symplytheo.github.io Open in urlscan Pro
185.199.110.153 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://symplytheo.github.io/rbfcu/
Submission: On February 08 via api (February 8th 2021, 9:12:43 am UTC) from US

Summary HTTP 15 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 15 HTTP transactions. The main IP is 185.199.110.153, located in United States and belongs to FASTLY, US. The main domain is symplytheo.github.io.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on May 6th 2020. Valid for: 2 years.

This is the only time symplytheo.github.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Randolph Brooks Federal Credit Union (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 3	185.199.110.153 185.199.110.153	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
5	2a04:4e42:3::621 2a04:4e42:3::621	54113 (FASTLY) (FASTLY)
4	192.67.54.31 192.67.54.31	36010 (RBSTARNET1) (RBSTARNET1)
1 2	2606:4700::68... 2606:4700::6810:7aaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
15	6

3 185.199.110.153 (United States) 1 redirects

ASN54113 (FASTLY, US)

symplytheo.github.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a04:4e42:3::621 (Ascension Island)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.67.54.31 (San Antonio, United States)

ASN36010 (RBSTARNET1, US)

www.rbfcu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7aaf (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	jsdelivr.net cdn.jsdelivr.net	714 KB
4	rbfcu.org www.rbfcu.org	23 KB
3	github.io 1 redirects symplytheo.github.io	11 KB
2	gstatic.com fonts.gstatic.com	22 KB
2	unpkg.com 1 redirects unpkg.com	5 KB
1	googleapis.com fonts.googleapis.com	943 B
15	6

	Domain	Requested by
5	cdn.jsdelivr.net	symplytheo.github.io cdn.jsdelivr.net
4	www.rbfcu.org	symplytheo.github.io
3	symplytheo.github.io	1 redirects symplytheo.github.io
2	fonts.gstatic.com	fonts.googleapis.com
2	unpkg.com	1 redirects symplytheo.github.io
1	fonts.googleapis.com	symplytheo.github.io
15	6

This site contains links to these domains. Also see Links.

Domain
www.rbfcu.org

Subject Issuer	Validity	Valid
www.github.com DigiCert SHA2 High Assurance Server CA	`2020-05-06` - `2022-04-14`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-10-26` - `2021-04-17`	6 months	crt.sh
www.rbfcu.org DigiCert SHA2 Extended Validation Server CA	`2020-06-12` - `2022-07-26`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-02` - `2021-08-02`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://symplytheo.github.io/rbfcu/
Frame ID: 8E33FA1126C00987311CD40CB1AB01E8
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://symplytheo.github.io/rbfcu HTTP 301
https://symplytheo.github.io/rbfcu/ Page URL

Detected technologies

Ruby (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /^https?:\/\/[^/]+\.github\.io\//i
headers server /^GitHub\.com$/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

url /^https?:\/\/[^/]+\.github\.io\//i
headers server /^GitHub\.com$/i

GitHub Pages (CDN) Expand

Overall confidence: 100%
Detected patterns

url /^https?:\/\/[^/]+\.github\.io\//i
headers server /^GitHub\.com$/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

15
Requests

100 %
HTTPS

67 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

775 kB
Transfer

2991 kB
Size

0
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.rbfcu.org/

Search URL Search Domain Scan URL

URL: https://www.rbfcu.org/contact-us
Title: Contact us

Search URL Search Domain Scan URL

URL: https://www.rbfcu.org/careers
Title: Career

Search URL Search Domain Scan URL

URL: https://www.rbfcu.org/about-rbfcu
Title: About us

Search URL Search Domain Scan URL

URL: https://www.rbfcu.org/news
Title: News

Search URL Search Domain Scan URL

URL: https://www.rbfcu.org/forms-disclosures
Title: Forms & Disclosures

Search URL Search Domain Scan URL

URL: https://www.rbfcu.org/privacy-policy
Title: Privacy Poilicy

Search URL Search Domain Scan URL

URL: https://www.rbfcu.org/accessibility
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.rbfcu.org/sitemap
Title: Sitemap

Search URL Search Domain Scan URL

URL: https://www.rbfcu.org/online/login
Title: sign in to your Online Banking account

