airbnb.listing-429302.com Open in urlscan Pro
2606:4700:3032::681c:c38 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://airbnb.listing-429302.com/
Submission Tags: @ipnigh
Submission: On May 08 via api (May 8th 2020, 12:40:46 am UTC) from GB

Summary HTTP 20 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 20 HTTP transactions. The main IP is 2606:4700:3032::681c:c38, located in United States and belongs to CLOUDFLARENET, US. The main domain is airbnb.listing-429302.com.

This is the only time airbnb.listing-429302.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
10	2606:4700:303... 2606:4700:3032::681c:c38	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	23.43.126.164 23.43.126.164	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
20	3

10 2606:4700:3032::681c:c38 (United States)

ASN13335 (CLOUDFLARENET, US)

airbnb.listing-429302.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.43.126.164 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-43-126-164.deploy.static.akamaitechnologies.com

www01.wellsfargomedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	listing-429302.com airbnb.listing-429302.com	37 KB
9	wellsfargomedia.com www01.wellsfargomedia.com	29 KB
0	wellsfargo.com Failed www.wellsfargo.com Failed
20	3

	Domain	Requested by
10	airbnb.listing-429302.com	airbnb.listing-429302.com
9	www01.wellsfargomedia.com	airbnb.listing-429302.com
0	www.wellsfargo.com Failed	airbnb.listing-429302.com
20	3

This site contains links to these domains. Also see Links.

Domain
oam.wellsfargo.com

Subject Issuer	Validity	Valid
www01.wellsfargomedia.com GeoTrust RSA CA 2018	`2020-03-21` - `2021-06-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://airbnb.listing-429302.com/
Frame ID: BE5FA0C43F274D66AD2F15EE8F1AA241
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

20
Requests

45 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

66 kB
Transfer

247 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://oam.wellsfargo.com/oamo/identity/enrollment
Title: Enroll

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set / Show response
airbnb.listing-429302.com/ 11 KB
4 KB 387ms
372ms Document
text/html 2606:4700:3032::681c:c38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://airbnb.listing-429302.com/
Protocol: HTTP/1.1
Server: 2606:4700:3032::681c:c38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a98735983fc45de6d8c69b98096984334f98a1f0283a02b34fb112a6c1dbd8e6

Request headers

Host: airbnb.listing-429302.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 08 May 2020 00:40:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d5dc8b4ab7ee0d0d243afd21c75b28f1f1588898408; expires=Sun, 07-Jun-20 00:40:08 GMT; path=/; domain=.listing-429302.com; HttpOnly; SameSite=Lax PHPSESSID=rase36tort0ljo1ola45dl7085; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 58ff20acaec605dc-FRA
Content-Encoding: gzip
cf-request-id: 029352bfe5000005dcb514c200000001

GET
H/1.1 404
Not Found jquery.js
airbnb.listing-429302.com/index_files/ 0
0 361ms
354ms Script
text/html 2606:4700:3032::681c:c38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://airbnb.listing-429302.com/index_files/jquery.js
Requested by: Host: airbnb.listing-429302.com
URL: http://airbnb.listing-429302.com/
Protocol: HTTP/1.1
Server: 2606:4700:3032::681c:c38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: http://airbnb.listing-429302.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 08 May 2020 00:40:09 GMT
Content-Encoding: gzip
CF-Cache-Status: EXPIRED
Server: cloudflare
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 58ff20af0dbdc2fe-FRA
cf-request-id: 029352c1660000c2fe9b865200000001

GET
H/1.1 404
Not Found d-js-runtime-mobile-package.js
airbnb.listing-429302.com/index_files/ 0
0 374ms
367ms Script
text/html 2606:4700:3032::681c:c38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://airbnb.listing-429302.com/index_files/d-js-runtime-mobile-package.js
Requested by: Host: airbnb.listing-429302.com
URL: http://airbnb.listing-429302.com/
Protocol: HTTP/1.1
Server: 2606:4700:3032::681c:c38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: http://airbnb.listing-429302.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 08 May 2020 00:40:09 GMT
Content-Encoding: gzip
CF-Cache-Status: EXPIRED
Server: cloudflare
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 58ff20af0ba7c2c2-FRA
cf-request-id: 029352c1660000c2c2c9a16200000001

