secure-verf-auth.serveusers.com Open in urlscan Pro
34.125.62.137 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ctzn-verf.us/Ge78h
Effective URL:
https://secure-verf-auth.serveusers.com/access.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1...
Submission: On January 26 via manual (January 26th 2022, 9:16:19 pm UTC) from US — Scanned from US

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 34.125.62.137, located in Las Vegas, United States and belongs to GOOGLE-PRIVATE-CLOUD, US. The main domain is secure-verf-auth.serveusers.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 21st 2022. Valid for: 3 months.

This is the only time secure-verf-auth.serveusers.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.71.236.171 167.71.236.171	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 12	34.125.62.137 34.125.62.137	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
2	23.192.5.150 23.192.5.150	16625 (AKAMAI-AS) (AKAMAI-AS)
13	3

1 167.71.236.171 (Bengaluru, India) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

ctzn-verf.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 34.125.62.137 (Las Vegas, United States) 1 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: 137.62.125.34.bc.googleusercontent.com

secure-verf-auth.serveusers.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.192.5.150 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-192-5-150.deploy.static.akamaitechnologies.com

www15.wellsfargomedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	serveusers.com 1 redirects secure-verf-auth.serveusers.com	518 KB
2	wellsfargomedia.com www15.wellsfargomedia.com — Cisco Umbrella Rank: 20566	45 KB
1	ctzn-verf.us 1 redirects ctzn-verf.us	583 B
13	3

	Domain	Requested by
12	secure-verf-auth.serveusers.com	1 redirects secure-verf-auth.serveusers.com
2	www15.wellsfargomedia.com	secure-verf-auth.serveusers.com
1	ctzn-verf.us	1 redirects
13	3

This site contains no links.

Subject Issuer	Validity	Valid
secure-verf-auth.serveusers.com cPanel, Inc. Certification Authority	`2022-01-21` - `2022-04-21`	3 months	crt.sh
www15.wellsfargomedia.com DigiCert SHA2 Secure Server CA	`2021-12-31` - `2023-01-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://secure-verf-auth.serveusers.com/access.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730
Frame ID: 7793EB42E7C9AD15D53ABC3F4D673250
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign On to View Your Personal Accounts

Page URL History Show full URLs

https://ctzn-verf.us/Ge78h HTTP 301
https://secure-verf-auth.serveusers.com/ HTTP 302
https://secure-verf-auth.serveusers.com/maccess.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a6... Page URL
https://secure-verf-auth.serveusers.com/access.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

562 kB
Transfer

571 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ctzn-verf.us/Ge78h HTTP 301
https://secure-verf-auth.serveusers.com/ HTTP 302
https://secure-verf-auth.serveusers.com/maccess.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730 Page URL
https://secure-verf-auth.serveusers.com/access.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://ctzn-verf.us/Ge78h HTTP 301
https://secure-verf-auth.serveusers.com/ HTTP 302
https://secure-verf-auth.serveusers.com/maccess.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730

13 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

maccess.php
secure-verf-auth.serveusers.com/
Redirect Chain

https://ctzn-verf.us/Ge78h
https://secure-verf-auth.serveusers.com/
https://secure-verf-auth.serveusers.com/maccess.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730

39 KB
40 KB

297ms
297ms

Document
text/html

34.125.62.137
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-verf-auth.serveusers.com/maccess.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.62.137 Las Vegas, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

137.62.125.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-US,en;q=0.9

Response headers

Date: Wed, 26 Jan 2022 21:16:14 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Wed, 26 Jan 2022 21:16:13 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: ./maccess.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK style1.css
secure-verf-auth.serveusers.com/css/ 123 KB
123 KB 242ms
126ms Stylesheet
text/css 34.125.62.137
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-verf-auth.serveusers.com/css/style1.css

Requested by

Host: secure-verf-auth.serveusers.com
URL: https://secure-verf-auth.serveusers.com/maccess.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.62.137 Las Vegas, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

137.62.125.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure-verf-auth.serveusers.com/maccess.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 26 Jan 2022 21:16:14 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 19 Aug 2021 12:02:42 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 125664
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK stll.css
secure-verf-auth.serveusers.com/css/ 54 KB
55 KB 298ms
160ms Stylesheet
text/css 34.125.62.137
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-verf-auth.serveusers.com/css/stll.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.62.137 Las Vegas, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

137.62.125.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure-verf-auth.serveusers.com/maccess.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 26 Jan 2022 21:16:14 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 19 Aug 2021 12:01:16 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 55726
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK icn-layer-svg.svg
secure-verf-auth.serveusers.com/images/ 5 KB
5 KB 115ms
114ms Image
image/svg+xml 34.125.62.137
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure-verf-auth.serveusers.com/images/icn-layer-svg.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.62.137 Las Vegas, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

