accounts.prodserv-01.xyz Open in urlscan Pro
66.29.143.229 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://accounts.prodserv-01.xyz/
Submission: On August 28 via automatic, source certstream-suspicious (August 28th 2021, 11:16:19 am UTC)

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 19 HTTP transactions. The main IP is 66.29.143.229, located in United States and belongs to NAMECHEAP-NET, US. The main domain is accounts.prodserv-01.xyz.
TLS certificate: Issued by R3 on August 28th 2021. Valid for: 3 months.

This is the only time accounts.prodserv-01.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Verizon (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
15	66.29.143.229 66.29.143.229	22612 (NAMECHEAP...) (NAMECHEAP-NET)
4	68.232.35.163 68.232.35.163	15133 (EDGECAST) (EDGECAST)
19	3

15 66.29.143.229 (United States)

ASN22612 (NAMECHEAP-NET, US)

accounts.prodserv-01.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.232.35.163 (United States)

ASN15133 (EDGECAST, US)

scache1.vzw.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
scache2.vzw.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	prodserv-01.xyz accounts.prodserv-01.xyz	306 KB
4	vzw.com scache1.vzw.com scache2.vzw.com	135 KB
19	2

	Domain	Requested by
15	accounts.prodserv-01.xyz	accounts.prodserv-01.xyz
2	scache2.vzw.com	accounts.prodserv-01.xyz
2	scache1.vzw.com	accounts.prodserv-01.xyz
19	3

This site contains no links.

Subject Issuer	Validity	Valid
accounts.prodserv-01.xyz R3	`2021-08-28` - `2021-11-26`	3 months	crt.sh
www.vzw.com DigiCert Baltimore CA-2 G2	`2019-12-09` - `2021-12-13`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://accounts.prodserv-01.xyz/
Frame ID: 0D7ED138584D88C857F4208D5C9C4969
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

My Verizon Log In, Sign in to your Verizon Wireless or Fios Accountbtn / zenkey / color / enabled / sign-in@2xbtn / zenkey / color / enabled / sign-in@2x

Detected technologies

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

455 kB
Transfer

1025 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
accounts.prodserv-01.xyz/ 245 KB
24 KB 911ms
442ms Document
text/html 66.29.143.229
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.prodserv-01.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.29.143.229 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2108c2651af1ac3f437a0d066c84e65204b87ccfff904872d83f2c2b22733c58

Request headers

Host: accounts.prodserv-01.xyz
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 28 Aug 2021 11:16:01 GMT
Content-Type: text/html
Content-Length: 23925
Connection: keep-alive
Last-Modified: Sat, 28 Aug 2021 11:07:20 GMT
ETag: "3d208-5ca9c9a98cfe0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

GET
H/1.1 200
OK bootstrap-3.3.7.min.css
accounts.prodserv-01.xyz/css/ 118 KB
20 KB 268ms
258ms Stylesheet
text/css 66.29.143.229
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.prodserv-01.xyz/css/bootstrap-3.3.7.min.css
Requested by: Host: accounts.prodserv-01.xyz
URL: https://accounts.prodserv-01.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.29.143.229 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: accounts.prodserv-01.xyz
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://accounts.prodserv-01.xyz/
Connection: keep-alive
Referer: https://accounts.prodserv-01.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 28 Aug 2021 11:16:01 GMT
Content-Encoding: gzip
Last-Modified: Sun, 21 Mar 2021 17:47:42 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "1d970-5be0f8bc0ab80-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19744

GET
H/1.1 200
OK less-space.css
accounts.prodserv-01.xyz/css/ 20 KB
3 KB 512ms
242ms Stylesheet
text/css 66.29.143.229
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.prodserv-01.xyz/css/less-space.css
Requested by: Host: accounts.prodserv-01.xyz
URL: https://accounts.prodserv-01.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.29.143.229 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: d6fa67395861849e050da5ed40fc7b85cace91cfadb8a1f50e4237d1678bf8ed

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: accounts.prodserv-01.xyz
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://accounts.prodserv-01.xyz/
Connection: keep-alive
Referer: https://accounts.prodserv-01.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 28 Aug 2021 11:16:01 GMT
Content-Encoding: gzip
Last-Modified: Sun, 21 Mar 2021 17:47:42 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "4e0a-5be0f8bc0ab80-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2432

GET
H/1.1 200
OK style-2.0.css
accounts.prodserv-01.xyz/css/ 33 KB
15 KB 938ms
456ms Stylesheet
text/css 66.29.143.229
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.prodserv-01.xyz/css/style-2.0.css
Requested by: Host: accounts.prodserv-01.xyz
URL: https://accounts.prodserv-01.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.29.143.229 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 732fc80eb20d1847b4937ee1934f8a8def22817fa40b46d26c4df7013e13f697

