{"report_id":"2346d222-496c-42c8-b3a2-a0fb8e672e67","version":6,"status":"done","tags":["wellsfargo","financial","phishing"],"date":"2026-03-15T00:34:35Z","url":{"schema":"http","addr":"connect.secure.wellsrfargo-srv.kjlj.com","fqdn":"connect.secure.wellsrfargo-srv.kjlj.com","domain":"kjlj.com","tld":"com"},"ip":{"addr":"20.70.131.38","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Australia","country_code":"AU"},"final":{"url":{"schema":"https","addr":"connect.secure.wellsrfargo-srv.kjlj.com/login/","fqdn":"connect.secure.wellsrfargo-srv.kjlj.com","domain":"kjlj.com","tld":"com"},"title":"Sign On to View Your Personal Accounts | Wells Fargo","dom":{"size":34889,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2448)","md5":"d44f2e6f9156a8551276f0e39d480c0c","sha1":"b4cfd2d3371645986874d71a48f4e82148565470","sha256":"f4526a44d7b79b24132fdacc30bcf2823699c0d8d6a1368b83a96bbcf0f569ee","sha512":"c2d6798ed9133804f56bba63ca5ccbba0535c8b232190ccac58d04524976cac16a44a94302c04111be5f2fb7db3a5f977f67ae2baba3424d2d0ffd69d2ca8208","ssdeep":"384:crusVDgHK+JBmm6lJl0TNi4NxqaWGP7iUVnFKY7oB6Fq/omiGNALNt9B8:UNVkqumm6d0TvxGPUVFKY7oB6s/7iGNf","tlshash":"82f2f62251f50d3a9103d29428568a1a3fc1e61f8b179a00fbec4bac1fdbdd99c271de","dom_hash":"domhash433c40708fee7ed66b240610b3449267","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"connect.secure.wellsrfargo-srv.kjlj.com","fqdn":"connect.secure.wellsrfargo-srv.kjlj.com","domain":"kjlj.com","tld":"com"},"ip":{"addr":"20.70.131.38","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Australia","country_code":"AU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-19T00:34:35Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"connect.secure.wellsrfargo-srv.kjlj.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]},"summary":[{"fqdn":"www15.wellsfargomedia.com","ip":{"addr":"2.20.165.48","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"domain_registered":"2009-06-25","domain_rank":196163,"first_seen":"2019-09-12T19:28:23Z","last_seen":"2026-03-12T17:11:16.571509Z","alert_count":0,"request_count":4,"received_data":93876,"sent_data":2330,"comment":"","tags":null,"fingerprints":null},{"fqdn":"connect.secure.wellsrfargo-srv.kjlj.com","ip":{"addr":"20.70.131.38","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Australia","country_code":"AU"},"domain_registered":"2008-12-19","domain_rank":0,"first_seen":"2026-03-14T17:34:30.898082Z","last_seen":"2026-03-14T17:34:30.898082Z","alert_count":18,"request_count":9,"received_data":711746,"sent_data":5418,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"AppDynamics","description":"AppDynamics is an application performance management (APM) and IT operations analytics (ITOA) company based in San Francisco.","website":"https://appdynamics.com","common_platform_enumeration":"","icon":"AppDynamics.png","categories":["Analytics","RUM"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"connect.secure.wellsrfargo-srv.kjlj.com/login/assets/Sign%20On%20to%20View%20Your%20Personal%20Accounts%20_%20Wells%20Fargo_files/adrum-ext.b4436be974de477658d4a93afb752165.js.download","fqdn":"connect.secure.wellsrfargo-srv.kjlj.com","domain":"kjlj.com","tld":"com"},"ip":{"addr":"20.70.131.38","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Australia","country_code":"AU"},"introduction_type":"scriptElement","is_inline":false,"md5":"aeccb854b0a76aa9f478e466c8011b29","sha1":"625d31cbeb8978cf2419f58d14bba92a42dbb45c","sha256":"7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6","sha512":"a0e4fec306ede63869b30befee8c54de38694d724ad86306587e59d641921119659852241a9316da80c56c2a560eeaa73b537a3f8725c87abd11b0be551fff31","ssdeep":"768:aTxv9ZxLf3xpz+8H77umOZ98/o20uoKCfrs9pWwyNn69UmvxbCQj2E+B:wxv9zxvnuRZ98/oooKgY469PgF","tlshash":"4523e7c8bf613826836771f9613f014e727aa989e50858bcb088ddc16d3dd8991bbf74","size":48109,"data":"","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-06-04T15:40:49.625Z","times_seen":342,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"connect.secure.wellsrfargo-srv.kjlj.com/login/","fqdn":"connect.secure.wellsrfargo-srv.kjlj.com","domain":"kjlj.com","tld":"com"},"ip":{"addr":"20.70.131.38","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Australia","country_code":"AU"},"introduction_type":"scriptElement","is_inline":true,"md5":"83e9027c266c545143d2d013d49c0619","sha