urlscan.io logo urlscan.io
SecurityTrails logo

www.slepune.com Open in urlscan Pro
108.179.246.153  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://www.slepune.com/Gupdate.shtml
Submission: On November 07 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 19 HTTP transactions. The main IP is 108.179.246.153, located in Houston, United States and belongs to CYRUSONE - CyrusOne LLC, US. The main domain is www.slepune.com.
This is the only time www.slepune.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

IP Address AS Autonomous System
2 108.179.246.153 20013 (CYRUSONE)
17 159.45.2.180 10837 (WELLSFARG...)
19 2
Apex Domain
Subdomains		 Transfer
17 wellsfargo.com
oam.wellsfargo.com
210 KB
2 slepune.com
www.slepune.com
3 KB
19 2
Domain Requested by
17 oam.wellsfargo.com www.slepune.com
oam.wellsfargo.com
2 www.slepune.com www.slepune.com
19 2

This site contains links to these domains. Also see Links.

Domain
www.wellsfargo.com
oam.wellsfargo.com
Subject Issuer Validity Valid
oam.wellsfargo.com
Symantec Class 3 Secure Server CA - G4		 2017-01-31 -
2019-02-01		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://www.slepune.com/Gupdate.shtml
Frame ID: 32570.1
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js/i

Page Statistics

19
Requests

89 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

213 kB
Transfer

221 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Gupdate.shtml
www.slepune.com/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.slepune.com/Gupdate.shtml
Protocol
HTTP/1.1
Server
108.179.246.153 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
5ee8c04964e3adb5a4c2adc3b09c8b43e0aec29a06b885841b5a8abd4725794a

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.slepune.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Connection
keep-alive
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Tue, 07 Nov 2017 11:32:20 GMT
Content-Encoding
gzip
Server
nginx/1.12.2
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html
Cookie set app_utilities.js
oam.wellsfargo.com/oam/js/ 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oam.wellsfargo.com/oam/js/app_utilities.js
Requested by
Host: www.slepune.com
URL: http://www.slepune.com/Gupdate.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
9c064d95e894fd7c1319e38d866cf3804eb23b15dcec2cda7f64995c475e6341
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
oam.wellsfargo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
*/*
Referer
http://www.slepune.com/Gupdate.shtml
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.slepune.com/Gupdate.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2017 15:13:36 GMT
Server
KONICHIWA/1.1
ETag
W/"11211-1507216416000"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Date
Tue, 07 Nov 2017 11:32:21 GMT
Set-Cookie
ISD_TF_COOKIE=Sp+4mMf/seds45HdEKbvYERruKUAbWxsUhVG6Gep0qQzr2Xv3GbXin4ktDIFMPcBW3D5PsIrwkXUpjIAAAAB;Secure; path=/; domain=oam.wellsfargo.com; HttpOnly
Accept-Ranges
bytes
Content-Length
11211
X-XSS-Protection
1; mode=block
Cookie set tip.js
oam.wellsfargo.com/oam/js/ 		10 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oam.wellsfargo.com/oam/js/tip.js
Requested by
Host: www.slepune.com
URL: http://www.slepune.com/Gupdate.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
b43470dd93c5f557f45099eb4ce2efd000176e3071e50bebae2b80fd52461468
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
oam.wellsfargo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
*/*
Referer
http://www.slepune.com/Gupdate.shtml
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.slepune.com/Gupdate.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2017 15:13:36 GMT
Server
KONICHIWA/1.1
ETag
W/"10578-1507216416000"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Date
Tue, 07 Nov 2017 11:32:21 GMT
Set-Cookie
ISD_TF_COOKIE=hVLpjHBjEQVUjBPdEKbvYERruKUAbfrm7fVJq/HOx6cvjQFtrv1xUZxtWkLnNJVC++SohQxGHWrJxEMAAAAB;Secure; path=/; domain=oam.wellsfargo.com; HttpOnly
Accept-Ranges
bytes
Content-Length
10578
X-XSS-Protection
1; mode=block
Cookie set vudu.css
oam.wellsfargo.com/oam/css/ 		26 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://oam.wellsfargo.com/oam/css/vudu.css
Requested by
Host: www.slepune.com
URL: http://www.slepune.com/Gupdate.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
a5334207569b388a6ad7d23efca5a43eaf81a3e351d838260ba1817b1378f1fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
oam.wellsfargo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.slepune.com/Gupdate.shtml
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.slepune.com/Gupdate.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2017 15:13:36 GMT
Server
KONICHIWA/1.1
ETag
W/"26484-1507216416000"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Date
Tue, 07 Nov 2017 11:32:21 GMT
Set-Cookie
ISD_TF_COOKIE=VP3Ju2oUP9DF1mHdEKbvYERruKUAbY5Yn/x4cipS9V/0TJEIk41/QubesAM4WHDutaUfmyR/thGEvIAAAAAB;Secure; path=/; domain=oam.wellsfargo.com; HttpOnly
Accept-Ranges
bytes
Content-Length
26484
X-XSS-Protection
1; mode=block
Cookie set wibscreen.css
oam.wellsfargo.com/oam/css/ 		34 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://oam.wellsfargo.com/oam/css/wibscreen.css
Requested by
Host: www.slepune.com
URL: http://www.slepune.com/Gupdate.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
3bc0da7d0fc015552a3ecc2510865348b81b3a1c402ebf00c85c42beacd33fa1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
oam.wellsfargo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.slepune.com/Gupdate.shtml
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.slepune.com/Gupdate.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2017 15:13:36 GMT
Server
KONICHIWA/1.1
ETag
W/"34427-1507216416000"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Date
Tue, 07 Nov 2017 11:32:21 GMT
Set-Cookie
ISD_TF_COOKIE=HpkghaFOC/jnXxLdEKbvYERruKUAbRvlxz+j24fbkrlmfswuVeTiDFCMRhdWcjArXtzZmLWDKRxd8O4AAAAB;Secure; path=/; domain=oam.wellsfargo.com; HttpOnly
Accept-Ranges
bytes
Content-Length
34427
X-XSS-Protection
1; mode=block
Cookie set oam.css
