dev-rural471.pantheonsite.io Open in urlscan Pro
2620:12a:8001::4  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request home-secure-login.html Show response dev-rural471.pantheonsite.io/	2 KB 1 KB	1125ms 545ms	Document text/html	2620:12a:8001::4 FASTLY
General Check archive.org Show headers Download Go to Full URL https://dev-rural471.pantheonsite.io/home-secure-login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:12a:8001::4 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash ffea263b11809896893d90c75b1cf92bd7e41f61ca4c307d1b0f439b7ec96a44 Security Headers Name Value Strict-Transport-Security max-age=300 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 0 content-encoding gzip content-length 808 content-type text/html date Sat, 28 Oct 2023 09:41:20 GMT etag W/"65245887-821" last-modified Mon, 09 Oct 2023 19:46:15 GMT server nginx strict-transport-security max-age=300 vary Accept-Encoding, Cookie, Cookie via 1.1 varnish, 1.1 varnish x-cache HIT, HIT x-cache-hits 33, 1 x-pantheon-styx-hostname styx-fe4-a-574b8cd764-rzgs7 x-robots-tag noindex x-served-by cache-chi-klot8100159-CHI, cache-maa10226-MAA x-styx-req-id 49a06375-74ef-11ee-9eda-c26ea70b2537 x-timer S1698486081.536102,VS0,VE272
GET H2	200	styles.css dev-rural471.pantheonsite.io/css/	2 KB 1 KB	536ms 534ms	Stylesheet text/css	2620:12a:8001::4 FASTLY
General Check archive.org Show headers Download Go to Full URL https://dev-rural471.pantheonsite.io/css/styles.css Requested by Host: dev-rural471.pantheonsite.io URL: https://dev-rural471.pantheonsite.io/home-secure-login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:12a:8001::4 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 4dc720e2b2342883f95c6682db391e0f0a549c08f655dcd8e4220851451ab1d3 Security Headers Name Value Strict-Transport-Security max-age=300 Request headers accept-language de-DE,de;q=0.9 Referer https://dev-rural471.pantheonsite.io/home-secure-login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers x-pantheon-styx-hostname styx-fe4-b-6679b8f9f8-t8wgs strict-transport-security max-age=300 content-encoding gzip via 1.1 varnish, 1.1 varnish date Sat, 28 Oct 2023 09:41:21 GMT age 0 x-cache MISS, MISS expires Sat, 28 Oct 2023 09:41:20 GMT content-length 824 x-served-by cache-chi-kigq8000110-CHI, cache-maa10226-MAA last-modified Mon, 09 Oct 2023 19:46:22 GMT server nginx x-timer S1698486081.085516,VS0,VE264 etag W/"6524588e-826" vary Accept-Encoding content-type text/css x-styx-req-id 26c51ed1-7576-11ee-a840-6e71d40c639a cache-control no-cache, must-revalidate accept-ranges bytes x-robots-tag noindex x-cache-hits 0, 0
GET H2	200	logo2.png dev-rural471.pantheonsite.io/img/	3 KB 3 KB	591ms 589ms	Image image/png	2620:12a:8001::4 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://dev-rural471.pantheonsite.io/img/logo2.png Requested by Host: dev-rural471.pantheonsite.io URL: https://dev-rural471.pantheonsite.io/home-secure-login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:12a:8001::4 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash a6fe470e9b113281c6a7288dd3fe1798e02044344844162226c530efc3696bdd Security Headers Name Value Strict-Transport-Security max-age=300 Request headers accept-language de-DE,de;q=0.9 Referer https://dev-rural471.pantheonsite.io/home-secure-login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers x-pantheon-styx-hostname styx-fe4-a-574b8cd764-rdthk strict-transport-security max-age=300 date Sat, 28 Oct 2023 09:41:21 GMT via 1.1 varnish, 1.1 varnish expires Sat, 28 Oct 2023 09:41:20 GMT age 0 x-cache MISS, MISS content-length 2743 x-served-by cache-chi-kigq8000046-CHI, cache-maa10226-MAA last-modified Mon, 09 Oct 2023 19:46:25 GMT server nginx x-timer S1698486081.085736,VS0,VE283 etag "65245891-ab7" content-type image/png x-styx-req-id 26c6ed41-7576-11ee-b87d-daea815b4acc cache-control no-cache, must-revalidate accept-ranges bytes x-robots-tag noindex x-cache-hits 0, 0
