exbabylon.com Open in urlscan Pro
50.28.104.187 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.exbabylon.com/includes/cu/createj/insidekfe/wells.htm
Effective URL:
https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm
Submission: On November 01 via api (November 1st 2021, 5:17:57 pm UTC) from US — Scanned from DE

Summary HTTP 15 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 15 HTTP transactions. The main IP is 50.28.104.187, located in United States and belongs to LIQUIDWEB, US. The main domain is exbabylon.com.
TLS certificate: Issued by R3 on October 2nd 2021. Valid for: 3 months.

This is the only time exbabylon.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 15	50.28.104.187 50.28.104.187	53824 (LIQUIDWEB) (LIQUIDWEB)
1	159.45.66.156 159.45.66.156	4196 (WELLSFARG...) (WELLSFARGO-4196)
15	2

15 50.28.104.187 (United States) 1 redirects

ASN53824 (LIQUIDWEB, US)
PTR: www.exbabylon.com

www.exbabylon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
exbabylon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.45.66.156 (United States)

ASN4196 (WELLSFARGO-4196, US)

connect.secure.wellsfargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	exbabylon.com 1 redirects www.exbabylon.com exbabylon.com	242 KB
1	wellsfargo.com connect.secure.wellsfargo.com	17 KB
15	2

	Domain	Requested by
14	exbabylon.com	exbabylon.com
1	connect.secure.wellsfargo.com	exbabylon.com
1	www.exbabylon.com	1 redirects
15	3

This site contains links to these domains. Also see Links.

Domain
www.wellsfargo.com

Subject Issuer	Validity	Valid
www.voice.exbabylon.com R3	`2021-10-02` - `2021-12-31`	3 months	crt.sh
connect.secure.wellsfargo.com DigiCert EV RSA CA G2	`2020-07-09` - `2022-07-14`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm
Frame ID: 9D1008B85B2F842116C5F6D8E6B4C711
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Wells Fargo Sign On to View Your Accounts

Page URL History Show full URLs

http://www.exbabylon.com/includes/cu/createj/insidekfe/wells.htm HTTP 301
https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm Page URL

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

1
Countries

259 kB
Transfer

286 kB
Size

1
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://www.wellsfargo.com/

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/help/
Title: Customer Service

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/locator/
Title: Locations

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/products_services/applications_viewall.jhtml
Title: Apply

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/commitment
Title: Learn More

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/commitment/faqs/
Title: Frequently asked questions >

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/help/faqs/sign-on
Title: Email Security Help

Search URL Search Domain Scan URL

URL: http://www.wellsfargo.com/agreement
Title: www.wellsfargo.com/agreement

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/about/
Title: About Wells Fargo

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/privacy-security/
Title: Privacy, Security & Legal

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/privacy-security/fraud/report/phish
Title: Report Email Fraud

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/sitemap
Title: Sitemap

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/privacy-security/privacy/online#adchoices
Title: Ad Choices

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.exbabylon.com/includes/cu/createj/insidekfe/wells.htm HTTP 301
https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request wells.htm Show response
exbabylon.com/includes/cu/createj/insidekfe/
Redirect Chain

http://www.exbabylon.com/includes/cu/createj/insidekfe/wells.htm
https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm

10 KB
11 KB

435ms
151ms

Document
text/html

50.28.104.187
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

50.28.104.187 , United States, ASN53824 (LIQUIDWEB, US),

Reverse DNS

www.exbabylon.com

Software

Apache /

Resource Hash

26d94edf713aafdfae27a7cab434d76fee10ba25ebaa3395b3ba3c028927493a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Mon, 01 Nov 2021 17:17:51 GMT
Server: Apache
X-Content-Type-Options: nosniff
Last-Modified: Sun, 07 Mar 2021 01:53:00 GMT
Accept-Ranges: bytes
Content-Length: 10537
Cache-Control: max-age=1209600
Expires: Mon, 15 Nov 2021 17:17:51 GMT
Keep-Alive: timeout=2, max=150
Connection: Keep-Alive
Content-Type: text/html

Redirect headers

Date: Mon, 01 Nov 2021 17:17:50 GMT
Server: Apache
X-Content-Type-Options: nosniff
Location: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm
Cache-Control: max-age=1209600
Expires: Mon, 15 Nov 2021 17:17:50 GMT
Content-Length: 269
Keep-Alive: timeout=2, max=150
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK nd Show response
exbabylon.com/includes/cu/createj/insidekfe/wells_files/ 39 KB
39 KB 152ms
151ms Script
text/plain 50.28.104.187
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/nd

