welsfrago.sbs Open in urlscan Pro
2606:4700:3035::6815:3a3a Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://rebrand.ly/n3xhq36
Effective URL:
https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
Submission: On July 26 via manual (July 26th 2022, 11:53:39 am UTC) from US — Scanned from US

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3035::6815:3a3a, located in United States and belongs to CLOUDFLARENET, US. The main domain is welsfrago.sbs.
TLS certificate: Issued by E1 on July 11th 2022. Valid for: 3 months.

This is the only time welsfrago.sbs was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	3.224.10.203 3.224.10.203	14618 (AMAZON-AES) (AMAZON-AES)
14	2606:4700:303... 2606:4700:3035::6815:3a3a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:807::200a	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1a	20446 (STACKPATH...) (STACKPATH-CDN)
2	104.106.253.241 104.106.253.241	16625 (AKAMAI-AS) (AKAMAI-AS)
18	4

1 3.224.10.203 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-224-10-203.compute-1.amazonaws.com

rebrand.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700:3035::6815:3a3a (United States)

ASN13335 (CLOUDFLARENET, US)

welsfrago.sbs	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:807::200a (New York, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.106.253.241 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-106-253-241.deploy.static.akamaitechnologies.com

www15.wellsfargomedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	welsfrago.sbs welsfrago.sbs	809 KB
2	wellsfargomedia.com www15.wellsfargomedia.com — Cisco Umbrella Rank: 21747	49 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 613	29 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 72	868 B
1	rebrand.ly 1 redirects rebrand.ly — Cisco Umbrella Rank: 67371	330 B
18	5

	Domain	Requested by
14	welsfrago.sbs	welsfrago.sbs
2	www15.wellsfargomedia.com	welsfrago.sbs
1	code.jquery.com	welsfrago.sbs
1	fonts.googleapis.com	welsfrago.sbs
1	rebrand.ly	1 redirects
18	5

This site contains no links.

Subject Issuer	Validity	Valid
*.welsfrago.sbs E1	`2022-07-11` - `2022-10-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-04` - `2022-09-26`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
www15.wellsfargomedia.com DigiCert SHA2 Secure Server CA	`2021-12-31` - `2023-01-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
Frame ID: EB803456FE26AF5F3781F4CB019F1403
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign on to your personal account

Page URL History Show full URLs

https://rebrand.ly/n3xhq36 HTTP 301
https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html Page URL

Detected technologies

Materialize CSS (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href="[^"]*materialize(?:\.min)?\.css
materialize(?:\.min)?\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

887 kB
Transfer

1381 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://rebrand.ly/n3xhq36 HTTP 301
https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request index.html Show response
welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/
Redirect Chain

https://rebrand.ly/n3xhq36
https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html

8 KB
3 KB

275ms
239ms

Document
text/html

2606:4700:3035::6815:3a3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:3a3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a9a69af64dca70e7f58973e1c8c7e77cdd002a0672e0c5fce5f36400775180a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 730cef7bec478c5d-EWR
content-encoding: br
content-type: text/html
date: Tue, 26 Jul 2022 11:53:33 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Fri, 15 Jul 2022 08:11:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WaJdGNB3a4ycC78FSjWM9sMI5preCzdvo2V%2BBboNK28H%2FSmB5b%2BwB8UErhpV%2BIWfHts7lHUcYnaAj939Imt%2FV9OO7YMX9sni8r%2FyxP3h8le5jj1%2BKByLHy60yqGqbWTqBo5teHM%2FVUv2bipf"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Redirect headers

Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Length: 0
Date: Tue, 26 Jul 2022 11:53:31 GMT
Engine: Rebrandly.redirect, version 2.1
Expires: -1
Location: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
Strict-Transport-Security: max-age=15552000

GET
H2 200 icon
fonts.googleapis.com/ 569 B
868 B 37ms
20ms Stylesheet
text/css 2607:f8b0:4006:807::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: welsfrago.sbs
URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::200a New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a3fd05981a0c3de2a9a444448377474b00455094746abfec60bb97bf0e66ae4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://welsfrago.sbs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 26 Jul 2022 11:53:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 26 Jul 2022 11:53:33 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 26 Jul 2022 11:53:33 GMT

