yusqa.com Open in urlscan Pro
143.95.232.46 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://yusqa.com/confirm-1.shtml
Submission: On September 20 via automatic, source openphish (September 20th 2017, 8:11:09 am UTC)

Summary HTTP 19 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 19 HTTP transactions. The main IP is 143.95.232.46, located in Los Angeles, United States and belongs to COLO4-CO - Colo4, LLC, US. The main domain is yusqa.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on January 6th 2017. Valid for: a year.

This is the only time yusqa.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2	143.95.232.46 143.95.232.46	36024 (COLO4-CO) (COLO4-CO - Colo4)
17	159.45.2.180 159.45.2.180	10837 (WELLSFARG...) (WELLSFARGO-10837 - Wells Fargo & Company)
19	2

2 143.95.232.46 (Los Angeles, United States)

ASN36024 (COLO4-CO - Colo4, LLC, US)
PTR: ip-143-95-232-46.iplocal

yusqa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 159.45.2.180 (United States)

ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US)

oam.wellsfargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	wellsfargo.com oam.wellsfargo.com	210 KB
2	yusqa.com yusqa.com	8 KB
19	2

	Domain	Requested by
17	oam.wellsfargo.com	yusqa.com oam.wellsfargo.com
2	yusqa.com	yusqa.com
19	2

This site contains links to these domains. Also see Links.

Domain
www.wellsfargo.com
oam.wellsfargo.com

Subject Issuer	Validity	Valid
yusqa.com COMODO RSA Domain Validation Secure Server CA	`2017-01-06` - `2018-01-06`	a year	crt.sh
oam.wellsfargo.com Symantec Class 3 Secure Server CA - G4	`2017-01-31` - `2019-02-01`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://yusqa.com/confirm-1.shtml
Frame ID: 32054.1
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

218 kB
Transfer

219 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.wellsfargo.com/security/security_olb?where=onlineAccessibility

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/home.jhtml

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/security/security_olb
Title: Online Security Guarantee

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/per/int_access_codes
Title: international access codes.

Search URL Search Domain Scan URL

URL: https://oam.wellsfargo.com/oam/access/challengeToggleDisplay?locale=es&OAM_TKN=9e48ca7941aa45c50f80dcbc5ec501c7fba1b280dc98266d5c3f6b53bcc73f3e
Title: En Español

