connectsecure.netlify.app Open in urlscan Pro
3.64.200.242 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://authwellpro.online/
Effective URL:
https://connectsecure.netlify.app/
Submission Tags: #phishing @ecarlesi Search All
Submission: On November 20 via api (November 20th 2022, 7:19:26 am UTC) from FI — Scanned from FI

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 9 HTTP transactions. The main IP is 3.64.200.242, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is connectsecure.netlify.app.
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on February 15th 2022. Valid for: a year.

This is the only time connectsecure.netlify.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.64.119.254 192.64.119.254	22612 (NAMECHEAP...) (NAMECHEAP-NET)
5	3.64.200.242 3.64.200.242	16509 (AMAZON-02) (AMAZON-02)
1	104.16.88.20 104.16.88.20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.21.11.160 104.21.11.160	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.20.78.240 52.20.78.240	14618 (AMAZON-AES) (AMAZON-AES)
9	5

1 192.64.119.254 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)

authwellpro.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.64.200.242 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-200-242.eu-central-1.compute.amazonaws.com

connectsecure.netlify.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.88.20 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.21.11.160 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

killbot.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.20.78.240 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-78-240.compute-1.amazonaws.com

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	netlify.app connectsecure.netlify.app	1 MB
2	killbot.org killbot.org	1 KB
1	ipify.org api.ipify.org — Cisco Umbrella Rank: 2887	265 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 374	2 KB
1	authwellpro.online 1 redirects authwellpro.online	250 B
9	5

	Domain	Requested by
5	connectsecure.netlify.app	connectsecure.netlify.app
2	killbot.org	cdn.jsdelivr.net
1	api.ipify.org	connectsecure.netlify.app
1	cdn.jsdelivr.net	connectsecure.netlify.app
1	authwellpro.online	1 redirects
9	5

This site contains no links.

Subject Issuer	Validity	Valid
*.netlify.app DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-15` - `2023-03-02`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2022-02-07` - `2023-03-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://connectsecure.netlify.app/
Frame ID: EA49B30D827E65E874C2C1F3B598B2F8
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

access

Page URL History Show full URLs

http://authwellpro.online/ HTTP 302
https://connectsecure.netlify.app/ Page URL

Detected technologies

Netlify (Web Servers) Expand

Overall confidence: 100%
Detected patterns

^https?://[^/]+\.netlify\.(?:com|app)/

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

1299 kB
Transfer

1822 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://authwellpro.online/ HTTP 302
https://connectsecure.netlify.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
connectsecure.netlify.app/
Redirect Chain

http://authwellpro.online/
https://connectsecure.netlify.app/

946 B
1 KB

492ms
61ms

Document
text/html

3.64.200.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://connectsecure.netlify.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.64.200.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-64-200-242.eu-central-1.compute.amazonaws.com

Software

Netlify /

Resource Hash

c7cbba7c17b6ef4f2a592b232c0f249750d1589b9c8e1c3a2aa09e029f071565

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

age: 211
cache-control: public, max-age=0, must-revalidate
content-length: 946
content-type: text/html; charset=UTF-8
date: Sun, 20 Nov 2022 07:15:48 GMT
etag: "e22524244dd588c91e72675a419109c8-ssl"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01GJ9YFT1HHNXVPRASAYHZ63F6

Redirect headers

Connection: keep-alive
Content-Length: 57
Content-Type: text/html; charset=utf-8
Date: Sun, 20 Nov 2022 07:19:19 GMT
Location: https://connectsecure.netlify.app/
Server: namecheap-nginx
X-Served-By: Namecheap URL Forward

GET
H2 200 main.min.js Show response
cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/ 3 KB
2 KB 464ms
49ms Script
application/javascript 104.16.88.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/main.min.js

Requested by

Host: connectsecure.netlify.app
URL: https://connectsecure.netlify.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.88.20 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8831773f69697c641e349c519d162ad5afe58cc583703d96f98a79d29087ef1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://connectsecure.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 20 Nov 2022 07:19:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 23348
x-jsd-version: master
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19138-FRA, cache-yyz4558-YYZ
x-jsd-version-type: branch
server: cloudflare
etag: W/"a7c-kmbumraAtj1yBda8Zbl2dRPRYqU"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W8m5vBGLlfwKdZoDAiRN%2BZh9uqdr88I4aJVLhpVibwl30PpeD%2FCGP3125z%2BIsfwK%2BfMnJHKlPNF9HwIk8jxppQ9wyyhb4kH%2B6yRzY1nlXzLRkg9QQLamuQ%2B8jtU2x3GqqpU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 76cf6ab01d590a1f-ARN

