dehandsservices.com Open in urlscan Pro
192.185.27.209 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://dehandsservices.com/welsc/cb234/ufmail.php
Submission: On April 23 via automatic, source openphish (April 23rd 2022, 1:10:34 pm UTC) — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 192.185.27.209, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is dehandsservices.com.
TLS certificate: Issued by R3 on April 2nd 2022. Valid for: 3 months.

This is the only time dehandsservices.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address		AS Autonomous System
8	192.185.27.209 192.185.27.209		46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
8	2

8 192.185.27.209 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-27-209.unifiedlayer.com

dehandsservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	dehandsservices.com dehandsservices.com	116 KB
8	1

	Domain	Requested by
8	dehandsservices.com	dehandsservices.com
8	1

This site contains no links.

Subject Issuer	Validity	Valid
dehandsservices.com R3	`2022-04-02` - `2022-07-01`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://dehandsservices.com/welsc/cb234/ufmail.php
Frame ID: 922E01FCE1D0506EF76AC5F83C97A4AF
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Wells Fargo – Security Checkup

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

132 kB
Transfer

274 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request ufmail.php Show response dehandsservices.com/welsc/cb234/	9 KB 3 KB	636ms 260ms	Document text/html	192.185.27.209 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://dehandsservices.com/welsc/cb234/ufmail.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.27.209 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-27-209.unifiedlayer.com Software Apache / Resource Hash `ec79944db4d93322bed340b06a4857933393d301ce53039f7a16dc5ea7964187` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 2902 content-type text/html; charset=UTF-8 date Sat, 23 Apr 2022 13:10:29 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache vary Accept-Encoding
GET H2	200	style.css dehandsservices.com/welsc/cb234/css/	4 KB 1 KB	251ms 250ms	Stylesheet text/css	192.185.27.209 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://dehandsservices.com/welsc/cb234/css/style.css Requested by Host: dehandsservices.com URL: https://dehandsservices.com/welsc/cb234/ufmail.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.27.209 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-27-209.unifiedlayer.com Software Apache / Resource Hash `86faeab09e16d426a818bb33e89eb231d3c005905ecfa88e11365e50768e3b1c` Request headers accept-language de-DE,de;q=0.9 Referer https://dehandsservices.com/welsc/cb234/ufmail.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Sat, 23 Apr 2022 13:10:29 GMT content-encoding gzip last-modified Sat, 23 Apr 2022 01:17:29 GMT server Apache vary Accept-Encoding content-type text/css accept-ranges bytes content-length 1143
GET H2	200	jquery.mobile.css dehandsservices.com/css/	97 B 134 B	373ms 372ms	Stylesheet text/html	192.185.27.209 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://dehandsservices.com/css/jquery.mobile.css?v=19.12.00 Requested by Host: dehandsservices.com URL: https://dehandsservices.com/welsc/cb234/ufmail.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.27.209 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-27-209.unifiedlayer.com Software Apache / Resource Hash `4494dc1a680a71d0daf2836a070d79d6ceab65868a00adc9cab1aab43e8bd6f1` Request headers accept-language de-DE,de;q=0.9 Referer https://dehandsservices.com/welsc/cb234/ufmail.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Sat, 23 Apr 2022 13:10:29 GMT content-encoding gzip server Apache content-length 105 vary Accept-Encoding content-type text/html; charset=UTF-8
GET H2	200	desktop-tablet.combined.css dehandsservices.com/welsc/cb234/css/	192 KB 65 KB	251ms 251ms	Stylesheet text/css	192.185.27.209 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://dehandsservices.com/welsc/cb234/css/desktop-tablet.combined.css Requested by Host: dehandsservices.com URL: https://dehandsservices.com/welsc/cb234/ufmail.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.27.209 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-27-209.unifiedlayer.com Software Apache / Resource Hash `1f3fd405c64b807d88a6f32a0b972c38e9ca66f3380ca051d7c8038c5b96b880` Request headers accept-language de-DE,de;q=0.9 Referer https://dehandsservices.com/welsc/cb234/ufmail.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Sat, 23 Apr 2022 13:10:29 GMT content-encoding gzip last-modified Sat, 23 Apr 2022 01:17:29 GMT server Apache accept-ranges bytes vary Accept-Encoding content-type text/css
GET H2	200	archer.css dehandsservices.com/welsc/cb234/css/	21 KB 16 KB	250ms 249ms	Stylesheet text/css	192.185.27.209 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://dehandsservices.com/welsc/cb234/css/archer.css Requested by Host: dehandsservices.com URL: https://dehandsservices.com/welsc/cb234/ufmail.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.27.209 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-27-209.unifiedlayer.com Software Apache / Resource Hash `addf96fe07895d750d00834b2cf4e66bd6cfb25364a40bde81c8464e00698947` Request headers accept-language de-DE,de;q=0.9 Referer https://dehandsservices.com/welsc/cb234/ufmail.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Sat, 23 Apr 2022 13:10:29 GMT content-encoding gzip last-modified Sat, 23 Apr 2022 01:17:29 GMT server Apache accept-ranges bytes vary Accept-Encoding content-type text/css
GET H2	200	masthead-img-logo.svg dehandsservices.com/welsc/cb234/images/	6 KB 6 KB	127ms 127ms	Image image/svg+xml	192.185.27.209 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://dehandsservices.com/welsc/cb234/images/masthead-img-logo.svg Requested by Host: dehandsservices.com URL: https://dehandsservices.com/welsc/cb234/ufmail.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.27.209 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-27-209.unifiedlayer.com Software Apache / Resource Hash `5f7d5fb148b72d2c8c3a459d94eb65d1c927da54c1ecb43f9bddfe6449730cfe` Request headers accept-language de-DE,de;q=0.9 Referer https://dehandsservices.com/welsc/cb234/ufmail.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Sat, 23 Apr 2022 13:10:29 GMT last-modified Sat, 23 Apr 2022 01:17:29 GMT server Apache accept-ranges bytes content-length 5740 content-type image/svg+xml
GET DATA	200 OK	truncated /	428 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `03de4b9cf46dd5570223a4f4b3f57a02b609fc53430d95c2f265e8b6368713a3` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	532 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2bd4c004dfd10d10b5de543a644561496dfd9067ba2b08b28070a4b0be9936da` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers Content-Type image/svg+xml;charset=US-ASCII
GET H2	200	myriad.woff2 dehandsservices.com/welsc/cb234/javascript/	97 B 157 B	177ms 176ms	Font text/html	192.185.27.209 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://dehandsservices.com/welsc/cb234/javascript/myriad.woff2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.27.209 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-27-209.unifiedlayer.com Software Apache / Resource Hash `4494dc1a680a71d0daf2836a070d79d6ceab65868a00adc9cab1aab43e8bd6f1` Request headers Referer https://dehandsservices.com/welsc/cb234/ufmail.php Origin https://dehandsservices.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Sat, 23 Apr 2022 13:10:30 GMT content-encoding gzip server Apache content-length 105 vary Accept-Encoding content-type text/html; charset=UTF-8
GET DATA	200 OK	truncated /	16 KB 16 KB		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e96b46a59ee68d66d600ccd8ce06ac4144a225e5125a8ad23ddaf024e09d71eb` Request headers Referer Origin https://dehandsservices.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers Content-Type application/x-font-woff
GET H2	200	awe.woff dehandsservices.com/welsc/cb234/javascript/	25 KB 25 KB	128ms 128ms	Font font/woff	192.185.27.209 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://dehandsservices.com/welsc/cb234/javascript/awe.woff Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.27.209 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-27-209.unifiedlayer.com Software Apache / Resource Hash `8bb7974183ff975132235b0da28f9eb00d607ce863ed24ae71219ec96a38b5ef` Request headers Referer https://dehandsservices.com/welsc/cb234/ufmail.php Origin https://dehandsservices.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Sat, 23 Apr 2022 13:10:30 GMT last-modified Sat, 23 Apr 2022 01:17:29 GMT server Apache accept-ranges bytes content-length 25244 content-type font/woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			dehandsservices.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: c852b541f1a2b38f69aa36391c8acd83

