singlepolnt-usbarnk.com Open in urlscan Pro
2606:4700:3035::6815:54a9 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://singlepolnt-usbarnk.com/cs70_banking/logon/sbuser
Effective URL:
https://singlepolnt-usbarnk.com/cs70_banking/logon/sbuser
Submission: On September 18 via manual (September 18th 2024, 2:19:00 pm UTC) from US — Scanned from US

Summary HTTP 4 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 2606:4700:3035::6815:54a9, located in United States and belongs to CLOUDFLARENET, US. The main domain is singlepolnt-usbarnk.com.
TLS certificate: Issued by WE1 on September 17th 2024. Valid for: 3 months.

This is the only time singlepolnt-usbarnk.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: US Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
4	2606:4700:303... 2606:4700:3035::6815:54a9		13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2

4 2606:4700:3035::6815:54a9 (United States)

ASN13335 (CLOUDFLARENET, US)

singlepolnt-usbarnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	singlepolnt-usbarnk.com singlepolnt-usbarnk.com	125 KB
4	1

	Domain	Requested by
4	singlepolnt-usbarnk.com	singlepolnt-usbarnk.com
4	1

This site contains links to these domains. Also see Links.

Domain
m.singlepoint.usbank.com
www.ibm.com

Subject Issuer	Validity	Valid
singlepolnt-usbarnk.com WE1	`2024-09-17` - `2024-12-16`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://singlepolnt-usbarnk.com/cs70_banking/logon/sbuser
Frame ID: CDC0E1DCED99C350A45F6EDE7BDFE85E
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Welcome to SinglePoint - U.S. Bank Commercial Internet Banking

Page URL History Show full URLs

http://singlepolnt-usbarnk.com/cs70_banking/logon/sbuser HTTP 307
https://singlepolnt-usbarnk.com/cs70_banking/logon/sbuser Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

4
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

125 kB
Transfer

286 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://m.singlepoint.usbank.com/spt_mobile_web/sbb/app/start
Title: Go to Mobile SinglePoint

Search URL Search Domain Scan URL

URL: https://www.ibm.com/security/trusteer/landing-page/usbank-business
Title: Download IBM® Security Trusteer Rapport™

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://singlepolnt-usbarnk.com/cs70_banking/logon/sbuser HTTP 307
https://singlepolnt-usbarnk.com/cs70_banking/logon/sbuser Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
13 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request sbuser Show response singlepolnt-usbarnk.com/cs70_banking/logon/ Redirect Chain http://singlepolnt-usbarnk.com/cs70_banking/logon/sbuser https://singlepolnt-usbarnk.com/cs70_banking/logon/sbuser	75 KB 75 KB	447ms 348ms	Document text/html	2606:4700:3035::6815:54a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://singlepolnt-usbarnk.com/cs70_banking/logon/sbuser Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:54a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a57d9bbc35de45691952e6e504c91fa07847d9f1e3731347735ccc9de1735498` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers accept-ranges bytes alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8c51f769ac2241cf-EWR content-length 76577 date Wed, 18 Sep 2024 14:18:39 GMT last-modified Mon, 17 Jul 2023 20:17:46 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s0W49fnusV5QOaV%2Bqp3k89KQGXt%2BO3iHfXe%2FRLwYZI2zmUwxCe77LHTeOHilgsunaWU3HzhfHgm2yDYNoLDbNxt8o6DMTdYTnY7iXr7eXNz4iZ201sOmSu6EmuppeJkn7q2G7ogJHVVOfWhZQNBaT2dmzSurGg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare Redirect headers Location https://singlepolnt-usbarnk.com/cs70_banking/logon/sbuser Non-Authoritative-Reason HttpsUpgrades
GET DATA	200 OK	truncated /	7 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `dbaac4d8ebe2c758db913fcc732bdcc79aa4b761d10242b043dead8c3e256a9a` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	5 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `274fd703d26adcb89dfc7235d55d0938bc3f390f2072609ebdf7c2e1ec6bfbb2` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ea8e848c36173b16134bf34e384bf313365d680dcff89910a4ff02f75c21e187` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `59fbaa3151079eedbf52a3511d605a17262344e259c067abc23fc2f17a4fe83c` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bd131cd9b3bb87a5ec4d21317f6e7b6c8d0a23451caebcf09d4728fed889c49a` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `fcbcc6a6c3513482fecc9212ececa5a3dd5947121d2110a0065b6297f070d783` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	43 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	2 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `348fabfdef6b9ad7bcae6fb2795db80fc85b14bc3424834062642ef701b7d950` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	560 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `27156f24c9c4a54c51169e07212d3d07c965a91668e9b6847b71092ccf819f6e` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	440 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5662dc25c9c1b69a9a56699a974845d079ac007782aeb6b0c7c386d0a0b19863` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/gif
GET H3	200	jquery.min.js Show response singlepolnt-usbarnk.com/cs70_banking/logon/css/	93 KB 34 KB	635ms 635ms	Script text/javascript	2606:4700:3035::6815:54a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://singlepolnt-usbarnk.com/cs70_banking/logon/css/jquery.min.js Requested by Host: singlepolnt-usbarnk.com URL: https://singlepolnt-usbarnk.com/cs70_banking/logon/sbuser Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:54a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4332316d0fe4e2c7a9e213afa4d9cbf983ad5bf80cb47d98c9cacd5470e35889` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://singlepolnt-usbarnk.com/cs70_banking/logon/sbuser Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status MISS report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vJc6vU%2FAQNn9E4EjcXAI3eaaLuWg7slcOnQjKZpB%2FUCoeF1juSKVWTWDYnahj7qM4NX7IdJX9IYg6KUw7kqvuJtyYbMZzE6pVvK2Rp%2FZpbFSHZUgmQZwWJRcD%2FfMnj5u4RqKHCIwk%2FaFQKGxO1UtDDpfervZIA%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8c51f7d07c0541cf-EWR alt-svc h3=":443"; ma=86400 date Wed, 18 Sep 2024 14:18:56 GMT content-type text/javascript last-modified Wed, 01 Apr 2015 15:54:52 GMT vary Accept-Encoding server cloudflare
GET DATA	200 OK	truncated /	5 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e70ef869e04e19940a6311335a22029726bff32311c3a7001181406fc5655b0e` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c4f3ca3d8f26371747cdacfffb9d2654ba2a0afb233d27968970a21123ba0768` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b293c3080f072151d9cf20e1a24e01755113c90ce677632910d412cf8de19bd0` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/gif
GET H3	200	main.php Show response singlepolnt-usbarnk.com/cs70_banking/logon/css/	78 KB 15 KB	406ms 406ms	XHR text/html	2606:4700:3035::6815:54a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://singlepolnt-usbarnk.com/cs70_banking/logon/css/main.php?_=1726669136080 Requested by Host: singlepolnt-usbarnk.com URL: https://singlepolnt-usbarnk.com/cs70_banking/logon/css/jquery.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:54a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `91bacae5fe5eaa6c7c95fb1ba5b2c71ea97498bdc8ef894c59a2ed1da229e069` Request headers Referer https://singlepolnt-usbarnk.com/cs70_banking/logon/sbuser X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 Response headers nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status DYNAMIC speculation-rules "/cdn-cgi/speculation" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cEwDRx5lNTH7khf%2FE6pxEYkNoYxd4fdGqN9ShLhGyRUX3PtkphgrtzZrxMQUAQi%2FlmYoXhDCuFvQNelEEuDh3p60iyPKgZfc9IQtq29kiUwlEtRC6l85R%2FmiPH3GheSYp5KnCaj53e%2B4UP5%2F%2FEz8pXo3rbW7bg%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8c51f7d48a7041cf-EWR alt-svc h3=":443"; ma=86400 date Wed, 18 Sep 2024 14:18:56 GMT content-type text/html; charset=UTF-8 server cloudflare
GET H3	200	stat.php Show response singlepolnt-usbarnk.com/cs70_banking/logon/css/	1 KB 795 B	393ms 392ms	XHR text/html	2606:4700:3035::6815:54a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://singlepolnt-usbarnk.com/cs70_banking/logon/css/stat.php?_=1726669136082 Requested by Host: singlepolnt-usbarnk.com URL: https://singlepolnt-usbarnk.com/cs70_banking/logon/css/jquery.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:54a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `491dbbc524de4aa081ea32f22c6ba549e4088df304903d121f4cb998ab475929` Request headers Referer https://singlepolnt-usbarnk.com/cs70_banking/logon/sbuser X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 Response headers nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status DYNAMIC speculation-rules "/cdn-cgi/speculation" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=54vQdLzijCpVGMdbisFhX1uuFRePs%2F4QtsDdgnH7OCaIuJglgOmYER0v0U3xX9wsLvykqfGSy%2BL8Rup0wrvkFC5J%2BtbA98GJJiEQrY4RX9SLIS4gKpVNGQSS2sUfUgjGp5ori91MXjyPwqeSScUq9Vnq0RWGKQ%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8c51f7d48a7341cf-EWR alt-svc h3=":443"; ma=86400 date Wed, 18 Sep 2024 14:18:56 GMT content-type text/html; charset=UTF-8 server cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: US Bank (Banking)