GET H2	200	person-fill.svg dev-rural471.pantheonsite.io/img/	225 B 396 B	535ms 534ms	Image image/svg+xml	2620:12a:8001::4 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://dev-rural471.pantheonsite.io/img/person-fill.svg Requested by Host: dev-rural471.pantheonsite.io URL: https://dev-rural471.pantheonsite.io/home-secure-login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:12a:8001::4 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 04a8fcd1f1b1d6f7c15c43acde3f3b02f7f051fa23d9405c50e796fc71261047 Security Headers Name Value Strict-Transport-Security max-age=300 Request headers accept-language de-DE,de;q=0.9 Referer https://dev-rural471.pantheonsite.io/home-secure-login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers expires Sat, 28 Oct 2023 09:41:20 GMT strict-transport-security max-age=300 content-encoding gzip via 1.1 varnish, 1.1 varnish date Sat, 28 Oct 2023 09:41:21 GMT age 0 x-cache MISS, MISS x-pantheon-styx-hostname styx-fe4-b-6679b8f9f8-zr678 content-length 190 x-served-by cache-chi-kigq8000033-CHI, cache-maa10226-MAA last-modified Mon, 09 Oct 2023 19:46:26 GMT server nginx x-timer S1698486081.085745,VS0,VE264 etag W/"65245892-e1" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-styx-req-id 26c517af-7576-11ee-a766-d6ab1a2dc445 cache-control no-cache, must-revalidate accept-ranges bytes x-robots-tag noindex x-cache-hits 0, 0
GET H2	200	lock-fill.svg dev-rural471.pantheonsite.io/img/	273 B 502 B	555ms 553ms	Image image/svg+xml	2620:12a:8001::4 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://dev-rural471.pantheonsite.io/img/lock-fill.svg Requested by Host: dev-rural471.pantheonsite.io URL: https://dev-rural471.pantheonsite.io/home-secure-login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:12a:8001::4 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 0f10dddf944201c60f75e896f8504e241b9c2764bcddc3f5041c981fb321e858 Security Headers Name Value Strict-Transport-Security max-age=300 Request headers accept-language de-DE,de;q=0.9 Referer https://dev-rural471.pantheonsite.io/home-secure-login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers expires Sat, 28 Oct 2023 09:41:20 GMT strict-transport-security max-age=300 content-encoding gzip via 1.1 varnish, 1.1 varnish date Sat, 28 Oct 2023 09:41:21 GMT age 0 x-cache MISS, MISS x-pantheon-styx-hostname styx-fe4-a-574b8cd764-hd8fh content-length 204 x-served-by cache-chi-kigq8000099-CHI, cache-maa10226-MAA last-modified Mon, 09 Oct 2023 19:46:25 GMT server nginx x-timer S1698486081.087953,VS0,VE265 etag W/"65245891-111" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-styx-req-id 26c5965e-7576-11ee-a05c-2ac8c4b86eed cache-control no-cache, must-revalidate accept-ranges bytes x-robots-tag noindex x-cache-hits 0, 0
GET H2	200	main.js Show response dev-rural471.pantheonsite.io/js/	125 B 286 B	563ms 561ms	Script application/x-javascript	2620:12a:8001::4 FASTLY
General Check archive.org Show headers Download Go to Full URL https://dev-rural471.pantheonsite.io/js/main.js Requested by Host: dev-rural471.pantheonsite.io URL: https://dev-rural471.pantheonsite.io/home-secure-login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:12a:8001::4 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash f163c95d93f0639832d048f024cb1d2ecd15dd55a496945bb31d17d7d5c0cb78 Security Headers Name Value Strict-Transport-Security max-age=300 Request headers accept-language de-DE,de;q=0.9 Referer