rdgtech.com Open in urlscan Pro
74.50.0.58 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
Submission: On April 05 via automatic, source openphish (April 5th 2018, 8:06:02 am UTC)

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 15 HTTP transactions. The main IP is 74.50.0.58, located in Anaheim, United States and belongs to ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US. The main domain is rdgtech.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 24th 2018. Valid for: 3 months.

This is the only time rdgtech.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: US Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
8	74.50.0.58 74.50.0.58	15244 (ADDD2NET-...) (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages)
6	52.85.173.66 52.85.173.66	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	54.201.154.10 54.201.154.10	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
15	3

8 74.50.0.58 (Anaheim, United States)

ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US)
PTR: ms012lv.lunarservers.com

rdgtech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.85.173.66 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-173-66.fra6.r.cloudfront.net

cdn.ywxi.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.201.154.10 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-201-154-10.us-west-2.compute.amazonaws.com

www.mcafeesecure.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	rdgtech.com rdgtech.com	22 KB
6	ywxi.net cdn.ywxi.net	49 KB
1	mcafeesecure.com www.mcafeesecure.com	353 B
15	3

	Domain	Requested by
8	rdgtech.com	rdgtech.com
6	cdn.ywxi.net	rdgtech.com cdn.ywxi.net
1	www.mcafeesecure.com	cdn.ywxi.net
15	3

This site contains no links.

Subject Issuer	Validity	Valid
rdgtech.com cPanel, Inc. Certification Authority	`2018-03-24` - `2018-06-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
Frame ID: 6C3D9F3B9D429BBC36EEB112E7B0ACF8
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

15
Requests

53 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

71 kB
Transfer

143 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/ 4 KB
2 KB 241ms
241ms Document
text/html 74.50.0.58
Lunar Pages

General

Check archive.org

Show headers Download Go to

Full URL: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.50.0.58 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US),
Reverse DNS: ms012lv.lunarservers.com
Software: Apache /
Resource Hash: 1aadb83b588aebd6adc92a76254b7d695c1805e9192ba5514c46e1a3020102db

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rdgtech.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control: no-cache
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Thu, 05 Apr 2018 08:05:51 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Connection: Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Length: 1466

GET
H/1.1 200
OK style.css
rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/css/ 10 KB
2 KB 160ms
159ms Stylesheet
text/css 74.50.0.58
Lunar Pages

General

Check archive.org

Show headers Download Go to

Full URL: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/css/style.css
Requested by: Host: rdgtech.com
URL: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.50.0.58 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US),
Reverse DNS: ms012lv.lunarservers.com
Software: Apache /
Resource Hash: 6bb5015df56f0a581708cd4d6e7d5a175ba9078c1a038188cb1d86a4bc1cd8e1

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rdgtech.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
Connection: keep-alive
Cache-Control: no-cache
Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Thu, 05 Apr 2018 08:05:52 GMT
Content-Encoding: gzip
Last-Modified: Fri, 03 Jun 2016 23:26:48 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 2033

GET
H/1.1 200
OK logo.png
rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/images/ 8 KB
8 KB 159ms
158ms Image
image/png 74.50.0.58
Lunar Pages

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/images/logo.png
Requested by: Host: rdgtech.com
URL: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.50.0.58 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US),
Reverse DNS: ms012lv.lunarservers.com
Software: Apache /
Resource Hash: 7a7265f5091d33109a28218b36ca758bc7efa3e6a9fd9df4af7ab9de56849539

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rdgtech.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
Connection: keep-alive
Cache-Control: no-cache
Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Thu, 05 Apr 2018 08:05:52 GMT
Last-Modified: Fri, 03 Jun 2016 23:24:20 GMT
Server: Apache
Vary: User-Agent
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 8010

GET
H/1.1 200
OK icon3.png
rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/images/ 1 KB
1 KB 159ms
158ms Image
image/png 74.50.0.58
Lunar Pages

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/images/icon3.png
Requested by: Host: rdgtech.com
URL: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.50.0.58 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US),
Reverse DNS: ms012lv.lunarservers.com
Software: Apache /
Resource Hash: 69f44920ee566a8cb7fe4a97463c5cd363e5b56ce883da11b29a5f5a3d4ef35b

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rdgtech.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
Connection: keep-alive
Cache-Control: no-cache
Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Thu, 05 Apr 2018 08:05:52 GMT
Last-Modified: Fri, 03 Jun 2016 23:24:30 GMT
Server: Apache
Vary: User-Agent
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 1108

