kimudesign.com Open in urlscan Pro
104.27.165.190 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://kimudesign.com/wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d802...
Submission: On May 24 via automatic, source openphish (May 24th 2018, 12:41:34 pm UTC)

Summary HTTP 7 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 104.27.165.190, located in San Francisco, United States and belongs to . The main domain is kimudesign.com.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on May 23rd 2018. Valid for: 6 months.

This is the only time kimudesign.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address		AS Autonomous System
6	104.27.165.190 104.27.165.190		() ()
7	2

6 104.27.165.190 (San Francisco, United States)

ASN- ()

kimudesign.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	kimudesign.com kimudesign.com	739 KB
7	1

	Domain	Requested by
6	kimudesign.com	kimudesign.com
7	1

This site contains links to these domains. Also see Links.

Domain
connect.secure.wellsfargo.com

Subject Issuer	Validity	Valid
sni208885.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-05-23` - `2018-11-29`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://kimudesign.com/wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746&session=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746
Frame ID: A07E21195E782B4D27832EF1D8702572
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

script /(?:twitter\.github\.com\/bootstrap|bootstrap(?:\.js|\.min\.js))/i

Page Statistics

7
Requests

86 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

739 kB
Transfer

3670 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://connect.secure.wellsfargo.com/services/selfservice/contactUs?_x=YZUAHjLQ7z5SzaDF8btRsbL90U772k66
Title: Contact Us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
9 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request confirm.htm Show response kimudesign.com/wellz/	47 KB 9 KB	581ms 581ms	Document text/html	104.27.165.190
General Check archive.org Show headers Download Go to Full URL https://kimudesign.com/wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746&session=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.27.165.190 San Francisco, United States, ASN (), Reverse DNS Software cloudflare / Resource Hash `e42a0e32c0ebaf06cbbd9549e61e01dd22a460dd4e4efbb39ac2eb0e7bc38f7c` Request headers :method GET :authority kimudesign.com :scheme https :path /wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746&session=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 accept-encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id A07E21195E782B4D27832EF1D8702572 Response headers status 200 date Thu, 24 May 2018 12:41:23 GMT content-type text/html set-cookie __cfduid=d9c64123cfe2b7977f27ac158d2d4220e1527165682; expires=Fri, 24-May-19 12:41:22 GMT; path=/; domain=.kimudesign.com; HttpOnly; Secure cache-control public, max-age=172800 expires Sat, 26 May 2018 12:41:24 GMT last-modified Thu, 24 May 2018 08:57:28 GMT vary Accept-Encoding x-turbo-charged-by LiteSpeed expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 41ffd60ccac9646f-FRA content-encoding gzip
GET H2	200	mwf-servicing-combined-mm.css kimudesign.com/wellz/Wells%20Fargo%20Credit%20Card%20Service%20Center_fichiers/	3 MB 591 KB	13ms 12ms	Stylesheet text/css	104.27.165.190
General Check archive.org Show headers Download Go to Full URL https://kimudesign.com/wellz/Wells%20Fargo%20Credit%20Card%20Service%20Center_fichiers/mwf-servicing-combined-mm.css Requested by Host: kimudesign.com URL: https://kimudesign.com/wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746&session=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.27.165.190 San Francisco, United States, ASN (), Reverse DNS Software cloudflare / Resource Hash `f4b29356717f316cc1bb10f2a0871a0b8859f6bf94c7a0a9666c669b252ceae6` Request headers :path /wellz/Wells%20Fargo%20Credit%20Card%20Service%20Center_fichiers/mwf-servicing-combined-mm.css pragma no-cache cookie __cfduid=d9c64123cfe2b7977f27ac158d2d4220e1527165682 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority kimudesign.com referer https://kimudesign.com/wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746&session=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746 :scheme https :method GET Referer https://kimudesign.com/wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746&session=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 24 May 2018 12:41:23 GMT content-encoding gzip cf-cache-status HIT last-modified Fri, 23 Mar 2018 17:15:00 GMT server cloudflare etag W/"306032-5ab53614-36fad0240edf5b9f;;;" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 41ffd6106d8a646f-FRA expires Thu, 31 May 2018 12:41:23 GMT
GET H2	200	mwf-core-ui-bootstrap.js Show response kimudesign.com/wellz/Wells%20Fargo%20Credit%20Card%20Service%20Center_fichiers/	155 KB 50 KB	11ms 10ms	Script application/javascript	104.27.165.190
General Check archive.org Show headers Download Go to Full URL https://kimudesign.com/wellz/Wells%20Fargo%20Credit%20Card%20Service%20Center_fichiers/mwf-core-ui-bootstrap.js Requested by Host: kimudesign.com URL: https://kimudesign.com/wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746&session=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.27.165.190 San Francisco, United States, ASN (), Reverse DNS Software cloudflare / Resource Hash `bc1995f7c46565dd8abb9fd724fd4bb989781cab0250627d6d00753dd23e15aa` Request headers :path /wellz/Wells%20Fargo%20Credit%20Card%20Service%20Center_fichiers/mwf-core-ui-bootstrap.js pragma no-cache cookie __cfduid=d9c64123cfe2b7977f27ac158d2d4220e1527165682 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept / cache-control no-cache :authority kimudesign.com referer https://kimudesign.com/wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746&session=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746 :scheme https :method GET Referer https://kimudesign.com/wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746&session=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 24 May 2018 12:41:23 GMT content-encoding gzip cf-cache-status HIT status 200 content-length 51354 last-modified Fri, 23 Mar 2018 17:15:00 GMT server cloudflare etag "26d0a-5ab53614-ea37316793d28104;gz" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 41ffd6106d8b646f-FRA expires Thu, 31 May 2018 12:41:23 GMT
GET H2	200	mwf-servicing-ui-ccsc-bootstrap.js Show response kimudesign.com/wellz/Wells%20Fargo%20Credit%20Card%20Service%20Center_fichiers/	225 KB 44 KB	9ms 9ms	Script application/javascript	104.27.165.190