Search URL Search Domain Scan URL

URL: https://www.rbfcu.org/locations
Title: stop by a local branch

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://symplytheo.github.io/rbfcu HTTP 301
https://symplytheo.github.io/rbfcu/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9

https://unpkg.com/axios/dist/axios.min.js HTTP 302
https://unpkg.com/axios@0.21.1/dist/axios.min.js

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
symplytheo.github.io/rbfcu/
Redirect Chain

https://symplytheo.github.io/rbfcu
https://symplytheo.github.io/rbfcu/

23 KB
5 KB

145ms
144ms

Document
text/html

185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://symplytheo.github.io/rbfcu/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.110.153 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

GitHub.com /

Resource Hash

46e43521432fcd1c93e34fe5de6d3f409bafcbbea3f0834af4e487d21a63b8f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

:method: GET
:authority: symplytheo.github.io
:scheme: https
:path: /rbfcu/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
server: GitHub.com
strict-transport-security: max-age=31556952
last-modified: Mon, 08 Feb 2021 09:08:12 GMT
access-control-allow-origin: *
etag: W/"6020ff7c-5ae8"
expires: Mon, 08 Feb 2021 09:22:24 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: F876:146D:12D5E63:13EDB68:60210077
accept-ranges: bytes
date: Mon, 08 Feb 2021 09:12:24 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-cdg20732-CDG
x-cache: MISS
x-cache-hits: 0
x-timer: S1612775544.026972,VS0,VE100
vary: Accept-Encoding
x-fastly-request-id: 38892d3e1d69a546b9bfd5b24ee36d1075110ec3
content-length: 4989

Redirect headers

content-type: text/html
server: GitHub.com
location: https://symplytheo.github.io/rbfcu/
x-github-request-id: 5E5C:211B:1F3C66:212821:60210075
accept-ranges: bytes
date: Mon, 08 Feb 2021 09:12:23 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-cdg20732-CDG
x-cache: MISS
x-cache-hits: 0
x-timer: S1612775544.888396,VS0,VE98
vary: Accept-Encoding
x-fastly-request-id: 26b635e5c873695d6557a9d2aa28fd8d02fe4786
content-length: 162

GET
H2 200 css
fonts.googleapis.com/ 12 KB
943 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900

Requested by

Host: symplytheo.github.io
URL: https://symplytheo.github.io/rbfcu/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0c5ce56c8cc16b3f7e1a3a940685f82f4bda3314dce1b5b952fd695445e6d12e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://symplytheo.github.io/rbfcu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 08 Feb 2021 07:26:22 GMT
server: ESF
date: Mon, 08 Feb 2021 09:12:24 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 08 Feb 2021 09:12:24 GMT

GET
H2 200 materialdesignicons.min.css
cdn.jsdelivr.net/npm/@mdi/font@4.x/css/ 218 KB
37 KB 8ms
7ms Stylesheet
text/css 2a04:4e42:3::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@mdi/font@4.x/css/materialdesignicons.min.css

Requested by

Host: symplytheo.github.io
URL: https://symplytheo.github.io/rbfcu/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a2b84598b7408a49f572ff743dc5886bddd5390c78b40416037da19c13f8d0ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://symplytheo.github.io/rbfcu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 17686
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 37279
etag: W/"3690d-+C8LymUllOTB/eRBaefREVF0ZzU"
x-served-by: cache-fra19125-FRA
date: Mon, 08 Feb 2021 09:12:24 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 vuetify.min.css
cdn.jsdelivr.net/npm/vuetify@2.x/dist/ 518 KB
63 KB 7ms
7ms Stylesheet
text/css 2a04:4e42:3::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vuetify@2.x/dist/vuetify.min.css

Requested by

Host: symplytheo.github.io
URL: https://symplytheo.github.io/rbfcu/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ecc527ce6644526eb9a778254fb89a9bd10e6dc067f14960132a2dcb5fea41ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://symplytheo.github.io/rbfcu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 30727
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 64171
etag: W/"8162c-1aC0fkjyDcNWdwiV94SuGwlghqI"
x-served-by: cache-fra19125-FRA
date: Mon, 08 Feb 2021 09:12:24 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK rbfcu-logo.svg
www.rbfcu.org/upload-document/resources/images/ 5 KB
6 KB 706ms
157ms Image
image/svg+xml 192.67.54.31
RBSTARNET1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rbfcu.org/upload-document/resources/images/rbfcu-logo.svg

