healthspiritlife.org
Open in
urlscan Pro
192.185.183.248
Malicious Activity!
Public Scan
Submission: On March 21 via automatic, source openphish
Summary
This is the only time healthspiritlife.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
22 | 192.185.183.248 192.185.183.248 | 20013 (CYRUSONE) (CYRUSONE - CyrusOne LLC) | |
2 | 216.58.207.78 216.58.207.78 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 2 | 64.158.223.157 64.158.223.157 | 25751 (VALUECLICK) (VALUECLICK - Conversant) | |
1 1 | 64.158.223.137 64.158.223.137 | 25751 (VALUECLICK) (VALUECLICK - Conversant) | |
1 1 | 104.18.41.241 104.18.41.241 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 104.31.70.67 104.31.70.67 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
26 | 5 |
ASN20013 (CYRUSONE - CyrusOne LLC, US)
PTR: 192-185-183-248.unifiedlayer.com
healthspiritlife.org |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f14.1e100.net
www.google-analytics.com |
ASN25751 (VALUECLICK - Conversant, Inc., US)
PTR: 157.vip.crm-node2.ams5.cnvr.net
adfarm.mediaplex.com |
ASN25751 (VALUECLICK - Conversant, Inc., US)
PTR: ams02-usadmm.dotomi.com
ams-login.dotomi.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.superfish.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.theravo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
healthspiritlife.org
healthspiritlife.org |
267 KB |
2 |
mediaplex.com
1 redirects
adfarm.mediaplex.com |
1 KB |
2 |
google-analytics.com
www.google-analytics.com |
17 KB |
1 |
theravo.com
www.theravo.com |
|
1 |
superfish.com
1 redirects
www.superfish.com |
359 B |
1 |
dotomi.com
1 redirects
ams-login.dotomi.com |
446 B |
26 | 6 |
Domain | Requested by | |
---|---|---|
22 | healthspiritlife.org |
healthspiritlife.org
|
2 | adfarm.mediaplex.com |
1 redirects
healthspiritlife.org
|
2 | www.google-analytics.com |
healthspiritlife.org
|
1 | www.theravo.com |
healthspiritlife.org
|
1 | www.superfish.com | 1 redirects |
1 | ams-login.dotomi.com | 1 redirects |
26 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
online.wellsfargo.com |
www.wellsfargo.com |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://healthspiritlife.org/wellsforgo/onlinebanking/question.php
Frame ID: 9743C9B9C066841D40666E0E6936F32A
Requests: 27 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
- env /^gaGlobal$/i
Lightbox (JavaScript Libraries) Expand
Detected patterns
- script /lightbox.*\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
- script /jquery-ui.*\.js/i
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- script /jquery-ui.*\.js/i
Page Statistics
21 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Customer Service
Search URL Search Domain Scan URL
Title: Locations
Search URL Search Domain Scan URL
Title: Apply
Search URL Search Domain Scan URL
Title: Banking
Search URL Search Domain Scan URL
Title: Loans & Credit
Search URL Search Domain Scan URL
Title: Insurance
Search URL Search Domain Scan URL
Title: Investing
Search URL Search Domain Scan URL
Title: Online Banking Enrollment
Search URL Search Domain Scan URL
Title: Online Security Guarantee
Search URL Search Domain Scan URL
Title: Privacy, Security and Legal
Search URL Search Domain Scan URL
Title: Online Access Agreement
Search URL Search Domain Scan URL
Title: Security Questions Overview
Search URL Search Domain Scan URL
Title: About Wells Fargo
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: Report Email Fraud
Search URL Search Domain Scan URL
Title: Sitemap
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 15- http://www.google-analytics.com/ga.js HTTP 307
- https://www.google-analytics.com/ga.js
- http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.1&utms=1&utmn=1470860645&utmhn=healthspiritlife.org&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Wells%20Fargo%3A%20Accounts%20Verification&utmhid=1930725713&utmr=-&utmp=%2Fwellsforgo%2Fonlinebanking%2Fquestion.php&utmht=1521612280748&utmac=UA-57014780-1&utmcc=__utma%3D168281784.899900214.1521612281.1521612281.1521612281.1%3B%2B__utmz%3D168281784.1521612281.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=20073646&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 307