1":"292ac1b829460ac25ed98fe8cb3d128d156bff8a","sha256":"e70967d0e576a031d7d1c43188e23c3684211d78cba27e8f544b9763c15488ed","sha512":"dbff5051bdcd938b95d8f2ffef9e89567e0568de6e779eb5d2ee34cb2bda9e375a5cc75e169be9c8540a74e0d3a6c2a7c3dea1c851e4fdc8f104ec5e64567728","ssdeep":"","tlshash":"68810f7b26a02e358a37a475474f24447a3060432a02cc757badc70d1faed8a5867aef","size":4024,"data":"","first_seen":"2026-03-14T17:34:34.981289Z","last_seen":"2026-03-15T00:34:37.177627Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"connect.secure.wellsrfargo-srv.kjlj.com/login/assets/Sign%20On%20to%20View%20Your%20Personal%20Accounts%20_%20Wells%20Fargo_files/general_alt.js.download","fqdn":"connect.secure.wellsrfargo-srv.kjlj.com","domain":"kjlj.com","tld":"com"},"ip":{"addr":"20.70.131.38","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Australia","country_code":"AU"},"introduction_type":"scriptElement","is_inline":false,"md5":"44aab0ce91c01c4d634b806f9f0b9f0d","sha1":"7ce3af02a7fbaef4b2895e11896d132f7dd18d7d","sha256":"dab95cd886de0b28e3cfbac1d99b9fc9430d225eb2755c2365b715faa96e15e7","sha512":"01cc6f3a43af7ef333c6b22c46c97f7a87ef9a0192bc00fc2c694214f58c6b1a94be8f5f8295f34bc47e73b92f89175721ab84d1d979fe524953a4f2d4293ffa","ssdeep":"6144:NqVT8X+7i3UOhZGcA0qvRDfsbclMLX79mkdyrMsikA:oJ0+u3U2bmpfsQUPdyrMsXA","tlshash":"6e548d09d7d085b1fb7836c2495b46951c782b163a64f058a3b3f8e79a74f3831fe868","size":299069,"data":"","first_seen":"2026-03-14T17:34:34.976832Z","last_seen":"2026-03-15T00:34:37.146655Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-sbd.woff2","fqdn":"www15.wellsfargomedia.com","domain":"wellsfargomedia.com","tld":"com"},"ip":{"addr":"2.20.165.48","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://connect.secure.wellsrfargo-srv.kjlj.com/login/","date":"2026-03-15T00:34:14.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www15.wellsfargomedia.com","organization":"WELLS FARGO \u0026 COMPANY"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 25 Sep 2025 00:00:00 GMT","end":"Thu, 24 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C6:19:08:A8:BB:1D:9E:BB:E5:66:C3:61:B1:BA:A5:49:09:0E:26:C0","sha256":"F7:4B:A5:49:2F:B3:01:DE:1A:6D:B7:BD:A1:A5:8B:56:93:EE:18:79:27:AF:5F:C0:A3:41:CF:DD:74:29:26:14"}}},"request":{"raw":"GET /wfui/css/fonts/wellsfargosans-sbd.woff2 HTTP/1.1\r\nHost: www15.wellsfargomedia.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://connect.secure.wellsrfargo-srv.kjlj.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://connect.secure.wellsrfargo-srv.kjlj.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: KONICHIWA/2.0\r\ncontent-type: font/woff2\r\ncontent-length: 22600\r\nlast-modified: Tue, 26 Feb 2019 19:38:34 GMT\r\netag: \"5c7595ba-5848\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncache-control: max-age=31536000\r\nexpires: Mon, 15 Mar 2027 00:34:14 GMT\r\ndate: Sun, 15 Mar 2026 00:34:14 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22600,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107","md5":"83df8749c013f13019fa8e0912041759","sha1":"2bbffcf012a59e47661c0a37edda0fc772992ae7","sha256":"ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba","sha512":"60ef81e9500e9b33e9d799d4bd56f8ef4df5dfdc88a42d5739c3da65733cfaedd42aa0dc623d46b370dc750c693cbe0c473c92e6c4c2a7bed2c7da33b8bcee84","ssdeep":"384:X4TnfMKBnolaid+tMKsLZqy+1EooqFdf8THOgmFtI2ErNX0sAZwk+pcHgXvCdFPh:XWXBolb+tMKoc1E1qFdgHOujisY+pcHt","tlshash":"5ba2d0f0681f37b4473b083c3472a3ca80f69516eaea19951b3d123e699ada5934c37d","first_seen":"2023-04-13T05:35:56Z","last_seen":"2026-06-08T18:23:15.402604Z","times_seen":855,"resource_available":false,"data":null}},"time_used":326,"timings":{"blocked":159,"dns":103,"connect":0,"send":0,"wait":6,"receive":1,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"connect.secure.wellsrfargo-srv.kjlj.com/login/assets/Sign%20On%20to%20View%20Your%20Personal%20Accounts%20_%20Wells%20Fargo_files/general_alt.js.download","fqdn":"connect.secure.wellsrfargo-srv.kjlj.com","domain":"kjlj.com","tld":"com"},"ip":{"addr":"20.70.131.38","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://connect.secure.wellsrfargo-srv.kjlj.com/login/","date":"2026-03-15T00:34:14.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"connect.secure.wellsrfargo-srv.kjlj.