well-infos-john-com.preview-domain.com Open in urlscan Pro
2606:4700::6812:1978 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://iu.sa/Qa49Z
Effective URL:
https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911
Submission: On August 06 via manual (August 6th 2022, 5:27:04 pm UTC) from SA — Scanned from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 2606:4700::6812:1978, located in United States and belongs to CLOUDFLARENET, US. The main domain is well-infos-john-com.preview-domain.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 3rd 2022. Valid for: a year.

This is the only time well-infos-john-com.preview-domain.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	194.33.70.34 194.33.70.34	62452 (IMIU) (IMIU)
2 12	2606:4700::68... 2606:4700::6812:1978	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	1

1 194.33.70.34 (Riyadh, Saudi Arabia) 1 redirects

ASN62452 (IMIU, SA)

iu.sa	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6812:1978 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

well-infos-john-com.preview-domain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	preview-domain.com 2 redirects well-infos-john-com.preview-domain.com	52 KB
1	iu.sa 1 redirects iu.sa	384 B
10	2

	Domain	Requested by
12	well-infos-john-com.preview-domain.com	2 redirects well-infos-john-com.preview-domain.com
1	iu.sa	1 redirects
10	2

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-03` - `2023-06-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911
Frame ID: B331B0CE31CE870A606E79B50F69EC61
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Mobile Sign on | Wells Fargo

Page URL History Show full URLs

http://iu.sa/Qa49Z HTTP 302
https://well-infos-john-com.preview-domain.com/well HTTP 301
https://well-infos-john-com.preview-domain.com/well/ HTTP 302
https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 Page URL