137.62.125.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure-verf-auth.serveusers.com/maccess.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 26 Jan 2022 21:16:15 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 12 Nov 2019 02:34:16 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 5184
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Primary Request access.php Show response
secure-verf-auth.serveusers.com/ 35 KB
35 KB 490ms
352ms Document
text/html 34.125.62.137
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-verf-auth.serveusers.com/access.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.62.137 Las Vegas, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

137.62.125.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

91712ad7d24d357238567396236db36921564c8b7ac5ece2f75d019afa366452

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://secure-verf-auth.serveusers.com/maccess.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730

Response headers

Date: Wed, 26 Jan 2022 21:16:14 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK global.css
secure-verf-auth.serveusers.com/static/css/altLogin/ 20 KB
20 KB 216ms
216ms Stylesheet
text/css 34.125.62.137
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-verf-auth.serveusers.com/static/css/altLogin/global.css

Requested by

Host: secure-verf-auth.serveusers.com
URL: https://secure-verf-auth.serveusers.com/access.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.62.137 Las Vegas, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

137.62.125.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

8dbca82c7c6b96415fee4d0e7fdddaed8042de685bf3c5d087c3f67f41866668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure-verf-auth.serveusers.com/access.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 26 Jan 2022 21:16:15 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 10 Feb 2021 10:08:10 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 20260
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK ancd-header.css
secure-verf-auth.serveusers.com/static/css/altLogin/ 4 KB
4 KB 144ms
143ms Stylesheet
text/css 34.125.62.137
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-verf-auth.serveusers.com/static/css/altLogin/ancd-header.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.62.137 Las Vegas, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

137.62.125.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

7771de27489be5e0c7b06e07de4f30f7d4cfb7bb7e88dc93d792e19f89693ca3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure-verf-auth.serveusers.com/access.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 26 Jan 2022 21:16:15 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 15 Nov 2021 05:21:36 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 3691
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK content.css
secure-verf-auth.serveusers.com/static/css/altLogin/ 1 KB
2 KB 239ms
238ms Stylesheet
text/css 34.125.62.137
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-verf-auth.serveusers.com/static/css/altLogin/content.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.62.137 Las Vegas, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

137.62.125.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

884b051e0f59e244281c93d1bdc074a0496c99c9ab5a9d591eff90df22d685f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure-verf-auth.serveusers.com/access.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 26 Jan 2022 21:16:15 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 15 Aug 2021 22:40:06 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1479
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK wf-fonts.css
secure-verf-auth.serveusers.com/static/css/ 4 KB
4 KB 201ms
151ms Stylesheet
text/css 34.125.62.137
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-verf-auth.serveusers.com/static/css/wf-fonts.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.62.137 Las Vegas, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

137.62.125.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

3a80ebe861b93c47265b21bc70a9fa88fc95e76f39cb291ad05b24597446ef8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure-verf-auth.serveusers.com/access.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 26 Jan 2022 21:16:15 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 10 Feb 2021 10:08:12 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 3803
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK ncd-footer.css
secure-verf-auth.serveusers.com/static/css/altLogin/ 3 KB
3 KB 286ms
148ms Stylesheet
text/css 34.125.62.137
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-verf-auth.serveusers.com/static/css/altLogin/ncd-footer.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.62.137 Las Vegas, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

137.62.125.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

ed6ee05587907928e253a6176cf2e50ae1653f3f255bb1f95e8fe7a0946d2bcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure-verf-auth.serveusers.com/access.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 26 Jan 2022 21:16:15 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 15 Nov 2021 05:21:12 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3038
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK stgecoch_ylw_F1.svg
secure-verf-auth.serveusers.com/images/ 226 KB
227 KB 241ms
153ms Image
image/svg+xml 34.125.62.137
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure-verf-auth.serveusers.com/images/stgecoch_ylw_F1.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.62.137 Las Vegas, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

137.62.125.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

9843ab395fb4cf414353b03927156a9d38c3cc3157469afd9ee97f2058445e39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure-verf-auth.serveusers.com/access.php?token=40bb93eaf7feb835380bc5a662660f482e50217adc8c22906b3938b1a68b9f457cc331f868b4ce1e5109e79100b1e3f184dd2a42c2e7ff913396f9bb3406f730
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 26 Jan 2022 21:16:15 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 15 Aug 2021 22:34:04 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 231865
X-XSS-Protection: 1; mode=block