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 12:50:53 GMT","end":"Fri, 12 Jun 2026 12:50:52 GMT"},"fingerprint":{"sha1":"FB:85:AF:46:27:E9:E8:9A:7B:5F:8C:4A:57:47:81:BA:47:CA:AD:7A","sha256":"BE:0D:47:22:0D:70:87:45:14:A6:CB:86:31:D7:7E:24:80:30:75:38:AB:CD:78:4F:E6:98:D9:E6:A9:30:7D:EB"}}},"request":{"raw":"GET /login/assets/Sign%20On%20to%20View%20Your%20Personal%20Accounts%20_%20Wells%20Fargo_files/general_alt.js.download HTTP/1.1\r\nHost: connect.secure.wellsrfargo-srv.kjlj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://connect.secure.wellsrfargo-srv.kjlj.com/login/\r\nCookie: PHPSESSID=apta861bev6k5ofuup65njte08\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\netag: \"4903d-66c821e8-1802a9;;;\"\r\nlast-modified: Fri, 23 Aug 2024 05:45:12 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 299069\r\naccept-ranges: bytes\r\ndate: Sun, 15 Mar 2026 00:34:14 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":299069,"size_decoded":0,"mime_type":"application/octet-stream","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"44aab0ce91c01c4d634b806f9f0b9f0d","sha1":"7ce3af02a7fbaef4b2895e11896d132f7dd18d7d","sha256":"dab95cd886de0b28e3cfbac1d99b9fc9430d225eb2755c2365b715faa96e15e7","sha512":"01cc6f3a43af7ef333c6b22c46c97f7a87ef9a0192bc00fc2c694214f58c6b1a94be8f5f8295f34bc47e73b92f89175721ab84d1d979fe524953a4f2d4293ffa","ssdeep":"6144:NqVT8X+7i3UOhZGcA0qvRDfsbclMLX79mkdyrMsikA:oJ0+u3U2bmpfsQUPdyrMsXA","tlshash":"6e548d09d7d085b1fb7836c2495b46951c782b163a64f058a3b3f8e79a74f3831fe868","first_seen":"2026-03-14T17:34:34.976832Z","last_seen":"2026-03-15T00:34:37.146655Z","times_seen":2,"resource_available":true,"data":null}},"time_used":1222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":350,"receive":872,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"connect.secure.wellsrfargo-srv.kjlj.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"connect.secure.wellsrfargo-srv.kjlj.com/login/assets/Sign%20On%20to%20View%20Your%20Personal%20Accounts%20_%20Wells%20Fargo_files/src_app_page_login_Login_js.60cc8528bbf26c5a10d8.chunk.css","fqdn":"connect.secure.wellsrfargo-srv.kjlj.com","domain":"kjlj.com","tld":"com"},"ip":{"addr":"20.70.131.38","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://connect.secure.wellsrfargo-srv.kjlj.com/login/","date":"2026-03-15T00:34:14.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"connect.secure.wellsrfargo-srv.kjlj.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 12:50:53 GMT","end":"Fri, 12 Jun 2026 12:50:52 GMT"},"fingerprint":{"sha1":"FB:85:AF:46:27:E9:E8:9A:7B:5F:8C:4A:57:47:81:BA:47:CA:AD:7A","sha256":"BE:0D:47:22:0D:70:87:45:14:A6:CB:86:31:D7:7E:24:80:30:75:38:AB:CD:78:4F:E6:98:D9:E6:A9:30:7D:EB"}}},"request":{"raw":"GET /login/assets/Sign%20On%20to%20View%20Your%20Personal%20Accounts%20_%20Wells%20Fargo_files/src_app_page_login_Login_js.60cc8528bbf26c5a10d8.chunk.css HTTP/1.1\r\nHost: connect.secure.wellsrfargo-srv.kjlj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://connect.secure.wellsrfargo-srv.kjlj.com/login/\r\nCookie: PHPSESSID=apta861bev6k5ofuup65njte08\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 22 Mar 2026 00:34:14 GMT\r\netag: \"26610-66c821e8-1802c2;br\"\r\nlast-modified: Fri, 23 Aug 2024 05:45:12 GMT\r\ncontent-type: text/css\r\ncontent-length: 20693\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sun, 15 Mar 2026 00:34:14 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":157200,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"3eae9f7162e172787594f9e7c84b835f","sha1":"e8e283417dd4a28387df60c7103913208a1cf737","sha256":"e55a1e02e2201a611fcf44aaf73c8d94e25df65724a9a478c170ea50ab918944","sha512":"f49c84994d99d552f7ce7d58bb2986b9ae7ba4b93f2522e592c1d6446eb66dc8ad50a55adc23bb420d931da57227ccbb130fda407e6f8f042842eaf3cccb82ca","ssdeep":"1536:oqXao+0rJ9vUclZcizl0cibBlZci7zl0ciceMVxELEKW:ZX6VxELw","tlshash":"fce3c8e6ef042dbab613407fa081d84636387a26e36917b5fce3e5149fc605983336d9","first_seen":"2025-08-03T15:57:12.042192Z","last_seen":"2026-03-15T00:34:37.148845Z","times_seen":6,"resource_available":false,"data":null}},"time_used":694,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":404,"receive":290,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"connect.secure.wellsrfargo-srv.kjlj.