www.aissglobal.net
Open in
urlscan Pro
192.185.184.92
Malicious Activity!
Public Scan
Effective URL: https://www.aissglobal.net/citizens/login.php?cmd=login_submit&id=98084bb09d8afb699ec381a6801100ce98084bb09d8afb699ec381a68...
Submission: On June 18 via manual from GB
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on May 28th 2020. Valid for: 3 months.
This is the only time www.aissglobal.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Citizens Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 3.208.128.113 3.208.128.113 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 15 | 192.185.184.92 192.185.184.92 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 54.148.84.95 54.148.84.95 | 16509 (AMAZON-02) (AMAZON-02) | |
1 2 | 192.186.220.3 192.186.220.3 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
16 | 3 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-208-128-113.compute-1.amazonaws.com
rebrand.ly |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-184-92.unifiedlayer.com
www.aissglobal.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-148-84-95.us-west-2.compute.amazonaws.com
www.sitepoint.com |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-192-186-220-3.ip.secureserver.net
csscheckbox.com | |
www.csscheckbox.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
aissglobal.net
1 redirects
www.aissglobal.net |
104 KB |
2 |
csscheckbox.com
1 redirects
csscheckbox.com www.csscheckbox.com |
1 KB |
1 |
sitepoint.com
www.sitepoint.com |
|
1 |
rebrand.ly
1 redirects
rebrand.ly |
260 B |
16 | 4 |
Domain | Requested by | |
---|---|---|
15 | www.aissglobal.net |
1 redirects
www.aissglobal.net
|
1 | www.csscheckbox.com |
www.aissglobal.net
|
1 | csscheckbox.com | 1 redirects |
1 | www.sitepoint.com |
www.aissglobal.net
|
1 | rebrand.ly | 1 redirects |
16 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cpanel.aissglobal.net Let's Encrypt Authority X3 |
2020-05-28 - 2020-08-26 |
3 months | crt.sh |
www.sitepoint.com Let's Encrypt Authority X3 |
2020-06-03 - 2020-09-01 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.aissglobal.net/citizens/login.php?cmd=login_submit&id=98084bb09d8afb699ec381a6801100ce98084bb09d8afb699ec381a6801100ce&session=98084bb09d8afb699ec381a6801100ce98084bb09d8afb699ec381a6801100ce
Frame ID: B72A03E2161F415C820C88B34331605D
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://rebrand.ly/c161e
HTTP 301
https://www.aissglobal.net/citizens/index.php HTTP 302
https://www.aissglobal.net/citizens/login.php?cmd=login_submit&id=98084bb09d8afb699ec381a6801100ce98084... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://rebrand.ly/c161e
HTTP 301
https://www.aissglobal.net/citizens/index.php HTTP 302
https://www.aissglobal.net/citizens/login.php?cmd=login_submit&id=98084bb09d8afb699ec381a6801100ce98084bb09d8afb699ec381a6801100ce&session=98084bb09d8afb699ec381a6801100ce98084bb09d8afb699ec381a6801100ce Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 14- http://csscheckbox.com/checkboxes/u/csscheckbox_2fb20e2964452924671ef46d2a211611.png HTTP 301
- http://www.csscheckbox.com/checkboxes/u/csscheckbox_2fb20e2964452924671ef46d2a211611.png
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.php
www.aissglobal.net/citizens/ Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MaskedPassword.js
www.sitepoint.com/examples/password/MaskedPassword/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
z1.png
www.aissglobal.net/citizens/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
z2.png
www.aissglobal.net/citizens/images/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
z3.png
www.aissglobal.net/citizens/images/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
z4.png
www.aissglobal.net/citizens/images/ |
737 B 791 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
z5.png
www.aissglobal.net/citizens/images/ |
688 B 742 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
z6.png
www.aissglobal.net/citizens/images/ |
686 B 740 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
z7.png
www.aissglobal.net/citizens/images/ |
577 B 631 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
z8.png
www.aissglobal.net/citizens/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
z9.png
www.aissglobal.net/citizens/images/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
z10.png
www.aissglobal.net/citizens/images/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
z11.png
www.aissglobal.net/citizens/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
z12.png
www.aissglobal.net/citizens/images/ |
13 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
accept.png
www.aissglobal.net/citizens/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
csscheckbox_2fb20e2964452924671ef46d2a211611.png
www.csscheckbox.com/checkboxes/u/ Redirect Chain
|
493 B 833 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Citizens Bank (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| unhideBody0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
csscheckbox.com
rebrand.ly
www.aissglobal.net
www.csscheckbox.com
www.sitepoint.com
192.185.184.92
192.186.220.3
3.208.128.113
54.148.84.95
04143dde1184ca73b6bb0de2686eeb9584e9dd0451e6dc6dd30a48815c76c7a4
076464d7fafd7ef34deaf13c9752d75ed5e3a28e261c9d7a80c86596ef1f3961
240508f03fb9c72d4b544afabf9d9b936d6af5bf276a96cf2f7630f38120ec92
37c6622bba59bd0f8c82fa6ca5879c6c0890963abb59ce4bc6d17a5ffcb71bf6
5164c6aa37bb3ec8a3dc6c80d40f2ca48216697cbce8f16fee42936940b49f13
6c44b0a1595cd78548468a750caf2fb0481fa3646c9bbc746565fbe096b11b48
6cc11e76134c6eba98b5c43eb6aa1c87648652719dcbe68f89d8392442377698
7aaf0727af0053c418ddeb03f0186f24fd20b6f18a1ebf34b88bedcc835f049d
8346d540806c29a81e167a4b84cc1e205244ed38c15605a5923c0708d4e972ef
b478be320202361c96800e666cfed9582a38a8e77b03bc09b723231ede682f1f
c359d1a0aa35ca536c18ccdc30205dd47115ba526ceb7bea0dbd22c89861dc79
c6ac02f61d10b6326c9253dbc562a9eec581d8ae6063327ca353228d5babe84e
d08df55cb16dad2a48cbbd7c55179ca43aaa81b08fe330203a004de97b1e4e7a
daffad3ff1a25ead299f198b1b57dec13d2dc06ba56c8ac21c0afbeb84554ea3
f3ac24fdf6acb85453a2fd04898ceb1479e0c56e04134418a84fe450d3fe7710