urlscan.io logo urlscan.io
SecurityTrails logo

itbittrust-okta.com Open in urlscan Pro
80.76.49.147  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://itbittrust-okta.com/
Effective URL: https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/signin
Submission: On October 04 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 12 HTTP transactions. The main IP is 80.76.49.147, located in Čačak, Serbia and belongs to VIRTUO, CA. The main domain is itbittrust-okta.com.
TLS certificate: Issued by R10 on October 4th 2024. Valid for: 3 months.
This is the only time itbittrust-okta.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Paxos (Crypto)

Domain & IP information

IP Address AS Autonomous System
1 12 80.76.49.147 399486 (VIRTUO)
1 18.245.31.33 16509 (AMAZON-02)
12 3
Apex Domain
Subdomains		 Transfer
12 itbittrust-okta.com
itbittrust-okta.com
1 MB
1 socket.io
cdn.socket.io — Cisco Umbrella Rank: 37029
15 KB
12 2
Domain Requested by
12 itbittrust-okta.com 1 redirects itbittrust-okta.com
cdn.socket.io
1 cdn.socket.io itbittrust-okta.com
12 2

This site contains links to these domains. Also see Links.

Domain
itbit.okta.com
Subject Issuer Validity Valid
itbittrust-okta.com
R10		 2024-10-04 -
2025-01-02		 3 months crt.sh
cdn.socket.io
Amazon RSA 2048 M02		 2024-09-19 -
2025-10-16		 a year crt.sh

This page contains 1 frames:

Primary Page: https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/signin
Frame ID: 30356146CDBBC658F6F7340521FA53F3
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

itBit/Paxos Trust Company - Sign In

Page URL History Show full URLs

  1. https://itbittrust-okta.com/ HTTP 302
    https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/signin Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • socket\.io.*\.js

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1193 kB
Transfer

2574 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://itbittrust-okta.com/ HTTP 302
    https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/signin Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request signin
itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/
Redirect Chain
  • https://itbittrust-okta.com/
  • https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/signin
942 KB
436 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/signin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
80.76.49.147 Čačak, Serbia, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx / Express
Resource Hash
cb79b12894894a1656f6f931058b58242f50277ae97f7862e571505f194bc8b8
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
content-type
text/html; charset=utf-8
date
Fri, 04 Oct 2024 16:40:30 GMT
etag
W/"eb967-6jF4oSCgn9R//8LTLwrqh9rM6Io"
permissions-policy
interest-cohort=()
referrer-policy
no-referrer-when-downgrade
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-powered-by
Express
x-xss-protection
1; mode=block

Redirect headers

content-length
136
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
content-type
text/html; charset=utf-8
date
Fri, 04 Oct 2024 16:40:30 GMT
location
/oauth2/v1/authorize/settings/dashboard/signin
permissions-policy
interest-cohort=()
referrer-policy
no-referrer-when-downgrade
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept
x-content-type-options
nosniff
x-powered-by
Express
x-xss-protection
1; mode=block
happy.css
itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/ 		1 MB
608 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/happy.css
Requested by
Host: itbittrust-okta.com
URL: https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/signin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
80.76.49.147 Čačak, Serbia, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx / Express
Resource Hash
86b5ee1f33b485307edd013c18431bb6b8f5d00bc76330c150a0efa7a0d209a2
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/signin

