aconnectionsecure0.duckdns.org
Open in
urlscan Pro
157.245.91.129
Malicious Activity!
Public Scan
Submission: On October 26 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 25th 2021. Valid for: 3 months.
This is the only time aconnectionsecure0.duckdns.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 157.245.91.129 157.245.91.129 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
1 | 159.45.66.178 159.45.66.178 | 4196 (WELLSFARG...) (WELLSFARGO-4196) | |
1 | 159.45.170.139 159.45.170.139 | 10837 (WELLSFARG...) (WELLSFARGO-10837) | |
9 | 4 |
ASN14061 (DIGITALOCEAN-ASN, US)
PTR: keep.try.com
aconnectionsecure0.duckdns.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
duckdns.org
aconnectionsecure0.duckdns.org |
634 KB |
2 |
wellsfargo.com
static.wellsfargo.com rubicon.wellsfargo.com |
12 KB |
9 | 2 |
Domain | Requested by | |
---|---|---|
7 | aconnectionsecure0.duckdns.org |
aconnectionsecure0.duckdns.org
|
1 | rubicon.wellsfargo.com |
aconnectionsecure0.duckdns.org
|
1 | static.wellsfargo.com |
aconnectionsecure0.duckdns.org
|
9 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.wellsfargo.com |
oam.wellsfargo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
aconnectionsecure0.duckdns.org cPanel, Inc. Certification Authority |
2021-10-25 - 2022-01-23 |
3 months | crt.sh |
static.wellsfargo.com DigiCert EV RSA CA G2 |
2020-07-11 - 2022-07-20 |
2 years | crt.sh |
rubicon.wellsfargo.com Wells Fargo Public Trust Certification Authority 01 G2 |
2021-04-26 - 2022-05-04 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
Frame ID: 94E79BBE6BD142DD7C7ECAAFEB93D519
Requests: 19 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Online Security
Search URL Search Domain Scan URL
Title: EspaƱol
Search URL Search Domain Scan URL
Title: Privacy, Security & Legal
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
payment%20verification.php
aconnectionsecure0.duckdns.org/ll/ |
281 KB 281 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
detector-dom.js
aconnectionsecure0.duckdns.org/ll/KNYGHT/WellsFargo/ |
289 KB 289 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.js
aconnectionsecure0.duckdns.org/ll/KNYGHT/WellsFargo/ |
28 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
passwordReset.css
aconnectionsecure0.duckdns.org/ll/KNYGHT/WellsFargo/ |
23 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag_002.js
aconnectionsecure0.duckdns.org/ll/KNYGHT/WellsFargo/ |
6 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
theme.css
aconnectionsecure0.duckdns.org/ll/KNYGHT/WellsFargo/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
19 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nativeapp-bridge-min.js
aconnectionsecure0.duckdns.org/ll/KNYGHT/WellsFargo/ |
5 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
212 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
395 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
309 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.js
static.wellsfargo.com/tracking/secure-auth/ |
35 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
433 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cls_report
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/ |
50 B 972 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster object| antiClickjack boolean| utag_condload string| new_path object| utag_cfg_ovrd object| userAgentArr object| utag boolean| __tealium_twc_switch object| utag_data object| errorMessages object| nativeapp object| ChangePassword function| handleSubmitForm object| _detector function| isNotUndefinedOrNull function| getDocumentTitleLabel function| sendDataToGA function| utag_pad function| utag_visitor_id2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38 | Name: _cls_s Value: adf8c495-dc09-4c73-9faa-e9bc42283bf5:0 |
|
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38 | Name: _cls_v Value: c473220b-2a02-46b2-8417-fa0f8dfcf63b |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aconnectionsecure0.duckdns.org
rubicon.wellsfargo.com
static.wellsfargo.com
157.245.91.129
159.45.170.139
159.45.66.178
00b2519c3ecb866ffc2be3565c3c5199ce0b8f07c7e627404a0253e73f00c83e
0a646e5aa2bffaf7fe24e63ed8b5b736264707497f2724c53c27995448ead57b
15a98788e4fed5bedec09c4d39f4846dd8b831b79e8fd4dd662d21336685a3ad
1e6897f16252610e8ef3db2e7e6e2ad93679362bc33adbb0ea7f4512427b4bf6
1ed889a15705bc76729d29d715c64f3d7f35de2ea519e1d2704924cf40d9e30d
308814e889e620bcc22663088a581aca47e8182169f807a2d0c057f2cd3b8bb3
409bb0fda65031ecb46a7c70e6e1e9cdec272980903bde0e95861c69676f07bb
66045233d2ee1cee32d15db765bf0128a7e1668f893d3b22a52ba501420ebf3b
760e197a587837587f4ee4b3a1314a2689593583342eebbdf60b96506518ca54
80c5eb345f1f84a24a73a12da5b236e3bda707c450fe19b336fdb6945e85457a
8a46f7e1801bbc650201f5fd410d1854ff5e62c284414de48d418bed2f33fc8a
8f25bee7c185d918f1d55f844f64b5cd372a4743caeb63c2abd413e5f42a4949
a05c326b16b3173fbf8e999d38e907d35bb00c0cb245fa675776c9a2fd788e17
a1295f89ada2a2990c5333ae6211bc1b759278cc0e33b2f2fd0799ac0c596661
aea2da60dc01deaa122a139b35fdca2b74525b367077acca1c62c148c7169162
c88f9e693aac54facd0bcabe4193977dc791ae30529a2771ae564f08ffdb9a6d
d37bd2b0d972b4d93225150196da6b4b0ba8d1daf224b54ccec32ad5632f5a3f
edc5ee3b590dae17b0eb19063c34680c15ee144d13583d006e6a7976b69cd2db
f65740ba9940fbb954cdda0e5ebd65f8bcffe947b1da26d0d4b2c769d4745fc6