botoxtrainingcalifornia.com
Open in
urlscan Pro
142.11.204.39
Malicious Activity!
Public Scan
URL:
http://botoxtrainingcalifornia.com/css/fargo/index2.htm
Submission Tags: @ipnigh
Submission: On October 23 via api from GB
Submission Tags: @ipnigh
Submission: On October 23 via api from GB
Summary
This website contacted 17 IPs
in 3 countries
across 10 domains to perform 57 HTTP transactions.
The main IP is 142.11.204.39, located in
Seattle, United States and
belongs to HOSTWINDS - Hostwinds LLC., US.
The main domain is botoxtrainingcalifornia.com.
This is the only time botoxtrainingcalifornia.com was scanned on urlscan.io!
This is the only time botoxtrainingcalifornia.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 28 | 142.11.204.39 142.11.204.39 | 54290 (HOSTWINDS) (HOSTWINDS - Hostwinds LLC.) | |
| 4 | 159.45.2.178 159.45.2.178 | 10837 (WELLSFARG...) (WELLSFARGO-10837 - Wells Fargo & Company) | |
| 1 | 2600:9000:215... 2600:9000:2156:3600:1d:4b80:2300:93a1 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 2 | 143.204.101.116 143.204.101.116 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 2 | 52.2.162.18 52.2.162.18 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
| 9 | 2.16.186.96 2.16.186.96 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 2 | 167.99.54.244 167.99.54.244 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean) | |
| 1 | 2.16.186.74 2.16.186.74 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:808::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 1 | 34.235.242.112 34.235.242.112 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
| 1 | 54.243.75.139 54.243.75.139 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
| 1 | 2606:4700::68... 2606:4700::6813:c497 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 1 | 2.16.186.107 2.16.186.107 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 | 52.202.42.171 52.202.42.171 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
| 1 | 2a01:4a0:1338... 2a01:4a0:1338:28::c38a:ff0b | 201011 (NETZBETRI...) (NETZBETRIEB-GMBH) | |
| 1 | 2.16.186.58 2.16.186.58 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 57 | 17 |
28
142.11.204.39
(Seattle, United States)
ASN54290 (HOSTWINDS - Hostwinds LLC., US)
PTR: client-142-11-204-39.hostwindsdns.com
ASN54290 (HOSTWINDS - Hostwinds LLC., US)
PTR: client-142-11-204-39.hostwindsdns.com
| botoxtrainingcalifornia.com |
4
159.45.2.178
(Charlotte, United States)
ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US)
ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US)
| static.wellsfargo.com |
1
2600:9000:2156:3600:1d:4b80:2300:93a1
(United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
| cdn.advennsha.info |
2
143.204.101.116
(Seattle, United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-101-116.fra50.r.cloudfront.net
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-101-116.fra50.r.cloudfront.net
| gateway.foresee.com |
2
52.2.162.18
(Ashburn, United States)
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-2-162-18.compute-1.amazonaws.com
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-2-162-18.compute-1.amazonaws.com
| tfc.advennsha.info |
9
2.16.186.96
(Ascension Island)
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-96.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-96.deploy.static.akamaitechnologies.com
| cdncache-a.akamaihd.net |
2
167.99.54.244
(Clifton, United States)
ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
PTR: q1.qdatasales.com
ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
PTR: q1.qdatasales.com
| qdatasales.com |
1
2.16.186.74
(Ascension Island)
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-74.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-74.deploy.static.akamaitechnologies.com
| eventping-a.akamaihd.net |
1
2a00:1450:4001:808::200a
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE - Google LLC, US)
ASN15169 (GOOGLE - Google LLC, US)
| ajax.googleapis.com |
1
34.235.242.112
(Ashburn, United States)
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-235-242-112.compute-1.amazonaws.com
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-235-242-112.compute-1.amazonaws.com
| b.1p1eqpotato.com |
1
54.243.75.139
(Ashburn, United States)
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-243-75-139.compute-1.amazonaws.com
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-243-75-139.compute-1.amazonaws.com
| s.dcbap.com |
1
2606:4700::6813:c497
