www.fargoservices.homes
Open in
urlscan Pro
198.54.116.164
Malicious Activity!
Public Scan
Submission: On January 25 via automatic, source certstream-suspicious — Scanned from ES
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 25th 2024. Valid for: a year.
This is the only time www.fargoservices.homes was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 198.54.116.164 198.54.116.164 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
2 | 2.17.100.209 2.17.100.209 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 23.37.40.86 23.37.40.86 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 104.115.82.16 104.115.82.16 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
9 | 2.17.180.241 2.17.180.241 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
24 | 5 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server220-5.web-hosting.com
www.fargoservices.homes |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-209.deploy.static.akamaitechnologies.com
connect.secure.wellsfargo.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-37-40-86.deploy.static.akamaitechnologies.com
www10.wellsfargomedia.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-115-82-16.deploy.static.akamaitechnologies.com
static.wellsfargo.com |
ASN16625 (AKAMAI-AS, US)
PTR: a2-17-180-241.deploy.static.akamaitechnologies.com
www15.wellsfargomedia.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
fargoservices.homes
www.fargoservices.homes |
49 KB |
10 |
wellsfargomedia.com
www10.wellsfargomedia.com — Cisco Umbrella Rank: 16132 www15.wellsfargomedia.com — Cisco Umbrella Rank: 26658 |
871 KB |
3 |
wellsfargo.com
connect.secure.wellsfargo.com — Cisco Umbrella Rank: 12941 static.wellsfargo.com — Cisco Umbrella Rank: 12204 |
34 KB |
24 | 3 |
Domain | Requested by | |
---|---|---|
11 | www.fargoservices.homes |
www.fargoservices.homes
|
9 | www15.wellsfargomedia.com |
www.fargoservices.homes
|
2 | connect.secure.wellsfargo.com |
www.fargoservices.homes
|
1 | static.wellsfargo.com |
www.fargoservices.homes
|
1 | www10.wellsfargomedia.com |
www.fargoservices.homes
|
24 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
oam.wellsfargo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
fargoservices.homes Sectigo RSA Domain Validation Secure Server CA |
2024-01-25 - 2025-01-25 |
a year | crt.sh |
connect.secure.wellsfargo.com DigiCert EV RSA CA G2 |
2023-08-29 - 2024-09-28 |
a year | crt.sh |
www10.wellsfargomedia.com GeoTrust RSA CA 2018 |
2023-12-05 - 2024-12-04 |
a year | crt.sh |
static.wellsfargo.com DigiCert EV RSA CA G2 |
2023-08-30 - 2024-09-29 |
a year | crt.sh |
www15.wellsfargomedia.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-09-27 - 2024-09-26 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.fargoservices.homes/
Frame ID: 3735F6570040CE47130DE647C91CA6D5
Requests: 24 HTTP requests in this frame
Screenshot
Page Title
Sign On to View Your Personal Accounts | Wells FargoDetected technologies
AppDynamics (Analytics) ExpandDetected patterns
- adrum
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Forgot username or password?
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.fargoservices.homes/ |
33 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nd
connect.secure.wellsfargo.com/jenny/ |
53 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adrum-ext.b4436be974de477658d4a93afb752165.js
www.fargoservices.homes/auth/static/scripts/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
general_alt.js
www.fargoservices.homes/auth/login/static/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
general_alt.js
www.fargoservices.homes/auth/login/static/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wells.js
www.fargoservices.homes/static/js/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wfui.df76c94872b557f8b8f8.css
www.fargoservices.homes/static/css/ |
135 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.6539fceb73733687f14d.css
www.fargoservices.homes/static/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
COB-BOB-IRT-enroll_park.jpg
www10.wellsfargomedia.com/auth/static/images/ |
644 KB 645 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adrum-ext.js
www.fargoservices.homes/auth/static/scripts/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
src_app_page_login_Login_js.e39503963eafcb17d303.chunk.css
www.fargoservices.homes/static/css/ |
155 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2AjY3w
www.fargoservices.homes/ciNe5_JRfEXvcrrY0VBt5jTe/OVfaVDkttrV7/dyB-VF8vAQ/bwgEZ/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.js
static.wellsfargo.com/tracking/secure-auth/ |
41 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-userprefs.min.js
www.fargoservices.homes/auth/static/prefs/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
atadun.js
connect.secure.wellsfargo.com/auth/static/prefs/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
0 22 KB |
Other
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-sbd.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
0 22 KB |
