shopdometal.com.br
Open in
urlscan Pro
189.90.130.236
Malicious Activity!
Public Scan
Submission: On May 01 via automatic, source openphish
Summary
This is the only time shopdometal.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 189.90.130.236 189.90.130.236 | 28195 (Com4 Data...) (Com4 Data Center Ltda EPP) | |
5 | 159.45.66.142 159.45.66.142 | 4196 (WELLSFARG...) (WELLSFARGO-4196 - Wells Fargo & Company) | |
5 | 2.21.246.179 2.21.246.179 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
11 | 3 |
ASN28195 (Com4 Data Center Ltda EPP, BR)
PTR: aguaenergy.com.br
shopdometal.com.br |
ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US)
PTR: static.wellsfargo.com
static.wellsfargo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
akamai.net
a248.e.akamai.net |
5 KB |
5 |
wellsfargo.com
static.wellsfargo.com |
|
1 |
shopdometal.com.br
shopdometal.com.br |
12 KB |
11 | 3 |
Domain | Requested by | |
---|---|---|
5 | a248.e.akamai.net |
shopdometal.com.br
|
5 | static.wellsfargo.com |
shopdometal.com.br
|
1 | shopdometal.com.br | |
11 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.wellsfargo.com |
online.wellsfargo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
static.wellsfargo.com Symantec Class 3 Secure Server CA - G4 |
2016-09-13 - 2017-09-14 |
a year | crt.sh |
a248.e.akamai.net Symantec Class 3 ECC 256 bit SSL CA - G2 |
2016-07-28 - 2017-07-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Frame ID: 10565.1
Requests: 11 HTTP requests in this frame
26 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Customer Service
Search URL Search Domain Scan URL
Title: Locations
Search URL Search Domain Scan URL
Title: Apply
Search URL Search Domain Scan URL
Title: Personal
Search URL Search Domain Scan URL
Title: Small Business
Search URL Search Domain Scan URL
Title: Commercial
Search URL Search Domain Scan URL
Title: Banking
Search URL Search Domain Scan URL
Title: Loans & Credit
Search URL Search Domain Scan URL
Title: Insurance
Search URL Search Domain Scan URL
Title: Investing
Search URL Search Domain Scan URL
Title: Online Banking Enrollment Questions
Search URL Search Domain Scan URL
Title: Online Security Guarantee
Search URL Search Domain Scan URL
Title: Privacy, Security & Legal
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Why do we need to know this?
Search URL Search Domain Scan URL
Title: Online Access Agreement
Search URL Search Domain Scan URL
Title: Important Notice on Trading in Fast Markets
Search URL Search Domain Scan URL
Title: Wachovia Account Access
Search URL Search Domain Scan URL
Title: About Wells Fargo
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: Report Email Fraud
Search URL Search Domain Scan URL
Title: Sitemap
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request 0- https://online.wellsfargo.com/das/common/styles/WEBstyle.css
- https://static.wellsfargo.com/online.wellsfargo.com/das/common/styles/WEBstyle.css
- https://online.wellsfargo.com/das/common/styles/WEBWIB.css
- https://static.wellsfargo.com/online.wellsfargo.com/das/common/styles/WEBWIB.css
- https://online.wellsfargo.com/das/common/scripts/wfwiblib.js
- https://static.wellsfargo.com/online.wellsfargo.com/das/common/scripts/wfwiblib.js
- https://online.wellsfargo.com/das/common/scripts/mediaplexROI.js
- https://static.wellsfargo.com/online.wellsfargo.com/das/common/scripts/mediaplexROI.js
- https://online.wellsfargo.com/das/common/styles/WEBprint.css
- https://static.wellsfargo.com/online.wellsfargo.com/das/common/styles/WEBprint.css
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
identity.php
shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/ |
12 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WEBstyle.css
static.wellsfargo.com/online.wellsfargo.com/das/common/styles/ Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WEBWIB.css
static.wellsfargo.com/online.wellsfargo.com/das/common/styles/ Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfwiblib.js
static.wellsfargo.com/online.wellsfargo.com/das/common/scripts/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_62sq.gif
a248.e.akamai.net/7/248/3608/bb61162e7a787f/online.wellsfargo.com/das/common/images/ |
616 B 616 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
coach.gif
a248.e.akamai.net/7/248/3608/53845d4a1846e7/online.wellsfargo.com/das/common/images/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shim.gif
a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/das/common/images/ |
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
al_search_btn.gif
a248.e.akamai.net/7/248/3608/99050a7dbe666d/online.wellsfargo.com/das/common/images/ |
285 B 285 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shim.gif
a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/common/images/ |
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mediaplexROI.js
static.wellsfargo.com/online.wellsfargo.com/das/common/scripts/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WEBprint.css
static.wellsfargo.com/online.wellsfargo.com/das/common/styles/ Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a248.e.akamai.net
shopdometal.com.br
static.wellsfargo.com
159.45.66.142
189.90.130.236
2.21.246.179
4d2ef55ea9a3fd9a2e096d9cb6fcfe5d4b102de152c8799c55d31c43ee9d35e0
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
a2d96e06f0931dc83fb7cc02392b5971d625bc3831b3f00e4736d35be1337d90
e05a15dad724ea72ab77012792e4fada1164176f39ab2c0fee9a46dae5996c87
ebf4a535fa6a88962621940e780ca0cd6707b6cdaed59f469f0aeada311d09d1