URL: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Submission: On July 09 via automatic, source openphish

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 18 HTTP transactions. The main IP is 108.179.217.16, located in Houston, United States and belongs to CYRUSONE - CyrusOne LLC, US. The main domain is gthltools.com.
This is the only time gthltools.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: USAA (Banking)

Domain & IP information

IP Address AS Autonomous System
3 108.179.217.16 20013 (CYRUSONE)
14 172.227.84.143 16625 (AKAMAI-AS)
1 2a03:6f00:1::... 9123 (TIMEWEB-AS)
18 3
Apex Domain
Subdomains
Transfer
14 usaa.com
content.usaa.com
153 KB
3 gthltools.com
gthltools.com
39 KB
1 konyakov.ru
konyakov.ru
18 3
Domain Requested by
14 content.usaa.com gthltools.com
3 gthltools.com gthltools.com
1 konyakov.ru gthltools.com
18 3

This site contains links to these domains. Also see Links.

Domain
www.usaa.com
Subject Issuer Validity Valid
www.usaa.com
Symantec Class 3 EV SSL CA - G3
2017-01-31 -
2018-03-01
a year crt.sh
konyakov.ru
Let's Encrypt Authority X3
2017-05-08 -
2017-08-06
3 months crt.sh

This page contains 1 frames:

Primary Page: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Frame ID: 12199.1
Requests: 18 HTTP requests in this frame

Screenshot


Page Statistics

18
Requests

83 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

192 kB
Transfer

365 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request 3
  • http://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js
  • https://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js

18 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request verify.php
gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/
39 KB
39 KB
Document
General
Full URL
http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Protocol
HTTP/1.1
Server
108.179.217.16 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS
server.indianfzoo.com
Software
Apache /
Resource Hash
fef2fe5a2d0562122696bcd00cd516669674a110cc36a7b6dc44284fc53d550f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Sun, 09 Jul 2017 02:34:16 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
styles_member.css
content.usaa.com/mcontent/static_assets/Includes/
229 KB
61 KB
Stylesheet
General
Full URL
https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
Requested by
Host: gthltools.com
URL: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.227.84.143 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a172-227-84-143.deploy.static.akamaitechnologies.com
Software
USAA-Honesty /
Resource Hash
cf917e6584c25268532088c8b75a43c19b25f48698acdde6322dacda3bacac17
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Sun, 09 Jul 2017 02:34:16 GMT
content-encoding
gzip
last-modified
Thu, 02 Mar 2017 16:39:30 GMT
server
USAA-Honesty
etag
"394fc-549c212b6b480"
vary
Accept-Encoding
p3p
policyref="https://www.usaa.com/w3c/USAA_Full_P3P_Policy.xml", CP="IDC DSP COR CUR ADM DEV CUS DEV PSA IVA CON HIS TEL OPT OUR SAM IND PRE"
status
200
cache-control
max-age=559074
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-type
text/css
content-length
62237
cp_help_popup.js
gthltools.com/javascript/
0
0
Script
General
Full URL
http://gthltools.com/javascript/cp_help_popup.js?cacheid=1480593172
Requested by
Host: gthltools.com
URL: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Protocol
HTTP/1.1
Server
108.179.217.16 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS
server.indianfzoo.com
Software
Apache /
Resource Hash

Request headers

Referer
http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Sun, 09 Jul 2017 02:34:16 GMT
Server
Apache
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
74
Content-Type
text/html
cp_std.js
gthltools.com/javascript/
0
0
Script
General
Full URL
http://gthltools.com/javascript/cp_std.js?cacheid=1367496106
Requested by
Host: gthltools.com
URL: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Protocol
HTTP/1.1
Server
108.179.217.16 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS
server.indianfzoo.com
Software
Apache /
Resource Hash

Request headers

Referer
http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Sun, 09 Jul 2017 02:34:16 GMT
Server
Apache
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
74
Content-Type
text/html
gen_validatorv4.js
konyakov.ru/pubs/js/javascript_form/
Redirect Chain
  • http://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js
  • https://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js
0
0
Script
General
Full URL
https://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js
Requested by
Host: gthltools.com
URL: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a03:6f00:1::5c35:605e , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software
nginx/1.12.0 / PHP/5.6.30
Resource Hash

