recovery.hub-web.com
Open in
urlscan Pro
54.75.240.21
Malicious Activity!
Public Scan
Submission: On March 19 via automatic, source openphish
Summary
This is the only time recovery.hub-web.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 54.75.240.21 54.75.240.21 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
2 | 162.125.66.6 162.125.66.6 | 19679 (DROPBOX) (DROPBOX - Dropbox) | |
1 | 2a02:26f0:78:... 2a02:26f0:78::5f64:f89b | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
5 | 3 |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-75-240-21.eu-west-1.compute.amazonaws.com
recovery.hub-web.com |
ASN19679 (DROPBOX - Dropbox, Inc., US)
dl.dropboxusercontent.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
dropboxusercontent.com
dl.dropboxusercontent.com |
|
2 |
hub-web.com
recovery.hub-web.com |
33 KB |
1 |
akamaihd.net
fbstatic-a.akamaihd.net |
6 KB |
5 | 3 |
Domain | Requested by | |
---|---|---|
2 | dl.dropboxusercontent.com |
recovery.hub-web.com
|
2 | recovery.hub-web.com |
recovery.hub-web.com
|
1 | fbstatic-a.akamaihd.net |
recovery.hub-web.com
|
5 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
dl.dropboxusercontent.com DigiCert SHA2 High Assurance Server CA |
2017-02-07 - 2020-02-12 |
3 years | crt.sh |
a248.e.akamai.net Symantec Class 3 ECC 256 bit SSL CA - G2 |
2016-07-28 - 2017-07-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://recovery.hub-web.com/update-payment-logid/incorrect.html
Frame ID: 7253.1
Requests: 5 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request 0- https://db.tt/xcd4Cels
- https://dl.dropboxusercontent.com/u/251302790/CSS/visa.css
- https://db.tt/fXKuyC3I
- https://dl.dropboxusercontent.com/u/251302790/CSS/visa1.css
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
incorrect.html
recovery.hub-web.com/update-payment-logid/ |
20 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
visa.css
dl.dropboxusercontent.com/u/251302790/CSS/ Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
visa1.css
dl.dropboxusercontent.com/u/251302790/CSS/ Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Upgradepayment.jpg
recovery.hub-web.com/update-payment-logid/ |
13 KB 13 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kT2ocXFCst4.gif
fbstatic-a.akamaihd.net/rsrc.php/v2/yo/r/ |
6 KB 6 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dl.dropboxusercontent.com
fbstatic-a.akamaihd.net
recovery.hub-web.com
162.125.66.6
2a02:26f0:78::5f64:f89b
54.75.240.21
233a28be3a5927d2e2931b84ee677332163b37f0a340798f360998a7655b1cc6
30f733ec1189c141a979904a2c134f51be5244a2490d50c8956c2e09beb36887
915349098484d339675b119e657628af43749095907942f349cbd47e13118aba