shop.xdesignfactory.com
Open in
urlscan Pro
94.199.200.22
Malicious Activity!
Public Scan
Submitted URL: https://shop.xdesignfactory.com/wp-includes/Scamma%20well$/
Effective URL: https://shop.xdesignfactory.com/wp-includes/Scamma%20well$/signin.php?cmd=login_submit&id=573d6b6cc277cd17ab9897692c4282f2573d6b...
Submission: On August 19 via automatic, source openphish — Scanned from DE
Effective URL: https://shop.xdesignfactory.com/wp-includes/Scamma%20well$/signin.php?cmd=login_submit&id=573d6b6cc277cd17ab9897692c4282f2573d6b...
Submission: On August 19 via automatic, source openphish — Scanned from DE
Summary
This website contacted 3 IPs
in 2 countries
across 2 domains to perform 14 HTTP transactions.
The main IP is 94.199.200.22, located in
Istanbul, Turkey and
belongs to AEROTEK-AS, TR.
The main domain is shop.xdesignfactory.com.
TLS certificate: Issued by R3 on August 2nd 2022. Valid for: 3 months.
This is the only time shop.xdesignfactory.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on August 2nd 2022. Valid for: 3 months.
This is the only time shop.xdesignfactory.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 13 | 94.199.200.22 94.199.200.22 | 42807 (AEROTEK-AS) (AEROTEK-AS) | |
| 2 | 23.205.226.231 23.205.226.231 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
| 14 | 3 |
13
94.199.200.22
(Istanbul, Turkey)
ASN42807 (AEROTEK-AS, TR)
PTR: srvc20.turhost.com
ASN42807 (AEROTEK-AS, TR)
PTR: srvc20.turhost.com
| shop.xdesignfactory.com |
2
23.205.226.231
(Frankfurt am Main, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a23-205-226-231.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a23-205-226-231.deploy.static.akamaitechnologies.com
| www15.wellsfargomedia.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 13 |
xdesignfactory.com
1 redirects
shop.xdesignfactory.com |
195 KB |
| 2 |
wellsfargomedia.com
www15.wellsfargomedia.com — Cisco Umbrella Rank: 20856 |
45 KB |
| 14 | 2 |
| Domain | Requested by | |
|---|---|---|
| 13 | shop.xdesignfactory.com |
1 redirects
shop.xdesignfactory.com
|
| 2 | www15.wellsfargomedia.com |
shop.xdesignfactory.com
|
| 14 | 2 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| connect.secure.wellsfargo.com |
| www.wellsfargo.com |
| oam.wellsfargo.com |
| icomplete.wellsfargo.com |
| www.wellsfargorewards.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.xdesignfactory.com R3 |
2022-08-02 - 2022-10-31 |
3 months | crt.sh |
| www15.wellsfargomedia.com DigiCert SHA2 Secure Server CA |
2021-12-31 - 2023-01-03 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
https://shop.xdesignfactory.com/wp-includes/Scamma%20well$/signin.php?cmd=login_submit&id=573d6b6cc277cd17ab9897692c4282f2573d6b6cc277cd17ab9897692c4282f2&session=573d6b6cc277cd17ab9897692c4282f2573d6b6cc277cd17ab9897692c4282f2
Frame ID: D467E36E43CCC81DC72A5E9EFF83C577
Requests: 15 HTTP requests in this frame
Frame:
https://shop.xdesignfactory.com/wp-includes/Scamma%20well$/login_files/saved_resource.html
Frame ID: AC7D81467C67A764D6A3D6CC74CDDD96
Requests: 1 HTTP requests in this frame
Frame:
https://shop.xdesignfactory.com/wp-includes/Scamma%20well$/login_files/saved_resource(1).html
Frame ID: A7EEEEC301241D70D7129EC49CA04412
Requests: 2 HTTP requests in this frame
Frame:
https://shop.xdesignfactory.com/wp-includes/Scamma%20well$/login_files/saved_resource(2).html
Frame ID: A9775B36D09B51FEDE6BBB1D2461C915
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
Sign On to View Your Personal Accounts | Wells FargoPage URL History Show full URLs
-
https://shop.xdesignfactory.com/wp-includes/Scamma%20well$/
HTTP 302
https://shop.xdesignfactory.com/wp-includes/Scamma%20well$/signin.php?cmd=login_submit&id=573d6b6cc277cd17ab... Page URL
Detected technologies
WordPress
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /wp-(?:content|includes)/
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Page Statistics
19 Outgoing links
These are links going to different origins than the main page.
URL: https://connect.secure.wellsfargo.com/auth/login/present#skip
Title: main content default
Title: main content default
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/help/apply/
Title: Apply
Title: Apply
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/locator/
Title: Locations
Title: Locations
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/help/
Title: Customer Service
Title: Customer Service
Search URL Search Domain Scan URL
URL: https://connect.secure.wellsfargo.com/auth/login/present
Title: Back to Previous Page
Title: Back to Previous Page
Search URL Search Domain Scan URL
URL: https://connect.secure.wellsfargo.com/auth/login/present?origin=cob&langPref=SPN
Title: EspaƱol
Title: EspaƱol
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/help/online-banking/sign-on-faqs
Title: Forgot Password/Username?
Title: Forgot Password/Username?