GET
H/1.1 404
Not Found api.js
airbnb.listing-429302.com/index_files/ 0
0 354ms
354ms Script
text/html 2606:4700:3032::681c:c38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://airbnb.listing-429302.com/index_files/api.js
Requested by: Host: airbnb.listing-429302.com
URL: http://airbnb.listing-429302.com/
Protocol: HTTP/1.1
Server: 2606:4700:3032::681c:c38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: http://airbnb.listing-429302.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 08 May 2020 00:40:09 GMT
Content-Encoding: gzip
CF-Cache-Status: EXPIRED
Server: cloudflare
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 58ff20b15f2bc2c2-FRA
cf-request-id: 029352c2d60000c2c2c9a1f200000001

GET
H/1.1 200
OK framework.css
airbnb.listing-429302.com/css/ 123 KB
21 KB 10ms
9ms Stylesheet
text/css 2606:4700:3032::681c:c38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://airbnb.listing-429302.com/css/framework.css
Requested by: Host: airbnb.listing-429302.com
URL: http://airbnb.listing-429302.com/
Protocol: HTTP/1.1
Server: 2606:4700:3032::681c:c38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76e03b9e0190d502eadeb4bcc2f90b36ad5539b24750a5edb17d7b8970b19651

Request headers

Referer: http://airbnb.listing-429302.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 08 May 2020 00:40:08 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Sun, 17 Nov 2019 20:42:18 GMT
Server: cloudflare
Age: 1114
ETag: "1ed38-59790ddedfe80-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=14400
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 58ff20af0baf05dc-FRA
Content-Length: 20738
cf-request-id: 029352c160000005dcb5168200000001

GET
H/1.1 200
OK smartphone-home.css
airbnb.listing-429302.com/css/ 52 KB
10 KB 19ms
13ms Stylesheet
text/css 2606:4700:3032::681c:c38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://airbnb.listing-429302.com/css/smartphone-home.css
Requested by: Host: airbnb.listing-429302.com
URL: http://airbnb.listing-429302.com/
Protocol: HTTP/1.1
Server: 2606:4700:3032::681c:c38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9b95405a967395d2eb2f2d882a485b0031c53ca46b1023b226c33003256d865

Request headers

Referer: http://airbnb.listing-429302.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 08 May 2020 00:40:08 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Sun, 17 Nov 2019 20:42:46 GMT
Server: cloudflare
Age: 1114
ETag: "d19b-59790df993d80-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=14400
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 58ff20af0b85d6c1-FRA
Content-Length: 9725
cf-request-id: 029352c1650000d6c1dd181200000001

GET framework.js
www.wellsfargo.com/js/mobile/ 0
0

GET
H/1.1 404
Not Found smartphone-homepage.css
airbnb.listing-429302.com/css/mobile/ 0
0 369ms
363ms Stylesheet
text/html 2606:4700:3032::681c:c38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://airbnb.listing-429302.com/css/mobile/smartphone-homepage.css
Requested by: Host: airbnb.listing-429302.com
URL: http://airbnb.listing-429302.com/
Protocol: HTTP/1.1
Server: 2606:4700:3032::681c:c38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: http://airbnb.listing-429302.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 08 May 2020 00:40:09 GMT
Content-Encoding: gzip
CF-Cache-Status: EXPIRED
Server: cloudflare
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 58ff20af0f499778-FRA
cf-request-id: 029352c16500009778c5363200000001

GET
H/1.1 200
OK stagecoach_50_opacity.svg
www01.wellsfargomedia.com/assets/_mobile/images/global/ 17 KB
8 KB 25ms
7ms Image
image/svg+xml 23.43.126.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/_mobile/images/global/stagecoach_50_opacity.svg

Requested by

Host: airbnb.listing-429302.com
URL: http://airbnb.listing-429302.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.43.126.164 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-43-126-164.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

fc3a1a0b493f04d985fd42f5a7726845818e3ef82392cd01e185f74a7b0d4089

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://airbnb.listing-429302.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 8110
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 08 Mar 2019 14:03:13 GMT
Server: KONICHIWA/2.0
X-Frame-Options: SAMEORIGIN
Date: Fri, 08 May 2020 00:40:09 GMT
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=12295623
ETag: "4289-58395af010a40"
Accept-Ranges: bytes
Expires: Sun, 27 Sep 2020 08:07:12 GMT

