epttz.us
Open in
urlscan Pro
2606:4700:30::681f:4469
Malicious Activity!
Public Scan
URL:
http://epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/cardmembersvcs/registration/reg/
Submission: On May 04 via automatic, source openphish
Submission: On May 04 via automatic, source openphish
Summary
This website contacted 15 IPs
in 4 countries
across 11 domains to perform 38 HTTP transactions.
The main IP is 2606:4700:30::681f:4469, located in
United States and
belongs to CLOUDFLARENET - Cloudflare, Inc., US.
The main domain is epttz.us.
This is the only time epttz.us was scanned on urlscan.io!
This is the only time epttz.us was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Discover (Financial)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 14 | 2606:4700:30:... 2606:4700:30::681f:4469 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 3 | 2606:4700:30:... 2606:4700:30::681f:4569 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 1 4 | 34.243.36.162 34.243.36.162 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 | 172.217.22.6 172.217.22.6 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 1 | 178.249.101.23 178.249.101.23 | 11054 (LIVEPERSON) (LIVEPERSON - LivePerson) | |
| 1 | 2.16.186.56 2.16.186.56 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 2 | 172.82.228.16 172.82.228.16 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
| 1 1 | 66.117.28.86 66.117.28.86 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
| 5 | 23.67.136.43 23.67.136.43 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 | 79.125.117.125 79.125.117.125 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 2 | 2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK - Facebook) | |
| 1 | 52.30.5.88 52.30.5.88 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 2 | 2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK - Facebook) | |
| 1 1 | 172.217.23.130 172.217.23.130 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 1 | 46.137.81.30 46.137.81.30 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 | 2a03:2880:f0f... 2a03:2880:f0ff:2:face:b00c:0:8c | 32934 (FACEBOOK) (FACEBOOK - Facebook) | |
| 38 | 15 |
4
34.243.36.162
(United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-243-36-162.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-243-36-162.eu-west-1.compute.amazonaws.com
| dpm.demdex.net |
1
172.217.22.6
(Mountain View, United States)
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s14-in-f6.1e100.net
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s14-in-f6.1e100.net
| fls.doubleclick.net |
1
2.16.186.56
(European Union)
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-56.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-56.deploy.static.akamaitechnologies.com
| fast.discoverfinancialservices.demdex.net |
2
172.82.228.16
(Lehi, United States)
ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: *.d1.sc.omtrdc.net
ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: *.d1.sc.omtrdc.net
| metrics.discover.com |
1
66.117.28.86
(Lehi, United States)
ASN15224 (OMNITURE - Adobe Systems Inc., US)
ASN15224 (OMNITURE - Adobe Systems Inc., US)
| cm.everesttech.net |
5
23.67.136.43
(Amsterdam, Netherlands)
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-67-136-43.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-67-136-43.deploy.static.akamaitechnologies.com
| s.btstatic.com |
1
79.125.117.125
(Dublin, Ireland)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-79-125-117-125.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-79-125-117-125.eu-west-1.compute.amazonaws.com
| s.thebrighttag.com |
2
2a03:2880:f02d:12:face:b00c:0:3
(Ireland)
ASN32934 (FACEBOOK - Facebook, Inc., US)
ASN32934 (FACEBOOK - Facebook, Inc., US)
| connect.facebook.net |
1
52.30.5.88
(Dublin, Ireland)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-30-5-88.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-30-5-88.eu-west-1.compute.amazonaws.com
| s.thebrighttag.com |
2
