www.majudev.net - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 194.33.116.77, located in Krakow, Poland and belongs to FIBERTECH, PL. The main domain is www.majudev.net.

This is the only time www.majudev.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address		AS Autonomous System
6	194.33.116.77 194.33.116.77		50481 (FIBERTECH) (FIBERTECH)
6	1

6 194.33.116.77 (Krakow, Poland)

ASN50481 (FIBERTECH, PL)
PTR: ip-194-33-116-77.solisnet.pl

www.majudev.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	majudev.net www.majudev.net	684 KB
6	1

	Domain	Requested by
6	www.majudev.net	www.majudev.net
6	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/wiret.html?check=yes&denation=nba/accountopening/ApplicatStartup/Applinow5inpage&update=&cookiecheck=
Frame ID: 5330167C971080B816C94B29EE1AF9E1
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/index.html Page URL
http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/wiret.html?check=yes&denation=nba/accoun... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

6
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

684 kB
Transfer

684 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/index.html Page URL
http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/wiret.html?check=yes&denation=nba/accountopening/ApplicatStartup/Applinow5inpage&update=&cookiecheck= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	index.html Show response www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/	174 B 485 B	354ms 148ms	Document text/html	194.33.116.77 FIBERTECH
General Check archive.org Show headers Download Go to Full URL http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/index.html Protocol HTTP/1.1 Server 194.33.116.77 Krakow, Poland, ASN50481 (FIBERTECH, PL), Reverse DNS ip-194-33-116-77.solisnet.pl Software Apache / Resource Hash `beadf4b105635eb301a0cc98e65371e383b72183dac9eab85f477fda2340a166` Request headers Host www.majudev.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 26 May 2020 12:55:29 GMT Server Apache Last-Modified Mon, 29 Apr 2019 22:49:54 GMT ETag "ae-587b31a518880-gzip" Accept-Ranges bytes Vary Accept-Encoding Content-Encoding gzip Content-Length 165 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	Primary Request wiret.html Show response www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/	3 KB 2 KB	95ms 95ms	Document text/html	194.33.116.77 FIBERTECH
General Check archive.org Show headers Download Go to Full URL http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/wiret.html?check=yes&denation=nba/accountopening/ApplicatStartup/Applinow5inpage&update=&cookiecheck= Protocol HTTP/1.1 Server 194.33.116.77 Krakow, Poland, ASN50481 (FIBERTECH, PL), Reverse DNS ip-194-33-116-77.solisnet.pl Software Apache / Resource Hash `06da32f6e9dd3d137f66bf3d77b0b73a2dae9e7c735ffa057f5ee5544bc82b72` Request headers Host www.majudev.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/index.html Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/index.html Response headers Date Tue, 26 May 2020 12:55:29 GMT Server Apache Last-Modified Thu, 06 Feb 2020 18:33:26 GMT ETag "c24-59dec82366980-gzip" Accept-Ranges bytes Vary Accept-Encoding Content-Encoding gzip Content-Length 1273 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	head.png www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/img/	10 KB 10 KB	84ms 83ms	Image image/png	194.33.116.77 FIBERTECH
General Check archive.org Show headers Download Go to Show image Full URL http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/img/head.png Requested by Host: www.majudev.net URL: http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/wiret.html?check=yes&denation=nba/accountopening/ApplicatStartup/Applinow5inpage&update=&cookiecheck= Protocol HTTP/1.1 Server 194.33.116.77 Krakow, Poland, ASN50481 (FIBERTECH, PL), Reverse DNS ip-194-33-116-77.solisnet.pl Software Apache / Resource Hash `ac26d22a651dfeb9d391d18a0ae114be3dd0c98d873d4e3f0807442b1332faff` Request headers Referer http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/wiret.html?check=yes&denation=nba/accountopening/ApplicatStartup/Applinow5inpage&update=&cookiecheck= User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 26 May 2020 12:55:30 GMT Last-Modified Thu, 06 Feb 2020 18:05:18 GMT Server Apache ETag "26a5-59dec1d999380" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 9893
