secu-my-acct.com Open in urlscan Pro
34.168.191.185 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://secu-my-acct.com/
Effective URL:
https://secu-my-acct.com/
Submission: On November 05 via automatic, source openphish (November 5th 2022, 2:01:27 am UTC) — Scanned from DE

Summary HTTP 10 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 34.168.191.185, located in The Dalles, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is secu-my-acct.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 1st 2022. Valid for: 3 months.

This is the only time secu-my-acct.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 8	34.168.191.185 34.168.191.185	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	184.24.31.94 184.24.31.94	16625 (AKAMAI-AS) (AKAMAI-AS)
10	2

8 34.168.191.185 (The Dalles, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 185.191.168.34.bc.googleusercontent.com

secu-my-acct.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.24.31.94 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-31-94.deploy.static.akamaitechnologies.com

www15.wellsfargomedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	secu-my-acct.com 1 redirects secu-my-acct.com	752 KB
3	wellsfargomedia.com www15.wellsfargomedia.com — Cisco Umbrella Rank: 44195	71 KB
10	2

	Domain	Requested by
8	secu-my-acct.com	1 redirects secu-my-acct.com
3	www15.wellsfargomedia.com	secu-my-acct.com
10	2

This site contains links to these domains. Also see Links.

Domain
oam.wellsfargo.com

Subject Issuer	Validity	Valid
secu-my-acct.com cPanel, Inc. Certification Authority	`2022-11-01` - `2023-01-30`	3 months	crt.sh
www15.wellsfargomedia.com DigiCert SHA2 Secure Server CA	`2021-12-31` - `2023-01-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://secu-my-acct.com/
Frame ID: F90DE0EF24C81BA917717EAB9B0B6533
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign On to View Your Personal Accounts | Wells Fargo

