ninja-pattaya.com
Open in
urlscan Pro
119.59.125.229
Malicious Activity!
Public Scan
Submission: On March 26 via automatic, source openphish
Summary
This is the only time ninja-pattaya.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
24 | 119.59.125.229 119.59.125.229 | 56067 (METRABYTE...) (METRABYTE-TH 453 Ladplacout Jorakhaebua) | |
2 | 159.45.2.156 159.45.2.156 | 10837 (WELLSFARG...) (WELLSFARGO-10837 - Wells Fargo & Company) | |
1 | 159.45.170.178 159.45.170.178 | 10837 (WELLSFARG...) (WELLSFARGO-10837 - Wells Fargo & Company) | |
29 | 4 |
ASN56067 (METRABYTE-TH 453 Ladplacout Jorakhaebua, TH)
ninja-pattaya.com |
ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US)
connect.secure.wellsfargo.com |
ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US)
static.wellsfargo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
24 |
ninja-pattaya.com
ninja-pattaya.com |
302 KB |
3 |
wellsfargo.com
connect.secure.wellsfargo.com static.wellsfargo.com |
37 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
29 | 3 |
Domain | Requested by | |
---|---|---|
24 | ninja-pattaya.com |
ninja-pattaya.com
|
2 | connect.secure.wellsfargo.com |
ninja-pattaya.com
connect.secure.wellsfargo.com |
1 | static.wellsfargo.com |
ninja-pattaya.com
|
0 | web Failed |
ninja-pattaya.com
|
29 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.wellsfargo.com |
apply.wellsfargo.com |
chat15.wellsfargo.com |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://ninja-pattaya.com/estate/wp-includes/IXR/wp-class/base64/wf/online/verify.html
Frame ID: 4A909227348DD481B8CDADF08D7933CC
Requests: 36 HTTP requests in this frame
5 Outgoing links
These are links going to different origins than the main page.
Title: Home
Search URL Search Domain Scan URL
Title: Online Security
Search URL Search Domain Scan URL
Title: Chat with us
Search URL Search Domain Scan URL
Title: Privacy, Cookies,
Search URL Search Domain Scan URL
Title: Ad Choices
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
verify.html
ninja-pattaya.com/estate/wp-includes/IXR/wp-class/base64/wf/online/ |
36 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Offers.egain
ninja-pattaya.com/estate/wp-includes/IXR/wp-class/base64/wf/online/index_files/ |
47 KB 5 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
proactive-chat.js
ninja-pattaya.com/estate/wp-includes/IXR/wp-class/base64/wf/online/index_files/ |
20 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag_004.js
ninja-pattaya.com/estate/wp-includes/IXR/wp-class/base64/wf/online/index_files/ |
129 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
a
ninja-pattaya.com/estate/wp-includes/IXR/wp-class/base64/wf/online/index_files/ |
471 B 705 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nd
ninja-pattaya.com/estate/wp-includes/IXR/wp-class/base64/wf/online/index_files/ |
36 KB 13 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-userprefs.js
ninja-pattaya.com/estate/wp-includes/IXR/wp-class/base64/wf/online/index_files/ |
143 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
conutils-6.js
ninja-pattaya.com/estate/wp-includes/IXR/wp-class/base64/wf/online/index_files/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
atadun.js
ninja-pattaya.com/estate/wp-includes/IXR/wp-class/base64/wf/online/index_files/ |
1 KB 849 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.css
ninja-pattaya.com/estate/wp-includes/IXR/wp-class/base64/wf/online/index_files/ |
78 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop-tablet.css
ninja-pattaya.com/estate/wp-includes/IXR/wp-class/base64/wf/online/index_files/ |
141 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag_010.js
ninja-pattaya.com/estate/wp-includes/IXR/wp-class/base64/wf/online/index_files/ |
10 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wf-logo.gif
ninja-pattaya.com/estate/wp-includes/IXR/wp-class/base64/wf/online/index_files/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DL_capture_photo_tips-1x.png
ninja-pattaya.com/estate/wp-includes/IXR/wp-class/base64/wf/online/index_files/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loader-sm.gif