GET H/1.1	200 OK	nti.png www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/img/	401 KB 401 KB	174ms 162ms	Image image/png	194.33.116.77 FIBERTECH
General Check archive.org Show headers Download Go to Show image Full URL http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/img/nti.png Requested by Host: www.majudev.net URL: http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/wiret.html?check=yes&denation=nba/accountopening/ApplicatStartup/Applinow5inpage&update=&cookiecheck= Protocol HTTP/1.1 Server 194.33.116.77 Krakow, Poland, ASN50481 (FIBERTECH, PL), Reverse DNS ip-194-33-116-77.solisnet.pl Software Apache / Resource Hash `490d51550e35e9d3ac42dda5fa3c51be0e906b1c6f7bee62168327d72a1e35ca` Request headers Referer http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/wiret.html?check=yes&denation=nba/accountopening/ApplicatStartup/Applinow5inpage&update=&cookiecheck= User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 26 May 2020 12:55:30 GMT Last-Modified Thu, 06 Feb 2020 18:21:16 GMT Server Apache ETag "6431e-59dec56b37f00" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 410398
GET H/1.1	200 OK	itc.png www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/img/	224 KB 224 KB	180ms 168ms	Image image/png	194.33.116.77 FIBERTECH
General Check archive.org Show headers Download Go to Show image Full URL http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/img/itc.png Requested by Host: www.majudev.net URL: http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/wiret.html?check=yes&denation=nba/accountopening/ApplicatStartup/Applinow5inpage&update=&cookiecheck= Protocol HTTP/1.1 Server 194.33.116.77 Krakow, Poland, ASN50481 (FIBERTECH, PL), Reverse DNS ip-194-33-116-77.solisnet.pl Software Apache / Resource Hash `2b53388e5ef3eca068d0df6aa511a3625ed138483817e8ce8bf621840dffccbf` Request headers Referer http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/wiret.html?check=yes&denation=nba/accountopening/ApplicatStartup/Applinow5inpage&update=&cookiecheck= User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 26 May 2020 12:55:30 GMT Last-Modified Sun, 28 Apr 2019 00:16:08 GMT Server Apache ETag "37fae-5878c1307c200" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 229294
GET H/1.1	200 OK	123.png www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/img/	47 KB 47 KB	174ms 162ms	Image image/png	194.33.116.77 FIBERTECH
General Check archive.org Show headers Download Go to Show image Full URL http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/img/123.png Requested by Host: www.majudev.net URL: http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/wiret.html?check=yes&denation=nba/accountopening/ApplicatStartup/Applinow5inpage&update=&cookiecheck= Protocol HTTP/1.1 Server 194.33.116.77 Krakow, Poland, ASN50481 (FIBERTECH, PL), Reverse DNS ip-194-33-116-77.solisnet.pl Software Apache / Resource Hash `7b6bfb86603749a6d9f65c16ee0144969e9c97e222fb6e775121ef912b161cd1` Request headers Referer http://www.majudev.net/upload/uploads/ogbl/wfargo/wellsrgo/wiret.html?check=yes&denation=nba/accountopening/ApplicatStartup/Applinow5inpage&update=&cookiecheck= User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Tue, 26 May 2020 12:55:30 GMT Last-Modified Thu, 06 Feb 2020 18:24:08 GMT Server Apache ETag "ba4b-59dec60f40200" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 47691

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| unhideBody

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.majudev.net
194.33.116.77
06da32f6e9dd3d137f66bf3d77b0b73a2dae9e7c735ffa057f5ee5544bc82b72
2b53388e5ef3eca068d0df6aa511a3625ed138483817e8ce8bf621840dffccbf
490d51550e35e9d3ac42dda5fa3c51be0e906b1c6f7bee62168327d72a1e35ca
7b6bfb86603749a6d9f65c16ee0144969e9c97e222fb6e775121ef912b161cd1
ac26d22a651dfeb9d391d18a0ae114be3dd0c98d873d4e3f0807442b1332faff
beadf4b105635eb301a0cc98e65371e383b72183dac9eab85f477fda2340a166

www.majudev.net Open in urlscan Pro 194.33.116.77 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

684 kBTransfer

684 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

www.majudev.net Open in urlscan Pro
194.33.116.77 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

684 kB
Transfer

684 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!