URL: http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Submission: On October 27 via automatic, source openphish

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 14 HTTP transactions. The main IP is 108.167.168.86, located in Houston, United States and belongs to CYRUSONE - CyrusOne LLC, US. The main domain is injeteck.com.br.
This is the only time injeteck.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

IP Address AS Autonomous System
2 108.167.168.86 20013 (CYRUSONE)
10 159.45.66.156 4196 (WELLSFARG...)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
14 5
Domain Requested by
10 connect.secure.wellsfargo.com injeteck.com.br
connect.secure.wellsfargo.com
2 www.google-analytics.com 1 redirects injeteck.com.br
2 injeteck.com.br injeteck.com.br
1 stats.g.doubleclick.net injeteck.com.br
14 4

This site contains links to these domains. Also see Links.

Domain
www.wellsfargo.com
Subject Issuer Validity Valid
connect.secure.wellsfargo.com
Symantec Class 3 Secure Server CA - G4
2016-10-13 -
2018-10-13
2 years crt.sh
*.google-analytics.com
Google Internet Authority G3
2017-10-17 -
2018-01-09
3 months crt.sh
*.g.doubleclick.net
Google Internet Authority G3
2017-10-17 -
2018-01-09
3 months crt.sh

This page contains 1 frames:

Primary Page: http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Frame ID: 5472.1
Requests: 16 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i

Page Statistics

14
Requests

86 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

136 kB
Transfer

355 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • http://www.google-analytics.com/ga.js HTTP 307
  • https://www.google-analytics.com/ga.js
Request Chain 14
  • http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.0&utms=1&utmn=1516551863&utmhn=injeteck.com.br&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Wells%20Fargo%C2%A0Sign%20On%20to%20View%20Your%20Accounts&utmhid=662292413&utmr=-&utmp=%2Fwellsvfargo%2Fusersreactivation%2Faccountofficerandmanagement%2Fsocket%2Flines%2Findex2.php&utmht=1509098018116&utmac=UA-84156312-1&utmcc=__utma%3D107320666.147942959.1509098018.1509098018.1509098018.1%3B%2B__utmz%3D107320666.1509098018.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=618582787&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 307
  • https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.0&utms=1&utmn=1516551863&utmhn=injeteck.com.br&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Wells%20Fargo%C2%A0Sign%20On%20to%20View%20Your%20Accounts&utmhid=662292413&utmr=-&utmp=%2Fwellsvfargo%2Fusersreactivation%2Faccountofficerandmanagement%2Fsocket%2Flines%2Findex2.php&utmht=1509098018116&utmac=UA-84156312-1&utmcc=__utma%3D107320666.147942959.1509098018.1509098018.1509098018.1%3B%2B__utmz%3D107320666.1509098018.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=618582787&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-84156312-1&cid=147942959.1509098018&jid=618582787&_v=5.7.0&z=1516551863

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index2.php
injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/
11 KB
4 KB
Document
General
Full URL
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Protocol
HTTP/1.1
Server
108.167.168.86 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
2336b0d676c6d8a65da4983f4da000128c11d897714ee57d4bba70e80a55bc94