Request headers

Referer
http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Sun, 09 Jul 2017 02:34:17 GMT
Content-Encoding
gzip
Server
nginx/1.12.0
X-Powered-By
PHP/5.6.30
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate
Transfer-Encoding
chunked
Connection
keep-alive
Link
<https://konyakov.ru/wp-json/>; rel="https://api.w.org/"
Expires
Wed, 11 Jan 1984 05:00:00 GMT

Redirect headers

Location
https://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js
Date
Sun, 09 Jul 2017 02:34:17 GMT
Server
nginx/1.12.0
Connection
keep-alive
Content-Length
161
Content-Type
text/html
logo.gif
content.usaa.com/mcontent/static_assets/Media/
939 B
957 B
Image
General
Full URL
https://content.usaa.com/mcontent/static_assets/Media/logo.gif?cacheid=2017356039
Requested by
Host: gthltools.com
URL: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.227.84.143 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a172-227-84-143.deploy.static.akamaitechnologies.com
Software
USAA-Honesty /
Resource Hash
fffd476414b0ee0dbed2113d4bd85a2139316998339b9bcfb2017273670e068b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Sun, 09 Jul 2017 02:34:16 GMT
last-modified
Wed, 18 Sep 2013 18:36:35 GMT
server
USAA-Honesty
etag
"3ab-4e6acb78bd2c0"
strict-transport-security
max-age=31536000
content-type
image/gif
status
200
cache-control
max-age=543084
accept-ranges
bytes
content-length
939
navHomeActive.gif
content.usaa.com/mcontent/static_assets/Media/
2 KB
2 KB
Image
General
Full URL
https://content.usaa.com/mcontent/static_assets/Media/navHomeActive.gif?cacheid=2545320478
Requested by
Host: gthltools.com
URL: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.227.84.143 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a172-227-84-143.deploy.static.akamaitechnologies.com
Software
USAA-Honesty /
Resource Hash
4b84ff7250d75fb3e9340e2427c05dfd91c7c570755d5db1c9ce4029656373c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Sun, 09 Jul 2017 02:34:16 GMT
last-modified
Wed, 18 Sep 2013 18:36:36 GMT
server
USAA-Honesty
etag
"740-4e6acb79b1500"
strict-transport-security
max-age=31536000
content-type
image/gif
status
200
cache-control
max-age=559068
accept-ranges
bytes
content-length
1856
navBecomeAMember.gif
content.usaa.com/mcontent/static_assets/Media/
3 KB
3 KB
Image
General
Full URL
https://content.usaa.com/mcontent/static_assets/Media/navBecomeAMember.gif?cacheid=3489125172
Requested by
Host: gthltools.com
URL: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.227.84.143 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a172-227-84-143.deploy.static.akamaitechnologies.com
Software
USAA-Honesty /
Resource Hash
605a9493ce7d174eec486de8febf29f2c9c4d532ee60928becfbfc3d43f5a75d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Sun, 09 Jul 2017 02:34:17 GMT
last-modified
Wed, 18 Sep 2013 18:36:36 GMT
server
USAA-Honesty
etag
"d1e-4e6acb79b1500"
strict-transport-security
max-age=31536000
content-type
image/gif
status
200
cache-control
max-age=559077
accept-ranges
bytes
content-length
3358
navProducts.gif
content.usaa.com/mcontent/static_assets/Media/
3 KB
3 KB
Image
General
Full URL
https://content.usaa.com/mcontent/static_assets/Media/navProducts.gif?cacheid=1297678753
Requested by
Host: gthltools.com
URL: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.227.84.143 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a172-227-84-143.deploy.static.akamaitechnologies.com
Software
USAA-Integrity /
Resource Hash
154406c4b4526e7c37b144bd7252e740779ecdbd243dfb90847f7b8ab76bcb1a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Sun, 09 Jul 2017 02:34:17 GMT
last-modified
Wed, 18 Sep 2013 18:32:28 GMT
server
USAA-Integrity
etag
"dc0-4e6aca8d2e700"
strict-transport-security
max-age=31536000
content-type
image/gif
