weedcommerce.co.za Open in urlscan Pro
154.0.164.17 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
Submission: On June 01 via automatic, source phishtank (June 1st 2020, 5:22:03 am UTC)

Summary HTTP 9 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 154.0.164.17, located in South Africa and belongs to Afrihost, ZA. The main domain is weedcommerce.co.za.

This is the only time weedcommerce.co.za was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 8	154.0.164.17 154.0.164.17	37611 (Afrihost) (Afrihost)
2	159.45.2.178 159.45.2.178	10837 (WELLSFARG...) (WELLSFARGO-10837)
9	3

8 154.0.164.17 (South Africa) 1 redirects

ASN37611 (Afrihost, ZA)
PTR: host32.axxesslocal.co.za

weedcommerce.co.za	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.45.2.178 (Charlotte, United States)

ASN10837 (WELLSFARGO-10837, US)

static.wellsfargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	weedcommerce.co.za 1 redirects weedcommerce.co.za	712 KB
2	wellsfargo.com static.wellsfargo.com	8 KB
9	2

	Domain	Requested by
8	weedcommerce.co.za	1 redirects weedcommerce.co.za
2	static.wellsfargo.com	weedcommerce.co.za
9	2

This site contains links to these domains. Also see Links.

Domain
www.wellsfargo.com
oam.wellsfargo.com
icomplete.wellsfargo.com
www.wellsfargorewards.com

Subject Issuer	Validity	Valid
static.wellsfargo.com DigiCert Global CA G2	`2019-02-07` - `2021-02-07`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
Frame ID: 03157BF5037193F885FDA8B387148BF0
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login HTTP 301
http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/ Page URL

Detected technologies

UNIX (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Unix/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

9
Requests

22 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

720 kB
Transfer

1069 kB
Size

0
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://www.wellsfargo.com/

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/help/apply/
Title: Apply

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/locator/
Title: Locations

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/help/
Title: Customer Service

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/help/faqs/sign-on
Title: Forgot Password/Username?

Search URL Search Domain Scan URL

URL: https://oam.wellsfargo.com/oamo/identity/authentication?execution=e1s1
Title: Enroll Now

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/help/faqs/enroll
Title: Enrollment FAQs

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/privacy-security/guarantee
Title: Online Security Guarantee

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/privacy-security/
Title: Privacy, Security and Legal

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/online-banking/online-access-agreement/
Title: Online Access Agreement

Search URL Search Domain Scan URL

URL: https://icomplete.wellsfargo.com/oas/status/enter
Title: Applications In Progress

Search URL Search Domain Scan URL

URL: https://www.wellsfargorewards.com/
Title: Credit Card Rewards

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/about/
Title: About Wells Fargo

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/about/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/privacy-security/fraud/report/phish
Title: Report Email Fraud

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/sitemap
Title: Sitemap

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login HTTP 301
http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
Redirect Chain

http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login
http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/

411 KB
411 KB

198ms
198ms

Document
text/html

154.0.164.17
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
Protocol: HTTP/1.1
Server: 154.0.164.17 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: host32.axxesslocal.co.za
Software: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips /
Resource Hash: e9ded3ea90be85406d0d457c1ccaa859356dbb6404a2369f4f0cdca64b47ab20

Request headers

Host: weedcommerce.co.za
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 01 Jun 2020 05:21:32 GMT
Server: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Sat, 25 Apr 2020 21:18:52 GMT
ETag: "66b2f-5a42407586ea1"
Accept-Ranges: bytes
Content-Length: 420655
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html

Redirect headers

Date: Mon, 01 Jun 2020 05:21:32 GMT
Server: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips
Location: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
Content-Length: 284
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK global.css
weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/static/css/altLogin/ 20 KB
20 KB 388ms
375ms Stylesheet
text/css 154.0.164.17
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/static/css/altLogin/global.css
Requested by: Host: weedcommerce.co.za
URL: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
Protocol: HTTP/1.1
Server: 154.0.164.17 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: host32.axxesslocal.co.za
Software: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips /
Resource Hash: 26cc4dcf61d43920e301bf16e9ae59457799340c582c83f442919463554b4622

Request headers

Referer: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 01 Jun 2020 05:21:33 GMT
Last-Modified: Sat, 25 Apr 2020 21:18:52 GMT
Server: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips
ETag: "4f7c-5a42407587289"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 20348

GET
DATA 200
OK truncated
/ 12 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f809fa596dc2e66029e195d0aef2d6d7b077ea1f7d145455441ba893875aec41

