ywpe9v2jfwyogydzzaddswxbia6fpncmi9n8ipm4hl5eoutr7mhxrbiqrkt8tlq.xzone.no
Open in
urlscan Pro
67.23.254.254
Malicious Activity!
Public Scan
Submission: On September 02 via automatic, source openphish — Scanned from NO
Summary
This is the only time ywpe9v2jfwyogydzzaddswxbia6fpncmi9n8ipm4hl5eoutr7mhxrbiqrkt8tlq.xzone.no was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 67.23.254.254 67.23.254.254 | 33182 (DIMENOC) (DIMENOC) | |
8 | 159.45.2.180 159.45.2.180 | 10837 (WELLSFARG...) (WELLSFARGO-10837) | |
3 | 159.45.2.178 159.45.2.178 | 10837 (WELLSFARG...) (WELLSFARGO-10837) | |
1 | 95.101.23.205 95.101.23.205 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
14 | 5 |
ASN33182 (DIMENOC, US)
PTR: reseller-223.mco2.hostdime.com
ywpe9v2jfwyogydzzaddswxbia6fpncmi9n8ipm4hl5eoutr7mhxrbiqrkt8tlq.xzone.no |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-23-205.deploy.static.akamaitechnologies.com
rubicon.wellsfargo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
wellsfargo.com
oam.wellsfargo.com — Cisco Umbrella Rank: 91775 static.wellsfargo.com — Cisco Umbrella Rank: 13480 rubicon.wellsfargo.com — Cisco Umbrella Rank: 11019 |
215 KB |
2 |
xzone.no
ywpe9v2jfwyogydzzaddswxbia6fpncmi9n8ipm4hl5eoutr7mhxrbiqrkt8tlq.xzone.no |
262 KB |
14 | 2 |
Domain | Requested by | |
---|---|---|
8 | oam.wellsfargo.com |
ywpe9v2jfwyogydzzaddswxbia6fpncmi9n8ipm4hl5eoutr7mhxrbiqrkt8tlq.xzone.no
|
3 | static.wellsfargo.com |
ywpe9v2jfwyogydzzaddswxbia6fpncmi9n8ipm4hl5eoutr7mhxrbiqrkt8tlq.xzone.no
static.wellsfargo.com |
2 | ywpe9v2jfwyogydzzaddswxbia6fpncmi9n8ipm4hl5eoutr7mhxrbiqrkt8tlq.xzone.no |
oam.wellsfargo.com
|
1 | rubicon.wellsfargo.com |
ywpe9v2jfwyogydzzaddswxbia6fpncmi9n8ipm4hl5eoutr7mhxrbiqrkt8tlq.xzone.no
|
14 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.wellsfargo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
oam.wellsfargo.com DigiCert EV RSA CA G2 |
2022-06-22 - 2023-06-22 |
a year | crt.sh |
static.wellsfargo.com DigiCert EV RSA CA G2 |
2022-05-24 - 2023-05-24 |
a year | crt.sh |
rubicon.wellsfargo.com Wells Fargo Public Trust Certification Authority 01 G2 |
2022-04-06 - 2023-04-06 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://ywpe9v2jfwyogydzzaddswxbia6fpncmi9n8ipm4hl5eoutr7mhxrbiqrkt8tlq.xzone.no/a/1/scd.html
Frame ID: 985377EAD3A5961E93F91B050B7B0D58
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
Wells Fargo - Change your usernameDetected technologies
AppDynamics (Analytics) ExpandDetected patterns
- adrum
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
8 Outgoing links
These are links going to different origins than the main page.
