wellscontrol.willreportapps.online

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 64.235.34.41, located in Ashburn, United States and belongs to SERVERPOINT, US. The main domain is wellscontrol.willreportapps.online.
TLS certificate: Issued by R3 on March 19th 2024. Valid for: 3 months.

This is the only time wellscontrol.willreportapps.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address		AS Autonomous System
5	64.235.34.41 64.235.34.41		26277 (SERVERPOINT) (SERVERPOINT)
5	1

5 64.235.34.41 (Ashburn, United States)

ASN26277 (SERVERPOINT, US)
PTR: ashburn-va-datacenter.serverpoint.com

wellscontrol.willreportapps.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	willreportapps.online wellscontrol.willreportapps.online	921 KB
5	1

	Domain	Requested by
5	wellscontrol.willreportapps.online	wellscontrol.willreportapps.online
5	1

This site contains no links.

Subject Issuer	Validity	Valid
wellscontrol.willreportapps.online R3	`2024-03-19` - `2024-06-17`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://wellscontrol.willreportapps.online/
Frame ID: 8299AEDDB1A27350E5A1BA757A3019C4
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign On to View Your Personal Accounts | Wells Fargo

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

921 kB
Transfer

920 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response wellscontrol.willreportapps.online/	25 KB 25 KB	380ms 116ms	Document text/html	64.235.34.41 SERVERPOINT
General Check archive.org Show headers Download Go to Full URL https://wellscontrol.willreportapps.online/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 64.235.34.41 Ashburn, United States, ASN26277 (SERVERPOINT, US), Reverse DNS ashburn-va-datacenter.serverpoint.com Software Apache / Resource Hash `af57b1d3733e08e3eaeb9d10a374e0c148fab54414712c598ff6405c87e96d74` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Length 25417 Content-Type text/html Date Tue, 19 Mar 2024 14:15:19 GMT Keep-Alive timeout=5, max=100 Last-Modified Tue, 19 Mar 2024 14:09:49 GMT Server Apache
GET H/1.1	200 OK	fdfsddgd-sdgsdg_gsd7gsdgs7.css wellscontrol.willreportapps.online/	112 KB 113 KB	219ms 112ms	Stylesheet text/css	64.235.34.41 SERVERPOINT
General Check archive.org Show headers Download Go to Full URL https://wellscontrol.willreportapps.online/fdfsddgd-sdgsdg_gsd7gsdgs7.css Requested by Host: wellscontrol.willreportapps.online URL: https://wellscontrol.willreportapps.online/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 64.235.34.41 Ashburn, United States, ASN26277 (SERVERPOINT, US), Reverse DNS ashburn-va-datacenter.serverpoint.com Software Apache / Resource Hash `19b4de109adb88c878a9b599c5612cded94cb07f0cc487a9e627bbd37bf53f05` Request headers accept-language de-DE,de;q=0.9 Referer https://wellscontrol.willreportapps.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Tue, 19 Mar 2024 14:15:19 GMT Last-Modified Tue, 19 Mar 2024 14:09:47 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 115110
GET H/1.1	200 OK	Kgdghh-thrhtT__RTH_rtjjtj-6u567.css wellscontrol.willreportapps.online/	5 KB 5 KB	332ms 111ms	Stylesheet text/css	64.235.34.41 SERVERPOINT
General Check archive.org Show headers Download Go to Full URL https://wellscontrol.willreportapps.online/Kgdghh-thrhtT__RTH_rtjjtj-6u567.css Requested by Host: wellscontrol.willreportapps.online URL: https://wellscontrol.willreportapps.online/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 64.235.34.41 Ashburn, United States, ASN26277 (SERVERPOINT, US), Reverse DNS ashburn-va-datacenter.serverpoint.com Software Apache / Resource Hash `964f92cd460ea29de0aaac9af7176290f459f519d36b76c05c4c558a4f8f2181` Request headers accept-language de-DE,de;q=0.9 Referer https://wellscontrol.willreportapps.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Tue, 19 Mar 2024 14:15:19 GMT Last-Modified Tue, 19 Mar 2024 14:09:52 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 5246
GET H/1.1	200 OK	dhfhff9df79dhj79dfgh7hgfd-dhf-fdh-jdffdjfjdjjfd9jdf9jfdjfd-9jfd-9jfd.css wellscontrol.willreportapps.online/	133 KB 134 KB	333ms 113ms	Stylesheet text/css	64.235.34.41 SERVERPOINT
General Check archive.org Show headers Download Go to Full URL https://wellscontrol.willreportapps.online/dhfhff9df79dhj79dfgh7hgfd-dhf-fdh-jdffdjfjdjjfd9jdf9jfdjfd-9jfd-9jfd.css Requested by Host: wellscontrol.willreportapps.online URL: https://wellscontrol.willreportapps.online/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 64.235.34.41 Ashburn, United States, ASN26277 (SERVERPOINT, US), Reverse DNS ashburn-va-datacenter.serverpoint.com Software Apache / Resource Hash `9177d05de156605bfaa7a72de3553edaa21ef0ac1a3d9d2b28211744f43154be` Request headers accept-language de-DE,de;q=0.9 Referer https://wellscontrol.willreportapps.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Tue, 19 Mar 2024 14:15:19 GMT Last-Modified Tue, 19 Mar 2024 14:09:45 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 136597
GET H/1.1	200 OK	Hkkltrh-rtjj-jyutuuk-utk--k-kt-k-6-465-64.jpg wellscontrol.willreportapps.online/	644 KB 644 KB	340ms 118ms	Image image/jpeg	64.235.34.41 SERVERPOINT
General Check archive.org Show headers Download Go to Show image Full URL https://wellscontrol.willreportapps.online/Hkkltrh-rtjj-jyutuuk-utk--k-kt-k-6-465-64.jpg Requested by Host: wellscontrol.willreportapps.online URL: https://wellscontrol.willreportapps.online/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 64.235.34.41 Ashburn, United States, ASN26277 (SERVERPOINT, US), Reverse DNS ashburn-va-datacenter.serverpoint.com Software Apache / Resource Hash `0ec17c78a8c0de92bd385f344308a3e0c715fedbb9b784820bd7aefcfc69c214` Request headers accept-language de-DE,de;q=0.9 Referer https://wellscontrol.willreportapps.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Tue, 19 Mar 2024 14:15:19 GMT Last-Modified Tue, 19 Mar 2024 14:09:49 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 659319

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| antiClickjack string| webId string| ndURI

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://wellscontrol.willreportapps.online/(Line 16) Message: <link rel=preload> has an invalid `href` value

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

wellscontrol.willreportapps.online
64.235.34.41
0ec17c78a8c0de92bd385f344308a3e0c715fedbb9b784820bd7aefcfc69c214
19b4de109adb88c878a9b599c5612cded94cb07f0cc487a9e627bbd37bf53f05
9177d05de156605bfaa7a72de3553edaa21ef0ac1a3d9d2b28211744f43154be
964f92cd460ea29de0aaac9af7176290f459f519d36b76c05c4c558a4f8f2181
af57b1d3733e08e3eaeb9d10a374e0c148fab54414712c598ff6405c87e96d74

wellscontrol.willreportapps.online Open in urlscan Pro 64.235.34.41 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

921 kBTransfer

920 kBSize

0 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

wellscontrol.willreportapps.online Open in urlscan Pro
64.235.34.41 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

921 kB
Transfer

920 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!