Request headers

Referer: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 17f3818bba16137fba7657230309043ae41cd08a5df25a7c61cd9583291c1354

Request headers

Referer: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 270 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2910f07eb1efbf99cb485fe848fd1aaa251bcd9c6cb3276426492daa45651be3

Request headers

Referer: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 839 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b99dead0deb91299630edd2fdc72855aac3836ea262473d47348e218a7744264

Request headers

Referer: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/static/css/altLogin/global.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 467 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5145f5faf6c1269bdd974357ed344b9cd5f4e4cea424c14dd302a9c11a206741

Request headers

Referer: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b319b049366dde73690990738ac5af4fb9937d18abac85b01aaff185b5262868

Request headers

Referer: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 889 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f7899cfdbc342decc4aeb0bae9ada39bfaa8ae3c687fc72119fca2efdf77dff2

Request headers

Referer: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK login-userprefs.min.js Show response
weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/static/prefs/ 144 KB
144 KB 197ms
197ms Script
application/javascript 154.0.164.17
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/static/prefs/login-userprefs.min.js
Requested by: Host: weedcommerce.co.za
URL: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
Protocol: HTTP/1.1
Server: 154.0.164.17 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: host32.axxesslocal.co.za
Software: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips /
Resource Hash: de55e2da0d2fb6790b37a49e8e659c877f6f54d4a755bc8d264dcddfb73f2ee3

Request headers

Referer: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 01 Jun 2020 05:21:33 GMT
Last-Modified: Sat, 25 Apr 2020 21:18:52 GMT
Server: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips
ETag: "23ecf-5a42407587671"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 147151

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: df500743bbedcef7623fdf2ef0c05ca411437c6216674271f4cc8b32f910f96d

Request headers

Referer: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1ed889a15705bc76729d29d715c64f3d7f35de2ea519e1d2704924cf40d9e30d

Request headers

Referer: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/static/css/altLogin/global.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H/1.1 503
Service Unavailable conutils-6.2.2.js
weedcommerce.co.za/auth/static/scripts/ 0
0 712ms
711ms Script
text/html 154.0.164.17
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: http://weedcommerce.co.za/auth/static/scripts/conutils-6.2.2.js
Requested by: Host: weedcommerce.co.za
URL: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/static/prefs/login-userprefs.min.js
Protocol: HTTP/1.1
Server: 154.0.164.17 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: host32.axxesslocal.co.za
Software: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips / PHP/7.2.24
Resource Hash

Request headers

Referer: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 01 Jun 2020 05:21:34 GMT
Server: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips
Connection: close
X-Powered-By: PHP/7.2.24
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 503
Service Unavailable atadun.js
weedcommerce.co.za/auth/static/prefs/ 0
0 695ms
695ms Script
text/html 154.0.164.17
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: http://weedcommerce.co.za/auth/static/prefs/atadun.js
Requested by: Host: weedcommerce.co.za
URL: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/static/prefs/login-userprefs.min.js
Protocol: HTTP/1.1
Server: 154.0.164.17 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: host32.axxesslocal.co.za
Software: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips / PHP/7.2.24
Resource Hash

Request headers

Referer: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 01 Jun 2020 05:21:34 GMT
Server: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips
Connection: close
X-Powered-By: PHP/7.2.24
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 503
Service Unavailable atadun.js
weedcommerce.co.za/auth/static/prefs/ 0
0 912ms
899ms Script
text/html 154.0.164.17
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: http://weedcommerce.co.za/auth/static/prefs/atadun.js
Requested by: Host: weedcommerce.co.za
URL: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
Protocol: HTTP/1.1
Server: 154.0.164.17 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: host32.axxesslocal.co.za
Software: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips / PHP/7.2.24
Resource Hash

Request headers

Referer: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 01 Jun 2020 05:21:35 GMT
Server: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips
Connection: close
X-Powered-By: PHP/7.2.24
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK utag.js Show response
weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/static.wellsfargo.com/tracking/main/ 136 KB
137 KB 408ms
395ms Script
application/javascript 154.0.164.17
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/static.wellsfargo.com/tracking/main/utag.js
Requested by: Host: weedcommerce.co.za
URL: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
Protocol: HTTP/1.1
Server: 154.0.164.17 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: host32.axxesslocal.co.za
Software: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips /
Resource Hash: 1a9e575395a7838b7e4153b7d640c69bd42d6aa8fa470f05ff8466941c8c5963