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: accounts.prodserv-01.xyz
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://accounts.prodserv-01.xyz/
Connection: keep-alive
Referer: https://accounts.prodserv-01.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 28 Aug 2021 11:16:02 GMT
Content-Encoding: gzip
Last-Modified: Sun, 21 Mar 2021 17:47:42 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "857c-5be0f8bc0ab80-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14623

GET
H/1.1 200
OK jquery-1.12.4.min.js Show response
accounts.prodserv-01.xyz/js/ 95 KB
33 KB 954ms
455ms Script
application/javascript 66.29.143.229
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.prodserv-01.xyz/js/jquery-1.12.4.min.js
Requested by: Host: accounts.prodserv-01.xyz
URL: https://accounts.prodserv-01.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.29.143.229 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 8c2812ded6436715279f8fd8db58de307aa39ab0296fe3cf0e879067c51e9b18

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: accounts.prodserv-01.xyz
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://accounts.prodserv-01.xyz/
Connection: keep-alive
Referer: https://accounts.prodserv-01.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 28 Aug 2021 11:16:02 GMT
Content-Encoding: gzip
Last-Modified: Sun, 21 Mar 2021 17:47:42 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "17b8a-5be0f8bc0ab80-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 33758

GET
H/1.1 200
OK core.css
accounts.prodserv-01.xyz/css/ 125 KB
16 KB 944ms
462ms Stylesheet
text/css 66.29.143.229
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.prodserv-01.xyz/css/core.css
Requested by: Host: accounts.prodserv-01.xyz
URL: https://accounts.prodserv-01.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.29.143.229 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 1ce30f1838fdf77351ff41ff8f94d4aac96e98331feac01b14338e5a7f7b1a32

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: accounts.prodserv-01.xyz
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://accounts.prodserv-01.xyz/
Connection: keep-alive
Referer: https://accounts.prodserv-01.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 28 Aug 2021 11:16:02 GMT
Content-Encoding: gzip
Last-Modified: Sun, 21 Mar 2021 17:47:42 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "1f5b4-5be0f8bc0ab80-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16345

GET
H/1.1 200
OK bootstrap-3.3.7.min.js Show response
accounts.prodserv-01.xyz/js/ 36 KB
10 KB 758ms
246ms Script
application/javascript 66.29.143.229
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.prodserv-01.xyz/js/bootstrap-3.3.7.min.js
Requested by: Host: accounts.prodserv-01.xyz
URL: https://accounts.prodserv-01.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.29.143.229 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: accounts.prodserv-01.xyz
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://accounts.prodserv-01.xyz/
Connection: keep-alive
Referer: https://accounts.prodserv-01.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 28 Aug 2021 11:16:02 GMT
Content-Encoding: gzip
Last-Modified: Sun, 21 Mar 2021 17:47:42 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "90b5-5be0f8bc0ab80-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9833

GET
H/1.1 200
OK loginEntry.css
accounts.prodserv-01.xyz/css/ 21 KB
4 KB 719ms
244ms Stylesheet
text/css 66.29.143.229
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.prodserv-01.xyz/css/loginEntry.css
Requested by: Host: accounts.prodserv-01.xyz
URL: https://accounts.prodserv-01.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.29.143.229 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 1e5d7bff8f738a2efc7ea784800347e5e1f83a530abb3389ce7f07c3cc335e51

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: accounts.prodserv-01.xyz
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://accounts.prodserv-01.xyz/
Connection: keep-alive
Referer: https://accounts.prodserv-01.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 28 Aug 2021 11:16:02 GMT
Content-Encoding: gzip
Last-Modified: Sun, 21 Mar 2021 17:59:04 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "523e-5be0fb4672a00-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3619

GET
H/1.1 200
OK zenkeyLogin.css
accounts.prodserv-01.xyz/css/ 4 KB
2 KB 716ms
241ms Stylesheet
text/css 66.29.143.229
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.prodserv-01.xyz/css/zenkeyLogin.css
Requested by: Host: accounts.prodserv-01.xyz
URL: https://accounts.prodserv-01.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.29.143.229 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 784cbd03f4bdf5bba044dc00a0617e5e181207a459eaf5e3cce202fb72630280

