secu-my-acct.com Open in urlscan Pro
34.168.191.185  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response secu-my-acct.com/	23 KB 24 KB	3044ms 2715ms	Document text/html	34.168.191.185
General Check archive.org Show headers Download Go to Full URL https://secu-my-acct.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 34.168.191.185 The Dalles, United States, ASN396982 (), Reverse DNS 185.191.168.34.bc.googleusercontent.com Software Apache / Resource Hash c465485aed683268f94dcdba95c6adfbc55f713aa7868df057f6e171600f9b00 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Sat, 05 Nov 2022 03:53:35 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	wfui.dc5a086beca5b68bfa75.chunk.css secu-my-acct.com/resources/	94 KB 94 KB	296ms 150ms	Stylesheet text/css	34.168.191.185
General Check archive.org Show headers Download Go to Full URL https://secu-my-acct.com/resources/wfui.dc5a086beca5b68bfa75.chunk.css Requested by Host: secu-my-acct.com URL: https://secu-my-acct.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 34.168.191.185 The Dalles, United States, ASN396982 (), Reverse DNS 185.191.168.34.bc.googleusercontent.com Software Apache / Resource Hash fe1bdc09b7399736efc6617cf6762dc9c82516e0b3f1e0d80fe5287c262c199a Request headers accept-language de-DE,de;q=0.9 Referer https://secu-my-acct.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Sat, 05 Nov 2022 03:53:38 GMT Last-Modified Tue, 01 Nov 2022 22:16:16 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 95868
GET H/1.1	200 OK	main.4870f47b74ad9141ce5b.chunk.css secu-my-acct.com/resources/	3 KB 4 KB	448ms 148ms	Stylesheet text/css	34.168.191.185
General Check archive.org Show headers Download Go to Full URL https://secu-my-acct.com/resources/main.4870f47b74ad9141ce5b.chunk.css Requested by Host: secu-my-acct.com URL: https://secu-my-acct.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 34.168.191.185 The Dalles, United States, ASN396982 (), Reverse DNS 185.191.168.34.bc.googleusercontent.com Software Apache / Resource Hash c09753711c376ac7d47b28dca007a00ea49e907c3476fd12bdf8ae303cf52ec9 Request headers accept-language de-DE,de;q=0.9 Referer https://secu-my-acct.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Sat, 05 Nov 2022 03:53:38 GMT Last-Modified Tue, 01 Nov 2022 22:16:16 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3580
GET H/1.1	200 OK	0.fccf6cebc9e0f1a0717f.chunk.css secu-my-acct.com/resources/	8 KB 8 KB	449ms 150ms	Stylesheet text/css	34.168.191.185
General Check archive.org Show headers Download Go to Full URL https://secu-my-acct.com/resources/0.fccf6cebc9e0f1a0717f.chunk.css Requested by Host: secu-my-acct.com URL: https://secu-my-acct.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 34.168.191.185 The Dalles, United States, ASN396982 (), Reverse DNS 185.191.168.34.bc.googleusercontent.com Software Apache / Resource Hash 9e996fe967eb8587a13a25eb1d22741d17195385800cd9375bcf1f2f8739cdd5 Request headers accept-language de-DE,de;q=0.9 Referer https://secu-my-acct.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Sat, 05 Nov 2022 03:53:38 GMT Last-Modified Tue, 01 Nov 2022 22:16:16 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 7726
GET H/1.1	200 OK	1.f547b6e66267c52604e9.chunk.css secu-my-acct.com/resources/	4 KB 4 KB	453ms 150ms	Stylesheet text/css	34.168.191.185
General Check archive.org Show headers Download Go to Full URL https://secu-my-acct.com/resources/1.f547b6e66267c52604e9.chunk.css Requested by Host: secu-my-acct.com URL: https://secu-my-acct.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 34.168.191.185 The Dalles, United States, ASN396982 (), Reverse DNS 185.191.168.34.bc.googleusercontent.com Software Apache / Resource Hash 444238afa2c5dff88714941474ff5153227a31fe6a58f4cc8a0c3e517d5da629 Request headers accept-language de-DE,de;q=0.9 Referer https://secu-my-acct.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Sat, 05 Nov 2022 03:53:38 GMT Last-Modified Tue, 01 Nov 2022 22:16:16 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3997
GET H/1.1	200 OK	2.d908c227d892a97fd57c.chunk.css secu-my-acct.com/resources/	19 KB 19 KB	454ms 151ms	Stylesheet text/css	34.168.191.185
General Check archive.org Show headers Download Go to Full URL https://secu-my-acct.com/resources/2.d908c227d892a97fd57c.chunk.css Requested by Host: secu-my-acct.com URL: https://secu-my-acct.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 34.168.191.185 The Dalles, United States, ASN396982 (), Reverse DNS 185.191.168.34.bc.googleusercontent.com Software Apache / Resource Hash 00f37084a77125b6ec9a0d7adbfe986578d1d5ef26514bc0d88b2b4ec39740f8 Request headers accept-language de-DE,de;q=0.9 Referer https://secu-my-acct.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Sat, 05 Nov 2022 03:53:38 GMT Last-Modified Tue, 01 Nov 2022 22:16:16 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 19337
GET H/1.1	200 OK	COB-BOB-IRT-enroll_tractor.jpg secu-my-acct.com/resources/	599 KB 599 KB	449ms 155ms	Image image/jpeg	34.168.191.185
