injeteck.com.br
Open in
urlscan Pro
108.167.168.86
Malicious Activity!
Public Scan
Submission: On October 27 via automatic, source openphish
Summary
This is the only time injeteck.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 108.167.168.86 108.167.168.86 | 20013 (CYRUSONE) (CYRUSONE - CyrusOne LLC) | |
10 | 159.45.66.156 159.45.66.156 | 4196 (WELLSFARG...) (WELLSFARGO-4196 - Wells Fargo & Company) | |
1 2 | 2a00:1450:400... 2a00:1450:4001:816::200e | 15169 (GOOGLE) (GOOGLE - Google Inc.) | |
1 | 2a00:1450:400... 2a00:1450:400c:c04::9c | 15169 (GOOGLE) (GOOGLE - Google Inc.) | |
14 | 5 |
ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US)
connect.secure.wellsfargo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
wellsfargo.com
connect.secure.wellsfargo.com |
116 KB |
2 |
google-analytics.com
1 redirects
www.google-analytics.com |
16 KB |
2 |
injeteck.com.br
injeteck.com.br |
4 KB |
1 |
doubleclick.net
stats.g.doubleclick.net |
53 B |
14 | 4 |
Domain | Requested by | |
---|---|---|
10 | connect.secure.wellsfargo.com |
injeteck.com.br
connect.secure.wellsfargo.com |
2 | www.google-analytics.com |
1 redirects
injeteck.com.br
|
2 | injeteck.com.br |
injeteck.com.br
|
1 | stats.g.doubleclick.net |
injeteck.com.br
|
14 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.wellsfargo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
connect.secure.wellsfargo.com Symantec Class 3 Secure Server CA - G4 |
2016-10-13 - 2018-10-13 |
2 years | crt.sh |
*.google-analytics.com Google Internet Authority G3 |
2017-10-17 - 2018-01-09 |
3 months | crt.sh |
*.g.doubleclick.net Google Internet Authority G3 |
2017-10-17 - 2018-01-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/index2.php
Frame ID: 5472.1
Requests: 16 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
Page Statistics
14 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Customer Service
Search URL Search Domain Scan URL
Title: Apply
Search URL Search Domain Scan URL
Title: Online Banking Enrollment
Search URL Search Domain Scan URL
Title: Online Security Guarantee
Search URL Search Domain Scan URL
Title: Privacy, Security and Legal
Search URL Search Domain Scan URL
Title: Online Access Agreement
Search URL Search Domain Scan URL
Title: Security Questions Overview
Search URL Search Domain Scan URL
Title: About Wells Fargo
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: Report Email Fraud
Search URL Search Domain Scan URL
Title: Sitemap
Search URL Search Domain Scan URL
Title: Ad Choices
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 8- http://www.google-analytics.com/ga.js HTTP 307
- https://www.google-analytics.com/ga.js
- http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.0&utms=1&utmn=1516551863&utmhn=injeteck.com.br&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Wells%20Fargo%C2%A0Sign%20On%20to%20View%20Your%20Accounts&utmhid=662292413&utmr=-&utmp=%2Fwellsvfargo%2Fusersreactivation%2Faccountofficerandmanagement%2Fsocket%2Flines%2Findex2.php&utmht=1509098018116&utmac=UA-84156312-1&utmcc=__utma%3D107320666.147942959.1509098018.1509098018.1509098018.1%3B%2B__utmz%3D107320666.1509098018.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=618582787&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 307
- https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.0&utms=1&utmn=1516551863&utmhn=injeteck.com.br&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Wells%20Fargo%C2%A0Sign%20On%20to%20View%20Your%20Accounts&utmhid=662292413&utmr=-&utmp=%2Fwellsvfargo%2Fusersreactivation%2Faccountofficerandmanagement%2Fsocket%2Flines%2Findex2.php&utmht=1509098018116&utmac=UA-84156312-1&utmcc=__utma%3D107320666.147942959.1509098018.1509098018.1509098018.1%3B%2B__utmz%3D107320666.1509098018.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=618582787&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-84156312-1&cid=147942959.1509098018&jid=618582787&_v=5.7.0&z=1516551863