Page URL History Show full URLs

http://secu-my-acct.com/ HTTP 301
https://secu-my-acct.com/ Page URL

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

822 kB
Transfer

820 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://oam.wellsfargo.com/oamo/identity/help/passwordhelp
Title: Forgot username or password?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://secu-my-acct.com/ HTTP 301
https://secu-my-acct.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response secu-my-acct.com/ Redirect Chain http://secu-my-acct.com/ https://secu-my-acct.com/	23 KB 24 KB	3494ms 2681ms	Document text/html	34.168.191.185 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://secu-my-acct.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 34.168.191.185 The Dalles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 185.191.168.34.bc.googleusercontent.com Software Apache / Resource Hash `c465485aed683268f94dcdba95c6adfbc55f713aa7868df057f6e171600f9b00` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Sat, 05 Nov 2022 02:01:18 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Server Apache Transfer-Encoding chunked Redirect headers Connection Keep-Alive Content-Length 233 Content-Type text/html; charset=iso-8859-1 Date Sat, 05 Nov 2022 02:01:17 GMT Keep-Alive timeout=5, max=100 Location https://secu-my-acct.com/ Server Apache
GET H/1.1	200 OK	wfui.dc5a086beca5b68bfa75.chunk.css secu-my-acct.com/resources/	94 KB 94 KB	267ms 146ms	Stylesheet text/css	34.168.191.185 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://secu-my-acct.com/resources/wfui.dc5a086beca5b68bfa75.chunk.css Requested by Host: secu-my-acct.com URL: https://secu-my-acct.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 34.168.191.185 The Dalles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 185.191.168.34.bc.googleusercontent.com Software Apache / Resource Hash `fe1bdc09b7399736efc6617cf6762dc9c82516e0b3f1e0d80fe5287c262c199a` Request headers accept-language de-DE,de;q=0.9 Referer https://secu-my-acct.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Sat, 05 Nov 2022 02:01:20 GMT Last-Modified Tue, 01 Nov 2022 22:16:16 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 95868
GET H/1.1	200 OK	main.4870f47b74ad9141ce5b.chunk.css secu-my-acct.com/resources/	3 KB 4 KB	440ms 146ms	Stylesheet text/css	34.168.191.185 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://secu-my-acct.com/resources/main.4870f47b74ad9141ce5b.chunk.css Requested by Host: secu-my-acct.com URL: https://secu-my-acct.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 34.168.191.185 The Dalles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 185.191.168.34.bc.googleusercontent.com Software Apache / Resource Hash `c09753711c376ac7d47b28dca007a00ea49e907c3476fd12bdf8ae303cf52ec9` Request headers accept-language de-DE,de;q=0.9 Referer https://secu-my-acct.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Sat, 05 Nov 2022 02:01:21 GMT Last-Modified Tue, 01 Nov 2022 22:16:16 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3580
GET H/1.1	200 OK	0.fccf6cebc9e0f1a0717f.chunk.css secu-my-acct.com/resources/	8 KB 8 KB	440ms 147ms	Stylesheet text/css	34.168.191.185 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://secu-my-acct.com/resources/0.fccf6cebc9e0f1a0717f.chunk.css Requested by Host: secu-my-acct.com URL: https://secu-my-acct.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 34.168.191.185 The Dalles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 185.191.168.34.bc.googleusercontent.com Software Apache / Resource Hash `9e996fe967eb8587a13a25eb1d22741d17195385800cd9375bcf1f2f8739cdd5` Request headers accept-language de-DE,de;q=0.9 Referer https://secu-my-acct.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Sat, 05 Nov 2022 02:01:21 GMT Last-Modified Tue, 01 Nov 2022 22:16:16 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 7726
GET H/1.1	200 OK	1.f547b6e66267c52604e9.chunk.css secu-my-acct.com/resources/	4 KB 4 KB	441ms 146ms	Stylesheet text/css	34.168.191.185 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://secu-my-acct.com/resources/1.f547b6e66267c52604e9.chunk.css Requested by Host: secu-my-acct.com URL: https://secu-my-acct.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 34.168.191.185 The Dalles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 185.191.168.34.bc.googleusercontent.com Software Apache / Resource Hash `444238afa2c5dff88714941474ff5153227a31fe6a58f4cc8a0c3e517d5da629` Request headers accept-language de-DE,de;q=0.9 Referer https://secu-my-acct.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Sat, 05 Nov 2022 02:01:21 GMT Last-Modified Tue, 01 Nov 2022 22:16:16 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3997
GET H/1.1	200 OK	2.d908c227d892a97fd57c.chunk.css secu-my-acct.com/resources/	19 KB 19 KB	443ms 147ms	Stylesheet text/css	34.168.191.185 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://secu-my-acct.com/resources/2.d908c227d892a97fd57c.chunk.css Requested by Host: secu-my-acct.com URL: https://secu-my-acct.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 34.168.191.185 The Dalles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 185.191.168.34.bc.googleusercontent.com Software Apache / Resource Hash `00f37084a77125b6ec9a0d7adbfe986578d1d5ef26514bc0d88b2b4ec39740f8` Request headers accept-language de-DE,de;q=0.9 Referer https://secu-my-acct.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Sat, 05 Nov 2022 02:01:21 GMT Last-Modified Tue, 01 Nov 2022 22:16:16 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 19337