Search URL Search Domain Scan URL
URL: https://oam.wellsfargo.com/oamo/identity/enrollment
Title: Enroll Now
Title: Enroll Now
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/help/online-banking/enroll-faqs
Title: Enrollment FAQs
Title: Enrollment FAQs
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/privacy-security/guarantee
Title: Online Security Guarantee
Title: Online Security Guarantee
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/privacy-security/
Title: Privacy, Security and Legal
Title: Privacy, Security and Legal
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/online-banking/online-access-agreement/
Title: Online Access Agreement
Title: Online Access Agreement
Search URL Search Domain Scan URL
URL: https://icomplete.wellsfargo.com/oas/status/enter
Title: Applications In Progress
Title: Applications In Progress
Search URL Search Domain Scan URL
URL: https://www.wellsfargorewards.com/
Title: Credit Card Rewards
Title: Credit Card Rewards
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/about
Title: About Wells Fargo
Title: About Wells Fargo
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/about/careers/
Title: Careers
Title: Careers
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/privacy-security/fraud/report/phish
Title: Report Email Fraud
Title: Report Email Fraud
Search URL Search Domain Scan URL
URL: https://www.wellsfargo.com/sitemap
Title: Sitemap
Title: Sitemap
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://shop.xdesignfactory.com/wp-includes/Scamma%20well$/
HTTP 302
https://shop.xdesignfactory.com/wp-includes/Scamma%20well$/signin.php?cmd=login_submit&id=573d6b6cc277cd17ab9897692c4282f2573d6b6cc277cd17ab9897692c4282f2&session=573d6b6cc277cd17ab9897692c4282f2573d6b6cc277cd17ab9897692c4282f2 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
signin.php
shop.xdesignfactory.com/wp-includes/Scamma%20well$/ Redirect Chain
|
40 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
global.css
shop.xdesignfactory.com/wp-includes/Scamma%20well$/login_files/ |
20 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
enhanced-header.css
shop.xdesignfactory.com/wp-includes/Scamma%20well$/login_files/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
content.css
shop.xdesignfactory.com/wp-includes/Scamma%20well$/login_files/ |
1 KB 696 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
wf-fonts.css
shop.xdesignfactory.com/wp-includes/Scamma%20well$/login_files/ |
4 KB 472 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
enhanced-footer.css
shop.xdesignfactory.com/wp-includes/Scamma%20well$/login_files/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
WF_stagecoach_rgb_ylw_F1.svg
shop.xdesignfactory.com/wp-includes/Scamma%20well$/login_files/ |
226 KB 165 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
wellsfargosans-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
467 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
889 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
saved_resource.html
shop.xdesignfactory.com/wp-includes/Scamma%20well$/login_files/ Frame AC7D |
187 B 223 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
saved_resource(1).html
shop.xdesignfactory.com/wp-includes/Scamma%20well$/login_files/ Frame A7EE |
393 B 359 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
saved_resource(2).html
shop.xdesignfactory.com/wp-includes/Scamma%20well$/login_files/ Frame A977 |
394 B 357 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
wellsfargosans-sbd.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon.ico
shop.xdesignfactory.com/wp-includes/Scamma%20well$/login_files/ Frame A7EE |
1 KB 623 B |
Image
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon(1).ico
shop.xdesignfactory.com/wp-includes/Scamma%20well$/login_files/ Frame A977 |
1 KB 613 B |
Image
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| animateLabel function| removeAnimation1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| shop.xdesignfactory.com/ | Name: PHPSESSID Value: ac7a3fb6fdb865bce0d2a937a8d25785 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
shop.xdesignfactory.com
www15.wellsfargomedia.com
23.205.226.231
94.199.200.22
3a80ebe861b93c47265b21bc70a9fa88fc95e76f39cb291ad05b24597446ef8e
5145f5faf6c1269bdd974357ed344b9cd5f4e4cea424c14dd302a9c11a206741
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
7771de27489be5e0c7b06e07de4f30f7d4cfb7bb7e88dc93d792e19f89693ca3
8670da3c95c03b59b091eac882b67e0b59b765c455b8d871abd2e55d4618573b
965672ef00f7a159c2f8098e761d07cf7e177b23d7c4bd00b86c408c055d7dcb
9843ab395fb4cf414353b03927156a9d38c3cc3157469afd9ee97f2058445e39
aadf9ecc3d3b8fb16bf23d84000e216b9603e81c10c4e588206182579d53deda
ab78c44d5e86c6f0937d203066ebcadbf50c8d63407564a151bdd03701f40a70
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
ac85a725273f773a00e3554c13f38056c59954a4e0ed37f7abfeecd56ba52ee9
b319b049366dde73690990738ac5af4fb9937d18abac85b01aaff185b5262868
d8401dffb0fbd458ce8332222f9a1d3431bcba86f9401debf60e7783242d4150
d98f43e719b9421abb6bc8ca54d4c4bbcea8404fabe83b73632a810cd1c95057
dd23185a1a026fbd41ab27bf91feb741ed0494a0b56e18a9773d988ec34c6436
df500743bbedcef7623fdf2ef0c05ca411437c6216674271f4cc8b32f910f96d
ed6ee05587907928e253a6176cf2e50ae1653f3f255bb1f95e8fe7a0946d2bcb
f7899cfdbc342decc4aeb0bae9ada39bfaa8ae3c687fc72119fca2efdf77dff2
f8cb039a63b11f207edf324bbfdabbbfaa2d421729785dca77020490c293185e