Request headers

Referer: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 01 Jun 2020 05:21:35 GMT
Last-Modified: Sat, 25 Apr 2020 21:18:52 GMT
Server: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips
ETag: "22108-5a4240758b109"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 139528

GET
H/1.1 200
OK utag.136.js Show response
static.wellsfargo.com/tracking/main/ 66 KB
6 KB 577ms
134ms Script
application/x-javascript 159.45.2.178
WELLSFARGO-10837

General

Check archive.org

Show headers Download Go to

Full URL

https://static.wellsfargo.com/tracking/main/utag.136.js?utv=ut4.44.201804032219

Requested by

Host: weedcommerce.co.za
URL: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/static.wellsfargo.com/tracking/main/utag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.45.2.178 Charlotte, United States, ASN10837 (WELLSFARGO-10837, US),

Reverse DNS

Software

KONICHIWA/2.0 /

Resource Hash

ca786346f7b712580f74e37e12bf33c1e3b06824ece8758f063797c0bf750ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 01 Jun 2020 05:21:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 5851
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 12 May 2020 22:30:55 GMT
Server: KONICHIWA/2.0
X-Frame-Options: SAMEORIGIN
ETag: "10944-5a57b0457d2d1-gzip"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Type: application/x-javascript
Cache-Control: max-age=1800
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=91

GET
H/1.1 200
OK utag.201.js Show response
static.wellsfargo.com/tracking/main/ 3 KB
2 KB 571ms
128ms Script
application/x-javascript 159.45.2.178
WELLSFARGO-10837

General

Check archive.org

Show headers Download Go to

Full URL

https://static.wellsfargo.com/tracking/main/utag.201.js?utv=ut4.44.201803212225

Requested by

Host: weedcommerce.co.za
URL: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/static.wellsfargo.com/tracking/main/utag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.45.2.178 Charlotte, United States, ASN10837 (WELLSFARGO-10837, US),

Reverse DNS

Software

KONICHIWA/2.0 /

Resource Hash

dbe7f42c63a0af4bf5af8b47e41ffba974cc72bf1eebd793807c2ccec0e14a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://weedcommerce.co.za/wp-admin/css/colors/light/wellsfargo/1/auth/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 01 Jun 2020 05:21:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 1341
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 29 Aug 2019 22:39:36 GMT
Server: KONICHIWA/2.0
X-Frame-Options: SAMEORIGIN
ETag: "c0b-591492e1f5a00-gzip"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Type: application/x-javascript
Cache-Control: max-age=1800
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=93

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

static.wellsfargo.com
weedcommerce.co.za
154.0.164.17
159.45.2.178
17f3818bba16137fba7657230309043ae41cd08a5df25a7c61cd9583291c1354
1a9e575395a7838b7e4153b7d640c69bd42d6aa8fa470f05ff8466941c8c5963
1ed889a15705bc76729d29d715c64f3d7f35de2ea519e1d2704924cf40d9e30d
26cc4dcf61d43920e301bf16e9ae59457799340c582c83f442919463554b4622
2910f07eb1efbf99cb485fe848fd1aaa251bcd9c6cb3276426492daa45651be3
5145f5faf6c1269bdd974357ed344b9cd5f4e4cea424c14dd302a9c11a206741
b319b049366dde73690990738ac5af4fb9937d18abac85b01aaff185b5262868
b99dead0deb91299630edd2fdc72855aac3836ea262473d47348e218a7744264
ca786346f7b712580f74e37e12bf33c1e3b06824ece8758f063797c0bf750ac5
dbe7f42c63a0af4bf5af8b47e41ffba974cc72bf1eebd793807c2ccec0e14a2e
de55e2da0d2fb6790b37a49e8e659c877f6f54d4a755bc8d264dcddfb73f2ee3
df500743bbedcef7623fdf2ef0c05ca411437c6216674271f4cc8b32f910f96d
e9ded3ea90be85406d0d457c1ccaa859356dbb6404a2369f4f0cdca64b47ab20
f7899cfdbc342decc4aeb0bae9ada39bfaa8ae3c687fc72119fca2efdf77dff2
f809fa596dc2e66029e195d0aef2d6d7b077ea1f7d145455441ba893875aec41

weedcommerce.co.za Open in urlscan Pro 154.0.164.17 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

22 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

720 kBTransfer

1069 kBSize

0 Cookies

16 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

28 JavaScript Global Variables

0 Cookies

Indicators

weedcommerce.co.za Open in urlscan Pro
154.0.164.17 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

22 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

720 kB
Transfer

1069 kB
Size

0
Cookies

9 HTTP transactions
9 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!