urlscan.io logo urlscan.io
SecurityTrails logo

connectwellsfrgo.click Open in urlscan Pro
188.114.97.3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://wellsauth-6712.dnsalias.com/
Effective URL: https://connectwellsfrgo.click/?wells
Submission Tags: @ecarlesi possiblethreat phishing Search All
Submission: On December 09 via api from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is connectwellsfrgo.click.
TLS certificate: Issued by E1 on December 8th 2023. Valid for: 3 months.
This is the only time connectwellsfrgo.click was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 172.173.151.226 8075 (MICROSOFT...)
2 7 188.114.97.3 13335 (CLOUDFLAR...)
8 3
Apex Domain
Subdomains		 Transfer
7 connectwellsfrgo.click
connectwellsfrgo.click
29 KB
1 dnsalias.com
wellsauth-6712.dnsalias.com
3 KB
8 2
Domain Requested by
7 connectwellsfrgo.click 2 redirects wellsauth-6712.dnsalias.com
connectwellsfrgo.click
1 wellsauth-6712.dnsalias.com
8 2

This site contains no links.

Subject Issuer Validity Valid
connectwellsfrgo.click
E1		 2023-12-08 -
2024-03-07		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://connectwellsfrgo.click/?wells
Frame ID: 89C8C2936D3539C1AB647CF5FFD19A85
Requests: 4 HTTP requests in this frame

Frame: https://connectwellsfrgo.click/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Frame ID: 23AA35A939B3501AD8ED6DC5C704A2A0
Requests: 2 HTTP requests in this frame

Frame: https://connectwellsfrgo.click/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Frame ID: E008E46C64DAD7AC687F73DCC30AACCB
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

403 Forbidden

Page URL History Show full URLs

  1. http://wellsauth-6712.dnsalias.com/ Page URL
  2. https://connectwellsfrgo.click/?wells Page URL
  3. https://connectwellsfrgo.click/?wells Page URL

Page Statistics

8
Requests

38 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

32 kB
Transfer

38 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://wellsauth-6712.dnsalias.com/ Page URL
  2. https://connectwellsfrgo.click/?wells Page URL
  3. https://connectwellsfrgo.click/?wells Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://connectwellsfrgo.click/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://connectwellsfrgo.click/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Request Chain 5
  • https://connectwellsfrgo.click/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://connectwellsfrgo.click/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
wellsauth-6712.dnsalias.com/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://wellsauth-6712.dnsalias.com/
Protocol
HTTP/1.1
Server
172.173.151.226 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Length
2926
Content-Type
text/html
Date
Sat, 09 Dec 2023 18:51:50 GMT
Keep-Alive
timeout=5, max=100
Last-Modified
Sat, 09 Dec 2023 16:34:25 GMT
Server
Apache
/
connectwellsfrgo.click/ 		19 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://connectwellsfrgo.click/?wells
Requested by
Host: wellsauth-6712.dnsalias.com
URL: http://wellsauth-6712.dnsalias.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f657835674047a41102eeac4a8022053fe1f443fcb1e62f53941910e3bc8a738
Security Headers
Name Value
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Referer
http://wellsauth-6712.dnsalias.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status
DYNAMIC
cf-ray
832f7122cd3dbafd-MXP
content-type
text/html; charset=utf-8
date
Sat, 09 Dec 2023 18:51:52 GMT
expires
0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eIUoiaq3RZkx4KK6iMYbG9NKdsf27RgLZYJKNKJ%2BdglaY3dJ7x9834b0M5vEhzY%2B9wQyBwDRi0wqhOJKPws0sK8AtriqrHzlENPe7iseGDFywchjRiyuPAcSdJHAnLq2s%2F2a9zsrWjjh"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-content-type-options
nosniff nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block 1; mode=block
/
connectwellsfrgo.click/ 		0
714 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connectwellsfrgo.click/?wells
Requested by
Host: wellsauth-6712.dnsalias.com
URL: http://wellsauth-6712.dnsalias.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

X-Requested-TimeStamp-Expire
accept-language
it-IT,it;q=0.9
VXnD-18iJYq1rWdhyVrfO5yvClo
4II2ZieRccDrPi-IsFW-aQOZYQ
X-Requested-TimeStamp-Combination
X-Requested-Type-Combination
GET
Content-type
application/x-www-form-urlencoded
X-Requested-Type
GET
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Referer
https://connectwellsfrgo.click/?wells
X-Requested-with
XMLHttpRequest
X-Requested-TimeStamp
ZD5aeAK4uEQ3JJKhiIErnvm6vnE
28353231