ninja-pattaya.com/estate/wp-includes/IXR/wp-class/base64/wf/online/index_files/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
ninja-pattaya.com/estate/wp-includes/IXR/wp-class/base64/wf/online/index_files/ |
309 KB 93 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop-tablet.js
ninja-pattaya.com/estate/wp-includes/IXR/wp-class/base64/wf/online/index_files/ |
65 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
egofrrulesengine.js
web/view/proactivesales/templates/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
egpsserviceshookdef.js
web/view/proactivesales/templates/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
conutils-6.2.2.js
ninja-pattaya.com/auth/static/scripts/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
atadun.js
ninja-pattaya.com/auth/static/prefs/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nd
connect.secure.wellsfargo.com/jenny/ |
40 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
903 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
collapsible-header.png
ninja-pattaya.com/assets/images/osmp/ |
22 KB 22 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
43 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg-footer.png
ninja-pattaya.com/assets/images/osmp/ |
22 KB 22 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.js
static.wellsfargo.com/tracking/main/ |
152 KB 22 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
proactive-chat.js
ninja-pattaya.com/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loader-sm.gif
ninja-pattaya.com/assets/images/osmp/ |
11 KB 11 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
reset
ninja-pattaya.com/ |
22 KB 7 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
34 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
connect.secure.wellsfargo.com/ATADUN/2.2/w/w-642409/init/js/ |
482 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- web
- URL
- http://web/view/proactivesales/templates/egofrrulesengine.js?patch_no=15.0.5.2.85868.0.4
- Domain
- web
- URL
- http://web/view/proactivesales/templates/egpsserviceshookdef.js?patch_no=15.0.5.2.85868.0.4
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)194 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| eGOFR object| el function| ndoGetObjectKeys string| ndjsStaticVersion object| nspsyeno object| nspsye boolean| nsngvg number| nsngvgmben number| nsounandeo object| nsounand object| nssmwo object| nsowvr object| nsmjpw object| nsowvrhft object| nskghi number| nskghieg string| nsowvrhftn object| nds object| nssmw number| numQueries object| returned string| version undefined| nssmwouqk string| nsfyddd string| nsngvgmbe string| nsowv string| nssmwouqkl string| nsoun function| nsmjp function| nskghiego function| nssmwou boolean| nssmwouq object| nsowvrhf function| nspsyenoe function| nsmjpwy function| nsmjpwynh function| nsounande function| nsmjpwyn function| nsouna function| nsngvgmb function| nsfyd function| nsounan function| nspsyenoer function| nsfydddvc function| nsmjpwynhe function| nsfydddv function| nsfydddvcr function| nsngvgm function| nsfydd function| nspsy function| nskgh function| nsowvrh function| nskghiegoh function| nsngv function| nspsyen function| nskghie function| HashUtil function| nsudcyy function| nsktdutxxw function| nstqrnjxx function| rot13 function| nstqrnjx function| ndwts function| nsdkqatco function| nsudcyyzu function| nsdkq function| ndwti object| ndsapi object| EGAINCLOUD object| bundle function| disableSubmitsCollectUserPrefs function| addLoginFormFieldsAndSubmit function| jsEnabled function| addEvent object| UserPrefsHelper object| collector function| loadUserPrefs function| submitUserPrefs function| getUserPrefsOnPageLoad function| undoSaveUsername function| maskedUsernameChanged boolean| m object| q object| options object| lun3 string| ndURI boolean| isNative object| js object| fjs boolean| isTestandLearn object| campaign_hashcode object| globalHashes object| globalPackages object| devHostnames undefined| mtTagPath