GET
H2 200 materialize.css
welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/css/ 178 KB
27 KB 574ms
573ms Stylesheet
text/css 2606:4700:3035::6815:3a3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/css/materialize.css
Requested by: Host: welsfrago.sbs
URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:3a3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3b3254ec20012511d5938000c86b0b7e10f76ab85e48a497c40a9c7a0af4017

Request headers

accept-language: en-US,en;q=0.9
Referer: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 11:53:33 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 15 Jul 2022 08:12:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cju41TxTQ4QyiBzaLrB8LJVtGXla77UtXz53w4VSz9yTSddeqEtVqBjCXk%2BV0o7zQyYXdUdJS4suhtNcGe79bJMYV8lzULMpO%2FrxR0%2BWUNNBhgMYva8dPgS9KxD1cXThEgD3Rpb8JudFwlDZ"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 730cef7d6f4a8c5d-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 style.css
welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/css/ 5 KB
2 KB 236ms
235ms Stylesheet
text/css 2606:4700:3035::6815:3a3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/css/style.css
Requested by: Host: welsfrago.sbs
URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:3a3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27b815f51dfc4b28c640e806eb710900cbcb16b0600d918f3fcef5200650e951

Request headers

accept-language: en-US,en;q=0.9
Referer: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 11:53:33 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 15 Jul 2022 08:11:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6eZMb27ffkaHVx9Fs6di%2Bl7zrYsiaSyJCM%2F0yahMlCtXKYEPEURasyA7Gr%2FAcfY49CiYvNDX%2BYtZbPB29BeVd5%2FMobxo1qsLDz%2BSM7K6pv5Zr7w8F%2BBbzYON1l%2Bj1mYjpJRFid60eg%2F%2FXJL5"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 730cef7d6f4b8c5d-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 wf.png
welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/pic/ 4 KB
5 KB 254ms
252ms Image
image/png 2606:4700:3035::6815:3a3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/pic/wf.png
Requested by: Host: welsfrago.sbs
URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:3a3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9457792c18bd3eb4b36ec6983f549303fcd29325cfb35f73c94d107f369f3507

Request headers

accept-language: en-US,en;q=0.9
Referer: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 11:53:33 GMT
cf-cache-status: MISS
last-modified: Fri, 15 Jul 2022 08:12:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g%2FbxiDhX6fHlozrZ6ajunh0vBWIqUf1Ah2hFDfxWsEx1fF7nJfznvRCgimEpxI5HbGYFH%2BAzti0saSr8K4RUitE8X0%2BCoTASAwHkw%2BQ0lpewGasW7KBmPG2tAYNZ9pv5Q6NOrDmyfCfOCURJ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 730cef7d8ec117f1-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4539

GET
H3 200 href-right.png
welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/pic/ 6 KB
7 KB 255ms
253ms Image
image/png 2606:4700:3035::6815:3a3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/pic/href-right.png
Requested by: Host: welsfrago.sbs
URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:3a3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7316a161a5bd590b1450449fe6f34a073843fe2cf263dc4271df9f881aa96c83

Request headers

accept-language: en-US,en;q=0.9
Referer: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 11:53:33 GMT
cf-cache-status: MISS
last-modified: Fri, 15 Jul 2022 08:12:10 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P6C8ojQKmMSU%2FFonS9npT0QQthVwXEZFnwltnegdM%2F4GhXtkwH6Cl8fUiDmy8Q8SWONneETu78CMQBf7fdVLJv7RstsobPmj0vSzOHgMpfy87h%2BW7FsIBwgE%2Bin%2FWV4y6ENm%2B32vaeQ1zr74"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 730cef7d8ec217f1-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6172

GET
H3 200 s1.png
welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/pic/ 2 KB
3 KB 247ms
245ms Image
image/png 2606:4700:3035::6815:3a3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/pic/s1.png
Requested by: Host: welsfrago.sbs
URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:3a3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aaff72b93aed5b92ee19c5292662bf887aed5befda147aab50c1b3ea09df2d14