2a03:2880:f12d:83:face:b00c:0:25de
(Ireland)
ASN32934 (FACEBOOK - Facebook, Inc., US)
ASN32934 (FACEBOOK - Facebook, Inc., US)
| www.facebook.com |
1
172.217.23.130
(Mountain View, United States)
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s18-in-f2.1e100.net
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s18-in-f2.1e100.net
| cm.g.doubleclick.net |
1
46.137.81.30
(Dublin, Ireland)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-46-137-81-30.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-46-137-81-30.eu-west-1.compute.amazonaws.com
| s.thebrighttag.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 17 |
epttz.us
1 redirects
epttz.us |
343 KB |
| 5 |
btstatic.com
s.btstatic.com |
28 KB |
| 5 |
demdex.net
1 redirects
dpm.demdex.net fast.discoverfinancialservices.demdex.net |
3 KB |
| 3 |
thebrighttag.com
s.thebrighttag.com |
3 KB |
| 2 |
facebook.com
1 redirects
www.facebook.com |
517 B |
| 2 |
facebook.net
connect.facebook.net |
60 KB |
| 2 |
doubleclick.net
1 redirects
fls.doubleclick.net cm.g.doubleclick.net |
547 B |
| 2 |
discover.com
card.discover.com Failed metrics.discover.com |
1 KB |
| 1 |
atdmt.com
cx.atdmt.com |
314 B |
| 1 |
everesttech.net
1 redirects
cm.everesttech.net |
526 B |
| 1 |
liveperson.net
lptag.liveperson.net |
|
| 38 | 11 |
| Domain | Requested by | |
|---|---|---|
| 17 | epttz.us |
1 redirects
epttz.us
s.btstatic.com |
| 5 | s.btstatic.com |
epttz.us
s.btstatic.com |
| 4 | dpm.demdex.net |
1 redirects
epttz.us
|
| 3 | s.thebrighttag.com |
s.btstatic.com
|
| 2 | www.facebook.com | 1 redirects |
| 2 | connect.facebook.net |
s.btstatic.com
connect.facebook.net |
| 2 | metrics.discover.com |
epttz.us
|
| 1 | cx.atdmt.com | |
| 1 | cm.g.doubleclick.net | 1 redirects |
| 1 | cm.everesttech.net | 1 redirects |
| 1 | fast.discoverfinancialservices.demdex.net |
epttz.us
|
| 1 | lptag.liveperson.net |
epttz.us
|
| 1 | fls.doubleclick.net |
epttz.us
|
| 0 | card.discover.com Failed |
epttz.us
|
| 38 | 14 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.discover.com |
| portal.discover.com |
| www.twitter.com |
| www.facebook.com |
| plus.google.com |
| linkedin.com |
| www.bbb.org |
| www.fdic.gov |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.doubleclick.net Google Internet Authority G3 |
2019-04-16 - 2019-07-09 |
3 months | crt.sh |
| *.liveperson.net COMODO RSA Organization Validation Secure Server CA |
2017-12-17 - 2020-12-16 |
3 years | crt.sh |
| a.s.thebrighttag.com DigiCert SHA2 Secure Server CA |
2018-03-02 - 2020-02-20 |
2 years | crt.sh |
| *.facebook.com DigiCert SHA2 High Assurance Server CA |
2019-03-08 - 2019-06-06 |
3 months | crt.sh |
| *.thebrighttag.com DigiCert SHA2 Secure Server CA |
2018-04-04 - 2020-04-03 |
2 years | crt.sh |
| *.atlassolutions.com DigiCert SHA2 High Assurance Server CA |
2019-04-12 - 2019-07-11 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/cardmembersvcs/registration/reg/
Frame ID: 83BE8D7AC49D46389CD03E65AD0BFF20
Requests: 37 HTTP requests in this frame
Frame:
http://fast.discoverfinancialservices.demdex.net/dest5.html?d_nsid=0
Frame ID: E7DE0EF4DB40452086A7723BF0877FD1
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/cardmembersv...
HTTP 301
http://epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/cardmembersv... Page URL
Detected technologies
LivePerson
(Live Chat)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /^https?:\/\/lptag\.liveperson\.net\/tag\/tag\.js/i
CloudFlare
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /cloudflare/i
DoubleClick Floodlight
(Advertising Networks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /https?:\/\/fls.doubleclick.net/i
Facebook
(Widgets)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i
SiteCatalyst
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- env /^s_(?:account|objectID|code|INST)$/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- env /^jQuery$/i
Page Statistics
14 Outgoing links
These are links going to different origins than the main page.
