# wefab.online — MALICIOUS

> Avoid wefab.online, a high-risk phishing site impersonating Wells Fargo. Domain now offline but once flagged for credential theft.

## Summary
PhishDestroy identifies wefab.online as a high-risk phishing domain targeting Wells Fargo customers. Classified under generic phishing threats, it aims to deceive users into revealing sensitive financial details by mimicking a trusted brand.

The domain was registered recently on February 21, 2026, through Global Domain Group LLC and resolved to the IP address 163.61.188.5. VirusTotal flagged 16 out of 95 security vendors for malicious activity linked to this site. Additionally, it appeared on one security blocklist and was referenced in three AlienVault OTX threat intelligence pulses. These indicators collectively reinforce its malicious intent and active surveillance status.

Currently, wefab.online has been taken offline, mitigating immediate user exposure. To prevent phishing attacks, users should avoid clicking any links associated with this domain and verify URLs carefully before entering credentials. Organizations are advised to block the domain at network levels and inform users about this threat to enhance security posture.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Wells Fargo

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Expires: 2026-12-30 00:00:00
- Registrar: Global Domain Group LLC
- Country: CA
- IP: 163.61.188.5
- IP Country: US
- IP City: New York City
- IP Org: AS153568 NEW DHAKA HARDWARE
- Nameservers: dns1.lytehosting.com dns2.lytehosting.com dns3.lytehosting.com dns4.lytehosting.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Lionic", "Seclookup", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b985f-49f9-743b-981d-a5c947b7c71e.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/c1bf62e2-a439-41f2-a465-408767ba8636
- PhishDestroy: https://phishdestroy.io/domain/wefab.online/
- LLM endpoint: https://phishdestroy.io/domain/wefab.online/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wefab.online/
Last updated: 2026-03-19