gthltools.com Open in urlscan Pro
108.179.217.16 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php
Submission: On July 09 via automatic, source openphish (July 9th 2017, 4:53:55 pm UTC)

Summary HTTP 18 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 18 HTTP transactions. The main IP is 108.179.217.16, located in Houston, United States and belongs to CYRUSONE - CyrusOne LLC, US. The main domain is gthltools.com.

This is the only time gthltools.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: USAA (Banking)

Domain & IP information

	IP Address	AS Autonomous System
3	108.179.217.16 108.179.217.16	20013 (CYRUSONE) (CYRUSONE - CyrusOne LLC)
14	104.108.43.121 104.108.43.121	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	2a03:6f00:1::... 2a03:6f00:1::5c35:605e	9123 (TIMEWEB-AS) (TIMEWEB-AS)
18	3

3 108.179.217.16 (Houston, United States)

ASN20013 (CYRUSONE - CyrusOne LLC, US)
PTR: server.indianfzoo.com

gthltools.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 104.108.43.121 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-43-121.deploy.static.akamaitechnologies.com

content.usaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:6f00:1::5c35:605e (Russian Federation)

ASN9123 (TIMEWEB-AS, RU)

konyakov.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	usaa.com content.usaa.com	153 KB
3	gthltools.com gthltools.com	39 KB
1	konyakov.ru konyakov.ru
18	3

	Domain	Requested by
14	content.usaa.com	gthltools.com
3	gthltools.com	gthltools.com
1	konyakov.ru	gthltools.com
18	3

This site contains links to these domains. Also see Links.

Domain
www.usaa.com

Subject Issuer	Validity	Valid
www.usaa.com Symantec Class 3 EV SSL CA - G3	`2017-01-31` - `2018-03-01`	a year	crt.sh
konyakov.ru Let's Encrypt Authority X3	`2017-05-08` - `2017-08-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php
Frame ID: 20954.1
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

18
Requests

83 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

192 kB
Transfer

365 kB
Size

0
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.usaa.com/inet/ent_home/CpHome

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_utils/McStaticPages?key=security_guarantee

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_logon/Logon
Title: Log On

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_contactus/CpLevelZeroContactUs?ContactUsPageId=PublicContactUs
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_logon/Logon?action=INIT

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_utils/McStaticPages?key=become_member_main
Title:

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_utils/McStaticPages?key=products_services_main
Title:

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_utils/McStaticPages?key=advice_planning_main
Title:

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_utils/McStaticPages?key=privacy_promise
Title: USAA Privacy Promise

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request 3

http://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js
https://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request verify.php Show response
gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/ 39 KB
39 KB 816ms
696ms Document
text/html 108.179.217.16
CyrusOne LLC

General

Check archive.org

Show headers Download Go to

Full URL: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php
Protocol: HTTP/1.1
Server: 108.179.217.16 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS: server.indianfzoo.com
Software: Apache /
Resource Hash: fef2fe5a2d0562122696bcd00cd516669674a110cc36a7b6dc44284fc53d550f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Sun, 09 Jul 2017 16:53:43 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
S 200 styles_member.css
content.usaa.com/mcontent/static_assets/Includes/ 229 KB
61 KB 10ms
9ms Stylesheet
text/css 104.108.43.121
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365

Requested by

Host: gthltools.com
URL: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.43.121 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-43-121.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

cf917e6584c25268532088c8b75a43c19b25f48698acdde6322dacda3bacac17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Sun, 09 Jul 2017 16:53:44 GMT
content-encoding: gzip
last-modified: Thu, 02 Mar 2017 16:39:30 GMT
server: USAA-Integrity
etag: "394fc-549c212b6b480"
vary: Accept-Encoding
p3p: policyref="https://www.usaa.com/w3c/USAA_Full_P3P_Policy.xml", CP="IDC DSP COR CUR ADM DEV CUS DEV PSA IVA CON HIS TEL OPT OUR SAM IND PRE"
status: 200
cache-control: max-age=551316
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-type: text/css
content-length: 62237

GET
H/1.1 404
Not Found cp_help_popup.js
gthltools.com/javascript/ 0
0 235ms
118ms Script
text/html 108.179.217.16
CyrusOne LLC

General

Check archive.org

Show headers Download Go to

Full URL: http://gthltools.com/javascript/cp_help_popup.js?cacheid=1480593172
Requested by: Host: gthltools.com
URL: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php
Protocol: HTTP/1.1
Server: 108.179.217.16 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS: server.indianfzoo.com
Software: Apache /
Resource Hash