function| matchPageUri function| callTestAndLearn object| CryptoJS object| egainChatPostData function| $ function| jQuery object| jQuery111003071250333574864 object| WF boolean| egainAuth string| proactiveChatWebServer string| clickChat string| fieldname_2 string| fieldname_3 string| fieldname_4 string| fieldname_6 string| fieldname_7 string| fieldname_8 string| fieldname_9 string| fieldname_10 string| fieldname_11 string| fieldname_12 string| fieldname_13 string| fieldname_14 string| fieldname_15 string| fieldname_19 number| pos boolean| utag_condload undefined| new_path undefined| utag_cfg_ovrd object| utag_data undefined| productTitle object| utag function| utag_pad function| utag_visitor_id number| min number| rev object| nsewnq object| nstyi boolean| nsewnqs number| nsmzhhtn number| nstyiwtkz object| nsyreocx object| nsypvpnu object| nsmzhh object| nsyreoc object| nshnwl object| nsropjb boolean| nsxadymv string| nshnwlshdz string| nsropj string| nsyreo string| nstyiwtk string| nsyre string| nsropjbihz string| nsrop string| nsxad string| nshnw object| nsypvpnux object| nsropjbi function| nsmzh function| nsyreocxr function| nsewnqsn boolean| nsewnqsnt object| nshnwls function| nstyiwtkzj function| nshnwlsh function| nsyreocxrp function| nsypvp function| nsmzhhtntd function| nshnwlshd function| nsxady function| nsropjbih function| nsypvpnuxn function| nsmzhhtnt function| nsxadymvv function| nsxadymvvp function| nstyiw function| nsewnqsnti function| nsmzhht function| nstyiwt function| nsewn function| nsypv function| nsxadym function| nsypvpn function| nsenjnkhaf function| nspsj function| nsrkjwfi function| nsrkjw function| nsrkj function| nsbkxbvoak function| nspsjsct function| nsbkxbv function| nslzqy function| nsenjnkh function| nsrkjwfic function| nslzq function| nsldfrsw function| nspsjs function| nsenjnk1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ninja-pattaya.com/ | Name: EG_CUST_SEC Value: false |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
connect.secure.wellsfargo.com
ninja-pattaya.com
static.wellsfargo.com
web
web
119.59.125.229
159.45.170.178
159.45.2.156
03d86f34db46f2d600926047d935ece5636899bd46cb9ad04d526d11ebd28308
198506f95f9c0cf3a670f82ea63f9a560bd6ff9a17c153ad4ac5d8777e0fda21
1c14158f9c869c0e0807397a88c0323f820ce2c1c6b75833cef2cdf0669895dc
1e5d26897c6565f29fe256c7df7939d85ac21dd3b5d17a8bb85210d8287104b1
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3cafb83cc4784b45993956ef960feff631feac8108f11f608f1848303da70fd6
495543425c50a9279eb5835bec78af649a7e305875935144eb2daa61cd0b5a98
4f0e53390838b496a7bfd0695779cc06dc5f599b0424ba3d6efb8fdd40a39639
5083f4159bc8258259b358b0c98eb99889bde5d08571d8d2d4a25a85264f8725
52e95e2aead777d2a4c4685bf75a8455893ae4d20ea1bd30c921d2c4b9221397
5aaff88b910c548bd967e1b069f1f353e355f592a584190e2f44fbf5a758fe30
5fb7b85658a6e615400e0f1f3e16fc869bbd099b3c3c181c294c05d1d7d1cfe5
639b0d045846cca1deb6f04120620eb5966192cf27a0bb26e75280c3b896b944
6a284a4bdc885f0e1a7426ee4e75f98802fa2b497513b3ee3979517d6a924ec8
7bf44f2771df28cd33e276263e714fdba1b5f3d914b23640b5eb34d0f282508c
868f4bb4d12bda924f6717f73978b46725afcb7fe09857b7b676ea798f68715d
89b4c5fe0e84df616e4e0dac13bf954d855b1494ad53fcc81ee53bff575308c7
8bca7bcda5a2240d548da1e32ddb607c8d7eff6220b9a40a516be3dd2a8a5ace
9e4d152536a44a33931cdb8b08a6f085aa55632959eb4912ac22d78545969a27
b2c1dde0e463cc4cd74d5f0783d01b531128ca64cba6d71b6b5c759236cb7c0b
c2aeba594467795f742844ed61e2add692a4d40192662cb298eb54dfa51ccf21
ce4701fe864fa1984bcfd138f53b8d7f53b5405635104e7ea47d6e575645b40e
d8129d2467ce51b89b8e10bcb6d5002d7782a4ee1f28c0029875fde9c8739da5
d972c75fd236cdf747854a7abea7847739b7eb6ba26321729549fc6924d657fc
e28ce0ebcbc623aff636874e743199a519abbd22effef33f850c7ea5596a2761
e648e7c65e1b024d91af865623f579e3b1b11f1673d14c62584b6e6cc5fb85af
e9809465b933a2f42a14863aa5e2fc5b29fbdd48bc0795e24a6067e668527694
edc5ee3b590dae17b0eb19063c34680c15ee144d13583d006e6a7976b69cd2db
f0e8e424b0e530396dc090c063b9276c4a0679be4276cc57a2c9bdf1d3fb2483
f15d6bf81e7ecd583064069937a3fea6166e551a2a3fd86da07c95a2b2c5bc76