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
injeteck.com.br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Connection
keep-alive
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date
Fri, 27 Oct 2017 09:53:37 GMT
Content-Encoding
gzip
Server
nginx/1.12.2
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html
signon_clean.min.css
connect.secure.wellsfargo.com/auth/static/wfa/css/
7 KB
2 KB
Stylesheet
General
Full URL
https://connect.secure.wellsfargo.com/auth/static/wfa/css/signon_clean.min.css?v=F0C8CBAA07
Requested by
Host: injeteck.com.br
URL: http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.66.156 San Francisco, United States, ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
2371d8b4605182fe88a2b4d762abda7cbb8bc23675ef4e9261a786bb1d8a06a4
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
connect.secure.wellsfargo.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date
Fri, 27 Oct 2017 09:53:37 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-modified
Thu, 17 Aug 2017 19:15:21 GMT
Server
KONICHIWA/1.1
Etag
W/"1db3-5995eb49"
X-frame-options
SAMEORIGIN
Content-type
text/css
Connection
Keep-Alive
Content-length
2185
login-userprefs.min.js
connect.secure.wellsfargo.com/auth/static/prefs/
144 KB
32 KB
Script
General
Full URL
https://connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
Requested by
Host: injeteck.com.br
URL: http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.66.156 San Francisco, United States, ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
8d195124c3db6b1912b2d6b0cb23baa60b7e9d01e4b87bb9b2efecd4cb85385c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
connect.secure.wellsfargo.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept
*/*
Referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date
Fri, 27 Oct 2017 09:53:37 GMT
Content-Encoding
gzip
Last-modified
Thu, 17 Aug 2017 19:15:20 GMT
Server
KONICHIWA/1.1
X-frame-options
SAMEORIGIN
Etag
W/"e4a-5995eb48"
Vary
Accept-Encoding
Content-Type
application/x-javascript; charset=UTF-8
Cache-control
max-age=1800
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Fri, 27 Oct 2017 10:23:37 GMT
google_analytics_auto.js
injeteck.com.br/
430 B
306 B
Script
General
Full URL
http://injeteck.com.br/google_analytics_auto.js
Requested by
Host: injeteck.com.br
URL: http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Protocol
HTTP/1.1
Server
108.167.168.86 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
8b7cafedb16608f4fc31cafd8ed3c7e6c97c0a0e530540dbbc266fc5f3db57d5

