wellssecurecnnect.com Open in urlscan Pro
31.41.44.127 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bit.ly/2TmMBEj
Effective URL:
https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
Submission: On October 27 via manual (October 27th 2020, 9:54:26 am UTC) from IN

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 14 HTTP transactions. The main IP is 31.41.44.127, located in Russian Federation and belongs to ASRELINK, RU. The main domain is wellssecurecnnect.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 15th 2020. Valid for: 3 months.

This is the only time wellssecurecnnect.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.11 67.199.248.11	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
1	185.120.57.202 185.120.57.202	202933 (CLOUDSOLU...) (CLOUDSOLUTIONS)
11	31.41.44.127 31.41.44.127	56577 (ASRELINK) (ASRELINK)
1	2606:4700:10:... 2606:4700:10::ac43:1e94	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:2b	20446 (HIGHWINDS3) (HIGHWINDS3)
14	4

1 67.199.248.11 (United States) 1 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.120.57.202 (Moscow, Russian Federation)

ASN202933 (CLOUDSOLUTIONS, RU)
PTR: 72658.hosted-by-virtualdc.ru

appod.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 31.41.44.127 (Russian Federation)

ASN56577 (ASRELINK, RU)
PTR: ugsqkng.example.com

wellssecurecnnect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:1e94 (United States)

ASN13335 (CLOUDFLARENET, US)

getbootstrap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:2b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	wellssecurecnnect.com wellssecurecnnect.com	291 KB
1	jquery.com code.jquery.com	24 KB
1	getbootstrap.com getbootstrap.com	19 KB
1	appod.live appod.live	422 B
1	bit.ly 1 redirects bit.ly	253 B
14	5

	Domain	Requested by
11	wellssecurecnnect.com	wellssecurecnnect.com
1	code.jquery.com	wellssecurecnnect.com
1	getbootstrap.com	wellssecurecnnect.com
1	appod.live
1	bit.ly	1 redirects
14	5

This site contains no links.

Subject Issuer	Validity	Valid
appod.live Let's Encrypt Authority X3	`2020-10-24` - `2021-01-22`	3 months	crt.sh
wellssecurecnnect.com Let's Encrypt Authority X3	`2020-10-15` - `2021-01-13`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-12` - `2021-08-12`	a year	crt.sh
jquery.org Sectigo RSA Domain Validation Secure Server CA	`2020-10-06` - `2021-10-16`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
Frame ID: 4765573EE13F35E5B2763BF18D60D63E
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://bit.ly/2TmMBEj HTTP 301
https://appod.live/XaVs4ecPhbU Page URL
https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

14
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

334 kB
Transfer

567 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bit.ly/2TmMBEj HTTP 301
https://appod.live/XaVs4ecPhbU Page URL
https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://bit.ly/2TmMBEj HTTP 301
https://appod.live/XaVs4ecPhbU

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

404
Not Found

XaVs4ecPhbU Show response
appod.live/
Redirect Chain

https://bit.ly/2TmMBEj
https://appod.live/XaVs4ecPhbU

141 B
422 B

263ms
73ms

Document
text/html

185.120.57.202
CLOUDSOLUTIONS

General

Check archive.org

Show headers Download Go to

Full URL: https://appod.live/XaVs4ecPhbU
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.120.57.202 Moscow, Russian Federation, ASN202933 (CLOUDSOLUTIONS, RU),
Reverse DNS: 72658.hosted-by-virtualdc.ru
Software: nginx /
Resource Hash: 3cdbb7c670d62ff63af59c53b00804439e66908dc49fdd60318b287897200424

Request headers

Host: appod.live
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Tue, 27 Oct 2020 09:54:10 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 141
Connection: keep-alive
Keep-Alive: timeout=60
Last-Modified: Mon, 26 Oct 2020 11:25:46 GMT
ETag: "8d-5b2913109f7ac"
Accept-Ranges: bytes