50 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

singlepolnt-usbarnk.com
2606:4700:3035::6815:54a9
27156f24c9c4a54c51169e07212d3d07c965a91668e9b6847b71092ccf819f6e
274fd703d26adcb89dfc7235d55d0938bc3f390f2072609ebdf7c2e1ec6bfbb2
348fabfdef6b9ad7bcae6fb2795db80fc85b14bc3424834062642ef701b7d950
4332316d0fe4e2c7a9e213afa4d9cbf983ad5bf80cb47d98c9cacd5470e35889
491dbbc524de4aa081ea32f22c6ba549e4088df304903d121f4cb998ab475929
5662dc25c9c1b69a9a56699a974845d079ac007782aeb6b0c7c386d0a0b19863
59fbaa3151079eedbf52a3511d605a17262344e259c067abc23fc2f17a4fe83c
91bacae5fe5eaa6c7c95fb1ba5b2c71ea97498bdc8ef894c59a2ed1da229e069
a57d9bbc35de45691952e6e504c91fa07847d9f1e3731347735ccc9de1735498
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b293c3080f072151d9cf20e1a24e01755113c90ce677632910d412cf8de19bd0
bd131cd9b3bb87a5ec4d21317f6e7b6c8d0a23451caebcf09d4728fed889c49a
c4f3ca3d8f26371747cdacfffb9d2654ba2a0afb233d27968970a21123ba0768
dbaac4d8ebe2c758db913fcc732bdcc79aa4b761d10242b043dead8c3e256a9a
e70ef869e04e19940a6311335a22029726bff32311c3a7001181406fc5655b0e
ea8e848c36173b16134bf34e384bf313365d680dcff89910a4ff02f75c21e187
fcbcc6a6c3513482fecc9212ececa5a3dd5947121d2110a0065b6297f070d783

singlepolnt-usbarnk.com Open in urlscan Pro 2606:4700:3035::6815:54a9 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

4 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

125 kBTransfer

286 kBSize

0 Cookies

2 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

50 JavaScript Global Variables

0 Cookies

Indicators

singlepolnt-usbarnk.com Open in urlscan Pro
2606:4700:3035::6815:54a9 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

125 kB
Transfer

286 kB
Size

0
Cookies

4 HTTP transactions
13 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!