Request headers

Referer: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Sun, 09 Jul 2017 16:53:44 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 74
Content-Type: text/html

GET
H/1.1 404
Not Found cp_std.js
gthltools.com/javascript/ 0
0 239ms
119ms Script
text/html 108.179.217.16
CyrusOne LLC

General

Check archive.org

Show headers Download Go to

Full URL: http://gthltools.com/javascript/cp_std.js?cacheid=1367496106
Requested by: Host: gthltools.com
URL: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php
Protocol: HTTP/1.1
Server: 108.179.217.16 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS: server.indianfzoo.com
Software: Apache /
Resource Hash

Request headers

Referer: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Sun, 09 Jul 2017 16:53:44 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 74
Content-Type: text/html

GET
H/1.1

404
Not Found

gen_validatorv4.js
konyakov.ru/pubs/js/javascript_form/
Redirect Chain

http://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js
https://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js

0
0

298ms
297ms

Script
text/html

2a03:6f00:1::5c35:605e
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js
Requested by: Host: gthltools.com
URL: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a03:6f00:1::5c35:605e , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.12.0 / PHP/5.6.30
Resource Hash

Request headers

Referer: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Sun, 09 Jul 2017 16:53:44 GMT
Content-Encoding: gzip
Server: nginx/1.12.0
X-Powered-By: PHP/5.6.30
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Link: <https://konyakov.ru/wp-json/>; rel="https://api.w.org/"
Expires: Wed, 11 Jan 1984 05:00:00 GMT

Redirect headers

Location: https://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js
Date: Sun, 09 Jul 2017 16:53:44 GMT
Server: nginx/1.12.0
Connection: keep-alive
Content-Length: 161
Content-Type: text/html

GET
S 200 logo.gif
content.usaa.com/mcontent/static_assets/Media/ 939 B
957 B 8ms
8ms Image
image/gif 104.108.43.121
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/logo.gif?cacheid=2017356039

Requested by

Host: gthltools.com
URL: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.43.121 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-43-121.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

fffd476414b0ee0dbed2113d4bd85a2139316998339b9bcfb2017273670e068b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Sun, 09 Jul 2017 16:53:44 GMT
last-modified: Wed, 18 Sep 2013 18:36:35 GMT
server: USAA-Integrity
etag: "3ab-4e6acb78bd2c0"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
cache-control: max-age=592388
accept-ranges: bytes
content-length: 939

GET
S 200 navHomeActive.gif
content.usaa.com/mcontent/static_assets/Media/ 2 KB
2 KB 8ms
8ms Image
image/gif 104.108.43.121
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/navHomeActive.gif?cacheid=2545320478

Requested by

Host: gthltools.com
URL: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.43.121 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-43-121.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

4b84ff7250d75fb3e9340e2427c05dfd91c7c570755d5db1c9ce4029656373c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Sun, 09 Jul 2017 16:53:44 GMT
last-modified: Wed, 18 Sep 2013 18:36:36 GMT
server: USAA-Integrity
etag: "740-4e6acb79b1500"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
cache-control: max-age=551287
accept-ranges: bytes
content-length: 1856

GET
S 200 navBecomeAMember.gif
content.usaa.com/mcontent/static_assets/Media/ 3 KB
3 KB 9ms
9ms Image
image/gif 104.108.43.121
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/navBecomeAMember.gif?cacheid=3489125172

Requested by

Host: gthltools.com
URL: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.43.121 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-43-121.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

605a9493ce7d174eec486de8febf29f2c9c4d532ee60928becfbfc3d43f5a75d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Sun, 09 Jul 2017 16:53:44 GMT
last-modified: Wed, 18 Sep 2013 18:36:36 GMT
server: USAA-Integrity
etag: "d1e-4e6acb79b1500"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
cache-control: max-age=551343
accept-ranges: bytes
content-length: 3358

GET
S 200 navProducts.gif
content.usaa.com/mcontent/static_assets/Media/ 3 KB
3 KB 9ms
9ms Image
image/gif 104.108.43.121
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/navProducts.gif?cacheid=1297678753

Requested by

Host: gthltools.com
URL: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.43.121 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-43-121.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

154406c4b4526e7c37b144bd7252e740779ecdbd243dfb90847f7b8ab76bcb1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Sun, 09 Jul 2017 16:53:44 GMT
last-modified: Wed, 18 Sep 2013 18:32:28 GMT
server: USAA-Integrity
etag: "dc0-4e6aca8d2e700"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
cache-control: max-age=551289
accept-ranges: bytes
content-length: 3520

