gthltools.com
Open in
urlscan Pro
108.179.217.16
Malicious Activity!
Public Scan
Submission: On July 09 via automatic, source openphish
Summary
This is the only time gthltools.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: USAA (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 108.179.217.16 108.179.217.16 | 20013 (CYRUSONE) (CYRUSONE - CyrusOne LLC) | |
14 | 172.227.84.143 172.227.84.143 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 | 2a03:6f00:1::... 2a03:6f00:1::5c35:605e | 9123 (TIMEWEB-AS) (TIMEWEB-AS) | |
18 | 3 |
ASN20013 (CYRUSONE - CyrusOne LLC, US)
PTR: server.indianfzoo.com
gthltools.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a172-227-84-143.deploy.static.akamaitechnologies.com
content.usaa.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
usaa.com
content.usaa.com |
153 KB |
3 |
gthltools.com
gthltools.com |
39 KB |
1 |
konyakov.ru
konyakov.ru |
|
18 | 3 |
Domain | Requested by | |
---|---|---|
14 | content.usaa.com |
gthltools.com
|
3 | gthltools.com |
gthltools.com
|
1 | konyakov.ru |
gthltools.com
|
18 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.usaa.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.usaa.com Symantec Class 3 EV SSL CA - G3 |
2017-01-31 - 2018-03-01 |
a year | crt.sh |
konyakov.ru Let's Encrypt Authority X3 |
2017-05-08 - 2017-08-06 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/verify.php
Frame ID: 12199.1
Requests: 18 HTTP requests in this frame
9 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Log On
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: USAA Privacy Promise
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request 3- http://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js
- https://konyakov.ru/pubs/js/javascript_form/gen_validatorv4.js
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
verify.php
gthltools.com/97a9a2177f4fc2777ab1ddabd3cd724c/Love/ |
39 KB 39 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
styles_member.css
content.usaa.com/mcontent/static_assets/Includes/ |
229 KB 61 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cp_help_popup.js
gthltools.com/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cp_std.js
gthltools.com/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gen_validatorv4.js
konyakov.ru/pubs/js/javascript_form/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
logo.gif
content.usaa.com/mcontent/static_assets/Media/ |
939 B 957 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
navHomeActive.gif
content.usaa.com/mcontent/static_assets/Media/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
navBecomeAMember.gif
content.usaa.com/mcontent/static_assets/Media/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
navProducts.gif
content.usaa.com/mcontent/static_assets/Media/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
navAdvice.gif
content.usaa.com/mcontent/static_assets/Media/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
g_transparent.gif
content.usaa.com/mcontent/static_assets/Media/ |
43 B 61 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
styles_member_print.css
content.usaa.com/mcontent/static_assets/Includes/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
background_general_fb.png
content.usaa.com/mcontent/static_assets/Media/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
usaa-sprite-globalNav_v2.png
content.usaa.com/mcontent/static_assets/Media/ |
56 KB 56 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
vh_navBG.gif
content.usaa.com/mcontent/static_assets/Media/ |
547 B 565 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
bgRightColWrapper.gif
content.usaa.com/mcontent/static_assets/Media/ |
89 B 107 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
misc_nav_ctaButtonSpriteV1.png
content.usaa.com/mcontent/static_assets/Media/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
iconMemberMd_sprite_06142008.png
content.usaa.com/mcontent/static_assets/Media/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: USAA (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
content.usaa.com
gthltools.com
konyakov.ru
108.179.217.16
172.227.84.143
2a03:6f00:1::5c35:605e
154406c4b4526e7c37b144bd7252e740779ecdbd243dfb90847f7b8ab76bcb1a
1d8dd235b4f8111a5735ac6ba96b29a3dfb2850ce00fb202a88a8fd5174f8215
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
296dbc9d6e1ce1324e9decaca34a29285ee1c273daf46170ad23225121b5c4ec
458e9ad7e6fb54020f8b8a8a12b60a1bd39fb0b1a3589e5a9de17a4b4acef577
4b84ff7250d75fb3e9340e2427c05dfd91c7c570755d5db1c9ce4029656373c8
522a5fe0b1921acbaa0925b2a50fa141b0719797d5c552ffc150415c7c44d23b
5db7cec2666ed4b479df4c975a28bf84716c09f4a2bcfdafd3c628f49d3f5790
605a9493ce7d174eec486de8febf29f2c9c4d532ee60928becfbfc3d43f5a75d
a1ad84a27b9eb878f2f2c0507b98592d9bb849014c7b989d78e4d04599b65516
ce83e2946576f73af8c783ee5b17b2a7019dda1d98bae6979a4545f340612a09
cf917e6584c25268532088c8b75a43c19b25f48698acdde6322dacda3bacac17
e2e04a8e937f5b74a4c50cb7592a8e0bba54b40818d44e43ffd5c40c6b4fe72a
fef2fe5a2d0562122696bcd00cd516669674a110cc36a7b6dc44284fc53d550f
fffd476414b0ee0dbed2113d4bd85a2139316998339b9bcfb2017273670e068b