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request confirm-1.shtml Show response yusqa.com/	8 KB 8 KB	560ms 142ms	Document text/html	143.95.232.46 Colo4
General Check archive.org Show headers Download Go to Full URL https://yusqa.com/confirm-1.shtml Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 143.95.232.46 Los Angeles, United States, ASN36024 (COLO4-CO - Colo4, LLC, US), Reverse DNS ip-143-95-232-46.iplocal Software Apache / Resource Hash `5ee8c04964e3adb5a4c2adc3b09c8b43e0aec29a06b885841b5a8abd4725794a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:57 GMT Server Apache Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=768 Content-Length 8131 Content-Type text/html
GET H/1.1	200	app_utilities.js Show response oam.wellsfargo.com/oam/js/	11 KB 11 KB	532ms 136ms	Script application/javascript	159.45.2.180 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://oam.wellsfargo.com/oam/js/app_utilities.js Requested by Host: yusqa.com URL: https://yusqa.com/confirm-1.shtml Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash `9c064d95e894fd7c1319e38d866cf3804eb23b15dcec2cda7f64995c475e6341` Request headers Referer https://yusqa.com/confirm-1.shtml User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:58 GMT Last-Modified Tue, 11 Apr 2017 09:01:22 GMT Server KONICHIWA/1.1 Accept-Ranges bytes ETag W/"11211-1491901282000" Content-Length 11211 Content-Type application/javascript
GET H/1.1	200	tip.js Show response oam.wellsfargo.com/oam/js/	10 KB 10 KB	533ms 136ms	Script application/javascript	159.45.2.180 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://oam.wellsfargo.com/oam/js/tip.js Requested by Host: yusqa.com URL: https://yusqa.com/confirm-1.shtml Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash `b43470dd93c5f557f45099eb4ce2efd000176e3071e50bebae2b80fd52461468` Request headers Referer https://yusqa.com/confirm-1.shtml User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:58 GMT Last-Modified Tue, 11 Apr 2017 09:01:22 GMT Server KONICHIWA/1.1 Accept-Ranges bytes ETag W/"10578-1491901282000" Content-Length 10578 Content-Type application/javascript
GET H/1.1	200	vudu.css oam.wellsfargo.com/oam/css/	26 KB 26 KB	533ms 136ms	Stylesheet text/css	159.45.2.180 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://oam.wellsfargo.com/oam/css/vudu.css Requested by Host: yusqa.com URL: https://yusqa.com/confirm-1.shtml Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash `a5334207569b388a6ad7d23efca5a43eaf81a3e351d838260ba1817b1378f1fc` Request headers Referer https://yusqa.com/confirm-1.shtml User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:58 GMT Last-Modified Tue, 11 Apr 2017 09:01:18 GMT Server KONICHIWA/1.1 Accept-Ranges bytes ETag W/"26484-1491901278000" Content-Length 26484 Content-Type text/css
GET H/1.1	200	wibscreen.css oam.wellsfargo.com/oam/css/	34 KB 34 KB	534ms 137ms	Stylesheet text/css	159.45.2.180 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://oam.wellsfargo.com/oam/css/wibscreen.css Requested by Host: yusqa.com URL: https://yusqa.com/confirm-1.shtml Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash `3bc0da7d0fc015552a3ecc2510865348b81b3a1c402ebf00c85c42beacd33fa1` Request headers Referer https://yusqa.com/confirm-1.shtml User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:58 GMT Last-Modified Tue, 11 Apr 2017 09:01:18 GMT Server KONICHIWA/1.1 Accept-Ranges bytes ETag W/"34427-1491901278000" Content-Length 34427 Content-Type text/css
GET H/1.1	200	oam.css oam.wellsfargo.com/oam/css/	17 KB 17 KB	532ms 136ms	Stylesheet text/css	159.45.2.180 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://oam.wellsfargo.com/oam/css/oam.css Requested by Host: yusqa.com URL: https://yusqa.com/confirm-1.shtml Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash `fdd70c69ee2891c119d78245e0171dc399e23ec933b7bc78cf3014dbf3dc0024` Request headers Referer https://yusqa.com/confirm-1.shtml User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:58 GMT Last-Modified Tue, 11 Apr 2017 09:01:18 GMT Server KONICHIWA/1.1 Accept-Ranges bytes ETag W/"17636-1491901278000" Content-Length 17636 Content-Type text/css
GET H/1.1	200	tip.css oam.wellsfargo.com/oam/css/	1 KB 1 KB	530ms 134ms	Stylesheet text/css	159.45.2.180 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://oam.wellsfargo.com/oam/css/tip.css Requested by Host: yusqa.com URL: https://yusqa.com/confirm-1.shtml Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash `3890e90c751b640c61e43b0b24c7efa1fecb79d701109744cc74c63e03727e0e` Request headers Referer https://yusqa.com/confirm-1.shtml User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:58 GMT Last-Modified Tue, 11 Apr 2017 09:01:18 GMT Server KONICHIWA/1.1 Accept-Ranges bytes ETag W/"1280-1491901278000" Content-Length 1280 Content-Type text/css
GET H/1.1	200	jquery.min.js Show response oam.wellsfargo.com/oam/js/	94 KB 94 KB	666ms 135ms	Script application/javascript	159.45.2.180 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://oam.wellsfargo.com/oam/js/jquery.min.js Requested by Host: yusqa.com URL: https://yusqa.com/confirm-1.shtml Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash `2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0` Request headers Referer https://yusqa.com/confirm-1.shtml User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:58 GMT Last-Modified Tue, 11 Apr 2017 09:01:22 GMT Server KONICHIWA/1.1 Accept-Ranges bytes ETag W/"95931-1491901282000" Content-Length 95931 Content-Type application/javascript
GET H/1.1	200	timer.js Show response oam.wellsfargo.com/oam/js/	7 KB 7 KB	669ms 136ms	Script application/javascript	159.45.2.180 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://oam.wellsfargo.com/oam/js/timer.js Requested by Host: yusqa.com URL: https://yusqa.com/confirm-1.shtml Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash `8fee1335b54427ccc48d7adc37ea958c36ee3c9a55ea146ff47f718c493045bf` Request headers Referer https://yusqa.com/confirm-1.shtml User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:58 GMT Last-Modified Tue, 11 Apr 2017 09:01:22 GMT Server KONICHIWA/1.1 Accept-Ranges bytes ETag W/"7648-1491901282000" Content-Length 7648 Content-Type application/javascript
GET H/1.1	200	shim.gif oam.wellsfargo.com/oam/images/	43 B 43 B	133ms 133ms	Image image/gif	159.45.2.180 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Show image Full URL https://oam.wellsfargo.com/oam/images/shim.gif Requested by Host: yusqa.com URL: https://yusqa.com/confirm-1.shtml Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash `89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7` Request headers Referer https://yusqa.com/confirm-1.shtml User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:58 GMT Last-Modified Tue, 11 Apr 2017 09:01:22 GMT Server KONICHIWA/1.1 Accept-Ranges bytes ETag W/"43-1491901282000" Content-Length 43 Content-Type image/gif