General Check archive.org Show headers Download Go to Full URL https://kimudesign.com/wellz/Wells%20Fargo%20Credit%20Card%20Service%20Center_fichiers/mwf-servicing-ui-ccsc-bootstrap.js Requested by Host: kimudesign.com URL: https://kimudesign.com/wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746&session=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.27.165.190 San Francisco, United States, ASN (), Reverse DNS Software cloudflare / Resource Hash `349e1f28eefcdacb578499cab9b8db32c26b1784e3e9cbe8397b3815f3a3c7e0` Request headers :path /wellz/Wells%20Fargo%20Credit%20Card%20Service%20Center_fichiers/mwf-servicing-ui-ccsc-bootstrap.js pragma no-cache cookie __cfduid=d9c64123cfe2b7977f27ac158d2d4220e1527165682 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept / cache-control no-cache :authority kimudesign.com referer https://kimudesign.com/wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746&session=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746 :scheme https :method GET Referer https://kimudesign.com/wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746&session=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 24 May 2018 12:41:23 GMT content-encoding gzip cf-cache-status HIT status 200 content-length 45048 last-modified Fri, 23 Mar 2018 17:15:00 GMT server cloudflare etag "385bd-5ab53614-54a7af8cbebac74a;gz" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 41ffd6108d96646f-FRA expires Thu, 31 May 2018 12:41:23 GMT
GET H2	200	wf-tracking-servicing.js Show response kimudesign.com/wellz/Wells%20Fargo%20Credit%20Card%20Service%20Center_fichiers/	136 KB 43 KB	8ms 8ms	Script application/javascript	104.27.165.190
General Check archive.org Show headers Download Go to Full URL https://kimudesign.com/wellz/Wells%20Fargo%20Credit%20Card%20Service%20Center_fichiers/wf-tracking-servicing.js Requested by Host: kimudesign.com URL: https://kimudesign.com/wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746&session=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.27.165.190 San Francisco, United States, ASN (), Reverse DNS Software cloudflare / Resource Hash `0ed22461582ae71b3c41efc15db6278fa0624bf20b8c0c6b142625ef7531fa53` Request headers :path /wellz/Wells%20Fargo%20Credit%20Card%20Service%20Center_fichiers/wf-tracking-servicing.js pragma no-cache cookie __cfduid=d9c64123cfe2b7977f27ac158d2d4220e1527165682 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept / cache-control no-cache :authority kimudesign.com referer https://kimudesign.com/wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746&session=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746 :scheme https :method GET Referer https://kimudesign.com/wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746&session=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 24 May 2018 12:41:23 GMT content-encoding gzip cf-cache-status HIT status 200 content-length 44306 last-modified Fri, 23 Mar 2018 17:15:00 GMT server cloudflare etag "221b5-5ab53614-6ca5efd46034c931;gz" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 41ffd6109da5646f-FRA expires Thu, 31 May 2018 12:41:23 GMT
GET H2	200	goo.png kimudesign.com/wellz/	1023 B 1 KB	12ms 12ms	Image image/png	104.27.165.190
General Check archive.org Show headers Download Go to Show image Full URL https://kimudesign.com/wellz/goo.png Requested by Host: kimudesign.com URL: https://kimudesign.com/wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746&session=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.27.165.190 San Francisco, United States, ASN (), Reverse DNS Software cloudflare / Resource Hash `d03f7054e85ab896cc32b8105083a7761ee66168176e201ed1242d2b4dae1f1c` Request headers :path /wellz/goo.png pragma no-cache cookie __cfduid=d9c64123cfe2b7977f27ac158d2d4220e1527165682 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority kimudesign.com referer https://kimudesign.com/wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746&session=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746 :scheme https :method GET Referer https://kimudesign.com/wellz/confirm.htm?cmd=login_submit&id=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746&session=6e837851cf2a7076d8c527d80250a7466e837851cf2a7076d8c527d80250a746 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 24 May 2018 12:41:23 GMT cf-cache-status HIT last-modified Mon, 08 May 2017 01:48:20 GMT server cloudflare etag "3ff-590fce64-3b22b32d9afa8149;;;" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=31536000 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 41ffd610adb9646f-FRA content-length 1023 expires Fri, 24 May 2019 12:41:23 GMT
GET DATA	200 OK	truncated /	319 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `26c73dddcd92b768c66c3a0db9abfc2518110011f29c53992c595681b280ba3b` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml;charset=UTF-8
GET DATA	200 OK	truncated /	4 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `63abe467dc48006011a5f64490fc18f5eefd6eaabf448a1c7510d4fbb72dc54b` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml;charset=UTF-8
GET DATA	200 OK	truncated /	356 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `257c017dcee5e4651a0f0556cb045d6a9f9b5b4705009f26d1b8bc39ba6fb5cc` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml;charset=UTF-8
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `355b94f4546c975c96b3ec5342e7e5e108891e2975c487f38dc4c5280aaf1fa2` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml;charset=UTF-8
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c01d42b84edaa926eb5f7d58acbfe686f7a2f1bec0881bb3eeb3371acd141cb6` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml;charset=UTF-8
GET DATA	200 OK	truncated /	579 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `87eab7b3db402c1b310f3e270b5162330e24147cde73b64b42579cb7bd58ec98` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml;charset=UTF-8
GET DATA	200 OK	truncated /	570 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4430205dc9fc6c4d74a6a98473f25ae72a0fb9836eece4692ec59c6eda375878` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml;charset=UTF-8
GET DATA	200 OK	truncated /	287 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `61d93589e5794bfa79670b41c8c7222ed09e8b400a2508d45021eaa65a0ec6b0` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml;charset=UTF-8
GET DATA	200 OK	truncated /	524 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e313d9412c0e931f5ef667bc462a73b4d8421b2dea993ec696bad4710ff4a44c` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml;charset=UTF-8
POST		tealeaf kimudesign.com/services/support/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: kimudesign.com
URL: https://kimudesign.com/services/support/tealeaf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| pako object| TLT