(United States)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| cdnjs.cloudflare.com |
1
2.16.186.107
(Ascension Island)
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-107.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-107.deploy.static.akamaitechnologies.com
| canvasdp-a.akamaihd.net |
1
52.202.42.171
(Ashburn, United States)
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-202-42-171.compute-1.amazonaws.com
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-202-42-171.compute-1.amazonaws.com
| analytics.foresee.com |
1
2.16.186.58
(Ascension Island)
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-58.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-58.deploy.static.akamaitechnologies.com
| canvaspl-a.akamaihd.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 28 |
botoxtrainingcalifornia.com
botoxtrainingcalifornia.com |
452 KB |
| 13 |
akamaihd.net
cdncache-a.akamaihd.net eventping-a.akamaihd.net canvasdp-a.akamaihd.net pnt-a.akamaihd.net canvaspl-a.akamaihd.net |
34 KB |
| 4 |
wellsfargo.com
static.wellsfargo.com |
77 KB |
| 3 |
foresee.com
gateway.foresee.com analytics.foresee.com |
21 KB |
| 3 |
advennsha.info
cdn.advennsha.info tfc.advennsha.info |
17 KB |
| 2 |
qdatasales.com
qdatasales.com |
2 KB |
| 1 |
cloudflare.com
cdnjs.cloudflare.com |
10 KB |
| 1 |
dcbap.com
s.dcbap.com |
245 B |
| 1 |
1p1eqpotato.com
b.1p1eqpotato.com |
445 B |
| 1 |
googleapis.com
ajax.googleapis.com |
30 KB |
| 57 | 10 |
| Domain | Requested by | |
|---|---|---|
| 28 | botoxtrainingcalifornia.com |
botoxtrainingcalifornia.com
|
| 9 | cdncache-a.akamaihd.net |
cdn.advennsha.info
cdncache-a.akamaihd.net botoxtrainingcalifornia.com |
| 4 | static.wellsfargo.com |
botoxtrainingcalifornia.com
static.wellsfargo.com |
| 2 | qdatasales.com |
cdncache-a.akamaihd.net
qdatasales.com |
| 2 | tfc.advennsha.info |
cdn.advennsha.info
|
| 2 | gateway.foresee.com |
botoxtrainingcalifornia.com
|
| 1 | canvaspl-a.akamaihd.net | |
| 1 | pnt-a.akamaihd.net | |
| 1 | analytics.foresee.com |
botoxtrainingcalifornia.com
|
| 1 | canvasdp-a.akamaihd.net | |
| 1 | cdnjs.cloudflare.com |
cdncache-a.akamaihd.net
|
| 1 | s.dcbap.com |
cdncache-a.akamaihd.net
|
| 1 | b.1p1eqpotato.com |
botoxtrainingcalifornia.com
|
| 1 | ajax.googleapis.com |
botoxtrainingcalifornia.com
|
| 1 | eventping-a.akamaihd.net | |
| 1 | cdn.advennsha.info |
botoxtrainingcalifornia.com
|
| 57 | 16 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.wellsfargo.com |
| connect.secure.wellsfargo.com |
| oam.wellsfargo.com |
| icomplete.wellsfargo.com |
| www.wellsfargorewards.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| static.wellsfargo.com DigiCert Global CA G2 |
2019-02-07 - 2021-02-07 |
2 years | crt.sh |
| *.immereeako.info Amazon |
2019-03-26 - 2020-04-26 |
a year | crt.sh |
| a248.e.akamai.net DigiCert Secure Site ECC CA-1 |
2019-08-13 - 2020-08-12 |
a year | crt.sh |
| ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-08-10 - 2020-02-16 |
6 months | crt.sh |
| *.foresee.com Go Daddy Secure Certificate Authority - G2 |
2018-09-21 - 2020-09-21 |
2 years | crt.sh |
| qdatasales.com Sectigo RSA Domain Validation Secure Server CA |
2019-10-07 - 2021-10-06 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
http://botoxtrainingcalifornia.com/css/fargo/index2.htm
Frame ID: A80078CF672F246663965B479BA993DF
Requests: 63 HTTP requests in this frame
Frame:
https://cdncache-a.akamaihd.net/store/
Frame ID: 4C50459E3AF447D72B554419570E1D1B
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
LiteSpeed
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /^LiteSpeed$/i
Fingerprintjs (JavaScript Libraries) Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /fingerprint(\d)?(?:\.min)?\.js/i
Page Statistics
17 Outgoing links
These are links going to different origins than the main page.
URL: https://www.wellsfargo.com/
Title:
Title:
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/help/apply/
Title: Apply
Title: Apply
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/locator/
Title: Locations
Title: Locations
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/help/
Title: Customer Service
Title: Customer Service
Search URL Search Domain Scan URL
URL: https://connect.secure.wellsfargo.com/auth/login/present?origin=cob&langPref=SPN
Title: Español
Title: Español
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/help/online-banking/sign-on-faqs
Title: Forgot Password/Username?
Title: Forgot Password/Username?
