ownerstheflyloanings.icu

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 4 HTTP transactions. The main IP is 178.159.36.188, located in Russian Federation and belongs to IHOR-AS, RU. The main domain is ownerstheflyloanings.icu.

This is the only time ownerstheflyloanings.icu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	178.159.36.188 178.159.36.188	35196 (IHOR-AS) (IHOR-AS)
1	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
1	209.197.3.24 209.197.3.24	20446 (HIGHWINDS3) (HIGHWINDS3)
1 2	159.45.66.145 159.45.66.145	4196 (WELLSFARG...) (WELLSFARGO-4196)
4	4

1 178.159.36.188 (Russian Federation)

ASN35196 (IHOR-AS, RU)
PTR: alt1.eartactive.net

ownerstheflyloanings.icu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.197.3.24 (Phoenix, United States)

ASN20446 (HIGHWINDS3, US)
PTR: vip0x018.map2.ssl.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.45.66.145 (Charlotte, United States) 1 redirects

ASN4196 (WELLSFARGO-4196, US)
PTR: www.wellsfargo.com

www.wellsfargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	wellsfargo.com 1 redirects www.wellsfargo.com	116 B
1	jquery.com code.jquery.com	30 KB
1	google.com www.google.com	1 KB
1	ownerstheflyloanings.icu ownerstheflyloanings.icu	6 KB
4	4

	Domain	Requested by
2	www.wellsfargo.com	1 redirects ownerstheflyloanings.icu
1	code.jquery.com	ownerstheflyloanings.icu
1	www.google.com	ownerstheflyloanings.icu
1	ownerstheflyloanings.icu
4	4

This site contains no links.

Subject Issuer	Validity	Valid
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
www.wellsfargo.com DigiCert Global CA G2	`2019-02-08` - `2021-02-08`	2 years	crt.sh

This page contains 2 frames:

Primary Page: http://ownerstheflyloanings.icu/file/mail.php?main_domain=http://www.wellsfargo.com
Frame ID: 3936A7C7970A115B4BD97E6753A9736D
Requests: 3 HTTP requests in this frame

Frame: https://www.wellsfargo.com/
Frame ID: 31B9A504027CAD20FEC51761249A8750
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

4
Requests

50 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

37 kB
Transfer

91 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

http://www.wellsfargo.com/ HTTP 301
https://www.wellsfargo.com/

4 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set mail.php Show response
ownerstheflyloanings.icu/file/ 6 KB
6 KB 277ms
123ms Document
text/html 178.159.36.188
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://ownerstheflyloanings.icu/file/mail.php?main_domain=http://www.wellsfargo.com
Protocol: HTTP/1.1
Server: 178.159.36.188 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS: alt1.eartactive.net
Software: Apache /
Resource Hash: efab87f2f5e4bfc1755f310d53b69c60a4333d4cbfad3df638ec9e6faffad270

Request headers

Host: ownerstheflyloanings.icu
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 03 Jun 2020 12:41:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=ng9u879dtarbndhhcopijche14; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK favicons
www.google.com/s2/ 689 B
1 KB 7ms
7ms Image
image/png 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.google.com/s2/favicons?domain=http://www.wellsfargo.com

Requested by

Host: ownerstheflyloanings.icu
URL: http://ownerstheflyloanings.icu/file/mail.php?main_domain=http://www.wellsfargo.com

Protocol

HTTP/1.1

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bc902bd175842a03507555b0fed9dccc27ff3efb21c907a7a10ef9fbca28a358

Security Headers

Name	Value
Content-Security-Policy	script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /_/FaviconHttp/cspreport;worker-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://ownerstheflyloanings.icu/file/mail.php?main_domain=http://www.wellsfargo.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 02 Jun 2020 19:45:42 GMT
X-Content-Type-Options: nosniff
Server: ESF
Age: 60942
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public, max-age=86400
Content-Security-Policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /_/FaviconHttp/cspreport;worker-src 'self'
Content-Length: 689
X-XSS-Protection: 0
Expires: Wed, 03 Jun 2020 19:45:42 GMT

