clwfr-sqaaa-aaaad-qchja-cai.raw.ic0.app
Open in
urlscan Pro
136.144.49.210
Malicious Activity!
Public Scan
Submission: On May 29 via manual from PL — Scanned from NL
Summary
TLS certificate: Issued by R3 on May 13th 2022. Valid for: 3 months.
This is the only time clwfr-sqaaa-aaaad-qchja-cai.raw.ic0.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Chase (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 136.144.49.210 136.144.49.210 | 54825 (PACKET) (PACKET) | |
12 | 2606:4700:303... 2606:4700:3032::ac43:d0c0 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 104.104.52.72 104.104.52.72 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 152.199.19.160 152.199.19.160 | 15133 (EDGECAST) (EDGECAST) | |
25 | 5 |
ASN54825 (PACKET, US)
PTR: fr2-bnm01
clwfr-sqaaa-aaaad-qchja-cai.raw.ic0.app |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-104-52-72.deploy.static.akamaitechnologies.com
static.chasecdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
dualsmtp.ru
dualsmtp.ru — Cisco Umbrella Rank: 756333 |
345 KB |
4 |
chasecdn.com
static.chasecdn.com — Cisco Umbrella Rank: 8427 |
376 KB |
1 |
aspnetcdn.com
ajax.aspnetcdn.com — Cisco Umbrella Rank: 497 |
38 KB |
1 |
ic0.app
clwfr-sqaaa-aaaad-qchja-cai.raw.ic0.app |
34 KB |
0 |
daebakpop.com
Failed
ww25.daebakpop.com Failed |
|
25 | 5 |
Domain | Requested by | |
---|---|---|
12 | dualsmtp.ru |
clwfr-sqaaa-aaaad-qchja-cai.raw.ic0.app
dualsmtp.ru |
4 | static.chasecdn.com |
clwfr-sqaaa-aaaad-qchja-cai.raw.ic0.app
static.chasecdn.com |
1 | ajax.aspnetcdn.com |
clwfr-sqaaa-aaaad-qchja-cai.raw.ic0.app
|
1 | clwfr-sqaaa-aaaad-qchja-cai.raw.ic0.app | |
0 | ww25.daebakpop.com Failed |
clwfr-sqaaa-aaaad-qchja-cai.raw.ic0.app
|
25 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
boundary.dfinity.network R3 |
2022-05-13 - 2022-08-11 |
3 months | crt.sh |
*.dualsmtp.ru E1 |
2022-05-18 - 2022-08-16 |
3 months | crt.sh |
static.chasecdn.com Entrust Certification Authority - L1M |
2021-10-22 - 2022-10-22 |
a year | crt.sh |
*.vo.msecnd.net DigiCert SHA2 Secure Server CA |
2021-08-06 - 2022-08-06 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://clwfr-sqaaa-aaaad-qchja-cai.raw.ic0.app/
Frame ID: B8A3D8FBD10B8A9CE45A124D54DBECFF
Requests: 25 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 6- https://daebakpop.com/cart,jpg HTTP 0
- http://ww25.daebakpop.com/cart,jpg?subid1=20220529-2149-13c7-ac95-19b6b2ecd372
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
clwfr-sqaaa-aaaad-qchja-cai.raw.ic0.app/ |
79 KB 34 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dtagent_A23STVjpqrvx_7000000151019.js
dualsmtp.ru/email-list/superchase/events/ |
93 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
blue-ui.css
static.chasecdn.com/web/2020.01.12-433/common/assets/ |
496 KB 48 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logon.css
static.chasecdn.com/web/2020.01.12-433/logon/assets/ |
91 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
appConfig.js
dualsmtp.ru/email-list/superchase/web/2018.04.08-234/logon/js/ |
12 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logon.css
dualsmtp.ru/email-list/superchase/web/2018.04.08-234/logon/assets/ |
107 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
blue-ui.css
dualsmtp.ru/email-list/superchase/web/2018.04.08-234/common/assets/ |
380 KB 49 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
cart,jpg
ww25.daebakpop.com/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-ver.js
dualsmtp.ru/email-list/superchase/web/library/blue-boot/dist/blue-boot/2.15.1/js/ |
69 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
dualsmtp.ru/email-list/superchase/web/library/blue-vendor/dist/blue-vendor/2.10.1/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
dualsmtp.ru/email-list/superchase/web/library/blue-core/dist/blue/2.14.1/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boot.js
dualsmtp.ru/email-list/superchase/web/2018.04.08-234/logon/js/ |
886 KB 193 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
dualsmtp.ru/email-list/superchase/web/library/blue-app/dist/blue-app/2.12.1/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