Redirect headers

status: 301
server: nginx
date: Tue, 27 Oct 2020 09:54:10 GMT
content-type: text/html; charset=utf-8
content-length: 117
cache-control: private, max-age=90
content-security-policy: referrer always;
location: https://appod.live/XaVs4ecPhbU
referrer-policy: unsafe-url
set-cookie: _bit=k9r9Sa-dd709001830c36d5d2-005; Domain=bit.ly; Expires=Sun, 25 Apr 2021 09:54:10 GMT
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK Primary Request present Show response
wellssecurecnnect.com/auth/login/ 9 KB
3 KB 733ms
191ms Document
text/html 31.41.44.127
ASRELINK

General

Check archive.org

Show headers Download Go to

Full URL: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.44.127 , Russian Federation, ASN56577 (ASRELINK, RU),
Reverse DNS: ugsqkng.example.com
Software: nginx /
Resource Hash: 0d29a42952f4540a7ffccbe00a3a7b80854adff91dad9bc621f2fc39f22e3406

Request headers

Host: wellssecurecnnect.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://appod.live/XaVs4ecPhbU
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://appod.live/XaVs4ecPhbU

Response headers

Server: nginx
Date: Tue, 27 Oct 2020 09:54:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 17 Oct 2020 17:16:25 GMT
ETag: W/"252c-5b1e10a7f762d"
Content-Encoding: gzip

GET
H2 200 bootstrap.min.css
getbootstrap.com/docs/4.0/dist/css/ 141 KB
19 KB 45ms
28ms Stylesheet
text/css 2606:4700:10::ac43:1e94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://getbootstrap.com/docs/4.0/dist/css/bootstrap.min.css

Requested by

Host: wellssecurecnnect.com
URL: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1e94 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id: 2960c86153656e073f77c5b6c6c1de2666093f1b
date: Tue, 27 Oct 2020 09:54:11 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 344
x-cache: HIT
status: 200
x-cache-hits: 1
content-encoding: br
vary: Accept-Encoding
cf-request-id: 060b13cfff000016e64d1a0000000001
x-served-by: cache-fra19129-FRA
last-modified: Wed, 14 Oct 2020 17:57:16 GMT
server: cloudflare
x-github-request-id: E630:127C:25BD133:27FEC81:5F873C27
x-timer: S1603376134.573035,VS0,VE1
etag: W/"5f873bfc-235ed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
x-proxy-cache: HIT
cf-ray: 5e8b88c6686216e6-FRA
x-origin-cache: HIT
expires: Sun, 25 Oct 2020 06:23:26 GMT

GET
H/1.1 200
OK logo.png
wellssecurecnnect.com/auth/login/img/ 10 KB
11 KB 214ms
214ms Image
image/png 31.41.44.127
ASRELINK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wellssecurecnnect.com/auth/login/img/logo.png
Requested by: Host: wellssecurecnnect.com
URL: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.44.127 , Russian Federation, ASN56577 (ASRELINK, RU),
Reverse DNS: ugsqkng.example.com
Software: nginx /
Resource Hash: 56aa57d4300e3c380288b8f0e5343314627a9bf841b7edd7e44470e604e72bd3

Request headers

Referer: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 27 Oct 2020 09:54:19 GMT
Last-Modified: Sat, 17 Oct 2020 16:47:29 GMT
Server: nginx
ETag: "2960-5b1e0a302a78a"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10592

GET
H/1.1 200
OK search.png
wellssecurecnnect.com/auth/login/img/ 8 KB
8 KB 425ms
213ms Image
image/png 31.41.44.127
ASRELINK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wellssecurecnnect.com/auth/login/img/search.png
Requested by: Host: wellssecurecnnect.com
URL: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.44.127 , Russian Federation, ASN56577 (ASRELINK, RU),
Reverse DNS: ugsqkng.example.com
Software: nginx /
Resource Hash: 69fdf962ae4f469c936d9a1b6cc9d795233c6b9c990f26fc87b702192dfa7f64

Request headers

Referer: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 27 Oct 2020 09:54:19 GMT
Last-Modified: Sat, 17 Oct 2020 16:47:29 GMT
Server: nginx
ETag: "2040-5b1e0a304ab28"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8256