GET
H2 200 chunk-vendors.47604a3f.js Show response
connectsecure.netlify.app/js/ 233 KB
80 KB 196ms
195ms Script
application/javascript 3.64.200.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://connectsecure.netlify.app/js/chunk-vendors.47604a3f.js

Requested by

Host: connectsecure.netlify.app
URL: https://connectsecure.netlify.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.64.200.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-64-200-242.eu-central-1.compute.amazonaws.com

Software

Netlify /

Resource Hash

caf20cfcf05c96d63fdc66bf22b35dfd6f563d72257ef813a5cf7a527e842726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://connectsecure.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-nf-request-id: 01GJ9YFT3KP3AF5E0C03XE7Y32
date: Sun, 20 Nov 2022 07:19:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: Netlify
age: 2
etag: "1671144e8593e49e22c18a7b737d07c0-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 app.5f9cbeb0.js Show response
connectsecure.netlify.app/js/ 291 KB
196 KB 189ms
186ms Script
application/javascript 3.64.200.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://connectsecure.netlify.app/js/app.5f9cbeb0.js

Requested by

Host: connectsecure.netlify.app
URL: https://connectsecure.netlify.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.64.200.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-64-200-242.eu-central-1.compute.amazonaws.com

Software

Netlify /

Resource Hash

9201a4dd72552b72e5d631325b0f9951a3502dfcc82b50f287727622cf000b49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://connectsecure.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-nf-request-id: 01GJ9YFTFRA6FP4VYFMG97W5X3
date: Sun, 20 Nov 2022 07:19:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: Netlify
age: 0
etag: "47edb087635d2e7b0e5423507072e4c8-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 app.591e6ba5.css
connectsecure.netlify.app/css/ 280 KB
61 KB 192ms
192ms Stylesheet
text/css 3.64.200.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://connectsecure.netlify.app/css/app.591e6ba5.css

Requested by

Host: connectsecure.netlify.app
URL: https://connectsecure.netlify.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.64.200.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-64-200-242.eu-central-1.compute.amazonaws.com

Software

Netlify /

Resource Hash

b6394955390cd6d892938ed49259ec48eb4a10018b89f6a0b09d2af301f61d59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://connectsecure.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-nf-request-id: 01GJ9YFT3K5D2YAJMR14T1MCG9
date: Sun, 20 Nov 2022 07:19:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: Netlify
age: 2
etag: "a72255e64e8f200774c1e46b155c4c7c-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 whois Show response
killbot.org/api/v2/ 266 B
924 B 1293ms
822ms Fetch
application/json 104.21.11.160
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://killbot.org/api/v2/whois?apikey=DV7PREQMafaXJMJtiwJ_02ofP52LhsXcLuldp070FR0PC
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.11.160 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85de660c7cb3d8fe8abd157ad22d842a002ad33b14f06512dd9e0aec534fe0a7

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://connectsecure.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 20 Nov 2022 07:19:21 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: no-cache
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rhjG34R2WGTlc3dnTZrZhDWdkTLUhex5an7sRb5gVMs1waWMBqtc4UbRbGLaTlmxi6qIuWJ%2BU%2BskV%2BI3%2ByywK3gCvTFSdVfo%2BatbWFjM1nA1ov986GxMfG2Xd4hlqw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 76cf6ab37a962d97-KBP
bug-bounty: Report to live chat :)
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK / Show response
api.ipify.org/ 23 B
265 B 426ms
136ms XHR
application/json 52.20.78.240
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: connectsecure.netlify.app
URL: https://connectsecure.netlify.app/js/chunk-vendors.47604a3f.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.20.78.240 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-20-78-240.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: 0454df14d4950a03f867903fa38df41256c8307a8cc55742ce78b84ffbf3cfc9

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://connectsecure.netlify.app/
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Sun, 20 Nov 2022 07:19:21 GMT
Via: 1.1 vegur
Server: Cowboy
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://connectsecure.netlify.app
Connection: keep-alive
Content-Length: 23