GET
H/1.1 200
OK jquery-3.2.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 424ms
30ms Script
application/javascript 209.197.3.24
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.min.js
Requested by: Host: ownerstheflyloanings.icu
URL: http://ownerstheflyloanings.icu/file/mail.php?main_domain=http://www.wellsfargo.com
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.197.3.24 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: vip0x018.map2.ssl.hwcdn.net
Software: nginx /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Referer: http://ownerstheflyloanings.icu/file/mail.php?main_domain=http://www.wellsfargo.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 03 Jun 2020 12:41:24 GMT
Content-Encoding: gzip
Last-Modified: Mon, 20 Mar 2017 19:01:15 GMT
Server: nginx
ETag: W/"58d026fb-15283"
Vary: Accept-Encoding
X-HW: 1591188084.dop026.pa1.t,1591188084.cds041.pa1.shn,1591188084.cds041.pa1.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 30125

GET
H/1.1

200

Cookie set /
www.wellsfargo.com/ Frame 31B9
Redirect Chain

http://www.wellsfargo.com/
https://www.wellsfargo.com/

0
0

684ms
140ms

Document
text/html

159.45.66.145
WELLSFARGO-4196

General

Check archive.org

Show headers Download Go to

Full URL

https://www.wellsfargo.com/

Requested by

Host: ownerstheflyloanings.icu
URL: http://ownerstheflyloanings.icu/file/mail.php?main_domain=http://www.wellsfargo.com

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.45.66.145 Charlotte, United States, ASN4196 (WELLSFARGO-4196, US),

Reverse DNS

www.wellsfargo.com

Software

Server /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: www.wellsfargo.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://ownerstheflyloanings.icu/file/mail.php?main_domain=http://www.wellsfargo.com
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://ownerstheflyloanings.icu/file/mail.php?main_domain=http://www.wellsfargo.com

Response headers

Content-Security-Policy-Report-Only: default-src https: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self'; base-uri https: data:; object-src 'none'; font-src https: data:; script-src 'nonce-612690f8-da1d-470b-8744-9f93acaea03b' https: 'unsafe-inline' 'unsafe-eval'; report-uri https://ort.wellsfargo.com/reporting/csp
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
expires: -1
vary: accept-encoding
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Wed, 03 Jun 2020 12:41:24 GMT
Server: Server
Set-Cookie: CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly wfacookie=1120200603054125317384863; domain=.wellsfargo.com; path=/; expires=1 Jun 2030 12:41:25 GMT; secure=true; HttpOnly wcmcookiehp=CBC6693C07FAE8265CACBF73111936B8; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly ISD_WWWAF_COOKIE=!nAzxz+A64F1I3aI79o7MOjiwmQIR/D15CJEY30Is7n1HyjbOndsLepuQw4sqqytdBog9APvUAF0nWGY=; path=/; Httponly; Secure

Redirect headers

Location: https://www.wellsfargo.com/
Connection: Keep-Alive
Content-Length: 0

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.wellsfargo.com/	1969-12-31 23:59:59	Name: ISD_WWWAF_COOKIE Value: !nAzxz+A64F1I3aI79o7MOjiwmQIR/D15CJEY30Is7n1HyjbOndsLepuQw4sqqytdBog9APvUAF0nWGY=
ownerstheflyloanings.icu/	1969-12-31 23:59:59	Name: PHPSESSID Value: ng9u879dtarbndhhcopijche14
.www.wellsfargo.com/	1969-12-31 23:59:59	Name: wcmcookiehp Value: CBC6693C07FAE8265CACBF73111936B8
.wellsfargo.com/	1969-12-31 23:59:59	Name: CookiesAreEnabled Value: yes
.wellsfargo.com/	1970-01-23 01:35:48	Name: wfacookie Value: 1120200603054125317384863
.wellsfargo.com/	1970-01-19 18:45:24	Name: INLANG Value: EN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
ownerstheflyloanings.icu
www.google.com
www.wellsfargo.com
159.45.66.145
178.159.36.188
209.197.3.24
2a00:1450:4001:806::2004
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
bc902bd175842a03507555b0fed9dccc27ff3efb21c907a7a10ef9fbca28a358
efab87f2f5e4bfc1755f310d53b69c60a4333d4cbfad3df638ec9e6faffad270

ownerstheflyloanings.icu Open in urlscan Pro 178.159.36.188 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

4 Requests

50 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

37 kBTransfer

91 kBSize

6 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

6 Cookies

Indicators

ownerstheflyloanings.icu Open in urlscan Pro
178.159.36.188 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

50 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

37 kB
Transfer

91 kB
Size

6
Cookies

4 HTTP transactions
0 data transactions