GET
H/1.1 200
OK front.svg
wellssecurecnnect.com/auth/login/img/ 226 KB
165 KB 726ms
346ms Image
image/svg+xml 31.41.44.127
ASRELINK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wellssecurecnnect.com/auth/login/img/front.svg
Requested by: Host: wellssecurecnnect.com
URL: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.44.127 , Russian Federation, ASN56577 (ASRELINK, RU),
Reverse DNS: ugsqkng.example.com
Software: nginx /
Resource Hash: 9843ab395fb4cf414353b03927156a9d38c3cc3157469afd9ee97f2058445e39

Request headers

Referer: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 27 Oct 2020 09:54:20 GMT
Content-Encoding: gzip
Last-Modified: Sat, 17 Oct 2020 16:47:29 GMT
Server: nginx
ETag: W/"389b9-5b1e0a301a5bb"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK enter.png
wellssecurecnnect.com/auth/login/img/ 19 KB
20 KB 696ms
316ms Image
image/png 31.41.44.127
ASRELINK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wellssecurecnnect.com/auth/login/img/enter.png
Requested by: Host: wellssecurecnnect.com
URL: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.44.127 , Russian Federation, ASN56577 (ASRELINK, RU),
Reverse DNS: ugsqkng.example.com
Software: nginx /
Resource Hash: 6f9f94b0f754bc4536cc22ecd9b763e692c5faaa5410e0dc1e61d9ba8aaf3516

Request headers

Referer: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 27 Oct 2020 09:54:20 GMT
Last-Modified: Sat, 17 Oct 2020 16:47:29 GMT
Server: nginx
ETag: "4dab-5b1e0a2ffa21e"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19883

GET
H/1.1 200
OK right.png
wellssecurecnnect.com/auth/login/img/ 47 KB
48 KB 406ms
312ms Image
image/png 31.41.44.127
ASRELINK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wellssecurecnnect.com/auth/login/img/right.png
Requested by: Host: wellssecurecnnect.com
URL: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.44.127 , Russian Federation, ASN56577 (ASRELINK, RU),
Reverse DNS: ugsqkng.example.com
Software: nginx /
Resource Hash: 0b9367824f8c2541162774760de85fece2a68df92fb839f579cca4a39a1ad65e

Request headers

Referer: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 27 Oct 2020 09:54:19 GMT
Last-Modified: Sat, 17 Oct 2020 16:47:29 GMT
Server: nginx
ETag: "bd20-5b1e0a303b129"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 48416

GET
H/1.1 200
OK copyright.png
wellssecurecnnect.com/auth/login/img/ 15 KB
15 KB 399ms
306ms Image
image/png 31.41.44.127
ASRELINK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wellssecurecnnect.com/auth/login/img/copyright.png
Requested by: Host: wellssecurecnnect.com
URL: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.44.127 , Russian Federation, ASN56577 (ASRELINK, RU),
Reverse DNS: ugsqkng.example.com
Software: nginx /
Resource Hash: 5cf3b1114212c74e3ee82dbfb9bfa26b67e4ce29e9788876a9ba50fdc01d329a

Request headers

Referer: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 27 Oct 2020 09:54:19 GMT
Last-Modified: Sat, 17 Oct 2020 16:47:28 GMT
Server: nginx
ETag: "3b09-5b1e0a2fe987f"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15113

GET
H2 200 jquery-3.2.1.slim.min.js Show response
code.jquery.com/ 68 KB
24 KB 25ms
9ms Script
application/javascript 2001:4de0:ac19::1:b:2b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.slim.min.js
Requested by: Host: wellssecurecnnect.com
URL: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

Request headers

Origin: https://wellssecurecnnect.com
Referer: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 09:54:11 GMT
content-encoding: gzip
last-modified: Mon, 20 Mar 2017 19:01:15 GMT
server: nginx
status: 200
etag: W/"58d026fb-10fdd"
vary: Accept-Encoding
x-hw: 1603792451.dop140.fr8.t,1603792451.cds211.fr8.hc,1603792451.cds257.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 23856

GET
H/1.1 404
Not Found popper.min.js
wellssecurecnnect.com/assets/js/vendor/ 0
0 380ms
201ms Script
text/html 31.41.44.127
ASRELINK

General

Check archive.org

Show headers Download Go to

Full URL: https://wellssecurecnnect.com/assets/js/vendor/popper.min.js
Requested by: Host: wellssecurecnnect.com
URL: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.44.127 , Russian Federation, ASN56577 (ASRELINK, RU),
Reverse DNS: ugsqkng.example.com
Software: nginx /
Resource Hash

