nimbus-international.com
Open in
urlscan Pro
2606:4700:3032::6815:4c0c
Malicious Activity!
Public Scan
Submission: On May 02 via automatic, source phishtank — Scanned from DE
Summary
This is the only time nimbus-international.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 2606:4700:303... 2606:4700:3032::6815:4c0c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
nimbus-international.com
nimbus-international.com |
791 KB |
8 | 1 |
Domain | Requested by | |
---|---|---|
8 | nimbus-international.com |
nimbus-international.com
|
8 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://nimbus-international.com/Login
Frame ID: 6163259CABE56E5E5A543F7A9877B5F5
Requests: 8 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Login
nimbus-international.com/ |
59 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfui.css
nimbus-international.com/wfu_assetz/css/ |
98 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
nimbus-international.com/wfu_assetz/css/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
COB-BOB-IRT-enroll_balloons.jpg
nimbus-international.com/wfu_assetz/img/ |
611 KB 612 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
nimbus-international.com/wfu_assetz/js/ |
266 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wellsfargosans-rg.woff2
nimbus-international.com/wfu_assetz/fonts/ |
22 KB 23 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wellsfargoserif-rg.woff2
nimbus-international.com/wfu_assetz/fonts/ |
26 KB 27 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wellsfargosans-sbd.woff2
nimbus-international.com/wfu_assetz/fonts/ |
22 KB 23 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
nimbus-international.com/ | Name: PHPSESSID Value: rb6uns6crqg6vbav62j6fgfutd |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
nimbus-international.com
2606:4700:3032::6815:4c0c
34c850b8147576cbd9468f7e8dc247f11bb6cd2345e6dece3d5f1bcb3154b8bf
3c32245b651e36ec5a035e5394648ac08030ca7838680611259de06f6b308e76
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff
a9fe7181904549f03c5418990c0a1f0bc404f0023eca5ffc78b785e40dd8f5a4
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
aeb7b3bfc4281d35b02dfde05ac7a6c0d3daa7f3123b35a9cbd4b5a8e3f3c310
b8325d272c72a041414d9fb349e9d4bca5e7fc8ad66f47a719e491960afa5683