Requested by

Host: symplytheo.github.io
URL: https://symplytheo.github.io/rbfcu/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.67.54.31 San Antonio, United States, ASN36010 (RBSTARNET1, US),

Reverse DNS

Software

Resource Hash

09092e11153b90955b14c6dcad28c3e2902b035f6b12ac85e24a693e5c97c884

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://symplytheo.github.io/rbfcu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 08 Feb 2021 06:35:14 GMT
Via: NS-CACHE-10.0: 211
X-Content-Type-Options: nosniff
Last-Modified: Tue, 21 Apr 2020 16:36:58 GMT
Age: 10287
X-Frame-Options: SAMEORIGIN
serverID: LS4
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Xet-Cookie
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/svg+xml
Content-Length: 5383
X-XSS-Protection: 1; mode=block

GET
H2 200 IDme.jpg
symplytheo.github.io/rbfcu/ 6 KB
6 KB 145ms
144ms Image
image/jpeg 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://symplytheo.github.io/rbfcu/IDme.jpg

Requested by

Host: symplytheo.github.io
URL: https://symplytheo.github.io/rbfcu/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.110.153 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

GitHub.com /

Resource Hash

b08542c8155c6937b5b3fda0e0fd231761bfe67a2e7f1430d42f10947b0aeda7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://symplytheo.github.io/rbfcu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id: 134dbb1cb3ad02ffbee08673397408fce9fcd15f
strict-transport-security: max-age=31556952
via: 1.1 varnish
etag: "6020ff7c-1747"
age: 0
x-cache: MISS
content-length: 5959
x-served-by: cache-cdg20732-CDG
last-modified: Mon, 08 Feb 2021 09:08:12 GMT
server: GitHub.com
x-github-request-id: ACCA:35F1:DE72E5:EB779E:60210078
x-timer: S1612775544.182200,VS0,VE99
date: Mon, 08 Feb 2021 09:12:24 GMT
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Mon, 08 Feb 2021 09:22:24 GMT
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
x-cache-hits: 0

GET
H/1.1 200
OK NCUA.jpg
www.rbfcu.org/Frontend-Assembly/Telerik.Sitefinity.Frontend/assets/images/_icons/ 10 KB
10 KB 707ms
158ms Image
image/jpeg 192.67.54.31
RBSTARNET1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rbfcu.org/Frontend-Assembly/Telerik.Sitefinity.Frontend/assets/images/_icons/NCUA.jpg?package=Rbfcu

Requested by

Host: symplytheo.github.io
URL: https://symplytheo.github.io/rbfcu/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.67.54.31 San Antonio, United States, ASN36010 (RBSTARNET1, US),

Reverse DNS

Software

Resource Hash

ced1129bff2cc8f1a44d051735d61b8983c9e242e0440369b2ee43a44eb3f5d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://symplytheo.github.io/rbfcu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 08 Feb 2021 06:07:22 GMT
Via: NS-CACHE-10.0: 211
X-Content-Type-Options: nosniff
Age: 11959
ETag: "KXKCDNHFGKNWVSW"
X-Frame-Options: SAMEORIGIN
SystemID: SA-01
Content-Type: image/jpeg
Cache-Control: private
Connection: Keep-Alive
Strict-Transport-Security: max-age=31536000
Content-Length: 9867
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK ehl.svg
www.rbfcu.org/Frontend-Assembly/Telerik.Sitefinity.Frontend/assets/images/_icons/ 372 B
750 B 706ms
156ms Image
image/svg+xml 192.67.54.31
RBSTARNET1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rbfcu.org/Frontend-Assembly/Telerik.Sitefinity.Frontend/assets/images/_icons/ehl.svg?package=Rbfcu

Requested by

Host: symplytheo.github.io
URL: https://symplytheo.github.io/rbfcu/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.67.54.31 San Antonio, United States, ASN36010 (RBSTARNET1, US),