GET H/1.1	200	logo_62sq.gif oam.wellsfargo.com/oam/images/	616 B 616 B	133ms 133ms	Image image/gif	159.45.2.180 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Show image Full URL https://oam.wellsfargo.com/oam/images/logo_62sq.gif Requested by Host: yusqa.com URL: https://yusqa.com/confirm-1.shtml Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash `ebf4a535fa6a88962621940e780ca0cd6707b6cdaed59f469f0aeada311d09d1` Request headers Referer https://yusqa.com/confirm-1.shtml User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:58 GMT Last-Modified Tue, 11 Apr 2017 09:01:22 GMT Server KONICHIWA/1.1 ETag W/"616-1491901282000" Content-Type image/gif X-Cnection close Accept-Ranges bytes Content-Length 616
GET H/1.1	200	tagline_consumer.gif oam.wellsfargo.com/oam/images/	937 B 937 B	136ms 136ms	Image image/gif	159.45.2.180 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Show image Full URL https://oam.wellsfargo.com/oam/images/tagline_consumer.gif Requested by Host: yusqa.com URL: https://yusqa.com/confirm-1.shtml Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash `5dd26d926dda54524ab6d5696e30fa8ae26e5b54895d20a4781d54f4ed5cbf78` Request headers Referer https://yusqa.com/confirm-1.shtml User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:58 GMT Last-Modified Tue, 11 Apr 2017 09:01:22 GMT Server KONICHIWA/1.1 Accept-Ranges bytes ETag W/"937-1491901282000" Content-Length 937 Content-Type image/gif
GET H/1.1	200	tip_close.gif oam.wellsfargo.com/oam/css/images/	145 B 145 B	133ms 133ms	Image image/gif	159.45.2.180 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Show image Full URL https://oam.wellsfargo.com/oam/css/images/tip_close.gif Requested by Host: yusqa.com URL: https://yusqa.com/confirm-1.shtml Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash `d85f54f9bbb6febac15be3e5873e0b26eaa4b205507ab82796c6b3a6182c9217` Request headers Referer https://yusqa.com/confirm-1.shtml User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:58 GMT Last-Modified Tue, 11 Apr 2017 09:01:18 GMT Server KONICHIWA/1.1 Accept-Ranges bytes ETag W/"145-1491901278000" Content-Length 145 Content-Type image/gif
GET H/1.1	200	al_ehl_house_gen.gif oam.wellsfargo.com/oam/images/	111 B 111 B	134ms 134ms	Image image/gif	159.45.2.180 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Show image Full URL https://oam.wellsfargo.com/oam/images/al_ehl_house_gen.gif Requested by Host: yusqa.com URL: https://yusqa.com/confirm-1.shtml Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash `c607565db4706ba321b498fe0d030c5ea56d10db184e40ffcb6092fad8ed6569` Request headers Referer https://yusqa.com/confirm-1.shtml User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:58 GMT Last-Modified Tue, 11 Apr 2017 09:01:20 GMT Server KONICHIWA/1.1 Accept-Ranges bytes ETag W/"111-1491901280000" Content-Length 111 Content-Type image/gif
GET H/1.1	200	wibprint.css oam.wellsfargo.com/oam/css/	3 KB 3 KB	135ms 134ms	Stylesheet text/css	159.45.2.180 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://oam.wellsfargo.com/oam/css/wibprint.css Requested by Host: yusqa.com URL: https://yusqa.com/confirm-1.shtml Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash `5eac34e388178efd5ee1346ec07f7a80b204157b4058bf54a90eef2c8aa2ac88` Request headers Referer https://yusqa.com/confirm-1.shtml User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:58 GMT Last-Modified Tue, 11 Apr 2017 09:01:18 GMT Server KONICHIWA/1.1 Accept-Ranges bytes ETag W/"2901-1491901278000" Content-Length 2901 Content-Type text/css
GET H/1.1	200	securityguarantee.gif oam.wellsfargo.com/oam/images/	67 B 67 B	136ms 136ms	Image image/gif	159.45.2.180 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Show image Full URL https://oam.wellsfargo.com/oam/images/securityguarantee.gif Requested by Host: oam.wellsfargo.com URL: https://oam.wellsfargo.com/oam/js/jquery.min.js Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash `efe958151f0837002965e098124bf7c159236a74d0e9dbd0015ecbcf461f0810` Request headers Referer https://oam.wellsfargo.com/oam/css/vudu.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:58 GMT Last-Modified Tue, 11 Apr 2017 09:01:22 GMT Server KONICHIWA/1.1 Accept-Ranges bytes ETag W/"67-1491901282000" Content-Length 67 Content-Type image/gif
GET H/1.1	200	tip_default_top.gif oam.wellsfargo.com/oam/css/images/	4 KB 4 KB	150ms 150ms	Image image/gif	159.45.2.180 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Show image Full URL https://oam.wellsfargo.com/oam/css/images/tip_default_top.gif Requested by Host: oam.wellsfargo.com URL: https://oam.wellsfargo.com/oam/js/jquery.min.js Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash `85510f165db511fb5d960bcb879c7f7a7c2c511e08610e189c3d827fec06f314` Request headers Referer https://oam.wellsfargo.com/oam/css/tip.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:58 GMT Last-Modified Tue, 11 Apr 2017 09:01:18 GMT Server KONICHIWA/1.1 Accept-Ranges bytes ETag W/"4273-1491901278000" Content-Length 4273 Content-Type image/gif
GET H/1.1	200	tip_bottom.gif oam.wellsfargo.com/oam/css/images/	994 B 994 B	246ms 133ms	Image image/gif	159.45.2.180 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Show image Full URL https://oam.wellsfargo.com/oam/css/images/tip_bottom.gif Requested by Host: oam.wellsfargo.com URL: https://oam.wellsfargo.com/oam/js/jquery.min.js Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash `8c12ba01de60518f9fc8ff97bb71897c99f9d3b02ba91decab6c406580697bad` Request headers Referer https://oam.wellsfargo.com/oam/css/tip.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:58 GMT Last-Modified Tue, 11 Apr 2017 09:01:18 GMT Server KONICHIWA/1.1 Accept-Ranges bytes ETag W/"994-1491901278000" Content-Length 994 Content-Type image/gif
GET H/1.1	404 Not Found	resettimeout yusqa.com/oam/	333 B 0	142ms 142ms	Image text/html	143.95.232.46 Colo4
General Check archive.org Show headers Download Go to Show image Full URL https://yusqa.com/oam/resettimeout?continue=false&v=1505895058914 Requested by Host: yusqa.com URL: https://yusqa.com/confirm-1.shtml Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 143.95.232.46 Los Angeles, United States, ASN36024 (COLO4-CO - Colo4, LLC, US), Reverse DNS ip-143-95-232-46.iplocal Software Apache / Resource Hash `4fd3792324a88687e5c834c2e1a32c07316b1f25e0c24d447ab35fbc19c2f32a` Request headers Referer https://yusqa.com/confirm-1.shtml User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Wed, 20 Sep 2017 08:10:58 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=15, max=767 Content-Length 333 Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

oam.wellsfargo.com
yusqa.com
143.95.232.46
159.45.2.180
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
3890e90c751b640c61e43b0b24c7efa1fecb79d701109744cc74c63e03727e0e
3bc0da7d0fc015552a3ecc2510865348b81b3a1c402ebf00c85c42beacd33fa1
4fd3792324a88687e5c834c2e1a32c07316b1f25e0c24d447ab35fbc19c2f32a
5dd26d926dda54524ab6d5696e30fa8ae26e5b54895d20a4781d54f4ed5cbf78
5eac34e388178efd5ee1346ec07f7a80b204157b4058bf54a90eef2c8aa2ac88
5ee8c04964e3adb5a4c2adc3b09c8b43e0aec29a06b885841b5a8abd4725794a
85510f165db511fb5d960bcb879c7f7a7c2c511e08610e189c3d827fec06f314
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8c12ba01de60518f9fc8ff97bb71897c99f9d3b02ba91decab6c406580697bad
8fee1335b54427ccc48d7adc37ea958c36ee3c9a55ea146ff47f718c493045bf
9c064d95e894fd7c1319e38d866cf3804eb23b15dcec2cda7f64995c475e6341
a5334207569b388a6ad7d23efca5a43eaf81a3e351d838260ba1817b1378f1fc
b43470dd93c5f557f45099eb4ce2efd000176e3071e50bebae2b80fd52461468
c607565db4706ba321b498fe0d030c5ea56d10db184e40ffcb6092fad8ed6569
d85f54f9bbb6febac15be3e5873e0b26eaa4b205507ab82796c6b3a6182c9217
ebf4a535fa6a88962621940e780ca0cd6707b6cdaed59f469f0aeada311d09d1
efe958151f0837002965e098124bf7c159236a74d0e9dbd0015ecbcf461f0810
fdd70c69ee2891c119d78245e0171dc399e23ec933b7bc78cf3014dbf3dc0024

yusqa.com Open in urlscan Pro 143.95.232.46 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

218 kBTransfer

219 kBSize

0 Cookies

5 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

yusqa.com Open in urlscan Pro
143.95.232.46 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

218 kB
Transfer

219 kB
Size

0
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!