URL: https://www.discover.com/
Title:
Title:
Search URL Search Domain Scan URL
URL: https://portal.discover.com/customersvcs/universalLogin/ac_main
Title: Cancel
Title: Cancel
Search URL Search Domain Scan URL
URL: https://www.discover.com/credit-cards/help-center/contact-us/index.html
Title: Contact Us
Title: Contact Us
Search URL Search Domain Scan URL
URL: https://www.discover.com/credit-cards/help-center/terms-of-use.html?ICMPGN=FTR_TERMS_USE
Title: Terms of Use
Title: Terms of Use
Search URL Search Domain Scan URL
URL: https://www.discover.com/privacy-statement/index.html?ICMPGN=FTR_CUST_PRIVACY
Title: Privacy Statement
Title: Privacy Statement
Search URL Search Domain Scan URL
URL: https://www.discover.com/credit-cards/member-benefits/security-center?ICMPGN=FTR_CUST_SECURITY
Title: Security
Title: Security
Search URL Search Domain Scan URL
URL: https://www.twitter.com/discover
Search URL Search Domain Scan URL
URL: https://www.facebook.com/discover
Search URL Search Domain Scan URL
URL: https://plus.google.com/+Discover/posts
Search URL Search Domain Scan URL
URL: https://linkedin.com/company/discover-financial-services
Search URL Search Domain Scan URL
URL: https://www.discover.com/credit-cards/member-benefits/mobile?ICMPGN=FTR_ICON_MOBILE
Title: DISCOVER MOBILE APP
Title: DISCOVER MOBILE APP
Search URL Search Domain Scan URL
URL: https://www.discover.com/home-loans/state-licenses?ICMPGN=FTR_ICON_EHL
Search URL Search Domain Scan URL
URL: https://www.bbb.org/chicago/business-reviews/credit-cards-and-plans/discover-financial-services-in-riverwoods-il-1004324
Search URL Search Domain Scan URL
URL: https://www.fdic.gov/
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/cardmembersvcs/registration/reg
HTTP 301
http://epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/cardmembersvcs/registration/reg/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 12- http://dpm.demdex.net/id?d_visid_ver=2.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0D6C4673527839230A490D45%40AdobeOrg&d_nsid=0&ts=1556950242738 HTTP 302
- http://dpm.demdex.net/id/rd?d_visid_ver=2.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0D6C4673527839230A490D45%40AdobeOrg&d_nsid=0&ts=1556950242738
- http://cm.everesttech.net/cm/dd?d_uuid=05772206549745183730262182854295544373 HTTP 302
- http://dpm.demdex.net/ibs:dpid=411&dpuuid=XM0s4gAAEzFyYTx0
- https://cm.g.doubleclick.net/pixel?google_nid=signal_dmp&google_cm&btt=0 HTTP 302
- https://s.thebrighttag.com/cs?tp=gcms&btt=0&google_gid=CAESED9NRBltXNlS92lhfQxUVzo&google_cver=1
- https://www.facebook.com/tr/?id=926429267553292&ev=Microdata&dl=http%3A%2F%2Fepttz.us%2Fwordpress%2Fwp-content%2Fthemes%2Ftwentysixteen%2Fcss%2Fzxa%2Fcard.discover%2Fcardmembersvcs%2Fregistration%2Freg%2F&rl=&if=false&ts=1556950244794&cd[Schema.org]=%5B%5D&cd[OpenGraph]=%7B%7D&cd[Meta]=%7B%22title%22%3A%22Discover%22%7D&cd[DataLayer]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.8.47&r=stable&a=sig&ec=1&o=30&fbp=fb.1.1556950243286.524209422&it=1556950243257&coo=false&es=automatic&rqm=GET HTTP 302
- https://cx.atdmt.com/?c=6989266598240005588&f=AYwIjU-sTDtxRc0lHLNkgtn94-CBDWtffdXBW0TJmTtKBmGev4d79frHO2uAL2aX5Yvqul2rauof0Jvdcgyo4KXD&id=926429267553292&l=3&v=0
38 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/cardmembersvcs/registration/reg/ Redirect Chain
|
14 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
common.min5dbe.css
epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/global/css/ |
288 KB 42 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
loginAssist-rwd.min8fa4.css
epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/applications/loginAssistance/css/ |
26 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
visitorAPI.js
epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/global/scripts/ |
44 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
discover-logo.png
epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/global/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
oo5_style.css
epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/css/ |
16 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
libs.min333f.js
epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/global/libs/scripts/ |
233 KB 73 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
common.mind6a3.js
epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/global/scripts/ |
71 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
thirdparty.mincd20.js
epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/global/scripts/ |
70 KB 26 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
backbone-file3.min49fc.js
epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/global/scripts/ |
986 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
live-engagement-api.min020e.js
epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/global/scripts/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-ui.min9dfd.js
epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/global/scripts/ |
248 KB 67 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
login-assist.mincf1f.js
epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/applications/loginAssistance/scripts/ |
31 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
rd
dpm.demdex.net/id/ Redirect Chain
|
0 -1 B |
XHR
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
utility-icons.png
epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/global/images/ |
55 KB 56 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
MetaWebPro-Normal.woff
card.discover.com/global/public/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
rd
dpm.demdex.net/id/ |
2 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
json
fls.doubleclick.net/ |
40 B 214 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
tag.js
lptag.liveperson.net/tag/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
dest5.html
fast.discoverfinancialservices.demdex.net/ Frame E7DE |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
id
metrics.discover.com/ |
49 B 519 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ibs:dpid=411&dpuuid=XM0s4gAAEzFyYTx0
dpm.demdex.net/ Redirect Chain
|
42 B 770 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
s21746960128874
metrics.discover.com/b/ss/discoverglobalprod,%20discovercardservicingprod/1/JS-2.5.0/ |
43 B 592 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tag.js
s.btstatic.com/ |
34 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tag
s.thebrighttag.com/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
0c69d262aa92198c2c1e39ada1c55b04bb476c3d.js
s.btstatic.com/lib/ |
219 B 525 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
oo5_style_signal.css
epttz.us/global/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
38996184bd034da1caee68bc6a24ef5f8d7eb3d0.js
s.btstatic.com/lib/ |
45 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bcca2083065658ae398cc3432dbda180190ed1e7.js
s.btstatic.com/lib/ |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
92e0d137e620af7e1d816654c493d4e23bf644e8.js
s.btstatic.com/lib/ |
387 B 629 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
oo_tab_icon_retina.gif
epttz.us/global/images/onlineopinionV5/ |
18 KB 18 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
oo_tab_icon.gif
epttz.us/wordpress/wp-content/themes/twentysixteen/css/zxa/card.discover/images/onlineopinionV5/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fbevents.js
connect.facebook.net/en_US/ |
53 KB 15 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tag
s.thebrighttag.com/ |
366 B 887 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
926429267553292
connect.facebook.net/signals/config/ |
174 KB 45 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.facebook.com/tr/ |
44 B 245 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
cs
s.thebrighttag.com/ Redirect Chain