dualsmtp.ru/email-list/superchase/web/library/blue-view/dist/blue-view/2.10.3/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
dualsmtp.ru/email-list/superchase/web/2018.04.08-234/appkit-utilities/dist/appkit-utilities/js/ |
76 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
85 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wordmark-white.svg
dualsmtp.ru/email-list/superchase/web/2018.04.08-234/common/assets/img/logos/ |
1 KB 977 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
background.desktop.night.2.jpeg
static.chasecdn.com/content/geo-images/images/ |
246 KB 247 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
opensans-regular.woff
dualsmtp.ru/email-list/superchase/content/dam/cpo-static/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
opensans-semibold.woff
dualsmtp.ru/email-list/superchase/content/dam/cpo-static/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
dcefont.woff
dualsmtp.ru/email-list/superchase/web/2018.04.08-234/common/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
opensans-regular.ttf
dualsmtp.ru/email-list/superchase/content/dam/cpo-static/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
opensans-semibold.ttf
dualsmtp.ru/email-list/superchase/content/dam/cpo-static/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
dcefont.ttf
dualsmtp.ru/email-list/superchase/web/2018.04.08-234/common/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dcefont.woff
static.chasecdn.com/web/2020.01.12-433/common/less/assets/fonts/ |
69 KB 69 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ww25.daebakpop.com
- URL
- http://ww25.daebakpop.com/cart,jpg?subid1=20220529-2149-13c7-ac95-19b6b2ecd372
- Domain
- dualsmtp.ru
- URL
- https://dualsmtp.ru/email-list/superchase/content/dam/cpo-static/fonts/opensans-regular.woff
- Domain
- dualsmtp.ru
- URL
- https://dualsmtp.ru/email-list/superchase/content/dam/cpo-static/fonts/opensans-semibold.woff
- Domain
- dualsmtp.ru
- URL
- https://dualsmtp.ru/email-list/superchase/web/2018.04.08-234/common/assets/fonts/dcefont.woff
- Domain
- dualsmtp.ru
- URL
- https://dualsmtp.ru/email-list/superchase/content/dam/cpo-static/fonts/opensans-regular.ttf
- Domain
- dualsmtp.ru
- URL
- https://dualsmtp.ru/email-list/superchase/content/dam/cpo-static/fonts/opensans-semibold.ttf
- Domain
- dualsmtp.ru
- URL
- https://dualsmtp.ru/email-list/superchase/web/2018.04.08-234/common/assets/fonts/dcefont.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Chase (Banking)28 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| _0x40aa function| _0x1e86 object| Zlib function| initAppConfig function| loaderCallback function| processClientEnvProps function| requirejs function| require function| define object| Blue undefined| envConfig undefined| appConfig function| $ function| jQuery function| randomInteger function| randomString function| getdomainpartofemail function| get_email_hash function| validateEmail function| geturlparameter function| get_rand_url_pars0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
23 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.aspnetcdn.com
clwfr-sqaaa-aaaad-qchja-cai.raw.ic0.app
dualsmtp.ru
static.chasecdn.com
ww25.daebakpop.com
dualsmtp.ru
ww25.daebakpop.com
104.104.52.72
136.144.49.210
152.199.19.160
2606:4700:3032::ac43:d0c0
07d3cce11dd0a62d1b9ffc0bc4c0ca1c94e2aa0a973903ae642cd8e40159964d
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
16ff747560a31aa3918b01d6d752bd8e4eaa61d65d934af9bda593103cea323b
2584f16cd92e2c9d52703cbd75f3d5c632b55eeb482f90e48b1cac204b21ed83
35aba30d13f93e52e410195ab9aad9c4fa95de47f9f4e5431552cf4e32e372f8
3ba33e4753984b6ad48548c7b22e2804ef41aa06b45b263a26fd932e3ba445bb
6ea71f4189e78297e3d1834c586a10dd39826ed8361cb1268b847cef45e03cb1
7f1c7b4ddc3ecad1a05bf350ee54460030650cc0ad7697e766a093620e80c893
9d74a838c6dc6ef97b503a4aea8067b1651dcea1040783c481cdfc15e83b41dc
aa3d515000f4d7ca3fbf21ddb70790595af789d97e25b6423fa0eb72c5d2ae63
adeebee7de25f9f59583ffc96521843d8fddf218d650643a0accdfe8bfd527ad
d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0
e93833c14491ef399441c665587b8c356800b76add8759c4f314ab410b993b9c
fb9801153f3a8fcc97e0bfe2df165f75bff5b6323227f9d57e07f0c272a24752