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.kimudesign.com/	1970-01-19 00:58:21	Name: __cfduid Value: d9c64123cfe2b7977f27ac158d2d4220e1527165682

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

kimudesign.com
kimudesign.com
104.27.165.190
0ed22461582ae71b3c41efc15db6278fa0624bf20b8c0c6b142625ef7531fa53
257c017dcee5e4651a0f0556cb045d6a9f9b5b4705009f26d1b8bc39ba6fb5cc
26c73dddcd92b768c66c3a0db9abfc2518110011f29c53992c595681b280ba3b
349e1f28eefcdacb578499cab9b8db32c26b1784e3e9cbe8397b3815f3a3c7e0
355b94f4546c975c96b3ec5342e7e5e108891e2975c487f38dc4c5280aaf1fa2
4430205dc9fc6c4d74a6a98473f25ae72a0fb9836eece4692ec59c6eda375878
61d93589e5794bfa79670b41c8c7222ed09e8b400a2508d45021eaa65a0ec6b0
63abe467dc48006011a5f64490fc18f5eefd6eaabf448a1c7510d4fbb72dc54b
87eab7b3db402c1b310f3e270b5162330e24147cde73b64b42579cb7bd58ec98
bc1995f7c46565dd8abb9fd724fd4bb989781cab0250627d6d00753dd23e15aa
c01d42b84edaa926eb5f7d58acbfe686f7a2f1bec0881bb3eeb3371acd141cb6
d03f7054e85ab896cc32b8105083a7761ee66168176e201ed1242d2b4dae1f1c
e313d9412c0e931f5ef667bc462a73b4d8421b2dea993ec696bad4710ff4a44c
e42a0e32c0ebaf06cbbd9549e61e01dd22a460dd4e4efbb39ac2eb0e7bc38f7c
f4b29356717f316cc1bb10f2a0871a0b8859f6bf94c7a0a9666c669b252ceae6

kimudesign.com Open in urlscan Pro 104.27.165.190 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

7 Requests

86 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

739 kBTransfer

3670 kBSize

1 Cookies

1 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

kimudesign.com Open in urlscan Pro
104.27.165.190 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

86 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

739 kB
Transfer

3670 kB
Size

1
Cookies

7 HTTP transactions
9 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!