Search URL Search Domain Scan URL
URL: https://oam.wellsfargo.com/oamo/identity/enrollment
Title: Enroll Now
Title: Enroll Now
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/help/online-banking/enroll-faqs
Title: Enrollment FAQs
Title: Enrollment FAQs
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/privacy-security/guarantee
Title: Online Security Guarantee
Title: Online Security Guarantee
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/privacy-security/
Title: Privacy, Security and Legal
Title: Privacy, Security and Legal
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/online-banking/online-access-agreement/
Title: Online Access Agreement
Title: Online Access Agreement
Search URL Search Domain Scan URL
URL: https://icomplete.wellsfargo.com/oas/status/enter
Title: Applications In Progress
Title: Applications In Progress
Search URL Search Domain Scan URL
URL: https://www.wellsfargorewards.com/
Title: Credit Card Rewards
Title: Credit Card Rewards
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/about
Title: About Wells Fargo
Title: About Wells Fargo
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/about/careers/
Title: Careers
Title: Careers
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/privacy-security/fraud/report/phish
Title: Report Email Fraud
Title: Report Email Fraud
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/sitemap
Title: Sitemap
Title: Sitemap
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
57 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
index2.htm
botoxtrainingcalifornia.com/css/fargo/ |
54 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
gateway.js
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
34 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
nd
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
43 KB 44 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
utag_004.js
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
195 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
global.css
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
20 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
enhanced-header.css
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
content.css
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
1 KB 946 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wf.css
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
199 B 490 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
enhanced-footer.css
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
glu.js
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
pa.js
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
16 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
utag_003.js
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
56 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
utag_002.js
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
utag.js
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fs.js
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
94 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
l.js
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fs_002.js
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
32 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
pops
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
2 KB 2 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Pt8cY8Qvgbs5.js
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
pops_002
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
3 KB 3 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
WF_stagecoach_rgb_ylw_F1.svg
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
226 KB 165 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
login-userprefs.js
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
158 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
conutils-6.js
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
23 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
atadun.js
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
1023 B 921 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
utag.js
static.wellsfargo.com/tracking/main/ |
252 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
330 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
467 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
889 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
WellsFargoSans_W_Rg.woff2
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
conutils-6.9.0.js
botoxtrainingcalifornia.com/auth/static/scripts/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
atadun.js
botoxtrainingcalifornia.com/auth/static/prefs/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
WellsFargoSans_W_Rg.woff
botoxtrainingcalifornia.com/css/fargo/index2_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pa.min.js
cdn.advennsha.info/ |