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
cache-control
public, max-age=0
content-encoding
gzip
etag
W/"166654-192583c02c8"
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
permissions-policy
interest-cohort=()
date
Fri, 04 Oct 2024 16:40:30 GMT
x-xss-protection
1; mode=block
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
server
nginx
last-modified
Fri, 04 Oct 2024 15:53:00 GMT
x-powered-by
Express
socket.io.min.js
cdn.socket.io/3.1.0/ 		60 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.socket.io/3.1.0/socket.io.min.js
Requested by
Host: itbittrust-okta.com
URL: https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/signin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.31.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-31-33.fra56.r.cloudfront.net
Software
Vercel /
Resource Hash
52c39ac29a79d395e21859f5670c767786815a735c234ca6801d5ba5d18f1d71
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
etag
W/"24c5b6ac56d8d9cc8c194801b852a674"
age
1039591
x-cache
Hit from cloudfront
x-amz-cf-id
ozGSCDPLkoPlLhmlHoiVIzLATLz7YHYO_SX1wbvJC1pqlqKH2Cd1AA==
date
Fri, 27 Sep 2024 22:41:28 GMT
content-type
application/javascript; charset=utf-8
content-disposition
inline; filename="socket.io.min.js"
strict-transport-security
max-age=63072000
cache-control
public, max-age=31536000, immutable
x-vercel-cache
HIT
via
1.1 af3799c72ed879abb7633a4c3e57502e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA56-P8
server
Vercel
x-vercel-id
fra1::dk8h7-1727476888513-0219730c1b37
index.js
itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/index.js
Requested by
Host: itbittrust-okta.com
URL: https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/signin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
80.76.49.147 Čačak, Serbia, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx / Express
Resource Hash
46a47aaf30b6321fb1db26f5bf32b7183163f72f2c15dee84bd12c98d80aa001
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
cache-control
public, max-age=0
content-encoding
gzip
etag
W/"166e-192583bd030"
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
permissions-policy
interest-cohort=()
date
Fri, 04 Oct 2024 16:40:31 GMT
x-xss-protection
1; mode=block
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
nginx
last-modified
Fri, 04 Oct 2024 15:52:47 GMT
x-powered-by
Express
application.png
itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/application.png
Requested by
Host: itbittrust-okta.com
URL: https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/signin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
80.76.49.147 Čačak, Serbia, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx / Express
Resource Hash
4518d4163499e73d57e08bc18164153c19a67be0125432fc400f0d17d3317fe8
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
cache-control
public, max-age=0
etag
W/"535-192583b8b3c"
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
permissions-policy
interest-cohort=()
accept-ranges
bytes
content-length
1333
date
Fri, 04 Oct 2024 16:40:31 GMT
x-xss-protection
1; mode=block
content-type
image/png
x-powered-by
Express
server
nginx
last-modified
Fri, 04 Oct 2024 15:52:30 GMT
logo.png
itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/logo.png
Requested by
Host: itbittrust-okta.com
URL: https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/signin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
80.76.49.147 Čačak, Serbia, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx / Express
Resource Hash
4392ce613ab0ea6f698c05d69cfd0b604fbab22ebc85f74de0cd48091bb5b541
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
cache-control
public, max-age=0
etag
W/"3a41-192583b824c"
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
permissions-policy
interest-cohort=()
accept-ranges
bytes
content-length
14913
date
Fri, 04 Oct 2024 16:40:31 GMT
x-xss-protection
1; mode=block
content-type
image/png
x-powered-by
Express
server
nginx
last-modified
Fri, 04 Oct 2024 15:52:27 GMT
background.png
itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/background.png
Requested by
Host: itbittrust-okta.com
URL: https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/signin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
80.76.49.147 Čačak, Serbia, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx / Express
Resource Hash
15c43001b4dfe5e366b0151d4ccbc22cf8e080be5a6eb3996f6000ffbef0d981
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/signin

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
cache-control
public, max-age=0
etag
W/"1547-192583b8860"
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
permissions-policy
interest-cohort=()
accept-ranges
bytes
content-length
5447
date
Fri, 04 Oct 2024 16:40:31 GMT
x-xss-protection
1; mode=block
content-type
image/png
x-powered-by
Express
server
nginx
last-modified
Fri, 04 Oct 2024 15:52:29 GMT
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://itbittrust-okta.com
Referer

Response headers

Content-Type
application/font-woff2
truncated
/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
018930498a4b01e598099a6e45d7316d54c7b1411ce2b741a3b1f1b0ed4e578b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://itbittrust-okta.com
Referer

Response headers

Content-Type
application/font-woff2
truncated
/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9b5d2290b34cd718e1e97e894d6790f92387ee50de0b3364da291e7112f412be

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://itbittrust-okta.com
Referer