oam.wellsfargo.com/oam/css/ 		17 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://oam.wellsfargo.com/oam/css/oam.css
Requested by
Host: www.slepune.com
URL: http://www.slepune.com/Gupdate.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
fdd70c69ee2891c119d78245e0171dc399e23ec933b7bc78cf3014dbf3dc0024
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
oam.wellsfargo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.slepune.com/Gupdate.shtml
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.slepune.com/Gupdate.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2017 15:13:36 GMT
Server
KONICHIWA/1.1
ETag
W/"17636-1507216416000"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Date
Tue, 07 Nov 2017 11:32:21 GMT
Set-Cookie
ISD_TF_COOKIE=2Ov9BCAX2eH29dbdEKbvYERruKUAbX54MU3uXk2xIsMGpFiN5d/YcWjNks306txnWQ8HDia9lr0ONYgAAAAB;Secure; path=/; domain=oam.wellsfargo.com; HttpOnly
Accept-Ranges
bytes
Content-Length
17636
X-XSS-Protection
1; mode=block
Cookie set tip.css
oam.wellsfargo.com/oam/css/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://oam.wellsfargo.com/oam/css/tip.css
Requested by
Host: www.slepune.com
URL: http://www.slepune.com/Gupdate.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
3890e90c751b640c61e43b0b24c7efa1fecb79d701109744cc74c63e03727e0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
oam.wellsfargo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.slepune.com/Gupdate.shtml
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.slepune.com/Gupdate.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2017 15:13:36 GMT
Server
KONICHIWA/1.1
ETag
W/"1280-1507216416000"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Date
Tue, 07 Nov 2017 11:32:21 GMT
Set-Cookie
ISD_TF_COOKIE=4crdR+PgkNI9pDXdEKbvYERruKUAbRV6/kzxJ8ZsMxsnHBmoN1K3sXKKPVJsw95762JtW+YIolTigd4AAAAB;Secure; path=/; domain=oam.wellsfargo.com; HttpOnly
Accept-Ranges
bytes
Content-Length
1280
X-XSS-Protection
1; mode=block
Cookie set jquery.min.js
oam.wellsfargo.com/oam/js/ 		94 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oam.wellsfargo.com/oam/js/jquery.min.js
Requested by
Host: www.slepune.com
URL: http://www.slepune.com/Gupdate.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
oam.wellsfargo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
*/*
Referer
http://www.slepune.com/Gupdate.shtml
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.slepune.com/Gupdate.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2017 15:13:36 GMT
Server
KONICHIWA/1.1
ETag
W/"95931-1507216416000"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Date
Tue, 07 Nov 2017 11:32:21 GMT
Set-Cookie
ISD_TF_COOKIE=vN+AehugLnmKQnbdEKbvYERruKUAbZaiWH5dggqWsQ93TFYh4yiNJ/zbj+7IgOGaTEdqifPrcVleksgAAAAB;Secure; path=/; domain=oam.wellsfargo.com; HttpOnly
Accept-Ranges
bytes
Content-Length
95931
X-XSS-Protection
1; mode=block
Cookie set timer.js
oam.wellsfargo.com/oam/js/ 		7 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oam.wellsfargo.com/oam/js/timer.js
Requested by
Host: www.slepune.com
URL: http://www.slepune.com/Gupdate.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
8fee1335b54427ccc48d7adc37ea958c36ee3c9a55ea146ff47f718c493045bf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
oam.wellsfargo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
*/*
Referer
http://www.slepune.com/Gupdate.shtml
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.slepune.com/Gupdate.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2017 15:13:36 GMT
Server
KONICHIWA/1.1
ETag
W/"7648-1507216416000"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Date
Tue, 07 Nov 2017 11:32:21 GMT
Set-Cookie
ISD_TF_COOKIE=k54C19aKr0PQPmTdEKbvYERruKUAbew48S4Qq8TXXhkwC1PNFmLc0fw06sLuREwJ7CFMsoFcevQ6WJUAAAAB;Secure; path=/; domain=oam.wellsfargo.com; HttpOnly
Accept-Ranges
bytes
Content-Length
7648
X-XSS-Protection
1; mode=block
shim.gif
oam.wellsfargo.com/oam/images/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://oam.wellsfargo.com/oam/images/shim.gif
Requested by
Host: www.slepune.com
URL: http://www.slepune.com/Gupdate.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
oam.wellsfargo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.slepune.com/Gupdate.shtml
Cookie
ISD_TF_COOKIE=vN+AehugLnmKQnbdEKbvYERruKUAbZaiWH5dggqWsQ93TFYh4yiNJ/zbj+7IgOGaTEdqifPrcVleksgAAAAB
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.slepune.com/Gupdate.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2017 15:13:36 GMT
