URL: http://biophelia.gr/system/wells/identity.php
Submission: On September 05 via automatic, source openphish

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 12 HTTP transactions. The main IP is 185.25.21.31, located in Greece and belongs to LANCOM Athens - Greece, GR. The main domain is biophelia.gr.
This is the only time biophelia.gr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

IP Address AS Autonomous System
1 185.25.21.31 199081 (LANCOM At...)
7 104.108.33.238 16625 (AKAMAI-AS)
2 159.45.2.145 10837 (WELLSFARG...)
2 159.45.170.145 10837 (WELLSFARG...)
12 4
Domain Requested by
7 www01.wellsfargomedia.com biophelia.gr
4 www.wellsfargo.com biophelia.gr
1 biophelia.gr
12 3

This site contains links to these domains. Also see Links.

Domain
www.wellsfargo.com
online.wellsfargo.com
www.wellsfargoblogs.com
Subject Issuer Validity Valid
www01.wellsfargomedia.com
GeoTrust SSL CA - G3
2016-09-27 -
2017-12-27
a year crt.sh
www.wellsfargo.com
Symantec Class 3 Secure Server CA - G4
2017-01-31 -
2019-02-01
2 years crt.sh

This page contains 1 frames:

Primary Page: http://biophelia.gr/system/wells/identity.php
Frame ID: 14047.1
Requests: 12 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • meta generator /Microsoft FrontPage(?:\s((?:Express )?[\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