GET
DATA 200
OK truncated
/ 6 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f8cb039a63b11f207edf324bbfdabbbfaa2d421729785dca77020490c293185e

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d8401dffb0fbd458ce8332222f9a1d3431bcba86f9401debf60e7783242d4150

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 467 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5145f5faf6c1269bdd974357ed344b9cd5f4e4cea424c14dd302a9c11a206741

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b319b049366dde73690990738ac5af4fb9937d18abac85b01aaff185b5262868

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 889 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f7899cfdbc342decc4aeb0bae9ada39bfaa8ae3c687fc72119fca2efdf77dff2

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: df500743bbedcef7623fdf2ef0c05ca411437c6216674271f4cc8b32f910f96d

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 wellsfargosans-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ 22 KB
22 KB 131ms
5ms Font
font/woff2 23.192.5.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-rg.woff2

Requested by

Host: secure-verf-auth.serveusers.com
URL: https://secure-verf-auth.serveusers.com/static/css/wf-fonts.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.192.5.150 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-192-5-150.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure-verf-auth.serveusers.com/
Origin: https://secure-verf-auth.serveusers.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
last-modified: Tue, 26 Feb 2019 19:38:34 GMT
server: KONICHIWA/2.0
etag: "5798-582d133e56280"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
date: Wed, 26 Jan 2022 21:16:15 GMT
accept-ranges: bytes
content-length: 22424
x-xss-protection: 1; mode=block
expires: Thu, 26 Jan 2023 21:16:15 GMT

GET
H2 200 wellsfargosans-sbd.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ 22 KB
22 KB 144ms
23ms Font
font/woff2 23.192.5.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-sbd.woff2

Requested by

Host: secure-verf-auth.serveusers.com
URL: https://secure-verf-auth.serveusers.com/static/css/wf-fonts.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.192.5.150 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-192-5-150.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure-verf-auth.serveusers.com/
Origin: https://secure-verf-auth.serveusers.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
last-modified: Tue, 26 Feb 2019 19:38:34 GMT
server: KONICHIWA/2.0
etag: "5848-582d133e56280"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
date: Wed, 26 Jan 2022 21:16:15 GMT
accept-ranges: bytes
content-length: 22600
x-xss-protection: 1; mode=block
expires: Thu, 26 Jan 2023 21:16:15 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| animateLabel function| removeAnimation

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ctzn-verf.us/	1969-12-31 23:59:59	Name: PHPSESSID Value: ncbbfpsogjav2l66cr4qdqtt11
ctzn-verf.us/	1970-01-20 00:27:13	Name: short_Ge78h Value: 1
secure-verf-auth.serveusers.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 7ac044f665dada5bbfeb4d468aae7935

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ctzn-verf.us
secure-verf-auth.serveusers.com
www15.wellsfargomedia.com
167.71.236.171
23.192.5.150
34.125.62.137
3a80ebe861b93c47265b21bc70a9fa88fc95e76f39cb291ad05b24597446ef8e
5145f5faf6c1269bdd974357ed344b9cd5f4e4cea424c14dd302a9c11a206741
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
7771de27489be5e0c7b06e07de4f30f7d4cfb7bb7e88dc93d792e19f89693ca3
884b051e0f59e244281c93d1bdc074a0496c99c9ab5a9d591eff90df22d685f6
8dbca82c7c6b96415fee4d0e7fdddaed8042de685bf3c5d087c3f67f41866668
91712ad7d24d357238567396236db36921564c8b7ac5ece2f75d019afa366452
9843ab395fb4cf414353b03927156a9d38c3cc3157469afd9ee97f2058445e39
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
b319b049366dde73690990738ac5af4fb9937d18abac85b01aaff185b5262868
d8401dffb0fbd458ce8332222f9a1d3431bcba86f9401debf60e7783242d4150
df500743bbedcef7623fdf2ef0c05ca411437c6216674271f4cc8b32f910f96d
ed6ee05587907928e253a6176cf2e50ae1653f3f255bb1f95e8fe7a0946d2bcb
f7899cfdbc342decc4aeb0bae9ada39bfaa8ae3c687fc72119fca2efdf77dff2
f8cb039a63b11f207edf324bbfdabbbfaa2d421729785dca77020490c293185e

secure-verf-auth.serveusers.com Open in urlscan Pro 34.125.62.137 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

562 kBTransfer

571 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

3 Cookies

Security Headers

Indicators

secure-verf-auth.serveusers.com Open in urlscan Pro
34.125.62.137 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

562 kB
Transfer

571 kB
Size

3
Cookies

13 HTTP transactions
6 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!