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index2.php
injeteck.com.br/wellsvfargo/usersreactivation/accountofficerandmanagement/socket/lines/ |
11 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
signon_clean.min.css
connect.secure.wellsfargo.com/auth/static/wfa/css/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-userprefs.min.js
connect.secure.wellsfargo.com/auth/static/prefs/ |
144 KB 32 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
google_analytics_auto.js
injeteck.com.br/ |
430 B 306 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
connect.secure.wellsfargo.com/auth/static/scripts/ |
99 KB 39 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
popover.js
connect.secure.wellsfargo.com/auth/static/scripts/ |
769 B 769 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
conutils-6.2.2.js
connect.secure.wellsfargo.com/auth/static/scripts/ |
10 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
atadun.js
connect.secure.wellsfargo.com/auth/static/prefs/ |
1 KB 543 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nd
connect.secure.wellsfargo.com/jenny/ |
37 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga.js
www.google-analytics.com/ Redirect Chain
|
44 KB 16 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
37 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
616 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
new_search_corner.gif
connect.secure.wellsfargo.com/auth/static/wfa/css/images/ |
49 B 49 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
btn_blueslice.gif
connect.secure.wellsfargo.com/auth/static/wfa/css/images/ |
152 B 152 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
left_nav_dot.gif
connect.secure.wellsfargo.com/auth/static/wfa/css/images/ |
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
stats.g.doubleclick.net/r/ Redirect Chain
|
35 B 53 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.injeteck.com.br/ | Name: __utmz Value: 107320666.1509098018.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) |
|
.injeteck.com.br/ | Name: __utmc Value: 107320666 |
|
.injeteck.com.br/ | Name: __utmb Value: 107320666.1.10.1509098018 |
|
.injeteck.com.br/ | Name: __utma Value: 107320666.147942959.1509098018.1509098018.1509098018.1 |
|
.injeteck.com.br/ | Name: __utmt Value: 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
connect.secure.wellsfargo.com
injeteck.com.br
stats.g.doubleclick.net
www.google-analytics.com
108.167.168.86
159.45.66.156
2a00:1450:4001:816::200e
2a00:1450:400c:c04::9c
04ebbc8b6a0071e1d78440d674dad23569fd0f33217cfb13c57fe0cf07b14547
0c646ba9e7fd0c3be4aa6992a032d438940c22373d15c3e386cbbb6a6f1d7002
198506f95f9c0cf3a670f82ea63f9a560bd6ff9a17c153ad4ac5d8777e0fda21
1e776523ad4b7aabbafe543437026068fa33850abd9fdc8c482c22b9357f5ba2
2336b0d676c6d8a65da4983f4da000128c11d897714ee57d4bba70e80a55bc94
2371d8b4605182fe88a2b4d762abda7cbb8bc23675ef4e9261a786bb1d8a06a4
57e7fe6c51b03564f8b28e2c9cc0b9bd88ab7e73245fd4d4723dfc2fbdf60b0a
5fb7b85658a6e615400e0f1f3e16fc869bbd099b3c3c181c294c05d1d7d1cfe5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8b7cafedb16608f4fc31cafd8ed3c7e6c97c0a0e530540dbbc266fc5f3db57d5
8d195124c3db6b1912b2d6b0cb23baa60b7e9d01e4b87bb9b2efecd4cb85385c
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c8e3699362d1d2ffc0c97b36e93b1e793034ca7b98896ca2260c2c1dcd973d59
dd77bede93256e88a4f6b6b05bca756126011650ce56a2a5e7ea6ecf44941fe2
ebf4a535fa6a88962621940e780ca0cd6707b6cdaed59f469f0aeada311d09d1
ff6ad619b290242fa4ccf79726b3802c1b8d4be4f3b363c7847bf48a1dc60933