- https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.1&utms=1&utmn=1470860645&utmhn=healthspiritlife.org&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Wells%20Fargo%3A%20Accounts%20Verification&utmhid=1930725713&utmr=-&utmp=%2Fwellsforgo%2Fonlinebanking%2Fquestion.php&utmht=1521612280748&utmac=UA-57014780-1&utmcc=__utma%3D168281784.899900214.1521612281.1521612281.1521612281.1%3B%2B__utmz%3D168281784.1521612281.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=20073646&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
- http://adfarm.mediaplex.com/ad/bk/994-1668-2054-5?COL01STO=1&Unique_ID=11201505250225211793504995 HTTP 302
- http://ams-login.dotomi.com/commonid/match?rurl=http%3A%2F%2Fadfarm.mediaplex.com%2Fad%2Fbk%2F994-1668-2054-5%3Fmpu_token%3DAAAFsmeBJwfN5gAFCY46AAAAAAA%26COL01STO%3D1%26Unique_ID%3D11201505250225211793504995&user_token=AAAFsmeBJwfN5gAFCY46AAAAAAA&tok=lPssnP428Hs%3D HTTP 302
- http://adfarm.mediaplex.com/ad/bk/994-1668-2054-5?mpu_token=AAAFsmeBJwfN5gAFCY46AAAAAAA&COL01STO=1&Unique_ID=11201505250225211793504995&status=0
- https://www.superfish.com/ws/sf_conduit.jsp?dlsource=fastestchrome&CTID=1_2015-01&userId=fastest_000_fastestchrome_1_2015-01_ HTTP 301
- https://www.theravo.com/ws/sf_conduit.jsp?dlsource=fastestchrome&CTID=1_2015-01&userId=fastest_000_fastestchrome_1_2015-01_
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
question.php
healthspiritlife.org/wellsforgo/onlinebanking/ |
20 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfwiblib.js
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/ |
61 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/ |
214 KB 62 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui.js
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/ |
32 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
util.js
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/ |
23 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
google_analytics_auto.js
healthspiritlife.org/ |
430 B 586 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
async-keepalive.css
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/ |
59 B 340 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
async-keepalive.js
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
publicsite.css
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/ |
13 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_62sq.gif
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/ |
616 B 832 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shim.gif
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/ |
43 B 258 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
enroll-lightbox.js
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
close_lb_weak.gif
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/ |
152 B 368 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mediaplexROI.js
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
994-1668-2054-5
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/ |
49 B 354 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
ga.js
www.google-analytics.com/ Redirect Chain
|
45 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
__utm.gif
www.google-analytics.com/r/ Redirect Chain
|
35 B 101 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
left_nav_dot.gif
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/images/ |
26 KB 26 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
caret_header_left.gif
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/images/ |
26 KB 26 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tab_bottom.gif
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/images/ |
26 KB 26 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
selected_tab.gif
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/images/ |
26 KB 26 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
unselected_tab.jpg
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/images/ |
26 KB 26 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
new_search_corner.gif
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/images/ |
2 KB 2 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
btn_blueslice.gif
healthspiritlife.org/wellsforgo/onlinebanking/Wells%20Fargo_files/images/ |
26 KB 26 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
994-1668-2054-5
adfarm.mediaplex.com/ad/bk/ Redirect Chain