Title: About Wells Fargo
Search URL Search Domain Scan URL
Title: Online Access Agreement
Search URL Search Domain Scan URL
Title: Privacy, Cookies, Security & Legal
Search URL Search Domain Scan URL
Title: Notice of Data Collection
Search URL Search Domain Scan URL
Title: Report Email Fraud
Search URL Search Domain Scan URL
Title: Security Center
Search URL Search Domain Scan URL
Title: Sitemap
Search URL Search Domain Scan URL
Title: Ad Choices
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
scd.html
ywpe9v2jfwyogydzzaddswxbia6fpncmi9n8ipm4hl5eoutr7mhxrbiqrkt8tlq.xzone.no/a/1/ |
261 KB 261 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
theme.ssep.credential.remediation.css
oam.wellsfargo.com/oam/static/css/ssep/ |
85 KB 36 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
globalFooter.css
oam.wellsfargo.com/oam/static/css/global/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
adrum-ext.js
oam.wellsfargo.com/oam/static/js/appd/ |
45 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icn-nav-home-glob-18x17-000720-v01_00@1x.png
oam.wellsfargo.com/oam/images/ |
239 B 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icn-ind-confirm-customer-level-glob-36x28-000720-v01-00-@1x.png
oam.wellsfargo.com/oam/static/images/ |
271 B 1023 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
oam.wellsfargo.com/oam/static/js/ |
87 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nativeapp-bridge-min.js
oam.wellsfargo.com/oam/static/js/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
change.username.js
oam.wellsfargo.com/oam/static/js/combined/ |
45 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
43 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
395 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.js
static.wellsfargo.com/tracking/secure-auth/ |
35 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
89 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
adrum-ext.b4436be974de477658d4a93afb752165.js
ywpe9v2jfwyogydzzaddswxbia6fpncmi9n8ipm4hl5eoutr7mhxrbiqrkt8tlq.xzone.no/oam/static/js/appd/ |
808 B 1015 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.5.js
static.wellsfargo.com/tracking/secure-auth/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
detector-dom.min.js
static.wellsfargo.com/tracking/gb/ |
333 KB 102 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cls_report
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/ |
50 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)39 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation object| antiClickjack number| adrum-start-time object| adrum-config object| ADRUM function| $ function| jQuery object| nativeapp object| SSEPAjax object| SSEPLightbox object| SSEPTimeoutDialog object| Validation object| SSEPNavMenu object| SSEPChangeUsername string| nonce undefined| isNativeApp undefined| cachedSize undefined| setMinHeight object| utag_data number| inqSiteID boolean| utag_condload string| new_path object| utag_cfg_ovrd object| userAgentArr object| utag function| isNotUndefinedOrNull function| getDocumentTitleLabel function| sendDataToGA boolean| __tealium_twc_switch function| utag_pad function| utag_visitor_id object| _detector undefined| optimizely2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38 | Name: _cls_v Value: 30115fb9-3355-47c4-8ef1-602eded004bc |
|
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38 | Name: _cls_s Value: 3169a947-3e48-497d-a3c2-8946b551f47f:0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
oam.wellsfargo.com
rubicon.wellsfargo.com
static.wellsfargo.com
ywpe9v2jfwyogydzzaddswxbia6fpncmi9n8ipm4hl5eoutr7mhxrbiqrkt8tlq.xzone.no
159.45.2.178
159.45.2.180
67.23.254.254
95.101.23.205
00b2519c3ecb866ffc2be3565c3c5199ce0b8f07c7e627404a0253e73f00c83e
0b44ee80e827c63eb7c8d953a67dc158c6154bdb2fea0969175e898600ecc9d2
1905884317b7966c4f1751ee4cb9b3b1475e09dec8ffab9e6f5cc0a007c68d36
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23
5767a46778dd35b2beb9c0460def99d939c57d4ee349b47342c27d82e8d0bb43
5abf3d85672a57957d2399dc0d5eb7a0becf8235b521973be6cf7be72cbd64d7
721bd45c2dd46ac9372ff58395b4bb790f2b340251313ac6ebe7a0a45aff5e0d
87b6fcccb056c907e50541ce1f161a20fa8f5c98e089b61615596cf1744ddc07
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8e33419228d18b065817e0f34dfed2202cc29ca4401d434b0a442d0829633890
9a5e8cb8c0d7468337c96ba9de5c90701a038a135975b1f4444bde35cb0eb212
ae83aa0fd023bb0d3130a0572572f68f447a90b36c87d608702b353d1e3a8146
b78d57e1736f692e67a9f3e3762b84993e8984d3d7d72bc9a55e4913880ef3d7
c3eae7afa0de88591ea3db2996b72ba0592ae63f0b9e0ffca90f03bcdab4775a
c88f9e693aac54facd0bcabe4193977dc791ae30529a2771ae564f08ffdb9a6d
d760e3537667a9d208c2d46f5dbcbd8a1bbb818d868a0d46226b35eac7194558
ec04389b5b81da4ce01879e7bc68a8cc1fe2b912efb16b01ea511b80f923f79f
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d