GET
S 200 1.js Show response
cdn.ywxi.net/js/ 226 B
519 B 6ms
6ms Script
text/javascript 52.85.173.66
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ywxi.net/js/1.js

Requested by

Host: rdgtech.com
URL: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/

Protocol

SPDY

Server

52.85.173.66 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-52-85-173-66.fra6.r.cloudfront.net

Software

Apache /

Resource Hash

60f21ce7a455a6aeebd950b11fdf5968161c1fa6d0ef443a648723ed0bf72802

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Thu, 05 Apr 2018 07:28:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Apache
age: 2232
status: 200
x-cache: Hit from cloudfront
content-type: text/javascript; charset=UTF-8
via: 1.1 8ebc2b93de29d9744a950f4930f96579.cloudfront.net (CloudFront)
content-length: 185
x-xss-protection: 1; mode=block
x-amz-cf-id: zZFFiUlAHvCn0WpZniSGdzTB_w3auEplZ1G0d4qT99sZjCcpbvTVfA==
expires: Thu, 05 Apr 2018 08:28:41 GMT

GET
H/1.1 200
OK icon2.png
rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/images/ 1 KB
1 KB 158ms
158ms Image
image/png 74.50.0.58
Lunar Pages

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/images/icon2.png
Requested by: Host: rdgtech.com
URL: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.50.0.58 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US),
Reverse DNS: ms012lv.lunarservers.com
Software: Apache /
Resource Hash: 59937f7bac639e593dc5aed8fa581c3556790f1e06041a4e6bdfabd9e526ccae

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rdgtech.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/css/style.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/css/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Thu, 05 Apr 2018 08:05:52 GMT
Last-Modified: Fri, 03 Jun 2016 23:26:06 GMT
Server: Apache
Vary: User-Agent
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 1150

GET
H/1.1 200
OK bg_top.png
rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/images/ 4 KB
4 KB 159ms
158ms Image
image/png 74.50.0.58
Lunar Pages

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/images/bg_top.png
Requested by: Host: rdgtech.com
URL: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.50.0.58 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US),
Reverse DNS: ms012lv.lunarservers.com
Software: Apache /
Resource Hash: 2fb10240ee76a6df4311725cf04f41a967617686ec0c13f76370ef95351ea1fd

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rdgtech.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/css/style.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/css/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Thu, 05 Apr 2018 08:05:52 GMT
Last-Modified: Fri, 03 Jun 2016 23:24:50 GMT
Server: Apache
Vary: User-Agent
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 3612

GET
H/1.1 200
OK icon1.png
rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/images/ 1 KB
1 KB 152ms
152ms Image
image/png 74.50.0.58
Lunar Pages

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/images/icon1.png
Requested by: Host: rdgtech.com
URL: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.50.0.58 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US),
Reverse DNS: ms012lv.lunarservers.com
Software: Apache /
Resource Hash: f0525e6a7d02b13cc368df16ebc0a62aaed205b669772b2202aedf07fbb7c5b1

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rdgtech.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/css/style.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/css/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Thu, 05 Apr 2018 08:05:52 GMT
Last-Modified: Fri, 03 Jun 2016 23:25:52 GMT
Server: Apache
Vary: User-Agent
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 1114

GET
H/1.1 200
OK us_icon.png
rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/images/ 2 KB
2 KB 152ms
152ms Image
image/png 74.50.0.58
Lunar Pages

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/images/us_icon.png
Requested by: Host: rdgtech.com
URL: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.50.0.58 Anaheim, United States, ASN15244 (ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages, US),
Reverse DNS: ms012lv.lunarservers.com
Software: Apache /
Resource Hash: 423c2b31552be9b70cf6cc29e4638caff4f18ec30b716ac2b9476c04022e4e87

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rdgtech.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/css/style.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/css/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Thu, 05 Apr 2018 08:05:52 GMT
Last-Modified: Fri, 03 Jun 2016 23:24:12 GMT
Server: Apache
Vary: User-Agent
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 1744

GET
S 200 host-loader.js Show response
cdn.ywxi.net/js/ 320 B
579 B 8ms
8ms Script
text/javascript 52.85.173.66
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ywxi.net/js/host-loader.js?h=rdgtech.com

Requested by

Host: cdn.ywxi.net
URL: https://cdn.ywxi.net/js/1.js

Protocol

SPDY

Server

52.85.173.66 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-52-85-173-66.fra6.r.cloudfront.net

