abadshah.dns-cloud.net
Open in
urlscan Pro
143.95.91.211
Malicious Activity!
Public Scan
Submission: On July 20 via automatic, source phishtank
Summary
This is the only time abadshah.dns-cloud.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 143.95.91.211 143.95.91.211 | 62729 (ASMALLORA...) (ASMALLORANGE1 - A Small Orange LLC) | |
1 9 | 159.45.2.180 159.45.2.180 | 10837 (WELLSFARG...) (WELLSFARGO-10837 - Wells Fargo & Company) | |
1 | 159.45.2.178 159.45.2.178 | 10837 (WELLSFARG...) (WELLSFARGO-10837 - Wells Fargo & Company) | |
16 | 3 |
ASN62729 (ASMALLORANGE1 - A Small Orange LLC, US)
PTR: taviano.taviano.com
abadshah.dns-cloud.net |
ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US)
oam.wellsfargo.com |
ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US)
static.wellsfargo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
wellsfargo.com
1 redirects
oam.wellsfargo.com static.wellsfargo.com |
94 KB |
7 |
dns-cloud.net
abadshah.dns-cloud.net |
20 KB |
16 | 2 |
Domain | Requested by | |
---|---|---|
9 | oam.wellsfargo.com |
1 redirects
abadshah.dns-cloud.net
|
7 | abadshah.dns-cloud.net |
abadshah.dns-cloud.net
|
1 | static.wellsfargo.com |
abadshah.dns-cloud.net
|
16 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.wellsfargo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
oam.wellsfargo.com DigiCert Global CA G2 |
2018-10-24 - 2020-10-24 |
2 years | crt.sh |
static.wellsfargo.com DigiCert Global CA G2 |
2019-02-07 - 2021-02-07 |
2 years | crt.sh |
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh |
This page contains 1 frames:
Primary Page:
http://abadshah.dns-cloud.net/w-far/WELLS/Wellsfargo-online/security/auth/1/details.html
Frame ID: FD49D3B94258F0BD2112CE770D243DB3
Requests: 16 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Ionicons (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+ionicons(?:\.min)?\.css/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Privacy, Security & Legal
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- https://oam.wellsfargo.com/oamo/js/jquery-1.8.3.js?v=1F9AC84FF4 HTTP 302
- https://static.wellsfargo.com/accounts/static/webassets/unavailable/temporarily_unavailable.html
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
details.html
abadshah.dns-cloud.net/w-far/WELLS/Wellsfargo-online/security/auth/1/ |
20 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mob_enroll.css
oam.wellsfargo.com/oamo/css/ |
27 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ionicons.min.css
oam.wellsfargo.com/oamo/css/ |
33 KB 34 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
enrollment.css
oam.wellsfargo.com/oamo/static/css/ssep/combined/ |
14 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
temporarily_unavailable.html
static.wellsfargo.com/accounts/static/webassets/unavailable/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_home.png
oam.wellsfargo.com/oamo/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wf-logo.gif
oam.wellsfargo.com/oamo/images/ |
4 KB 5 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WellsFargo_xhdpi.png
oam.wellsfargo.com/oamo/images/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
criterror_12x12.gif
oam.wellsfargo.com/oamo/images/ |
212 B 967 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
abadshah.dns-cloud.net/oamo/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WF_jquery.plugins.js
abadshah.dns-cloud.net/oamo/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fpa_utils.js
abadshah.dns-cloud.net/oamo/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mob_enroll.js
abadshah.dns-cloud.net/oamo/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
respond.min.js
abadshah.dns-cloud.net/oamo/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
browser_detect.js
abadshah.dns-cloud.net/oamo/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg-footer.png
oam.wellsfargo.com/oamo/static/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| check string| contextPath0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
abadshah.dns-cloud.net
oam.wellsfargo.com
static.wellsfargo.com
143.95.91.211
159.45.2.178
159.45.2.180
0186ed0d7a00f1e88d588f1a0ba30857e566e88738ff60b5772e941b0c20cf0a
1ed889a15705bc76729d29d715c64f3d7f35de2ea519e1d2704924cf40d9e30d
4161f4e6caaf7defce6e3610ff8291c833c830d58e408d8ee7ea75ec6e93c531
8a46f7e1801bbc650201f5fd410d1854ff5e62c284414de48d418bed2f33fc8a
9ba7016051c96e9157969e8eb0aff2fdef294e347e1994a10c51d006662b79d4
d37bd2b0d972b4d93225150196da6b4b0ba8d1daf224b54ccec32ad5632f5a3f
dd3ba9c9d1444100effa564a1eb9eb0ea1c0afb7145407bdfa659023396b7342
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
edc5ee3b590dae17b0eb19063c34680c15ee144d13583d006e6a7976b69cd2db
efd2f4f35eba14f0804f1e02958f8dd59159e0f99f74ed732e738aa1e00c1de3