Page Statistics

10
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

51 kB
Transfer

75 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://iu.sa/Qa49Z HTTP 302
https://well-infos-john-com.preview-domain.com/well HTTP 301
https://well-infos-john-com.preview-domain.com/well/ HTTP 302
https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response well-infos-john-com.preview-domain.com/well/ Redirect Chain http://iu.sa/Qa49Z https://well-infos-john-com.preview-domain.com/well https://well-infos-john-com.preview-domain.com/well/ https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911	6 KB 2 KB	506ms 505ms	Document text/html	2606:4700::6812:1978 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:1978 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.30 Resource Hash `185b67ea50ca008a62ab3d8feae6619e1f5a184190b7c0a499943501b41ea7e9` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 73697b0de86b9137-FRA content-encoding gzip content-type text/html; charset=UTF-8 date Sat, 06 Aug 2022 17:26:59 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server cloudflare x-powered-by PHP/7.4.30 x-turbo-charged-by LiteSpeed Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-cache, no-store, must-revalidate, max-age=0 cf-cache-status DYNAMIC cf-ray 73697b0b1b759085-FRA content-type text/html; charset=UTF-8 date Sat, 06 Aug 2022 17:26:59 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" expires Thu, 19 Nov 1981 08:52:00 GMT location ?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 pragma no-cache server cloudflare x-powered-by PHP/7.4.30 x-turbo-charged-by LiteSpeed
GET H3	200	frontporch.css well-infos-john-com.preview-domain.com/well/css/	15 KB 5 KB	689ms 687ms	Stylesheet text/css	2606:4700::6812:1978 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://well-infos-john-com.preview-domain.com/well/css/frontporch.css Requested by Host: well-infos-john-com.preview-domain.com URL: https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:1978 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c439a49e7c410deb76e2f0e354f00c630282a471d75b98d451473f0f81b2e3aa` Request headers accept-language de-DE,de;q=0.9 Referer https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Sat, 06 Aug 2022 17:27:00 GMT content-encoding gzip cf-cache-status MISS last-modified Tue, 02 Aug 2022 09:48:11 GMT server cloudflare etag W/"3cb4-62e8f2db-74b3d301205e4321;;;" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 73697b112e669137-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Sat, 13 Aug 2022 17:27:00 GMT
GET H3	200	theme.ssep.header.css well-infos-john-com.preview-domain.com/well/css/	3 KB 1 KB	497ms 496ms	Stylesheet text/css	2606:4700::6812:1978 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://well-infos-john-com.preview-domain.com/well/css/theme.ssep.header.css Requested by Host: well-infos-john-com.preview-domain.com URL: https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:1978 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `45744796b7e56af82f7d4763a35c61b929b0d8ae00e4ff02837b2b61a25eb15d` Request headers accept-language de-DE,de;q=0.9 Referer https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Sat, 06 Aug 2022 17:27:00 GMT content-encoding gzip cf-cache-status MISS last-modified Tue, 02 Aug 2022 09:48:11 GMT server cloudflare etag W/"db8-62e8f2db-acfdfa438bb9ddf6;;;" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 73697b112e689137-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Sat, 13 Aug 2022 17:27:00 GMT
GET H3	200	theme.ssep.button.css well-infos-john-com.preview-domain.com/well/css/	2 KB 765 B	505ms 503ms	Stylesheet text/css	2606:4700::6812:1978 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://well-infos-john-com.preview-domain.com/well/css/theme.ssep.button.css Requested by Host: well-infos-john-com.preview-domain.com URL: https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:1978 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `26bf11b250174283e0d61349bdb2b7148e1a65433a067c333bebdc5389791be9` Request headers accept-language de-DE,de;q=0.9 Referer https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Sat, 06 Aug 2022 17:27:00 GMT content-encoding gzip cf-cache-status MISS last-modified Tue, 02 Aug 2022 09:48:11 GMT server cloudflare etag W/"67b-62e8f2db-8103c507fb12ba31;;;" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 73697b112e6a9137-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Sat, 13 Aug 2022 17:27:00 GMT
GET H3	200	signon_clean.css well-infos-john-com.preview-domain.com/well/css/	11 KB 3 KB	496ms 495ms	Stylesheet text/css	2606:4700::6812:1978 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://well-infos-john-com.preview-domain.com/well/css/signon_clean.css Requested by Host: well-infos-john-com.preview-domain.com URL: https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:1978 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f89c271c0fc44fe221f3fc2fd0cc3e9e092c24e9fe2bb4083fff51676e004782` Request headers accept-language de-DE,de;q=0.9 Referer https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Sat, 06 Aug 2022 17:27:00 GMT content-encoding gzip cf-cache-status MISS last-modified Tue, 02 Aug 2022 09:48:11 GMT server cloudflare etag W/"2b8e-62e8f2db-67c0b7fa54bba7f0;;;" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 73697b112e6b9137-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Sat, 13 Aug 2022 17:27:00 GMT
GET H3	200	icn-img-wf-logo.png well-infos-john-com.preview-domain.com/well/img/	1 KB 2 KB	481ms 481ms	Image image/png	2606:4700::6812:1978 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://well-infos-john-com.preview-domain.com/well/img/icn-img-wf-logo.png Requested by Host: well-infos-john-com.preview-domain.com URL: https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:1978 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3caf9d903451cad35392e207177b9a7eee3e00defcdaf2345246484bc7b557a2` Request headers accept-language de-DE,de;q=0.9 Referer https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Sat, 06 Aug 2022 17:27:00 GMT cf-cache-status MISS last-modified Tue, 02 Aug 2022 09:48:11 GMT server cloudflare etag "511-62e8f2db-fec3fe9f01f0185c;;;" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 73697b113e9a9137-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 1297 expires Sat, 13 Aug 2022 17:27:00 GMT
GET H3	200	icn_house.png well-infos-john-com.preview-domain.com/well/img/	453 B 787 B	473ms 473ms	Image image/png	2606:4700::6812:1978 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://well-infos-john-com.preview-domain.com/well/img/icn_house.png Requested by Host: well-infos-john-com.preview-domain.com URL: https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:1978 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `75f2e037e6fa6643763579786cbbf960967f222d879bc2b0481b985df0487b22` Request headers accept-language de-DE,de;q=0.9 Referer https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Sat, 06 Aug 2022 17:27:00 GMT cf-cache-status MISS last-modified Tue, 02 Aug 2022 09:48:11 GMT server cloudflare etag "1c5-62e8f2db-9455c635ad72bed3;;;" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 73697b113e9b9137-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 453 expires Sat, 13 Aug 2022 17:27:00 GMT
GET H3	200	icn-GMMN-stagecoach-silhouette-mob-540x154_2109375-v1_00-xhdpi.png well-infos-john-com.preview-domain.com/well/img/	18 KB 18 KB	708ms 708ms	Image image/png	2606:4700::6812:1978 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://well-infos-john-com.preview-domain.com/well/img/icn-GMMN-stagecoach-silhouette-mob-540x154_2109375-v1_00-xhdpi.png Requested by Host: well-infos-john-com.preview-domain.com URL: https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:1978 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6593a3723481f22308c2b996187370f668ef2da43321fbafdd3197ef7dee979f` Request headers accept-language de-DE,de;q=0.9 Referer https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Sat, 06 Aug 2022 17:27:00 GMT cf-cache-status MISS last-modified Tue, 02 Aug 2022 09:48:11 GMT server cloudflare etag "4764-62e8f2db-3cc2a58edb01ce97;;;" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 73697b113e9f9137-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 18276 expires Sat, 13 Aug 2022 17:27:00 GMT
GET H3	200	nePlease.js Show response well-infos-john-com.preview-domain.com/well/js/	1 KB 852 B	480ms 480ms	Script application/x-javascript	2606:4700::6812:1978 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://well-infos-john-com.preview-domain.com/well/js/nePlease.js Requested by Host: well-infos-john-com.preview-domain.com URL: https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:1978 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a39bf98af29dd661d69be3e84ec841b0427447774b9bc01aad3812866ae62c61` Request headers accept-language de-DE,de;q=0.9 Referer https://well-infos-john-com.preview-domain.com/well/?do=5bd0a9d8722e2401ee373ebcedcfce9b83978a51b5df7e67b74f16a0555cb911 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Sat, 06 Aug 2022 17:27:00 GMT content-encoding gzip cf-cache-status MISS last-modified Tue, 02 Aug 2022 09:48:11 GMT server cloudflare etag W/"410-62e8f2db-483b8fa6fbe27540;;;" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 73697b113e979137-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Sat, 13 Aug 2022 17:27:00 GMT
GET H3	200	ico-dem-lock-white-mob-14x19-000000-v01_00@1x.png well-infos-john-com.preview-domain.com/well/img/	17 KB 18 KB	667ms 666ms	Image image/png	2606:4700::6812:1978 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://well-infos-john-com.preview-domain.com/well/img/ico-dem-lock-white-mob-14x19-000000-v01_00@1x.png Requested by Host: well-infos-john-com.preview-domain.com URL: https://well-infos-john-com.preview-domain.com/well/css/frontporch.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:1978 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `25d07c6843be3786446131e73aff4e20a3d9014b3fb8066d7724bd0f02654a63` Request headers accept-language de-DE,de;q=0.9 Referer https://well-infos-john-com.preview-domain.com/well/css/frontporch.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Sat, 06 Aug 2022 17:27:01 GMT cf-cache-status MISS last-modified Tue, 02 Aug 2022 09:48:11 GMT server cloudflare etag "45f4-62e8f2db-79879ca505bbcaed;;;" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 73697b157d049137-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 17908 expires Sat, 13 Aug 2022 17:27:01 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.iu.sa/	1969-12-31 23:59:59	Name: TS01b4064d Value: 018be695f04c2772dd61b08384874eae929c98373c7b2ee54f3fd70ffb8527dcc3e0f626654596d9e6d83463a0e33449b9d1b4834d
			well-infos-john-com.preview-domain.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: d3fdbc6960a73e72973021773287fb4a

