aconnectionsecure0.duckdns.org Open in urlscan Pro
157.245.91.129  Malicious Activity! Public Scan

URL: https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
Submission: On October 26 via automatic, source openphish — Scanned from DE

Summary

This website contacted 4 IPs in 1 countries across 2 domains to perform 9 HTTP transactions. The main IP is 157.245.91.129, located in United States and belongs to DIGITALOCEAN-ASN, US. The main domain is aconnectionsecure0.duckdns.org.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 25th 2021. Valid for: 3 months.
This is the only time aconnectionsecure0.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

IP Address AS Autonomous System
7 157.245.91.129 14061 (DIGITALOC...)
1 159.45.66.178 4196 (WELLSFARG...)
1 159.45.170.139 10837 (WELLSFARG...)
9 4
Domain Requested by
7 aconnectionsecure0.duckdns.org aconnectionsecure0.duckdns.org
1 rubicon.wellsfargo.com aconnectionsecure0.duckdns.org
1 static.wellsfargo.com aconnectionsecure0.duckdns.org
9 3

This site contains links to these domains. Also see Links.

Domain
www.wellsfargo.com
oam.wellsfargo.com
Subject Issuer Validity Valid
aconnectionsecure0.duckdns.org
cPanel, Inc. Certification Authority
2021-10-25 -
2022-01-23
3 months crt.sh
static.wellsfargo.com
DigiCert EV RSA CA G2
2020-07-11 -
2022-07-20
2 years crt.sh
rubicon.wellsfargo.com
Wells Fargo Public Trust Certification Authority 01 G2
2021-04-26 -
2022-05-04
a year crt.sh

This page contains 1 frames:

Primary Page: https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
Frame ID: 94E79BBE6BD142DD7C7ECAAFEB93D519
Requests: 19 HTTP requests in this frame

Screenshot

Page Title

Wells Fargo Verification | Step 3

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

4
IPs

1
Countries

646 kB
Transfer

701 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request payment%20verification.php
aconnectionsecure0.duckdns.org/ll/
281 KB
281 KB
Document
General
Full URL
https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.245.91.129 , United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
keep.try.com
Software
Apache /
Resource Hash
308814e889e620bcc22663088a581aca47e8182169f807a2d0c057f2cd3b8bb3

Request headers

Host
aconnectionsecure0.duckdns.org
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Tue, 26 Oct 2021 13:06:02 GMT
Server
Apache
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
detector-dom.js
aconnectionsecure0.duckdns.org/ll/KNYGHT/WellsFargo/
289 KB
289 KB
Script
General
Full URL
https://aconnectionsecure0.duckdns.org/ll/KNYGHT/WellsFargo/detector-dom.js
Requested by
Host: aconnectionsecure0.duckdns.org
URL: https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.245.91.129 , United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
keep.try.com
Software
Apache /
Resource Hash
f65740ba9940fbb954cdda0e5ebd65f8bcffe947b1da26d0d4b2c769d4745fc6

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
aconnectionsecure0.duckdns.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 26 Oct 2021 13:06:02 GMT
Last-Modified
Thu, 24 Sep 2020 13:07:30 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
295586
utag.js
aconnectionsecure0.duckdns.org/ll/KNYGHT/WellsFargo/
28 KB
28 KB
Script
General
Full URL
https://aconnectionsecure0.duckdns.org/ll/KNYGHT/WellsFargo/utag.js
Requested by
Host: aconnectionsecure0.duckdns.org
URL: https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.245.91.129 , United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
keep.try.com
Software
Apache /
Resource Hash
15a98788e4fed5bedec09c4d39f4846dd8b831b79e8fd4dd662d21336685a3ad

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
aconnectionsecure0.duckdns.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 26 Oct 2021 13:06:02 GMT
Last-Modified
Thu, 24 Sep 2020 13:07:30 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
28528
passwordReset.css
aconnectionsecure0.duckdns.org/ll/KNYGHT/WellsFargo/
23 KB
23 KB
Stylesheet
General
Full URL
https://aconnectionsecure0.duckdns.org/ll/KNYGHT/WellsFargo/passwordReset.css
Requested by
Host: aconnectionsecure0.duckdns.org
URL: https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.245.91.129 , United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
keep.try.com
Software
Apache /
Resource Hash
80c5eb345f1f84a24a73a12da5b236e3bda707c450fe19b336fdb6945e85457a