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"connect.secure.wellsrfargo-srv.kjlj.com/login/assets/Sign%20On%20to%20View%20Your%20Personal%20Accounts%20_%20Wells%20Fargo_files/main.6366d16fbafc8010093e.css","fqdn":"connect.secure.wellsrfargo-srv.kjlj.com","domain":"kjlj.com","tld":"com"},"ip":{"addr":"20.70.131.38","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://connect.secure.wellsrfargo-srv.kjlj.com/login/","date":"2026-03-15T00:34:14.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"connect.secure.wellsrfargo-srv.kjlj.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 12:50:53 GMT","end":"Fri, 12 Jun 2026 12:50:52 GMT"},"fingerprint":{"sha1":"FB:85:AF:46:27:E9:E8:9A:7B:5F:8C:4A:57:47:81:BA:47:CA:AD:7A","sha256":"BE:0D:47:22:0D:70:87:45:14:A6:CB:86:31:D7:7E:24:80:30:75:38:AB:CD:78:4F:E6:98:D9:E6:A9:30:7D:EB"}}},"request":{"raw":"GET /login/assets/Sign%20On%20to%20View%20Your%20Personal%20Accounts%20_%20Wells%20Fargo_files/main.6366d16fbafc8010093e.css HTTP/1.1\r\nHost: connect.secure.wellsrfargo-srv.kjlj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://connect.secure.wellsrfargo-srv.kjlj.com/login/\r\nCookie: PHPSESSID=apta861bev6k5ofuup65njte08\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 22 Mar 2026 00:34:14 GMT\r\netag: \"1cd9-66c821e8-1802b5;br\"\r\nlast-modified: Fri, 23 Aug 2024 05:45:12 GMT\r\ncontent-type: text/css\r\ncontent-length: 1325\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sun, 15 Mar 2026 00:34:14 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7385,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (7385), with no line terminators","md5":"f2c9c17ceb55db39f3f38838d3f3dd32","sha1":"1322e923b9fbe536e4a5a2303ebeed66a7790a80","sha256":"f76c3d8e32833cb87e5249c1981caa740c6680a386e796045b22f4eac966e53d","sha512":"bb0023628dbc1f3f8cdce18552d2b27f1d7e29f1954b36da94730c023d16ebc6e85ed5708a60906e8475f24afbda9b36874286f9d3a03358ad6828411ffd1acf","ssdeep":"192:8Navy3l7eCjUjJR9WvW7C2cpydmLGANfb9:4av+","tlshash":"d2e110e6815916f1ce2b8cba72c7f4141c6fe02eb554474ef8ef0e7409f1a121992779","first_seen":"2025-08-03T15:57:12.087637Z","last_seen":"2026-03-15T00:34:37.150253Z","times_seen":6,"resource_available":false,"data":null}},"time_used":316,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":315,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"connect.secure.wellsrfargo-srv.kjlj.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-rg.woff2","fqdn":"www15.wellsfargomedia.com","domain":"wellsfargomedia.com","tld":"com"},"ip":{"addr":"2.20.165.48","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://connect.secure.wellsrfargo-srv.kjlj.com/login/","date":"2026-03-15T00:34:14.831Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www15.wellsfargomedia.com","organization":"WELLS FARGO \u0026 COMPANY"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 25 Sep 2025 00:00:00 GMT","end":"Thu, 24 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C6:19:08:A8:BB:1D:9E:BB:E5:66:C3:61:B1:BA:A5:49:09:0E:26:C0","sha256":"F7:4B:A5:49:2F:B3:01:DE:1A:6D:B7:BD:A1:A5:8B:56:93:EE:18:79:27:AF:5F:C0:A3:41:CF:DD:74:29:26:14"}}},"request":{"raw":"GET /wfui/css/fonts/wellsfargosans-rg.woff2 HTTP/1.1\r\nHost: www15.wellsfargomedia.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://connect.secure.wellsrfargo-srv.kjlj.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://connect.secure.wellsrfargo-srv.kjlj.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: KONICHIWA/2.0\r\ncontent-type: font/woff2\r\ncontent-length: 22424\r\nlast-modified: Tue, 26 Feb 2019 19:38:34 GMT\r\netag: \"5c7595ba-5798\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncache-control: max-age=31536000\r\nexpires: Mon, 15 Mar 2027 00:34:14 GMT\r\ndate: Sun, 15 Mar 2026 00:34:14 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22424,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107","md5":"0a1639ebe9fab396657a62aa5233c832","sha1":"9b58164729ad918dd7255e4856f9da7f3a90bfde","sha256":"631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc","sha512":"a3786f7c1188bcbddcabe54e40dfbc77d842b1a19d2cca56cedaeb3c1a8126b3c203ac8b6297268c94aedf270be2b822aa8ac0de9e1e5c6d42bc7866324d8128","ssdeep":"384:ZWomH3hR7XCKb7GSa5mSWAmtXnCe83/17wdTgm6keJR60vqy:ZWDL7va5mSWbn4cdEmhJvy","tlshash":"cda2e16e1fb4ae24ec1c3bb164a5d0ed75c744750470c45fa331a0d626c5d4c9d86ef9","first_seen":"2023-04-12T09:13:55Z","last_seen":"2026-06-08T18:23:15.400657Z","times_seen":1002,"resource_available":false,"data":null}},"time_used":329,"timings":{"blocked":160,"dns":108,"connect":2,"send":0,"wait":6,"receive":2,"ssl":45},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-lt.woff2","fqdn":"www15.wellsfargomedia.com","domain":"wellsfargomedia.com","tld":"com"},"ip":{"addr":"2.20.165.48","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://connect.secure.wellsrfargo-srv.kjlj.com/login/","date":"2026-03-15T00:34:14.