emadmughniyeh.com
Open in
urlscan Pro
65.108.96.250
Malicious Activity!
Public Scan
Submission: On August 25 via automatic, source openphish — Scanned from FI
Summary
TLS certificate: Issued by R3 on December 7th 2021. Valid for: 3 months.
This is the only time emadmughniyeh.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online) Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 65.108.96.250 65.108.96.250 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 1 | 2600:9000:205... 2600:9000:2057:e200:10:7abf:f800:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2606:50c0:800... 2606:50c0:8002::153 | 54113 (FASTLY) (FASTLY) | |
5 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
18 | 3 |
ASN24940 (HETZNER-AS, DE)
PTR: static.250.96.108.65.clients.your-server.de
emadmughniyeh.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
emadmughniyeh.com
emadmughniyeh.com |
54 KB |
5 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 219 |
90 KB |
2 |
sitepoint.com
1 redirects
www.sitepoint.com — Cisco Umbrella Rank: 214689 i2.sitepoint.com |
6 KB |
18 | 3 |
Domain | Requested by | |
---|---|---|
12 | emadmughniyeh.com |
emadmughniyeh.com
|
5 | cdnjs.cloudflare.com |
emadmughniyeh.com
|
1 | i2.sitepoint.com |
emadmughniyeh.com
|
1 | www.sitepoint.com | 1 redirects |
18 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
emadmughniyeh.com R3 |
2021-12-07 - 2022-03-07 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://emadmughniyeh.com/wellsfargo/WellsFargo%20Ultimate/step3.php
Frame ID: 1A0C6A99180D603BF32DC45A0938C332
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
Wells Fargo - Verify Your IdentityDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js HTTP 301
- https://i2.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
step3.php
emadmughniyeh.com/wellsfargo/WellsFargo%20Ultimate/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MaskedPassword.js
i2.sitepoint.com/examples/password/MaskedPassword/ Redirect Chain
|
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/ |
256 KB 64 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.validate.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/ |
45 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
additional-methods.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/ |
38 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.maskedinput.js
cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.payment.js
cdnjs.cloudflare.com/ajax/libs/jquery.payment/1.3.2/ |
17 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wf19.png
emadmughniyeh.com/wellsfargo/WellsFargo%20Ultimate/img/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
emadmughniyeh.com/wellsfargo/WellsFargo%20Ultimate/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
secu.png
emadmughniyeh.com/wellsfargo/WellsFargo%20Ultimate/img/ |
907 B 937 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wf17.png
emadmughniyeh.com/wellsfargo/WellsFargo%20Ultimate/img/ |
265 B 295 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wf18.png
emadmughniyeh.com/wellsfargo/WellsFargo%20Ultimate/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wf20.png
emadmughniyeh.com/wellsfargo/WellsFargo%20Ultimate/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wf21.png
emadmughniyeh.com/wellsfargo/WellsFargo%20Ultimate/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wf22.png
emadmughniyeh.com/wellsfargo/WellsFargo%20Ultimate/img/ |
274 B 305 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
canc.png
emadmughniyeh.com/wellsfargo/WellsFargo%20Ultimate/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ws1.png
emadmughniyeh.com/wellsfargo/WellsFargo%20Ultimate/img/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
continue.png
emadmughniyeh.com/wellsfargo/WellsFargo%20Ultimate/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online) Wells Fargo (Banking)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| MaskedPassword function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
emadmughniyeh.com
i2.sitepoint.com
www.sitepoint.com
2600:9000:2057:e200:10:7abf:f800:93a1
2606:4700::6811:180e
2606:50c0:8002::153
65.108.96.250
1d95e0e21c160558eb3d2bacd76779048cb600cc04e15264e0835f4f86b4b375
2aecc3e7494318d2398eafe2a6de21c03a52264ddf86c7934758ddbda06864bb
2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825
30c71ce57687cb04f333ebce07c6098bd1a0ce6556e52f73dbf853dc5d56dd2a
32089a709d5faae7c346f0aeec1aaa8fb4da160ceacf23bd871dc30394c8607f
593011e4c5e2416a84cc50d01760a22c0667cd65fdbb8924b69417fa9206c628
5ea300fe42055ada46470525c1a89801811ffd2a99506e224ade747dae87c06c
60499c4335239d51fa6ef40bd909ba8e62a2a468b16b74f0fd9fadac1eee4bbf
78f27c3d7cb5d766466703adc7f7ad7706b7fb05514eec39be0aa253449bd0f8
79a3b908565aac75c2c635ed9a03ac88effed84dc4467317b324573a1cbb0a46
7ef14a1e070a6a2ec9ff44ccf5e923cb2a460c5861a3db8a9ae1e21557d27020
83ec968d089b5dc5f4dde77745cc596fa4757279e0dcb3deb9fc1c3d502f79d2
9b424aeb4f8994e67a0b6af0b67f8d0dfff5d77f993e1854ffe0620e766ccd68
accf2ac7a8cdd42af0374fd634ee14bedcffbb3338c4ae571545f7c61706a4bc
c7c0bb8c5e61bd4913d78009d164ce788b3e00e4cfd326a337a94b14b409bdc0
e9a956035b39f4490e379e11898444ccbc3c6918bb5ebecd248e95402fbec616
f98e3dca8517fbe6463df5437ac44087f11a90dce4790d85cf5ef84547801a43
ffbb4b951f2a769fa461c96def503f4a208f25e12e9eabd8a765f641f0a8ea58