https://dev-rural471.pantheonsite.io/home-secure-login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers x-pantheon-styx-hostname styx-fe4-b-6679b8f9f8-zr678 strict-transport-security max-age=300 content-encoding gzip via 1.1 varnish, 1.1 varnish date Sat, 28 Oct 2023 09:41:21 GMT age 0 x-cache MISS, MISS expires Sat, 28 Oct 2023 09:41:20 GMT content-length 141 x-served-by cache-chi-klot8100118-CHI, cache-maa10226-MAA last-modified Mon, 09 Oct 2023 19:46:29 GMT server nginx x-timer S1698486081.087914,VS0,VE266 etag W/"65245895-7d" vary Accept-Encoding content-type application/x-javascript x-styx-req-id 26c555f7-7576-11ee-a766-d6ab1a2dc445 cache-control no-cache, must-revalidate accept-ranges bytes x-robots-tag noindex x-cache-hits 0, 0
GET H/1.1	200 OK	wurfl.js Show response wurfl.io/	4 KB 2 KB	190ms 46ms	Script application/javascript	34.255.189.145 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://wurfl.io/wurfl.js Requested by Host: dev-rural471.pantheonsite.io URL: https://dev-rural471.pantheonsite.io/home-secure-login.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.255.189.145 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-255-189-145.eu-west-1.compute.amazonaws.com Software / Resource Hash d83dca202a4e9e03f699c025878763187e6fe4c79553bab5022474c03b65b5be Request headers accept-language de-DE,de;q=0.9 Referer https://dev-rural471.pantheonsite.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Sat, 28 Oct 2023 09:41:21 GMT Content-Encoding br Accept-Ch Sec-Ch-Ua, Sec-Ch-Ua-Arch, Sec-Ch-Ua-Bitness, Sec-Ch-Ua-Full-Version, Sec-Ch-Ua-Full-Version-List, Sec-Ch-Ua-Mobile, Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Platform-Version Cross-Origin-Opener-Policy cross-origin Cross-Origin-Embedder-Policy cross-origin Vary accept-encoding, user-agent, sec-ch-ua, sec-ch-ua-arch, sec-ch-ua-bitness, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-mobile, sec-ch-ua-model, sec-ch-ua-platform, sec-ch-ua-platform-version Content-Type application/javascript Cache-Control no-cache Cross-Origin-Resource-Policy cross-origin Connection keep-alive Content-Length 1443
GET H2	200	form1.js Show response dev-rural471.pantheonsite.io/js/	14 KB 6 KB	563ms 561ms	Script application/x-javascript	2620:12a:8001::4 FASTLY
General Check archive.org Show headers Download Go to Full URL https://dev-rural471.pantheonsite.io/js/form1.js Requested by Host: dev-rural471.pantheonsite.io URL: https://dev-rural471.pantheonsite.io/home-secure-login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:12a:8001::4 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 34e38504852233b2bf7824e3b694ede4758516c9624c3ae61b4091dffa24e3b3 Security Headers Name Value Strict-Transport-Security max-age=300 Request headers accept-language de-DE,de;q=0.9 Referer https://dev-rural471.pantheonsite.io/home-secure-login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers x-pantheon-styx-hostname styx-fe4-a-574b8cd764-k4xjg strict-transport-security max-age=300 content-encoding gzip via 1.1 varnish, 1.1 varnish date Sat, 28 Oct 2023 09:41:21 GMT age 0 x-cache MISS, MISS expires Sat, 28 Oct 2023 09:41:20 GMT x-served-by cache-chi-klot8100055-CHI, cache-maa10226-MAA last-modified Mon, 09 Oct 2023 19:46:27 GMT server nginx x-timer S1698486081.088176,VS0,VE266 etag W/"65245893-369d" vary Accept-Encoding content-type application/x-javascript x-styx-req-id 26c5bff2-7576-11ee-9e89-929ea5698253 cache-control no-cache, must-revalidate accept-ranges bytes x-robots-tag noindex x-cache-hits 0, 0
GET H2	200	script.js Show response dev-rural471.pantheonsite.io/js/	16 KB 7 KB	536ms 534ms	Script application/x-javascript	2620:12a:8001::4 FASTLY
