afghanbazarrugs.com
Open in
urlscan Pro
2606:4700:30::681b:99b3
Malicious Activity!
Public Scan
Submission: On September 30 via manual from US
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on August 27th 2019. Valid for: a year.
This is the only time afghanbazarrugs.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online) Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 2606:4700:30:... 2606:4700:30::681b:99b3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 159.45.170.156 159.45.170.156 | 10837 (WELLSFARG...) (WELLSFARGO-10837 - Wells Fargo & Company) | |
1 | 159.45.66.178 159.45.66.178 | 4196 (WELLSFARG...) (WELLSFARGO-4196 - Wells Fargo & Company) | |
14 | 4 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
afghanbazarrugs.com |
ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US)
connect.secure.wellsfargo.com |
ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US)
static.wellsfargo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
afghanbazarrugs.com
afghanbazarrugs.com |
388 KB |
2 |
wellsfargo.com
connect.secure.wellsfargo.com static.wellsfargo.com |
47 KB |
14 | 2 |
Domain | Requested by | |
---|---|---|
12 | afghanbazarrugs.com |
afghanbazarrugs.com
|
1 | static.wellsfargo.com |
afghanbazarrugs.com
|
1 | connect.secure.wellsfargo.com |
afghanbazarrugs.com
|
14 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-08-27 - 2020-08-26 |
a year | crt.sh |
connect.secure.wellsfargo.com DigiCert Global CA G2 |
2019-02-07 - 2021-02-07 |
2 years | crt.sh |
static.wellsfargo.com DigiCert Global CA G2 |
2019-02-07 - 2021-02-07 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://afghanbazarrugs.com/serverwellsfargo20/wfad/login.html
Frame ID: FDFF169B10A775E2CABCF917CE2CB3FA
Requests: 23 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.html
afghanbazarrugs.com/serverwellsfargo20/wfad/ |
409 KB 292 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nd
afghanbazarrugs.com/serverwellsfargo20/wfad/css/ |
40 KB 13 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.js
afghanbazarrugs.com/serverwellsfargo20/wfad/css/ |
142 KB 18 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gen_validatorv2.js
afghanbazarrugs.com/serverwellsfargo20/wfad/css/ |
12 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
global.css
afghanbazarrugs.com/serverwellsfargo20/wfad/css/ |
20 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag_002.js
afghanbazarrugs.com/serverwellsfargo20/wfad/css/ |
39 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag_003.js
afghanbazarrugs.com/serverwellsfargo20/wfad/css/ |
3 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
12 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
270 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
467 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-userprefs.js
afghanbazarrugs.com/serverwellsfargo20/wfad/css/ |
137 KB 47 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
conutils-6.js
afghanbazarrugs.com/serverwellsfargo20/wfad/css/ |
10 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
atadun.js
afghanbazarrugs.com/serverwellsfargo20/wfad/css/ |
1 KB 509 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
839 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
889 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
conutils-6.2.2.js
afghanbazarrugs.com/auth/static/scripts/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
atadun.js
afghanbazarrugs.com/auth/static/prefs/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nd
connect.secure.wellsfargo.com/jenny/ |
44 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.js
static.wellsfargo.com/tracking/main/ |
246 KB 31 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online) Wells Fargo (Banking)206 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| ndoGetObjectKeys string| ndjsStaticVersion object| nskkdsd object| nscunk boolean| nsvhper number| nsvhp number| nsvhpergh object| nsyyapmhym object| nsjldzep object| nsjxztgfsj object| nszomrz object| nsjxzt object| nskkdsdek boolean| nsjldzepyx string| nszomr object| nds object| nsjldzepy number| numQueries object| returned string| version undefined| nsyyapmh string| nskkds string| nswhxr string| nsjxztg string| nswhx string| nswhxrqitz string| nsvhperghu object| nsjldze object| nscunkvea function| nscun function| nswhxrqit function| nsjxz boolean| nskkdsdekp object| nsyyap function| nskkd function| nsvhpe function| nswhxrqi function| nszomrzr function| nsvhperg function| ndwti function| nsjxztgfs function| nskkdsde function| nscunkv function| nszomrzrg function| HashUtil function| nsjldz