status
200
cache-control
max-age=559034
accept-ranges
bytes
content-length
3520
navAdvice.gif
content.usaa.com/mcontent/static_assets/Media/
3 KB
3 KB
Image
General
Full URL
https://content.usaa.com/mcontent/static_assets/Media/navAdvice.gif?cacheid=3226499640
Requested by
Host: gthltools.com
URL: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.227.84.143 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a172-227-84-143.deploy.static.akamaitechnologies.com
Software
USAA-Integrity /
Resource Hash
458e9ad7e6fb54020f8b8a8a12b60a1bd39fb0b1a3589e5a9de17a4b4acef577
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Sun, 09 Jul 2017 02:34:17 GMT
last-modified
Wed, 18 Sep 2013 18:32:27 GMT
server
USAA-Integrity
etag
"ac2-4e6aca8c3a4c0"
strict-transport-security
max-age=31536000
content-type
image/gif
status
200
cache-control
max-age=559042
accept-ranges
bytes
content-length
2754
g_transparent.gif
content.usaa.com/mcontent/static_assets/Media/
43 B
61 B
Image
General
Full URL
https://content.usaa.com/mcontent/static_assets/Media/g_transparent.gif?cacheid=3007383100
Requested by
Host: gthltools.com
URL: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.227.84.143 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a172-227-84-143.deploy.static.akamaitechnologies.com
Software
USAA-Integrity /
Resource Hash
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Sun, 09 Jul 2017 02:34:17 GMT
last-modified
Sun, 15 Sep 2013 17:27:35 GMT
server
USAA-Integrity
etag
"2b-4e66f67424fc0"
strict-transport-security
max-age=31536000
content-type
image/gif
status
200
cache-control
max-age=559093
accept-ranges
bytes
content-length
43
styles_member_print.css
content.usaa.com/mcontent/static_assets/Includes/
7 KB
2 KB
Stylesheet
General
Full URL
https://content.usaa.com/mcontent/static_assets/Includes/styles_member_print.css?cacheid=2197796005
Requested by
Host: gthltools.com
URL: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.227.84.143 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a172-227-84-143.deploy.static.akamaitechnologies.com
Software
USAA-Integrity /
Resource Hash
ce83e2946576f73af8c783ee5b17b2a7019dda1d98bae6979a4545f340612a09
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Sun, 09 Jul 2017 02:34:17 GMT
content-encoding
gzip
last-modified
Wed, 27 Aug 2014 14:11:15 GMT
server
USAA-Integrity
etag
"1da3-5019cfe3586c0"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=559380
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
2415
background_general_fb.png
content.usaa.com/mcontent/static_assets/Media/
3 KB
3 KB
Image
General
Full URL
https://content.usaa.com/mcontent/static_assets/Media/background_general_fb.png
Requested by
Host: gthltools.com
URL: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.227.84.143 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a172-227-84-143.deploy.static.akamaitechnologies.com
Software
USAA-Integrity /
Resource Hash
e2e04a8e937f5b74a4c50cb7592a8e0bba54b40818d44e43ffd5c40c6b4fe72a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Sun, 09 Jul 2017 02:34:17 GMT
last-modified
Mon, 16 Sep 2013 11:24:14 GMT
server
USAA-Integrity
etag
"b13-4e67e71a8d380"
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
max-age=542657
accept-ranges
bytes
content-length
2835
usaa-sprite-globalNav_v2.png
content.usaa.com/mcontent/static_assets/Media/
56 KB
56 KB
Image
General
Full URL
https://content.usaa.com/mcontent/static_assets/Media/usaa-sprite-globalNav_v2.png?cacheid=201011301710
Requested by
Host: gthltools.com
URL: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.227.84.143 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a172-227-84-143.deploy.static.akamaitechnologies.com
Software
USAA-Integrity /
Resource Hash
