spingauth.runspecs.com Open in urlscan Pro
45.133.200.3  Malicious Activity! Public Scan

Submitted URL: https://storage.googleapis.com/tiggeruno/tiggers.html
Effective URL: https://spingauth.runspecs.com/
Submission: On January 27 via manual from US — Scanned from DE

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 10 HTTP transactions. The main IP is 45.133.200.3, located in Seychelles and belongs to INTERNET-IT, SC. The main domain is spingauth.runspecs.com.
TLS certificate: Issued by R3 on January 27th 2022. Valid for: 3 months.
This is the only time spingauth.runspecs.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Spectrum (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 2a00:1450:400... 15169 (GOOGLE)
1 45.133.200.3 200313 (INTERNET-IT)
6 44.199.24.139 14618 (AMAZON-AES)
10 4
Apex Domain
Subdomains
Transfer
6 spectrum.net
webmail.spectrum.net — Cisco Umbrella Rank: 72238
244 KB
1 runspecs.com
spingauth.runspecs.com
2 KB
1 googleapis.com
storage.googleapis.com — Cisco Umbrella Rank: 425
805 B
0 cloudfront.net Failed
d1ff979u6gd5fc.cloudfront.net Failed
10 4
Domain Requested by
6 webmail.spectrum.net spingauth.runspecs.com
1 spingauth.runspecs.com
1 storage.googleapis.com
0 d1ff979u6gd5fc.cloudfront.net Failed webmail.spectrum.net
10 4
Subject Issuer Validity Valid
*.storage.googleapis.com
GTS CA 1C3
2021-12-27 -
2022-03-21
3 months crt.sh
www.spingauth.runspecs.com
R3
2022-01-27 -
2022-04-27
3 months crt.sh
*.spectrum.net
Amazon
2021-06-07 -
2022-07-06
a year crt.sh

This page contains 1 frames:

Primary Page: https://spingauth.runspecs.com/
Frame ID: B77E8942FA86CEDA45CF34D46457D037
Requests: 10 HTTP requests in this frame

Screenshot

Page Title

Log In - Webmail

Page URL History Show full URLs

  1. https://storage.googleapis.com/tiggeruno/tiggers.html Page URL
  2. https://spingauth.runspecs.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

80 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

246 kB
Transfer

246 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://storage.googleapis.com/tiggeruno/tiggers.html Page URL
  2. https://spingauth.runspecs.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
tiggers.html
storage.googleapis.com/tiggeruno/
226 B
805 B
Document
General
Full URL
https://storage.googleapis.com/tiggeruno/tiggers.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
678c5ee522bff7ff7a0981245f1b3c062585d319e3dc0cf2f06f1d66d790aaef

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

x-guploader-uploadid
ADPycds_TDGfulBdlShafjvGLSMv64WIj2u5CPhO3a3GI7PputLT-L1TbE9Ov-3A7441Bj8u3QgQaFyJXj9gXnf9ZEU
expires
Thu, 27 Jan 2022 20:36:58 GMT
date
Thu, 27 Jan 2022 19:36:58 GMT
cache-control
public, max-age=3600
last-modified
Thu, 27 Jan 2022 16:21:33 GMT
etag
"24fb3fea4974170442c62f6a0583c760"
x-goog-generation
1643300493906341
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
226
content-type
text/html
x-goog-hash
crc32c=ibTgXQ== md5=JPs/6kl0FwRCxi9qBYPHYA==
x-goog-storage-class
STANDARD
accept-ranges
bytes
content-length
226
server
UploadServer
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Primary Request /
spingauth.runspecs.com/
6 KB
2 KB
Document
General
Full URL
https://spingauth.runspecs.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC),
Reverse DNS
cpanel-host.prohoster.info
Software
nginx / PHP/5.6.40
Resource Hash
933b4a302d1b7d78a35cdb7a58601307f0ee44382f91707f9104b647123f48e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://storage.googleapis.com/

Response headers

server
nginx
date
Thu, 27 Jan 2022 19:36:59 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/5.6.40
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
x-xss-protection
1; mode=block
x-content-type-options
nosniff
x-nginx-upstream-cache-status
MISS
x-server-powered-by
Engintron
content-encoding
gzip
jquery-1.9.1.min.js
webmail.spectrum.net/application/modules/mail/views/scripts/mail/js/
90 KB
91 KB
Script
General
Full URL
https://webmail.spectrum.net/application/modules/mail/views/scripts/mail/js/jquery-1.9.1.min.js?v=2.1.2_3
Requested by
Host: spingauth.runspecs.com
URL: https://spingauth.runspecs.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.199.24.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-199-24-139.compute-1.amazonaws.com
Software
nginx /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spingauth.runspecs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 19:37:00 GMT
last-modified
Mon, 22 Nov 2021 23:13:29 GMT
server
nginx
etag
"619c2419-169d5"
content-type
application/javascript
cache-control
max-age=2592000
accept-ranges
bytes
content-length
92629
expires
Sat, 26 Feb 2022 19:37:00 GMT
login.js
webmail.spectrum.net/application/modules/mail/views/scripts/auth/js/
2 KB
3 KB
Script
General
Full URL
https://webmail.spectrum.net/application/modules/mail/views/scripts/auth/js/login.js?v=2.1.2_3
Requested by
Host: spingauth.runspecs.com
URL: https://spingauth.runspecs.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.199.24.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-199-24-139.compute-1.amazonaws.com
Software
nginx /
Resource Hash
164661dbf5eaeed1f00e417d220424bf968a7776f831a042a41a4a8b538b8992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spingauth.runspecs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 19:37:00 GMT
last-modified
Mon, 22 Nov 2021 23:13:28 GMT
server
nginx
etag
"619c2418-909"
content-type
application/javascript
cache-control
max-age=2592000
accept-ranges
bytes
content-length
2313
expires
Sat, 26 Feb 2022 19:37:00 GMT
spectrum.css
webmail.spectrum.net/application/modules/mail/views/scripts/mail/css/
127 KB
128 KB
Stylesheet
General
Full URL
https://webmail.spectrum.net/application/modules/mail/views/scripts/mail/css/spectrum.css?v=2.1.2_3
Requested by
Host: spingauth.runspecs.com
URL: https://spingauth.runspecs.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.199.24.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-199-24-139.compute-1.amazonaws.com
Software
nginx /
Resource Hash
b5d9d0bcbd16baa63ee4dc99794948f69487ccf6fc4daa23b20827f83f4ef88e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spingauth.runspecs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 19:37:00 GMT
last-modified
Mon, 22 Nov 2021 23:13:28 GMT
server
nginx
etag
"619c2418-1fd50"
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
content-length
130384
expires
Sat, 26 Feb 2022 19:37:00 GMT
login.css
webmail.spectrum.net/application/modules/mail/views/scripts/auth/css/
6 KB
6 KB
Stylesheet
General
Full URL
https://webmail.spectrum.net/application/modules/mail/views/scripts/auth/css/login.css?v=2.1.2_3
Requested by
Host: spingauth.runspecs.com
URL: https://spingauth.runspecs.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.199.24.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-199-24-139.compute-1.amazonaws.com
Software
nginx /
Resource Hash
0e7844897e2ad91585d7ae76659691df8b8044fd2d92979b007997a13816d0a3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spingauth.runspecs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 19:37:00 GMT
last-modified
Mon, 22 Nov 2021 23:13:28 GMT
server
nginx
etag
"619c2418-1683"
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
content-length
5763
expires
Sat, 26 Feb 2022 19:37:00 GMT
rutledge.css
webmail.spectrum.net/application/modules/mail/views/scripts/mail/css/
5 KB
5 KB
Stylesheet
General
Full URL
https://webmail.spectrum.net/application/modules/mail/views/scripts/mail/css/rutledge.css?v=2.1.2_3
Requested by
Host: spingauth.runspecs.com
URL: https://spingauth.runspecs.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.199.24.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-199-24-139.compute-1.amazonaws.com
Software
nginx /
Resource Hash
d0ccab8c62e3914173619ccb183a8bbe6df396a5e7bc788c8c28c1f7b2182d66

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spingauth.runspecs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 19:37:00 GMT
last-modified
Mon, 22 Nov 2021 23:13:28 GMT
server
nginx
etag
"619c2418-138f"
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
content-length
5007
expires
Sat, 26 Feb 2022 19:37:00 GMT
spectrum-logo.svg
webmail.spectrum.net/application/modules/mail/views/scripts/mail/images/logos/
10 KB
10 KB
Image
General
Full URL
https://webmail.spectrum.net/application/modules/mail/views/scripts/mail/images/logos/spectrum-logo.svg?v=2.1.2_3
Requested by
Host: spingauth.runspecs.com
URL: https://spingauth.runspecs.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.199.24.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-199-24-139.compute-1.amazonaws.com
Software
nginx /
Resource Hash
059197cdfcc9b8f79681f308720087c5e803bd1ac207fe501f99ed3fd1778088

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spingauth.runspecs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 19:37:00 GMT
last-modified
Mon, 22 Nov 2021 23:13:28 GMT
server
nginx
etag
"619c2418-277b"
content-type
image/svg+xml
cache-control
max-age=2592000
accept-ranges
bytes
content-length
10107
expires
Sat, 26 Feb 2022 19:37:00 GMT
rutledge-light.woff
d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/light/
0
0

rutledge-medium.woff
d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/medium/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
d1ff979u6gd5fc.cloudfront.net
URL
https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/light/rutledge-light.woff
Domain
d1ff979u6gd5fc.cloudfront.net
URL
https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/medium/rutledge-medium.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Spectrum (Telecommunication)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| LoginForm function| Hoh object| loginForm object| hoh

2 Cookies

Domain/Path Name / Value
spingauth.runspecs.com/ Name: PHPSESSID
Value: cnhidq8420kul7fcgqv2337t47
webmail.spectrum.net/ Name: AWSALBCORS
Value: vYKqECloyff6WHCLq7AMLngkPx4xl2e054/85d+AfY3IBhGAaH4+YXyIhDnM0HtDUiamBg54LAqNoTiQzPEevhtxMx7Rgvc8PNr5V9iGq/GwTD8PJy1rFmOXBTWG

4 Console Messages

Source Level URL
Text
javascript error URL: https://spingauth.runspecs.com/
Message:
Access to font at 'https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/light/rutledge-light.woff' from origin 'https://spingauth.runspecs.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/light/rutledge-light.woff
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://spingauth.runspecs.com/
Message:
Access to font at 'https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/medium/rutledge-medium.woff' from origin 'https://spingauth.runspecs.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/medium/rutledge-medium.woff
Message:
Failed to load resource: net::ERR_FAILED