Requested by

Host: exbabylon.com
URL: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

50.28.104.187 , United States, ASN53824 (LIQUIDWEB, US),

Reverse DNS

www.exbabylon.com

Software

Apache /

Resource Hash

ffc539eb345f9466fecbe7b7ea8d2db0f56ef3857c8b26159d9a230bf9afdb4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 01 Nov 2021 17:17:51 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Dec 2020 23:57:28 GMT
Server: Apache
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=149
Content-Length: 39657
Expires: Mon, 15 Nov 2021 17:17:51 GMT

GET
H/1.1 200
OK signonCommitment.css
exbabylon.com/includes/cu/createj/insidekfe/wells_files/ 6 KB
6 KB 441ms
154ms Stylesheet
text/css 50.28.104.187
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/signonCommitment.css

Requested by

Host: exbabylon.com
URL: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

50.28.104.187 , United States, ASN53824 (LIQUIDWEB, US),

Reverse DNS

www.exbabylon.com

Software

Apache /

Resource Hash

7c21a45f9e10b50948faf43421ae13f1a49c75c9e44604c63b9bd1c34075d474

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 01 Nov 2021 17:17:51 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Dec 2020 23:57:28 GMT
Server: Apache
Content-Type: text/css
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=150
Content-Length: 6022
Expires: Mon, 15 Nov 2021 17:17:51 GMT

GET
H/1.1 200
OK theme.css
exbabylon.com/includes/cu/createj/insidekfe/wells_files/ 8 KB
9 KB 467ms
180ms Stylesheet
text/css 50.28.104.187
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/theme.css

Requested by

Host: exbabylon.com
URL: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

50.28.104.187 , United States, ASN53824 (LIQUIDWEB, US),

Reverse DNS

www.exbabylon.com

Software

Apache /

Resource Hash

f82a7a512d314b7ce4c4bbab30c4528e0c3136514b694ca53213f06b246b273c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 01 Nov 2021 17:17:51 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Dec 2020 23:57:28 GMT
Server: Apache
Content-Type: text/css
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=150
Content-Length: 8545
Expires: Mon, 15 Nov 2021 17:17:51 GMT

GET
H/1.1 200
OK login-userprefs.js Show response
exbabylon.com/includes/cu/createj/insidekfe/wells_files/ 144 KB
144 KB 448ms
162ms Script
application/javascript 50.28.104.187
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/login-userprefs.js

Requested by

Host: exbabylon.com
URL: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

50.28.104.187 , United States, ASN53824 (LIQUIDWEB, US),

Reverse DNS

www.exbabylon.com

Software

Apache /

Resource Hash

1b1b1c060912cb94b0db47fb6740b14ca96f731b0f1125bae5130a83e92d5f07

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 01 Nov 2021 17:17:51 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Dec 2020 23:57:28 GMT
Server: Apache
Content-Type: application/javascript
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=150
Content-Length: 147243
Expires: Mon, 15 Nov 2021 17:17:51 GMT

GET
H/1.1 200
OK conutils-6.js Show response
exbabylon.com/includes/cu/createj/insidekfe/wells_files/ 10 KB
10 KB 451ms
165ms Script
application/javascript 50.28.104.187
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/conutils-6.js

Requested by

Host: exbabylon.com
URL: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

50.28.104.187 , United States, ASN53824 (LIQUIDWEB, US),

Reverse DNS

www.exbabylon.com

Software

Apache /

Resource Hash

3313ac9f2c148df9dc8581ae4d7bb9023c3ef933d1152db47de29e32ec5f67b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 01 Nov 2021 17:17:51 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Dec 2020 23:57:28 GMT
Server: Apache
Content-Type: application/javascript
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=150
Content-Length: 9924
Expires: Mon, 15 Nov 2021 17:17:51 GMT

GET
H/1.1 200
OK atadun.js Show response
exbabylon.com/includes/cu/createj/insidekfe/wells_files/ 1 KB
1 KB 451ms
166ms Script
application/javascript 50.28.104.187
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/atadun.js

Requested by

Host: exbabylon.com
URL: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

50.28.104.187 , United States, ASN53824 (LIQUIDWEB, US),

Reverse DNS

www.exbabylon.com

Software

Apache /

Resource Hash

5fb7b85658a6e615400e0f1f3e16fc869bbd099b3c3c181c294c05d1d7d1cfe5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 01 Nov 2021 17:17:51 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Dec 2020 23:57:28 GMT
Server: Apache
Content-Type: application/javascript
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=150
Content-Length: 1067
Expires: Mon, 15 Nov 2021 17:17:51 GMT

