nimbus-international.com Open in urlscan Pro
2606:4700:3032::6815:4c0c  Malicious Activity! Public Scan

URL: http://nimbus-international.com/Login
Submission: On May 02 via automatic, source phishtank — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 2606:4700:3032::6815:4c0c, located in United States and belongs to CLOUDFLARENET, US. The main domain is nimbus-international.com.
This is the only time nimbus-international.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

IP Address AS Autonomous System
8 2606:4700:303... 13335 (CLOUDFLAR...)
8 1
Apex Domain
Subdomains
Transfer
8 nimbus-international.com
nimbus-international.com
791 KB
8 1
Domain Requested by
8 nimbus-international.com nimbus-international.com
8 1

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://nimbus-international.com/Login
Frame ID: 6163259CABE56E5E5A543F7A9877B5F5
Requests: 8 HTTP requests in this frame

Screenshot

Page Title

Sign On to View Your Personal Accounts | Wells Fargo

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

791 kB
Transfer

1114 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Login
nimbus-international.com/
59 KB
10 KB
Document
General
Full URL
http://nimbus-international.com/Login
Protocol
HTTP/1.1
Server
2606:4700:3032::6815:4c0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9fe7181904549f03c5418990c0a1f0bc404f0023eca5ffc78b785e40dd8f5a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
704c8fc4dec55a31-MXP
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 02 May 2022 00:15:17 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Pragma
no-cache
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7lNhZVxQCQMB7Ohc9SuBOl9g9f9rg1iWkyUUwhSISFlsugO0aS7EKgVvEt4F4OAFHkMhGL5n6mY14tfx5I4CSDzbm%2FgFv5Y2k%2BJLXBRQlkHMI%2FhkbHsffM%2BD2JCKnch98zvNNHtQhXqhWLtGCOwdM7OPW8HSj1U%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
wfui.css
nimbus-international.com/wfu_assetz/css/
98 KB
17 KB
Stylesheet
General
Full URL
http://nimbus-international.com/wfu_assetz/css/wfui.css
Requested by
Host: nimbus-international.com
URL: http://nimbus-international.com/Login
Protocol
HTTP/1.1
Server
2606:4700:3032::6815:4c0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34c850b8147576cbd9468f7e8dc247f11bb6cd2345e6dece3d5f1bcb3154b8bf

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://nimbus-international.com/Login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 00:15:17 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2770
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
16536
Last-Modified
Tue, 26 Apr 2022 15:38:48 GMT
Server
cloudflare
ETag
"186cf-5dd907d26d153-gzip"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NM2QZfX%2BMVZtNKHY3hVWEgkMyYxpEk5WW%2Fd%2BHkGGSyqU0hz3eam%2BoG8vaKQ4mUiRdxz8BE7IQUXLT%2BnDWqIvhGDvjrqEM8IPWmnigwzOV6n9QXCzK98ZT%2FzTRNBM%2F07yWCWh%2FE4vm8PueJhxAhhDDD%2FXWS1hHKU%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
704c8fc5e8ae5a31-MXP
main.css
nimbus-international.com/wfu_assetz/css/
11 KB
3 KB
Stylesheet
General
Full URL
http://nimbus-international.com/wfu_assetz/css/main.css
Requested by
Host: nimbus-international.com
URL: http://nimbus-international.com/Login
Protocol
HTTP/1.1
Server
2606:4700:3032::6815:4c0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c32245b651e36ec5a035e5394648ac08030ca7838680611259de06f6b308e76

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://nimbus-international.com/Login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 00:15:17 GMT
Content-Encoding
gzip
CF-Cache-Status
MISS
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
1996
Last-Modified
Tue, 26 Apr 2022 15:38:45 GMT
Server
cloudflare
ETag
"2a40-5dd907d03c893-gzip"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5BFtIP8315%2FDYGCCQq3MiaLnWhm%2Fl7wnrMoAZKEj871a%2B3v0kc9UkKlX6WuDxV9NnX2UKQYfT0kGDmpRcJnKLUgGhLG1pKIYoTuwuUffLC01QqcVLt6olc0fxLAquoKsxjxgSeudL9CpOkjuRLk2ftJ%2FpNfTqQ0%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
704c8fc60af73757-MXP
COB-BOB-IRT-enroll_balloons.jpg
nimbus-international.com/wfu_assetz/img/
611 KB
612 KB
Image
General
Full URL
http://nimbus-international.com/wfu_assetz/img/COB-BOB-IRT-enroll_balloons.jpg
Requested by
Host: nimbus-international.com
URL: http://nimbus-international.com/Login
Protocol
HTTP/1.1
Server
2606:4700:3032::6815:4c0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8325d272c72a041414d9fb349e9d4bca5e7fc8ad66f47a719e491960afa5683