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: accounts.prodserv-01.xyz
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://accounts.prodserv-01.xyz/
Connection: keep-alive
Referer: https://accounts.prodserv-01.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 28 Aug 2021 11:16:02 GMT
Content-Encoding: gzip
Last-Modified: Sun, 21 Mar 2021 17:47:46 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "1118-5be0f8bfdb480-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1272

GET
H/1.1 200
OK VZ-White.svg
accounts.prodserv-01.xyz/img/ 8 KB
8 KB 248ms
248ms Image
image/svg+xml 66.29.143.229
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.prodserv-01.xyz/img/VZ-White.svg
Requested by: Host: accounts.prodserv-01.xyz
URL: https://accounts.prodserv-01.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.29.143.229 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 319651f63a5ab5a601c3a881e844bec7b4dd9911633113a493b04202ffc94ed0

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: accounts.prodserv-01.xyz
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://accounts.prodserv-01.xyz/
Connection: keep-alive
Referer: https://accounts.prodserv-01.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 28 Aug 2021 11:16:02 GMT
Last-Modified: Sun, 21 Mar 2021 18:00:06 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "1ffc-5be0fb8193580"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8188

GET
H/1.1 200
OK asterisk_icon.svg
accounts.prodserv-01.xyz/img/ 571 B
827 B 244ms
243ms Image
image/svg+xml 66.29.143.229
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.prodserv-01.xyz/img/asterisk_icon.svg
Requested by: Host: accounts.prodserv-01.xyz
URL: https://accounts.prodserv-01.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.29.143.229 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: ea719fbfb40da4689e3382461c9ffcfb278c6764c089c22cb11adb68b3fb6af1

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: accounts.prodserv-01.xyz
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://accounts.prodserv-01.xyz/
Connection: keep-alive
Referer: https://accounts.prodserv-01.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 28 Aug 2021 11:16:02 GMT
Last-Modified: Sun, 21 Mar 2021 17:59:26 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "23b-5be0fb5b6db80"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 571

GET
H2 200 VerizonNHGeDS-Regular.woff2
scache1.vzw.com/globalnav/fonts/verizon-nhg/ 35 KB
35 KB 365ms
28ms Font
application/font-woff2 68.232.35.163
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://scache1.vzw.com/globalnav/fonts/verizon-nhg/VerizonNHGeDS-Regular.woff2

Requested by

Host: accounts.prodserv-01.xyz
URL: https://accounts.prodserv-01.xyz/css/core.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

68.232.35.163 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (ska/F709) /

Resource Hash

fc3fea59c9400c377216ab925aacc69f072fdd19291afe747c5cedff8095c3e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Origin: https://accounts.prodserv-01.xyz
Referer: https://accounts.prodserv-01.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 11:16:02 GMT
content-encoding: gzip
last-modified: Tue, 19 Mar 2019 06:24:30 GMT
server: ECS (ska/F709)
age: 7626
etag: W/"8ba4-5c908b1e"
vary: Accept-Encoding
x-cache: HIT
content-type: application/font-woff2; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=157680000
accept-ranges: bytes
content-length: 35757
expires: Sun, 28 Aug 2022 11:16:02 GMT

GET
H2 200 VerizonNHGeTX-Bold.woff2
scache2.vzw.com/globalnav/fonts/verizon-nhg/ 32 KB
32 KB 366ms
28ms Font
application/font-woff2 68.232.35.163
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://scache2.vzw.com/globalnav/fonts/verizon-nhg/VerizonNHGeTX-Bold.woff2

Requested by

Host: accounts.prodserv-01.xyz
URL: https://accounts.prodserv-01.xyz/css/core.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

68.232.35.163 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (ska/F71C) /

Resource Hash

0d922e12d77d7e2dfe5b43635c673b74067de3d17511ecea679afdf76063bddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Origin: https://accounts.prodserv-01.xyz
Referer: https://accounts.prodserv-01.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 11:16:02 GMT
content-encoding: gzip
last-modified: Tue, 19 Mar 2019 06:24:29 GMT
server: ECS (ska/F71C)
age: 10357
etag: W/"8054-5c908b1d"
vary: Accept-Encoding
x-cache: HIT
content-type: application/font-woff2; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=157680000
accept-ranges: bytes
content-length: 32875
expires: Sun, 28 Aug 2022 11:16:02 GMT

GET
H2 200 VerizonNHGeTX-Regular.woff2
scache1.vzw.com/globalnav/fonts/verizon-nhg/ 31 KB
31 KB 403ms
66ms Font
application/font-woff2 68.232.35.163
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://scache1.vzw.com/globalnav/fonts/verizon-nhg/VerizonNHGeTX-Regular.woff2