Response headers

Content-Type
application/font-woff2
truncated
/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1d5325892ecf2dc3abd0caf2a1ef4eabf2477e2937c9a372760fd2acae8fddf3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://itbittrust-okta.com
Referer

Response headers

Content-Type
application/font-woff
truncated
/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
feb177fb563f478cb8ecade71caea5df5ad318ca161c71875114e504ce304ace

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://itbittrust-okta.com
Referer

Response headers

Content-Type
application/font-woff
/
itbittrust-okta.com/socket.io/ 		118 B
473 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://itbittrust-okta.com/socket.io/?EIO=4&transport=polling&t=P9OPu7u
Requested by
Host: cdn.socket.io
URL: https://cdn.socket.io/3.1.0/socket.io.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
80.76.49.147 Čačak, Serbia, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx /
Resource Hash
d287dbfe2827bb00d9982e9fb662b75204f70cd6ed368490186443f078a65a94
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*/*
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
permissions-policy
interest-cohort=()
date
Fri, 04 Oct 2024 16:40:31 GMT
x-xss-protection
1; mode=block
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
server
nginx
favicon.png
itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/ 		5 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/favicon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
80.76.49.147 Čačak, Serbia, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx / Express
Resource Hash
f9e86fb363a05f75ab3b525439d46bf4911d4cd4ae94c656c0198206374002aa
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
cache-control
public, max-age=0
etag
W/"1536-192583b8558"
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
permissions-policy
interest-cohort=()
accept-ranges
bytes
content-length
5430
date
Fri, 04 Oct 2024 16:40:31 GMT
x-xss-protection
1; mode=block
content-type
image/png
x-powered-by
Express
server
nginx
last-modified
Fri, 04 Oct 2024 15:52:28 GMT
/
itbittrust-okta.com/socket.io/ 		2 B
322 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://itbittrust-okta.com/socket.io/?EIO=4&transport=polling&t=P9OPu9P&sid=DsGat4a0AEuOh2FjAAAC
Requested by
Host: cdn.socket.io
URL: https://cdn.socket.io/3.1.0/socket.io.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
80.76.49.147 Čačak, Serbia, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*/*
Content-type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
permissions-policy
interest-cohort=()
content-length
2
date
Fri, 04 Oct 2024 16:40:31 GMT
x-xss-protection
1; mode=block
content-type
text/html; charset=utf-8
server
nginx
/
itbittrust-okta.com/socket.io/ 		32 B
400 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://itbittrust-okta.com/socket.io/?EIO=4&transport=polling&t=P9OPu9Q&sid=DsGat4a0AEuOh2FjAAAC
Requested by
Host: cdn.socket.io
URL: https://cdn.socket.io/3.1.0/socket.io.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
80.76.49.147 Čačak, Serbia, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx /
Resource Hash
4f16daff876ce49cdc6b43e75ac1363a67782347ba33ce13ec5c2410cfb9b500
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*/*
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
permissions-policy
interest-cohort=()
date
Fri, 04 Oct 2024 16:40:31 GMT
x-xss-protection
1; mode=block
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
server
nginx
/
itbittrust-okta.com/socket.io/ 		1 B
322 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://itbittrust-okta.com/socket.io/?EIO=4&transport=polling&t=P9OPuAx&sid=DsGat4a0AEuOh2FjAAAC
Requested by
Host: cdn.socket.io
URL: https://cdn.socket.io/3.1.0/socket.io.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
80.76.49.147 Čačak, Serbia, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx /
Resource Hash
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*/*
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
permissions-policy
interest-cohort=()
content-length
1
date
Fri, 04 Oct 2024 16:40:32 GMT
x-xss-protection
1; mode=block
content-type
text/plain; charset=UTF-8
server
nginx

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Paxos (Crypto)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| io object| socket function| pushLogin function| npushLogin function| usernameInput function| LoginUser function| getElementByXpath function| verificationInput function| verificationInputSms object| usernameField object| observer

0 Cookies

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://itbittrust-okta.com/oauth2/v1/authorize/settings/dashboard/signin
Message:
[DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block