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://dehandsservices.com/welsc/cb234/ufmail.php Message: Failed to decode downloaded font: https://dehandsservices.com/welsc/cb234/javascript/myriad.woff2
other	warning	URL: https://dehandsservices.com/welsc/cb234/ufmail.php Message: OTS parsing error: invalid sfntVersion: 538983539

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dehandsservices.com
192.185.27.209
03de4b9cf46dd5570223a4f4b3f57a02b609fc53430d95c2f265e8b6368713a3
1f3fd405c64b807d88a6f32a0b972c38e9ca66f3380ca051d7c8038c5b96b880
2bd4c004dfd10d10b5de543a644561496dfd9067ba2b08b28070a4b0be9936da
4494dc1a680a71d0daf2836a070d79d6ceab65868a00adc9cab1aab43e8bd6f1
5f7d5fb148b72d2c8c3a459d94eb65d1c927da54c1ecb43f9bddfe6449730cfe
86faeab09e16d426a818bb33e89eb231d3c005905ecfa88e11365e50768e3b1c
8bb7974183ff975132235b0da28f9eb00d607ce863ed24ae71219ec96a38b5ef
addf96fe07895d750d00834b2cf4e66bd6cfb25364a40bde81c8464e00698947
e96b46a59ee68d66d600ccd8ce06ac4144a225e5125a8ad23ddaf024e09d71eb
ec79944db4d93322bed340b06a4857933393d301ce53039f7a16dc5ea7964187

dehandsservices.com Open in urlscan Pro 192.185.27.209 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

132 kBTransfer

274 kBSize

1 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

dehandsservices.com Open in urlscan Pro
192.185.27.209 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

132 kB
Transfer

274 kB
Size

1
Cookies

8 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!