GET
S 200 navAdvice.gif
content.usaa.com/mcontent/static_assets/Media/ 3 KB
3 KB 9ms
9ms Image
image/gif 104.108.43.121
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/navAdvice.gif?cacheid=3226499640

Requested by

Host: gthltools.com
URL: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.43.121 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-43-121.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

458e9ad7e6fb54020f8b8a8a12b60a1bd39fb0b1a3589e5a9de17a4b4acef577

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Sun, 09 Jul 2017 16:53:44 GMT
last-modified: Wed, 18 Sep 2013 18:32:27 GMT
server: USAA-Integrity
etag: "ac2-4e6aca8c3a4c0"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
cache-control: max-age=551269
accept-ranges: bytes
content-length: 2754

GET
S 200 g_transparent.gif
content.usaa.com/mcontent/static_assets/Media/ 43 B
61 B 8ms
8ms Image
image/gif 104.108.43.121
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/g_transparent.gif?cacheid=3007383100

Requested by

Host: gthltools.com
URL: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.43.121 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-43-121.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Sun, 09 Jul 2017 16:53:44 GMT
last-modified: Sun, 15 Sep 2013 17:27:35 GMT
server: USAA-Integrity
etag: "2b-4e66f67424fc0"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
cache-control: max-age=551323
accept-ranges: bytes
content-length: 43

GET
S 200 styles_member_print.css
content.usaa.com/mcontent/static_assets/Includes/ 7 KB
2 KB 8ms
8ms Stylesheet
text/css 104.108.43.121
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://content.usaa.com/mcontent/static_assets/Includes/styles_member_print.css?cacheid=2197796005

Requested by

Host: gthltools.com
URL: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.43.121 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-43-121.deploy.static.akamaitechnologies.com

Software

USAA-Integrity /

Resource Hash

ce83e2946576f73af8c783ee5b17b2a7019dda1d98bae6979a4545f340612a09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Sun, 09 Jul 2017 16:53:44 GMT
content-encoding: gzip
last-modified: Wed, 27 Aug 2014 14:11:14 GMT
server: USAA-Integrity
etag: "1da3-5019cfe264480"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=551375
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 2415

GET
S 200 background_general_fb.png
content.usaa.com/mcontent/static_assets/Media/ 3 KB
3 KB 8ms
8ms Image
image/png 104.108.43.121
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/background_general_fb.png

Requested by

Host: gthltools.com
URL: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.43.121 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-43-121.deploy.static.akamaitechnologies.com

Software

USAA-Service /

Resource Hash

e2e04a8e937f5b74a4c50cb7592a8e0bba54b40818d44e43ffd5c40c6b4fe72a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Sun, 09 Jul 2017 16:53:45 GMT
last-modified: Mon, 16 Sep 2013 11:24:14 GMT
server: USAA-Service
etag: "b13-4e67e71a8d380"
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
cache-control: max-age=581943
accept-ranges: bytes
content-length: 2835

GET
S 200 usaa-sprite-globalNav_v2.png
content.usaa.com/mcontent/static_assets/Media/ 56 KB
56 KB 12ms
12ms Image
image/png 104.108.43.121
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/usaa-sprite-globalNav_v2.png?cacheid=201011301710

Requested by

Host: gthltools.com
URL: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.43.121 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-43-121.deploy.static.akamaitechnologies.com

Software

USAA-Service /

Resource Hash

522a5fe0b1921acbaa0925b2a50fa141b0719797d5c552ffc150415c7c44d23b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Sun, 09 Jul 2017 16:53:45 GMT
last-modified: Fri, 13 Feb 2015 21:43:34 GMT
server: USAA-Service
etag: "e14a-50eff20d78d80"
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
cache-control: max-age=581873
accept-ranges: bytes
content-length: 57674

GET
S 200 vh_navBG.gif
content.usaa.com/mcontent/static_assets/Media/ 547 B
565 B 15ms
15ms Image
image/gif 104.108.43.121
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/vh_navBG.gif

Requested by

Host: gthltools.com
URL: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.43.121 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-43-121.deploy.static.akamaitechnologies.com

Software

USAA-Service /

Resource Hash

1d8dd235b4f8111a5735ac6ba96b29a3dfb2850ce00fb202a88a8fd5174f8215

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Sun, 09 Jul 2017 16:53:45 GMT
last-modified: Sun, 15 Sep 2013 20:02:41 GMT
server: USAA-Service
etag: "223-4e67191f09a40"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
cache-control: max-age=548454
accept-ranges: bytes
content-length: 547

