![](/screenshots/26e8cb2d-18f4-4845-99ca-790fa08b08af.png)
thestudytown.com
Open in
urlscan Pro
142.54.168.172
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On September 20 via api from GB
Summary
This is the only time thestudytown.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 142.54.168.172 142.54.168.172 | 33387 (NOCIX) (NOCIX - DataShack) | |
7 | 2 |
ASN33387 (NOCIX - DataShack, LC, US)
PTR: thunder.rvoox.com
thestudytown.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
thestudytown.com
thestudytown.com |
43 KB |
7 | 1 |
Domain | Requested by | |
---|---|---|
7 | thestudytown.com |
thestudytown.com
|
7 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://thestudytown.com/app/Wells/Well/af54bgs45n4hsg5t4j1nh54es1gt5hj41ye41je6d/login/1/E.php
Frame ID: 24DF9474D46A2608EE9603226CC72A10
Requests: 8 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
E.php
thestudytown.com/app/Wells/Well/af54bgs45n4hsg5t4j1nh54es1gt5hj41ye41je6d/login/1/ |
11 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.css
thestudytown.com/app/Wells/Well/af54bgs45n4hsg5t4j1nh54es1gt5hj41ye41je6d/login/1/T.Goe/ |
84 KB 38 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shim.gif
thestudytown.com/app/Wells/Well/af54bgs45n4hsg5t4j1nh54es1gt5hj41ye41je6d/login/1/T.Goe/ |
43 B 418 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
20.png
thestudytown.com/app/Wells/Well/af54bgs45n4hsg5t4j1nh54es1gt5hj41ye41je6d/login/1/T.Goe/ |
239 B 615 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
21.png
thestudytown.com/app/Wells/Well/af54bgs45n4hsg5t4j1nh54es1gt5hj41ye41je6d/login/1/T.Goe/ |
271 B 648 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
25.png
thestudytown.com/app/Wells/Well/af54bgs45n4hsg5t4j1nh54es1gt5hj41ye41je6d/login/1/T.Goe/ |
395 B 772 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
64.png
thestudytown.com/app/Wells/Well/af54bgs45n4hsg5t4j1nh54es1gt5hj41ye41je6d/login/1/T.Goe/ |
0 112 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
thestudytown.com
142.54.168.172
00b2519c3ecb866ffc2be3565c3c5199ce0b8f07c7e627404a0253e73f00c83e
1905884317b7966c4f1751ee4cb9b3b1475e09dec8ffab9e6f5cc0a007c68d36
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
b8a94f8f5c066338d82c9db83729a879c4a6f7b55a67b663c80027c1d8b4c629
c3eae7afa0de88591ea3db2996b72ba0592ae63f0b9e0ffca90f03bcdab4775a
c4d4c80941d36e12385228e371881b3b2026b1d4b6383aef78ef0c8ec3a20afc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec04389b5b81da4ce01879e7bc68a8cc1fe2b912efb16b01ea511b80f923f79f