|
49 B 605 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
sf_conduit.jsp
www.theravo.com/ws/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)99 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| wfOpenWin function| showPopUpMsg function| hidePopupMessage function| hasTryCatch number| calculatorGlobalMonthlyTargetAmount number| calculatorGlobalTargetAmount function| changeDisplayState function| showCalculator function| toggleAllCalculator function| showAllCalculator function| hideAllCalculator function| toggleObject function| createCalculator function| roundDec function| floorDec function| shiftRight function| getCommaDelimitedNumberAsString function| stripCommas function| stripBlanks function| validateCalculatorForm function| calculateMonthlyAmounts function| calculateTargetAmounts function| doResults function| doCalculate function| doSetAmount function| clearMonthlyAmountTextField function| clearTargetAmountTextField object| months object| dayz object| leaddaysDB object| holidayDB object| sysdate undefined| sendonDate undefined| deliveronDate undefined| lead number| daysahead number| dayspast undefined| nextMonth undefined| previousMonth undefined| startDate object| firstEverAvailableStartDate object| calendarFixedStartDate boolean| isYearFormatYY undefined| sourceElement function| getFirstDay function| getMonthLen function| showCalendar function| showAllCalendar function| hideAllCalendar function| formatDate function| toggleAllCalendar function| createCalendar function| populateNavigation function| populateTables function| deleteTable function| populateTable function| chooseDate function| setSelectabledate function| formatDayofmonth function| formatMonthofyear function| day function| isToday function| isTomorrow function| isWeekend function| isPast function| isSelectable function| formatDay function| nextMonthAvailable function| previousMonthAvailable function| nextYearAvailable function| previousYearAvailable boolean| isCSS boolean| isW3C boolean| isIE4 boolean| isNN4 boolean| isIE6CSS function| initDHTMLAPI function| seekLayer function| getRawObject function| getObject function| show function| hide object| win function| popup function| newWindow function| addEvent function| $ function| jQuery function| recordLinkClick object| _gaq object| _gat object| gaGlobal function| ROItag object| mpt string| mediapleximgreq string| servingprotocol string| adserver string| imgAttributes string| pseudoUniqueId0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
adfarm.mediaplex.com
ams-login.dotomi.com
healthspiritlife.org
www.google-analytics.com
www.superfish.com
www.theravo.com
104.18.41.241
104.31.70.67
192.185.183.248
216.58.207.78
64.158.223.137
64.158.223.157
085feb6b778a68fcc9fbbfc02de8e824a85d97c2ff1e6f790731373d0a505b62
29ad85d10678437a5e68923c8894dbfaa0b8c708da9fdecb2f74691625ad6c9c
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
30f462d45026dc8ecd8cc61cacaa8dd64232abd2f2472c5b7415434c3286516c
5094cb9fb82e0f1f5951a7dfc5f357a62602862de942d692355f195fb93783cf
54967cc9397b5b04a7c05e0340c8b6b8c055fbc9629f214e431bbeea2a0ff486
5d09a555dcf06a42ea6be27bbdf94674e6d27019edc90d8a4c041b7f209e9ec7
6e1fbacc5af53bf9b483f27525bba242dfdee626dbe4ac25f2ea1af4a130b1ea
71076318566563739327fc51adbb6a2b7b335826cb8e6666e679ec98a9969c8d
710feaa2cdcce6b78ab901605a56391961f875df663d19eb931495a562a6c87b
7c2c58fc24e2d3458b88680cfad4577011697df9a1406808f2f7d8f46060d8a7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
9686e19fc8ae99de3a935a149c72aa4609805ff2ef147a23719cdf00977f08ff
9dfc702f1929ae196e00732ae43f76eb082945e05898e6981b190003fa3f324b
a543bcd85fb5edcd16fc1f4d6a6b7def24abdd37e37862931720b065334157af
b231b6c533c2b68875ad9baaf0a42c7bb2884179f6759073156abf352f8610d1
c0fc8aa23f59a81228c1afba9511ed21d439df804a4e2d508ac6a4e0ae617b6f
c37bd5b9f9b98db426a26edb81fbc339e7cdd5c76288d953b5f74d15b131e7b9
c512aef01c7057499342f8552124fcadb63ec0351f649b30d1dfa39af70f8c67
d64d563a5b1e1542c779ece943f88ccf61d18b5bd3f83733808a0ff6099635ce
db6526b270437e0055277dc7649cb134744c33627573950f17f4b52499adb2d8
e4fdd8652aed6aba9362c7e259ec19bf1821527ab155b9a3d54c860e03b102cc
ebf4a535fa6a88962621940e780ca0cd6707b6cdaed59f469f0aeada311d09d1
ff09fe9841b3d449cc54658471f67300b3d942e9cf5dcda72d2b920b344da6c4