12
Requests

92 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

121 kB
Transfer

333 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request identity.php
biophelia.gr/system/wells/
12 KB
4 KB
Document
General
Full URL
http://biophelia.gr/system/wells/identity.php
Protocol
HTTP/1.1
Server
185.25.21.31 , Greece, ASN199081 (LANCOM Athens - Greece, GR),
Reverse DNS
linux14.name-servers.gr
Software
nginx /
Resource Hash
8784635b44663acc6868117191a30671f40c051bfd0db9bdbe2a994243882f52
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 05 Sep 2017 03:39:45 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff, nosniff
Server
nginx
Vary
Accept-Encoding, Accept-Encoding
X-Nginx-Cache-Status
EXPIRED
Cache-Control
max-age=0
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
text/html
X-XSS-Protection
1; mode=block
Expires
Tue, 05 Sep 2017 03:39:45 GMT
homepage.css
www01.wellsfargomedia.com/css/home/
63 KB
16 KB
Stylesheet
General
Full URL
https://www01.wellsfargomedia.com/css/home/homepage.css
Requested by
Host: biophelia.gr
URL: http://biophelia.gr/system/wells/identity.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.33.238 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-33-238.deploy.static.akamaitechnologies.com
Software
KONICHIWA/2.0 /
Resource Hash
565263d801f4fd62e36c1808df02ba171fc66b25e10392a53bc7f2f996436097
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://biophelia.gr/system/wells/identity.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 05 Sep 2017 03:39:45 GMT
Content-Encoding
gzip
Last-Modified
Fri, 28 Jul 2017 21:11:32 GMT
Server
KONICHIWA/2.0
X-frame-options
SAMEORIGIN
ETag
W/"fce9-597ba884"
Vary
accept-encoding
Content-Type
text/css;charset=UTF-8
Cache-Control
max-age=1530
X-ua-compatible
IE=edge
Connection
keep-alive
Content-Length
16137
X-xss-protection
1; mode=block
Expires
Tue, 05 Sep 2017 04:05:15 GMT
wf-logo.gif
www01.wellsfargomedia.com/assets/images/global/
4 KB
4 KB
Image
General
Full URL
https://www01.wellsfargomedia.com/assets/images/global/wf-logo.gif
Requested by
Host: biophelia.gr
URL: http://biophelia.gr/system/wells/identity.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.33.238 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-33-238.deploy.static.akamaitechnologies.com
Software
KONICHIWA/2.0 /
Resource Hash
edc5ee3b590dae17b0eb19063c34680c15ee144d13583d006e6a7976b69cd2db
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://biophelia.gr/system/wells/identity.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 05 Sep 2017 03:39:45 GMT
Last-Modified
Sat, 15 Nov 2014 14:20:03 GMT
Server
KONICHIWA/2.0
ETag
"e86-54676113"
X-frame-options
SAMEORIGIN
Content-Type
image/gif;charset=UTF-8
Cache-Control
max-age=1800
X-ua-compatible
IE=edge
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3718
X-xss-protection
1; mode=block
Expires
Tue, 05 Sep 2017 04:09:45 GMT
stagecoach.jpg
www01.wellsfargomedia.com/assets/images/global/
5 KB
5 KB
Image
General
Full URL
https://www01.wellsfargomedia.com/assets/images/global/stagecoach.jpg
Requested by
Host: biophelia.gr
URL: http://biophelia.gr/system/wells/identity.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.33.238 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-33-238.deploy.static.akamaitechnologies.com
Software
KONICHIWA/2.0 /
Resource Hash
1f55cd70e90f5dcc98ed0b5555f10259828e3084d36d0567b15b35e5bd523823
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://biophelia.gr/system/wells/identity.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 05 Sep 2017 03:39:45 GMT
Last-Modified
Tue, 21 Oct 2014 00:23:03 GMT
Server
KONICHIWA/2.0
ETag
"131a-5445a767"
X-frame-options
SAMEORIGIN
Content-Type
image/jpeg;charset=UTF-8
Cache-Control
max-age=794
X-ua-compatible
IE=edge
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4890
X-xss-protection
1; mode=block
Expires
Tue, 05 Sep 2017 03:52:59 GMT
icon-equal-housing.gif
www01.wellsfargomedia.com/assets/images/global/
776 B
776 B
Image
General
Full URL
https://www01.wellsfargomedia.com/assets/images/global/icon-equal-housing.gif
Requested by
Host: biophelia.gr
URL: http://biophelia.gr/system/wells/identity.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.33.238 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-33-238.deploy.static.akamaitechnologies.com
Software
KONICHIWA/2.0 /
Resource Hash
397bf475ca4b12d3595efbfebb09b9dff2529df4c3a55e5a3bbe7fab0a5cefe7
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://biophelia.gr/system/wells/identity.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 05 Sep 2017 03:39:45 GMT
Last-Modified
Fri, 24 May 2013 20:07:56 GMT
Server
KONICHIWA/2.0
ETag
"308-519fc89c"
X-frame-options
SAMEORIGIN
Content-Type
image/gif;charset=UTF-8
Cache-Control
max-age=1800
X-ua-compatible
IE=edge
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
776
X-xss-protection
1; mode=block
Expires
Tue, 05 Sep 2017 04:09:45 GMT
user-prefs.js
www.wellsfargo.com/javascript/
12 KB
5 KB
Script
General
Full URL
https://www.wellsfargo.com/javascript/user-prefs.js
Requested by
Host: biophelia.gr
URL: http://biophelia.gr/system/wells/identity.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.145 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/2.0 /
Resource Hash
dc9402ae4b104a52590d04c1904e8b9a2e21bbb5f30a52f7659ee7ef36463964
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://biophelia.gr/system/wells/identity.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 05 Sep 2017 03:39:45 GMT
Content-encoding
gzip
Last-modified
Fri, 28 Jul 2017 21:11:30 GMT
Server
KONICHIWA/2.0
X-frame-options
SAMEORIGIN
Etag
W/"308c-597ba882"
Vary
accept-encoding
Content-type
application/x-javascript;charset=UTF-8
Expires
Tue, 05 Sep 2017 04:09:45 GMT
Cache-control
max-age=1800
Transfer-encoding
chunked
X-xss-protection
1; mode=block
X-ua-compatible
IE=edge
jquery.js
www.wellsfargo.com/js/frameworks/jq/
96 KB
33 KB