GET
H/1.1 200
OK wflogo-gfrewards.png
exbabylon.com/includes/cu/createj/insidekfe/wells_files/ 20 KB
21 KB 151ms
150ms Image
image/png 50.28.104.187
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/wflogo-gfrewards.png

Requested by

Host: exbabylon.com
URL: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

50.28.104.187 , United States, ASN53824 (LIQUIDWEB, US),

Reverse DNS

www.exbabylon.com

Software

Apache /

Resource Hash

8acab8f477754cb0846b2eca8bfea7c4e5a0e3a5348a3ff69fe67bfaef42b8ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 01 Nov 2021 17:17:51 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Dec 2020 23:57:28 GMT
Server: Apache
Content-Type: image/png
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=149
Content-Length: 20681
Expires: Mon, 15 Nov 2021 17:17:51 GMT

GET
H/1.1 404
Not Found conutils-6.2.2.js
exbabylon.com/auth/static/scripts/ 0
0 287ms
287ms Script
text/html 50.28.104.187
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://exbabylon.com/auth/static/scripts/conutils-6.2.2.js

Requested by

Host: exbabylon.com
URL: https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/login-userprefs.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

50.28.104.187 , United States, ASN53824 (LIQUIDWEB, US),

Reverse DNS

www.exbabylon.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 01 Nov 2021 17:17:52 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Language: en
Cache-Control: no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Keep-Alive: timeout=2, max=149
Expires: Sun, 19 Nov 1978 05:00:00 GMT

GET
H/1.1 404
Not Found atadun.js
exbabylon.com/auth/static/prefs/ 0
0 284ms
284ms Script
text/html 50.28.104.187
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://exbabylon.com/auth/static/prefs/atadun.js

Requested by

Host: exbabylon.com
URL: https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/login-userprefs.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

50.28.104.187 , United States, ASN53824 (LIQUIDWEB, US),

Reverse DNS

www.exbabylon.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 01 Nov 2021 17:17:52 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Language: en
Cache-Control: no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Keep-Alive: timeout=2, max=148
Expires: Sun, 19 Nov 1978 05:00:00 GMT

GET
H/1.1 404
Not Found atadun.js
exbabylon.com/auth/static/prefs/ 0
0 290ms
290ms Script
text/html 50.28.104.187
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://exbabylon.com/auth/static/prefs/atadun.js

Requested by

Host: exbabylon.com
URL: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

50.28.104.187 , United States, ASN53824 (LIQUIDWEB, US),

Reverse DNS

www.exbabylon.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 01 Nov 2021 17:17:52 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Language: en
Cache-Control: no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Keep-Alive: timeout=2, max=149
Expires: Sun, 19 Nov 1978 05:00:00 GMT

GET
H/1.1 200 nd Show response
connect.secure.wellsfargo.com/jenny/ 47 KB
17 KB 547ms
130ms Script
application/javascript 159.45.66.156
WELLSFARGO-4196

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.secure.wellsfargo.com/jenny/nd

Requested by

Host: exbabylon.com
URL: https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/atadun.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.45.66.156 , United States, ASN4196 (WELLSFARGO-4196, US),

Reverse DNS

Software

KONICHIWA/1.1 /

Resource Hash

63d422e3aea64b0b92fb4cfbe0ff991d8d7cb5e5678705017e9fc3714caf213c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://exbabylon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: KONICHIWA/1.1
Date: Mon, 01 Nov 2021 17:17:52 GMT
X-Frame-Options: DENY
Content-Type: application/javascript;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
vary: accept-encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=600

GET
H/1.1 404
Not Found search_corner.gif
exbabylon.com/includes/cu/createj/insidekfe/wells_files/images/ 349 B
349 B 308ms
308ms Image
text/html 50.28.104.187
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/images/search_corner.gif

Requested by

Host: exbabylon.com
URL: https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/signonCommitment.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

50.28.104.187 , United States, ASN53824 (LIQUIDWEB, US),

Reverse DNS

www.exbabylon.com

Software

Apache /

Resource Hash

219cacd78efdc246620291bd6be628e280d6906542e47907d7fa36a233aeb0d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/signonCommitment.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 01 Nov 2021 17:17:52 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Language: en
Cache-Control: no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Keep-Alive: timeout=2, max=149
Expires: Sun, 19 Nov 1978 05:00:00 GMT

