![](/screenshots/36f65763-a829-49ba-b257-27908bf3dd20.png)
tecfinancial.com.au
Open in
urlscan Pro
116.0.23.174
Malicious Activity!
Public Scan
Submission Tags: tweet @atomspam #phishing #wellsfargo #financial #banking #infosec #cybersecurity #atomspam Search All
Submission: On March 26 via api from FI — Scanned from AU
Summary
TLS certificate: Issued by R3 on February 18th 2023. Valid for: 3 months.
This is the only time tecfinancial.com.au was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 116.0.23.174 116.0.23.174 | 38719 (DREAMSCAP...) (DREAMSCAPE-AS-AP Dreamscape Networks Limited) | |
13 | 23.223.18.105 23.223.18.105 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
14 | 3 |
ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)
PTR: neptune.instanthosting.com.au
tecfinancial.com.au |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-223-18-105.deploy.static.akamaitechnologies.com
connect.secure.wellsfargo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
wellsfargo.com
connect.secure.wellsfargo.com — Cisco Umbrella Rank: 13540 |
414 KB |
1 |
tecfinancial.com.au
tecfinancial.com.au |
14 KB |
14 | 2 |
Domain | Requested by | |
---|---|---|
13 | connect.secure.wellsfargo.com |
tecfinancial.com.au
connect.secure.wellsfargo.com |
1 | tecfinancial.com.au | |
14 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.wellsfargo.com |
oam.wellsfargo.com |
icomplete.wellsfargo.com |
www.wellsfargorewards.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
tecfinancial.com.au R3 |
2023-02-18 - 2023-05-19 |
3 months | crt.sh |
connect.secure.wellsfargo.com DigiCert EV RSA CA G2 |
2022-10-11 - 2023-10-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://tecfinancial.com.au/.well-known/acme-challenge/wellsfargo/index.html
Frame ID: 9453F4125B16CD0718D9CF9B82BBBBF1
Requests: 17 HTTP requests in this frame
18 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Customer Service
Search URL Search Domain Scan URL
Title: Apply
Search URL Search Domain Scan URL
Title: Online Banking Enrollment
Search URL Search Domain Scan URL
Title: Online Security Guarantee
Search URL Search Domain Scan URL
Title: Privacy, Security and Legal
Search URL Search Domain Scan URL
Title: Online Access Agreement
Search URL Search Domain Scan URL
Title: Security Questions Overview
Search URL Search Domain Scan URL
Title: Username/Password Help
Search URL Search Domain Scan URL
Title: Sign Up Now
Search URL Search Domain Scan URL
Title: Applications In Progress
Search URL Search Domain Scan URL
Title: Credit Card Rewards
Search URL Search Domain Scan URL
Title: About Wells Fargo
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: Report Email Fraud
Search URL Search Domain Scan URL
Title: Sitemap
Search URL Search Domain Scan URL
Title: Ad Choices
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
tecfinancial.com.au/.well-known/acme-challenge/wellsfargo/ |
14 KB 14 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
signon_clean.min.css
connect.secure.wellsfargo.com/auth/static/wfa/css/ |
7 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-userprefs.min.js
connect.secure.wellsfargo.com/auth/static/prefs/ |
266 KB 149 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
connect.secure.wellsfargo.com/auth/static/scripts/ |
87 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
popover.js
connect.secure.wellsfargo.com/auth/static/scripts/ |
684 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
atadun.js
connect.secure.wellsfargo.com/auth/static/prefs/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
glu.js
connect.secure.wellsfargo.com/AIDO/ |
68 KB 37 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mint.js
connect.secure.wellsfargo.com/AIDO/ |
254 KB 134 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pic.js
connect.secure.wellsfargo.com/PIDO/ |
88 KB 51 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
37 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
616 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
new_search_corner.gif
connect.secure.wellsfargo.com/auth/static/wfa/css/images/ |
49 B 1013 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
btn_blueslice.gif
connect.secure.wellsfargo.com/auth/static/wfa/css/images/ |
152 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
caret_header_left.gif
connect.secure.wellsfargo.com/auth/static/wfa/css/images/ |
55 B 1007 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
left_nav_dot.gif
connect.secure.wellsfargo.com/auth/static/wfa/css/images/ |
43 B 1007 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
89 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
90 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)43 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| antiClickjack string| webId string| ndURI string| ATADUN_PATH boolean| isNative string| loginUrlBase object| scriptParent string| loginUrlBaseNoProtocol object| getUrl string| host string| port string| guid object| upjsErrors function| appendFIDOEligibleInputs function| disableSubmitsCollectUserPrefs function| base64EncodingforNDSPMD function| addExceptionsToForm function| addLoginFormFieldsAndSubmit function| jsEnabled function| addEvent function| undoSaveUsername function| maskedUsernameChanged function| addScriptElement function| getCookie function| appendHiddenInput function| addCookiesToForm function| setWFACookies function| generateGuid function| brief function| $ function| jQuery object| $popover number| counter object| ___sc124934 object| ___so124934 number| CLIWHIT string| PSESSIONID string| SSESSIONID string| LSESSIONID object| __tp number| __gt function| grip1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
tecfinancial.com.au/ | Name: LSESSIONID Value: eyJpIjoiNzRhMXI2UmFVRUVoK1lxaDFrR25YUT09IiwiZSI6IlYxQVwvcEFKZTZXbTk5UHJFOUtoTStqN09Zc1lQcFE5NlFCWTlWWnU5blVmbmxJWE01MUFySGJxUFwvNlR2bGk3QkZmcHlUSm5sc3hmMG10Nk1mSVBTa1M0RWQyb2ZQaHlOVGViZDdpUnlYTktkNExHMm81RU5EUlFWMHI0czJCUTFDd1VYZHhOcllhU3RUNlUzdjVkZTFnPT0ifQ%3D%3D.ad7fb17859f61fb0.ZWMzMDhiNDY0NjA2N2VkOGU1NDJiOTZkN2JjYzQ1YmE4MDA1NmUwZjUyYTUzMWRjYjI0M2IyMDI1MzcxODQ0Mg%3D%3D |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
connect.secure.wellsfargo.com
tecfinancial.com.au
116.0.23.174
23.223.18.105
04ebbc8b6a0071e1d78440d674dad23569fd0f33217cfb13c57fe0cf07b14547
1e776523ad4b7aabbafe543437026068fa33850abd9fdc8c482c22b9357f5ba2
2b6064d681ec36a48ed5c322c76a54c37ab7c3ce48d7ebde637dcdefc9f4baf7
43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23
9835e5a575898b89a3aec953cca08d6d59ea7cb311c9cea33ec09ea411b1abd5
aa90a905e9568c49d4b90aab9ea21e4f327313f23d78e46953d951bdd93ee6a1
acceff436626b0c5365619d2b6aed49f2fcff4c2f2ce51abe598cb164cdccd75
b685bdb67aef42d3d3c5670d7b09425c19322c33bd16cab975daff5db647f3cd
b828614ddb0d0c26dbe68f13f08af3763fd761e1ff2f9b889a1fff9e125e83bb
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
db53c3c794890dacc6969a17d1c28c1645007870e20e1fdfcff7b84324100301
dd77bede93256e88a4f6b6b05bca756126011650ce56a2a5e7ea6ecf44941fe2
ebf4a535fa6a88962621940e780ca0cd6707b6cdaed59f469f0aeada311d09d1
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f86644ff64cb46c9dbb91db977e14771d6fcc0dd83735859d5960e7e6e3a6da3
fc033cf2643f061128064098fc3ca28ee75cd03ec482937a0fc37189d74ce523