Server
KONICHIWA/1.1
ETag
W/"43-1507216416000"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Date
Tue, 07 Nov 2017 11:32:21 GMT
Accept-Ranges
bytes
Content-Length
43
X-XSS-Protection
1; mode=block
logo_62sq.gif
oam.wellsfargo.com/oam/images/ 		616 B
616 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://oam.wellsfargo.com/oam/images/logo_62sq.gif
Requested by
Host: www.slepune.com
URL: http://www.slepune.com/Gupdate.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
ebf4a535fa6a88962621940e780ca0cd6707b6cdaed59f469f0aeada311d09d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
oam.wellsfargo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.slepune.com/Gupdate.shtml
Cookie
ISD_TF_COOKIE=vN+AehugLnmKQnbdEKbvYERruKUAbZaiWH5dggqWsQ93TFYh4yiNJ/zbj+7IgOGaTEdqifPrcVleksgAAAAB
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.slepune.com/Gupdate.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2017 15:13:36 GMT
Server
KONICHIWA/1.1
ETag
W/"616-1507216416000"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Date
Tue, 07 Nov 2017 11:32:21 GMT
Accept-Ranges
bytes
Content-Length
616
X-XSS-Protection
1; mode=block
tagline_consumer.gif
oam.wellsfargo.com/oam/images/ 		937 B
937 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://oam.wellsfargo.com/oam/images/tagline_consumer.gif
Requested by
Host: www.slepune.com
URL: http://www.slepune.com/Gupdate.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
5dd26d926dda54524ab6d5696e30fa8ae26e5b54895d20a4781d54f4ed5cbf78
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
oam.wellsfargo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.slepune.com/Gupdate.shtml
Cookie
ISD_TF_COOKIE=vN+AehugLnmKQnbdEKbvYERruKUAbZaiWH5dggqWsQ93TFYh4yiNJ/zbj+7IgOGaTEdqifPrcVleksgAAAAB
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.slepune.com/Gupdate.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2017 15:13:36 GMT
Server
KONICHIWA/1.1
ETag
W/"937-1507216416000"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Date
Tue, 07 Nov 2017 11:32:21 GMT
Accept-Ranges
bytes
Content-Length
937
X-XSS-Protection
1; mode=block
tip_close.gif
oam.wellsfargo.com/oam/css/images/ 		145 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://oam.wellsfargo.com/oam/css/images/tip_close.gif
Requested by
Host: www.slepune.com
URL: http://www.slepune.com/Gupdate.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
d85f54f9bbb6febac15be3e5873e0b26eaa4b205507ab82796c6b3a6182c9217
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
oam.wellsfargo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.slepune.com/Gupdate.shtml
Cookie
ISD_TF_COOKIE=vN+AehugLnmKQnbdEKbvYERruKUAbZaiWH5dggqWsQ93TFYh4yiNJ/zbj+7IgOGaTEdqifPrcVleksgAAAAB
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.slepune.com/Gupdate.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2017 15:13:36 GMT
Server
KONICHIWA/1.1
ETag
W/"145-1507216416000"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Date
Tue, 07 Nov 2017 11:32:21 GMT
Accept-Ranges
bytes
Content-Length
145
X-XSS-Protection
1; mode=block
al_ehl_house_gen.gif
oam.wellsfargo.com/oam/images/ 		111 B
111 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://oam.wellsfargo.com/oam/images/al_ehl_house_gen.gif
Requested by
Host: www.slepune.com
URL: http://www.slepune.com/Gupdate.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
c607565db4706ba321b498fe0d030c5ea56d10db184e40ffcb6092fad8ed6569
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
oam.wellsfargo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.slepune.com/Gupdate.shtml
Cookie
ISD_TF_COOKIE=vN+AehugLnmKQnbdEKbvYERruKUAbZaiWH5dggqWsQ93TFYh4yiNJ/zbj+7IgOGaTEdqifPrcVleksgAAAAB
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.slepune.com/Gupdate.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2017 15:13:36 GMT
Server
KONICHIWA/1.1
ETag
W/"111-1507216416000"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Date
Tue, 07 Nov 2017 11:32:21 GMT
Accept-Ranges
bytes
Content-Length
111
X-XSS-Protection
1; mode=block
wibprint.css
oam.wellsfargo.com/oam/css/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://oam.wellsfargo.com/oam/css/wibprint.css
Requested by
Host: www.slepune.com
URL: http://www.slepune.com/Gupdate.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
5eac34e388178efd5ee1346ec07f7a80b204157b4058bf54a90eef2c8aa2ac88