Software

Apache /

Resource Hash

c700561ba76db790c8447b26ec1c3aa5bb15108f7e0a83b0d5bcde0263b19854

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Thu, 05 Apr 2018 08:04:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Apache
age: 103
status: 200
x-cache: Hit from cloudfront
content-type: text/javascript; charset=UTF-8
via: 1.1 8ebc2b93de29d9744a950f4930f96579.cloudfront.net (CloudFront)
content-length: 246
x-xss-protection: 1; mode=block
x-amz-cf-id: 1yfQawrR03PsIR8j-zFdWW2vRbKmPJdgvdr8T_okyxGbnGItNIr4MQ==
expires: Thu, 05 Apr 2018 09:04:10 GMT

GET
S 200 host.js Show response
cdn.ywxi.net/js/ 6 KB
2 KB 10ms
10ms Script
text/javascript 52.85.173.66
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ywxi.net/js/host.js?v=20180401071225205652&h=rdgtech.com

Requested by

Host: cdn.ywxi.net
URL: https://cdn.ywxi.net/js/host-loader.js?h=rdgtech.com

Protocol

SPDY

Server

52.85.173.66 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-52-85-173-66.fra6.r.cloudfront.net

Software

Apache /

Resource Hash

b58c2cf93f51c02ddd58abf4252ab334333590dcd3c5d3e4a0626263035a6057

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Thu, 05 Apr 2018 08:04:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Apache
age: 103
status: 200
x-cache: Hit from cloudfront
content-type: text/javascript; charset=UTF-8
via: 1.1 8ebc2b93de29d9744a950f4930f96579.cloudfront.net (CloudFront)
content-length: 2105
x-xss-protection: 1; mode=block
x-amz-cf-id: sYWNHzu4Z8yoJeWw0uVKWNr7KUDcQtP6bzISh6w7kVQVZZSYzUI15g==
expires: Thu, 05 Apr 2018 09:04:10 GMT

GET
S 200 jquery-1.12.4.min.js Show response
cdn.ywxi.net/static/jquery/1.12.4/ 95 KB
33 KB 9ms
9ms Script
application/x-javascript 52.85.173.66
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ywxi.net/static/jquery/1.12.4/jquery-1.12.4.min.js?2

Requested by

Host: cdn.ywxi.net
URL: https://cdn.ywxi.net/js/host.js?v=20180401071225205652&h=rdgtech.com

Protocol

SPDY

Server

52.85.173.66 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-52-85-173-66.fra6.r.cloudfront.net

Software

Apache /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Wed, 17 Jan 2018 19:08:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46616
x-cache: Hit from cloudfront
status: 200
content-length: 33793
x-xss-protection: 1; mode=block
last-modified: Tue, 16 Jan 2018 18:03:54 GMT
server: Apache
etag: "DQa4otN0xdk"
content-type: application/x-javascript; charset=UTF-8
via: 1.1 8ebc2b93de29d9744a950f4930f96579.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
accept-ranges: bytes
x-amz-cf-id: h15gObxi0eZ-ET9G8RqmxXGcYH8qp6ZntLLtXAy4cH9I1dR95mPiGQ==
expires: Thu, 18 Jan 2018 19:08:58 GMT

GET
S 200 ajax Show response
www.mcafeesecure.com/rpc/ 20 B
353 B 180ms
179ms Script
text/javascript 54.201.154.10
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafeesecure.com/rpc/ajax?do=tmjs-visit&siteId=287372&rand=1522915552287

Requested by

Host: cdn.ywxi.net
URL: https://cdn.ywxi.net/js/host.js?v=20180401071225205652&h=rdgtech.com

Protocol

SPDY

Server

54.201.154.10 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-201-154-10.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

f85cbbbd26fadc409bc187436854f7349efc253a28c6c77aef5dcec295ef409d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Thu, 05 Apr 2018 08:05:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Apache
content-type: text/javascript; charset=UTF-8
status: 200
content-length: 40
x-xss-protection: 1; mode=block

GET
S 200 float2-right.png
cdn.ywxi.net/tm/img/ 10 KB
11 KB 13ms
12ms Image
image/png 52.85.173.66
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.ywxi.net/tm/img/float2-right.png?h=rdgtech.com&d=20180405

Requested by

Host: rdgtech.com
URL: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/

Protocol

SPDY

Server

52.85.173.66 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-52-85-173-66.fra6.r.cloudfront.net

