keyhole.svg

Requested by

Host: metalusa.dev.loba.com
URL: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

89.114.215.36 Porto, Portugal, ASN12353 (VODAFONE-PT Vodafone Portugal, PT),

Reverse DNS

36.215.114.89.rev.vodafone.pt

Software

nginx / PleskLin

Resource Hash

94fef297efe599f43e614bb422c319590cdcd221422516d454a73a754d689d58

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 13 Apr 2023 04:34:15 GMT
Strict-Transport-Security: max-age=15768000; includeSubDomains
Last-Modified: Tue, 24 Aug 2021 05:57:16 GMT
Server: nginx
ETag: "61248a3c-aed"
X-Powered-By: PleskLin
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2797

GET
H2 200 oo_icon_white.gif
gateway.foresee.com/code/5.10.4-oo/ 2 KB
3 KB 52ms
7ms Image
image/gif 18.66.147.25
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gateway.foresee.com/code/5.10.4-oo/oo_icon_white.gif
Requested by: Host: metalusa.dev.loba.com
URL: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-25.fra60.r.cloudfront.net
Software: /
Resource Hash: c3f012ffdb0be6fe0417057e7debc8c5129eed0476fd765cd93f234bb2cf77a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metalusa.dev.loba.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 13:43:08 GMT
via: 1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 658267
x-cache: Hit from cloudfront
status: 200
content-length: 2247
last-modified: Thu, 24 Jun 2021 17:07:14 GMT
etag: "f12d8abbdb0cb10ebe21199595d28c4b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=2419200
access-control-allow-headers: X-Requested-With
x-amz-cf-id: Xrp4tupc2lKzQ_XaKCaFWt3TgVnu_kzLCGtut4o-VpMbIymMblJjAw==
expires: Wed, 03 May 2023 13:43:08 GMT

GET
H/1.1 200
OK cox_logo.png
metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/img/ 2 KB
2 KB 98ms
98ms Image
image/png 89.114.215.36
VODAFONE-PT Vodaf...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/img/cox_logo.png

Requested by

Host: metalusa.dev.loba.com
URL: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

89.114.215.36 Porto, Portugal, ASN12353 (VODAFONE-PT Vodafone Portugal, PT),

Reverse DNS

36.215.114.89.rev.vodafone.pt

Software

nginx / PleskLin

Resource Hash

d60826499153bf6fcb4e8a8809d3b10d737cf4990ee4a0c8d796af7d5c0a9175

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/authen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 13 Apr 2023 04:34:15 GMT
Strict-Transport-Security: max-age=15768000; includeSubDomains
Last-Modified: Tue, 24 Aug 2021 05:57:12 GMT
Server: nginx
ETag: "61248a38-749"
X-Powered-By: PleskLin
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1865

GET
H/1.1 200
OK checkbox-default.svg
metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/img/ 270 B
645 B 95ms
95ms Image
image/svg+xml 89.114.215.36
VODAFONE-PT Vodaf...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/img/checkbox-default.svg

Requested by

Host: metalusa.dev.loba.com
URL: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/cox-residential-aemapp.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

89.114.215.36 Porto, Portugal, ASN12353 (VODAFONE-PT Vodafone Portugal, PT),

Reverse DNS

36.215.114.89.rev.vodafone.pt

Software

nginx / PleskLin

Resource Hash

e5647edf02795dbd3d4fb9f5c38e1ffefa0d563c31c9cc060db7320e28bf9844

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/cox-residential-aemapp.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 13 Apr 2023 04:34:15 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=15768000; includeSubDomains
Last-Modified: Tue, 24 Aug 2021 05:57:12 GMT
Server: nginx
X-Accel-Version: 0.01
ETag: "10e-5ca47ce0cfe00-gzip"
X-Powered-By: PleskLin
Vary: Accept-Encoding
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: noindex,nofollow
Content-Length: 210

GET
H2 200 okticon.woff
global.oktacdn.com/okta-signin-widget/3.8.2/font/ 20 KB
21 KB 21ms
7ms Font
application/octet-stream 18.66.147.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://global.oktacdn.com/okta-signin-widget/3.8.2/font/okticon.woff

Requested by

Host: global.oktacdn.com
URL: https://global.oktacdn.com/okta-signin-widget/3.8.2/css/okta-sign-in.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.4 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-4.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

7eccbb3b4b68f9f24a3b826f2eea4a1bbb48196cb734afc1b62c3d045cb680e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000
X-Content-Type-Options	nosniff

Request headers

Referer: https://global.oktacdn.com/okta-signin-widget/3.8.2/css/okta-sign-in.min.css
Origin: https://metalusa.dev.loba.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: dDQhkYt0RHrEVEp9cvTtLweQzsWLGlTl
strict-transport-security: max-age=315360000
x-content-type-options: nosniff
date: Wed, 12 Apr 2023 09:58:46 GMT
via: 1.1 a3c1615d6bdfc01a05a0b3a742d10d38.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 66930
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 20600
last-modified: Fri, 20 Mar 2020 02:19:41 GMT
server: AmazonS3
etag: "db28723126138387cdf40680e6e0fa5d"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public,max-age=31536000,s-maxage=1814400
accept-ranges: bytes
x-amz-cf-id: DXeygE-yLrSMMKQHVtL9qP1o9T_3xJRXRgT2yjbNO-MKOTZx0FrUyw==

GET
H/1.1 404
Not Found OpenSans-Regular-webfont.woff
metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/fonts/ 0
0 107ms
107ms Font
text/html 89.114.215.36
VODAFONE-PT Vodaf...