Other
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargoserif-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
0 26 KB |
Other
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-rg.woff
www15.wellsfargomedia.com/wfui/css/fonts/ |
0 27 KB |
Other
application/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-sbd.woff
www15.wellsfargomedia.com/wfui/css/fonts/ |
0 27 KB |
Other
application/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargoserif-rg.woff
www15.wellsfargomedia.com/wfui/css/fonts/ |
0 31 KB |
Other
application/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargoserif-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
26 KB 26 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-sbd.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)143 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| nsmlkfsz string| NDS_LISTEN_FOCUS string| NDS_LISTEN_TOUCH function| nsdclkhoke string| NDS_LISTEN_KEYBOARD string| NDS_LISTEN_DEVICE_MOTION_SENSORS function| validateSessionIdCookie function| nsmhkxfbk function| nsrbxj string| NDS_LISTEN_MOUSE string| NDS_LISTEN_FORM function| nsmdreacu string| NDS_LISTEN_ALL function| nsfkhfdhrr string| NDS_LISTEN_NONE string| nsdxondjy function| nsdzirdvbu string| nszhuviksj string| nsqdjc string| nsdclkh string| nsqdjcd string| nsdclk function| nsdzirdv function| nsczyzgkgq string| nsqdjcdji function| nsqgqawlve function| nsqgqawl string| nsmhkxfbkm function| nskiitl string| nsmdre string| nszhuvi string| nsrbx string| nsdxon object| nsmlkfszi function| nsxufbhnu function| nsfez function| ndoIsKeyIncluded function| nsppigygah function| ndoIsModifierKey function| ndoIsNavigationKey function| ndoIsEditingKey function| ndwts object| KEYBOARD_LOCATION function| nsdzird object| KEY_TYPE_AND_LOCATION function| ndoGetKeyboardLocation function| nsfezcgqnx function| ndoGetKeyTypeAndLocationIndicator function| ndoGetObjectKeys boolean| nsmhk function| nsxufb function| nsppigyga string| ndjsStaticVersion object| nszhuvik object| nszhuviks boolean| nsdxondjyl number| nsmdr number| nsqdj object| nsrbxjjbo object| nsmhkxf object| nsmhkxfb function| nsxufbh function| attachEventListener function| nsfezcgq object| nsdclkhok object| nsmlkfszig object| nsrbxjjboo boolean| nsmlkf string| nsqdjcdjiq object| nsdxo function| nsczyzgk object| nsdcl object| nds object| nsrbxjj number| numQueries object| returned function| nsdzirdvb string| version string| ndsWidgetVersion undefined| nsmlk string| nsdxondj string| nsrbxjjb string| nszhu function| nsfkh string| nsmlkfs string| nszhuv function| nsczyzgkg function| nsxuf function| nsfezc string| nsqdjcdj object| nsdxond object| nsmdrea function| nsdclkho function| nsmdreacuv function| nsmhkx function| nsppigy function| nsppigyg function| ndwti function| nsfezcgqn function| getEnabledEvents function| nsczyzg function| nsdzir function| nsppi function| nsfkhfd function| nsfezcg function| nsxufbhnur function| nsppig function| nsxufbhn function| nsqgq function| nsqgqawlv function| nskiit function| nsczyz function| nsczy function| HashUtil function| nsfkhfdh function| nskiitls function| nsdzi object| nsmdreac function| nskii function| nskiitlse function| nsqgqaw object| ndsapi function| deshabilitate_button function| habilitate_button function| validate_content function| saveLogin function| securedCC string| webId string| ndURI number| adrum-start-time object| adrum-config boolean| isNative number| counter boolean| utag_condload undefined| new_path object| utag_cfg_ovrd undefined| userAgentArr object| utag function| isNotUndefinedOrNull function| getDocumentTitleLabel function| sendDataToGA boolean| __tealium_twc_switch object| utag_data1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.fargoservices.homes/ | Name: utag_main Value: v_id:018d41f7c2480018d35b1874912b03074002006c00b08$_sn:1$_se:1%3Bexp-session$_ss:1%3Bexp-session$_st:1706210572681%3Bexp-session$ses_id:1706208772681%3Bexp-session$_pn:1%3Bexp-session |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
connect.secure.wellsfargo.com
static.wellsfargo.com
www.fargoservices.homes
www10.wellsfargomedia.com
www15.wellsfargomedia.com
104.115.82.16
198.54.116.164
2.17.100.209
2.17.180.241
23.37.40.86
0ec17c78a8c0de92bd385f344308a3e0c715fedbb9b784820bd7aefcfc69c214
3bde8c1cf4d9bfe9d0384bd840a7c7f391fa4ef234228711f97faecd53765cbf
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
8d33516b7fd3d3f203ab43fd90653d8cfd8c44258f05c9b7d506c37c7b66df6a
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
aeb7b3bfc4281d35b02dfde05ac7a6c0d3daa7f3123b35a9cbd4b5a8e3f3c310
bfa576e69559fd610b6b9210c8ac907dde9dcc437efbea5fbe1bfe6809244399
c3da138d9164db792ba6876aa7582949c985b072ee1ac5de2b20fc60153226c0
ca6a5dc52e6d107cafb14e7f46a9aab80b8dc1a16b90f04fd77fd8d2bf5aa837
ca9bdd1a54d7591202a2eeac94ba464b2d8054ec283dde0c7cdf850f5683da7e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6a0fd9d8dacda59ae35cd448b1a459398bce497745122f607cd9e619dc066e7
e97e5dd869282c0c26ef5b1cae5ac0112c081e6608064f90eebde6131c0bbe43