Request headers

accept-language: en-US,en;q=0.9
Referer: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 11:53:33 GMT
cf-cache-status: MISS
last-modified: Fri, 15 Jul 2022 08:12:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=416U5G3xjprPeyTawWgMFUN%2BqnkGjeeKsvk2l57zY1K%2Bq7ivEKfUId0mGcYLePJme9wwd7qL%2FdvxASCBm7spToUOd28cvHNOA4tOCmce708hdcdaWxwCWZAp3ispVfoSrLlZGZO1Rr1jnSfh"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 730cef7d8ec417f1-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2074

GET
H3 200 s2.png
welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/pic/ 2 KB
3 KB 241ms
239ms Image
image/png 2606:4700:3035::6815:3a3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/pic/s2.png
Requested by: Host: welsfrago.sbs
URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:3a3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7981cf0ffdb9d913c153d663d6550d1fde33e8f7d7b1aee8406225606ea4db93

Request headers

accept-language: en-US,en;q=0.9
Referer: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 11:53:33 GMT
cf-cache-status: MISS
last-modified: Fri, 15 Jul 2022 08:12:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SVOGC2ZhG4azFKZea3hNScYwSY5L0Ktkn%2FvEgBwnXIo7WGSEy%2FH3Qa45nGpYv42vFCF7EVB3ryO%2Fus%2F%2BbT9G5IiDXH6tAx3VzgmjhJ84aabfiz3dFcnOUy3OjrsiVDXYDYzH3gaI4%2BInnPGs"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 730cef7d8ec617f1-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2199

GET
H3 200 x1.png
welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/pic/ 5 KB
5 KB 248ms
247ms Image
image/png 2606:4700:3035::6815:3a3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/pic/x1.png
Requested by: Host: welsfrago.sbs
URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:3a3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5630069af226ce5661d349b57fec67602123004f03e808c97e30c845fe1a87a8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 11:53:33 GMT
cf-cache-status: MISS
last-modified: Fri, 15 Jul 2022 08:12:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y2xB7IaPc4eoD%2FlM3Yk7%2F4POA7zpV2sgoLvim0rLns70j58WheUhv4jneZza0Mj%2FlagCF0DyTEbB1%2BA5sJaCFbeksEG9wFvO2QEAOx2aR0mKCPlp%2FCAixEHJnFqsg%2FWABIHz%2FbbDwnBgXKWC"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 730cef7d8ec717f1-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4901

GET
H3 200 fta.png
welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/pic/ 31 KB
32 KB 365ms
364ms Image
image/png 2606:4700:3035::6815:3a3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/pic/fta.png
Requested by: Host: welsfrago.sbs
URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:3a3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 975c5035b2b1b34bc57776c77d0ca0ce3cc0b28a381075c56ee424be08c7eaa0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 11:53:33 GMT
cf-cache-status: MISS
last-modified: Fri, 15 Jul 2022 08:12:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q%2BPkooOtr2toFG661Wf53nJDWvi393E23PGKTQeq0dg8wmBBkxey%2BGUA8UP6jFv3ybWM%2Fsp%2BTyd1yPRMWJnObHaEmxi3ZW4kvZYbCy98x7jZW8V4syOepewBObvoab805RhAKtEMICzH32uK"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 730cef7d8ec817f1-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 31988

GET
H3 200 fta2.png
welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/pic/ 17 KB
18 KB 341ms
340ms Image
image/png 2606:4700:3035::6815:3a3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/pic/fta2.png
Requested by: Host: welsfrago.sbs
URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:3a3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5c1c893252db7f489541a2e56935d271b89aa1fdb78035246dd718298be0256

Request headers

accept-language: en-US,en;q=0.9
Referer: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 11:53:33 GMT
cf-cache-status: MISS
last-modified: Fri, 15 Jul 2022 08:12:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j9ZlaNmyGHQufvkuEt30i%2FP554mLWRrm5tMTpA7OLepDsdF%2FQ4thDMcuPBqYHCK2DbB8IoFK0mu2CGJ1lQFJipWdhhIqwhuF3ERJjyS18ybl7PQXVwqv2tBwuHf%2Bt8tgqddTs%2BORYaCzZ%2Bb4"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 730cef7d8ec917f1-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17493