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
injeteck.com.br
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept
*/*
Referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date
Fri, 27 Oct 2017 09:53:37 GMT
Content-Encoding
gzip
Last-Modified
Tue, 13 Sep 2016 21:48:10 GMT
Server
nginx/1.12.2
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
application/javascript
jquery.js
connect.secure.wellsfargo.com/auth/static/scripts/
99 KB
39 KB
Script
General
Full URL
https://connect.secure.wellsfargo.com/auth/static/scripts/jquery.js?v=F0C8CBAA07
Requested by
Host: injeteck.com.br
URL: http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.66.156 San Francisco, United States, ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
0c646ba9e7fd0c3be4aa6992a032d438940c22373d15c3e386cbbb6a6f1d7002
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
connect.secure.wellsfargo.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept
*/*
Referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date
Fri, 27 Oct 2017 09:53:37 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-modified
Thu, 17 Aug 2017 19:15:20 GMT
Server
KONICHIWA/1.1
Etag
W/"18c2e-5995eb48"
X-frame-options
SAMEORIGIN
Content-type
application/x-javascript
Connection
Keep-Alive
Content-length
39785
popover.js
connect.secure.wellsfargo.com/auth/static/scripts/
769 B
769 B
Script
General
Full URL
https://connect.secure.wellsfargo.com/auth/static/scripts/popover.js?v=F0C8CBAA07
Requested by
Host: injeteck.com.br
URL: http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.66.156 San Francisco, United States, ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
57e7fe6c51b03564f8b28e2c9cc0b9bd88ab7e73245fd4d4723dfc2fbdf60b0a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
connect.secure.wellsfargo.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept
*/*
Referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date
Fri, 27 Oct 2017 09:53:37 GMT
Last-modified
Thu, 17 Aug 2017 19:15:20 GMT
Server
KONICHIWA/1.1
Etag
W/"301-5995eb48"
Content-length
769
X-frame-options
SAMEORIGIN
Content-type
application/x-javascript
conutils-6.2.2.js
connect.secure.wellsfargo.com/auth/static/scripts/
10 KB
4 KB
Script
General
Full URL
https://connect.secure.wellsfargo.com/auth/static/scripts/conutils-6.2.2.js
Requested by
Host: connect.secure.wellsfargo.com
URL: https://connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.66.156 San Francisco, United States, ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
198506f95f9c0cf3a670f82ea63f9a560bd6ff9a17c153ad4ac5d8777e0fda21
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
connect.secure.wellsfargo.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Accept
*/*
Referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 27 Oct 2017 09:53:37 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-modified
Thu, 17 Aug 2017 19:15:20 GMT
Server
KONICHIWA/1.1
Etag
W/"26dc-5995eb48"
X-frame-options
SAMEORIGIN
Content-type
application/x-javascript
Connection
Keep-Alive
Content-length
4109
atadun.js
connect.secure.wellsfargo.com/auth/static/prefs/
1 KB
543 B
Script
General
Full URL
https://connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
Requested by
Host: connect.secure.wellsfargo.com
URL: https://connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.66.156 San Francisco, United States, ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
5fb7b85658a6e615400e0f1f3e16fc869bbd099b3c3c181c294c05d1d7d1cfe5
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
connect.secure.wellsfargo.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Accept
*/*
Referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 27 Oct 2017 09:53:37 GMT
Content-Encoding
gzip
Last-modified
Thu, 17 Aug 2017 19:15:20 GMT
Server
KONICHIWA/1.1
X-frame-options
SAMEORIGIN
Etag
W/"42b-5995eb48"
Vary
Accept-Encoding
Content-type
application/x-javascript
Cache-control
max-age=1800
Connection
Keep-Alive
Content-length
543
Expires
Fri, 27 Oct 2017 10:23:37 GMT
nd
connect.secure.wellsfargo.com/jenny/
37 KB
37 KB
Script
General
Full URL
https://connect.secure.wellsfargo.com/jenny/nd
Requested by
Host: connect.secure.wellsfargo.com
URL: https://connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.66.156 San Francisco, United States, ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
ff6ad619b290242fa4ccf79726b3802c1b8d4be4f3b363c7847bf48a1dc60933
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
connect.secure.wellsfargo.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept
*/*
Referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date
Fri, 27 Oct 2017 09:53:38 GMT
Content-type
application/javascript;charset=ISO-8859-1
Server
KONICHIWA/1.1
X-frame-options
SAMEORIGIN
X-xss-protection
1; mode=block
Transfer-encoding
chunked
X-ua-compatible
IE=edge
ga.js
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/ga.js
  • https://www.google-analytics.com/ga.js
44 KB
16 KB
Script
General
Full URL
https://www.google-analytics.com/ga.js
Requested by
Host: injeteck.com.br
URL: http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
Golfe2 /
Resource Hash
c8e3699362d1d2ffc0c97b36e93b1e793034ca7b98896ca2260c2c1dcd973d59
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

:path
/ga.js
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.google-analytics.com
referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
:scheme
https
:method
GET
Referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 28 Sep 2017 22:31:34 GMT
server
Golfe2
age
3217
date
Fri, 27 Oct 2017 09:00:01 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length
16615
expires
Fri, 27 Oct 2017 11:00:01 GMT

Redirect headers

Location
https://www.google-analytics.com/ga.js
Non-Authoritative-Reason
HSTS
truncated
/
37 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
truncated
/
616 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ebf4a535fa6a88962621940e780ca0cd6707b6cdaed59f469f0aeada311d09d1