16 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
gateway.min.js
static.wellsfargo.com/tracking/survey/ |
19 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fs.utils.js
static.wellsfargo.com/tracking/survey/code/ |
75 KB 26 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
config.json
gateway.foresee.com/sites/wellsfargo/production/ |
80 KB 10 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
cfg
tfc.advennsha.info/ |
112 B 373 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
config.json
gateway.foresee.com/sites/wellsfargo/production/ |
80 KB 10 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fs.trigger.js
static.wellsfargo.com/tracking/survey/code/ |
32 KB 11 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
l.js
cdncache-a.akamaihd.net/sub/va92f3f/poobe/ |
2 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tk
tfc.advennsha.info/ |
0 197 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
l.js
cdncache-a.akamaihd.net/loaders/2696/ |
36 KB 15 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
icp
cdncache-a.akamaihd.net/loaders/ |
1 KB 877 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
r.js
cdncache-a.akamaihd.net/js/d6f636e21696e627f66696c6163676e696e69616274787f647f626/ |
32 B 402 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
cdncache-a.akamaihd.net/store/ Frame 4C50 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
z7b85.js
cdncache-a.akamaihd.net/i/items/z7b85/js/ |
19 KB 9 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Pt8cY8Qvgbs5.js
qdatasales.com/scripts/ |
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ye174.js
cdncache-a.akamaihd.net/i/items/ye174/js/ |
826 B 1 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
w978b.js
cdncache-a.akamaihd.net/i/items/w978b/js/ |
6 KB 4 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
y7181.js
cdncache-a.akamaihd.net/i/items/y7181/js/ |
1 KB 1 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
s.gif
eventping-a.akamaihd.net/ |
4 B 232 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
XHR
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
/
b.1p1eqpotato.com/ib/ |
0 445 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
s.dcbap.com/ |
88 B 245 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fingerprint2.min.js
cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/1.6.1/ |
34 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
s.gif
canvasdp-a.akamaihd.net/ |
0 378 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
events
analytics.foresee.com/ingest/ |
44 B 349 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
s.gif
pnt-a.akamaihd.net/ |
0 224 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
qdatasales.com/ |
0 140 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
s.gif
canvaspl-a.akamaihd.net/ |
0 378 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)152 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| _acsDefine function| _fsDefine function| _acsRequire function| _fsRequire object| FSR object| FSFB function| _acsNormalizeUrl function| _fsNormalizeUrl function| _fsNormalizeAssetUrl function| ndoGetObjectKeys boolean| nsaescgst function| nssrby string| ndjsStaticVersion object| nsaescg object| nssrbyvq boolean| nsnffpnl number| nsnffpnla function| nstmusn number| nsqpqmzcv object| nspndku function| nssrbyvqb function| nsaes object| nspndkuqvb object| nsnffp object| nsnffpnlah object| nswkkiifte object| nssrbyv boolean| nswkkii string| nsqpqmz function| nsnffpn object| nds object| nspndkuqv function| nsrek function| nsrekx number| numQueries object| returned string| version function| nsqpq undefined| nsrekxqup string| nstmusnzrn string| nspndkuq string| nsnff function| nsaesc function| nstmusnz function| nsqpqmzc string| nspndk string| nssrb string| nstmus object| nsaescgstq function| nspnd object| nswkkiif function| nswkk function| nswkki function| nsrekxqupr function| nswkkiift function| nsqpqm function| nsaescgs function| nstmusnzr function| nsrekxq function| nstmu function| nsqpqmzcvc function| nssrbyvqbj function| nshfy function| nslvvyrjtk function| nsxzowqztu function| nslvv function| nsjnwrha function| nslvvyrjt function| nstxwlku function| nstxwlkud function| nsbhspfxs function| ndwti function| nshskwfd function| nstxwlkuda function| nslvvyrj function| HashUtil function| nsbhs function| nshskwf function| nsezt function| nsjnwrh function| nslvvyr function| nsbhsp object| nsrekxqu function| nsjnwrhaa function| ndwts object| ndsapi object| antiClickjack string| webId string| ndURI object| utag_data string| EMPTY_STR boolean| utag_condload string| new_path object| utag_cfg_ovrd object| userAgentArr undefined| pathname undefined| urlArray undefined| url undefined| sRegExInput object| utag function| utag_pad function| utag_visitor_id string| GoogleAnalyticsObject function| ga