casandralopez.com
Open in
urlscan Pro
192.185.162.104
Malicious Activity!
Public Scan
Submission: On November 02 via manual from US
Summary
This is the only time casandralopez.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Charles Schwab (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 192.185.162.104 192.185.162.104 | 20013 (CYRUSONE) (CYRUSONE - CyrusOne LLC) | |
10 | 23.35.98.95 23.35.98.95 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 23.35.107.122 23.35.107.122 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 23.35.106.99 23.35.106.99 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
4 | 23.35.96.221 23.35.96.221 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 54.72.198.94 54.72.198.94 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
2 | 63.140.43.7 63.140.43.7 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
1 1 | 66.117.28.86 66.117.28.86 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
24 | 8 |
ASN20013 (CYRUSONE - CyrusOne LLC, US)
PTR: 192-185-162-104.unifiedlayer.com
casandralopez.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-35-98-95.deploy.static.akamaitechnologies.com
client.schwab.com | |
www.schwab.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-35-107-122.deploy.static.akamaitechnologies.com
client.schwabcdn.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-35-106-99.deploy.static.akamaitechnologies.com
content.schwab.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-35-96-221.deploy.static.akamaitechnologies.com
lms.schwab.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-72-198-94.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: schwab.com.ssl.d1.sc.omtrdc.net
smetric.schwab.com |
ASN15224 (OMNITURE - Adobe Systems Inc., US)
cm.everesttech.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
schwab.com
client.schwab.com Failed www.schwab.com content.schwab.com lms.schwab.com smetric.schwab.com |
445 KB |
2 |
demdex.net
dpm.demdex.net schwab.demdex.net Failed |
708 B |
1 |
everesttech.net
1 redirects
cm.everesttech.net |
527 B |
1 |
schwabcdn.com
client.schwabcdn.com |
31 KB |
1 |
casandralopez.com
casandralopez.com |
201 B |
24 | 5 |
Domain | Requested by | |
---|---|---|
8 | client.schwab.com |
client.schwab.com
|
4 | lms.schwab.com |
client.schwab.com
lms.schwab.com |
2 | smetric.schwab.com |
www.schwab.com
|
2 | dpm.demdex.net |
www.schwab.com
client.schwab.com |
2 | www.schwab.com |
client.schwab.com
|
1 | cm.everesttech.net | 1 redirects |
1 | content.schwab.com |
client.schwab.com
|
1 | client.schwabcdn.com |
client.schwab.com
|
1 | casandralopez.com | |
0 | schwab.demdex.net Failed |
www.schwab.com
|
24 | 10 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.schwab.com |
lms.schwab.com |
sealinfo.verisign.com |
brokercheck.finra.org |
content.schwab.com |
personaltrust.schwab.com |
www.facebook.com |
www.twitter.com |
www.youtube.com |
www.sipc.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.schwab.com Symantec Class 3 EV SSL CA - G3 |
2017-05-18 - 2018-06-04 |
a year | crt.sh |
*.schwabcdn.com Symantec Class 3 Secure Server CA - G4 |
2017-03-27 - 2018-03-30 |
a year | crt.sh |
content.schwab.com Symantec Class 3 EV SSL CA - G3 |
2017-08-16 - 2018-09-13 |
a year | crt.sh |
lms.schwab.com Symantec Class 3 EV SSL CA - G3 |
2017-10-17 - 2018-05-11 |
7 months | crt.sh |
*.demdex.net DigiCert SHA2 High Assurance Server CA |
2014-11-09 - 2018-01-24 |
3 years | crt.sh |
smetric.schwab.com Symantec Class 3 EV SSL CA - G3 |
2017-05-18 - 2018-06-11 |
a year | crt.sh |
This page contains 5 frames:
Frame:
https://client.schwab.com/Login/SignOn/CustomerCenterLogin.aspx?SANC=mie
Frame ID: 30191.1
Requests: 2 HTTP requests in this frame
Frame:
https://client.schwab.com/Login/SignOn/CustomerCenterLogin.aspx?SANC=mie
Frame ID: 30219.1
Requests: 16 HTTP requests in this frame
Frame:
https://lms.schwab.com/Login?ClientId=schwab-secondary&StartInSetId=1&enableAppD=false&RedirectUri=client.schwab.com/Login/Signon/AuthCodeHandler.ashx&SANC=mie
Frame ID: 30219.2
Requests: 4 HTTP requests in this frame
Frame:
https://schwab.demdex.net/dest5.html?d_nsid=undefined
Frame ID: 30219.3
Requests: 1 HTTP requests in this frame
Frame:
https://schwab.demdex.net/dest5.html?d_nsid=0
Frame ID: 30219.4
Requests: 1 HTTP requests in this frame
16 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Learn more
Search URL Search Domain Scan URL
Title: New User?
