URL: http://group99.net/k/finish.html
Submission Tags: @ipnigh
Submission: On July 12 via api from GB

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 12 HTTP transactions. The main IP is 104.168.58.141, located in Buffalo, United States and belongs to AS-COLOCROSSING - ColoCrossing, US. The main domain is group99.net.
This is the only time group99.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

IP Address AS Autonomous System
11 104.168.58.141 36352 (AS-COLOCR...)
12 2
Apex Domain
Subdomains
Transfer
11 group99.net
group99.net
139 KB
0 wellsfargo.com Failed
www.wellsfargo.com Failed
12 2
Domain Requested by
11 group99.net group99.net
0 www.wellsfargo.com Failed
12 2

This site contains no links.

Subject Issuer Validity Valid

1970-01-01 -
1970-01-01
a few seconds crt.sh

This page contains 1 frames:

Frame: https://www.wellsfargo.com/goals-credit/smarter-credit/good-credit-habits/
Frame ID: AF476CEB6EF4B0F7A9D51763D68BCDFA
Requests: 12 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

12
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

139 kB
Transfer

138 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request finish.html
group99.net/k/
4 KB
4 KB
Document
General
Full URL
http://group99.net/k/finish.html
Protocol
HTTP/1.1
Server
104.168.58.141 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
server.webhostingwithus.com
Software
Apache /
Resource Hash
dcd3ee5e1441dddc80287f758068aee7c31471170744000d1b60799ff5f909cd

Request headers

Host
group99.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 12 Jul 2019 20:53:09 GMT
Server
Apache
Last-Modified
Thu, 11 Jul 2019 13:42:28 GMT
Accept-Ranges
bytes
Content-Length
4270
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
vudu.css
group99.net/k/css/
26 KB
26 KB
Stylesheet
General
Full URL
http://group99.net/k/css/vudu.css
Requested by
Host: group99.net
URL: http://group99.net/k/finish.html
Protocol
HTTP/1.1
Security
, ,
Server
104.168.58.141 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
server.webhostingwithus.com
Software
Apache /
Resource Hash
3f32fabf32147846d06d0d451ac9a41dcef278f09683a7b05c95e04f9a055a2e

Request headers

Referer
http://group99.net/k/finish.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 12 Jul 2019 20:53:09 GMT
Last-Modified
Thu, 09 Jul 2015 21:25:10 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
26574
wibscreen.css
group99.net/k/css/
105 KB
105 KB
Stylesheet
General
Full URL
http://group99.net/k/css/wibscreen.css
Requested by
Host: group99.net
URL: http://group99.net/k/finish.html
Protocol
HTTP/1.1
Security
, ,
Server
104.168.58.141 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
server.webhostingwithus.com
Software
Apache /
Resource Hash
2900cd456f4ce61ba29f48fc7086a271d946077efa26c7927c65c19e293120ec

Request headers

Referer
http://group99.net/k/finish.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 12 Jul 2019 20:53:09 GMT
Last-Modified
Thu, 09 Jul 2015 21:25:22 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
107454
mm.css
group99.net/k/css/
0
0
Stylesheet
General
Full URL
http://group99.net/k/css/mm.css
Requested by
Host: group99.net
URL: http://group99.net/k/finish.html
Protocol
HTTP/1.1
Security
, ,
Server
104.168.58.141 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
server.webhostingwithus.com
Software
Apache /
Resource Hash

Request headers

Referer
http://group99.net/k/finish.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 12 Jul 2019 20:53:10 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
Content-Length
329
Content-Type
text/html; charset=iso-8859-1
shim.gif
group99.net/k/img/
331 B
331 B
Image
General
Full URL
http://group99.net/k/img/shim.gif
Requested by
Host: group99.net
URL: http://group99.net/k/finish.html
Protocol
HTTP/1.1
Security
, ,
Server
104.168.58.141 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
server.webhostingwithus.com
Software
Apache /
Resource Hash
c757116f421565c1ea86e8934fc85e5625dec837dc312dd998b35c1598e2d36d