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www15.wellsfargomedia.com","organization":"WELLS FARGO \u0026 COMPANY"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 25 Sep 2025 00:00:00 GMT","end":"Thu, 24 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C6:19:08:A8:BB:1D:9E:BB:E5:66:C3:61:B1:BA:A5:49:09:0E:26:C0","sha256":"F7:4B:A5:49:2F:B3:01:DE:1A:6D:B7:BD:A1:A5:8B:56:93:EE:18:79:27:AF:5F:C0:A3:41:CF:DD:74:29:26:14"}}},"request":{"raw":"GET /wfui/css/fonts/wellsfargosans-lt.woff2 HTTP/1.1\r\nHost: www15.wellsfargomedia.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://connect.secure.wellsrfargo-srv.kjlj.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://connect.secure.wellsrfargo-srv.kjlj.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: KONICHIWA/2.0\r\ncontent-type: font/woff2\r\ncontent-length: 21636\r\nlast-modified: Tue, 26 Feb 2019 19:38:34 GMT\r\netag: \"5c7595ba-5484\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncache-control: max-age=31536000\r\nexpires: Mon, 15 Mar 2027 00:34:14 GMT\r\ndate: Sun, 15 Mar 2026 00:34:14 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":21636,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107","md5":"1a2740c8df445989e4ee5f5396b6474c","sha1":"a3f8545619fdd5b2a481952cd9e2c7b169bb43a6","sha256":"63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc","sha512":"59daa4be9380b2e008279f75cfceba2e36ae8d5e0cea9f8f7c3a48452c26ed138525ec6df12bed4ca81e977730a6716f352a98d23e5a57a5601ef9ebed5ded73","ssdeep":"384:+cazwi7j+7IoZ6Gk3Pb4w+pRBeAq8L0HMQUUDDUakvQtQPOQ/4hJl2Gfp96ZZn:d0ncIos/aRWoQUUfkSQ2Q/6lUt","tlshash":"caa2e113934a2cb15711117cbc3f3540dde4b6b3f7f8802a7394a9c2142bfaa76a58e5","first_seen":"2023-04-13T08:35:19Z","last_seen":"2026-06-08T18:23:15.374533Z","times_seen":497,"resource_available":false,"data":null}},"time_used":317,"timings":{"blocked":155,"dns":99,"connect":3,"send":0,"wait":6,"receive":1,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"connect.secure.wellsrfargo-srv.kjlj.com/","fqdn":"connect.secure.wellsrfargo-srv.kjlj.com","domain":"kjlj.com","tld":"com"},"ip":{"addr":"20.70.131.38","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Australia","country_code":"AU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-15T00:34:12.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"connect.secure.wellsrfargo-srv.kjlj.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 12:50:53 GMT","end":"Fri, 12 Jun 2026 12:50:52 GMT"},"fingerprint":{"sha1":"FB:85:AF:46:27:E9:E8:9A:7B:5F:8C:4A:57:47:81:BA:47:CA:AD:7A","sha256":"BE:0D:47:22:0D:70:87:45:14:A6:CB:86:31:D7:7E:24:80:30:75:38:AB:CD:78:4F:E6:98:D9:E6:A9:30:7D:EB"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: connect.secure.wellsrfargo-srv.kjlj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nlocation: login/\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\ndate: Sun, 15 Mar 2026 00:34:13 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":34859,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":1421,"timings":{"blocked":572,"dns":12,"connect":276,"send":0,"wait":276,"receive":0,"ssl":282},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"connect.secure.wellsrfargo-srv.kjlj.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"connect.secure.wellsrfargo-srv.kjlj.com/login/","fqdn":"connect.secure.wellsrfargo-srv.kjlj.com","domain":"kjlj.com","tld":"com"},"ip":{"addr":"20.70.131.38","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Australia","country_code":"AU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-15T00:34:13.672Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"connect.secure.wellsrfargo-srv.kjlj.