Search URL Search Domain Scan URL
Title: SchwabSafe
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: The Schwab SecurityGuarantee
Search URL Search Domain Scan URL
Title: Web Browser Information
Search URL Search Domain Scan URL
Title: FINRA’s BrokerCheck
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: SIPC
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 17- https://cm.everesttech.net/cm/dd?d_uuid=41069013732456068231695859874339381108 HTTP 302
- https://dpm.demdex.net/ibs:dpid=411&dpuuid=Wfqg7AAAAjBO-xN_
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
hellion2.php
casandralopez.com/Schwab/ |
226 B 201 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CustomerCenterLogin.aspx
client.schwab.com/Login/SignOn/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CustomerCenterLogin.aspx
client.schwab.com/Login/SignOn/ Frame 3021 |
83 KB 31 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginbase.js
client.schwab.com/scripts/merge/ Frame 3021 |
173 KB 67 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
basestyle.css
client.schwab.com/cssmerged/ Frame 3021 |
314 KB 76 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
WebResource.axd
client.schwab.com/ Frame 3021 |
23 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sch-logo.png
client.schwabcdn.com/images/ Frame 3021 |
31 KB 31 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sch-logo.png
client.schwab.com/images/ Frame 3021 |
31 KB 31 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-banner_09-14-17.png
www.schwab.com/secure/file/P-10712105/ Frame 3021 |
42 KB 42 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-banner_09-14-17.png
client.schwab.com/secure/file/P-10712105/ Frame 3021 |
42 KB 42 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
short
client.schwab.com/system/asset/ Frame 3021 |
2 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
GlanceCobrowseLoader_3.2.2M.js
content.schwab.com/glance/ Frame 3021 |
6 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Login
lms.schwab.com/ Frame 3021 |
30 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Schwab-Icon-Font-v0-4.woff
client.schwab.com/font/ Frame 3021 |
36 KB 36 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.js
www.schwab.com/public/file/TEALIUM-UTAG-CC/ Frame 3021 |
204 KB 87 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
id
dpm.demdex.net/ Frame 3021 |
2 KB 666 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
dest5.html
schwab.demdex.net/ Frame 3021 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
smetric.schwab.com/ Frame 3021 |
49 B 49 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
ibs:dpid=411&dpuuid=Wfqg7AAAAjBO-xN_
dpm.demdex.net/ Frame 3021 Redirect Chain
|
42 B 42 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-component-responsive-secondary
lms.schwab.com/bundles/styles/lib/ Frame 3021 |
51 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
40d369d4
lms.schwab.com/akam/10/ Frame 3021 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s71995917757928
smetric.schwab.com/b/ss/cschwabschwabprod/10/JS-2.1.0/ Frame 3021 |
1 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
40d369d4
lms.schwab.com/akam/10/ Frame 3021 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
dest5.html
schwab.demdex.net/ Frame 3021 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- client.schwab.com
- URL
- https://client.schwab.com/Login/SignOn/CustomerCenterLogin.aspx?SANC=mie
- Domain
- schwab.demdex.net
- URL
- https://schwab.demdex.net/dest5.html?d_nsid=undefined
- Domain
- schwab.demdex.net
- URL
- https://schwab.demdex.net/dest5.html?d_nsid=0
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Charles Schwab (Financial)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
19 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.demdex.net/ | Name: demdex Value: 41069013732456068231695859874339381108 |
|