Request headers

Referer
http://group99.net/k/finish.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 12 Jul 2019 20:53:10 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=96
Content-Length
331
Content-Type
text/html; charset=iso-8859-1
logo_62sq.gif
group99.net/k/img/
616 B
857 B
Image
General
Full URL
http://group99.net/k/img/logo_62sq.gif
Requested by
Host: group99.net
URL: http://group99.net/k/finish.html
Protocol
HTTP/1.1
Security
, ,
Server
104.168.58.141 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
server.webhostingwithus.com
Software
Apache /
Resource Hash
ebf4a535fa6a88962621940e780ca0cd6707b6cdaed59f469f0aeada311d09d1

Request headers

Referer
http://group99.net/k/finish.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 12 Jul 2019 20:53:10 GMT
Last-Modified
Thu, 09 Jul 2015 21:32:02 GMT
Server
Apache
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=95
Content-Length
616
btn_search_white.gif
group99.net/k/img/
343 B
343 B
Image
General
Full URL
http://group99.net/k/img/btn_search_white.gif
Requested by
Host: group99.net
URL: http://group99.net/k/finish.html
Protocol
HTTP/1.1
Security
, ,
Server
104.168.58.141 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
server.webhostingwithus.com
Software
Apache /
Resource Hash
ef81d6e26982cfcdc8ee80a7b7d3553e57b8ddc5d9f92962b115029afc157e71

Request headers

Referer
http://group99.net/k/finish.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 12 Jul 2019 20:53:10 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=94
Content-Length
343
Content-Type
text/html; charset=iso-8859-1
tagline_consumer.gif
group99.net/k/img/
937 B
1 KB
Image
General
Full URL
http://group99.net/k/img/tagline_consumer.gif
Requested by
Host: group99.net
URL: http://group99.net/k/finish.html
Protocol
HTTP/1.1
Security
, ,
Server
104.168.58.141 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
server.webhostingwithus.com
Software
Apache /
Resource Hash
5dd26d926dda54524ab6d5696e30fa8ae26e5b54895d20a4781d54f4ed5cbf78

Request headers

Referer
http://group99.net/k/finish.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 12 Jul 2019 20:53:10 GMT
Last-Modified
Tue, 14 Jul 2015 16:11:20 GMT
Server
Apache
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=93
Content-Length
937
wibprint.css
group99.net/k/css/
0
0
Stylesheet
General
Full URL
http://group99.net/k/css/wibprint.css
Requested by
Host: group99.net
URL: http://group99.net/k/finish.html
Protocol
HTTP/1.1
Security
, ,
Server
104.168.58.141 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
server.webhostingwithus.com
Software
Apache /
Resource Hash

Request headers

Referer
http://group99.net/k/finish.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 12 Jul 2019 20:53:10 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
335
Content-Type
text/html; charset=iso-8859-1
search_corner.gif
group99.net/k/css/images/
347 B
347 B
Image
General
Full URL
http://group99.net/k/css/images/search_corner.gif
Requested by
Host: group99.net
URL: http://group99.net/k/finish.html
Protocol
HTTP/1.1
Security
, ,
Server
104.168.58.141 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
server.webhostingwithus.com
Software
Apache /
Resource Hash
ab910b7a15461ccee4ae8a0b83cc6732254f6c69459fd478fa7ad113b0795615

Request headers

Referer
http://group99.net/k/css/vudu.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 12 Jul 2019 20:53:10 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
347
Content-Type
text/html; charset=iso-8859-1
btn_search_white.gif
group99.net/k/img/
343 B
343 B
Image
General
Full URL
http://group99.net/k/img/btn_search_white.gif
Requested by
Host: group99.net
URL: http://group99.net/k/finish.html
Protocol
HTTP/1.1
Security
, ,
Server
104.168.58.141 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
server.webhostingwithus.com
Software
Apache /
Resource Hash
ef81d6e26982cfcdc8ee80a7b7d3553e57b8ddc5d9f92962b115029afc157e71

Request headers

Referer
http://group99.net/k/finish.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 12 Jul 2019 20:53:10 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=92
Content-Length
343
Content-Type
text/html; charset=iso-8859-1
/
www.wellsfargo.com/goals-credit/smarter-credit/good-credit-habits/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.wellsfargo.com
URL
https://www.wellsfargo.com/goals-credit/smarter-credit/good-credit-habits/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies