www.aacpa.com.sa
Open in
urlscan Pro
145.239.232.126
Malicious Activity!
Public Scan
Submission: On June 24 via api from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 6th 2021. Valid for: 3 months.
This is the only time www.aacpa.com.sa was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 9 | 145.239.232.126 145.239.232.126 | 16276 (OVH) (OVH) | |
2 | 2606:4700::68... 2606:4700::6810:125e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
aacpa.com.sa
2 redirects
www.aacpa.com.sa |
92 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com |
69 KB |
10 | 2 |
Domain | Requested by | |
---|---|---|
9 | www.aacpa.com.sa |
2 redirects
www.aacpa.com.sa
|
2 | cdnjs.cloudflare.com |
www.aacpa.com.sa
|
10 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
aacpa.com.sa cPanel, Inc. Certification Authority |
2021-06-06 - 2021-09-04 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-21 - 2021-10-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.aacpa.com.sa/sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/TestDox/PHP/en.connect.secure.oam.wellsfargo.com.auth.dashboard.login.present.webid-n9sak2/login/indexs?auth/dashboard
Frame ID: 0C50A4148A8A2C4C7CF48D2FE8CA3B01
Requests: 12 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 8- https://www.aacpa.com.sa/sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/TestDox/PHP/en.connect.secure.oam.wellsfargo.com.auth.dashboard.login.present.webid-n9sak2/login/javascript/myriad.woff2 HTTP 302
- https://www.aacpa.com.sa/search/sites%20all%20libraries%20mailchimp%20vendor%20phpunit%20phpunit%20src%20Util%20TestDox%20PHP%20en%20connect%20secure%20oam%20wellsfargo%20com%20auth%20dashboard%20login%20present%20webid%20n9sak2%20login%20javascript%20myriad%20woff2 HTTP 302
- https://www.aacpa.com.sa/search/content
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
indexs
www.aacpa.com.sa/sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/TestDox/PHP/en.connect.secure.oam.wellsfargo.com.auth.dashboard.login.present.webid-n9sak2/login/ |
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
www.aacpa.com.sa/sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/TestDox/PHP/en.connect.secure.oam.wellsfargo.com.auth.dashboard.login.present.webid-n9sak2/login/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery.mobile.css
www.aacpa.com.sa/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop-tablet.combined.css
www.aacpa.com.sa/sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/TestDox/PHP/en.connect.secure.oam.wellsfargo.com.auth.dashboard.login.present.webid-n9sak2/login/css/ |
192 KB 33 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
archer.css
www.aacpa.com.sa/sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/TestDox/PHP/en.connect.secure.oam.wellsfargo.com.auth.dashboard.login.present.webid-n9sak2/login/css/ |
21 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
masthead-img-logo.svg
www.aacpa.com.sa/sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/TestDox/PHP/en.connect.secure.oam.wellsfargo.com.auth.dashboard.login.present.webid-n9sak2/login/images/ |
6 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/ |
256 KB 64 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ |
20 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
428 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
content
www.aacpa.com.sa/search/ Redirect Chain
|
40 KB 9 KB |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
16 KB 16 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
awe.woff
www.aacpa.com.sa/sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/TestDox/PHP/en.connect.secure.oam.wellsfargo.com.auth.dashboard.login.present.webid-n9sak2/login/javascript/ |
25 KB 25 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.aacpa.com.sa
- URL
- https://www.aacpa.com.sa/css/jquery.mobile.css?v=19.12.00
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)25 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated string| message undefined| NOclickIE function| NOclickNN function| checkform string| a string| b string| c string| d string| e string| code function| ValidCaptcha function| removeSpaces function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
www.aacpa.com.sa
www.aacpa.com.sa
145.239.232.126
2606:4700::6810:125e
03de4b9cf46dd5570223a4f4b3f57a02b609fc53430d95c2f265e8b6368713a3
1a015b2cebfb6b06c755f552b9dbd123a7a3c59907f3782916737d5c37d82767
1f3fd405c64b807d88a6f32a0b972c38e9ca66f3380ca051d7c8038c5b96b880
5f7d5fb148b72d2c8c3a459d94eb65d1c927da54c1ecb43f9bddfe6449730cfe
78f27c3d7cb5d766466703adc7f7ad7706b7fb05514eec39be0aa253449bd0f8
86faeab09e16d426a818bb33e89eb231d3c005905ecfa88e11365e50768e3b1c
8bb7974183ff975132235b0da28f9eb00d607ce863ed24ae71219ec96a38b5ef
9ed966faf779abd1dbaa5d2ada23e09986ae69b9617f59d7b02b3d92bf582265
addf96fe07895d750d00834b2cf4e66bd6cfb25364a40bde81c8464e00698947
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
e96b46a59ee68d66d600ccd8ce06ac4144a225e5125a8ad23ddaf024e09d71eb