.schwab.com/ | Name: lms-lang Value: en-US |
|
.schwab.com/ | Name: ak_bmsc Value: 894DD6E4D8B78B76C882D2E3B8FA46760214BF35C42D0000ECA0FA596D0CFA74~pl/PV4KcsWe5M84GbjwnpYIv4mYxZJJ21aWTA4ZlumfNFbG+RmsBkH8edQ869gKVEgRD9dcJSY6iaHKDsnL9aCpUzrH1KuWJV5SE8yFksSo5ALhYw6GuTXh0P/gahEfTDapgn6vpmofKjxSPT0aYW9saj3lLKyTOeKES159EgXeSo4saXDyYeYef+y/lKkNzVTRq9HS4UhnHvsHwfQE+icbkklq2shioYe+MyH7Fk+B9Y= |
|
lms.schwab.com/ | Name: ADRUM_BTa Value: R:159|g:d574bdb3-7e4f-4774-9d59-9a22cba61d90 |
|
.schwab.com/ | Name: s_pers Value: %20s_vnum%3D1941597420247%2526vn%253D1%7C1941597420247%3B%20s_invisit%3Dtrue%7C1509599220247%3B%20s_prevCh%3D%252Fclient_center%7C1509599220250%3B%20s_depth%3D1%7C1509599220251%3B%20s_gpv_pn%3D%252Fclient_center%252FLogin%252FSignOn%252FCustomer%2520Center%2520Login%7C1509599220252%3B |
|
.schwab.com/ | Name: lms-query-cookie Value: ClientId=schwab-secondary&StartInSetId=1&enableAppD=false&RedirectUri=client.schwab.com%2fLogin%2fSignon%2fAuthCodeHandler.ashx&SANC=mie |
|
.schwab.com/ | Name: AMCVS_5DB5123F5245B1D20A490D45%40AdobeOrg Value: 1 |
|
client.schwab.com/ | Name: BIGipServerclient-origin-pod1-cdc-443-pool Value: 1224763146.47873.0000 |
|
.schwab.com/ | Name: utag_main Value: v_id:015f7b0499430006fbb85170acef00079004807100b08$_sn:1$_ss:1$_st:1509599219844$ses_id:1509597419844%3Bexp-session$_pn:1%3Bexp-session |
|
.demdex.net/ | Name: dextp Value: 60-1-1509597420141|477-1-1509597420141|540-1-1509597420142|771-1-1509597420142|782-1-1509597420142|903-1-1509597420143|575-1-1509597420143 |
|
.schwab.com/ | Name: s_sess Value: %20s_linkTracking%3D%3B%20s_cc%3Dtrue%3B |
|
.schwab.com/ | Name: lang Value: en-US |
|
.schwab.com/ | Name: NS2 Value: ||I0rM7wpnACMBDAMNBwkHAA||N|||||||||N|||||||||||||||||N|||||||| |
|
.client.schwab.com/ | Name: aam_uuid Value: 41069013732456068231695859874339381108 |
|
.schwab.com/ | Name: AMCV_5DB5123F5245B1D20A490D45%40AdobeOrg Value: -894706358%7CMCMID%7C37225246464018475362080472714646332451%7CMCAAMLH-1510202219%7C6%7CMCAAMB-1510202219%7C7wn8T9zDVmVKaqDC4nCjPmNoV8vbZAgJ7EU1b0TtKx7i8XM%7CMCOPTOUT-1509604619s%7CNONE%7CMCSYNCSOP%7C411-17480%7CMCAID%7CNONE%7CvVersion%7C2.3.0 |
|
client.schwab.com/ | Name: BIGipServerclient-origin-rr-bdc-443-pool Value: 587228938.47873.0000 |
|
.schwab.com/ | Name: NP2 Value: |42ln0jmtw3c1bjxior044xns|||N|||||||||| |
|
.schwab.com/ | Name: ASP.NET_SessionId Value: xr0h1hgckeeyi4iycq4djcv5 |
|
.schwab.com/ | Name: pod Value: 1 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
casandralopez.com
client.schwab.com
client.schwabcdn.com
cm.everesttech.net
content.schwab.com
dpm.demdex.net
lms.schwab.com
schwab.demdex.net
smetric.schwab.com
www.schwab.com
client.schwab.com
schwab.demdex.net
192.185.162.104
23.35.106.99
23.35.107.122
23.35.96.221
23.35.98.95
54.72.198.94
63.140.43.7
66.117.28.86
03f25eb07495770f9207af4e2a709dac0b24de34ea66eedfa2b629601d9ac484
1c7ea3d91c14a747d0daf52e7334ed478a2e0d6c6155926f76ada10f20ba9395
2393e90e86a3461317b63157ed3797f1e99fab1acf89adc3ee8a883aede53759
340c8144527d33b72feafe06c90fd99ca176e7b6a49ea0b50d35c4e20f3da1f8
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
548c42c8b0141f8985e89e6f1a6a3212737204fe915cab853b9aa647b26386f2
65c546996638911d0bd2a36945c3a475b84fed0c898a6365fbd822049d86cb62
69956546b189eee14c0fb675f03ec33fc504fc2c274dc196e858edd5d1f12273
878ddc24790cd891d9cc65c7d4c21e9285dd0fbf77d42d624bcc5cad3c5014f2
8c4ac034f659146dedb5ce3f26238e5d22e03ecdae292fc016e6dac38cd92043
99d9d7f375a0d8bcdadb72678ddadc85810ebb6e7e1efcc3ac22d68b650044a6
9b73d6aa562952e37280faaa00819b2db77a2da51b56132cd52309ca7bd714d4
bc9c4b73c7050050ca5b21889e22cc317fe7b7b9495a3736a08c4fdc208356b5
c8fcb4a90e4c309ad8087c7ea69ebcd079435f8c907e5d1149d42deb9eb8201a
ce18412ac1c6650c3ec74f0b04e93765c09d932c363cb934630854155db80403
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fa144d3dfe176f39c6290fea20af3621b90bcdbfd80d7f8983d99579625f3516