www.farhangnoma.tj
Open in
urlscan Pro
81.177.141.243
Malicious Activity!
Public Scan
Effective URL: http://www.farhangnoma.tj/ru/misc/lu/wells/
Submission: On October 18 via manual from IN
Summary
This is the only time www.farhangnoma.tj was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 107.180.48.175 107.180.48.175 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
23 | 81.177.141.243 81.177.141.243 | 8342 (RTCOMM-AS) (RTCOMM-AS) | |
3 | 159.45.2.178 159.45.2.178 | 10837 (WELLSFARG...) (WELLSFARGO-10837 - Wells Fargo & Company) | |
1 | 54.239.168.159 54.239.168.159 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
28 | 5 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-107-180-48-175.ip.secureserver.net
probestudy.org |
ASN8342 (RTCOMM-AS, RU)
PTR: srv135-h-st.jino.ru
www.farhangnoma.tj |
ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US)
static.wellsfargo.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-239-168-159.fra50.r.cloudfront.net
gateway.foresee.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
23 |
farhangnoma.tj
www.farhangnoma.tj |
496 KB |
3 |
wellsfargo.com
static.wellsfargo.com |
70 KB |
1 |
foresee.com
gateway.foresee.com |
10 KB |
1 |
probestudy.org
probestudy.org |
690 B |
28 | 4 |
Domain | Requested by | |
---|---|---|
23 | www.farhangnoma.tj |
www.farhangnoma.tj
|
3 | static.wellsfargo.com |
www.farhangnoma.tj
|
1 | gateway.foresee.com |
www.farhangnoma.tj
|
1 | probestudy.org | |
28 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
connect.secure.wellsfargo.com |
www.wellsfargo.com |
oam.wellsfargo.com |
icomplete.wellsfargo.com |
www.wellsfargorewards.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
static.wellsfargo.com DigiCert Global CA G2 |
2019-02-07 - 2021-02-07 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://www.farhangnoma.tj/ru/misc/lu/wells/
Frame ID: 1EC18DF246FD5C1CB23327DB8A0DE214
Requests: 35 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://probestudy.org/PROBE/themes/bootstrap/js/jjs/ Page URL
- http://www.farhangnoma.tj/ru/misc/lu/wells/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
19 Outgoing links
These are links going to different origins than the main page.
Title: main content default
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Apply
Search URL Search Domain Scan URL
Title: Locations
Search URL Search Domain Scan URL
Title: Customer Service
Search URL Search Domain Scan URL
Title: Back to Previous Page
Search URL Search Domain Scan URL
Title: EspaƱol
Search URL Search Domain Scan URL
Title: Forgot Password/Username?
Search URL Search Domain Scan URL
Title: Enroll Now
Search URL Search Domain Scan URL
Title: Enrollment FAQs
Search URL Search Domain Scan URL
Title: Online Security Guarantee
Search URL Search Domain Scan URL
Title: Privacy, Security and Legal
Search URL Search Domain Scan URL
Title: Online Access Agreement
Search URL Search Domain Scan URL
Title: Applications In Progress
Search URL Search Domain Scan URL
Title: Credit Card Rewards
Search URL Search Domain Scan URL
Title: About Wells Fargo
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: Report Email Fraud
Search URL Search Domain Scan URL
Title: Sitemap
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://probestudy.org/PROBE/themes/bootstrap/js/jjs/ Page URL
- http://www.farhangnoma.tj/ru/misc/lu/wells/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
probestudy.org/PROBE/themes/bootstrap/js/jjs/ |
307 B 690 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
www.farhangnoma.tj/ru/misc/lu/wells/ |
52 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gateway.min.js.download
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
34 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nd
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
44 KB 44 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.js.download
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
196 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
global.css
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
20 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
enhanced-header.css
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
content.css
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
1 KB 981 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wf.css
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
199 B 549 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
enhanced-footer.css
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
glu.js.download
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
0 438 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.136.js.download
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
56 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.201.js.download
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.297.js.download
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fs.utils.js.download
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
94 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fs.trigger.js.download
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
32 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WF_stagecoach_rgb_ylw_F1.svg