function| nsjxztgf function| nsyyapmhy function| nsyyapm function| nscunkve function| nsjld function| nsyya function| nswhxrq function| nszom function| nscunkveat function| nszomrzrgh function| nsfxu function| nsqepzifno function| nskcqnzcpi function| nsqepzifn function| nsfxujyqoc function| ndwts function| nspabwuz function| nswlxr function| nspabwu function| nspabwuzc function| nskcq function| nsqafduxp function| nsgdyq function| nswlx function| nsqepz function| nsqpkbeb object| ndsapi object| antiClickjack function| Validator function| set_addnl_vfunction function| clear_all_validations function| form_submit_handler function| add_validation function| ValidationDesc function| vdesc_validate function| ValidationSet function| add_validationdesc function| vset_validate function| validateEmailv2 function| mod10 function| V2validateData string| webId string| ndURI boolean| utag_condload string| new_path object| utag_cfg_ovrd object| utag_data object| userAgentArr object| utag function| utag_pad function| utag_visitor_id string| USERPREFS_PATH string| UPRESOURCE_PATH string| ATADUN_PATH string| loginUrlBase object| scriptParent function| disableSubmitsCollectUserPrefs function| addLoginFormFieldsAndSubmit function| jsEnabled function| addEvent object| UserPrefsHelper object| collector function| loadUserPrefs function| submitUserPrefs function| getUserPrefsOnPageLoad function| undoSaveUsername function| maskedUsernameChanged function| addScriptElement boolean| m object| q object| options object| lun3 boolean| isNative object| js object| fjs object| LoginForm object| Search function| updateCustomSelect object| frmvalidator function| nsshe function| nswbgoe function| nsznfszywq boolean| nsukaf object| nslkopmt object| nswbg boolean| nsukafbslr function| nsmnkhjpfh number| nslkopm number| nswlfamew function| nsukafbsl function| nslko function| nswbgoegf function| nssjuiwv object| nswlfame function| nsznfs object| nssheski object| nssheskik function| nsmnkhj object| nsukafb object| nsznfsz object| nswbgoeg function| nswbgoegff function| nsukafbs boolean| nswbgo string| nslkopmtmr function| nssheskiko function| nssjuiw string| nsznfszy function| nsznf function| nsshesk string| nsshes string| nsznfszyw function| nsmnkhjp string| nssjuiwvbs string| nsuka function| nswlfam string| nssju string| nsmnkhjpf string| nslkop object| nswlfamewz object| nswlfa function| nsmnk function| nswlf function| nssjuiwvb function| nsmnkh function| nslkopmtm function| nsuapxehq function| nsvxyfnhy function| nsuapx function| nsxfinbio function| nswythlg function| nslemlokdn function| nsqakeyil function| nsqake function| nsqbef function| nsqbefqe function| nsxfin function| nslemlok function| nslemlo function| nsvxy function| nswyt function| nsuap function| nswythlgie function| nsqakeyi function| nsuapxeh function| nsxfinbi function| nsuapxehqy function| nswmqy function| nswythl function| nswythlgi object| nssjui function| nslemlokd undefined| pathname undefined| urlArray undefined| url undefined| sRegExInput string| GoogleAnalyticsObject function| ga0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
afghanbazarrugs.com
connect.secure.wellsfargo.com
static.wellsfargo.com
159.45.170.156
159.45.66.178
2606:4700:30::681b:99b3
037d71c699303b123f95a8c914479511db22b9f9262f19e51fc17385aff0323d
135c67d9b6df48d37ccf2e6724259abe281f65e2c94a329505c6c7b750e20b9e
17f3818bba16137fba7657230309043ae41cd08a5df25a7c61cd9583291c1354
198506f95f9c0cf3a670f82ea63f9a560bd6ff9a17c153ad4ac5d8777e0fda21
1ed889a15705bc76729d29d715c64f3d7f35de2ea519e1d2704924cf40d9e30d
2910f07eb1efbf99cb485fe848fd1aaa251bcd9c6cb3276426492daa45651be3
2988d6e73c0e941bacfce1a19c1bf760ca9506dac8b682dc5b385481ff88fa3a
344ce7ae9a0179e949d1daf2b1811828294ec092ebdd622a7d8f2f379e801823
440105e7f661813d1c26ab82c39af094cf142aa857774ab7db67936cbfaeecf7
5145f5faf6c1269bdd974357ed344b9cd5f4e4cea424c14dd302a9c11a206741
524334591f0a303f83bca01c7c38da4147eb139c098aeff6fe0e393cca06630c
705bd8e4384ec9aa56df0603e0763aca2ce9a427c15d36fee5d97622b318c535
7b276e5173282620545b51350123f747ceeaca0f1d67137d65694074ddabccff
88ea1e8571c24bb405188183eb65160319757c7a93a4db1da31451458d63efff
ab78c44d5e86c6f0937d203066ebcadbf50c8d63407564a151bdd03701f40a70
b319b049366dde73690990738ac5af4fb9937d18abac85b01aaff185b5262868
b99dead0deb91299630edd2fdc72855aac3836ea262473d47348e218a7744264
d709d9969f0eaed2494ac931a0162646fd81d6ce991f2a00613aedf88423e50a
df500743bbedcef7623fdf2ef0c05ca411437c6216674271f4cc8b32f910f96d
f7899cfdbc342decc4aeb0bae9ada39bfaa8ae3c687fc72119fca2efdf77dff2
f809fa596dc2e66029e195d0aef2d6d7b077ea1f7d145455441ba893875aec41