522a5fe0b1921acbaa0925b2a50fa141b0719797d5c552ffc150415c7c44d23b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Sun, 09 Jul 2017 02:34:17 GMT
last-modified
Fri, 13 Feb 2015 21:43:34 GMT
server
USAA-Integrity
etag
"e14a-50eff20d78d80"
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
max-age=542662
accept-ranges
bytes
content-length
57674
vh_navBG.gif
content.usaa.com/mcontent/static_assets/Media/
547 B
565 B
Image
General
Full URL
https://content.usaa.com/mcontent/static_assets/Media/vh_navBG.gif
Requested by
Host: gthltools.com
URL: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.227.84.143 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a172-227-84-143.deploy.static.akamaitechnologies.com
Software
USAA-Integrity /
Resource Hash
1d8dd235b4f8111a5735ac6ba96b29a3dfb2850ce00fb202a88a8fd5174f8215
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Sun, 09 Jul 2017 02:34:17 GMT
last-modified
Sun, 15 Sep 2013 20:02:41 GMT
server
USAA-Integrity
etag
"223-4e67191f09a40"
strict-transport-security
max-age=31536000
content-type
image/gif
status
200
cache-control
max-age=552732
accept-ranges
bytes
content-length
547
bgRightColWrapper.gif
content.usaa.com/mcontent/static_assets/Media/
89 B
107 B
Image
General
Full URL
https://content.usaa.com/mcontent/static_assets/Media/bgRightColWrapper.gif
Requested by
Host: gthltools.com
URL: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.227.84.143 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a172-227-84-143.deploy.static.akamaitechnologies.com
Software
USAA-Integrity /
Resource Hash
a1ad84a27b9eb878f2f2c0507b98592d9bb849014c7b989d78e4d04599b65516
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Sun, 09 Jul 2017 02:34:17 GMT
last-modified
Sun, 15 Sep 2013 18:25:39 GMT
server
USAA-Integrity
etag
"59-4e67036ebeec0"
strict-transport-security
max-age=31536000
content-type
image/gif
status
200
cache-control
max-age=542542
accept-ranges
bytes
content-length
89
misc_nav_ctaButtonSpriteV1.png
content.usaa.com/mcontent/static_assets/Media/
11 KB
11 KB
Image
General
Full URL
https://content.usaa.com/mcontent/static_assets/Media/misc_nav_ctaButtonSpriteV1.png
Requested by
Host: gthltools.com
URL: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.227.84.143 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a172-227-84-143.deploy.static.akamaitechnologies.com
Software
USAA-Integrity /
Resource Hash
5db7cec2666ed4b479df4c975a28bf84716c09f4a2bcfdafd3c628f49d3f5790
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Sun, 09 Jul 2017 02:34:17 GMT
last-modified
Fri, 18 Apr 2014 13:44:10 GMT
server
USAA-Integrity
etag
"2a1c-4f7515823de80"
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
max-age=542611
accept-ranges
bytes
content-length
10780
iconMemberMd_sprite_06142008.png
content.usaa.com/mcontent/static_assets/Media/
7 KB
7 KB
Image
General
Full URL
https://content.usaa.com/mcontent/static_assets/Media/iconMemberMd_sprite_06142008.png
Requested by
Host: gthltools.com
URL: http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.227.84.143 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a172-227-84-143.deploy.static.akamaitechnologies.com
Software
USAA-Integrity /
Resource Hash
296dbc9d6e1ce1324e9decaca34a29285ee1c273daf46170ad23225121b5c4ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://content.usaa.com/mcontent/static_assets/Includes/styles_member.css?cacheid=3300966365
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Sun, 09 Jul 2017 02:34:17 GMT
last-modified
Mon, 16 Sep 2013 07:53:52 GMT
server
USAA-Integrity
etag
"1b0b-4e67b81546400"
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
max-age=542965
accept-ranges
bytes
content-length
6923

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: USAA (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies