urlscan.io logo urlscan.io
SecurityTrails logo

johnfarazcarsales.com Open in urlscan Pro
38.117.96.235  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://johnfarazcarsales.com/
Submission Tags: https://phish.report @phish_report Search All
Submission: On June 08 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 12 HTTP transactions. The main IP is 38.117.96.235, located in United States and belongs to RAVAND, CA. The main domain is johnfarazcarsales.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 26th 2023. Valid for: 3 months.
This is the only time johnfarazcarsales.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Cuscatlan de El Salvador (Banking)

Domain & IP information

IP Address AS Autonomous System
9 38.117.96.235 12212 (RAVAND)
1 2a00:1450:400... 15169 (GOOGLE)
1 173.231.16.76 ()
1 34.117.59.81 396982 (GOOGLE-CL...)
12 5
Apex Domain
Subdomains		 Transfer
9 johnfarazcarsales.com
johnfarazcarsales.com
3 MB
1 ipinfo.io
ipinfo.io — Cisco Umbrella Rank: 6127
554 B
1 ipify.org
api.ipify.org
115 B
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 422
31 KB
12 4
Domain Requested by
9 johnfarazcarsales.com johnfarazcarsales.com
1 ipinfo.io ajax.googleapis.com
1 api.ipify.org ajax.googleapis.com
1 ajax.googleapis.com johnfarazcarsales.com
12 4

This site contains no links.

Subject Issuer Validity Valid
johnfarazcarsales.com
cPanel, Inc. Certification Authority		 2023-04-26 -
2023-07-25		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh
*.ipify.org
Sectigo RSA Domain Validation Secure Server CA		 2023-02-07 -
2024-02-18		 a year crt.sh
ipinfo.io
R3		 2023-05-11 -
2023-08-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://johnfarazcarsales.com/
Frame ID: C70E9C4587086AE452E0F337DFAE1B4C
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Digital

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

2995 kB
Transfer

3057 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
johnfarazcarsales.com/ 		1 MB
1 MB 		Document
General
Check archive.org
Download Go to
Full URL
https://johnfarazcarsales.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
38.117.96.235 , United States, ASN12212 (RAVAND, CA),
Reverse DNS
38-117-96-235.static-ip.ravand.ca
Software
Apache /
Resource Hash
c9af0960dd8c09899e40b5a80148419e4642db6bfdd856e207526a51b8b99fa9

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Length
1185437
Content-Type
text/html
Date
Thu, 08 Jun 2023 13:34:04 GMT
Keep-Alive
timeout=5, max=100
Last-Modified
Tue, 09 Aug 2022 15:38:46 GMT
Server
Apache
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: johnfarazcarsales.com
URL: https://johnfarazcarsales.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://johnfarazcarsales.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Thu, 08 Jun 2023 10:45:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10119
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31021
x-xss-protection
0
last-modified
Fri, 08 May 2020 07:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 07 Jun 2024 10:45:25 GMT
styles.39921502ffc3308e5cf0.bundle.css
johnfarazcarsales.com/css/ 		103 KB
103 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://johnfarazcarsales.com/css/styles.39921502ffc3308e5cf0.bundle.css
Requested by
Host: johnfarazcarsales.com
URL: https://johnfarazcarsales.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
38.117.96.235 , United States, ASN12212 (RAVAND, CA),
Reverse DNS
38-117-96-235.static-ip.ravand.ca
Software
Apache /
Resource Hash
e6e29922e8467a5db6fcd491ab7fa38ee746992abbf39db4db06d59d53bb20b2

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://johnfarazcarsales.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 13:34:04 GMT
Last-Modified
Thu, 04 Aug 2022 01:01:32 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
105597
estilos.css
johnfarazcarsales.com/css/ 		1 MB
1 MB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://johnfarazcarsales.com/css/estilos.css
Requested by
Host: johnfarazcarsales.com
URL: https://johnfarazcarsales.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
38.117.96.235 , United States, ASN12212 (RAVAND, CA),
Reverse DNS
38-117-96-235.static-ip.ravand.ca
Software
Apache /
Resource Hash
3d77e17eff7ff31b8e3fd2871efd8806a4d037aa2b4c7f196e7aa765dfc692fb

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://johnfarazcarsales.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 13:34:05 GMT
Last-Modified
Thu, 04 Aug 2022 00:06:44 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1054149
prismaWeb.css
johnfarazcarsales.com/css/ 		123 KB
123 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://johnfarazcarsales.com/css/prismaWeb.css
Requested by
Host: johnfarazcarsales.com
URL: https://johnfarazcarsales.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
38.117.96.235 , United States, ASN12212 (RAVAND, CA),
Reverse DNS
38-117-96-235.static-ip.ravand.ca
Software
Apache /
Resource Hash
b08aa0320bab8817e3d30ecfe71a01eff590881794d735282bf1558f4a1a6d69

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://johnfarazcarsales.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 13:34:05 GMT
Last-Modified
Wed, 03 Aug 2022 23:19:20 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
126043
keyboardLowerCaseLowContrast.png
johnfarazcarsales.com/img/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://johnfarazcarsales.com/img/keyboardLowerCaseLowContrast.png
Requested by
Host: johnfarazcarsales.com
URL: https://johnfarazcarsales.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
38.117.96.235 , United States, ASN12212 (RAVAND, CA),
Reverse DNS
38-117-96-235.static-ip.ravand.ca
Software
Apache /
Resource Hash
d7d908335b484d3310b807cbf69b666341a6234b6eeaa337f8b779dc9411d025

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://johnfarazcarsales.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 13:34:06 GMT
Last-Modified
Wed, 03 Aug 2022 23:19:20 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
5633
6f851c1f8a2197e8215bfba708791e38.jpg
johnfarazcarsales.com/img/ 		104 KB
104 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://johnfarazcarsales.com/img/6f851c1f8a2197e8215bfba708791e38.jpg
Requested by
Host: johnfarazcarsales.com
URL: https://johnfarazcarsales.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
38.117.96.235 , United States, ASN12212 (RAVAND, CA),
Reverse DNS
38-117-96-235.static-ip.ravand.ca
Software
Apache /
Resource Hash
f3eada35f785744654e96d7143682e90809fbe1c856be4868597d1bd27edb6a9

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://johnfarazcarsales.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 13:34:06 GMT
Last-Modified
Wed, 03 Aug 2022 23:19:24 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
106498
sax.js
johnfarazcarsales.com/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://johnfarazcarsales.com/js/sax.js
Requested by
Host: johnfarazcarsales.com
URL: https://johnfarazcarsales.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
38.117.96.235 , United States, ASN12212 (RAVAND, CA),
Reverse DNS
38-117-96-235.static-ip.ravand.ca
Software
Apache /
Resource Hash
a854338e5e47d9be50207155288fb07494349dbb063eab041ad15efc49279f72

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://johnfarazcarsales.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 13:34:05 GMT
Last-Modified
Thu, 25 May 2023 18:41:02 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1137
/
api.ipify.org/ 		22 B
115 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
173.231.16.76 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
c60af50d7683909b4fb713ee5c2b85fa2dd63fbeb5e131c14454f9f1e10a0071

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://johnfarazcarsales.com/
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-origin
https://johnfarazcarsales.com
date
Thu, 08 Jun 2023 13:34:10 GMT
content-length
22
vary
Origin
content-type
application/json
/
ipinfo.io/ 		308 B
554 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ipinfo.io/
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.59.81 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
81.59.117.34.bc.googleusercontent.com
Software
/
Resource Hash
e3d23508317ecbfbd1ce1db73c54c741954a8a89a4b39d4453a61eeea818b485
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://johnfarazcarsales.com/
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Thu, 08 Jun 2023 13:34:06 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
content-encoding
gzip
via
1.1 google
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-envoy-upstream-service-time
7
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6c8b35760fefe68e1ef1fd3859aebffd5aa4cc485cddd5cc9c53c57142269609

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/png
OpenSans-Regular.14077b877bbfbc815a94.woff2
johnfarazcarsales.com/css/ 		50 KB
50 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://johnfarazcarsales.com/css/OpenSans-Regular.14077b877bbfbc815a94.woff2
Requested by
Host: johnfarazcarsales.com
URL: https://johnfarazcarsales.com/css/styles.39921502ffc3308e5cf0.bundle.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
38.117.96.235 , United States, ASN12212 (RAVAND, CA),
Reverse DNS
38-117-96-235.static-ip.ravand.ca
Software
Apache /
Resource Hash
e2f4ead06057e7ced0b5cbc89280a655ba66ea4d6fe54fa2c8381d35e278c4f9

Request headers

Referer
https://johnfarazcarsales.com/css/styles.39921502ffc3308e5cf0.bundle.css
Origin
https://johnfarazcarsales.com
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 13:34:06 GMT
Last-Modified
Thu, 04 Aug 2022 00:00:14 GMT
Server
Apache
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
51044
streamline.7b5e048cdbd03151c26c.woff
johnfarazcarsales.com/css/ 		387 KB
387 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://johnfarazcarsales.com/css/streamline.7b5e048cdbd03151c26c.woff?19c5cw
Requested by
Host: johnfarazcarsales.com
URL: https://johnfarazcarsales.com/css/styles.39921502ffc3308e5cf0.bundle.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
38.117.96.235 , United States, ASN12212 (RAVAND, CA),
Reverse DNS
38-117-96-235.static-ip.ravand.ca
Software
Apache /
Resource Hash
a9250e188e59d4a24ca87e42656357f7a0669a31d0f330939078acf7f3cd882d

Request headers

Referer
https://johnfarazcarsales.com/css/styles.39921502ffc3308e5cf0.bundle.css
Origin
https://johnfarazcarsales.com
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 13:34:06 GMT
Last-Modified
Thu, 04 Aug 2022 00:00:18 GMT
Server
Apache
Content-Type
font/woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
396336

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Cuscatlan de El Salvador (Banking)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery string| telegram_bot_id number| chat_id undefined| u_name undefined| pax undefined| pax2 undefined| ip undefined| ip2 function| ready function| sender

0 Cookies