Reverse DNS

Software

Resource Hash

f53433449e2b3100e1bccac4981b465479615eabee1e45345c64fa1270ab7744

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://symplytheo.github.io/rbfcu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 08 Feb 2021 00:29:55 GMT
Via: NS-CACHE-10.0: 211
X-Content-Type-Options: nosniff
Age: 32205
ETag: "KXKCDNHFGKOKLUW"
X-Frame-Options: SAMEORIGIN
SystemID: SA-01
Content-Type: image/svg+xml
Cache-Control: private
Connection: Keep-Alive
Strict-Transport-Security: max-age=31536000
Content-Length: 372
X-XSS-Protection: 1; mode=block

GET
H2 200 vue.js Show response
cdn.jsdelivr.net/npm/vue@2.x/dist/ 334 KB
88 KB 15ms
13ms Script
application/javascript 2a04:4e42:3::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vue@2.x/dist/vue.js

Requested by

Host: symplytheo.github.io
URL: https://symplytheo.github.io/rbfcu/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

159f0ac0c8f517aaa736003b6e13ebc959b5f7129db87e4e56bf2eec8d6d02d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://symplytheo.github.io/rbfcu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 15237
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 90119
etag: W/"53883-XDnfw3/EJADktFV9uVbz8hipDKc"
x-served-by: cache-fra19125-FRA
date: Mon, 08 Feb 2021 09:12:24 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 vuetify.js Show response
cdn.jsdelivr.net/npm/vuetify@2.x/dist/ 2 MB
250 KB 15ms
13ms Script
application/javascript 2a04:4e42:3::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vuetify@2.x/dist/vuetify.js

Requested by

Host: symplytheo.github.io
URL: https://symplytheo.github.io/rbfcu/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dfa1a4fe6cf4bc9fc92e2a49e1f9a669606b2c9c8d8ca6d875a02776be8b55f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://symplytheo.github.io/rbfcu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 23576
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 255260
etag: W/"182e9b-5KFne89QT1yhtPKX19seFivZH3g"
x-served-by: cache-fra19125-FRA
date: Mon, 08 Feb 2021 09:12:24 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2

200

axios.min.js Show response
unpkg.com/axios@0.21.1/dist/
Redirect Chain

https://unpkg.com/axios/dist/axios.min.js
https://unpkg.com/axios@0.21.1/dist/axios.min.js

14 KB
5 KB

15ms
15ms

Script
application/javascript

2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/axios@0.21.1/dist/axios.min.js

Requested by

Host: symplytheo.github.io
URL: https://symplytheo.github.io/rbfcu/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24b9a49d375465e659dbaecb3fda81fbf0d3eedbf138e29cb5229e502d8a4fa1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://symplytheo.github.io/rbfcu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 09:12:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3820492
vary: Accept-Encoding
cf-request-id: 082282ed9800002b41c0a31000000001
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"3813-8k0LzDYCe85FyGrPuleySO22o/k"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: a985b8b515e41c264d723b57b7207e48
cache-control: public, max-age=31536000
cf-ray: 61e43a8f5f1b2b41-FRA

Redirect headers

date: Mon, 08 Feb 2021 09:12:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 71
vary: Accept, Accept-Encoding
content-length: 53
cf-request-id: 082282ed6d00002b41ebbaa000000001
server: cloudflare
location: /axios@0.21.1/dist/axios.min.js
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: b40e82249e75c382ce937468103e83c5
cache-control: public, s-maxage=600, max-age=60
cf-ray: 61e43a8f1e982b41-FRA

GET
H/1.1 200
OK thin-top-bar.gif
www.rbfcu.org/upload-document/resources/images/ 6 KB
6 KB 669ms
160ms Image
image/gif 192.67.54.31
RBSTARNET1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rbfcu.org/upload-document/resources/images/thin-top-bar.gif

Requested by

Host: symplytheo.github.io
URL: https://symplytheo.github.io/rbfcu/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.67.54.31 San Antonio, United States, ASN36010 (RBSTARNET1, US),