Requested by

Host: accounts.prodserv-01.xyz
URL: https://accounts.prodserv-01.xyz/css/core.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

68.232.35.163 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (ska/F6FC) /

Resource Hash

3c0c9f13341bd7c8010524f1578edd07b1cc5704d7904c6bcd4e5afaccff80fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Origin: https://accounts.prodserv-01.xyz
Referer: https://accounts.prodserv-01.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 11:16:02 GMT
content-encoding: gzip
last-modified: Tue, 19 Mar 2019 06:24:29 GMT
server: ECS (ska/F6FC)
age: 5408
etag: W/"7a3c-5c908b1d"
vary: Accept-Encoding
x-cache: HIT
content-type: application/font-woff2; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=157680000
accept-ranges: bytes
content-length: 31313
expires: Sun, 28 Aug 2022 11:16:02 GMT

GET
H2 200 VerizonNHGeDS-Bold.woff2
scache2.vzw.com/globalnav/fonts/verizon-nhg/ 37 KB
37 KB 401ms
64ms Font
application/font-woff2 68.232.35.163
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://scache2.vzw.com/globalnav/fonts/verizon-nhg/VerizonNHGeDS-Bold.woff2

Requested by

Host: accounts.prodserv-01.xyz
URL: https://accounts.prodserv-01.xyz/css/core.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

68.232.35.163 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (ska/F713) /

Resource Hash

aded2610b3bb037512ff9466dd5a722a87ecf42447277ba4ce42c8aa248c3fe7

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Origin: https://accounts.prodserv-01.xyz
Referer: https://accounts.prodserv-01.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 11:16:02 GMT
content-encoding: gzip
last-modified: Tue, 19 Mar 2019 06:24:30 GMT
server: ECS (ska/F713)
age: 24532
etag: W/"948c-5c908b1e"
vary: Accept-Encoding
x-cache: HIT
content-type: application/font-woff2; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=157680000
accept-ranges: bytes
content-length: 38025
expires: Sun, 28 Aug 2022 11:16:02 GMT

GET
H/1.1 404
Not Found NHaasGroteskDSW02-75Bd.woff2
accounts.prodserv-01.xyz/css/ 0
0 246ms
245ms Font
text/html 66.29.143.229
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.prodserv-01.xyz/css/NHaasGroteskDSW02-75Bd.woff2
Requested by: Host: accounts.prodserv-01.xyz
URL: https://accounts.prodserv-01.xyz/css/loginEntry.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.29.143.229 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://accounts.prodserv-01.xyz
Accept-Encoding: gzip, deflate, br
Host: accounts.prodserv-01.xyz
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://accounts.prodserv-01.xyz/css/loginEntry.css
Connection: keep-alive
Origin: https://accounts.prodserv-01.xyz
Referer: https://accounts.prodserv-01.xyz/css/loginEntry.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 28 Aug 2021 11:16:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 273
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK NeueHaasGroteskText55Roman.woff
accounts.prodserv-01.xyz/css/ 43 KB
44 KB 263ms
262ms Font
font/woff 66.29.143.229
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.prodserv-01.xyz/css/NeueHaasGroteskText55Roman.woff
Requested by: Host: accounts.prodserv-01.xyz
URL: https://accounts.prodserv-01.xyz/css/loginEntry.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.29.143.229 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 1f689953c0c5d35f16fa360279c0197c46aa06c0e0b94f074cfcd9273a959197

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://accounts.prodserv-01.xyz
Accept-Encoding: gzip, deflate, br
Host: accounts.prodserv-01.xyz
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://accounts.prodserv-01.xyz/css/loginEntry.css
Connection: keep-alive
Origin: https://accounts.prodserv-01.xyz
Referer: https://accounts.prodserv-01.xyz/css/loginEntry.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 28 Aug 2021 11:16:02 GMT
Last-Modified: Sun, 21 Mar 2021 17:57:22 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "ade7-5be0fae52c480"
Content-Type: font/woff
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 44519

GET
DATA 200
OK truncated
/ 13 KB
13 KB Font
application/x-font-ttf

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d48432efd28dce9142556050d58ee8f6b5de47d945aeb81f4625f1d654138a76

Request headers

Origin: https://accounts.prodserv-01.xyz
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: application/x-font-ttf;charset=utf-8

GET
H/1.1 200
OK VerizonNHGDS-Regular.otf
accounts.prodserv-01.xyz/css/ 49 KB
49 KB 455ms
455ms Font
font/ttf 66.29.143.229
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.prodserv-01.xyz/css/VerizonNHGDS-Regular.otf
Requested by: Host: accounts.prodserv-01.xyz
URL: https://accounts.prodserv-01.xyz/css/loginEntry.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.29.143.229 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: ca3b63b3ac8421316e0ff8bdfa6a6622add89fc42549e2764441c8f36bd9ed5a

