shopdometal.com.br Open in urlscan Pro
189.90.130.236 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Submission: On May 01 via automatic, source openphish (May 1st 2017, 3:32:07 am UTC)

Summary HTTP 11 Redirects Links 26 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 11 HTTP transactions. The main IP is 189.90.130.236, located in Franca, Brazil and belongs to Com4 Data Center Ltda EPP, BR. The main domain is shopdometal.com.br.

This is the only time shopdometal.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	189.90.130.236 189.90.130.236	28195 (Com4 Data...) (Com4 Data Center Ltda EPP)
5	159.45.66.142 159.45.66.142	4196 (WELLSFARG...) (WELLSFARGO-4196 - Wells Fargo & Company)
5	2.21.246.179 2.21.246.179	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
11	3

1 189.90.130.236 (Franca, Brazil)

ASN28195 (Com4 Data Center Ltda EPP, BR)
PTR: aguaenergy.com.br

shopdometal.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 159.45.66.142 (Saint Louis, United States)

ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US)
PTR: static.wellsfargo.com

static.wellsfargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.21.246.179 (Austria)

ASN20940 (AKAMAI-ASN1, US)

a248.e.akamai.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	akamai.net a248.e.akamai.net	5 KB
5	wellsfargo.com static.wellsfargo.com
1	shopdometal.com.br shopdometal.com.br	12 KB
11	3

	Domain	Requested by
5	a248.e.akamai.net	shopdometal.com.br
5	static.wellsfargo.com	shopdometal.com.br
1	shopdometal.com.br
11	3

This site contains links to these domains. Also see Links.

Domain
www.wellsfargo.com
online.wellsfargo.com

Subject Issuer	Validity	Valid
static.wellsfargo.com Symantec Class 3 Secure Server CA - G4	`2016-09-13` - `2017-09-14`	a year	crt.sh
a248.e.akamai.net Symantec Class 3 ECC 256 bit SSL CA - G2	`2016-07-28` - `2017-07-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Frame ID: 10565.1
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

11
Requests

91 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

17 kB
Transfer

17 kB
Size

0
Cookies

26 Outgoing links

These are links going to different origins than the main page.

URL: https://www.wellsfargo.com/
Title:

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/auxiliary_access/aa_talkatmloc

Search URL Search Domain Scan URL

URL: https://online.wellsfargo.com/das/channel/enrollDisplay?LOB=CONS&OFFERCODE=WEB#skip

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/help/
Title: Customer Service

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/locator/
Title: Locations

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/products_services/applications_viewall.jhtml
Title: Apply

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/home
Title: Personal

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/biz/
Title: Small Business

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/com/comintro
Title: Commercial

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/per/more/banking
Title: Banking

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/per/more/loans_credit
Title: Loans & Credit

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/insurance/
Title: Insurance

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/investing/more
Title: Investing

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/help/enroll.jhtml
Title: Online Banking Enrollment Questions

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/privacy_security/online/guarantee
Title: Online Security Guarantee

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/privacy_security/
Title: Privacy, Security & Legal

Search URL Search Domain Scan URL

URL: https://online.wellsfargo.com/das/channel/helpText?key=fieldhelp_EnrollmentTaxIdentificationNumber
Title: Help

Search URL Search Domain Scan URL

URL: https://online.wellsfargo.com/das/channel/helpText?key=fieldhelp_AccountAtmCard
Title: Help

Search URL Search Domain Scan URL

URL: https://online.wellsfargo.com/das/channel/helpText?key=fieldhelp_EnrollEMailAddress
Title: Why do we need to know this?

Search URL Search Domain Scan URL

URL: https://online.wellsfargo.com/das/common/html/wibdisc.html
Title: Online Access Agreement

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/online_brokerage/education/trading/volatile/index.jhtml
Title: Important Notice on Trading in Fast Markets

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/wachovia/access
Title: Wachovia Account Access

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/about/about
Title: About Wells Fargo

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/privacy_security/fraud/report/fraud
Title: Report Email Fraud

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/sitemap
Title: Sitemap

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request 0

https://online.wellsfargo.com/das/common/styles/WEBstyle.css
https://static.wellsfargo.com/online.wellsfargo.com/das/common/styles/WEBstyle.css