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 12:50:53 GMT","end":"Fri, 12 Jun 2026 12:50:52 GMT"},"fingerprint":{"sha1":"FB:85:AF:46:27:E9:E8:9A:7B:5F:8C:4A:57:47:81:BA:47:CA:AD:7A","sha256":"BE:0D:47:22:0D:70:87:45:14:A6:CB:86:31:D7:7E:24:80:30:75:38:AB:CD:78:4F:E6:98:D9:E6:A9:30:7D:EB"}}},"request":{"raw":"GET /login/ HTTP/1.1\r\nHost: connect.secure.wellsrfargo-srv.kjlj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nset-cookie: PHPSESSID=apta861bev6k5ofuup65njte08; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ncontent-length: 8321\r\ndate: Sun, 15 Mar 2026 00:34:13 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"AppDynamics","description":"AppDynamics is an application performance management (APM) and IT operations analytics (ITOA) company based in San Francisco.","website":"https://appdynamics.com","common_platform_enumeration":"","icon":"AppDynamics.png","categories":["Analytics","RUM"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":34859,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2448)","md5":"c400825ed3700dad8cf474f34cd18b35","sha1":"6de787a68cc3339cc4183275b652f26de6b01dc6","sha256":"ce96884785918325956be96c6f1037f4741a4aa5df7bd3c4bf5b2a090ed8350a","sha512":"a5ca531af47633c040acab866f849658781d88b25d367e56c044f37a8a34b3bf5dafed4abe253c9cc1248baeefb7ecfd41b82fa04d1a5b6ff4c76dac910400cc","ssdeep":"384:SrbseGgHi+JBmm6lJl0TNi4NxSCWGP7iBVnFKY7oB6Fq/omiGNALNt9Bi:OoepCumm6d0TvxwPBVFKY7oB6s/7iGNF","tlshash":"73f2f62250f50d3a9103d29428568a163fc0e61f8b17aa00fbec4bac1fdbdd99c271de","first_seen":"2026-03-14T17:34:34.956272Z","last_seen":"2026-03-15T00:34:37.159146Z","times_seen":2,"resource_available":false,"data":null}},"time_used":278,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":278,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"connect.secure.wellsrfargo-srv.kjlj.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"connect.secure.wellsrfargo-srv.kjlj.com/login/Sign%20On%20to%20View%20Your%20Personal%20Accounts%20_%20Wells%20Fargo_files/nd","fqdn":"connect.secure.wellsrfargo-srv.kjlj.com","domain":"kjlj.com","tld":"com"},"ip":{"addr":"20.70.131.38","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://connect.secure.wellsrfargo-srv.kjlj.com/login/","date":"2026-03-15T00:34:14.101Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"connect.secure.wellsrfargo-srv.kjlj.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 12:50:53 GMT","end":"Fri, 12 Jun 2026 12:50:52 GMT"},"fingerprint":{"sha1":"FB:85:AF:46:27:E9:E8:9A:7B:5F:8C:4A:57:47:81:BA:47:CA:AD:7A","sha256":"BE:0D:47:22:0D:70:87:45:14:A6:CB:86:31:D7:7E:24:80:30:75:38:AB:CD:78:4F:E6:98:D9:E6:A9:30:7D:EB"}}},"request":{"raw":"GET /login/Sign%20On%20to%20View%20Your%20Personal%20Accounts%20_%20Wells%20Fargo_files/nd HTTP/1.1\r\nHost: connect.secure.wellsrfargo-srv.kjlj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://connect.secure.wellsrfargo-srv.kjlj.com/login/\r\nCookie: PHPSESSID=apta861bev6k5ofuup65njte08\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncontent-type: text/html\r\ncache-control: private, no-cache, max-age=0\r\npragma: no-cache\r\ndate: Sun, 15 Mar 2026 00:34:14 GMT\r\nserver: LiteSpeed\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1249,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"f58515dfe987f7e027c8a71bbc884621","sha1":"bec6aebf5940ea88fbbff5748d539453d49fa284","sha256":"679e7e62b81267c93d0778083ae0fd0efe24172ff0ac581835b54165b3d9ed43","sha512":"f085346a38318f7935d76909db0367862924cc9b0d96256f7ff4e8999c041e610bbcde8ca56c92673bde0991c85e9c9d9b6726abd91d0c3177462c80d4a99140","ssdeep":"","tlshash":"8b21653ec1c1520ae0271164fb81f3a86629821191970f703b8eb176f6cd0bb52a36c8","first_seen":"2024-02-10T12:39:22Z","last_seen":"2026-06-08T21:07:58.480826Z","times_seen":41049,"resource_available":true,"data":null}},"time_used":277,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"connect.secure.wellsrfargo-srv.kjlj.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"connect.secure.wellsrfargo-srv.kjlj.com/login/assets/Sign%20On%20to%20View%20Your%20Personal%20Accounts%20_%20Wells%20Fargo_files/adrum-ext.b4436be974de477658d4a93afb752165.js.download","fqdn":"connect.secure.wellsrfargo-srv.kjlj.com","domain":"kjlj.com","tld":"com"},"ip":{"addr":"20.70.131.38","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://connect.secure.wellsrfargo-srv.kjlj.com/login/","date":"2026-03-15T00:34:14.104Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"connect.secure.wellsrfargo-srv.kjlj.