GET
H3 200 fta3.png
welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/pic/ 20 KB
20 KB 352ms
351ms Image
image/png 2606:4700:3035::6815:3a3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/pic/fta3.png
Requested by: Host: welsfrago.sbs
URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:3a3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0e555c6145b439af1a653869f1e1504218ec8d4011cec24f570db8162553223

Request headers

accept-language: en-US,en;q=0.9
Referer: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 11:53:33 GMT
cf-cache-status: MISS
last-modified: Fri, 15 Jul 2022 08:12:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LVa8FsD5UsvAjgwtdclFw818JXE1mvHvdUeBb6mRnrTBxpKjK3E%2FSj4tJ8wa%2BxGWGW6vkLcKIdPRHokVh48Vp82ZqWhkuiRmO5ytcYK8dJjiWHH5xLSJ8Rj6OO7JieFY94Dgch8egeSdCr0f"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 730cef7d8ecb17f1-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 19985

GET
H2 200 jquery-2.1.1.min.js Show response
code.jquery.com/ 82 KB
29 KB 20ms
7ms Script
application/javascript 2001:4de0:ac18::1:a:1a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.1.1.min.js
Requested by: Host: welsfrago.sbs
URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://welsfrago.sbs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 11:53:33 GMT
content-encoding: gzip
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
etag: W/"28feccc0-14915"
vary: Accept-Encoding
x-hw: 1658836413.dop138.ny3.t,1658836413.cds226.ny3.hn,1658836413.cds035.ny3.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 29482

GET
H3 200 materialize.js Show response
welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/js/ 361 KB
73 KB 739ms
737ms Script
application/javascript 2606:4700:3035::6815:3a3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/js/materialize.js
Requested by: Host: welsfrago.sbs
URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:3a3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6fb3163e2052a85d4d4cd6371f5dfdc7a39ddfbdb7762045b951d814355ca6d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 11:53:33 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 15 Jul 2022 08:12:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tns%2BIyX6BVzKqRNMZ4mEXYc%2B7iSmt8vMdq8njFzwpNq6q8u9N7rQSLOu%2Fvx746rC0G1wNYmQrcpmsccRfkVKXrKlpXBFwTamAbw2wNT7ULQupw3NmGYF7otbZcfpx5tzLXP3Rsa%2FP%2BAVpoHg"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 730cef7d8ebf17f1-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 init.js Show response
welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/js/ 663 B
878 B 242ms
240ms Script
application/javascript 2606:4700:3035::6815:3a3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/js/init.js
Requested by: Host: welsfrago.sbs
URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:3a3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa6d2fcd9eec6fd8a1c5af535933329e7252c527505ba4d1fef2eedc08b47e11

Request headers

accept-language: en-US,en;q=0.9
Referer: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 11:53:33 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 15 Jul 2022 08:12:03 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FIhW%2BxgnjYlemd6rTcwcetwoqLbfRPGnvA6ObwZDoBuB1iNv9JwnYgsVad5%2F1V9LmtDfFvsgSj4VVEQEbB%2FtBmzpjrru3KGoSH8u%2FUvAk%2BjteYuiKJisIcezh0CTJ4Zwbr5LwdHQI42a0rak"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 730cef7d8ec017f1-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 bg.jpg
welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/pic/ 611 KB
611 KB 466ms
466ms Image
image/jpeg 2606:4700:3035::6815:3a3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/pic/bg.jpg
Requested by: Host: welsfrago.sbs
URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:3a3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8325d272c72a041414d9fb349e9d4bca5e7fc8ad66f47a719e491960afa5683

Request headers

accept-language: en-US,en;q=0.9
Referer: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 11:53:34 GMT
cf-cache-status: MISS
last-modified: Fri, 15 Jul 2022 08:12:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ng9D6IX%2B4YmwBICqbEbJ2hzHlVdAkCfJjhDH1zg6LGqo6wmPsoUlXPBItqqVBzM2Qqe%2FOPvr5uN5cAPStfgb46QfvofHBASR%2Fw8wKnl%2F8y5pEm7N5pSTN2yFYtLfevunDYSeHw8VwGnUnp6f"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 730cef811b6a17f1-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 625433

