mnd.mndnsw.asn.au - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 4 HTTP transactions. The main IP is 116.0.22.229, located in Australia and belongs to DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU. The main domain is mnd.mndnsw.asn.au.

This is the only time mnd.mndnsw.asn.au was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 2	116.0.22.229 116.0.22.229	38719 (DREAMSCAP...) (DREAMSCAPE-AS-AP Dreamscape Networks Limited)
1	23.202.35.184 23.202.35.184	22773 (ASN-CXA-A...) (ASN-CXA-ALL-CCI-22773-RDC)
2	184.25.122.57 184.25.122.57	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	3

2 116.0.22.229 (Australia) 1 redirects

ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)
PTR: malthael.instanthosting.com.au

mnd.mndnsw.asn.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.202.35.184 (Kowloon, Hong Kong)

ASN22773 (ASN-CXA-ALL-CCI-22773-RDC, US)
PTR: a23-202-35-184.deploy.static.akamaitechnologies.com

a248.e.akamai.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.25.122.57 (Central, Hong Kong)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-25-122-57.deploy.static.akamaitechnologies.com

apply.wellsfargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	wellsfargo.com apply.wellsfargo.com — Cisco Umbrella Rank: 63873	7 KB
2	mndnsw.asn.au 1 redirects mnd.mndnsw.asn.au	2 KB
1	akamai.net a248.e.akamai.net — Cisco Umbrella Rank: 21683
4	3

	Domain	Requested by
2	apply.wellsfargo.com	mnd.mndnsw.asn.au
2	mnd.mndnsw.asn.au	1 redirects
1	a248.e.akamai.net	mnd.mndnsw.asn.au
4	3

This site contains no links.

Subject Issuer	Validity	Valid
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1	`2022-06-28` - `2023-06-30`	a year	crt.sh
apply.wellsfargo.com Wells Fargo Public Trust Certification Authority 01 G2	`2022-10-12` - `2023-10-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://mnd.mndnsw.asn.au/.well-known/pki-validation/wellsfargo/processing.html
Frame ID: D0C872179EC409FA495316206D3A2A98
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Wells Fargo - Please wait

Page URL History Show full URLs

http://mnd.mndnsw.asn.au/.well-known/pki-validation/wellsfargo/secure.php HTTP 302
http://mnd.mndnsw.asn.au/.well-known/pki-validation/wellsfargo/processing.html Page URL

Page Statistics

4
Requests

75 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

8 kB
Transfer

7 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mnd.mndnsw.asn.au/.well-known/pki-validation/wellsfargo/secure.php HTTP 302
http://mnd.mndnsw.asn.au/.well-known/pki-validation/wellsfargo/processing.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request processing.html Show response
mnd.mndnsw.asn.au/.well-known/pki-validation/wellsfargo/
Redirect Chain

http://mnd.mndnsw.asn.au/.well-known/pki-validation/wellsfargo/secure.php
http://mnd.mndnsw.asn.au/.well-known/pki-validation/wellsfargo/processing.html

1 KB
2 KB

150ms
117ms

Document
text/html

116.0.22.229
DREAMSCAPE-AS-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: http://mnd.mndnsw.asn.au/.well-known/pki-validation/wellsfargo/processing.html
Protocol: HTTP/1.1
Server: 116.0.22.229 , Australia, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU),
Reverse DNS: malthael.instanthosting.com.au
Software: Apache /
Resource Hash: 84eaf77e272bacb45cd591502b45818d88217175770f50e388b4876a2fc93b17

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 1353
Content-Type: text/html
Date: Wed, 29 Mar 2023 16:05:01 GMT
Keep-Alive: timeout=5, max=99
Last-Modified: Fri, 24 Mar 2023 23:35:53 GMT
Server: Apache

Redirect headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 29 Mar 2023 16:04:59 GMT
Keep-Alive: timeout=5, max=100
Location: processing.html
Server: Apache
Transfer-Encoding: chunked

GET
H/1.1 403
Forbidden s.gif
a248.e.akamai.net/7/248/3608/53845d4a1846e7/online.wellsfargo.com/das/common/images/ 0
0 951ms
316ms Image
text/html 23.202.35.184
ASN-CXA-ALL-CCI-2...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a248.e.akamai.net/7/248/3608/53845d4a1846e7/online.wellsfargo.com/das/common/images/s.gif
Requested by: Host: mnd.mndnsw.asn.au
URL: http://mnd.mndnsw.asn.au/.well-known/pki-validation/wellsfargo/processing.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 23.202.35.184 Kowloon, Hong Kong, ASN22773 (ASN-CXA-ALL-CCI-22773-RDC, US),
Reverse DNS: a23-202-35-184.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://mnd.mndnsw.asn.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

GET
H/1.1 200
OK logo_62sq.gif
apply.wellsfargo.com/img/shared/static/ 2 KB
2 KB 994ms
254ms Image
image/gif 184.25.122.57
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apply.wellsfargo.com/img/shared/static/logo_62sq.gif

Requested by

Host: mnd.mndnsw.asn.au
URL: http://mnd.mndnsw.asn.au/.well-known/pki-validation/wellsfargo/processing.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.25.122.57 Central, Hong Kong, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a184-25-122-57.deploy.static.akamaitechnologies.com

Software

/

Resource Hash

1d75c1532073401f90f2c4a3135126be6b2cfcd7d24af3da75e393a3c2269a81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://mnd.mndnsw.asn.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Wed, 29 Mar 2023 16:05:02 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
Last-Modified: Thu, 20 Nov 2014 23:49:37 GMT
ETag: W/"1824-1416527377000"
X-Frame-Options: DENY
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1824
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK status_indicator_alone.gif
apply.wellsfargo.com/img/shared/static/ 4 KB
5 KB 1088ms
278ms Image
image/gif 184.25.122.57
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apply.wellsfargo.com/img/shared/static/status_indicator_alone.gif

Requested by

Host: mnd.mndnsw.asn.au
URL: http://mnd.mndnsw.asn.au/.well-known/pki-validation/wellsfargo/processing.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.25.122.57 Central, Hong Kong, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a184-25-122-57.deploy.static.akamaitechnologies.com

Software

/

Resource Hash

7b668be16bb8d9c0f50dfaa1cdd6d74bf53b9b1791fa46a2094b4ea275f246c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://mnd.mndnsw.asn.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Wed, 29 Mar 2023 16:05:02 GMT
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
Last-Modified: Thu, 20 Nov 2014 23:50:15 GMT
ETag: W/"4161-1416527415000"
X-Frame-Options: DENY
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4161
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://a248.e.akamai.net/7/248/3608/53845d4a1846e7/online.wellsfargo.com/das/common/images/s.gif Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a248.e.akamai.net
apply.wellsfargo.com
mnd.mndnsw.asn.au
116.0.22.229
184.25.122.57
23.202.35.184
1d75c1532073401f90f2c4a3135126be6b2cfcd7d24af3da75e393a3c2269a81
7b668be16bb8d9c0f50dfaa1cdd6d74bf53b9b1791fa46a2094b4ea275f246c5
84eaf77e272bacb45cd591502b45818d88217175770f50e388b4876a2fc93b17
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

mnd.mndnsw.asn.au Open in urlscan Pro 116.0.22.229 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

4 Requests

75 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

8 kBTransfer

7 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

mnd.mndnsw.asn.au Open in urlscan Pro
116.0.22.229 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

75 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

8 kB
Transfer

7 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!