GET
H/1.1 200
OK btn-close-x.png
airbnb.listing-429302.com/surance_files/ 1 KB
2 KB 10ms
9ms Image
image/png 2606:4700:3032::681c:c38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://airbnb.listing-429302.com/surance_files/btn-close-x.png
Requested by: Host: airbnb.listing-429302.com
URL: http://airbnb.listing-429302.com/
Protocol: HTTP/1.1
Server: 2606:4700:3032::681c:c38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 869e94fbe314e86261ff0dcfd5a52175d02298b8c6633140cdc0a544bb7721c5

Request headers

Referer: http://airbnb.listing-429302.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 08 May 2020 00:40:09 GMT
CF-Cache-Status: HIT
Last-Modified: Sat, 11 May 2019 17:41:16 GMT
Server: cloudflare
Age: 1115
ETag: "5ad-588a030a7c700"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=14400
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 58ff20b2a9219778-FRA
Content-Length: 1453
cf-request-id: 029352c3ac00009778c5377200000001

GET
H/1.1 200
OK s.gif
airbnb.listing-429302.com/surance_files/ 43 B
447 B 11ms
10ms Image
image/gif 2606:4700:3032::681c:c38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://airbnb.listing-429302.com/surance_files/s.gif
Requested by: Host: airbnb.listing-429302.com
URL: http://airbnb.listing-429302.com/
Protocol: HTTP/1.1
Server: 2606:4700:3032::681c:c38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://airbnb.listing-429302.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 08 May 2020 00:40:09 GMT
CF-Cache-Status: HIT
Last-Modified: Sat, 11 May 2019 17:41:12 GMT
Server: cloudflare
Age: 1115
ETag: "2b-588a0306abe00"
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=14400
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 58ff20b2ab52c2fe-FRA
Content-Length: 43
cf-request-id: 029352c3ad0000c2fe9b87b200000001

GET
H/1.1 404
Not Found smartphone-homepage.css
airbnb.listing-429302.com/css/mobile/ 0
0 10ms
10ms Stylesheet
text/html 2606:4700:3032::681c:c38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://airbnb.listing-429302.com/css/mobile/smartphone-homepage.css
Requested by: Host: airbnb.listing-429302.com
URL: http://airbnb.listing-429302.com/
Protocol: HTTP/1.1
Server: 2606:4700:3032::681c:c38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: http://airbnb.listing-429302.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 08 May 2020 00:40:09 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Server: cloudflare
Age: 0
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 58ff20b1687d9778-FRA
cf-request-id: 029352c2dd00009778c5370200000001

GET
H/1.1 200
OK masthead-back-icon-e-14x24.svg
www01.wellsfargomedia.com/assets/_mobile/images/global/ 3 KB
2 KB 21ms
7ms Image
image/svg+xml 23.43.126.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/_mobile/images/global/masthead-back-icon-e-14x24.svg

Requested by

Host: airbnb.listing-429302.com
URL: http://airbnb.listing-429302.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.43.126.164 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-43-126-164.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

f57974477120fb24cd359ad6599bffc91f79685650d2cda84c1e7ff4200cb552

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://airbnb.listing-429302.com/css/smartphone-home.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 1308
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 08 Mar 2019 14:03:13 GMT
Server: KONICHIWA/2.0
X-Frame-Options: SAMEORIGIN
Date: Fri, 08 May 2020 00:40:09 GMT
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=12741127
ETag: "b3f-58395af010a40"
Accept-Ranges: bytes
Expires: Fri, 02 Oct 2020 11:52:16 GMT

GET
H/1.1 200
OK icn-layer-svg.svg
www01.wellsfargomedia.com/assets/_mobile/images/icons/ 5 KB
3 KB 22ms
7ms Image
image/svg+xml 23.43.126.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/_mobile/images/icons/icn-layer-svg.svg

Requested by

Host: airbnb.listing-429302.com
URL: http://airbnb.listing-429302.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.43.126.164 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-43-126-164.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

3875bf575f3f4a3ec329f047eee26f01224496d1cc2dcd4bd97eea46a0d76b6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://airbnb.listing-429302.com/css/smartphone-home.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 2096
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 21 May 2019 01:44:17 GMT
Server: KONICHIWA/2.0
X-Frame-Options: SAMEORIGIN
Date: Fri, 08 May 2020 00:40:09 GMT
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=12501392
ETag: "1440-5895bfca11e40"
Accept-Ranges: bytes
Expires: Tue, 29 Sep 2020 17:16:41 GMT

GET
H/1.1 200
OK frontporch-signon-lock.svg
www01.wellsfargomedia.com/assets/_mobile/images/css/template/homepage/ 4 KB
2 KB 22ms
7ms Image
image/svg+xml 23.43.126.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/_mobile/images/css/template/homepage/frontporch-signon-lock.svg

Requested by

Host: airbnb.listing-429302.com
URL: http://airbnb.listing-429302.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.43.126.164 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-43-126-164.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

3958d228ddc916e9cec0be18c07e272d32d3ee577a30848cd0c2e8bcd8bb72d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://airbnb.listing-429302.com/css/smartphone-home.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 1416
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 08 Mar 2019 14:03:13 GMT
Server: KONICHIWA/2.0
X-Frame-Options: SAMEORIGIN
Date: Fri, 08 May 2020 00:40:09 GMT
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=12285928
ETag: "e3e-58395af010a40"
Accept-Ranges: bytes
Expires: Sun, 27 Sep 2020 05:25:37 GMT

GET
H/1.1 200
OK wf-app-icon.svg
www01.wellsfargomedia.com/assets/_mobile/images/global/ 5 KB
3 KB 21ms
7ms Image
image/svg+xml 23.43.126.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/_mobile/images/global/wf-app-icon.svg

Requested by

Host: airbnb.listing-429302.com
URL: http://airbnb.listing-429302.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.43.126.164 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-43-126-164.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

3ce0c5a609e25aac2c4dec533efaae10285a4a2411400f070489f3399e817bb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://airbnb.listing-429302.com/css/smartphone-home.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 2622
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 07 May 2019 22:39:58 GMT
Server: KONICHIWA/2.0
X-Frame-Options: SAMEORIGIN
Date: Fri, 08 May 2020 00:40:09 GMT
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=12418348
ETag: "14b4-58853e5864b80"
Accept-Ranges: bytes
Expires: Mon, 28 Sep 2020 18:12:37 GMT

GET
H/1.1 200
OK apple-store.svg
www01.wellsfargomedia.com/assets/_mobile/images/global/ 9 KB
3 KB 23ms
7ms Image
image/svg+xml 23.43.126.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/_mobile/images/global/apple-store.svg

Requested by

Host: airbnb.listing-429302.com
URL: http://airbnb.listing-429302.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.43.126.164 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-43-126-164.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

f18501c21e206dcad83281bd81f4d34073398f3336177732119b2077c50d7efd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://airbnb.listing-429302.com/css/smartphone-home.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 2758
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 27 Jan 2016 00:19:10 GMT
Server: KONICHIWA/2.0
X-Frame-Options: SAMEORIGIN
Date: Fri, 08 May 2020 00:40:09 GMT
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=12418430
ETag: "223a-52a45c03ebb80"
Accept-Ranges: bytes
Expires: Mon, 28 Sep 2020 18:13:59 GMT

GET
H/1.1 200
OK google-play.svg
www01.wellsfargomedia.com/assets/_mobile/images/global/ 15 KB
6 KB 9ms
7ms Image
image/svg+xml 23.43.126.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/_mobile/images/global/google-play.svg

Requested by

Host: airbnb.listing-429302.com
URL: http://airbnb.listing-429302.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.43.126.164 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-43-126-164.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

73a93970a0a6500042ce3128f8cc41773d8c4c613688e7d39a3f1631e6a7a032

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://airbnb.listing-429302.com/css/smartphone-home.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 5541
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 27 Jan 2016 00:19:10 GMT
Server: KONICHIWA/2.0
X-Frame-Options: SAMEORIGIN
Date: Fri, 08 May 2020 00:40:09 GMT
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=12418430
ETag: "3b7a-52a45c03ebb80"
Accept-Ranges: bytes
Expires: Mon, 28 Sep 2020 18:13:59 GMT