GET H/1.1	200 OK	COB-BOB-IRT-enroll_tractor.jpg secu-my-acct.com/resources/	599 KB 599 KB	428ms 147ms	Image image/jpeg	34.168.191.185 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://secu-my-acct.com/resources/COB-BOB-IRT-enroll_tractor.jpg Requested by Host: secu-my-acct.com URL: https://secu-my-acct.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 34.168.191.185 The Dalles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 185.191.168.34.bc.googleusercontent.com Software Apache / Resource Hash `d3ee0c954f26a12702c2ad4ca5fc14fa14198eadd59113a5baef17e0c1240ebe` Request headers accept-language de-DE,de;q=0.9 Referer https://secu-my-acct.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Sat, 05 Nov 2022 02:01:21 GMT Last-Modified Tue, 01 Nov 2022 22:16:16 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 613304
GET H2	200	wellsfargosans-rg.woff2 www15.wellsfargomedia.com/wfui/css/fonts/	22 KB 22 KB	74ms 6ms	Font font/woff2	184.24.31.94 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-rg.woff2 Requested by Host: secu-my-acct.com URL: https://secu-my-acct.com/resources/wfui.dc5a086beca5b68bfa75.chunk.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 184.24.31.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a184-24-31-94.deploy.static.akamaitechnologies.com Software / Resource Hash `631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc` Request headers Referer https://secu-my-acct.com/ Origin https://secu-my-acct.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers date Sat, 05 Nov 2022 02:01:21 GMT last-modified Tue, 26 Feb 2019 19:38:34 GMT etag "5c7595ba-5798" content-type font/woff2 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes content-length 22424 expires Sun, 05 Nov 2023 02:01:21 GMT
GET H2	200	wellsfargosans-sbd.woff2 www15.wellsfargomedia.com/wfui/css/fonts/	22 KB 22 KB	80ms 13ms	Font font/woff2	184.24.31.94 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-sbd.woff2 Requested by Host: secu-my-acct.com URL: https://secu-my-acct.com/resources/wfui.dc5a086beca5b68bfa75.chunk.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 184.24.31.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a184-24-31-94.deploy.static.akamaitechnologies.com Software / Resource Hash `ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba` Request headers Referer https://secu-my-acct.com/ Origin https://secu-my-acct.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers date Sat, 05 Nov 2022 02:01:21 GMT last-modified Tue, 26 Feb 2019 19:38:34 GMT etag "5c7595ba-5848" content-type font/woff2 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes content-length 22600 expires Sun, 05 Nov 2023 02:01:21 GMT
GET H2	200	wellsfargoserif-rg.woff2 www15.wellsfargomedia.com/wfui/css/fonts/	26 KB 26 KB	79ms 12ms	Font font/woff2	184.24.31.94 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargoserif-rg.woff2 Requested by Host: secu-my-acct.com URL: https://secu-my-acct.com/resources/wfui.dc5a086beca5b68bfa75.chunk.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 184.24.31.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a184-24-31-94.deploy.static.akamaitechnologies.com Software / Resource Hash `aeb7b3bfc4281d35b02dfde05ac7a6c0d3daa7f3123b35a9cbd4b5a8e3f3c310` Request headers Referer https://secu-my-acct.com/ Origin https://secu-my-acct.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers date Sat, 05 Nov 2022 02:01:21 GMT last-modified Mon, 11 Mar 2019 20:52:01 GMT etag "5c86ca71-6854" content-type font/woff2 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes content-length 26708 expires Sun, 05 Nov 2023 02:01:21 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			secu-my-acct.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 2748a88aa98c9a9a8f051231ae2ef3a5

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

secu-my-acct.com
www15.wellsfargomedia.com
184.24.31.94
34.168.191.185
00f37084a77125b6ec9a0d7adbfe986578d1d5ef26514bc0d88b2b4ec39740f8
444238afa2c5dff88714941474ff5153227a31fe6a58f4cc8a0c3e517d5da629
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
9e996fe967eb8587a13a25eb1d22741d17195385800cd9375bcf1f2f8739cdd5
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
aeb7b3bfc4281d35b02dfde05ac7a6c0d3daa7f3123b35a9cbd4b5a8e3f3c310
c09753711c376ac7d47b28dca007a00ea49e907c3476fd12bdf8ae303cf52ec9
c465485aed683268f94dcdba95c6adfbc55f713aa7868df057f6e171600f9b00
d3ee0c954f26a12702c2ad4ca5fc14fa14198eadd59113a5baef17e0c1240ebe
fe1bdc09b7399736efc6617cf6762dc9c82516e0b3f1e0d80fe5287c262c199a

secu-my-acct.com Open in urlscan Pro 34.168.191.185 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

822 kBTransfer

820 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

1 Cookies

Indicators

secu-my-acct.com Open in urlscan Pro
34.168.191.185 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

822 kB
Transfer

820 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!