|
35 B 695 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
cx.atdmt.com/ Redirect Chain
|
42 B 314 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- card.discover.com
- URL
- https://card.discover.com/global/public/fonts/MetaWebPro-Normal.woff
- Domain
- epttz.us
- URL
- http://epttz.us/global/css/oo5_style_signal.css?v=2
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Discover (Financial)167 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| visitor function| Visitor object| s_c_il number| s_c_in function| $ function| jQuery object| jQuery111108454797547033102 function| getWin function| winHeight function| _windowView function| scGlobalProp function| indexOf function| ss_composeSuggestUri function| callback function| ss_suggest function| ss_processed function| ss_handleAllKey function| ss_handleKey function| ss_isEmbeddedMode_ function| ss_handleQuery function| ss_removeNode_ function| ss_replaceNode_ function| ss_initEmbedMode_ function| ss_sf function| ss_clear function| ss_hide function| ss_show function| ss_showSuggestion function| ss_handleMouseM function| ss_handleMouseC function| ss_countSuggestions function| ss_locateSuggestion function| ss_escape object| consts string| ua number| msie object| $doc undefined| activeTab undefined| globalModalMarginTopdesktop number| globalModalMarginTopmobile undefined| ieVersion boolean| nonSecure undefined| initialSecNavTop number| secNavLastScrollTop boolean| isIos object| discover_rwd object| calendar object| stepindicator object| alertNotification object| toggle object| customInputs object| modal object| tooltip object| documentUpload object| tabPanel object| run object| secNav object| dropDown object| globalSitecatalyst string| ss_form_element string| ss_popup_element object| ss_seq number| ss_g_max_to_display number| ss_max_to_display number| ss_wait_millisec number| ss_delay_millisec string| ss_protocol string| ss_gsa_host boolean| ss_allow_non_query object| ss_cached object| ss_qbackup object| ss_qshown number| ss_loc number| ss_waiting boolean| ss_painting object| ss_key_handling_queue object| ss_painting_queue boolean| ss_dismissed boolean| ss_panic string| SS_ROW_CLASS string| SS_ROW_SELECTED_CLASS function| sendRequest object| ss_use undefined| didScroll number| lastScrollTop number| previousScrollTop number| delta number| navbarHeight object| utils object| appFunctions object| utility string| focusedDate string| focusedMonth boolean| isDevice function| init function| setEvents function| showOverlay function| calculateModalBodyHeight function| calculatePosition function| uploadFile number| yearVal function| s_doPlugins function| omn_getSearchType function| c_r function| c_rspers function| c_w function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq function| populateSiteCatalyst function| readEnvCookie object| s function| s_getmcmid function| s_getmcaid object| dfaConfig object| siteCatalystMap string| currentURL object| discover object| signalTMS string| s_account object| s_Integrate_DFA string| v number| s_objectID number| s_giq function| fileBB function| generateVal function| isLP function| getCookieValue string| dfsedskey string| timerStateCheckDfsState object| lpTag number| dcuser_start undefined| s_code object| s_3_Integrate_DFA_get_0 string| j number| d object| eo number| y number| li object| s_i_discoverglobalprod_ discovercardservicingprod function| bt_eval function| bt_parameter function| bt_meta function| bt_cookie function| bt_data function| bt_log function| bt_handle_exception undefined| _bt_url_prefix undefined| _bt_referrer undefined| _bt_site undefined| _bt_mode function| btServe function| bt_data_escaped object| BrightTag object| createLinkTag object| OOo function| receiveMessage function| SignalSetCookie function| SignalReadCookie function| fbq function| _fbq object| __core-js_shared__7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .demdex.net/ | Name: dextp Value: 144230-1-1556950242929|144231-1-1556950243031 |