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
226 KB 227 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-userprefs.min.js.download
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
185 KB 94 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
conutils-6.9.0.js.download
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
23 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
atadun.js.download
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
1023 B 962 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.js
static.wellsfargo.com/tracking/main/ |
252 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
467 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
889 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WellsFargoSans_W_Rg.woff2
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
839 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
conutils-6.9.0.js
www.farhangnoma.tj/auth/static/scripts/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
atadun.js
www.farhangnoma.tj/auth/static/prefs/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WellsFargoSans_W_Rg.woff
www.farhangnoma.tj/ru/misc/lu/wells/index_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fs.utils.js
static.wellsfargo.com/tracking/survey/code/ |
75 KB 26 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
config.json
gateway.foresee.com/sites/wellsfargo/production/ |
80 KB 10 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fs.trigger.js
static.wellsfargo.com/tracking/survey/code/ |
32 KB 11 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)67 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| _acsDefine function| _fsDefine function| _acsRequire function| _fsRequire object| FSR object| FSFB function| _acsNormalizeUrl function| _fsNormalizeUrl function| _fsNormalizeAssetUrl object| antiClickjack string| webId string| ndURI object| utag_data boolean| utag_condload string| new_path object| utag_cfg_ovrd object| userAgentArr undefined| pathname undefined| urlArray undefined| url undefined| sRegExInput object| utag function| utag_pad function| utag_visitor_id string| GoogleAnalyticsObject function| ga string| USERPREFS_PATH string| UPRESOURCE_PATH string| ATADUN_PATH string| loginUrlBase object| scriptParent string| loginUrlBaseNoProtocol object| getUrl string| host string| port undefined| guid function| disableSubmitsCollectUserPrefs function| addLoginFormFieldsAndSubmit function| jsEnabled function| addEvent object| UserPrefsHelper object| collector function| loadUserPrefs function| submitUserPrefs function| getUserPrefsOnPageLoad function| undoSaveUsername function| maskedUsernameChanged function| addScriptElement function| getCookie function| appendHiddenInput function| addCookiesToForm function| generateGuid undefined| brief object| lun3 boolean| isNative object| LoginForm object| Search function| updateCustomSelect function| enrollPrivacySecLinkHandler function| acsReady object| __fsJSONPCBr function| __fsJSONPCB function| fsReady function| __acsReady__ function| __fsReady__0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
gateway.foresee.com
probestudy.org
static.wellsfargo.com
www.farhangnoma.tj
107.180.48.175
159.45.2.178
54.239.168.159
81.177.141.243
05a94c634abf6fcd17a06f3452adfc530812426f8ac0f538fe393d31b7dfb40e
072bd4b516e133cc3bb2a1edf6734c61ff297dfb181eb614e76810c0199aeb2f
0d4e43604c7a7533a151b6acbecbc3bfa3d5bcc4ec9cc61a81d2f40174d694c1
3b73bc401f01f7c43f9df955c6740a1be199762ce466153cdb21b35bb8016d93
3f032a225a56b9de24caefa33e06d09744e9168db01915495eb3e43b8503d99e
4c82ff13f0258f12153244f03f7132944aa2143bdd6d2ee4741f495a09e40813
5145f5faf6c1269bdd974357ed344b9cd5f4e4cea424c14dd302a9c11a206741
52fc497fa35544b338d83797f097a076776e26fa3de1a1d3bf0e336b7ea60bca
5b38f2f8c09ad0b050e4ec97524f3eb95b8c1fa2cf1b5a922eb4172608e4afc1
7cd2b1ab0ed81ddc453b8da5357fcf7b3cbec29cd139059706a7b0bda253af48
824107f93ad7be4117696a4766a1b1b156880a7d0b4b2b636b900046d5e8e3fe
96205749f37d9000d1d06e229392940562cde4f22f3af95400df7ccdf383c819
9843ab395fb4cf414353b03927156a9d38c3cc3157469afd9ee97f2058445e39
a720693a2f5ef22acee80ed657e203495d634e75f6f1cc3fd219dd0f1c292d7c
aa8bfc97707cd6312bd69b35fd2143eb24330fb35aab4bda022f1e2bae55054b
ab78c44d5e86c6f0937d203066ebcadbf50c8d63407564a151bdd03701f40a70
b319b049366dde73690990738ac5af4fb9937d18abac85b01aaff185b5262868
b99dead0deb91299630edd2fdc72855aac3836ea262473d47348e218a7744264
c5fe0539d4c197f45648b2daf044f54565fddc9592b3c7a2a9ab8cc17a73460a
d0388de38e9782ec5f02fb0fee77df108b2c4c5eb69ba0a44c4e2836ba7d9eeb
d38a22066082294d424f40db61eb42114dcf8d84b7ecd87ed460c3b8cf8c8a7f
d6184d2c0807d03c5e419e7ed13aa509ede7b6399fd846bbc41d2a6db0cc4d9e
d8401dffb0fbd458ce8332222f9a1d3431bcba86f9401debf60e7783242d4150
dbe7f42c63a0af4bf5af8b47e41ffba974cc72bf1eebd793807c2ccec0e14a2e
df500743bbedcef7623fdf2ef0c05ca411437c6216674271f4cc8b32f910f96d
e3111193575c3a098e8c477facc680b39acdee1a910f6c8d3763e97dc47b0061
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb0773bab4190baeb667b0079a148b4495acab39ad0b1beeba95d5750afe5eb9
f3667b41bf2b348176c6b1621b8a925a1109be3fb4207a9ef9a4da197dd5cd66
f7899cfdbc342decc4aeb0bae9ada39bfaa8ae3c687fc72119fca2efdf77dff2
f8cb039a63b11f207edf324bbfdabbbfaa2d421729785dca77020490c293185e