mailsafe.bankoguam.com Open in urlscan Pro
69.20.94.77  Malicious Activity! Public Scan

3 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response mailsafe.bankoguam.com/	3 KB 2 KB	630ms 88ms	Document text/html	69.20.94.77 Rackspace Hosting
General Check archive.org Show headers Download Go to Full URL https://mailsafe.bankoguam.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 69.20.94.77 San Antonio, United States, ASN27357 (RACKSPACE - Rackspace Hosting, US), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash 5a227f3a4016a0e83842c80a25fe4fa1c5ca8cb7d400cc8d1b866b86c4790403 Request headers Host mailsafe.bankoguam.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-User ?1 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Sec-Fetch-Site none Sec-Fetch-Mode navigate Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-User ?1 Response headers Date Wed, 04 Dec 2019 20:29:58 GMT Server Apache/2.4.25 (Debian) Last-Modified Wed, 04 Dec 2019 20:29:37 GMT ETag "ba2-598e6abedabc9-gzip" Accept-Ranges bytes Vary Accept-Encoding Content-Encoding gzip Content-Length 1258 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	main.min.css mailsafe.bankofguam.com/content/C8.MAIN.4.26B/css/	279 KB 279 KB	679ms 135ms	Stylesheet text/css	165.212.54.52 BAE Systems Appli...
General Check archive.org Show headers Download Go to Full URL https://mailsafe.bankofguam.com/content/C8.MAIN.4.26B/css/main.min.css Requested by Host: mailsafe.bankoguam.com URL: https://mailsafe.bankoguam.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 165.212.54.52 , United States, ASN14454 (PERIMETER-ESECURITY - BAE Systems Applied Intelligence US Corp., US), Reverse DNS millyardbank.mailsafe.usa.net Software Apache / Resource Hash 66f08ab2f619fc9bde59ee2f9cf9ff368728618d13335eade73411da05cd6cd2 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Referer https://mailsafe.bankoguam.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 04 Dec 2019 20:29:58 GMT Last-Modified Tue, 05 Nov 2019 15:19:04 GMT Server Apache ETag "45ce9-5969af3dc8a00" X-Frame-Options SAMEORIGIN Content-Type text/css Connection close Accept-Ranges bytes Content-Length 285929
GET H/1.1	200 OK	commoncombined.js Show response mailsafe.bankofguam.com/content/C8.MAIN.4.26B/js/	52 KB 52 KB	674ms 130ms	Script application/javascript	165.212.54.52 BAE Systems Appli...
General Check archive.org Show headers Download Go to Full URL https://mailsafe.bankofguam.com/content/C8.MAIN.4.26B/js/commoncombined.js Requested by Host: mailsafe.bankoguam.com URL: https://mailsafe.bankoguam.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 165.212.54.52 , United States, ASN14454 (PERIMETER-ESECURITY - BAE Systems Applied Intelligence US Corp., US), Reverse DNS millyardbank.mailsafe.usa.net Software Apache / Resource Hash e3b8a436585d41f5bedae298c15c52004847cf59b2262601c8c0341ceccf7519 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Referer https://mailsafe.bankoguam.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 04 Dec 2019 20:29:58 GMT Last-Modified Tue, 05 Nov 2019 15:19:10 GMT Server Apache ETag "d035-5969af4381780" X-Frame-Options SAMEORIGIN Content-Type application/javascript Connection close Accept-Ranges bytes Content-Length 53301
GET H/1.1	200 OK	detect_timezone.js Show response mailsafe.bankofguam.com/content/C8.MAIN.4.26B/js/	15 KB 15 KB	676ms 131ms	Script application/javascript	165.212.54.52 BAE Systems Appli...
General Check archive.org Show headers Download Go to Full URL https://mailsafe.bankofguam.com/content/C8.MAIN.4.26B/js/detect_timezone.js Requested by Host: mailsafe.bankoguam.com URL: https://mailsafe.bankoguam.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 165.212.54.52 , United States, ASN14454 (PERIMETER-ESECURITY - BAE Systems Applied Intelligence US Corp., US), Reverse DNS millyardbank.mailsafe.usa.net Software Apache / Resource Hash db2624e55a11a1024f9faf673f31e24be74bb1ac3bf8836d1e7f8baa80c80faa Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Referer https://mailsafe.bankoguam.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 04 Dec 2019 20:29:58 GMT Last-Modified Tue, 05 Nov 2019 15:19:06 GMT Server Apache ETag "3b8c-5969af3fb0e80" X-Frame-Options SAMEORIGIN Content-Type application/javascript Connection close Accept-Ranges bytes Content-Length 15244
GET H/1.1	200 OK	logoleft.jpg mailsafe.bankofguam.com/logos/mailsafe.bankofguam.com/	31 KB 31 KB	676ms 131ms	Image image/jpeg	165.212.54.52 BAE Systems Appli...
General Check archive.org Show headers Download Go to Show image Full URL https://mailsafe.bankofguam.com/logos/mailsafe.bankofguam.com/logoleft.jpg Requested by Host: mailsafe.bankoguam.com URL: https://mailsafe.bankoguam.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 165.212.54.52 , United States, ASN14454 (PERIMETER-ESECURITY - BAE Systems Applied Intelligence US Corp., US), Reverse DNS millyardbank.mailsafe.usa.net Software Apache / Resource Hash b8715e5f9e9c4cb69091e2e568ce3487cd86841953944c085e80991d6fe8ff9e Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Referer https://mailsafe.bankoguam.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 04 Dec 2019 20:29:58 GMT Last-Modified Tue, 12 Mar 2019 17:09:05 GMT Server Apache ETag "7c82-583e8bf1bbe2b" X-Frame-Options SAMEORIGIN Content-Type image/jpeg Connection close Accept-Ranges bytes Content-Length 31874