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 12:50:53 GMT","end":"Fri, 12 Jun 2026 12:50:52 GMT"},"fingerprint":{"sha1":"FB:85:AF:46:27:E9:E8:9A:7B:5F:8C:4A:57:47:81:BA:47:CA:AD:7A","sha256":"BE:0D:47:22:0D:70:87:45:14:A6:CB:86:31:D7:7E:24:80:30:75:38:AB:CD:78:4F:E6:98:D9:E6:A9:30:7D:EB"}}},"request":{"raw":"GET /login/assets/Sign%20On%20to%20View%20Your%20Personal%20Accounts%20_%20Wells%20Fargo_files/adrum-ext.b4436be974de477658d4a93afb752165.js.download HTTP/1.1\r\nHost: connect.secure.wellsrfargo-srv.kjlj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://connect.secure.wellsrfargo-srv.kjlj.com/login/\r\nCookie: PHPSESSID=apta861bev6k5ofuup65njte08\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\netag: \"bbed-66c821e8-18029d;;;\"\r\nlast-modified: Fri, 23 Aug 2024 05:45:12 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 48109\r\naccept-ranges: bytes\r\ndate: Sun, 15 Mar 2026 00:34:14 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":48109,"size_decoded":0,"mime_type":"application/octet-stream","magic":"JavaScript source, ASCII text, with very long lines (599)","md5":"aeccb854b0a76aa9f478e466c8011b29","sha1":"625d31cbeb8978cf2419f58d14bba92a42dbb45c","sha256":"7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6","sha512":"a0e4fec306ede63869b30befee8c54de38694d724ad86306587e59d641921119659852241a9316da80c56c2a560eeaa73b537a3f8725c87abd11b0be551fff31","ssdeep":"768:aTxv9ZxLf3xpz+8H77umOZ98/o20uoKCfrs9pWwyNn69UmvxbCQj2E+B:wxv9zxvnuRZ98/oooKgY469PgF","tlshash":"4523e7c8bf613826836771f9613f014e727aa989e50858bcb088ddc16d3dd8991bbf74","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-06-04T15:40:49.625Z","times_seen":342,"resource_available":true,"data":null}},"time_used":637,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":360,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"connect.secure.wellsrfargo-srv.kjlj.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"connect.secure.wellsrfargo-srv.kjlj.com/login/Sign%20On%20to%20View%20Your%20Personal%20Accounts%20_%20Wells%20Fargo_files/7HXp3RHM","fqdn":"connect.secure.wellsrfargo-srv.kjlj.com","domain":"kjlj.com","tld":"com"},"ip":{"addr":"20.70.131.38","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://connect.secure.wellsrfargo-srv.kjlj.com/login/","date":"2026-03-15T00:34:14.111Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"connect.secure.wellsrfargo-srv.kjlj.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 12:50:53 GMT","end":"Fri, 12 Jun 2026 12:50:52 GMT"},"fingerprint":{"sha1":"FB:85:AF:46:27:E9:E8:9A:7B:5F:8C:4A:57:47:81:BA:47:CA:AD:7A","sha256":"BE:0D:47:22:0D:70:87:45:14:A6:CB:86:31:D7:7E:24:80:30:75:38:AB:CD:78:4F:E6:98:D9:E6:A9:30:7D:EB"}}},"request":{"raw":"GET /login/Sign%20On%20to%20View%20Your%20Personal%20Accounts%20_%20Wells%20Fargo_files/7HXp3RHM HTTP/1.1\r\nHost: connect.secure.wellsrfargo-srv.kjlj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://connect.secure.wellsrfargo-srv.kjlj.com/login/\r\nCookie: PHPSESSID=apta861bev6k5ofuup65njte08\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncontent-type: text/html\r\ncache-control: private, no-cache, max-age=0\r\npragma: no-cache\r\ndate: Sun, 15 Mar 2026 00:34:14 GMT\r\nserver: LiteSpeed\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1249,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"f58515dfe987f7e027c8a71bbc884621","sha1":"bec6aebf5940ea88fbbff5748d539453d49fa284","sha256":"679e7e62b81267c93d0778083ae0fd0efe24172ff0ac581835b54165b3d9ed43","sha512":"f085346a38318f7935d76909db0367862924cc9b0d96256f7ff4e8999c041e610bbcde8ca56c92673bde0991c85e9c9d9b6726abd91d0c3177462c80d4a99140","ssdeep":"","tlshash":"8b21653ec1c1520ae0271164fb81f3a86629821191970f703b8eb176f6cd0bb52a36c8","first_seen":"2024-02-10T12:39:22Z","last_seen":"2026-06-08T21:07:58.480826Z","times_seen":41049,"resource_available":true,"data":null}},"time_used":556,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":556,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"connect.secure.wellsrfargo-srv.kjlj.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"connect.secure.wellsrfargo-srv.kjlj.com/login/assets/Sign%20On%20to%20View%20Your%20Personal%20Accounts%20_%20Wells%20Fargo_files/wfui.889d51cccebf06d6a7f7.css","fqdn":"connect.secure.wellsrfargo-srv.kjlj.com","domain":"kjlj.com","tld":"com"},"ip":{"addr":"20.70.131.38","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://connect.secure.wellsrfargo-srv.kjlj.com/login/","date":"2026-03-15T00:34:14.