GET
S 200 bgRightColWrapper.gif
content.usaa.com/mcontent/static_assets/Media/ 89 B
107 B 18ms
18ms Image
image/gif 104.108.43.121
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/bgRightColWrapper.gif

Requested by

Host: gthltools.com
URL: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.43.121 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-43-121.deploy.static.akamaitechnologies.com

Software

USAA-Service /

Resource Hash

a1ad84a27b9eb878f2f2c0507b98592d9bb849014c7b989d78e4d04599b65516

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Sun, 09 Jul 2017 16:53:45 GMT
last-modified: Sun, 15 Sep 2013 18:25:39 GMT
server: USAA-Service
etag: "59-4e67036ebeec0"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
cache-control: max-age=582160
accept-ranges: bytes
content-length: 89

GET
S 200 misc_nav_ctaButtonSpriteV1.png
content.usaa.com/mcontent/static_assets/Media/ 11 KB
11 KB 16ms
15ms Image
image/png 104.108.43.121
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/misc_nav_ctaButtonSpriteV1.png

Requested by

Host: gthltools.com
URL: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.43.121 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-43-121.deploy.static.akamaitechnologies.com

Software

USAA-Service /

Resource Hash

5db7cec2666ed4b479df4c975a28bf84716c09f4a2bcfdafd3c628f49d3f5790

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Sun, 09 Jul 2017 16:53:45 GMT
last-modified: Fri, 18 Apr 2014 13:44:10 GMT
server: USAA-Service
etag: "2a1c-4f7515823de80"
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
cache-control: max-age=581793
accept-ranges: bytes
content-length: 10780

GET
S 200 iconMemberMd_sprite_06142008.png
content.usaa.com/mcontent/static_assets/Media/ 7 KB
7 KB 17ms
17ms Image
image/png 104.108.43.121
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.usaa.com/mcontent/static_assets/Media/iconMemberMd_sprite_06142008.png

Requested by

Host: gthltools.com
URL: http://gthltools.com/d74a64d6ebb1b621805f52d4c06583ad/Love/verify.php

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.43.121 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-43-121.deploy.static.akamaitechnologies.com

Software

USAA-Service /

Resource Hash

296dbc9d6e1ce1324e9decaca34a29285ee1c273daf46170ad23225121b5c4ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Sun, 09 Jul 2017 16:53:45 GMT
last-modified: Mon, 16 Sep 2013 07:53:52 GMT
server: USAA-Service
etag: "1b0b-4e67b81546400"
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
cache-control: max-age=583625
accept-ranges: bytes
content-length: 6923

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: USAA (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

content.usaa.com
gthltools.com
konyakov.ru
104.108.43.121
108.179.217.16
2a03:6f00:1::5c35:605e
154406c4b4526e7c37b144bd7252e740779ecdbd243dfb90847f7b8ab76bcb1a
1d8dd235b4f8111a5735ac6ba96b29a3dfb2850ce00fb202a88a8fd5174f8215
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
296dbc9d6e1ce1324e9decaca34a29285ee1c273daf46170ad23225121b5c4ec
458e9ad7e6fb54020f8b8a8a12b60a1bd39fb0b1a3589e5a9de17a4b4acef577
4b84ff7250d75fb3e9340e2427c05dfd91c7c570755d5db1c9ce4029656373c8
522a5fe0b1921acbaa0925b2a50fa141b0719797d5c552ffc150415c7c44d23b
5db7cec2666ed4b479df4c975a28bf84716c09f4a2bcfdafd3c628f49d3f5790
605a9493ce7d174eec486de8febf29f2c9c4d532ee60928becfbfc3d43f5a75d
a1ad84a27b9eb878f2f2c0507b98592d9bb849014c7b989d78e4d04599b65516
ce83e2946576f73af8c783ee5b17b2a7019dda1d98bae6979a4545f340612a09
cf917e6584c25268532088c8b75a43c19b25f48698acdde6322dacda3bacac17
e2e04a8e937f5b74a4c50cb7592a8e0bba54b40818d44e43ffd5c40c6b4fe72a
fef2fe5a2d0562122696bcd00cd516669674a110cc36a7b6dc44284fc53d550f
fffd476414b0ee0dbed2113d4bd85a2139316998339b9bcfb2017273670e068b

gthltools.com Open in urlscan Pro 108.179.217.16 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

18 Requests

83 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

192 kBTransfer

365 kBSize

0 Cookies

9 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

gthltools.com Open in urlscan Pro
108.179.217.16 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

83 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

192 kB
Transfer

365 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!