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://accounts.prodserv-01.xyz
Accept-Encoding: gzip, deflate, br
Host: accounts.prodserv-01.xyz
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://accounts.prodserv-01.xyz/css/loginEntry.css
Connection: keep-alive
Origin: https://accounts.prodserv-01.xyz
Referer: https://accounts.prodserv-01.xyz/css/loginEntry.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 28 Aug 2021 11:16:02 GMT
Last-Modified: Sun, 21 Mar 2021 17:58:40 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "c44c-5be0fb2f8f400"
Content-Type: font/ttf
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 50252

GET
DATA 200
OK truncated
/ 250 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ee5afbccb1751e863ec29c5af045f8d45b9c3ed872ee147f30b86574bcad8815

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK NHaasGroteskDSW02-75Bd.woff
accounts.prodserv-01.xyz/css/ 79 KB
79 KB 247ms
246ms Font
font/woff 66.29.143.229
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.prodserv-01.xyz/css/NHaasGroteskDSW02-75Bd.woff
Requested by: Host: accounts.prodserv-01.xyz
URL: https://accounts.prodserv-01.xyz/css/loginEntry.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.29.143.229 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 71884ffe09db20f39d293365a038787b9377252793a66ee1a4266f6c63dbfc03

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://accounts.prodserv-01.xyz
Accept-Encoding: gzip, deflate, br
Host: accounts.prodserv-01.xyz
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://accounts.prodserv-01.xyz/css/loginEntry.css
Connection: keep-alive
Origin: https://accounts.prodserv-01.xyz
Referer: https://accounts.prodserv-01.xyz/css/loginEntry.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 28 Aug 2021 11:16:02 GMT
Last-Modified: Sun, 21 Mar 2021 17:54:06 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "13a9f-5be0fa2a40b80"
Content-Type: font/woff
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 80543

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Verizon (Telecommunication)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.prodserv-01.xyz
scache1.vzw.com
scache2.vzw.com
66.29.143.229
68.232.35.163
0d922e12d77d7e2dfe5b43635c673b74067de3d17511ecea679afdf76063bddc
1ce30f1838fdf77351ff41ff8f94d4aac96e98331feac01b14338e5a7f7b1a32
1e5d7bff8f738a2efc7ea784800347e5e1f83a530abb3389ce7f07c3cc335e51
1f689953c0c5d35f16fa360279c0197c46aa06c0e0b94f074cfcd9273a959197
2108c2651af1ac3f437a0d066c84e65204b87ccfff904872d83f2c2b22733c58
319651f63a5ab5a601c3a881e844bec7b4dd9911633113a493b04202ffc94ed0
3c0c9f13341bd7c8010524f1578edd07b1cc5704d7904c6bcd4e5afaccff80fd
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
71884ffe09db20f39d293365a038787b9377252793a66ee1a4266f6c63dbfc03
732fc80eb20d1847b4937ee1934f8a8def22817fa40b46d26c4df7013e13f697
784cbd03f4bdf5bba044dc00a0617e5e181207a459eaf5e3cce202fb72630280
8c2812ded6436715279f8fd8db58de307aa39ab0296fe3cf0e879067c51e9b18
aded2610b3bb037512ff9466dd5a722a87ecf42447277ba4ce42c8aa248c3fe7
ca3b63b3ac8421316e0ff8bdfa6a6622add89fc42549e2764441c8f36bd9ed5a
d48432efd28dce9142556050d58ee8f6b5de47d945aeb81f4625f1d654138a76
d6fa67395861849e050da5ed40fc7b85cace91cfadb8a1f50e4237d1678bf8ed
ea719fbfb40da4689e3382461c9ffcfb278c6764c089c22cb11adb68b3fb6af1
ee5afbccb1751e863ec29c5af045f8d45b9c3ed872ee147f30b86574bcad8815
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
fc3fea59c9400c377216ab925aacc69f072fdd19291afe747c5cedff8095c3e5

accounts.prodserv-01.xyz Open in urlscan Pro 66.29.143.229 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

3 IPs

1 Countries

455 kBTransfer

1025 kBSize

0 Cookies

0 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

0 Cookies

Indicators

accounts.prodserv-01.xyz Open in urlscan Pro
66.29.143.229 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

455 kB
Transfer

1025 kB
Size

0
Cookies

19 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!