![](/screenshots/ecdea9d1-c008-4751-944e-02a49e57ef23.png)
qikkd.com
Open in
urlscan Pro
159.89.173.147
Malicious Activity!
Public Scan
Effective URL: http://qikkd.com/wells/wells_fargo/login?id=signin
Submission: On May 30 via automatic, source certstream-suspicious
Summary
This is the only time qikkd.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 185.92.194.227 185.92.194.227 | 5588 (GTSCE GTS...) (GTSCE GTS Central Europe / Antel Germany) | |
2 14 | 159.89.173.147 159.89.173.147 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean) | |
12 | 2 |
ASN5588 (GTSCE GTS Central Europe / Antel Germany, CZ)
PTR: estimari.com
www.wellsfargo.secured.customerservice.outtasightsho.com |
ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
PTR: divine.solidhosting.pro
qikkd.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
qikkd.com
2 redirects
qikkd.com |
490 KB |
1 |
outtasightsho.com
1 redirects
www.wellsfargo.secured.customerservice.outtasightsho.com |
128 B |
12 | 2 |
Domain | Requested by | |
---|---|---|
14 | qikkd.com |
2 redirects
qikkd.com
|
1 | www.wellsfargo.secured.customerservice.outtasightsho.com | 1 redirects |
12 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://qikkd.com/wells/wells_fargo/login?id=signin
Frame ID: C55269CA93FF454585EFE96270758AA2
Requests: 14 HTTP requests in this frame
Screenshot
![](/screenshots/ecdea9d1-c008-4751-944e-02a49e57ef23.png)
Page URL History Show full URLs
-
https://www.wellsfargo.secured.customerservice.outtasightsho.com/
HTTP 301
http://qikkd.com/wells/wells_fargo HTTP 301
http://qikkd.com/wells/wells_fargo/ HTTP 302
http://qikkd.com/wells/wells_fargo/login?id=signin Page URL
Detected technologies
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Detected patterns
- script /angular.*\.js/i
- env /^angular$/i
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.wellsfargo.secured.customerservice.outtasightsho.com/
HTTP 301
http://qikkd.com/wells/wells_fargo HTTP 301
http://qikkd.com/wells/wells_fargo/ HTTP 302
http://qikkd.com/wells/wells_fargo/login?id=signin Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
![]() qikkd.com/wells/wells_fargo/ Redirect Chain
|
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
angular.min.js
qikkd.com/wells/wells_fargo/style/js/ |
163 KB 66 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
qikkd.com/wells/wells_fargo/style/js/ |
286 KB 102 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.validate.min.js
qikkd.com/wells/wells_fargo/style/js/ |
49 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.mask.js
qikkd.com/wells/wells_fargo/style/js/ |
18 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
global.css
qikkd.com/wells/wells_fargo/style/css/ |
20 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
qikkd.com/wells/wells_fargo/style/css/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rooro.png
qikkd.com/wells/wells_fargo/style/css/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logobody.png
qikkd.com/wells/wells_fargo/style/css/ |
270 KB 270 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ad.png
qikkd.com/wells/wells_fargo/style/css/ |
467 B 755 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sdasd.png
qikkd.com/wells/wells_fargo/style/css/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sssssaa.png
qikkd.com/wells/wells_fargo/style/css/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
839 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| angular function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
qikkd.com/ | Name: PHPSESSID Value: ch1suoo03tv320h83mjt1r4b06 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
qikkd.com
www.wellsfargo.secured.customerservice.outtasightsho.com
159.89.173.147
185.92.194.227
0268f79435b7f6800e5b61a1dac064ebf2a4325400bcba87d6e1369a6c5f1485
13595f56fb54c7f67d92aaee693fe3d3e92455497ab7fcf990e63d8d07680ab4
17f3818bba16137fba7657230309043ae41cd08a5df25a7c61cd9583291c1354
1ed889a15705bc76729d29d715c64f3d7f35de2ea519e1d2704924cf40d9e30d
2910f07eb1efbf99cb485fe848fd1aaa251bcd9c6cb3276426492daa45651be3
5145f5faf6c1269bdd974357ed344b9cd5f4e4cea424c14dd302a9c11a206741
692d421d5c163409a5918e802f507abbaa6bec90baa454c5252977a5b3b7ff0d
8c50aa8567731858e81bcfd2027718d9a7c8fd7bf54cf496499adbf5da5741b9
95fa45a07af8d2be5412ce54289b24c7ff2c2f0d524eb69913b1bfe26b28e539
b319b049366dde73690990738ac5af4fb9937d18abac85b01aaff185b5262868
b99dead0deb91299630edd2fdc72855aac3836ea262473d47348e218a7744264
cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a
df500743bbedcef7623fdf2ef0c05ca411437c6216674271f4cc8b32f910f96d
f809fa596dc2e66029e195d0aef2d6d7b077ea1f7d145455441ba893875aec41