GET
H2 200 wellsfargosans-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ 22 KB
22 KB 166ms
5ms Font
font/woff2 104.106.253.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-rg.woff2

Requested by

Host: welsfrago.sbs
URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/css/materialize.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.106.253.241 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-106-253-241.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://welsfrago.sbs/
Origin: https://welsfrago.sbs
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
last-modified: Tue, 26 Feb 2019 19:38:34 GMT
server: KONICHIWA/2.0
etag: "5798-582d133e56280"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
date: Tue, 26 Jul 2022 11:53:33 GMT
accept-ranges: bytes
content-length: 22424
x-xss-protection: 1; mode=block
expires: Wed, 26 Jul 2023 11:53:33 GMT

GET
H2 200 wellsfargoserif-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ 26 KB
26 KB 151ms
10ms Font
font/woff2 104.106.253.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargoserif-rg.woff2

Requested by

Host: welsfrago.sbs
URL: https://welsfrago.sbs/0600e5/a433b4/ac303f/a75c6d/2410/d191/css/materialize.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.106.253.241 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-106-253-241.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

aeb7b3bfc4281d35b02dfde05ac7a6c0d3daa7f3123b35a9cbd4b5a8e3f3c310

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://welsfrago.sbs/
Origin: https://welsfrago.sbs
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
last-modified: Mon, 11 Mar 2019 20:52:01 GMT
server: KONICHIWA/2.0
etag: "6854-583d7be82be40"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
date: Tue, 26 Jul 2022 11:53:33 GMT
accept-ranges: bytes
content-length: 26708
x-xss-protection: 1; mode=block
expires: Wed, 26 Jul 2023 11:53:33 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
fonts.googleapis.com
rebrand.ly
welsfrago.sbs
www15.wellsfargomedia.com
104.106.253.241
2001:4de0:ac18::1:a:1a
2606:4700:3035::6815:3a3a
2607:f8b0:4006:807::200a
3.224.10.203
27b815f51dfc4b28c640e806eb710900cbcb16b0600d918f3fcef5200650e951
5630069af226ce5661d349b57fec67602123004f03e808c97e30c845fe1a87a8
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
6a9a69af64dca70e7f58973e1c8c7e77cdd002a0672e0c5fce5f36400775180a
7316a161a5bd590b1450449fe6f34a073843fe2cf263dc4271df9f881aa96c83
7981cf0ffdb9d913c153d663d6550d1fde33e8f7d7b1aee8406225606ea4db93
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
9457792c18bd3eb4b36ec6983f549303fcd29325cfb35f73c94d107f369f3507
975c5035b2b1b34bc57776c77d0ca0ce3cc0b28a381075c56ee424be08c7eaa0
a3fd05981a0c3de2a9a444448377474b00455094746abfec60bb97bf0e66ae4e
aaff72b93aed5b92ee19c5292662bf887aed5befda147aab50c1b3ea09df2d14
aeb7b3bfc4281d35b02dfde05ac7a6c0d3daa7f3123b35a9cbd4b5a8e3f3c310
b3b3254ec20012511d5938000c86b0b7e10f76ab85e48a497c40a9c7a0af4017
b8325d272c72a041414d9fb349e9d4bca5e7fc8ad66f47a719e491960afa5683
c6fb3163e2052a85d4d4cd6371f5dfdc7a39ddfbdb7762045b951d814355ca6d
e0e555c6145b439af1a653869f1e1504218ec8d4011cec24f570db8162553223
e5c1c893252db7f489541a2e56935d271b89aa1fdb78035246dd718298be0256
fa6d2fcd9eec6fd8a1c5af535933329e7252c527505ba4d1fef2eedc08b47e11

welsfrago.sbs Open in urlscan Pro 2606:4700:3035::6815:3a3a Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

60 %IPv6

5 Domains

5 Subdomains

4 IPs

2 Countries

887 kBTransfer

1381 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

27 JavaScript Global Variables

0 Cookies

Indicators

welsfrago.sbs Open in urlscan Pro
2606:4700:3035::6815:3a3a Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

887 kB
Transfer

1381 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!