string| USERPREFS_PATH string| UPRESOURCE_PATH string| ATADUN_PATH string| loginUrlBase object| scriptParent string| loginUrlBaseNoProtocol object| getUrl string| host string| port undefined| guid function| disableSubmitsCollectUserPrefs function| addLoginFormFieldsAndSubmit function| jsEnabled function| addEvent object| UserPrefsHelper object| collector function| loadUserPrefs function| submitUserPrefs function| getUserPrefsOnPageLoad function| undoSaveUsername function| maskedUsernameChanged function| addScriptElement function| getCookie function| appendHiddenInput function| addCookiesToForm function| generateGuid undefined| brief object| lun3 boolean| isNative object| LoginForm object| Search function| updateCustomSelect function| enrollPrivacySecLinkHandler object| _paInfo_ object| fswf function| fsReady function| acsReady boolean| _fsAlreadyBootedSDK object| __fsJSONPCBr function| __fsJSONPCB function| __acsReady__ function| __fsReady__ object| _GPL boolean| KJZ0PeoeNS0E function| u5iD05A4nRl4 function| Fingerprint20 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
analytics.foresee.com
b.1p1eqpotato.com
botoxtrainingcalifornia.com
canvasdp-a.akamaihd.net
canvaspl-a.akamaihd.net
cdn.advennsha.info
cdncache-a.akamaihd.net
cdnjs.cloudflare.com
eventping-a.akamaihd.net
gateway.foresee.com
pnt-a.akamaihd.net
qdatasales.com
s.dcbap.com
static.wellsfargo.com
tfc.advennsha.info
142.11.204.39
143.204.101.116
159.45.2.178
167.99.54.244
2.16.186.107
2.16.186.58
2.16.186.74
2.16.186.96
2600:9000:2156:3600:1d:4b80:2300:93a1
2606:4700::6813:c497
2a00:1450:4001:808::200a
2a01:4a0:1338:28::c38a:ff0b
34.235.242.112
52.2.162.18
52.202.42.171
54.243.75.139
058c5d3db5f76c0c08068a6af81656a6912adbcc58cdbc723b1e35107345865b
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
072bd4b516e133cc3bb2a1edf6734c61ff297dfb181eb614e76810c0199aeb2f
158697ca817a7a867e9a8005f3fff3f1c0bcad46022d6c41bdde969212362b71
1e8a0cd53e33c9fcefbf3e0c4927aec28d8adbe428ef2278163fb2ca89ecdbb1
23699643e9583fe1c1b62cb4b903d2f5c5d4d5dfb05aa9446caf3028380d0f00
27548f235307f79e5eac86c5f21d5492e8ec2db63d5eece1b22c34244fff8adc
4363774a66f76237424e652b3485588c09e9976f5d4dc0a1db736f550914ae92
4c724f3e9c173f2267f92d29b7e94e03e55e365cac0a32073344d8ddfaf8a1bc
5145f5faf6c1269bdd974357ed344b9cd5f4e4cea424c14dd302a9c11a206741
51adbf5bc6f1f859b465cdba71920ad306f53c1898dcf4a5c53e174942cac4c0
52fc497fa35544b338d83797f097a076776e26fa3de1a1d3bf0e336b7ea60bca
5b0bd6db5dc4714868a5e5a0c844bc9fb9222d9e43a0a843850f56f808950360
5b38f2f8c09ad0b050e4ec97524f3eb95b8c1fa2cf1b5a922eb4172608e4afc1
62b748c7404637b43b2250e9004b0c4d4c4be1ed16b9575303954ed208cd09fd
6511dcef562bc82004fa37f806c06df20ae2ed96d18e1218ac9045e132def09b
770c478e56ffefa9b461e5358c0ac3deb7240e57f4dc544f272c04d1cddb8ff8
79f57a59c60d4e4e26ef694b21f849fced8e477fd3c8e6e03939baa8481f02f3
7cd2b1ab0ed81ddc453b8da5357fcf7b3cbec29cd139059706a7b0bda253af48
7dfc0205bb7c95e0bac66d541fb00c0e43f15616bdff5db0bacffd1135a1794c
824107f93ad7be4117696a4766a1b1b156880a7d0b4b2b636b900046d5e8e3fe
8280726c8d9af855043bd9f58244722183b02cfaba7cef33d7dd80c40f4ee782
857fb6592fa845c7f53612d91cf2e263b8fdb54fb8ab0bc7efbf847e1f71d4a6
8f922bc626ec4b554d34f37bc44429720de644a4c756a8e604f206343b6fdf69
9177e3647d657a8dba38ebb97f08bbf97cb71592097ece8f1fbc37e8638a43c1
96205749f37d9000d1d06e229392940562cde4f22f3af95400df7ccdf383c819
9843ab395fb4cf414353b03927156a9d38c3cc3157469afd9ee97f2058445e39
9927c45266138d2cd52872415f51aad7fd08a82a7c66837840aa40b958e2d366
9d43278ce970363f4896fc864db4c83014857da62ce535fa9bfdc7ea525d526f
a009ba30454459ccf955b59b0e1089d6aae7b7dca1f9094d95cd9eb3c6f61d4c
a32e44e81a1fe6f4b1d036b2482d6ce53821d83d890d2913b3793561b99d921e
aa8bfc97707cd6312bd69b35fd2143eb24330fb35aab4bda022f1e2bae55054b
ab78c44d5e86c6f0937d203066ebcadbf50c8d63407564a151bdd03701f40a70
b319b049366dde73690990738ac5af4fb9937d18abac85b01aaff185b5262868
b33e1023127464d1f62830a6a10ab09b40f16724ec86ff6578692820e4378875
bd387f97faf9479218a0af08ddee2f33233efe7c7a364fc1e55cc8b589b18ff2
c5fe0539d4c197f45648b2daf044f54565fddc9592b3c7a2a9ab8cc17a73460a
d0388de38e9782ec5f02fb0fee77df108b2c4c5eb69ba0a44c4e2836ba7d9eeb
d38a22066082294d424f40db61eb42114dcf8d84b7ecd87ed460c3b8cf8c8a7f
d8401dffb0fbd458ce8332222f9a1d3431bcba86f9401debf60e7783242d4150
d95040a2818043aa81182148a964eb64f13449a507f857d066af7245e0de51e1
df500743bbedcef7623fdf2ef0c05ca411437c6216674271f4cc8b32f910f96d
df562f9cd94d79a9bce6ad623c99bd5aa05013bbae4a9e59a8b25862cab0026a
e3111193575c3a098e8c477facc680b39acdee1a910f6c8d3763e97dc47b0061
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb0773bab4190baeb667b0079a148b4495acab39ad0b1beeba95d5750afe5eb9
f7899cfdbc342decc4aeb0bae9ada39bfaa8ae3c687fc72119fca2efdf77dff2
f8cb039a63b11f207edf324bbfdabbbfaa2d421729785dca77020490c293185e
fd93aa90dcd1ad5fa4123900b526f900f6c1536384746a3a933163cfcf47c711