Reverse DNS

Software

Resource Hash

4e795a8d28b47fdf01633d0cb180d574f956dad0de8df37e516cb5e29923049e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://symplytheo.github.io/rbfcu/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 08 Feb 2021 06:35:14 GMT
Via: NS-CACHE-10.0: 211
X-Content-Type-Options: nosniff
Last-Modified: Tue, 21 Apr 2020 16:36:58 GMT
Age: 10287
X-Frame-Options: SAMEORIGIN
serverID: LS4
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Xet-Cookie
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 5792
X-XSS-Protection: 1; mode=block

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://symplytheo.github.io
Referer: https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 02 Feb 2021 08:12:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 522018
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11056
x-xss-protection: 0
expires: Wed, 02 Feb 2022 08:12:06 GMT

GET
H2 200 materialdesignicons-webfont.woff2
cdn.jsdelivr.net/npm/@mdi/font@4.x/fonts/ 276 KB
277 KB 22ms
6ms Font
font/woff2 2a04:4e42:3::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@mdi/font@4.x/fonts/materialdesignicons-webfont.woff2?v=4.9.95

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@mdi/font@4.x/css/materialdesignicons.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

3248c66efa5ff60a1088aa4ab9d39b395fcc2e77e03ae454621885aa1017f3a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://symplytheo.github.io
Referer: https://cdn.jsdelivr.net/npm/@mdi/font@4.x/css/materialdesignicons.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 26029
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 283040
etag: W/"451a0-lWoSaMOlEO10NQ05k4FLah/1emU"
x-served-by: cache-fra19126-FRA
date: Mon, 08 Feb 2021 09:12:24 GMT
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://symplytheo.github.io
Referer: https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 04:25:39 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 276405
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Sat, 05 Feb 2022 04:25:39 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Randolph Brooks Federal Credit Union (Banking)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.jsdelivr.net/npm/vue@2.x/dist/vue.js(Line 9055) Message: Download the Vue Devtools extension for a better development experience: https://github.com/vuejs/vue-devtools
console-api	info	URL: https://cdn.jsdelivr.net/npm/vue@2.x/dist/vue.js(Line 9064) Message: You are running Vue in development mode. Make sure to turn on production mode when deploying for production. See more tips at https://vuejs.org/guide/deployment.html

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556952

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
symplytheo.github.io
unpkg.com
www.rbfcu.org
185.199.110.153
192.67.54.31
2606:4700::6810:7aaf
2a00:1450:4001:801::2003
2a00:1450:4001:82a::200a
2a04:4e42:3::621
09092e11153b90955b14c6dcad28c3e2902b035f6b12ac85e24a693e5c97c884
0c5ce56c8cc16b3f7e1a3a940685f82f4bda3314dce1b5b952fd695445e6d12e
159f0ac0c8f517aaa736003b6e13ebc959b5f7129db87e4e56bf2eec8d6d02d7
24b9a49d375465e659dbaecb3fda81fbf0d3eedbf138e29cb5229e502d8a4fa1
3248c66efa5ff60a1088aa4ab9d39b395fcc2e77e03ae454621885aa1017f3a8
46e43521432fcd1c93e34fe5de6d3f409bafcbbea3f0834af4e487d21a63b8f1
4e795a8d28b47fdf01633d0cb180d574f956dad0de8df37e516cb5e29923049e
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
a2b84598b7408a49f572ff743dc5886bddd5390c78b40416037da19c13f8d0ce
b08542c8155c6937b5b3fda0e0fd231761bfe67a2e7f1430d42f10947b0aeda7
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
ced1129bff2cc8f1a44d051735d61b8983c9e242e0440369b2ee43a44eb3f5d8
dfa1a4fe6cf4bc9fc92e2a49e1f9a669606b2c9c8d8ca6d875a02776be8b55f5
ecc527ce6644526eb9a778254fb89a9bd10e6dc067f14960132a2dcb5fea41ae
f53433449e2b3100e1bccac4981b465479615eabee1e45345c64fa1270ab7744

symplytheo.github.io Open in urlscan Pro 185.199.110.153 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

67 %IPv6

6 Domains

6 Subdomains

6 IPs

3 Countries

775 kBTransfer

2991 kBSize

0 Cookies

11 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

0 Cookies

2 Console Messages

Security Headers

Indicators

symplytheo.github.io Open in urlscan Pro
185.199.110.153 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

67 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

775 kB
Transfer

2991 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!