Request headers

Referer: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 27 Oct 2020 09:54:19 GMT
Server: nginx
Connection: keep-alive
Content-Length: 228
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found bootstrap.min.js
wellssecurecnnect.com/dist/js/ 0
0 379ms
198ms Script
text/html 31.41.44.127
ASRELINK

General

Check archive.org

Show headers Download Go to

Full URL: https://wellssecurecnnect.com/dist/js/bootstrap.min.js
Requested by: Host: wellssecurecnnect.com
URL: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.44.127 , Russian Federation, ASN56577 (ASRELINK, RU),
Reverse DNS: ugsqkng.example.com
Software: nginx /
Resource Hash

Request headers

Referer: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 27 Oct 2020 09:54:19 GMT
Server: nginx
Connection: keep-alive
Content-Length: 222
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK wellsfargosans-sbd.woff2
wellssecurecnnect.com/auth/login/fonts/ 22 KB
22 KB 430ms
316ms Font
application/octet-stream 31.41.44.127
ASRELINK

General

Check archive.org

Show headers Download Go to

Full URL: https://wellssecurecnnect.com/auth/login/fonts/wellsfargosans-sbd.woff2
Requested by: Host: wellssecurecnnect.com
URL: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.44.127 , Russian Federation, ASN56577 (ASRELINK, RU),
Reverse DNS: ugsqkng.example.com
Software: nginx /
Resource Hash: ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba

Request headers

Origin: https://wellssecurecnnect.com
Referer: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 27 Oct 2020 09:54:19 GMT
Last-Modified: Sat, 17 Oct 2020 16:49:07 GMT
Server: nginx
Connection: keep-alive
Accept-Ranges: bytes
ETag: "5848-5b1e0a8d9fd96"
Content-Length: 22600

GET
H/1.1 404
Not Found bootstrap.min.js
wellssecurecnnect.com/dist/js/ 0
0 247ms
202ms Script
text/html 31.41.44.127
ASRELINK

General

Check archive.org

Show headers Download Go to

Full URL: https://wellssecurecnnect.com/dist/js/bootstrap.min.js
Requested by: Host: wellssecurecnnect.com
URL: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.44.127 , Russian Federation, ASN56577 (ASRELINK, RU),
Reverse DNS: ugsqkng.example.com
Software: nginx /
Resource Hash

Request headers

Referer: https://wellssecurecnnect.com/auth/login/present?origin=cob&error=yes&LOB=CONS&destination=brokerage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 27 Oct 2020 09:54:20 GMT
Server: nginx
Connection: keep-alive
Content-Length: 222
Content-Type: text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

appod.live
bit.ly
code.jquery.com
getbootstrap.com
wellssecurecnnect.com
185.120.57.202
2001:4de0:ac19::1:b:2b
2606:4700:10::ac43:1e94
31.41.44.127
67.199.248.11
0b9367824f8c2541162774760de85fece2a68df92fb839f579cca4a39a1ad65e
0d29a42952f4540a7ffccbe00a3a7b80854adff91dad9bc621f2fc39f22e3406
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
3cdbb7c670d62ff63af59c53b00804439e66908dc49fdd60318b287897200424
56aa57d4300e3c380288b8f0e5343314627a9bf841b7edd7e44470e604e72bd3
5cf3b1114212c74e3ee82dbfb9bfa26b67e4ce29e9788876a9ba50fdc01d329a
69fdf962ae4f469c936d9a1b6cc9d795233c6b9c990f26fc87b702192dfa7f64
6f9f94b0f754bc4536cc22ecd9b763e692c5faaa5410e0dc1e61d9ba8aaf3516
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
9843ab395fb4cf414353b03927156a9d38c3cc3157469afd9ee97f2058445e39
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba

wellssecurecnnect.com Open in urlscan Pro 31.41.44.127 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

40 %IPv6

5 Domains

5 Subdomains

4 IPs

3 Countries

334 kBTransfer

567 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

wellssecurecnnect.com Open in urlscan Pro
31.41.44.127 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

334 kB
Transfer

567 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!