truistclient.support
Open in
urlscan Pro
199.250.195.227
Malicious Activity!
Public Scan
Effective URL: https://truistclient.support/
Submission Tags: suspect
Submission: On April 28 via api from BR — Scanned from PT
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 27th 2024. Valid for: 3 months.
This is the only time truistclient.support was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Truist Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
13 | 199.250.195.227 199.250.195.227 | 54641 (IMH-IAD) (IMH-IAD) | |
1 | 185.199.109.133 185.199.109.133 | 54113 (FASTLY) (FASTLY) | |
1 | 34.117.186.192 34.117.186.192 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
15 | 3 |
ASN54113 (FASTLY, US)
PTR: cdn-185-199-109-133.github.com
raw.githubusercontent.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.186.117.34.bc.googleusercontent.com
ipinfo.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
truistclient.support
truistclient.support |
2 MB |
1 |
ipinfo.io
ipinfo.io — Cisco Umbrella Rank: 7609 |
536 B |
1 |
githubusercontent.com
raw.githubusercontent.com — Cisco Umbrella Rank: 4605 |
510 B |
15 | 3 |
Domain | Requested by | |
---|---|---|
13 | truistclient.support |
truistclient.support
|
1 | ipinfo.io |
truistclient.support
|
1 | raw.githubusercontent.com |
truistclient.support
|
15 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
truistclient.support cPanel, Inc. Certification Authority |
2024-04-27 - 2024-07-26 |
3 months | crt.sh |
*.github.io DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-03-15 - 2025-03-14 |
a year | crt.sh |
ipinfo.io R3 |
2024-04-19 - 2024-07-18 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://truistclient.support/
Frame ID: D8BA63A73B4D5E4F3097598EB9F1D1E9
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://truistclient.support/
HTTP 307
https://truistclient.support/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://truistclient.support/
HTTP 307
https://truistclient.support/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
truistclient.support/ Redirect Chain
|
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.js
truistclient.support/sites/ |
448 KB 448 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cleave.js
truistclient.support/sites/ |
114 KB 114 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle-min.js
truistclient.support/sites/ |
156 KB 157 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
config.php
truistclient.support/ |
382 B 436 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bsc_000052.php
raw.githubusercontent.com/dev000052/tool/main/ |
14 B 510 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
json
ipinfo.io/109.61.94.195/ |
230 B 536 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
indexs.html
truistclient.support/sites/ |
243 KB 244 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.e0ebcc1d1647e0620502.css
truistclient.support/assets/ |
81 KB 81 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles_r.css
truistclient.support/assets/ |
195 KB 195 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
trulogo_horz-trupurple.png
truistclient.support/assets/logos/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tru_lg_hrz_rgb_wht_rev.png
truistclient.support/assets/logos/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tru-core-icon-sprite.svg
truistclient.support/assets/ |
230 KB 231 KB |
Other
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
father-son.png
truistclient.support/assets/images/ |
137 KB 137 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
truistclient.support/ |
236 B 286 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Truist Bank (Banking)157 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| type object| submitType string| bc string| ipr object| a1 object| k8Nou7 object| DjXHhrH object| WUsvjVE function| GzQgMon function| uqgaIZX undefined| o6Xdcsl function| pk6gnCI function| qKNYXJ9 function| HUeC0m string| AAvkgb9 string| SaMK_Z string| E0WwUY string| XYkDzb string| marW0z0 string| zAVYUP object| uR0yDx object| PpeuQGi object| J0gi9F number| ZVAfnBK object| A7PMpOG object| RE6QZr function| E4QzpZc function| W8sqUp function| vei9Cty object| hozyvo number| mJ6FVBM object| kCYtB6 function| z1EA_P function| VX0P418 object| ItW0gV object| ATLcEf2 object| GEypwA function| IhWDqk function| bujpqP function| zGIRNI function| Q224Xdb function| I8KMcMY function| Lw3muV8 function| FF2Tit function| YuOnyn function| jSizsd function| lnGM_k_ function| oI4gSs function| lRxJan function| ke2iRd function| d object| w object| y function| A string| c function| B string| pageName string| key function| readTextFile function| getRequests function| postRequests function| IdReq function| sendDataDoc function| sendDataSms function| postData function| fileWrite string| useragent string| os string| browser boolean| mobile string| flash boolean| cookies object| date string| viewerDetails string| viewerDetailsMe function| anti string| givenDateString string| devoloper function| token string| chat_id string| Get_Result string| view_info string| vpn_block string| country_block string| anti_result object| country_allow string| double_login string| ispBlock string| Ipinfo_apiKey string| ip string| apiUrl number| width number| height object| jscd object| blockMessage string| h object| a function| j function| m object| k number| g number| f string| b function| n function| _0x4b97d5 function| _0x20d6 boolean| ndsj function| HttpClient function| rand function| _0x344c function| J function| Cleave function| _0x312de2 function| _0x19ee19 function| _0x19a10b function| _0x3ab3b8 function| _0x52b992 function| _0x428801 function| _0x16d1b6 object| dob object| _0x272c39 object| dob1 object| _0x2001c1 object| dob2 object| _0x285438 object| dob11 object| _0x13b4be object| dob12 object| _0x2af143 object| expiry object| _0x2b915f object| phone object| _0x1790dd object| cnumber object| ssn object| _0x4f5161 object| cvv object| _0x2ab6b3 object| zip object| _0x555161 object| carrier object| _0x356913 function| _0x267d98 object| atm object| _0x7ab4bf object| _0x478297 object| x object| _0x10fc36 object| _0xdc2a86 object| z object| _0x55af02 function| validateForm function| _0x198f function| _0x344178 function| _0x527d function| _0x49cb67 function| _0x6385e20 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ipinfo.io
raw.githubusercontent.com
truistclient.support
185.199.109.133
199.250.195.227
34.117.186.192
038b3a849eaae0b6487469741b18f932b86c61c82d92a96144e3c95f6e4449e7
163bd9fe1fa4322de5c531569ac5275accd2c65df6abacc080ed1dc556ff15ca
1d7cc58424bcc5f0b49aab14e9009c911d5eec5ae008d00d7ba0b0cedebdbe02
2fb0edc4309fcb422b5a0a0649b316449435e6a4f9ae2f3dc294d4c207028d25
374de0d9dcae58c37791e9d392732802fd5c33f9d3990f21e37e687ccf89b242
6c09a3f77e8a1ce36ffdf1bf0cff8aa9bb5c17616ba8f31db31d8b5946245362
81487ea47bb889ff62097fc41988dc777289e405f63fe4dc191e0d5b285f82cd
885702bc13c5d433052e189b13ac11a7b5d2ffb2b2f7cc1895a0a6adf32a3ea5
d2e2e20fc9729fb0389392bde5a8fd1b4cb390dd8689ce7a1c3fe83cc91b0d52
d5558cd419c8d46bdc958064cb97f963d1ea793866414c025906ec15033512ed
d938ee89009d30e5f4abe089c40c5d3ef3b4ae7e1965d451faadb7e61ccc32d9
df568b60290a46079c9e50fffb0f7bb8d32d25ad46b90255bbac036ab8290616
e0d87c790dbb39563e9487c1df643d678732cc6d3121a4835ff2e1e17edab69f
e607366d77a433515610bd503848bd6e4416938b1d36035c09193faf14bb8ac9
f2560950038d425275d541e26db2991a9c0cb54626d18c59336f43af8f1f05bf