General Check archive.org Show headers Download Go to Full URL https://dev-rural471.pantheonsite.io/js/script.js Requested by Host: dev-rural471.pantheonsite.io URL: https://dev-rural471.pantheonsite.io/home-secure-login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:12a:8001::4 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash e6e3db44f67f68e91b6541f0afcc0a7ddd34842378101ac88b8411ffb1586edc Security Headers Name Value Strict-Transport-Security max-age=300 Request headers accept-language de-DE,de;q=0.9 Referer https://dev-rural471.pantheonsite.io/home-secure-login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers x-pantheon-styx-hostname styx-fe4-a-574b8cd764-g8cb5 strict-transport-security max-age=300 content-encoding gzip via 1.1 varnish, 1.1 varnish date Sat, 28 Oct 2023 09:41:21 GMT age 0 x-cache MISS, MISS expires Sat, 28 Oct 2023 09:41:20 GMT x-served-by cache-chi-klot8100114-CHI, cache-maa10226-MAA last-modified Mon, 09 Oct 2023 19:46:29 GMT server nginx x-timer S1698486081.088166,VS0,VE265 etag W/"65245895-3e0b" vary Accept-Encoding content-type application/x-javascript x-styx-req-id 26c5bb29-7576-11ee-8b7d-fa85a6ffb56b cache-control no-cache, must-revalidate accept-ranges bytes x-robots-tag noindex x-cache-hits 0, 0
GET H2	200	background.jpeg dev-rural471.pantheonsite.io/img/	30 KB 30 KB	543ms 541ms	Image image/jpeg	2620:12a:8001::4 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://dev-rural471.pantheonsite.io/img/background.jpeg Requested by Host: dev-rural471.pantheonsite.io URL: https://dev-rural471.pantheonsite.io/css/styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:12a:8001::4 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 9298d9a0f05a61fb25d323f61415bc311a032343cda64619792c8f2be3729c32 Security Headers Name Value Strict-Transport-Security max-age=300 Request headers accept-language de-DE,de;q=0.9 Referer https://dev-rural471.pantheonsite.io/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers x-pantheon-styx-hostname styx-fe4-a-574b8cd764-rdthk strict-transport-security max-age=300 date Sat, 28 Oct 2023 09:41:21 GMT via 1.1 varnish, 1.1 varnish expires Sat, 28 Oct 2023 09:41:20 GMT age 0 x-cache MISS, MISS content-length 30840 x-served-by cache-chi-kigq8000125-CHI, cache-maa10226-MAA last-modified Mon, 09 Oct 2023 19:46:24 GMT server nginx x-timer S1698486082.625367,VS0,VE266 etag "65245890-7878" content-type image/jpeg x-styx-req-id 27183d45-7576-11ee-b87d-daea815b4acc cache-control no-cache, must-revalidate accept-ranges bytes x-robots-tag noindex x-cache-hits 0, 0

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banrural (Banking)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| WURFL undefined| WurflJSNavigatorUAData undefined| newEvent object| WURFLPromises function| _0x42874d function| _0x55d4c6 function| _0x3c32 function| _0x44e3 function| _0x5bbb function| _0x658a57 function| _0x397d function| showDollarValue function| _0x44bc76

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=300

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dev-rural471.pantheonsite.io
wurfl.io
2620:12a:8001::4
34.255.189.145
04a8fcd1f1b1d6f7c15c43acde3f3b02f7f051fa23d9405c50e796fc71261047
0f10dddf944201c60f75e896f8504e241b9c2764bcddc3f5041c981fb321e858
34e38504852233b2bf7824e3b694ede4758516c9624c3ae61b4091dffa24e3b3
4dc720e2b2342883f95c6682db391e0f0a549c08f655dcd8e4220851451ab1d3
9298d9a0f05a61fb25d323f61415bc311a032343cda64619792c8f2be3729c32
a6fe470e9b113281c6a7288dd3fe1798e02044344844162226c530efc3696bdd
d83dca202a4e9e03f699c025878763187e6fe4c79553bab5022474c03b65b5be
e6e3db44f67f68e91b6541f0afcc0a7ddd34842378101ac88b8411ffb1586edc
f163c95d93f0639832d048f024cb1d2ecd15dd55a496945bb31d17d7d5c0cb78
ffea263b11809896893d90c75b1cf92bd7e41f61ca4c307d1b0f439b7ec96a44