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
new_search_corner.gif
connect.secure.wellsfargo.com/auth/static/wfa/css/images/
49 B
49 B
Image
General
Full URL
https://connect.secure.wellsfargo.com/auth/static/wfa/css/images/new_search_corner.gif
Requested by
Host: injeteck.com.br
URL: http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.66.156 San Francisco, United States, ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
1e776523ad4b7aabbafe543437026068fa33850abd9fdc8c482c22b9357f5ba2
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
connect.secure.wellsfargo.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://connect.secure.wellsfargo.com/auth/static/wfa/css/signon_clean.min.css?v=F0C8CBAA07
Connection
keep-alive
Cache-Control
no-cache
Referer
https://connect.secure.wellsfargo.com/auth/static/wfa/css/signon_clean.min.css?v=F0C8CBAA07
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date
Fri, 27 Oct 2017 09:53:38 GMT
Last-modified
Thu, 17 Aug 2017 19:15:20 GMT
Server
KONICHIWA/1.1
Etag
"31-5995eb48"
X-frame-options
SAMEORIGIN
Content-type
image/gif
Accept-ranges
bytes
Content-length
49
btn_blueslice.gif
connect.secure.wellsfargo.com/auth/static/wfa/css/images/
152 B
152 B
Image
General
Full URL
https://connect.secure.wellsfargo.com/auth/static/wfa/css/images/btn_blueslice.gif
Requested by
Host: injeteck.com.br
URL: http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.66.156 San Francisco, United States, ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
dd77bede93256e88a4f6b6b05bca756126011650ce56a2a5e7ea6ecf44941fe2
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
connect.secure.wellsfargo.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://connect.secure.wellsfargo.com/auth/static/wfa/css/signon_clean.min.css?v=F0C8CBAA07
Connection
keep-alive
Cache-Control
no-cache
Referer
https://connect.secure.wellsfargo.com/auth/static/wfa/css/signon_clean.min.css?v=F0C8CBAA07
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date
Fri, 27 Oct 2017 09:53:38 GMT
Last-modified
Thu, 17 Aug 2017 19:15:20 GMT
Server
KONICHIWA/1.1
Etag
"98-5995eb48"
X-frame-options
SAMEORIGIN
Content-type
image/gif
Accept-ranges
bytes
Content-length
152
left_nav_dot.gif
connect.secure.wellsfargo.com/auth/static/wfa/css/images/
43 B
43 B
Image
General
Full URL
https://connect.secure.wellsfargo.com/auth/static/wfa/css/images/left_nav_dot.gif
Requested by
Host: injeteck.com.br
URL: http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.66.156 San Francisco, United States, ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
04ebbc8b6a0071e1d78440d674dad23569fd0f33217cfb13c57fe0cf07b14547
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
connect.secure.wellsfargo.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://connect.secure.wellsfargo.com/auth/static/wfa/css/signon_clean.min.css?v=F0C8CBAA07
Connection
keep-alive
Cache-Control
no-cache
Referer
https://connect.secure.wellsfargo.com/auth/static/wfa/css/signon_clean.min.css?v=F0C8CBAA07
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date
Fri, 27 Oct 2017 09:53:38 GMT
Last-modified
Thu, 17 Aug 2017 19:15:20 GMT
Server
KONICHIWA/1.1
Etag
"2b-5995eb48"
X-frame-options
SAMEORIGIN
Content-type
image/gif
Accept-ranges
bytes
Content-length
43
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.0&utms=1&utmn=1516551863&utmhn=injeteck.com.br&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Wells...
  • https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.0&utms=1&utmn=1516551863&utmhn=injeteck.com.br&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Well...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-84156312-1&cid=147942959.1509098018&jid=618582787&_v=5.7.0&z=1516551863
35 B
53 B
Image
General
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-84156312-1&cid=147942959.1509098018&jid=618582787&_v=5.7.0&z=1516551863
Requested by
Host: injeteck.com.br
URL: http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:400c:c04::9c , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

:path
/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-84156312-1&cid=147942959.1509098018&jid=618582787&_v=5.7.0&z=1516551863
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
stats.g.doubleclick.net
referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
:scheme
https
:method
GET
Referer
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 27 Oct 2017 09:53:38 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 27 Oct 2017 09:53:38 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-84156312-1&cid=147942959.1509098018&jid=618582787&_v=5.7.0&z=1516551863
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length
369
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Domain/Path Name / Value
.injeteck.com.br/ Name: __utmz
Value: 107320666.1509098018.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
.injeteck.com.br/ Name: __utmc
Value: 107320666
.injeteck.com.br/ Name: __utmb
Value: 107320666.1.10.1509098018
.injeteck.com.br/ Name: __utma
Value: 107320666.147942959.1509098018.1509098018.1509098018.1
.injeteck.com.br/ Name: __utmt
Value: 1