Request 1

https://online.wellsfargo.com/das/common/styles/WEBWIB.css
https://static.wellsfargo.com/online.wellsfargo.com/das/common/styles/WEBWIB.css

Request 2

https://online.wellsfargo.com/das/common/scripts/wfwiblib.js
https://static.wellsfargo.com/online.wellsfargo.com/das/common/scripts/wfwiblib.js

Request 8

https://online.wellsfargo.com/das/common/scripts/mediaplexROI.js
https://static.wellsfargo.com/online.wellsfargo.com/das/common/scripts/mediaplexROI.js

Request 9

https://online.wellsfargo.com/das/common/styles/WEBprint.css
https://static.wellsfargo.com/online.wellsfargo.com/das/common/styles/WEBprint.css

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request identity.php Show response
shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/ 12 KB
12 KB 736ms
281ms Document
text/html 189.90.130.236
Com4 Data Center ...

General

Check archive.org

Show headers Download Go to

Full URL: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Protocol: HTTP/1.1
Server: 189.90.130.236 Franca, Brazil, ASN28195 (Com4 Data Center Ltda EPP, BR),
Reverse DNS: aguaenergy.com.br
Software: Apache /
Resource Hash: a2d96e06f0931dc83fb7cc02392b5971d625bc3831b3f00e4736d35be1337d90

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: shopdometal.com.br
Accept-Language: en-US,en;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Cache-Control: no-cache
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date: Mon, 01 May 2017 03:31:51 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1

404
Not found

WEBstyle.css
static.wellsfargo.com/online.wellsfargo.com/das/common/styles/
Redirect Chain

https://online.wellsfargo.com/das/common/styles/WEBstyle.css
https://static.wellsfargo.com/online.wellsfargo.com/das/common/styles/WEBstyle.css

0
0

530ms
119ms

Stylesheet
text/html

159.45.66.142
Wells Fargo & Com...

General

Check archive.org

Show headers Download Go to

Full URL

https://static.wellsfargo.com/online.wellsfargo.com/das/common/styles/WEBstyle.css

Requested by

Host: shopdometal.com.br
URL: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

159.45.66.142 Saint Louis, United States, ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US),

Reverse DNS

static.wellsfargo.com

Software

KONICHIWA/2.0 /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch, br
Host: static.wellsfargo.com
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date: Mon, 01 May 2017 03:31:56 GMT
Content-encoding: gzip
Transfer-encoding: chunked
Server: KONICHIWA/2.0
X-frame-options: SAMEORIGIN
Vary: accept-encoding
Content-type: text/html

Redirect headers

Location: https://static.wellsfargo.com/online.wellsfargo.com/das/common/styles/WEBstyle.css
Cache-control: no-cache
Connection: close
Content-Length: 0

GET
H/1.1

404
Not found

WEBWIB.css
static.wellsfargo.com/online.wellsfargo.com/das/common/styles/
Redirect Chain

https://online.wellsfargo.com/das/common/styles/WEBWIB.css
https://static.wellsfargo.com/online.wellsfargo.com/das/common/styles/WEBWIB.css

0
0

528ms
119ms

Stylesheet
text/html

159.45.66.142
Wells Fargo & Com...

General

Check archive.org

Show headers Download Go to

Full URL

https://static.wellsfargo.com/online.wellsfargo.com/das/common/styles/WEBWIB.css

Requested by

Host: shopdometal.com.br
URL: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

159.45.66.142 Saint Louis, United States, ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US),

Reverse DNS

static.wellsfargo.com

Software

KONICHIWA/2.0 /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch, br
Host: static.wellsfargo.com
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date: Mon, 01 May 2017 03:31:56 GMT
Content-encoding: gzip
Transfer-encoding: chunked
Server: KONICHIWA/2.0
X-frame-options: SAMEORIGIN
Vary: accept-encoding
Content-type: text/html

Redirect headers

Location: https://static.wellsfargo.com/online.wellsfargo.com/das/common/styles/WEBWIB.css
Cache-control: no-cache
Connection: close
Content-Length: 0

GET
H/1.1

404
Not found

wfwiblib.js
static.wellsfargo.com/online.wellsfargo.com/das/common/scripts/
Redirect Chain

https://online.wellsfargo.com/das/common/scripts/wfwiblib.js
https://static.wellsfargo.com/online.wellsfargo.com/das/common/scripts/wfwiblib.js