GET
H/1.1 200
OK icon_equal_housing.svg
www01.wellsfargomedia.com/assets/images/global/ 2 KB
1 KB 8ms
7ms Image
image/svg+xml 23.43.126.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/global/icon_equal_housing.svg

Requested by

Host: airbnb.listing-429302.com
URL: http://airbnb.listing-429302.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.43.126.164 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-43-126-164.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

11eeedc9c77d9f9f04d715b8dbeff000c8a47a98d114f6d4e0c1acd96186cc8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://airbnb.listing-429302.com/css/smartphone-home.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 639
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 08 Mar 2019 00:50:27 GMT
Server: KONICHIWA/2.0
X-Frame-Options: SAMEORIGIN
Date: Fri, 08 May 2020 00:40:09 GMT
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=12286978
ETag: "69f-5838a9bd97ac0"
Accept-Ranges: bytes
Expires: Sun, 27 Sep 2020 05:43:07 GMT

GET
H/1.1 200
OK icon-star-unselected.svg
www01.wellsfargomedia.com/assets/_mobile/images/global/ 699 B
948 B 8ms
8ms Image
image/svg+xml 23.43.126.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/_mobile/images/global/icon-star-unselected.svg

Requested by

Host: airbnb.listing-429302.com
URL: http://airbnb.listing-429302.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.43.126.164 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-43-126-164.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

b02542c8dbda0e8cdf0a492c6f7f8b8f44c407601f9b1826e925f9a1b68fda08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://airbnb.listing-429302.com/css/smartphone-home.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 420
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 08 Mar 2019 14:03:13 GMT
Server: KONICHIWA/2.0
X-Frame-Options: SAMEORIGIN
Date: Fri, 08 May 2020 00:40:09 GMT
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=12295653
ETag: "2bb-58395af010a40"
Accept-Ranges: bytes
Expires: Sun, 27 Sep 2020 08:07:42 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.wellsfargo.com
URL: https://www.wellsfargo.com/js/mobile/framework.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| onCaptchaLoad function| IsEmpty

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			airbnb.listing-429302.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: rase36tort0ljo1ola45dl7085
			.listing-429302.com/	1970-01-19 10:04:50	Name: __cfduid Value: d5dc8b4ab7ee0d0d243afd21c75b28f1f1588898408

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

airbnb.listing-429302.com
www.wellsfargo.com
www01.wellsfargomedia.com
www.wellsfargo.com
23.43.126.164
2606:4700:3032::681c:c38
11eeedc9c77d9f9f04d715b8dbeff000c8a47a98d114f6d4e0c1acd96186cc8c
3875bf575f3f4a3ec329f047eee26f01224496d1cc2dcd4bd97eea46a0d76b6f
3958d228ddc916e9cec0be18c07e272d32d3ee577a30848cd0c2e8bcd8bb72d2
3ce0c5a609e25aac2c4dec533efaae10285a4a2411400f070489f3399e817bb5
73a93970a0a6500042ce3128f8cc41773d8c4c613688e7d39a3f1631e6a7a032
76e03b9e0190d502eadeb4bcc2f90b36ad5539b24750a5edb17d7b8970b19651
869e94fbe314e86261ff0dcfd5a52175d02298b8c6633140cdc0a544bb7721c5
a98735983fc45de6d8c69b98096984334f98a1f0283a02b34fb112a6c1dbd8e6
b02542c8dbda0e8cdf0a492c6f7f8b8f44c407601f9b1826e925f9a1b68fda08
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b9b95405a967395d2eb2f2d882a485b0031c53ca46b1023b226c33003256d865
f18501c21e206dcad83281bd81f4d34073398f3336177732119b2077c50d7efd
f57974477120fb24cd359ad6599bffc91f79685650d2cda84c1e7ff4200cb552
fc3a1a0b493f04d985fd42f5a7726845818e3ef82392cd01e185f74a7b0d4089

airbnb.listing-429302.com Open in urlscan Pro 2606:4700:3032::681c:c38 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

20 Requests

45 %HTTPS

50 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

66 kBTransfer

247 kBSize

2 Cookies

1 Outgoing links

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

2 Cookies

Indicators

airbnb.listing-429302.com Open in urlscan Pro
2606:4700:3032::681c:c38 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

45 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

66 kB
Transfer

247 kB
Size

2
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!