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

105 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate boolean| supportDoubleClick function| StringBuffer function| createRequestObject function| OpenWindow boolean| selectmsgs function| ResetCheckAll function| CheckItem function| CheckListItems number| maxWidth number| maxHeight object| images number| numImgs function| setImagesSizes function| setSize function| checkImageSizes function| timedsetSize function| imageLoaded function| addImage function| printPages function| printPages2 object| C function| printTable3 function| isWhiteSpace function| ltrim function| rtrim function| stripChar function| isEmpty function| getObj function| isNum function| trimSpaces function| isEmail string| invalidAddrChars string| invalidDomainChars function| isEmailChars function| ReplaceChar function| ValidateDate function| formatDate function| stringReplace function| xDigitsErr function| formattedStrErr function| stateSelectionErr function| selectionErr function| dateErr function| LeapYear function| DayExists function| SendMail boolean| openingwindow function| NewItemWindow function| disableSelection number| startselect boolean| checkboxselected boolean| shiftpressed boolean| ctrlpressed number| rowcnt boolean| haspreviewpane boolean| singleselectlist number| previewdelaytime boolean| reloadInProgress boolean| ignoreKeyPress function| setKeyUp number| rowheight function| setKeyPress boolean| reloadedListItems function| getListItemsInternal function| getListItems function| clickRow function| selectRow function| moveSelected function| updateRowClass function| addHoverEffect function| checkForReturn string| menutype function| openRightMenu function| hideMenu function| stripWindowInvalidChars function| clearPreviewPane function| checkClearPreviewPane function| previewCount function| setTablebodyHeightIE6 function| openDropdownMenu function| hideDropdownMenu function| initOverLabels function| hideLabel function| printWindowName function| getScreenWidth object| F number| FC function| updateFolderCounts undefined| logoutTimer undefined| timeoutWarningTimer object| timeoutNoticeObj function| displayTimeoutWarning function| okSession function| evalfunc function| extendSession function| setFocusFirstField function| debounce function| DHTML_modalMessage object| windowsizes object| dropdownmenus number| menucount object| jzTimezoneDetector function| checktz

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mailsafe.bankofguam.com
mailsafe.bankoguam.com
165.212.54.52
69.20.94.77
5a227f3a4016a0e83842c80a25fe4fa1c5ca8cb7d400cc8d1b866b86c4790403
66f08ab2f619fc9bde59ee2f9cf9ff368728618d13335eade73411da05cd6cd2
b8715e5f9e9c4cb69091e2e568ce3487cd86841953944c085e80991d6fe8ff9e
db2624e55a11a1024f9faf673f31e24be74bb1ac3bf8836d1e7f8baa80c80faa
e3b8a436585d41f5bedae298c15c52004847cf59b2262601c8c0341ceccf7519