Script
General
Full URL
https://www.wellsfargo.com/js/frameworks/jq/jquery.js
Requested by
Host: biophelia.gr
URL: http://biophelia.gr/system/wells/identity.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.145 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/2.0 /
Resource Hash
64f941b34d5f011e147a837d1f30eb3f89c51c16dc0f459523c74f631f0e7049
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://biophelia.gr/system/wells/identity.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 05 Sep 2017 03:39:45 GMT
Content-encoding
gzip
Last-modified
Fri, 28 Jul 2017 21:11:30 GMT
Server
KONICHIWA/2.0
X-frame-options
SAMEORIGIN
Etag
W/"1816f-597ba882"
Vary
accept-encoding
Content-type
application/x-javascript;charset=UTF-8
Expires
Tue, 05 Sep 2017 04:09:45 GMT
Cache-control
max-age=1800
Transfer-encoding
chunked
X-xss-protection
1; mode=block
X-ua-compatible
IE=edge
home.js
www.wellsfargo.com/js/global/
113 KB
29 KB
Script
General
Full URL
https://www.wellsfargo.com/js/global/home.js
Requested by
Host: biophelia.gr
URL: http://biophelia.gr/system/wells/identity.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.170.145 Saint Louis, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/2.0 /
Resource Hash
336e737bec5ca6ebdb4877faf62304f9d75a9cd30154d82a9a33db9b8aaf320c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://biophelia.gr/system/wells/identity.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 05 Sep 2017 03:39:46 GMT
Content-encoding
gzip
Last-modified
Fri, 28 Jul 2017 21:11:30 GMT
Server
KONICHIWA/2.0
X-frame-options
SAMEORIGIN
Etag
W/"1c5c6-597ba882"
Vary
accept-encoding
Content-type
application/x-javascript;charset=UTF-8
Expires
Tue, 05 Sep 2017 04:09:46 GMT
Cache-control
max-age=1800
Transfer-encoding
chunked
X-xss-protection
1; mode=block
X-ua-compatible
IE=edge
tas.js
www.wellsfargo.com/js/global/
3 KB
1 KB
Script
General
Full URL
https://www.wellsfargo.com/js/global/tas.js
Requested by
Host: biophelia.gr
URL: http://biophelia.gr/system/wells/identity.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.170.145 Saint Louis, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/2.0 /
Resource Hash
84bbaa858fe566665f3d4b5c97431c4e56d8a023fc72615a27d0171614851886
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://biophelia.gr/system/wells/identity.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 05 Sep 2017 03:39:46 GMT
Content-encoding
gzip
Last-modified
Fri, 28 Jul 2017 21:11:30 GMT
Server
KONICHIWA/2.0
X-frame-options
SAMEORIGIN
Etag
W/"a9b-597ba882"
Vary
accept-encoding
Content-type
application/x-javascript;charset=UTF-8
Expires
Tue, 05 Sep 2017 04:09:46 GMT
Cache-control
max-age=1800
Transfer-encoding
chunked
X-xss-protection
1; mode=block
X-ua-compatible
IE=edge
sprite-homepage.png
www01.wellsfargomedia.com/assets/images/css/
22 KB
22 KB
Image
General
Full URL
https://www01.wellsfargomedia.com/assets/images/css/sprite-homepage.png
Requested by
Host: biophelia.gr
URL: http://biophelia.gr/system/wells/identity.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.33.238 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-33-238.deploy.static.akamaitechnologies.com
Software
KONICHIWA/2.0 /
Resource Hash
297662a85dae4b1360d8a87cf7cfa04bf36608c0d290c2ece76fdd35da059b0a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www01.wellsfargomedia.com/css/home/homepage.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 05 Sep 2017 03:39:45 GMT
Last-Modified
Mon, 08 Feb 2016 23:41:47 GMT
Server
KONICHIWA/2.0
ETag
"5660-56b927bb"
X-frame-options
SAMEORIGIN
Content-Type
image/png;charset=UTF-8
Cache-Control
max-age=1800
X-ua-compatible
IE=edge
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22112
X-xss-protection
1; mode=block
Expires
Tue, 05 Sep 2017 04:09:45 GMT
btn-icon-search.png
www01.wellsfargomedia.com/assets/images/css/template/
1 KB
1 KB
Image
General
Full URL
https://www01.wellsfargomedia.com/assets/images/css/template/btn-icon-search.png
Requested by
Host: biophelia.gr
URL: http://biophelia.gr/system/wells/identity.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.33.238 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-33-238.deploy.static.akamaitechnologies.com
Software
KONICHIWA/2.0 /
Resource Hash
da38fd7d6d2e1425dc8fecba13e64cd220d4f34d7c7d3ae76f9916d3b489b5d2
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www01.wellsfargomedia.com/css/home/homepage.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 05 Sep 2017 03:39:45 GMT
Last-Modified
Sun, 14 Sep 2014 00:00:35 GMT
Server
KONICHIWA/2.0
ETag
"50f-5414daa3"
X-frame-options
SAMEORIGIN
Content-Type
image/png;charset=UTF-8
Cache-Control
max-age=1525
X-ua-compatible
IE=edge
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1295
X-xss-protection
1; mode=block
Expires
Tue, 05 Sep 2017 04:05:10 GMT
bg-footer.png
www01.wellsfargomedia.com/assets/images/css/template/
1 KB
1 KB
Image
General
Full URL
https://www01.wellsfargomedia.com/assets/images/css/template/bg-footer.png
Requested by
Host: biophelia.gr
URL: http://biophelia.gr/system/wells/identity.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.33.238 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-33-238.deploy.static.akamaitechnologies.com
Software
KONICHIWA/2.0 /
Resource Hash
1ed889a15705bc76729d29d715c64f3d7f35de2ea519e1d2704924cf40d9e30d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www01.wellsfargomedia.com/css/home/homepage.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 05 Sep 2017 03:39:45 GMT
Last-Modified
Fri, 24 May 2013 20:02:32 GMT
Server
KONICHIWA/2.0
ETag
"583-519fc758"
X-frame-options
SAMEORIGIN
Content-Type
image/png;charset=UTF-8
Cache-Control
max-age=1521
X-ua-compatible
IE=edge
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1411
X-xss-protection
1; mode=block
Expires
Tue, 05 Sep 2017 04:05:06 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff, nosniff
X-Xss-Protection 1; mode=block