![](/screenshots/79fd470a-44a8-49af-aa5f-fe788bb53963.png)
dehandsservices.com
Open in
urlscan Pro
192.185.27.209
Malicious Activity!
Public Scan
Submission: On April 23 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R3 on April 2nd 2022. Valid for: 3 months.
This is the only time dehandsservices.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 192.185.27.209 192.185.27.209 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
8 | 2 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-27-209.unifiedlayer.com
dehandsservices.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
dehandsservices.com
dehandsservices.com |
116 KB |
8 | 1 |
Domain | Requested by | |
---|---|---|
8 | dehandsservices.com |
dehandsservices.com
|
8 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
dehandsservices.com R3 |
2022-04-02 - 2022-07-01 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://dehandsservices.com/welsc/cb234/ufmail.php
Frame ID: 922E01FCE1D0506EF76AC5F83C97A4AF
Requests: 11 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
ufmail.php
dehandsservices.com/welsc/cb234/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
dehandsservices.com/welsc/cb234/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mobile.css
dehandsservices.com/css/ |
97 B 134 B |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
desktop-tablet.combined.css
dehandsservices.com/welsc/cb234/css/ |
192 KB 65 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
archer.css
dehandsservices.com/welsc/cb234/css/ |
21 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
masthead-img-logo.svg
dehandsservices.com/welsc/cb234/images/ |
6 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
428 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
532 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
myriad.woff2
dehandsservices.com/welsc/cb234/javascript/ |
97 B 157 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
16 KB 16 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
awe.woff
dehandsservices.com/welsc/cb234/javascript/ |
25 KB 25 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails string| message undefined| NOclickIE function| NOclickNN1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
dehandsservices.com/ | Name: PHPSESSID Value: c852b541f1a2b38f69aa36391c8acd83 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dehandsservices.com
192.185.27.209
03de4b9cf46dd5570223a4f4b3f57a02b609fc53430d95c2f265e8b6368713a3
1f3fd405c64b807d88a6f32a0b972c38e9ca66f3380ca051d7c8038c5b96b880
2bd4c004dfd10d10b5de543a644561496dfd9067ba2b08b28070a4b0be9936da
4494dc1a680a71d0daf2836a070d79d6ceab65868a00adc9cab1aab43e8bd6f1
5f7d5fb148b72d2c8c3a459d94eb65d1c927da54c1ecb43f9bddfe6449730cfe
86faeab09e16d426a818bb33e89eb231d3c005905ecfa88e11365e50768e3b1c
8bb7974183ff975132235b0da28f9eb00d607ce863ed24ae71219ec96a38b5ef
addf96fe07895d750d00834b2cf4e66bd6cfb25364a40bde81c8464e00698947
e96b46a59ee68d66d600ccd8ce06ac4144a225e5125a8ad23ddaf024e09d71eb
ec79944db4d93322bed340b06a4857933393d301ce53039f7a16dc5ea7964187