GET
H/1.1 404
Not Found btn_blueslice.gif
exbabylon.com/includes/cu/createj/insidekfe/wells_files/images/ 349 B
349 B 299ms
299ms Image
text/html 50.28.104.187
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/images/btn_blueslice.gif

Requested by

Host: exbabylon.com
URL: https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/signonCommitment.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

50.28.104.187 , United States, ASN53824 (LIQUIDWEB, US),

Reverse DNS

www.exbabylon.com

Software

Apache /

Resource Hash

94b4f81f908d18dceef2dee615d6fbc424faead3a6a9b1eb5ace1f7485c857f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/signonCommitment.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 01 Nov 2021 17:17:52 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Language: en
Cache-Control: no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Keep-Alive: timeout=2, max=149
Expires: Sun, 19 Nov 1978 05:00:00 GMT

GET
H/1.1 404
Not Found wellsfargo-storefront_outdoors-street_cars-and-people-crossing_722x185.png
exbabylon.com/includes/cu/createj/images/ 384 B
384 B 309ms
309ms Image
text/html 50.28.104.187
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://exbabylon.com/includes/cu/createj/images/wellsfargo-storefront_outdoors-street_cars-and-people-crossing_722x185.png

Requested by

Host: exbabylon.com
URL: https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/theme.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

50.28.104.187 , United States, ASN53824 (LIQUIDWEB, US),

Reverse DNS

www.exbabylon.com

Software

Apache /

Resource Hash

602196d23f1429ce0b4ffac5a83b742cebeea9d1a9d42b298a5f1d0eed552301

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/theme.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 01 Nov 2021 17:17:52 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Language: en
Cache-Control: no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Keep-Alive: timeout=2, max=148
Expires: Sun, 19 Nov 1978 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

110 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.exbabylon.com/	1970-01-19 22:23:10	Name: ndsid Value: ndsao5y97503bhkvgxdztz

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://exbabylon.com/includes/cu/createj/insidekfe/wells.htm Message: Refused to execute script from 'https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/nd' because its MIME type ('') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://exbabylon.com/auth/static/prefs/atadun.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://exbabylon.com/auth/static/scripts/conutils-6.2.2.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://exbabylon.com/auth/static/prefs/atadun.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/images/btn_blueslice.gif Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://exbabylon.com/includes/cu/createj/insidekfe/wells_files/images/search_corner.gif Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://exbabylon.com/includes/cu/createj/images/wellsfargo-storefront_outdoors-street_cars-and-people-crossing_722x185.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

connect.secure.wellsfargo.com
exbabylon.com
www.exbabylon.com
159.45.66.156
50.28.104.187
1b1b1c060912cb94b0db47fb6740b14ca96f731b0f1125bae5130a83e92d5f07
219cacd78efdc246620291bd6be628e280d6906542e47907d7fa36a233aeb0d9
26d94edf713aafdfae27a7cab434d76fee10ba25ebaa3395b3ba3c028927493a
3313ac9f2c148df9dc8581ae4d7bb9023c3ef933d1152db47de29e32ec5f67b0
5fb7b85658a6e615400e0f1f3e16fc869bbd099b3c3c181c294c05d1d7d1cfe5
602196d23f1429ce0b4ffac5a83b742cebeea9d1a9d42b298a5f1d0eed552301
63d422e3aea64b0b92fb4cfbe0ff991d8d7cb5e5678705017e9fc3714caf213c
7c21a45f9e10b50948faf43421ae13f1a49c75c9e44604c63b9bd1c34075d474
8acab8f477754cb0846b2eca8bfea7c4e5a0e3a5348a3ff69fe67bfaef42b8ab
94b4f81f908d18dceef2dee615d6fbc424faead3a6a9b1eb5ace1f7485c857f9
f82a7a512d314b7ce4c4bbab30c4528e0c3136514b694ca53213f06b246b273c
ffc539eb345f9466fecbe7b7ea8d2db0f56ef3857c8b26159d9a230bf9afdb4a

exbabylon.com Open in urlscan Pro 50.28.104.187 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

15 Requests

100 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

2 IPs

1 Countries

259 kBTransfer

286 kBSize

1 Cookies

14 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

110 JavaScript Global Variables

1 Cookies

7 Console Messages

Security Headers

Indicators

exbabylon.com Open in urlscan Pro
50.28.104.187 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

1
Countries

259 kB
Transfer

286 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!