urlscan.io logo urlscan.io
SecurityTrails logo

guildmortgage_.bestscreeningservice.com Open in urlscan Pro
192.185.115.124  Public Scan

Go To Rescan Add Verdict Report
URL: https://guildmortgage_.bestscreeningservice.com/index.php
Submission Tags: @phish_report
Submission: On May 29 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 3 HTTP transactions. The main IP is 192.185.115.124, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is guildmortgage_.bestscreeningservice.com.
TLS certificate: Issued by R3 on May 19th 2024. Valid for: 3 months.
This is the only time guildmortgage_.bestscreeningservice.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 192.185.115.124 19871 (NETWORK-S...)
1 67.231.145.167 26211 (PROOFPOIN...)
3 2
Domain Requested by
2 guildmortgage_.bestscreeningservice.com
1 securemessage.bankatfirst.com guildmortgage_.bestscreeningservice.com
3 2

This site contains no links.

Subject Issuer Validity Valid
*.bestscreeningservice.com
R3		 2024-05-19 -
2024-08-17		 3 months crt.sh
digest.bankatfirst.com
Entrust Certification Authority - L1M		 2024-05-15 -
2025-05-24		 a year crt.sh

This page contains 1 frames:

Primary Page: https://guildmortgage_.bestscreeningservice.com/index.php
Frame ID: 913AC10BC8F1B3D89DC47EF9CF7ACC84
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Guild Mortgage Encryption

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

20 kB
Transfer

31 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.php
guildmortgage_.bestscreeningservice.com/ 		18 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://guildmortgage_.bestscreeningservice.com/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.115.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
192-185-115-124.unifiedlayer.com
Software
Apache /
Resource Hash
2f76d79ef58c90e7f8e735f90aa1db37989f858f5844d379ff60c991f3b04ae3

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

content-encoding
gzip
content-length
12964
content-type
text/html; charset=UTF-8
date
Wed, 29 May 2024 19:41:36 GMT
server
Apache
vary
Accept-Encoding
Image
securemessage.bankatfirst.com/securereader/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securemessage.bankatfirst.com/securereader/Image?c=lock&b=1&rnd=2.93779205211436
Requested by
Host: guildmortgage_.bestscreeningservice.com
URL: https://guildmortgage_.bestscreeningservice.com/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.231.145.167 , United States, ASN26211 (PROOFPOINT-ASN-US-WEST, US),
Reverse DNS
mx0a-00136001.pphosted.com
Software
/
Resource Hash
3216eece2ea0af5c1e97de8be7430e55f0efb9af440fd967f3542a656c23ccac
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Referer
https://guildmortgage_.bestscreeningservice.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

Expires
Fri, 28 Jun 2024 19:41:37 GMT
Date
Wed, 29 May 2024 19:41:37 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Server
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
image/gif
Cache-Control
max-age=2592000
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=edge
favicon.ico
guildmortgage_.bestscreeningservice.com/ 		12 KB
5 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://guildmortgage_.bestscreeningservice.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.115.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
192-185-115-124.unifiedlayer.com
Software
Apache /
Resource Hash
bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Referer
https://guildmortgage_.bestscreeningservice.com/index.php
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 29 May 2024 19:41:38 GMT
content-encoding
gzip
last-modified
Fri, 30 Sep 2022 16:17:08 GMT
server
Apache
vary
Accept-Encoding
content-type
text/html
accept-ranges
bytes
content-length
4677

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://guildmortgage_.bestscreeningservice.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()