General Check archive.org Show headers Download Go to Show image Full URL https://secu-my-acct.com/resources/COB-BOB-IRT-enroll_tractor.jpg Requested by Host: secu-my-acct.com URL: https://secu-my-acct.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 34.168.191.185 The Dalles, United States, ASN396982 (), Reverse DNS 185.191.168.34.bc.googleusercontent.com Software Apache / Resource Hash d3ee0c954f26a12702c2ad4ca5fc14fa14198eadd59113a5baef17e0c1240ebe Request headers accept-language de-DE,de;q=0.9 Referer https://secu-my-acct.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Sat, 05 Nov 2022 03:53:38 GMT Last-Modified Tue, 01 Nov 2022 22:16:16 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 613304
GET H2	200	wellsfargosans-rg.woff2 www15.wellsfargomedia.com/wfui/css/fonts/	22 KB 22 KB	119ms 19ms	Font font/woff2	23.203.89.234 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-rg.woff2 Requested by Host: secu-my-acct.com URL: https://secu-my-acct.com/resources/wfui.dc5a086beca5b68bfa75.chunk.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.203.89.234 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-203-89-234.deploy.static.akamaitechnologies.com Software KONICHIWA/2.0 / Resource Hash 631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubdomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://secu-my-acct.com/ Origin https://secu-my-acct.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers unused62 8096267 strict-transport-security max-age=31536000; includeSubdomains; date Sat, 05 Nov 2022 03:53:38 GMT x-content-type-options nosniff last-modified Tue, 26 Feb 2019 19:38:34 GMT server KONICHIWA/2.0 etag "5798-582d133e56280" x-frame-options SAMEORIGIN content-type font/woff2 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes content-length 22424 x-xss-protection 1; mode=block expires Sun, 05 Nov 2023 03:53:38 GMT
GET H2	200	wellsfargosans-sbd.woff2 www15.wellsfargomedia.com/wfui/css/fonts/	22 KB 22 KB	137ms 37ms	Font font/woff2	23.203.89.234 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-sbd.woff2 Requested by Host: secu-my-acct.com URL: https://secu-my-acct.com/resources/wfui.dc5a086beca5b68bfa75.chunk.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.203.89.234 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-203-89-234.deploy.static.akamaitechnologies.com Software KONICHIWA/2.0 / Resource Hash ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubdomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://secu-my-acct.com/ Origin https://secu-my-acct.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers unused62 8096267 strict-transport-security max-age=31536000; includeSubdomains; date Sat, 05 Nov 2022 03:53:38 GMT x-content-type-options nosniff last-modified Tue, 26 Feb 2019 19:38:34 GMT server KONICHIWA/2.0 etag "5848-582d133e56280" x-frame-options SAMEORIGIN content-type font/woff2 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes content-length 22600 x-xss-protection 1; mode=block expires Sun, 05 Nov 2023 03:53:38 GMT
GET H2	200	wellsfargoserif-rg.woff2 www15.wellsfargomedia.com/wfui/css/fonts/	26 KB 26 KB	136ms 36ms	Font font/woff2	23.203.89.234 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargoserif-rg.woff2 Requested by Host: secu-my-acct.com URL: https://secu-my-acct.com/resources/wfui.dc5a086beca5b68bfa75.chunk.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.203.89.234 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-203-89-234.deploy.static.akamaitechnologies.com Software KONICHIWA/2.0 / Resource Hash aeb7b3bfc4281d35b02dfde05ac7a6c0d3daa7f3123b35a9cbd4b5a8e3f3c310 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubdomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://secu-my-acct.com/ Origin https://secu-my-acct.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers unused62 8096267 strict-transport-security max-age=31536000; includeSubdomains; date Sat, 05 Nov 2022 03:53:38 GMT x-content-type-options nosniff last-modified Mon, 11 Mar 2019 20:52:01 GMT server KONICHIWA/2.0 etag "6854-583d7be82be40" x-frame-options SAMEORIGIN content-type font/woff2 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes content-length 26708 x-xss-protection 1; mode=block expires Sun, 05 Nov 2023 03:53:38 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| doo function| dooe function| su

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			secu-my-acct.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 8225fed3e4eb4ec15cf7708028727617

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

secu-my-acct.com
www15.wellsfargomedia.com
23.203.89.234
34.168.191.185
00f37084a77125b6ec9a0d7adbfe986578d1d5ef26514bc0d88b2b4ec39740f8
444238afa2c5dff88714941474ff5153227a31fe6a58f4cc8a0c3e517d5da629
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
9e996fe967eb8587a13a25eb1d22741d17195385800cd9375bcf1f2f8739cdd5
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
aeb7b3bfc4281d35b02dfde05ac7a6c0d3daa7f3123b35a9cbd4b5a8e3f3c310
c09753711c376ac7d47b28dca007a00ea49e907c3476fd12bdf8ae303cf52ec9
c465485aed683268f94dcdba95c6adfbc55f713aa7868df057f6e171600f9b00
d3ee0c954f26a12702c2ad4ca5fc14fa14198eadd59113a5baef17e0c1240ebe
fe1bdc09b7399736efc6617cf6762dc9c82516e0b3f1e0d80fe5287c262c199a