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
aconnectionsecure0.duckdns.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 26 Oct 2021 13:06:02 GMT
Last-Modified
Thu, 24 Sep 2020 13:07:30 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
23674
utag_002.js
aconnectionsecure0.duckdns.org/ll/KNYGHT/WellsFargo/
6 KB
6 KB
Script
General
Full URL
https://aconnectionsecure0.duckdns.org/ll/KNYGHT/WellsFargo/utag_002.js
Requested by
Host: aconnectionsecure0.duckdns.org
URL: https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.245.91.129 , United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
keep.try.com
Software
Apache /
Resource Hash
aea2da60dc01deaa122a139b35fdca2b74525b367077acca1c62c148c7169162

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
aconnectionsecure0.duckdns.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 26 Oct 2021 13:06:02 GMT
Last-Modified
Thu, 24 Sep 2020 13:07:30 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
5751
theme.css
aconnectionsecure0.duckdns.org/ll/KNYGHT/WellsFargo/
2 KB
2 KB
Stylesheet
General
Full URL
https://aconnectionsecure0.duckdns.org/ll/KNYGHT/WellsFargo/theme.css
Requested by
Host: aconnectionsecure0.duckdns.org
URL: https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.245.91.129 , United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
keep.try.com
Software
Apache /
Resource Hash
409bb0fda65031ecb46a7c70e6e1e9cdec272980903bde0e95861c69676f07bb

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
aconnectionsecure0.duckdns.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 26 Oct 2021 13:06:02 GMT
Last-Modified
Thu, 24 Sep 2020 13:07:30 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
1794
truncated
/
19 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0a646e5aa2bffaf7fe24e63ed8b5b736264707497f2724c53c27995448ead57b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/gif
nativeapp-bridge-min.js
aconnectionsecure0.duckdns.org/ll/KNYGHT/WellsFargo/
5 KB
5 KB
Script
General
Full URL
https://aconnectionsecure0.duckdns.org/ll/KNYGHT/WellsFargo/nativeapp-bridge-min.js
Requested by
Host: aconnectionsecure0.duckdns.org
URL: https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.245.91.129 , United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
keep.try.com
Software
Apache /
Resource Hash
c88f9e693aac54facd0bcabe4193977dc791ae30529a2771ae564f08ffdb9a6d

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
aconnectionsecure0.duckdns.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 26 Oct 2021 13:06:02 GMT
Last-Modified
Thu, 24 Sep 2020 13:07:30 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
4807
truncated
/
6 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d37bd2b0d972b4d93225150196da6b4b0ba8d1daf224b54ccec32ad5632f5a3f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
edc5ee3b590dae17b0eb19063c34680c15ee144d13583d006e6a7976b69cd2db

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1e6897f16252610e8ef3db2e7e6e2ad93679362bc33adbb0ea7f4512427b4bf6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
212 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8a46f7e1801bbc650201f5fd410d1854ff5e62c284414de48d418bed2f33fc8a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a05c326b16b3173fbf8e999d38e907d35bb00c0cb245fa675776c9a2fd788e17

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
395 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
00b2519c3ecb866ffc2be3565c3c5199ce0b8f07c7e627404a0253e73f00c83e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
309 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
66045233d2ee1cee32d15db765bf0128a7e1668f893d3b22a52ba501420ebf3b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1ed889a15705bc76729d29d715c64f3d7f35de2ea519e1d2704924cf40d9e30d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/jpeg
utag.js
static.wellsfargo.com/tracking/secure-auth/
35 KB
11 KB
Script
General
Full URL
https://static.wellsfargo.com/tracking/secure-auth/utag.js
Requested by
Host: aconnectionsecure0.duckdns.org
URL: https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.66.178 Charlotte, United States, ASN4196 (WELLSFARGO-4196, US),
Reverse DNS
Software
KONICHIWA/2.0 /
Resource Hash
760e197a587837587f4ee4b3a1314a2689593583342eebbdf60b96506518ca54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://aconnectionsecure0.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 26 Oct 2021 13:06:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
10472
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 21 Oct 2021 18:45:59 GMT
Server
KONICHIWA/2.0
X-Frame-Options
SAMEORIGIN
ETag
"8bfa-5cee14e41437d-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
application/javascript; charset=utf-8
Cache-Control
max-age=1800
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=90
truncated
/
433 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8f25bee7c185d918f1d55f844f64b5cd372a4743caeb63c2abd413e5f42a4949

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
cls_report
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/
50 B
972 B
XHR
General
Full URL
https://rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=adf8c495-dc09-4c73-9faa-e9bc42283bf5%3A0&_cls_v=c473220b-2a02-46b2-8417-fa0f8dfcf63b
Requested by
Host: aconnectionsecure0.duckdns.org
URL: https://aconnectionsecure0.duckdns.org/ll/payment%20verification.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.170.139 , United States, ASN10837 (WELLSFARGO-10837, US),
Reverse DNS
Software
GlassBox Cligate /
Resource Hash
a1295f89ada2a2990c5333ae6211bc1b759278cc0e33b2f2fd0799ac0c596661
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://aconnectionsecure0.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 26 Oct 2021 13:06:04 GMT
content-encoding
gzip
X-Content-Type-Options
nosniff
Server
GlassBox Cligate
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
application/json; charset=utf-8
access-control-allow-origin
https://aconnectionsecure0.duckdns.org
access-control-allow-credentials
true
Connection
Keep-Alive
vary
origin
content-length
76
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=18

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster object| antiClickjack boolean| utag_condload string| new_path object| utag_cfg_ovrd object| userAgentArr object| utag boolean| __tealium_twc_switch object| utag_data object| errorMessages object| nativeapp object| ChangePassword function| handleSubmitForm object| _detector function| isNotUndefinedOrNull function| getDocumentTitleLabel function| sendDataToGA function| utag_pad function| utag_visitor_id

2 Cookies

Domain/Path Name / Value
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38 Name: _cls_s
Value: adf8c495-dc09-4c73-9faa-e9bc42283bf5:0
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38 Name: _cls_v
Value: c473220b-2a02-46b2-8417-fa0f8dfcf63b

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aconnectionsecure0.duckdns.org
rubicon.wellsfargo.com
static.wellsfargo.com
157.245.91.129
159.45.170.139
159.45.66.178
00b2519c3ecb866ffc2be3565c3c5199ce0b8f07c7e627404a0253e73f00c83e
0a646e5aa2bffaf7fe24e63ed8b5b736264707497f2724c53c27995448ead57b
15a98788e4fed5bedec09c4d39f4846dd8b831b79e8fd4dd662d21336685a3ad
1e6897f16252610e8ef3db2e7e6e2ad93679362bc33adbb0ea7f4512427b4bf6
1ed889a15705bc76729d29d715c64f3d7f35de2ea519e1d2704924cf40d9e30d
308814e889e620bcc22663088a581aca47e8182169f807a2d0c057f2cd3b8bb3
409bb0fda65031ecb46a7c70e6e1e9cdec272980903bde0e95861c69676f07bb
66045233d2ee1cee32d15db765bf0128a7e1668f893d3b22a52ba501420ebf3b
760e197a587837587f4ee4b3a1314a2689593583342eebbdf60b96506518ca54
80c5eb345f1f84a24a73a12da5b236e3bda707c450fe19b336fdb6945e85457a
8a46f7e1801bbc650201f5fd410d1854ff5e62c284414de48d418bed2f33fc8a
8f25bee7c185d918f1d55f844f64b5cd372a4743caeb63c2abd413e5f42a4949
a05c326b16b3173fbf8e999d38e907d35bb00c0cb245fa675776c9a2fd788e17
a1295f89ada2a2990c5333ae6211bc1b759278cc0e33b2f2fd0799ac0c596661
aea2da60dc01deaa122a139b35fdca2b74525b367077acca1c62c148c7169162
c88f9e693aac54facd0bcabe4193977dc791ae30529a2771ae564f08ffdb9a6d
d37bd2b0d972b4d93225150196da6b4b0ba8d1daf224b54ccec32ad5632f5a3f
edc5ee3b590dae17b0eb19063c34680c15ee144d13583d006e6a7976b69cd2db
f65740ba9940fbb954cdda0e5ebd65f8bcffe947b1da26d0d4b2c769d4745fc6