|
| .demdex.net/ | Name: demdex Value: 05772206549745183730262182854295544373 |
|
| .epttz.us/ | Name: s_sess Value: %20s_tp%3D1200%3B%20s_cc%3Dtrue%3B%20s_ppv%3DForgotUserIDPwdHome%252C100%252C100%252C1200%3B |
|
| .epttz.us/ | Name: s_pers Value: %20s_dfa%3Ddiscoverglobalprod%252C%2520discovercardservicingprod%7C1556952042825%3B%20s_vnum%3D1559347200904%2526vn%253D1%7C1559347200904%3B%20s_invisit%3Dtrue%7C1556952042904%3B%20gpv_p5%3DForgotUserIDPwdHome%7C1556952042906%3B |
|
| epttz.us/ | Name: AMCV_0D6C4673527839230A490D45%40AdobeOrg Value: 1406116232%7CMCIDTS%7C18021%7CMCMID%7C03353702708299757441082763549332323984%7CMCAAMLH-1557555042%7C6%7CMCAAMB-1557555042%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1556957442s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18028%7CvVersion%7C2.5.0 |
|
| epttz.us/ | Name: AMCVS_0D6C4673527839230A490D45%40AdobeOrg Value: 1 |
|
| .epttz.us/ | Name: __cfduid Value: d525a53d359d849578e0def537f73a8391556950242 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Content-Type-Options | nosniff |
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 1;mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
card.discover.com
cm.everesttech.net
cm.g.doubleclick.net
connect.facebook.net
cx.atdmt.com
dpm.demdex.net
epttz.us
fast.discoverfinancialservices.demdex.net
fls.doubleclick.net
lptag.liveperson.net
metrics.discover.com
s.btstatic.com
s.thebrighttag.com
www.facebook.com
card.discover.com
epttz.us
172.217.22.6
172.217.23.130
172.82.228.16
178.249.101.23
2.16.186.56
23.67.136.43
2606:4700:30::681f:4469
2606:4700:30::681f:4569
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f0ff:2:face:b00c:0:8c
2a03:2880:f12d:83:face:b00c:0:25de
34.243.36.162
46.137.81.30
52.30.5.88
66.117.28.86
79.125.117.125
07857e99134ae154f01e83d07163d48ca33573edd139ba611461b94f706a1617
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
121d7327471295d2aa1878ef94c8ab756375856d08ae24d3df11fa549e241633
16484a884b33a6a314ce97139922c4b4560c322e8ada6355a251bd1fd4d1989b
1bf7836282cf0a1f1cae452a2b7d03f4857827aa682e36562831fe3bc34f30a5
2566f15f28c6290b576db3a09fcf771d8392067df8227807e8854f0f577ff610
28ce75d953678c4942df47a11707a15e3c756021cf89090e3e6aa7ad6b6971c3
2f92fbe8cd86156ee461632418102b44d2347e5c55dac648433d953ccc0b3ea8
4ad8300fba93643428dac5a5866dfc2801583f62e807a852e8b47cdd32a9d560
508867c5f9093236b3d83a8f98dc8f299777f0dd34931ec7c22239285d1f0160
5a24357d4478a1d36f35a1c40f446151ade41edd17b8b1702d8d1e02b56f0be3
6332de71bac1e34cabc044aeaae4e0fa011806bba44f6d54742946abcd3a5730
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6f80f4033b8d4c415004028982c3240d5b04334612cfbe5dbaa2048dfcd53492
7e1b9d4ea809da1dab37d86706906d00feff76c0935174c569514d67d9c45fa4
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83f8f7e611c63287303cb888572dd5276f84ed6e749f611f81fbcf39bf350fe6
8f547776efdf32d7ad1f356a3aa3d988ed02dce143acbf031eaf14ce8c5accda
90ff61e1180bef924c563843bba2edc5f5e726c8f7495e896d99765aadb72d74
99462c44c2311d62c4c430e464542251f46d3812fb0d8599839e67374903a7aa
999945a671c8ba8ea1499bd1149d365b486f0440f31341d01e34b7da174c2f60
9d4b04d54a1c88ca026c809a6f0a3d7d9e1375ce39f17cc5fd488ab90bc91efc
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
ad9a8da5299eb3df086e31ccc2de5693e653b22e53f6afc070199745ed6167bc
af41bf67eeb0c0fd5106a5b7d6bdaefa17929369851165ea0ac8b2a9f6d1c1ba
c219a60a8e02061c42a7026376ae36db38304950399a044121471c6413848c42
c78d4486b3cb4f86759972253da2b59990c7b6d1d4eeef0b254018bab20b5a79
c93fbf07aea53b8f5c7f7477a6e9eccc4024356002f210ba6b24ea1ce48f1814
cbdd0c7d77699eedba1fee4cc8a299305e62433cc4d4e5cb1e0763d825fc0edb
cc189d76fff12a8cdd49f6577ea4e0f84c6ef3447e60914b9834b5313a881887
e00c7025f0333ce2e8196e0210b218a8f47bd809344b9cd594816b3c36a9c819
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fa59b1ed1b011e084474ad818b5f6986d84fc678e2f37fee9330eb52d86860b3