General

Check archive.org

Show headers Download Go to

Full URL

https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/fonts/OpenSans-Regular-webfont.woff

Requested by

Host: metalusa.dev.loba.com
URL: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/flex-presentation.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

89.114.215.36 Porto, Portugal, ASN12353 (VODAFONE-PT Vodafone Portugal, PT),

Reverse DNS

36.215.114.89.rev.vodafone.pt

Software

nginx / PHP/7.4.33

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/flex-presentation.css
Origin: https://metalusa.dev.loba.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 13 Apr 2023 04:34:15 GMT
Strict-Transport-Security: max-age=15768000; includeSubDomains
Server: nginx
X-Powered-By: PHP/7.4.33
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Robots-Tag: noindex,nofollow
Content-Length: 0

GET
H/1.1 404
Not Found OpenSans-Semibold-webfont.woff
metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/fonts/ 0
0 115ms
115ms Font
text/html 89.114.215.36
VODAFONE-PT Vodaf...

General

Check archive.org

Show headers Download Go to

Full URL

https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/fonts/OpenSans-Semibold-webfont.woff

Requested by

Host: metalusa.dev.loba.com
URL: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/flex-presentation.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

89.114.215.36 Porto, Portugal, ASN12353 (VODAFONE-PT Vodafone Portugal, PT),

Reverse DNS

36.215.114.89.rev.vodafone.pt

Software

nginx / PHP/7.4.33

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/flex-presentation.css
Origin: https://metalusa.dev.loba.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 13 Apr 2023 04:34:15 GMT
Strict-Transport-Security: max-age=15768000; includeSubDomains
Server: nginx
X-Powered-By: PHP/7.4.33
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Robots-Tag: noindex,nofollow
Content-Length: 0

GET
H/1.1 404
Not Found OpenSans-Regular-webfont.ttf
metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/fonts/ 0
0 108ms
107ms Font
text/html 89.114.215.36
VODAFONE-PT Vodaf...

General

Check archive.org

Show headers Download Go to

Full URL

https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/fonts/OpenSans-Regular-webfont.ttf

Requested by

Host: metalusa.dev.loba.com
URL: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/flex-presentation.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

89.114.215.36 Porto, Portugal, ASN12353 (VODAFONE-PT Vodafone Portugal, PT),

Reverse DNS

36.215.114.89.rev.vodafone.pt

Software

nginx / PHP/7.4.33

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/flex-presentation.css
Origin: https://metalusa.dev.loba.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 13 Apr 2023 04:34:15 GMT
Strict-Transport-Security: max-age=15768000; includeSubDomains
Server: nginx
X-Powered-By: PHP/7.4.33
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Robots-Tag: noindex,nofollow
Content-Length: 0

GET
H/1.1 404
Not Found OpenSans-Semibold-webfont.ttf
metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/fonts/ 0
0 106ms
105ms Font
text/html 89.114.215.36
VODAFONE-PT Vodaf...

General

Check archive.org

Show headers Download Go to

Full URL

https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/fonts/OpenSans-Semibold-webfont.ttf

Requested by

Host: metalusa.dev.loba.com
URL: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/flex-presentation.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

89.114.215.36 Porto, Portugal, ASN12353 (VODAFONE-PT Vodafone Portugal, PT),

Reverse DNS

36.215.114.89.rev.vodafone.pt

Software

nginx / PHP/7.4.33

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/flex-presentation.css
Origin: https://metalusa.dev.loba.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 13 Apr 2023 04:34:15 GMT
Strict-Transport-Security: max-age=15768000; includeSubDomains
Server: nginx
X-Powered-By: PHP/7.4.33
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Robots-Tag: noindex,nofollow
Content-Length: 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Cox (Telecommunication)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| now number| year

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			metalusa.dev.loba.com/	1970-01-20 11:02:47	Name: cazanova Value: jek4af2npjcmi7o84v1idme3kchaoheh

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/fonts/OpenSans-Regular-webfont.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/fonts/OpenSans-Semibold-webfont.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/fonts/OpenSans-Regular-webfont.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://metalusa.dev.loba.com/wp-admin/includes/cox1/0/assets/css/fonts/OpenSans-Semibold-webfont.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

gateway.foresee.com
global.oktacdn.com
metalusa.dev.loba.com
18.66.147.25
18.66.147.4
89.114.215.36
0bb8f63fe74d7fe2c42695d4976ce4ac46398e2d0364a88d7e7e20a91e8d7a60
4456f76512cd54420bbc6cd0b1f92db6f087ca96ca2cde36974f7cd6b3edb4f4
68ef764e2d683a2b137e78e7b4a96cc195e229729bf9f82ad7b92eb0892b3a06
7eccbb3b4b68f9f24a3b826f2eea4a1bbb48196cb734afc1b62c3d045cb680e1
8c4a03e412933e80d79287abd90e2674bf51d408c30e49b850239b2378d7e899
94fef297efe599f43e614bb422c319590cdcd221422516d454a73a754d689d58
b4929a2cc0087f4dc4362c4560fd1fb087168a026c0e798bbc869072ba0c2376
c3f012ffdb0be6fe0417057e7debc8c5129eed0476fd765cd93f234bb2cf77a3
c762adc41ad599e970d9abfa68241385a659911d11e96f152670620995d68f5e
d60826499153bf6fcb4e8a8809d3b10d737cf4990ee4a0c8d796af7d5c0a9175
e5647edf02795dbd3d4fb9f5c38e1ffefa0d563c31c9cc060db7320e28bf9844

metalusa.dev.loba.com Open in urlscan Pro 89.114.215.36 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

15 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

713 kBTransfer

886 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

4 Console Messages

Security Headers

Indicators

metalusa.dev.loba.com Open in urlscan Pro
89.114.215.36 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

713 kB
Transfer

886 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!