GET
DATA 200
OK truncated
/ 28 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 40ef7a9984ba89783b13b50437e96b1f5fac2023a350b07991245077718bbee3

Request headers

accept-language: fi-FI,fi;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 cap2.e6aef70b.gif
connectsecure.netlify.app/img/ 957 KB
957 KB 172ms
172ms Image
image/gif 3.64.200.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://connectsecure.netlify.app/img/cap2.e6aef70b.gif

Requested by

Host: connectsecure.netlify.app
URL: https://connectsecure.netlify.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.64.200.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-64-200-242.eu-central-1.compute.amazonaws.com

Software

Netlify /

Resource Hash

8f8924aa32e0dd06135c33273ca40421ea943efe1f36df7422f855c515db660a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://connectsecure.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-nf-request-id: 01GJ9YFTY6RZMQYMT1PVB4PV7N
date: Sun, 20 Nov 2022 07:19:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: Netlify
age: 0
etag: "53f8b1b3f2883889ab7ede2d53df3b86-ssl"
content-type: image/gif
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 979676

GET
DATA 200
OK truncated
/ 29 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45cfad2ff0d5f5b33b35f95030c7cb40b443466114e45ebadbdff98dacd68f7f

Request headers

accept-language: fi-FI,fi;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 403 blocker Show response
killbot.org/api/v2/ 271 B
598 B 490ms
489ms Fetch
application/json 104.21.11.160
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://killbot.org/api/v2/blocker?apikey=DV7PREQMafaXJMJtiwJ_02ofP52LhsXcLuldp070FR0PC&ip=194.34.134.147&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/107.0.5304.110%20Safari/537.36&url=
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.11.160 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a02e1dd5b215bbd6f0031c7418a96af0c9c09345e54dff69f3f68da1f57d2ce

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://connectsecure.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 20 Nov 2022 07:19:22 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: no-cache
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uitsKT3PX5ZmnqjNVOR%2FGy2JxtdeKx35%2BPtpKozI%2BFwHzX3XMqNtDPm4QXJjHs%2B9LFguLGvNDqhy9CNKv93dzYbTADlgIgF7ciemZj5MmLinERsM3oxkGm5LHZbcyg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 76cf6ab89dda2d97-KBP
bug-bounty: Report to live chat :)
expires: Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://killbot.org/api/v2/blocker?apikey=DV7PREQMafaXJMJtiwJ_02ofP52LhsXcLuldp070FR0PC&ip=194.34.134.147&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/107.0.5304.110%20Safari/537.36&url= Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
authwellpro.online
cdn.jsdelivr.net
connectsecure.netlify.app
killbot.org
104.16.88.20
104.21.11.160
192.64.119.254
3.64.200.242
52.20.78.240
0454df14d4950a03f867903fa38df41256c8307a8cc55742ce78b84ffbf3cfc9
40ef7a9984ba89783b13b50437e96b1f5fac2023a350b07991245077718bbee3
45cfad2ff0d5f5b33b35f95030c7cb40b443466114e45ebadbdff98dacd68f7f
85de660c7cb3d8fe8abd157ad22d842a002ad33b14f06512dd9e0aec534fe0a7
8a02e1dd5b215bbd6f0031c7418a96af0c9c09345e54dff69f3f68da1f57d2ce
8f8924aa32e0dd06135c33273ca40421ea943efe1f36df7422f855c515db660a
9201a4dd72552b72e5d631325b0f9951a3502dfcc82b50f287727622cf000b49
a8831773f69697c641e349c519d162ad5afe58cc583703d96f98a79d29087ef1
b6394955390cd6d892938ed49259ec48eb4a10018b89f6a0b09d2af301f61d59
c7cbba7c17b6ef4f2a592b232c0f249750d1589b9c8e1c3a2aa09e029f071565
caf20cfcf05c96d63fdc66bf22b35dfd6f563d72257ef813a5cf7a527e842726

connectsecure.netlify.app Open in urlscan Pro 3.64.200.242 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

5 IPs

3 Countries

1299 kBTransfer

1822 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

connectsecure.netlify.app Open in urlscan Pro
3.64.200.242 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

1299 kB
Transfer

1822 kB
Size

0
Cookies

9 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!