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

iu.sa
well-infos-john-com.preview-domain.com
194.33.70.34
2606:4700::6812:1978
185b67ea50ca008a62ab3d8feae6619e1f5a184190b7c0a499943501b41ea7e9
25d07c6843be3786446131e73aff4e20a3d9014b3fb8066d7724bd0f02654a63
26bf11b250174283e0d61349bdb2b7148e1a65433a067c333bebdc5389791be9
3caf9d903451cad35392e207177b9a7eee3e00defcdaf2345246484bc7b557a2
45744796b7e56af82f7d4763a35c61b929b0d8ae00e4ff02837b2b61a25eb15d
6593a3723481f22308c2b996187370f668ef2da43321fbafdd3197ef7dee979f
75f2e037e6fa6643763579786cbbf960967f222d879bc2b0481b985df0487b22
a39bf98af29dd661d69be3e84ec841b0427447774b9bc01aad3812866ae62c61
c439a49e7c410deb76e2f0e354f00c630282a471d75b98d451473f0f81b2e3aa
f89c271c0fc44fe221f3fc2fd0cc3e9e092c24e9fe2bb4083fff51676e004782

well-infos-john-com.preview-domain.com Open in urlscan Pro 2606:4700::6812:1978 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

51 kBTransfer

75 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

2 Cookies

Indicators

well-infos-john-com.preview-domain.com Open in urlscan Pro
2606:4700::6812:1978 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

51 kB
Transfer

75 kB
Size

2
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!