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://nimbus-international.com/Login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 00:15:17 GMT
CF-Cache-Status
MISS
Last-Modified
Tue, 26 Apr 2022 15:38:57 GMT
Server
cloudflare
ETag
"98b19-5dd907db286f3"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dIqBfDsN7HRasUnnH0aSwHqciEWlWqBweAuh0uhtiuLleUAPa6k6dM5EpvGWCzi4OEmAMAg8uk6t3kpCIjDig4A6eOT0f1S%2BTyRVl0pfm6h%2BYcAUl0y1MW5LUvRu6epX4hxTOGdRs6tsdJ1JQfuf8vVYSk%2BcJj0%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/jpeg
Cache-Control
max-age=14400
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
704c8fc608e45a31-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
625433
jquery.js
nimbus-international.com/wfu_assetz/js/
266 KB
78 KB
Script
General
Full URL
http://nimbus-international.com/wfu_assetz/js/jquery.js
Requested by
Host: nimbus-international.com
URL: http://nimbus-international.com/Login
Protocol
HTTP/1.1
Server
2606:4700:3032::6815:4c0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://nimbus-international.com/Login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 00:15:17 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2770
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified
Tue, 26 Apr 2022 15:39:22 GMT
Server
cloudflare
ETag
"42719-5dd907f2d3073-gzip"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PoBxWHsvwwAQI9HFFBbxVekCkszNKI04Yr2XgdTnschnUegqbSYuNm4KromGXf8ph%2Bi2vhhY33iDkubcOmXEL22PERvSJ2DPMbmhOq6G9KBvb6l6IkaG4AcxyUVRZ9J8OAhzmAGm6ch0tz5xIFoLuOMe2Q%2Bw%2FM0%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
704c8fc60a3d59cb-MXP
wellsfargosans-rg.woff2
nimbus-international.com/wfu_assetz/fonts/
22 KB
23 KB
Font
General
Full URL
http://nimbus-international.com/wfu_assetz/fonts/wellsfargosans-rg.woff2
Requested by
Host: nimbus-international.com
URL: http://nimbus-international.com/wfu_assetz/css/wfui.css
Protocol
HTTP/1.1
Server
2606:4700:3032::6815:4c0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc

Request headers

Referer
http://nimbus-international.com/wfu_assetz/css/wfui.css
Origin
http://nimbus-international.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 00:15:17 GMT
CF-Cache-Status
MISS
Last-Modified
Tue, 26 Apr 2022 15:38:49 GMT
Server
cloudflare
ETag
"5798-5dd907d410073"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JpiEQMNX1BH6k4DK6ulNTvi1RFW1RyNdd%2FVkzlyWDfA1gA95o87nqFlQOswtTGMpp882UdQ1EtrGq9JjbxqzT0%2BB72Ecv5XrGruw9tnW0549RUsPvzwgV%2FeTIQi%2FFf2%2FqDjrq%2FIWHAD0e3oVHf23DIdOv2md%2FfQ%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
font/woff2
Cache-Control
max-age=14400
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
704c8fc6dbc63757-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
22424
wellsfargoserif-rg.woff2
nimbus-international.com/wfu_assetz/fonts/
26 KB
27 KB
Font
General
Full URL
http://nimbus-international.com/wfu_assetz/fonts/wellsfargoserif-rg.woff2
Requested by
Host: nimbus-international.com
URL: http://nimbus-international.com/wfu_assetz/css/wfui.css
Protocol
HTTP/1.1
Server
2606:4700:3032::6815:4c0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aeb7b3bfc4281d35b02dfde05ac7a6c0d3daa7f3123b35a9cbd4b5a8e3f3c310

Request headers

Referer
http://nimbus-international.com/wfu_assetz/css/wfui.css
Origin
http://nimbus-international.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 00:15:17 GMT
CF-Cache-Status
MISS
Last-Modified
Tue, 26 Apr 2022 15:38:51 GMT
Server
cloudflare
ETag
"6854-5dd907d5e8af3"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=08HYOd25QpawzwxF5LVcQEwXZ0Y93%2B8Z1XwYGFeAvAXOMMsrNWp1Mb2bFpcQjGT41wO%2FkM4680ao2TqnJSnGeG9cC474r%2FugC3Yn7ZrQ2kpJ2GQItl18GYDHn5PUS03oJ9zTnQ2%2B1JRROpbBXcGVHoZg4g6xzDM%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
font/woff2
Cache-Control
max-age=14400
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
704c8fc6dbbf59cb-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
26708
wellsfargosans-sbd.woff2
nimbus-international.com/wfu_assetz/fonts/
22 KB
23 KB
Font
General
Full URL
http://nimbus-international.com/wfu_assetz/fonts/wellsfargosans-sbd.woff2
Requested by
Host: nimbus-international.com
URL: http://nimbus-international.com/wfu_assetz/css/wfui.css
Protocol
HTTP/1.1
Server
2606:4700:3032::6815:4c0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba

Request headers

Referer
http://nimbus-international.com/wfu_assetz/css/wfui.css
Origin
http://nimbus-international.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 00:15:17 GMT
CF-Cache-Status
MISS
Last-Modified
Tue, 26 Apr 2022 15:38:50 GMT
Server
cloudflare
ETag
"5848-5dd907d4d0693"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mU940aytjq4EbTwm1z3fpjXN%2F2dLsIWhLXSFk49HGC%2FxxN4YC8XNGihfuHv%2F%2FqY%2FeThldW%2BUc%2FFmt%2Fno8nInil4OBEldk9sfuhynk15S3yjEjevUZHocFq1nIgVGKXSh2fYmW459R0SwJOe1go00bY%2Fg1Ngi21Q%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
font/woff2
Cache-Control
max-age=14400
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
704c8fc6ecfe0f72-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
22600

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| $ function| jQuery

1 Cookies

Domain/Path Name / Value
nimbus-international.com/ Name: PHPSESSID
Value: rb6uns6crqg6vbav62j6fgfutd