0
0

528ms
123ms

Script
text/html

159.45.66.142
Wells Fargo & Com...

General

Check archive.org

Show headers Download Go to

Full URL

https://static.wellsfargo.com/online.wellsfargo.com/das/common/scripts/wfwiblib.js

Requested by

Host: shopdometal.com.br
URL: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

159.45.66.142 Saint Louis, United States, ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US),

Reverse DNS

static.wellsfargo.com

Software

KONICHIWA/2.0 /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch, br
Host: static.wellsfargo.com
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept: */*
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date: Mon, 01 May 2017 03:31:56 GMT
Content-encoding: gzip
Transfer-encoding: chunked
Server: KONICHIWA/2.0
X-frame-options: SAMEORIGIN
Vary: accept-encoding
Content-type: text/html

Redirect headers

Location: https://static.wellsfargo.com/online.wellsfargo.com/das/common/scripts/wfwiblib.js
Cache-control: no-cache
Connection: close
Content-Length: 0

GET
H/1.1 200
OK logo_62sq.gif
a248.e.akamai.net/7/248/3608/bb61162e7a787f/online.wellsfargo.com/das/common/images/ 616 B
616 B 57ms
38ms Image
image/gif 2.21.246.179
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a248.e.akamai.net/7/248/3608/bb61162e7a787f/online.wellsfargo.com/das/common/images/logo_62sq.gif
Requested by: Host: shopdometal.com.br
URL: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.21.246.179 , Austria, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: KONICHIWA/2.0 /
Resource Hash: ebf4a535fa6a88962621940e780ca0cd6707b6cdaed59f469f0aeada311d09d1

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch, br
Host: a248.e.akamai.net
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date: Mon, 01 May 2017 03:31:56 GMT
Last-Modified: Fri, 24 Jun 2016 05:47:31 GMT
Server: KONICHIWA/2.0
ETag: "268-576cc973"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 616

GET
H/1.1 200
OK coach.gif
a248.e.akamai.net/7/248/3608/53845d4a1846e7/online.wellsfargo.com/das/common/images/ 4 KB
4 KB 63ms
43ms Image
image/gif 2.21.246.179
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a248.e.akamai.net/7/248/3608/53845d4a1846e7/online.wellsfargo.com/das/common/images/coach.gif
Requested by: Host: shopdometal.com.br
URL: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.21.246.179 , Austria, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: KONICHIWA/2.0 /
Resource Hash: 4d2ef55ea9a3fd9a2e096d9cb6fcfe5d4b102de152c8799c55d31c43ee9d35e0

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch, br
Host: a248.e.akamai.net
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date: Mon, 01 May 2017 03:31:56 GMT
Last-Modified: Fri, 24 Jun 2016 05:47:57 GMT
Server: KONICHIWA/2.0
ETag: "f8d-576cc98d"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3981

GET
H/1.1 200
OK shim.gif
a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/das/common/images/ 43 B
43 B 58ms
39ms Image
image/gif 2.21.246.179
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/das/common/images/shim.gif
Requested by: Host: shopdometal.com.br
URL: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.21.246.179 , Austria, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: KONICHIWA/2.0 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch, br
Host: a248.e.akamai.net
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date: Mon, 01 May 2017 03:31:56 GMT
Last-Modified: Fri, 24 Jun 2016 05:47:51 GMT
Server: KONICHIWA/2.0
ETag: "2b-576cc987"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43

GET
H/1.1 200
OK al_search_btn.gif
a248.e.akamai.net/7/248/3608/99050a7dbe666d/online.wellsfargo.com/das/common/images/ 285 B
285 B 64ms
45ms Image
image/gif 2.21.246.179
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a248.e.akamai.net/7/248/3608/99050a7dbe666d/online.wellsfargo.com/das/common/images/al_search_btn.gif
Requested by: Host: shopdometal.com.br
URL: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.21.246.179 , Austria, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: KONICHIWA/2.0 /
Resource Hash: e05a15dad724ea72ab77012792e4fada1164176f39ab2c0fee9a46dae5996c87

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch, br
Host: a248.e.akamai.net
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date: Mon, 01 May 2017 03:31:56 GMT
Last-Modified: Fri, 24 Jun 2016 05:48:16 GMT
Server: KONICHIWA/2.0
ETag: "11d-576cc9a0"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 285

GET
H/1.1 200
OK shim.gif
a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/common/images/ 43 B
43 B 51ms
32ms Image
image/gif 2.21.246.179
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/common/images/shim.gif
Requested by: Host: shopdometal.com.br
URL: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.21.246.179 , Austria, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: KONICHIWA/2.0 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch, br
Host: a248.e.akamai.net
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date: Mon, 01 May 2017 03:31:56 GMT
Last-Modified: Fri, 24 Jun 2016 05:47:51 GMT
Server: KONICHIWA/2.0
ETag: "2b-576cc987"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43

GET
H/1.1

404
Not found

mediaplexROI.js
static.wellsfargo.com/online.wellsfargo.com/das/common/scripts/
Redirect Chain

https://online.wellsfargo.com/das/common/scripts/mediaplexROI.js
https://static.wellsfargo.com/online.wellsfargo.com/das/common/scripts/mediaplexROI.js

0
0

119ms
119ms

Script
text/html

159.45.66.142
Wells Fargo & Com...

General

Check archive.org

Show headers Download Go to

Full URL

https://static.wellsfargo.com/online.wellsfargo.com/das/common/scripts/mediaplexROI.js

Requested by

Host: shopdometal.com.br
URL: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

159.45.66.142 Saint Louis, United States, ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US),

Reverse DNS

static.wellsfargo.com

Software

KONICHIWA/2.0 /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch, br
Host: static.wellsfargo.com
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept: */*
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date: Mon, 01 May 2017 03:31:57 GMT
Content-encoding: gzip
Transfer-encoding: chunked
Server: KONICHIWA/2.0
X-frame-options: SAMEORIGIN
Vary: accept-encoding
Content-type: text/html

Redirect headers

Location: https://static.wellsfargo.com/online.wellsfargo.com/das/common/scripts/mediaplexROI.js
Cache-control: no-cache
Connection: close
Content-Length: 0

GET
H/1.1

404
Not found

WEBprint.css
static.wellsfargo.com/online.wellsfargo.com/das/common/styles/
Redirect Chain

https://online.wellsfargo.com/das/common/styles/WEBprint.css
https://static.wellsfargo.com/online.wellsfargo.com/das/common/styles/WEBprint.css

0
0

123ms
122ms

Stylesheet
text/html

159.45.66.142
Wells Fargo & Com...

General

Check archive.org

Show headers Download Go to

Full URL

https://static.wellsfargo.com/online.wellsfargo.com/das/common/styles/WEBprint.css

Requested by

Host: shopdometal.com.br
URL: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

159.45.66.142 Saint Louis, United States, ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US),

Reverse DNS

static.wellsfargo.com

Software

KONICHIWA/2.0 /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch, br
Host: static.wellsfargo.com
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://shopdometal.com.br/catalog/controller/common/desane07.lina98.Refix091.876done.sign.on.wells.fargo.com/identity.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date: Mon, 01 May 2017 03:31:57 GMT
Content-encoding: gzip
Transfer-encoding: chunked
Server: KONICHIWA/2.0
X-frame-options: SAMEORIGIN
Vary: accept-encoding
Content-type: text/html

Redirect headers

Location: https://static.wellsfargo.com/online.wellsfargo.com/das/common/styles/WEBprint.css
Cache-control: no-cache
Connection: close
Content-Length: 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a248.e.akamai.net
shopdometal.com.br
static.wellsfargo.com
159.45.66.142
189.90.130.236
2.21.246.179
4d2ef55ea9a3fd9a2e096d9cb6fcfe5d4b102de152c8799c55d31c43ee9d35e0
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
a2d96e06f0931dc83fb7cc02392b5971d625bc3831b3f00e4736d35be1337d90
e05a15dad724ea72ab77012792e4fada1164176f39ab2c0fee9a46dae5996c87
ebf4a535fa6a88962621940e780ca0cd6707b6cdaed59f469f0aeada311d09d1

shopdometal.com.br Open in urlscan Pro 189.90.130.236 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

11 Requests

91 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

17 kBTransfer

17 kBSize

0 Cookies

26 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

shopdometal.com.br Open in urlscan Pro
189.90.130.236 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

91 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

17 kB
Transfer

17 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!