connectsecure.netlify.app
Open in
urlscan Pro
3.64.200.242
Malicious Activity!
Public Scan
Effective URL: https://connectsecure.netlify.app/
Submission Tags: #phishing @ecarlesi Search All
Submission: On November 20 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on February 15th 2022. Valid for: a year.
This is the only time connectsecure.netlify.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 192.64.119.254 192.64.119.254 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
5 | 3.64.200.242 3.64.200.242 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 104.16.88.20 104.16.88.20 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.21.11.160 104.21.11.160 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 52.20.78.240 52.20.78.240 | 14618 (AMAZON-AES) (AMAZON-AES) | |
9 | 5 |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-200-242.eu-central-1.compute.amazonaws.com
connectsecure.netlify.app |
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-78-240.compute-1.amazonaws.com
api.ipify.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
netlify.app
connectsecure.netlify.app |
1 MB |
2 |
killbot.org
killbot.org |
1 KB |
1 |
ipify.org
api.ipify.org — Cisco Umbrella Rank: 2887 |
265 B |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 374 |
2 KB |
1 |
authwellpro.online
1 redirects
authwellpro.online |
250 B |
9 | 5 |
Domain | Requested by | |
---|---|---|
5 | connectsecure.netlify.app |
connectsecure.netlify.app
|
2 | killbot.org |
cdn.jsdelivr.net
|
1 | api.ipify.org |
connectsecure.netlify.app
|
1 | cdn.jsdelivr.net |
connectsecure.netlify.app
|
1 | authwellpro.online | 1 redirects |
9 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.netlify.app DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-02-15 - 2023-03-02 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-02 - 2023-06-01 |
a year | crt.sh |
*.ipify.org Sectigo RSA Domain Validation Secure Server CA |
2022-02-07 - 2023-03-10 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://connectsecure.netlify.app/
Frame ID: EA49B30D827E65E874C2C1F3B598B2F8
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
accessPage URL History Show full URLs
-
http://authwellpro.online/
HTTP 302
https://connectsecure.netlify.app/ Page URL
Detected technologies
Netlify (Web Servers) ExpandDetected patterns
- ^https?://[^/]+\.netlify\.(?:com|app)/
Vue.js (JavaScript Frameworks) Expand
Detected patterns
- <[^>]+\sdata-v(?:ue)?-
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://authwellpro.online/
HTTP 302
https://connectsecure.netlify.app/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
connectsecure.netlify.app/ Redirect Chain
|
946 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.min.js
cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.47604a3f.js
connectsecure.netlify.app/js/ |
233 KB 80 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.5f9cbeb0.js
connectsecure.netlify.app/js/ |
291 KB 196 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.591e6ba5.css
connectsecure.netlify.app/css/ |
280 KB 61 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
whois
killbot.org/api/v2/ |
266 B 924 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api.ipify.org/ |
23 B 265 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
28 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cap2.e6aef70b.gif
connectsecure.netlify.app/img/ |
957 KB 957 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
29 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
blocker
killbot.org/api/v2/ |
271 B 598 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| _0x3185 function| _0x501f function| _0x34aede object| webpackChunkaccess boolean| __VUE__ function| jQuery function| $0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.ipify.org
authwellpro.online
cdn.jsdelivr.net
connectsecure.netlify.app
killbot.org
104.16.88.20
104.21.11.160
192.64.119.254
3.64.200.242
52.20.78.240
0454df14d4950a03f867903fa38df41256c8307a8cc55742ce78b84ffbf3cfc9
40ef7a9984ba89783b13b50437e96b1f5fac2023a350b07991245077718bbee3
45cfad2ff0d5f5b33b35f95030c7cb40b443466114e45ebadbdff98dacd68f7f
85de660c7cb3d8fe8abd157ad22d842a002ad33b14f06512dd9e0aec534fe0a7
8a02e1dd5b215bbd6f0031c7418a96af0c9c09345e54dff69f3f68da1f57d2ce
8f8924aa32e0dd06135c33273ca40421ea943efe1f36df7422f855c515db660a
9201a4dd72552b72e5d631325b0f9951a3502dfcc82b50f287727622cf000b49
a8831773f69697c641e349c519d162ad5afe58cc583703d96f98a79d29087ef1
b6394955390cd6d892938ed49259ec48eb4a10018b89f6a0b09d2af301f61d59
c7cbba7c17b6ef4f2a592b232c0f249750d1589b9c8e1c3a2aa09e029f071565
caf20cfcf05c96d63fdc66bf22b35dfd6f563d72257ef813a5cf7a527e842726