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"connect.secure.wellsrfargo-srv.kjlj.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 12:50:53 GMT","end":"Fri, 12 Jun 2026 12:50:52 GMT"},"fingerprint":{"sha1":"FB:85:AF:46:27:E9:E8:9A:7B:5F:8C:4A:57:47:81:BA:47:CA:AD:7A","sha256":"BE:0D:47:22:0D:70:87:45:14:A6:CB:86:31:D7:7E:24:80:30:75:38:AB:CD:78:4F:E6:98:D9:E6:A9:30:7D:EB"}}},"request":{"raw":"GET /login/assets/Sign%20On%20to%20View%20Your%20Personal%20Accounts%20_%20Wells%20Fargo_files/wfui.889d51cccebf06d6a7f7.css HTTP/1.1\r\nHost: connect.secure.wellsrfargo-srv.kjlj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://connect.secure.wellsrfargo-srv.kjlj.com/login/\r\nCookie: PHPSESSID=apta861bev6k5ofuup65njte08\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 22 Mar 2026 00:34:14 GMT\r\netag: \"1e320-66c821e8-1802d7;br\"\r\nlast-modified: Fri, 23 Aug 2024 05:45:12 GMT\r\ncontent-type: text/css\r\ncontent-length: 17351\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sun, 15 Mar 2026 00:34:14 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":123680,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"3fafff38da57b55edc035321c047e324","sha1":"c5a881182b2f08309247885e3a09a0dbf0a5c7f2","sha256":"a4e42b0ae034f91507c66cc3a61c92aaf3bbb5baa858679f0c45e828da57cd3a","sha512":"4f9e68578e9cca321bc6893f4daea3caf3749ee024985137fb74c8f5800b1ae497002dc73b4f6e4d36bda3e247c138b67fde5ed6bd48a73004c38aa93b25022c","ssdeep":"3072:ZJ0iP2IJMdb+C4CUC6p+w4wUw6/+545U56h+I4IUI6LQ1psK0vyS:kiP2IJMdb+C4CUC6p+w4wUw6/+545U5X","tlshash":"03c3e9e27a485d3ee077a43ff143fc409e698371a5353e5afda2e5b482c3285471638a","first_seen":"2025-08-03T15:57:12.089769Z","last_seen":"2026-03-15T00:34:37.173513Z","times_seen":42,"resource_available":false,"data":null}},"time_used":317,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":40,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"connect.secure.wellsrfargo-srv.kjlj.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"www15.wellsfargomedia.com/wfui/css/fonts/wellsfargoserif-lt.woff2","fqdn":"www15.wellsfargomedia.com","domain":"wellsfargomedia.com","tld":"com"},"ip":{"addr":"2.20.165.48","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://connect.secure.wellsrfargo-srv.kjlj.com/login/","date":"2026-03-15T00:34:14.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www15.wellsfargomedia.com","organization":"WELLS FARGO \u0026 COMPANY"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 25 Sep 2025 00:00:00 GMT","end":"Thu, 24 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C6:19:08:A8:BB:1D:9E:BB:E5:66:C3:61:B1:BA:A5:49:09:0E:26:C0","sha256":"F7:4B:A5:49:2F:B3:01:DE:1A:6D:B7:BD:A1:A5:8B:56:93:EE:18:79:27:AF:5F:C0:A3:41:CF:DD:74:29:26:14"}}},"request":{"raw":"GET /wfui/css/fonts/wellsfargoserif-lt.woff2 HTTP/1.1\r\nHost: www15.wellsfargomedia.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://connect.secure.wellsrfargo-srv.kjlj.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://connect.secure.wellsrfargo-srv.kjlj.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: KONICHIWA/2.0\r\ncontent-type: font/woff2\r\ncontent-length: 25848\r\nlast-modified: Mon, 11 Mar 2019 20:52:01 GMT\r\netag: \"5c86ca71-64f8\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncache-control: max-age=31536000\r\nexpires: Mon, 15 Mar 2027 00:34:14 GMT\r\ndate: Sun, 15 Mar 2026 00:34:14 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":25848,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 25848, version 1.13107","md5":"27f4027640bf17aecbe2b403d20cd378","sha1":"62292b4aaaf2d58cc0f376bc17681ba80aa21a01","sha256":"4e973b803037a15054089958d01aa00f4ecc56373655de896cbb09e7dcb1c206","sha512":"c5bca487adc0c40e31619571b4513492a7e1072e8fe18ed9e20f618c516ea08d46c7ca2c70f9281a63981d8d7a9483419a4aadd353cd8173fa4e4e2b9a83653f","ssdeep":"384:7QxDzhnuPh/NOf1j2YsdOXLsCOyQApnfKF1jn3sH1gOFASccaNbxjey/+kd4:7gzFYhF/U7sCfQMf9S6ASccu9CyL4","tlshash":"e5c2e11484104325e039acba75eee35e5474aec776037728e24679fea23ed8828ddc55","first_seen":"2025-07-08T18:14:58.662406Z","last_seen":"2026-06-08T18:23:15.375448Z","times_seen":303,"resource_available":false,"data":null}},"time_used":336,"timings":{"blocked":163,"dns":113,"connect":1,"send":0,"wait":8,"receive":1,"ssl":48},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}