Response headers

pragma
no-cache
date
Sat, 09 Dec 2023 18:51:54 GMT
x-server-powered-by
Engintron
x-content-type-options
nosniff, nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZkQ1ELeyPNnI8FcCQC%2FRIH2pwR2W6uhk2GgyqdRmy3f5EZIifJ77V69F5G%2F53Bq4zsj9gUp1IoJHDO86j7ptkOqsYiM5QeiOn49x2xL4NhZ5wxGxW3ikWtaw9cpe96tODvag%2Fz7iLCEh"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
832f71329fc8bafd-MXP
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block, 1; mode=block
expires
0
main.js
connectwellsfrgo.click/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/ Frame 23AA
Redirect Chain
  • https://connectwellsfrgo.click/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://connectwellsfrgo.click/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connectwellsfrgo.click/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Protocol
H2
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Sat, 09 Dec 2023 18:51:55 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rILv%2BnQP9oYq22gUWRhsAR4PvyzLi17aet5Mrhd0natyXwmUyWcTaZ5ERDXBSzaXPwdzgClWbYjnLCTtvJH1FbLjDaztX5iqO1OcSdv52iIrxZA5gnv%2FWONMl2%2B6LkAbMK%2FeuUKCu9rJ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
832f7135edfdbafd-MXP
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Sat, 09 Dec 2023 18:51:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UOkTK87KRR8pQWc2ZsIoM3IeYwU6d2Q2YvB%2Bma%2BacPpCrsT2dVEaUUZbf4%2FQhcd8wGmXD%2F0Lq7sV6g9iWo9jR9YBRuionyA%2BiXMNNwvcMsBgRrYonMqIrD6J8a7Mrd1CT1XvvLd9Mpxh"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
cache-control
max-age=300, public
cf-ray
832f7132a80ebafd-MXP
alt-svc
h3=":443"; ma=86400
Primary Request /
connectwellsfrgo.click/ 		2 KB
940 B 		Document
General
Check archive.org
Download Go to
Full URL
https://connectwellsfrgo.click/?wells
Requested by
Host: wellsauth-6712.dnsalias.com
URL: http://wellsauth-6712.dnsalias.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3b14bf055d84f149e01f5d3d28eba36803283f79bdf3f7de92c99655e6c93b3
Security Headers
Name Value
X-Content-Type-Options nosniff nosniff
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Referer
https://connectwellsfrgo.click/?wells
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
832f71360e3bbafd-MXP
content-encoding
br
content-type
text/html
date
Sat, 09 Dec 2023 18:51:55 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WVe%2FS5ZrPr%2F2AJDt%2FEvfy3k8FjXtjgjzmKU2Ipq1Kia8zANYn%2F0%2F%2BTXpBXXk5L2Iyoavh1lqUTVU%2F8OwsptLM%2BRIBID0scaERrYT5S9aJqjqPARH3jY9WXZaAN8R5Zbq5WOw61KIFn97"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff nosniff
x-xss-protection
1; mode=block 1; mode=block
832f7122cd3dbafd
connectwellsfrgo.click/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 23AA 		0
0
main.js
connectwellsfrgo.click/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/ Frame E008
Redirect Chain
  • https://connectwellsfrgo.click/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://connectwellsfrgo.click/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connectwellsfrgo.click/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Protocol
H2
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
307f56dce82042ca8171334e5dc3293fcb3bf4190037e9594290a0fcb68e58fb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Sat, 09 Dec 2023 18:51:57 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nuMV6SRI%2Fb7KV8oliFX8u3qPMMerP2bp0zl4JC%2FCOTGwM%2BqkjrfAH%2FGj0TbX5zQQkaIRFlqk%2FklL%2B00uBh%2BA9CJ49cq5JG6MRTyyUMQh19rrGuSBm8321IeEfyREurShYzllOwIr5iDU"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
832f71415c19bafd-MXP
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Sat, 09 Dec 2023 18:51:55 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S8u4CyyTBJC0QRxUQ%2Bw2wd%2F2YtQJI709Qck0JxSqeWyJzazOym%2B1OW6G%2BY%2F%2BhZM1mlrRHSP9rLdE0MMtxBUv7GBgiYlZJLez4a76w7W7XKikSMgBf0HdrFAu5SMx6XjFHVF1vJU89Ube"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
cache-control
max-age=300, public
cf-ray
832f7139cdeabafd-MXP
alt-svc
h3=":443"; ma=86400
832f71360e3bbafd
connectwellsfrgo.click/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame E008 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
connectwellsfrgo.click
URL
https://connectwellsfrgo.click/cdn-cgi/challenge-platform/h/b/jsd/r/832f7122cd3dbafd
Domain
connectwellsfrgo.click
URL
https://connectwellsfrgo.click/cdn-cgi/challenge-platform/h/b/jsd/r/832f71360e3bbafd

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture

10 Cookies

Domain/Path Name / Value
connectwellsfrgo.click/ Name: WvRChtbbSDf2MCXv1Fh7XlDzJKk
Value: 3BFKN-IECYCX9e8QjefgdaWGjQU
connectwellsfrgo.click/ Name: 5u5Y73PNB23nvbnJ3o6InPDrPSU
Value: 1702147850
connectwellsfrgo.click/ Name: DxcD5FEdCldko6cUSotyJ6zzAnY
Value: 1702234250
connectwellsfrgo.click/ Name: qiaxTRUXERu-yaZX7Edh6G8OmG4
Value: _fbxDS3cT3geVbQ18P_3o8pr1R4
connectwellsfrgo.click/ Name: 9m46aOctA33M3BerfLyMR9PG1Kw
Value: F_8461_UhuM1LpJ8PKmQasDwT20
connectwellsfrgo.click/ Name: gHeSeMPjMj5h6ONx9h-mkxRhUn0
Value: BfItWtDbzRMqyAsZTvq23Oc5Yjw
connectwellsfrgo.click/ Name: OG-_mZBJjCciLNcu2xzLZkDvHF0
Value: 1702147914
connectwellsfrgo.click/ Name: 3fHC33Ee--svA3NLGaOsA01SE6I
Value: 1702234314
connectwellsfrgo.click/ Name: ADke-BK62X1bQwoFMFFEYf6Jag4
Value: 6BVmzAo91TNasfHJ48BJBUvYk54
connectwellsfrgo.click/ Name: EbDmgJaBrsBb_xwKDHRVjT3x6j0
Value: aS4eq7gwBhOLEZlUTn7xOAxhKVc

2 Console Messages

Source Level URL
Text
network error URL: https://connectwellsfrgo.click/?wells
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://connectwellsfrgo.click/?wells
Message:
Failed to load resource: the server responded with a status of 403 ()