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
oam.wellsfargo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.slepune.com/Gupdate.shtml
Cookie
ISD_TF_COOKIE=vN+AehugLnmKQnbdEKbvYERruKUAbZaiWH5dggqWsQ93TFYh4yiNJ/zbj+7IgOGaTEdqifPrcVleksgAAAAB
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.slepune.com/Gupdate.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2017 15:13:36 GMT
Server
KONICHIWA/1.1
ETag
W/"2901-1507216416000"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Date
Tue, 07 Nov 2017 11:32:21 GMT
Accept-Ranges
bytes
Content-Length
2901
X-XSS-Protection
1; mode=block
securityguarantee.gif
oam.wellsfargo.com/oam/images/ 		67 B
67 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://oam.wellsfargo.com/oam/images/securityguarantee.gif
Requested by
Host: oam.wellsfargo.com
URL: https://oam.wellsfargo.com/oam/js/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
efe958151f0837002965e098124bf7c159236a74d0e9dbd0015ecbcf461f0810
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
oam.wellsfargo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://oam.wellsfargo.com/oam/css/vudu.css
Cookie
ISD_TF_COOKIE=vN+AehugLnmKQnbdEKbvYERruKUAbZaiWH5dggqWsQ93TFYh4yiNJ/zbj+7IgOGaTEdqifPrcVleksgAAAAB
Connection
keep-alive
Cache-Control
no-cache
Referer
https://oam.wellsfargo.com/oam/css/vudu.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2017 15:13:36 GMT
Server
KONICHIWA/1.1
ETag
W/"67-1507216416000"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Date
Tue, 07 Nov 2017 11:32:21 GMT
Accept-Ranges
bytes
Content-Length
67
X-XSS-Protection
1; mode=block
tip_default_top.gif
oam.wellsfargo.com/oam/css/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://oam.wellsfargo.com/oam/css/images/tip_default_top.gif
Requested by
Host: oam.wellsfargo.com
URL: https://oam.wellsfargo.com/oam/js/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
85510f165db511fb5d960bcb879c7f7a7c2c511e08610e189c3d827fec06f314
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
oam.wellsfargo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://oam.wellsfargo.com/oam/css/tip.css
Cookie
ISD_TF_COOKIE=vN+AehugLnmKQnbdEKbvYERruKUAbZaiWH5dggqWsQ93TFYh4yiNJ/zbj+7IgOGaTEdqifPrcVleksgAAAAB
Connection
keep-alive
Cache-Control
no-cache
Referer
https://oam.wellsfargo.com/oam/css/tip.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2017 15:13:36 GMT
Server
KONICHIWA/1.1
ETag
W/"4273-1507216416000"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Date
Tue, 07 Nov 2017 11:32:21 GMT
Accept-Ranges
bytes
Content-Length
4273
X-XSS-Protection
1; mode=block
tip_bottom.gif
oam.wellsfargo.com/oam/css/images/ 		994 B
994 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://oam.wellsfargo.com/oam/css/images/tip_bottom.gif
Requested by
Host: oam.wellsfargo.com
URL: https://oam.wellsfargo.com/oam/js/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
8c12ba01de60518f9fc8ff97bb71897c99f9d3b02ba91decab6c406580697bad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
oam.wellsfargo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://oam.wellsfargo.com/oam/css/tip.css
Cookie
ISD_TF_COOKIE=vN+AehugLnmKQnbdEKbvYERruKUAbZaiWH5dggqWsQ93TFYh4yiNJ/zbj+7IgOGaTEdqifPrcVleksgAAAAB
Connection
keep-alive
Cache-Control
no-cache
Referer
https://oam.wellsfargo.com/oam/css/tip.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2017 15:13:36 GMT
Server
KONICHIWA/1.1
ETag
W/"994-1507216416000"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Date
Tue, 07 Nov 2017 11:32:21 GMT
Accept-Ranges
bytes
Content-Length
994
X-XSS-Protection
1; mode=block
resettimeout
www.slepune.com/oam/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.slepune.com/oam/resettimeout?continue=false&v=1510054342440
Requested by
Host: www.slepune.com
URL: http://www.slepune.com/Gupdate.shtml
Protocol
HTTP/1.1
Server
108.179.246.153 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
84f036746973e16baa65506977236c208c65b895b04718a7454b4b4864cb6808

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.slepune.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.slepune.com/Gupdate.shtml
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.slepune.com/Gupdate.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Tue, 07 Nov 2017 11:32:22 GMT
Content-Encoding
gzip
Last-Modified
Tue, 26 Jul 2016 16:46:08 GMT
Server
nginx/1.12.2
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies