fitness-365.ru
Open in
urlscan Pro
87.236.19.49
Malicious Activity!
Public Scan
Submission: On January 30 via automatic, source openphish
Summary
This is the only time fitness-365.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 87.236.19.49 87.236.19.49 | 198610 (BEGET-AS ) (BEGET-AS ) | |
13 | 159.45.66.154 159.45.66.154 | 4196 (WELLSFARG...) (WELLSFARGO-4196 - Wells Fargo & Company) | |
5 | 2.21.246.179 2.21.246.179 | 20940 (AKAMAI-ASN1 ) (AKAMAI-ASN1 ) | |
1 | 63.215.202.68 63.215.202.68 | () () | |
20 | 4 |
ASN198610 (BEGET-AS , RU)
PTR: m2.doom2.beget.com
fitness-365.ru |
ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US)
PTR: online.wellsfargo.com
online.wellsfargo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
wellsfargo.com
online.wellsfargo.com |
20 KB |
5 |
akamai.net
a248.e.akamai.net |
5 KB |
1 |
mediaplex.com
adfarm.mediaplex.com |
49 B |
1 |
fitness-365.ru
fitness-365.ru |
26 KB |
20 | 4 |
Domain | Requested by | |
---|---|---|
13 | online.wellsfargo.com |
fitness-365.ru
|
5 | a248.e.akamai.net |
fitness-365.ru
|
1 | adfarm.mediaplex.com |
fitness-365.ru
|
1 | fitness-365.ru | |
20 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
online.wellsfargo.com Symantec Class 3 Secure Server CA - G4 |
2016-10-28 - 2018-10-29 |
2 years | crt.sh |
a248.e.akamai.net Verizon Akamai SureServer CA G14-SHA2 |
2016-05-26 - 2017-05-26 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://fitness-365.ru/css/WELLSFARG0_files/Myaccount=connect-secure/Auth_login/SecureLogin=159e033b89413e13=159dabd73d2c112f=159dabd24c175afe/identity.php
Frame ID: 29353.1
Requests: 20 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request 18- http://ams-login.dotomi.com/commonid/match?rurl=http%3A%2F%2Fadfarm.mediaplex.com%2Fad%2Fbk%2F994-1668-2054-5%3Fmpu_token%3DAQEFLVF11vOgjwIBAQErAQEBAQE%26COL01STO%3D1%26Unique_ID%3DO08232011093120-...
- http://adfarm.mediaplex.com/ad/bk/994-1668-2054-5?mpu_token=AQEFLVF11vOgjwIBAQErAQEBAQE&COL01STO=1&Unique_ID=O08232011093120-584310638&status=0
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
identity.php
fitness-365.ru/css/WELLSFARG0_files/Myaccount=connect-secure/Auth_login/SecureLogin=159e033b89413e13=159dabd73d2c112f=159dabd24c175afe/ |
26 KB 26 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
WEBstyle.css
online.wellsfargo.com/das/common/styles/ |
34 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
WEBWIB.css
online.wellsfargo.com/das/common/styles/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
wfwiblib.js
online.wellsfargo.com/das/common/scripts/ |
30 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WEBprint.css
online.wellsfargo.com/das/common/styles/ |
14 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_62sq.gif
a248.e.akamai.net/7/248/3608/bb61162e7a787f/online.wellsfargo.com/das/common/images/ |
616 B 616 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
coach.gif
a248.e.akamai.net/7/248/3608/53845d4a1846e7/online.wellsfargo.com/das/common/images/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shim.gif
a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/das/common/images/ |
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
al_search_btn.gif
a248.e.akamai.net/7/248/3608/99050a7dbe666d/online.wellsfargo.com/das/common/images/ |
285 B 285 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shim.gif
a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/common/images/ |
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mediaplexROI.js
online.wellsfargo.com/das/common/scripts/ |
695 B 388 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
grey_pix.gif
online.wellsfargo.com/das/common/styles/images/ |
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
htab_right_off.gif
online.wellsfargo.com/das/common/styles/images/ |
1000 B 1000 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
h_tab_left_off.gif
online.wellsfargo.com/das/common/styles/images/ |
101 B 101 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lower_tabs_off.gif
online.wellsfargo.com/das/common/styles/images/ |
201 B 201 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lower_tabs_on.gif
online.wellsfargo.com/das/common/styles/images/ |
201 B 201 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
left_col_bg.gif
online.wellsfargo.com/das/common/styles/images/ |
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
al_related_info_gen.gif
online.wellsfargo.com/das/common/styles/images/ |
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ico_newwin.gif
online.wellsfargo.com/das/common/styles/images/ |
82 B 82 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
994-1668-2054-5
adfarm.mediaplex.com/ad/bk/ Redirect Chain
|
49 B 49 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a248.e.akamai.net
adfarm.mediaplex.com
fitness-365.ru
online.wellsfargo.com
159.45.66.154
2.21.246.179
63.215.202.68
87.236.19.49
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
341b2a1f68302f26f0553069086964fe8302649c4c76b907861d6e475e358b92
37c1ff27f3e27516d9f108b4a076d37358563cdb895bbdcc0c22cefc11bee379
4a327a4f8283d73b332f29bee848b46e84db1b3f3e628441c7cb7b6e1dea8126
4d2ef55ea9a3fd9a2e096d9cb6fcfe5d4b102de152c8799c55d31c43ee9d35e0
6a60586980d51d5c93f661e7eaf9382ec327185fd1cc5a6722a5cd9a79d6db0e
780bbe307422ea2c0cafc7febc805d95de1436c5b5da1c2046a97f4c199e5036
790c913cabd779177bd1afe15b75f2756eb285c9f07e7c2d86744a63f1abac60
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
bc651898edec8578d890ed9e2930fd8c519ea6fb46f1c32f598ba3a39854efe9
bfd21dab62097e79d0a8736b29a340243e73d1472d427742117cd299f64461ee
c39bb1586b66fbd80c77b5859f8237045828cac4efa533603457a0540338d520
cdc8616f05021a94ecffcbd19d67cda715ba4b93a8ccbf5acac02d25e642bdfd
e05a15dad724ea72ab77012792e4fada1164176f39ab2c0fee9a46dae5996c87
e17000dc9e986afa8978aebe8bdb8585931771a7a9cec6a03f40e4fd32df06f8
ebf4a535fa6a88962621940e780ca0cd6707b6cdaed59f469f0aeada311d09d1
ece73a36b57e049172f6bee9ac55ab6a5a75850c3b707ccf52846b5a92577f7b
ed4df624fab7fcc7f6a125df65b9effd932df3f5c3c0f731947e80bcefae93ce
fd6f21e59b5346e23e7aa148fe87a4c8251d0f3cbcd50a8691fd1c49c37de61d