Software

Apache /

Resource Hash

a65eb873773994fc6c0c00d18f0dc3d626f74c216ac59701b566dd81a6a7ea33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Thu, 05 Apr 2018 01:50:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Apache
age: 22495
status: 200
x-cache: Hit from cloudfront
content-type: image/png; charset=UTF-8
via: 1.1 8ebc2b93de29d9744a950f4930f96579.cloudfront.net (CloudFront)
cache-control: public, max-age=86400, public
content-length: 10714
x-xss-protection: 1; mode=block
x-amz-cf-id: _9mqoL_N64IWBK1HG18_TU9zTJZLuB1fQgiLY0BUz3Wu8o7TWquE-g==
expires: Thu, 05 Apr 2018 03:50:57 GMT

GET
S 200 tm-float-bg-right-bottom.png
cdn.ywxi.net/static/img/ 833 B
978 B 12ms
11ms Image
image/png 52.85.173.66
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.ywxi.net/static/img/tm-float-bg-right-bottom.png

Requested by

Host: rdgtech.com
URL: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/

Protocol

SPDY

Server

52.85.173.66 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-52-85-173-66.fra6.r.cloudfront.net

Software

Apache /

Resource Hash

34de9b7a5a9f3db0bbc03557e4834cc2394f77a2c511231a3e36caae2e443ed2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://rdgtech.com/site/wp-content/themes/twentyseventeen/inc/tmp/U.S.Bank/U.S.Bank/home/auth/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Thu, 09 Nov 2017 16:17:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56926
x-cache: Hit from cloudfront
status: 200
content-length: 550
x-xss-protection: 1; mode=block
last-modified: Sat, 22 Apr 2017 16:43:58 GMT
server: Apache
etag: "Dvhx4vFj2uh"
content-type: image/png; charset=UTF-8
via: 1.1 8ebc2b93de29d9744a950f4930f96579.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
accept-ranges: bytes
x-amz-cf-id: qGG4ShkKjxTsPnJpEI1fjQX5jD9eVJGULs-ZNAoMrrNT5aOeXc92BQ==
expires: Fri, 10 Nov 2017 16:17:09 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: US Bank (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| v boolean| mfesecure_loaded undefined| $ function| jQuery

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			rdgtech.com/	1970-01-18 15:03:21	Name: trustedsite_visit Value: 1
			rdgtech.com/	1970-01-18 15:01:55	Name: trustedsite_session Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.ywxi.net
rdgtech.com
www.mcafeesecure.com
52.85.173.66
54.201.154.10
74.50.0.58
1aadb83b588aebd6adc92a76254b7d695c1805e9192ba5514c46e1a3020102db
2fb10240ee76a6df4311725cf04f41a967617686ec0c13f76370ef95351ea1fd
34de9b7a5a9f3db0bbc03557e4834cc2394f77a2c511231a3e36caae2e443ed2
423c2b31552be9b70cf6cc29e4638caff4f18ec30b716ac2b9476c04022e4e87
59937f7bac639e593dc5aed8fa581c3556790f1e06041a4e6bdfabd9e526ccae
60f21ce7a455a6aeebd950b11fdf5968161c1fa6d0ef443a648723ed0bf72802
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
69f44920ee566a8cb7fe4a97463c5cd363e5b56ce883da11b29a5f5a3d4ef35b
6bb5015df56f0a581708cd4d6e7d5a175ba9078c1a038188cb1d86a4bc1cd8e1
7a7265f5091d33109a28218b36ca758bc7efa3e6a9fd9df4af7ab9de56849539
a65eb873773994fc6c0c00d18f0dc3d626f74c216ac59701b566dd81a6a7ea33
b58c2cf93f51c02ddd58abf4252ab334333590dcd3c5d3e4a0626263035a6057
c700561ba76db790c8447b26ec1c3aa5bb15108f7e0a83b0d5bcde0263b19854
f0525e6a7d02b13cc368df16ebc0a62aaed205b669772b2202aedf07fbb7c5b1
f85cbbbd26fadc409bc187436854f7349efc253a28c6c77aef5dcec295ef409d

rdgtech.com Open in urlscan Pro 74.50.0.58 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

15 Requests

53 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

71 kBTransfer

143 kBSize

2 Cookies

0 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

2 Cookies

Indicators

rdgtech.com Open in urlscan Pro
74.50.0.58 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

53 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

71 kB
Transfer

143 kB
Size

2
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!